🛠️ [refactor] 인증 방식을 OAuth2로 변경

build.gradle

@@ -36,8 +36,9 @@ dependencies {
 	runtimeOnly 'com.h2database:h2'
 
 	/* Security */
-	testImplementation 'org.springframework.security:spring-security-test'
 	implementation 'org.springframework.boot:spring-boot-starter-security'
+	implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
+	testImplementation 'org.springframework.security:spring-security-test'
 
 	/* Lombok */
 	compileOnly 'org.projectlombok:lombok'

src/main/java/gdsc/binaryho/imhere/constant/UrlConstant.java

@@ -0,0 +1,10 @@
+package gdsc.binaryho.imhere.constant;
+
+public class UrlConstant {
+
+    public static final String PROD_CLIENT_URL = "https://imhere.im";
+
+    public static final String LOCAL_CLIENT_URL = "http://localhost:3000";
+
+    private UrlConstant() {}
+}

src/main/java/gdsc/binaryho/imhere/core/member/GitHubResource.java

@@ -0,0 +1,28 @@
+package gdsc.binaryho.imhere.core.member;
+
+import javax.persistence.Column;
+import javax.persistence.Embeddable;
+import lombok.AccessLevel;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Embeddable
+@Getter
+@AllArgsConstructor(access = AccessLevel.PROTECTED)
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+public class GitHubResource {
+
+    @Column(unique = true, name = "git_hub_id", nullable = false)
+    private String id;
+
+    @Column(name = "git_hub_handle", nullable = false)
+    private String handle;
+
+    @Column(name = "git_hub_profile")
+    private String profile;
+
+    protected void updateHandle(String gitHubHandle) {
+        this.handle = gitHubHandle;
+    }
+}

src/main/java/gdsc/binaryho/imhere/core/member/Member.java

@@ -3,6 +3,7 @@
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import java.time.LocalDateTime;
 import javax.persistence.Column;
+import javax.persistence.Embedded;
 import javax.persistence.Entity;
 import javax.persistence.EnumType;
 import javax.persistence.Enumerated;
@@ -27,8 +28,13 @@ public class Member {
     @Column(name = "member_id")
     private Long id;
 
+    // TODO : nullable false 조건 제거
     @Column(unique = true, nullable = false)
     private String univId;
+
+    @Embedded
+    private GitHubResource gitHubResource;
+
     @Column(nullable = false)
     private String name;
     private String password;
@@ -41,10 +47,14 @@ public class Member {
     @CreatedDate
     private LocalDateTime createdAt;
 
-    public String getRoleKey() {
-        return role.getKey();
+    public static Member createGuestMember(String gitHubId, String gitHubHandle, String gitHubProfile) {
+        Member member = new Member();
+        member.gitHubResource = new GitHubResource(gitHubId, gitHubHandle, gitHubProfile);
+        member.setRole(Role.GUEST);
+        return member;
     }
 
+    // TODO : OAUth2 도입 이후 사용하지 않을 기능
     public static Member createMember(String univId, String name, String password, Role role) {
         Member member = new Member();
         member.setUnivId(univId);
@@ -53,4 +63,12 @@ public static Member createMember(String univId, String name, String password, R
         member.setRole(role);
         return member;
     }
+
+    public void updateGitHubHandle(String gitHubHandle) {
+        this.gitHubResource.updateHandle(gitHubHandle);
+    }
+
+    public String getRoleKey() {
+        return role.getKey();
+    }
 }

src/main/java/gdsc/binaryho/imhere/core/member/Role.java

@@ -1,7 +1,12 @@
 package gdsc.binaryho.imhere.core.member;
 
 public enum Role {
-    ADMIN("ROLE_ADMIN"), LECTURER("ROLE_LECTURER"), STUDENT("ROLE_STUDENT");
+    GUEST("ROLE_GUEST"),
+    ADMIN("ROLE_ADMIN"),
+    LECTURER("ROLE_LECTURER"),
+    STUDENT("ROLE_STUDENT"),
+
+    ;
 
     private final String key;
 

src/main/java/gdsc/binaryho/imhere/core/member/infrastructure/MemberRepository.java

@@ -8,4 +8,5 @@ public interface MemberRepository extends JpaRepository<Member, Long> {
 
     Optional<Member> findById(Long id);
     Optional<Member> findByUnivId(String univId);
+    Optional<Member> findByGitHubResource_Id(String gitHubId);
 }

src/main/java/gdsc/binaryho/imhere/security/SignUpProcessRedirectionPath.java

@@ -0,0 +1,26 @@
+package gdsc.binaryho.imhere.security;
+
+import gdsc.binaryho.imhere.core.member.Member;
+import lombok.Getter;
+
+@Getter
+public enum SignUpProcessRedirectionPath {
+
+    BEFORE_MEMBER_INFO_INPUT("/signup"),
+    SIGN_UP_DONE("/main"),
+    ;
+
+    private final String redirectUrlPath;
+
+    public static SignUpProcessRedirectionPath of(Member member) {
+        if (member.getName() == null) {
+            return BEFORE_MEMBER_INFO_INPUT;
+        }
+
+        return SIGN_UP_DONE;
+    }
+
+    SignUpProcessRedirectionPath(String redirectUrlPath) {
+        this.redirectUrlPath = redirectUrlPath;
+    }
+}

src/main/java/gdsc/binaryho/imhere/security/config/SecurityConfig.java

@@ -2,14 +2,17 @@
 
 
 import gdsc.binaryho.imhere.core.member.infrastructure.MemberRepository;
-import gdsc.binaryho.imhere.security.filter.JwtAuthenticationFilter;
 import gdsc.binaryho.imhere.security.filter.JwtAuthorizationFilter;
-import gdsc.binaryho.imhere.security.jwt.TokenService;
+import gdsc.binaryho.imhere.security.jwt.TokenPropertyHolder;
+import gdsc.binaryho.imhere.security.jwt.TokenUtil;
+import gdsc.binaryho.imhere.security.oauth.CustomOAuth2SuccessHandler;
+import gdsc.binaryho.imhere.security.oauth.CustomOAuth2UserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -22,7 +25,7 @@
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.channel.ChannelProcessingFilter;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.web.filter.CorsFilter;
 
@@ -35,8 +38,11 @@ public class SecurityConfig {
     private final MemberRepository memberRepository;
 
     private final CorsFilter corsFilter;
+    private final CustomOAuth2SuccessHandler customOAuth2SuccessHandler;
+    private final CustomOAuth2UserService customOAuth2UserService;
 
-    private final TokenService tokenService;
+    private final TokenUtil tokenUtil;
+    private final TokenPropertyHolder tokenPropertyHolder;
 
     @Value("${actuator.username}")
     private String ACTUATOR_USERNAME;
@@ -89,9 +95,16 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
             .formLogin().disable()
             .httpBasic().disable()
 
-            .authorizeRequests()
+            .oauth2Login(configurer -> {
+                    configurer.userInfoEndpoint(
+                        endpoint -> endpoint.userService(customOAuth2UserService));
+                    configurer.successHandler(customOAuth2SuccessHandler);
+                    configurer.failureHandler(setStatusUnauthorized());
+                }
+            )
 
-            .antMatchers("/login", "/logout", "/member/**",
+            .authorizeRequests()
+            .antMatchers("/login/**", "/logout", "/member/**",
                 "/swagger*/**", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**")
             .permitAll()
 
@@ -103,11 +116,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
             .anyRequest().authenticated();
 
-        http.addFilterBefore(new JwtAuthenticationFilter(
-            authenticationManager(authenticationConfiguration), tokenService), UsernamePasswordAuthenticationFilter.class);
-
         http.addFilterBefore(new JwtAuthorizationFilter(
-            authenticationManager(authenticationConfiguration), tokenService, memberRepository), BasicAuthenticationFilter.class);
+                authenticationManager(authenticationConfiguration),
+                tokenUtil, memberRepository, tokenPropertyHolder),
+            BasicAuthenticationFilter.class);
 
         return http.build();
     }
@@ -121,4 +133,9 @@ private UserDetailsService getActuatorUserDetailsService() {
 
         return new InMemoryUserDetailsManager(userDetails);
     }
+
+    private AuthenticationFailureHandler setStatusUnauthorized() {
+        int unauthorized = HttpStatus.UNAUTHORIZED.value();
+        return (request, response, exception) -> response.setStatus(unauthorized);
+    }
 }

src/main/java/gdsc/binaryho/imhere/security/filter/JwtAuthenticationFilter.java

@@ -2,7 +2,8 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import gdsc.binaryho.imhere.security.jwt.Token;
-import gdsc.binaryho.imhere.security.jwt.TokenService;
+import gdsc.binaryho.imhere.security.jwt.TokenPropertyHolder;
+import gdsc.binaryho.imhere.security.jwt.TokenUtil;
 import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -20,14 +21,15 @@
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
+// TODO : 사용하지 않을 예정인 클래스
 @RequiredArgsConstructor
 public class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
 
     private static final String HEADER_STRING = HttpHeaders.AUTHORIZATION;
-    private static final String ACCESS_TOKEN_PREFIX = "Token ";
 
     private final AuthenticationManager authenticationManager;
-    private final TokenService tokenService;
+    private final TokenUtil tokenUtil;
+    private final TokenPropertyHolder tokenPropertyHolder;
 
     @Override
     public Authentication attemptAuthentication(
@@ -59,11 +61,17 @@ private SignInRequest getSignInRequest(ServletInputStream inputStream) throws IO
     public void successfulAuthentication(HttpServletRequest request,
         HttpServletResponse response, FilterChain chain, Authentication authResult) {
 
-        String grantedAuthority = authResult.getAuthorities().stream().findAny().orElseThrow().toString();
-        Token jwtToken = tokenService.createToken(authResult.getPrincipal().toString(), grantedAuthority);
+        String grantedAuthority = authResult.getAuthorities()
+            .stream()
+            .findAny()
+            .orElseThrow()
+            .toString();
 
+        Token jwtToken = tokenUtil.createToken(authResult.getPrincipal().toString(), grantedAuthority);
+
+        String accessTokenPrefix = tokenPropertyHolder.getAccessTokenPrefix();
         response.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, HttpHeaders.AUTHORIZATION);
-        response.addHeader(HEADER_STRING, ACCESS_TOKEN_PREFIX + jwtToken.getAccessToken());
+        response.addHeader(HEADER_STRING, accessTokenPrefix + jwtToken.getAccessToken());
     }
 
     @Override

src/main/java/gdsc/binaryho/imhere/security/filter/JwtAuthorizationFilter.java

@@ -1,10 +1,13 @@
 package gdsc.binaryho.imhere.security.filter;
 
+import gdsc.binaryho.imhere.core.auth.exception.MemberNotFoundException;
 import gdsc.binaryho.imhere.core.member.Member;
 import gdsc.binaryho.imhere.core.member.infrastructure.MemberRepository;
-import gdsc.binaryho.imhere.security.jwt.TokenService;
+import gdsc.binaryho.imhere.security.jwt.TokenPropertyHolder;
+import gdsc.binaryho.imhere.security.jwt.TokenUtil;
 import gdsc.binaryho.imhere.security.principal.PrincipalDetails;
 import java.io.IOException;
+import java.util.Objects;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -18,51 +21,56 @@
 
 public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
 
-    private static final String HEADER_STRING = HttpHeaders.AUTHORIZATION;
-    private static final String ACCESS_TOKEN_PREFIX = "Token ";
+    private static final String TOKEN_HEADER_STRING = HttpHeaders.AUTHORIZATION;
 
-    private final TokenService tokenService;
+    private final TokenUtil tokenUtil;
     private final MemberRepository memberRepository;
+    private final TokenPropertyHolder tokenPropertyHolder;
 
     public JwtAuthorizationFilter(
         AuthenticationManager authenticationManager,
-        TokenService tokenService, MemberRepository memberRepository) {
+        TokenUtil tokenUtil, MemberRepository memberRepository,
+        TokenPropertyHolder tokenPropertyHolder) {
         super(authenticationManager);
-        this.tokenService = tokenService;
+        this.tokenUtil = tokenUtil;
         this.memberRepository = memberRepository;
+        this.tokenPropertyHolder = tokenPropertyHolder;
     }
 
     @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+        FilterChain chain)
         throws ServletException, IOException {
-        if (isNullToken(request)) {
+        String jwtToken = request.getHeader(TOKEN_HEADER_STRING);
+        if (isTokenNullOrInvalidate(jwtToken)) {
             chain.doFilter(request, response);
             return;
         }
 
-        String jwtToken = request.getHeader(HEADER_STRING)
-            .replace(ACCESS_TOKEN_PREFIX, "");
-
-        if (tokenService.validateTokenExpirationTimeNotExpired(jwtToken)) {
-
-            String univId = tokenService.getUnivId(jwtToken);
-            Member member = memberRepository.findByUnivId(univId).orElseThrow();
-            PrincipalDetails principalDetails = new PrincipalDetails(member);
-
-            Authentication authentication =
-                new UsernamePasswordAuthenticationToken(principalDetails, "", principalDetails.getAuthorities());
-
-            SecurityContextHolder.getContext().setAuthentication(authentication);
+        String accessTokenPrefix = tokenPropertyHolder.getAccessTokenPrefix();
+        String tokenValue = jwtToken.replace(accessTokenPrefix, "");
+        if (tokenUtil.validateTokenExpirationTimeNotExpired(tokenValue)) {
+            setAuthentication(tokenValue);
         }
-
         chain.doFilter(request, response);
     }
 
-    private boolean isNullToken(HttpServletRequest request) {
-        String jwtHeader = request.getHeader(HEADER_STRING);
-        if (jwtHeader == null || !jwtHeader.startsWith(ACCESS_TOKEN_PREFIX)) {
-            return true;
-        }
-        return false;
+    private boolean isTokenNullOrInvalidate(String token) {
+        String accessTokenPrefix = tokenPropertyHolder.getAccessTokenPrefix();
+        return Objects.isNull(token)
+            || (!token.startsWith(accessTokenPrefix));
+    }
+
+    private void setAuthentication(String jwtToken) {
+        Long id = tokenUtil.getId(jwtToken);
+        Member member = memberRepository.findById(id)
+            .orElseThrow(() -> MemberNotFoundException.EXCEPTION);
+
+        PrincipalDetails principalDetails = new PrincipalDetails(member);
+        Authentication authentication =
+            new UsernamePasswordAuthenticationToken(principalDetails, "",
+                principalDetails.getAuthorities());
+
+        SecurityContextHolder.getContext().setAuthentication(authentication);
     }
 }