[BE] allow origin 을 yml에서 읽어오도록 변경

.github/workflows/backend_cd.yml

@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: gradle 캐싱
-        uses: gradle/actions/setup-gradle@v3
+        uses: gradle/actions/setup-gradle@v4
 
       - name: bootJar로 jar 파일 생성
         run: |

.github/workflows/backend_ci.yml

@@ -27,6 +27,9 @@ jobs:
         working-directory: ./backend/src/main/resources
         run: echo "${{ secrets.APPLICATION_DB_YAML }}" > application-db.yml
 
+      - name: gradle 캐싱
+        uses: gradle/actions/setup-gradle@v4
+
       - name: JDK 17 설정
         uses: actions/setup-java@v4
         with:

backend/src/main/java/codezap/global/cors/CorsProperties.java

@@ -0,0 +1,27 @@
+package codezap.global.cors;
+
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.bind.DefaultValue;
+
+@ConfigurationProperties(prefix = "cors")
+public class CorsProperties {
+    private final String[] allowedOrigins;
+    private final String[] allowedOriginsPatterns;
+
+    public CorsProperties(
+            @DefaultValue(value = "") String[] allowedOrigins,
+            @DefaultValue(value = "") String[] allowedOriginsPatterns
+    ) {
+        this.allowedOrigins = allowedOrigins;
+        this.allowedOriginsPatterns = allowedOriginsPatterns;
+    }
+
+    public String[] getAllowedOrigins() {
+        return allowedOrigins;
+    }
+
+    public String[] getAllowedOriginsPatterns() {
+        return allowedOriginsPatterns;
+    }
+}

backend/src/main/java/codezap/global/cors/WebCorsConfiguration.java

@@ -1,19 +1,26 @@
 package codezap.global.cors;
 
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
+@ConfigurationPropertiesScan
 public class WebCorsConfiguration implements WebMvcConfigurer {
 
+    private final CorsProperties corsProperties;
+
+    public WebCorsConfiguration(CorsProperties corsProperties) {
+        this.corsProperties = corsProperties;
+    }
+
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
                 .allowCredentials(true)
-                .allowedOriginPatterns("https://*.code-zap.com")
-                .allowedOrigins("https://code-zap.com")
-                .allowedOrigins("chrome-extension://bmlonhfgleihfabinjbhgefojkfpmlaf")
+                .allowedOriginPatterns(corsProperties.getAllowedOriginsPatterns())
+                .allowedOrigins(corsProperties.getAllowedOrigins())
                 .allowedMethods("*")
                 .exposedHeaders("*");
     }

backend/src/main/resources/application-local.yml

@@ -2,3 +2,5 @@ spring:
   output:
     ansi:
       enabled: always
+cors:
+  allowed-origins: http://localhost:3000

backend/src/test/java/codezap/global/MockMvcTest.java

@@ -6,8 +6,10 @@
 
 import org.junit.jupiter.api.BeforeEach;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.context.annotation.Import;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
@@ -19,11 +21,13 @@
 import codezap.auth.provider.CredentialProvider;
 import codezap.category.service.facade.MemberCategoryApplicationService;
 import codezap.category.service.facade.MemberCategoryTemplateApplicationService;
+import codezap.global.cors.CorsProperties;
 import codezap.member.fixture.MemberFixture;
 import codezap.member.service.MemberService;
 import codezap.template.service.TemplateService;
 
 @WebMvcTest(SpringExtension.class)
+@EnableConfigurationProperties(CorsProperties.class)
 public abstract class MockMvcTest {
 
     @Autowired

backend/src/test/java/codezap/global/cors/CorsPropertiesTest.java

@@ -0,0 +1,34 @@
+package codezap.global.cors;
+
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.junit.jupiter.api.Assertions.*;
+
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.test.context.ConfigDataApplicationContextInitializer;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+@SpringBootTest
+class CorsPropertiesTest {
+
+    @Autowired
+    private CorsProperties corsProperties;
+
+    @Test
+    @DisplayName("yml 파일로부터 allowed-origins 값을 가져오는지 확인")
+    void getAllowedOrigins() {
+        assertThat(corsProperties.getAllowedOrigins()).isEqualTo(new String[]{"http://localhost:3000"});
+    }
+
+    @Test
+    @DisplayName("yml 파일로부터 allowed-origins-patterns 값을 가져오는지 확인")
+    void getAllowedOriginsPatterns() {
+        assertThat(corsProperties.getAllowedOriginsPatterns()).isEqualTo(new String[]{""});
+    }
+}

backend/src/test/resources/application-local.yml

@@ -2,3 +2,5 @@ spring:
   output:
     ansi:
       enabled: always
+cors:
+  allowed-origins: http://localhost:3000