Merge pull request #202 from CodIN-INU/develop

chore : localhost Cookie 설정

Author: X1n9fU

src/main/java/inu/codin/codin/common/config/SecurityConfig.java

@@ -32,14 +32,14 @@
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
 import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
-import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.web.context.request.RequestContextListener;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -156,6 +156,11 @@ public AuthenticationManager authenticationManager(HttpSecurity http) throws Exc
         return authenticationManagerBuilder.build();
     }
 
+    @Bean
+    public RequestContextListener requestContextListener() {
+        return new RequestContextListener();
+    }
+
     @Bean
     public RoleHierarchy roleHierarchy() {
         return RoleHierarchyImpl.fromHierarchy("ROLE_ADMIN > ROLE_MANAGER > ROLE_USER");
@@ -210,6 +215,10 @@ public CorsConfigurationSource corsConfigurationSource() {
     // Admin 권한 URL
     private static final String[] ADMIN_AUTH_PATHS = {
             "/v3/api/test4",
+            "/swagger-ui/**",
+            "/v3/api-docs/**",
+            "/v3/api-docs",
+            "/swagger-resources/**"
     };
 
     // Manager 권한 URL

src/main/java/inu/codin/codin/common/security/service/AbstractAuthService.java

@@ -1,26 +1,15 @@
 package inu.codin.codin.common.security.service;
 
-import inu.codin.codin.common.exception.NotFoundException;
-import inu.codin.codin.common.security.dto.SignUpAndLoginRequestDto;
-import inu.codin.codin.domain.user.dto.request.UserProfileRequestDto;
-import inu.codin.codin.domain.user.entity.UserEntity;
-import inu.codin.codin.domain.user.exception.UserCreateFailException;
-import inu.codin.codin.domain.user.exception.UserNicknameDuplicateException;
 import inu.codin.codin.domain.user.repository.UserRepository;
 import inu.codin.codin.infra.s3.S3Service;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.oauth2.core.user.OAuth2User;
-import org.springframework.web.multipart.MultipartFile;
-
-import java.time.LocalDateTime;
-import java.util.List;
-import java.util.Optional;
 
 @RequiredArgsConstructor
 @Slf4j
@@ -29,14 +18,15 @@ public abstract class AbstractAuthService {
     protected final S3Service s3Service;
     protected final JwtService jwtService;
     protected final UserDetailsService userDetailsService;
+    protected  final HttpServletRequest request;
 
     protected void issueJwtToken(String identifier, HttpServletResponse response) {
         jwtService.deleteToken(response);
         UserDetails userDetails = userDetailsService.loadUserByUsername(identifier);
         UsernamePasswordAuthenticationToken authToken =
                 new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities());
         SecurityContextHolder.getContext().setAuthentication(authToken);
-        jwtService.createToken(response);
+        jwtService.createToken(request, response);
     }
 
 }

src/main/java/inu/codin/codin/common/security/service/AppleAuthService.java

@@ -8,6 +8,7 @@
 import inu.codin.codin.domain.user.entity.UserStatus;
 import inu.codin.codin.domain.user.repository.UserRepository;
 import inu.codin.codin.infra.s3.S3Service;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -21,8 +22,8 @@
 @Slf4j
 public class AppleAuthService extends AbstractAuthService implements Oauth2AuthService {
 
-    public AppleAuthService(UserRepository userRepository, S3Service s3Service, JwtService jwtService, UserDetailsService userDetailsService) {
-        super(userRepository, s3Service, jwtService, userDetailsService);
+    public AppleAuthService(UserRepository userRepository, S3Service s3Service, JwtService jwtService, UserDetailsService userDetailsService, HttpServletRequest request) {
+        super(userRepository, s3Service, jwtService, userDetailsService, request);
     }
 
     @Override

src/main/java/inu/codin/codin/common/security/service/AuthCommonService.java

@@ -8,8 +8,8 @@
 import inu.codin.codin.domain.user.exception.UserNicknameDuplicateException;
 import inu.codin.codin.domain.user.repository.UserRepository;
 import inu.codin.codin.infra.s3.S3Service;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.oauth2.core.user.OAuth2User;
@@ -25,8 +25,8 @@
 public class AuthCommonService extends AbstractAuthService {
 
 
-    public AuthCommonService(UserRepository userRepository, S3Service s3Service, JwtService jwtService, UserDetailsService userDetailsService) {
-        super(userRepository, s3Service, jwtService, userDetailsService);
+    public AuthCommonService(UserRepository userRepository, S3Service s3Service, JwtService jwtService, UserDetailsService userDetailsService, HttpServletRequest request) {
+        super(userRepository, s3Service, jwtService, userDetailsService, request);
     }
 
     public void completeUserProfile(UserProfileRequestDto userProfileRequestDto, MultipartFile userImage, HttpServletResponse response) {

src/main/java/inu/codin/codin/common/security/service/CustomOAuth2UserService.java

@@ -2,6 +2,7 @@
 
 
 import inu.codin.codin.common.security.dto.AccessEmailProperties;
+import jakarta.servlet.http.HttpSession;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
@@ -11,10 +12,9 @@
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Service;
 import org.springframework.util.AntPathMatcher;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
-/**
- *  OAuth2 로그인 후 사용자 정보를 가로채고 이메일을 검증하는 로직
- */
 @Service
 @RequiredArgsConstructor
 @Slf4j
@@ -23,15 +23,21 @@ public class CustomOAuth2UserService extends DefaultOAuth2UserService {
     private final AccessEmailProperties accessEmailProperties;
     private final AntPathMatcher pathMatcher = new AntPathMatcher();
 
+    private final String OAUTH2_ACCESS_TOKEN = "oauth2_access_token";
+
     @Override
     public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
         OAuth2User oAuth2User = super.loadUser(userRequest);
 
+        // 요청에서 HttpSession 가져오기
+        HttpSession httpSession = getSession();
+
         // Get User Email
         String email = oAuth2User.getAttribute("email");
         log.info("email: {}", email);
 
         if (email == null) {
+            httpSession.setAttribute(OAUTH2_ACCESS_TOKEN, userRequest.getAccessToken().getTokenValue());
             OAuth2Error oauth2Error = new OAuth2Error(
                     "email_not_found",
                     "이메일 정보를 찾을 수 없습니다.",
@@ -47,6 +53,7 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic
 
         // Only Allow @inu.ac.kr
         if (!email.trim().endsWith("@inu.ac.kr")) {
+            httpSession.setAttribute(OAUTH2_ACCESS_TOKEN, userRequest.getAccessToken().getTokenValue());
             OAuth2Error oauth2Error = new OAuth2Error(
                     "invalid_email_domain",
                     "허용되지 않은 이메일 도메인입니다. @inu.ac.kr 이어야합니다",
@@ -57,4 +64,12 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic
 
         return oAuth2User;
     }
+
+    public HttpSession getSession() {
+        ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+        if (attr == null) {
+            throw new IllegalStateException("No thread-bound request found. RequestContextListener 또는 RequestContextFilter를 설정하세요.");
+        }
+        return attr.getRequest().getSession();
+    }
 }

src/main/java/inu/codin/codin/common/security/service/GoogleAuthService.java

@@ -8,8 +8,8 @@
 import inu.codin.codin.domain.user.entity.UserStatus;
 import inu.codin.codin.domain.user.repository.UserRepository;
 import inu.codin.codin.infra.s3.S3Service;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.oauth2.core.user.OAuth2User;
@@ -23,8 +23,8 @@
 public class GoogleAuthService extends AbstractAuthService implements Oauth2AuthService {
 
 
-    public GoogleAuthService(UserRepository userRepository, S3Service s3Service, JwtService jwtService, UserDetailsService userDetailsService) {
-        super(userRepository, s3Service, jwtService, userDetailsService);
+    public GoogleAuthService(UserRepository userRepository, S3Service s3Service, JwtService jwtService, UserDetailsService userDetailsService, HttpServletRequest request) {
+        super(userRepository, s3Service, jwtService, userDetailsService, request);
     }
 
     @Override

src/main/java/inu/codin/codin/common/security/service/JwtService.java

@@ -40,8 +40,8 @@ public class JwtService {
      * 최초 로그인 시 Access Token, Refresh Token 발급
      * @param response
      */
-    public void createToken(HttpServletResponse response) {
-        createBothToken(response);
+    public void createToken(HttpServletRequest request, HttpServletResponse response) {
+        createBothToken(request, response);
         log.info("[createToken] Access Token, Refresh Token 발급 완료");
     }
 
@@ -68,38 +68,43 @@ public void reissueToken(HttpServletRequest request, HttpServletResponse respons
             SecurityContextHolder.getContext().setAuthentication(authentication);
         }
 
-        reissueToken(refreshToken, response);
+        reissueToken(refreshToken, request, response);
     }
 
     /**
      * Refresh Token을 이용하여 Access Token, Refresh Token 재발급
      * @param refreshToken
      * @param response
      */
-    public void reissueToken(String refreshToken, HttpServletResponse response) {
+    public void reissueToken(String refreshToken, HttpServletRequest request, HttpServletResponse response) {
         if (!jwtTokenProvider.validateRefreshToken(refreshToken)) {
             log.error("[reissueToken] Refresh Token이 유효하지 않습니다. : {}", refreshToken);
             throw new JwtException(SecurityErrorCode.INVALID_TOKEN, "Refresh Token이 유효하지 않습니다.");
         }
 
-        createBothToken(response);
+        createBothToken(request, response);
         log.info("[reissueToken] Access Token, Refresh Token 재발급 완료");
     }
 
     /**
      * Access Token, Refresh Token 생성
      */
-    private void createBothToken(HttpServletResponse response) {
+    private void createBothToken(HttpServletRequest request, HttpServletResponse response) {
         // 새로운 Access Token 발급
         var authentication = SecurityContextHolder.getContext().getAuthentication();
         JwtTokenProvider.TokenDto newToken = jwtTokenProvider.createToken(authentication);
 
+        String domain = null;
+        if (!request.getHeader("Origin").split("//")[1].startsWith("localhost")){
+            domain = BASERURL.split("//")[1];
+        }
+
         Cookie jwtCookie = new Cookie("access_token", newToken.getAccessToken());
         jwtCookie.setHttpOnly(true);  // JavaScript에서 접근 불가
         jwtCookie.setSecure(true);    // HTTPS 환경에서만 전송
         jwtCookie.setPath("/");       // 모든 요청에 포함
         jwtCookie.setMaxAge(60 * 60); // 1시간 유지
-        jwtCookie.setDomain(BASERURL.split("//")[1]);
+        jwtCookie.setDomain(domain);
         jwtCookie.setAttribute("SameSite", "None");
         response.addCookie(jwtCookie);
 
@@ -109,7 +114,7 @@ private void createBothToken(HttpServletResponse response) {
         refreshCookie.setSecure(true);
         refreshCookie.setPath("/");
         refreshCookie.setMaxAge(7 * 24 * 60 * 60); // 7일
-        refreshCookie.setDomain(BASERURL.split("//")[1]);
+        refreshCookie.setDomain(domain);
         refreshCookie.setAttribute("SameSite", "None");
         response.addCookie(refreshCookie);
 

src/main/java/inu/codin/codin/common/security/util/OAuth2LoginFailureHandler.java

@@ -6,6 +6,7 @@
 import inu.codin.codin.common.util.CookieUtil;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
@@ -14,20 +15,24 @@
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
 
 import java.io.IOException;
 
 @Component
 @Slf4j
 @RequiredArgsConstructor
 public class OAuth2LoginFailureHandler extends SimpleUrlAuthenticationFailureHandler {
+    private final RestTemplate restTemplate = new RestTemplate();
     private final ObjectMapper objectMapper = new ObjectMapper();
 
     private final JwtService jwtService;
+    private final HttpSession httpSession;
 
     @Value("${server.domain}")
     private String BASEURL;
     public final static String OAUTH2_AUTHORIZATION_REQUEST_COOKIE_NAME = "oauth2_auth_request";
+    private final String OAUTH2_ACCESS_TOKEN = "oauth2_access_token";
 
 
     @Override
@@ -52,15 +57,27 @@ public void onAuthenticationFailure(HttpServletRequest request,
 
         log.error("[OAuth2LoginFailureHandler] {}", responseBody);
 
+        // 🔹 Access Token 가져오기 (요청 파라미터에서 추출)
+        String accessToken = (String) httpSession.getAttribute(OAUTH2_ACCESS_TOKEN);
+
+        if (accessToken != null && !accessToken.isEmpty()) {
+            String revokeUrl = "https://accounts.google.com/o/oauth2/revoke?token=" + accessToken;
+            try {
+                restTemplate.getForObject(revokeUrl, String.class);
+                log.info("[OAuth2LoginFailureHandler] Google Access Token revoked successfully.");
+            } catch (Exception e) {
+                log.error("[OAuth2LoginFailureHandler] Failed to revoke Google Access Token: {}", e.getMessage());
+            }
+        } else {
+            log.warn("[OAuth2LoginFailureHandler] No access token found in request.");
+        }
+
         removeAllToken(request, response);
 
-        response.getWriter().write(responseBody);
         if (errorCode == null)
             getRedirectStrategy().sendRedirect(request, response, BASEURL+"/login");
         else {
             getRedirectStrategy().sendRedirect(request, response, BASEURL + "/login?error=" + errorCode);
-            String logoutUrl = "https://accounts.google.com/Logout";
-            response.sendRedirect(logoutUrl);
         }
     }
 

src/main/java/inu/codin/codin/domain/lecture/domain/review/repository/ReviewRepository.java

@@ -32,7 +32,7 @@ public interface ReviewRepository extends MongoRepository<ReviewEntity, ObjectId
     })
     Emotion getEmotionsCountByRanges(ObjectId lectureId);
 
-    int countAllByLectureIdAndDeletedAtIsNotNull(ObjectId lectureId);
+    int countByLectureId(ObjectId lectureId);
 
     Page<ReviewEntity> getAvgRatingByLectureId(ObjectId lectureId, PageRequest pageRequest);
 

src/main/java/inu/codin/codin/domain/lecture/domain/review/service/ReviewService.java

@@ -66,7 +66,7 @@ public void updateRating(ObjectId lectureId){
                 .orElseThrow(() -> new NotFoundException("강의 정보를 찾을 수 없습니다."));
         double starRating = reviewRepository.getAvgRatingByLectureId(lectureId);
         Emotion emotion = reviewRepository.getEmotionsCountByRanges(lectureId).changeToPercentage();
-        int participants = reviewRepository.countAllByLectureIdAndDeletedAtIsNotNull(lectureId);
+        int participants = reviewRepository.countByLectureId(lectureId);
         lectureEntity.updateReviewRating(starRating, participants, emotion);
         lectureRepository.save(lectureEntity);
     }