Feature : Github OAuth 구현, OAuth 통합 컨트롤러, AES 암호화, Github access token 저장 (#105)

* refactor : oauth service 코드 개선

* refactor : github email null 문제 해결

* refactor :CustomOAuth2UserService 3중 if문을 메서드로 분리, 기존 가입자가 깃허브 가입하면 githubUrl이 자동 추가되도록함

* refactor : 인증 안했던 회원에 한해, 소셜 로그인 추가 시 토큰 부여

* feature : OAuth Controller 추가

* feature : github AccessToken 저장 기능 추가

* feature : github AccessToken AES 암호화 후 저장,암호화를 담당하는  AESUtil 생성

* refactor : 토끼의 의견 반영해주기

* refactor : github properies 이름 변경

Author: minjee2758

build.gradle

@@ -100,7 +100,7 @@ dependencies {
     annotationProcessor 'com.querydsl:querydsl-apt:5.0.0:jakarta'
     annotationProcessor 'jakarta.persistence:jakarta.persistence-api:3.1.0'
     annotationProcessor 'jakarta.annotation:jakarta.annotation-api:2.1.1'
-    
+
     // mongodb
     implementation 'org.springframework.boot:spring-boot-starter-data-mongodb'
 
@@ -113,6 +113,9 @@ dependencies {
 
     // S3 SDK
     implementation 'org.springframework.cloud:spring-cloud-starter-aws:2.2.6.RELEASE'
+
+    //AES 암호화
+    implementation 'javax.xml.bind:jaxb-api:2.3.1'
 }
 
 tasks.named('test') {

src/main/java/org/ezcode/codetest/application/usermanagement/user/dto/response/GithubOAuth2Response.java

@@ -0,0 +1,54 @@
+package org.ezcode.codetest.application.usermanagement.user.dto.response;
+
+import java.util.Map;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+@Schema(description = "Github OAuth2 응답 처리 클래스")
+public class GithubOAuth2Response implements OAuth2Response{
+    private final Map<String, Object> attributes;
+
+    public GithubOAuth2Response(Map<String, Object> attributes) {
+        this.attributes = attributes;
+    }
+
+    @Override
+    @Schema(description = "OAuth 제공자 이름", example = "github")
+    public String getProvider() {
+        return "github";
+    }
+
+    @Override
+    @Schema(description = "제공자 내부 식별자", example = "109000123456789012345")
+    public String getProviderId() {
+        return attributes.get("id").toString();
+    }
+
+    @Override
+    @Schema(description = "사용자 이메일", example = "[email protected]")
+    public String getEmail() {
+        if (attributes.get("email") == null && getProvider().equals("github")) {
+            return getGithubId()+"@github.com";
+        } else {
+            return (String) attributes.get("email");
+        }
+    }
+
+    @Override
+    @Schema(description = "사용자 이름", example = "홍길동")
+    public String getName() {
+        return attributes.get("name").toString();
+    }
+
+    @Override
+    @Schema(description = "Github Id", example = "1345932")
+    public String getGithubId() {
+        return attributes.get("id").toString();
+    }
+
+    @Override
+    @Schema(description = "Github URL", example = "https://github.com/id")
+    public String getGithubUrl(){
+        return attributes.get("html_url").toString();
+    }
+}

src/main/java/org/ezcode/codetest/application/usermanagement/user/dto/response/GoogleOAuth2Response.java

@@ -38,4 +38,15 @@ public String getName() {
 		return attributes.get("name").toString();
 	}
 
+	@Override
+	public String getGithubId() {
+		return "";
+	}
+
+	@Override
+	public String getGithubUrl() {
+		return "";
+	}
+
+
 }

src/main/java/org/ezcode/codetest/application/usermanagement/user/dto/response/OAuth2Response.java

@@ -12,4 +12,10 @@ public interface OAuth2Response {
 
 	//사용자 이름
 	String getName();
+
+	//깃헙 아이디
+	String getGithubId();
+
+	//깃헙 링크
+	String getGithubUrl();
 }

src/main/java/org/ezcode/codetest/application/usermanagement/user/service/UserService.java

@@ -35,7 +35,6 @@ public class UserService {
 	private final UserDomainService userDomainService;
 	private final SubmissionDomainService submissionDomainService;
 	private final RedisTemplate<String, String> redisTemplate;
-	private final MailService mailService;
 
 	@Transactional(readOnly = true)
 	public UserInfoResponse getUserInfo(AuthUser authUser) {

src/main/java/org/ezcode/codetest/common/security/config/SecurityConfig.java

@@ -55,9 +55,10 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 			.httpBasic(AbstractHttpConfigurer::disable)
 			.logout(AbstractHttpConfigurer::disable)
 			.oauth2Login((outh2)-> outh2
-				.userInfoEndpoint((userInfoEndpointConfig ->
-					userInfoEndpointConfig.userService(customOAuth2UserService)))
+				.userInfoEndpoint((userInfo -> userInfo
+					.userService(customOAuth2UserService)))
 				.successHandler(customSuccessHandler))
+
 			// JWT 사용을 위해 세션을 STATELESS로 설정 (세션 정보 저장 x)
 			.sessionManagement(session -> session
 				.sessionCreationPolicy(SessionCreationPolicy.STATELESS)

src/main/java/org/ezcode/codetest/common/security/hander/CustomSuccessHandler.java

@@ -4,14 +4,21 @@
 import java.util.concurrent.TimeUnit;
 
 import org.ezcode.codetest.application.usermanagement.auth.dto.response.OAuthResponse;
+import org.ezcode.codetest.common.security.util.AESUtil;
+import org.ezcode.codetest.domain.user.exception.AuthException;
+import org.ezcode.codetest.domain.user.exception.code.AuthExceptionCode;
 import org.ezcode.codetest.domain.user.model.entity.CustomOAuth2User;
 import org.ezcode.codetest.domain.user.model.entity.User;
 import org.ezcode.codetest.domain.user.service.UserDomainService;
 import org.ezcode.codetest.common.security.util.JwtUtil;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
+import org.springframework.web.util.UriComponentsBuilder;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 
@@ -27,14 +34,19 @@ public class CustomSuccessHandler extends SimpleUrlAuthenticationSuccessHandler
 	private final UserDomainService userDomainService;
 	private final RedisTemplate<String, String> redisTemplate;
 	private final ObjectMapper objectMapper; //json직렬화
+	private final OAuth2AuthorizedClientService authorizedClientService;
+	private final AESUtil aesUtil;
 
 	public CustomSuccessHandler(JwtUtil jwtUtil, UserDomainService userDomainService,
-		RedisTemplate<String, String> redisTemplate, ObjectMapper objectMapper) {
+		RedisTemplate<String, String> redisTemplate, ObjectMapper objectMapper,
+        OAuth2AuthorizedClientService authorizedClientService, AESUtil aesUtil) {
 		this.jwtUtil = jwtUtil;
 		this.userDomainService = userDomainService;
 		this.redisTemplate = redisTemplate;
 		this.objectMapper = objectMapper;
-	}
+        this.authorizedClientService = authorizedClientService;
+        this.aesUtil = aesUtil;
+    }
 
 	@Override
 	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws
@@ -43,8 +55,27 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
 		//OAuth2User
 		CustomOAuth2User customUserDetails = (CustomOAuth2User) authentication.getPrincipal();
 
-		User loginUser = userDomainService.getUserByEmail(customUserDetails.getEmail());
-		log.info("loginUser: {}", loginUser);
+		User loginUser= userDomainService.getUserByEmail(customUserDetails.getEmail());
+		log.info("loginUser Name: {}", loginUser.getUsername());
+
+		if (customUserDetails.getProvider().equalsIgnoreCase("github")) {
+			//깃허브 access-token 가져오기
+			OAuth2AuthenticationToken oauthToken = (OAuth2AuthenticationToken) authentication;
+			OAuth2AuthorizedClient client = authorizedClientService.loadAuthorizedClient(
+				oauthToken.getAuthorizedClientRegistrationId(),
+				oauthToken.getName()
+			);
+
+			//AES 암호화
+            try {
+				String encodedGithubToken = aesUtil.encrypt(client.getAccessToken().getTokenValue());
+				loginUser.setGithubAccessToken(encodedGithubToken);
+            } catch (Exception e) {
+				log.error(e.getMessage());
+                throw new AuthException(AuthExceptionCode.TOKEN_ENCODE_FAIL);
+            }
+			userDomainService.updateUserGithubAccessToken(loginUser);
+		}
 
 		String accessToken = jwtUtil.createAccessToken(
 			loginUser.getId(),
@@ -64,14 +95,27 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
 			refreshToken,
 			jwtUtil.getExpiration(refreshToken),
 			TimeUnit.MILLISECONDS);
-		log.info("레디스에 저장완료");
+
+		String redirectUri = (String) request.getSession().getAttribute("redirect_uri");
+
+		if (redirectUri == null) {
+			throw new AuthException(AuthExceptionCode.REDIRECT_URI_NOT_FOUND);
+		}
+
+		request.getSession().removeAttribute("redirect_uri"); // uri 사용 후 제거하기
+
+		String targetUri = UriComponentsBuilder.fromUriString(redirectUri)
+			.queryParam("accessToken", accessToken)
+			.queryParam("refreshToken", refreshToken)
+			.build().toUriString();
 
 		//JSON 문자열로 바꿔서 클라이언트에게 응답 본문으로 전달
 		OAuthResponse oAuthResponse = new OAuthResponse(accessToken, refreshToken);
+
 		response.setContentType("application/json");
 		response.setCharacterEncoding("UTF-8");
 		response.getWriter().write(objectMapper.writeValueAsString(oAuthResponse));
-		log.info("------------- accessToken : {}, refreshToken : {} ------------", accessToken, refreshToken);
-	}
+		// response.sendRedirect(targetUri);
+		}
 
 }

src/main/java/org/ezcode/codetest/common/security/util/AESUtil.java

@@ -0,0 +1,34 @@
+package org.ezcode.codetest.common.security.util;
+
+import java.util.Base64;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+@Component
+public class AESUtil {
+
+    private static final String ALGORITHM = "AES";
+    @Value("${aes.secret.key}")
+    private String SECRET_KEY; // 반드시 16, 24, 또는 32바이트
+
+    public String encrypt(String input) throws Exception {
+        SecretKeySpec keySpec = new SecretKeySpec(SECRET_KEY.getBytes(), ALGORITHM);
+        Cipher cipher = Cipher.getInstance(ALGORITHM);
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec);
+        byte[] encryptedBytes = cipher.doFinal(input.getBytes());
+        return Base64.getEncoder().encodeToString(encryptedBytes);
+    }
+
+    public String decrypt(String encryptedInput) throws Exception {
+        SecretKeySpec keySpec = new SecretKeySpec(SECRET_KEY.getBytes(), ALGORITHM);
+        Cipher cipher = Cipher.getInstance(ALGORITHM);
+        cipher.init(Cipher.DECRYPT_MODE, keySpec);
+        byte[] encryptedBytes = Base64.getDecoder().decode(encryptedInput);
+        byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
+        return new String(decryptedBytes);
+    }
+}

src/main/java/org/ezcode/codetest/common/security/util/JwtFilter.java

@@ -36,13 +36,6 @@ public class JwtFilter extends OncePerRequestFilter {
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
 									FilterChain filterChain) throws ServletException, IOException {
 
-		// String requestURI = request.getRequestURI();
-		//
-		// //whiteList 등록
-		// if (shouldNotFilter(requestURI)) {
-		// 	filterChain.doFilter(request, response);
-		// 	return;
-		// }
 
 		String bearerToken = request.getHeader("Authorization");
 

src/main/java/org/ezcode/codetest/common/security/util/SecurityPath.java

@@ -5,13 +5,14 @@
 @Component
 public class SecurityPath {
 	public static final String[] PUBLIC_PATH = {
+		"/login/oauth2/**", //OAuth로그인 접근
 		"/api/auth/**",
+		"/api/oauth2/**",
 		"/login",
 		"/ezlogin",
 		"/login/**",
 		"/oauth2/**",
 		"/login/oauth",
-		"/login/oauth2/**", //OAuth로그인 접근
 		"/actuator/**",
 		"/chatting",
 		"/submit-test",