Merge pull request #37 from May-I-AI-Integrated-Platform/feature/35/googleSocialLogin

[FEAT] #35 구글 소셜로그인 구현

Author: Fidesss

build.gradle

@@ -47,6 +47,9 @@ dependencies {
 
 	//WebClient
 	implementation 'org.springframework.boot:spring-boot-starter-webflux'
+
+	//oauth2
+	implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
 }
 tasks.named('test') {
 	useJUnitPlatform()

src/main/java/ai/Mayi/apiPayload/code/status/ErrorStatus.java

@@ -28,7 +28,8 @@ public enum ErrorStatus implements BaseErrorCode {
     _EXPIRED_ACCESS_TOKEN(HttpStatus.UNAUTHORIZED, "JWT402", "액세스 토큰이 만료되었습니다."),
     _UNSUPPORTED_JWT(HttpStatus.UNAUTHORIZED, "JWT403", "지원되지 않는 JWT 토큰입니다."),
     _EMPTY_JWT(HttpStatus.UNAUTHORIZED, "JWT404", "JWT 토큰이 비어 있습니다."),
-    _EXPIRED_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "JWT405", "리프레쉬토큰이 만료되었습니다. 로그인을 진행해주세요."),
+    _EXPIRED_REFRESH_TOKEN(HttpStatus.UNAUTHORIZED, "JWT405", "리프레쉬토큰이 만료되었거나, 없습니다. 로그인을 진행해주세요."),
+    _REFRESHED_ACCESS_TOKEN(HttpStatus.valueOf(419), "JWT406", "AccessToken이 재발급되었습니다. 요청을 다시 보내주세요."),
 
     //토큰 관련 응답
     _NOT_EXIST_TOKEN_TYPE(HttpStatus.NOT_FOUND, "TOKEN501", "존재하지 않는 토큰 타입입니다"),

src/main/java/ai/Mayi/config/SecurityConfig.java

@@ -2,6 +2,8 @@
 
 import ai.Mayi.jwt.JwtAuthenticationFilter;
 import ai.Mayi.jwt.JwtUtil;
+import ai.Mayi.oauth.CustomOAuth2SuccessHandler;
+import ai.Mayi.oauth.CustomOAuth2UserService;
 import ai.Mayi.repository.UserRepository;
 import ai.Mayi.service.MyUserDetailsService;
 import lombok.RequiredArgsConstructor;
@@ -22,6 +24,8 @@ public class SecurityConfig {
     private final JwtUtil jwtUtil;
     private final UserRepository userRepository;
     private final MyUserDetailsService myUserDetailsService;
+    private final CustomOAuth2UserService customOAuth2UserService;
+    private final CustomOAuth2SuccessHandler customOAuth2SuccessHandler;
 
     @Bean
     public JwtAuthenticationFilter jwtAuthenticationFilter() {
@@ -45,8 +49,17 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                 // 요청에 대한 인증 및 권한 설정
                 .authorizeHttpRequests(auth -> auth
 //                       .requestMatchers("/**").permitAll() //
-                        .requestMatchers("/user/test").hasRole("USER") // "USER" 권한테스트
-                        .anyRequest().permitAll() // 인증 x
+                                .requestMatchers("/user/test").hasRole("USER") // "USER" 권한테스트
+                                .anyRequest().permitAll() // 인증 x
+                )
+                // oauth
+                .oauth2Login(oauth2 -> oauth2
+                        .userInfoEndpoint(userInfo -> userInfo
+                                // login
+                                .userService(customOAuth2UserService)
+                        )
+                        // After login
+                        .successHandler(customOAuth2SuccessHandler)
                 )
                 .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
 

src/main/java/ai/Mayi/domain/User.java

@@ -34,6 +34,10 @@ public class User implements UserDetails{
     @Column(name = "refresh_token", length = 500)
     private String refreshToken;  // Refresh Token 저장
 
+    private boolean social;
+
+    private String profileImageUrl;
+
     @OneToMany(mappedBy = "user", cascade = CascadeType.ALL)
     private List<Chat> chats;
 

src/main/java/ai/Mayi/jwt/CookieUtil.java

@@ -3,9 +3,10 @@
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Component;
 
 import java.util.Arrays;
-
+@Component
 public class CookieUtil {
     public static void addCookie(HttpServletResponse response, String name, String value, int maxAge) {
         Cookie cookie = new Cookie(name, value);

src/main/java/ai/Mayi/jwt/JwtAuthenticationFilter.java

@@ -32,7 +32,12 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
     ) throws ServletException, IOException {
 
         String accessToken = CookieUtil.getCookieValue(request, "accessToken");
+        String requestURI = request.getRequestURI();
 
+//        if (requestURI.startsWith("/oauth2/") || requestURI.startsWith("/login") || requestURI.equals("/")) {
+//            chain.doFilter(request, response);
+//            return;
+//        }
         // accessToken 검사
         if (accessToken != null && jwtUtil.validateToken(accessToken)) {
             Authentication authentication = jwtUtil.getAuthentication(accessToken);
@@ -44,7 +49,6 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
             if (refreshToken != null && jwtUtil.validateToken(refreshToken)) {
                 String userEmail = jwtUtil.getUserEmail(refreshToken);
-                log.info("RefreshToken 추출 userEmail {}", userEmail);
 
                 if (userRepository.findByUserEmail(userEmail).isPresent()) {
                     log.info("리프레쉬 토큰안의 정보를 통한 이메일이 존재한다");
@@ -63,14 +67,12 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                         String newAccessToken = jwtUtil.generateAccessToken(authentication);
                         sendTokenResponse(response, newAccessToken);
                         SecurityContextHolder.getContext().setAuthentication(authentication);
+                        sendStatusResponse(response, ErrorStatus._REFRESHED_ACCESS_TOKEN);
                         return;
                     }
                 }
             }
 
-            log.warn("저장되어있는 RefreshToken과 쿠키의 AccessToken이 매치되지 않습니다.");
-            log.warn("401 에러가 나면 로그인페이지로 이동하게 만들기");
-//            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "저장되어있는 RefreshToken과 쿠키의 AccessToken이 매치되지 않습니다.");
             sendStatusResponse(response, ErrorStatus._EXPIRED_REFRESH_TOKEN);
             return;
         }
@@ -82,7 +84,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
     @Override
     protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
         String path = request.getRequestURI();
-        return !path.startsWith("/user/data"); // "/user/test"만 필터 적용, 나머지는 제외
+        return !path.startsWith("/user/data");
     }
 
     private void sendTokenResponse(HttpServletResponse response, String accessToken) {

src/main/java/ai/Mayi/oauth/CustomOAuth2SuccessHandler.java

@@ -0,0 +1,57 @@
+package ai.Mayi.oauth;
+
+import ai.Mayi.domain.User;
+import ai.Mayi.jwt.CookieUtil;
+import ai.Mayi.jwt.JwtUtil;
+import ai.Mayi.repository.UserRepository;
+import ai.Mayi.web.dto.JwtTokenDTO;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+import java.util.Optional;
+
+@Component
+@RequiredArgsConstructor
+public class CustomOAuth2SuccessHandler implements AuthenticationSuccessHandler {
+
+    private final JwtUtil jwtUtil;
+    private final CookieUtil cookieUtil;
+    private final OAuth2Properties oAuth2Properties;
+    private final UserRepository userRepository;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+                                        Authentication authentication) throws IOException, ServletException {
+
+        // 이메일 추출
+        OAuth2User oAuth2User = (OAuth2User) authentication.getPrincipal();
+        String userEmail = oAuth2User.getAttribute("email");
+
+        //이메일로 유저찾기
+        Optional<User> user = userRepository.findByUserEmail(userEmail);
+
+
+        // JWT 발급
+        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(userEmail, null, authentication.getAuthorities());
+        JwtTokenDTO jwtToken = jwtUtil.generateToken(token);
+
+        // 쿠키에 저장
+        cookieUtil.addCookie(response, "accessToken", jwtToken.getAccessToken(), 600);
+        cookieUtil.addCookie(response, "refreshToken", jwtToken.getRefreshToken(), 3600);
+
+        user.get().updateRefreshToken(jwtToken.getRefreshToken());
+        userRepository.save(user.get());
+
+        // 리다이렉트
+        response.sendRedirect(oAuth2Properties.getSuccessRedirect());
+    }
+}
+

src/main/java/ai/Mayi/oauth/CustomOAuth2User.java

@@ -0,0 +1,20 @@
+package ai.Mayi.oauth;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
+
+import java.util.Collection;
+import java.util.Map;
+
+public class CustomOAuth2User extends DefaultOAuth2User {
+
+    public CustomOAuth2User(Collection<? extends GrantedAuthority> authorities,
+                            Map<String, Object> attributes,
+                            String nameAttributeKey) {
+        super(authorities, attributes, nameAttributeKey);
+    }
+
+    public String getEmail() {
+        return (String) getAttributes().get("email");
+    }
+}

src/main/java/ai/Mayi/oauth/CustomOAuth2UserService.java

@@ -0,0 +1,54 @@
+package ai.Mayi.oauth;
+
+import ai.Mayi.domain.User;
+import ai.Mayi.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.stereotype.Service;
+
+import java.util.*;
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class CustomOAuth2UserService extends DefaultOAuth2UserService {
+
+    private final UserRepository userRepository;
+
+    @Override
+    public OAuth2User loadUser(OAuth2UserRequest userRequest) {
+        OAuth2User oAuth2User = super.loadUser(userRequest);
+        Map<String, Object> attributes = oAuth2User.getAttributes();
+
+        //email, profile picture
+        String userEmail = (String) attributes.get("email");
+        String userPicture = (String) attributes.get("picture");
+        String role = "USER";
+
+        // DB에 있는지 확인하고 없으면 새로 저장
+        Optional<User> userOptional = userRepository.findByUserEmail(userEmail);
+        User user = userOptional.orElseGet(() -> {
+            log.info("현재 소셜로그인 후 DB에 유저 저장 진행 중..");
+            User newUser = User.builder()
+                    .userEmail(userEmail)
+                    .userName((String) attributes.get("name"))
+                    // dummyPassword
+                    .userPassword(UUID.randomUUID().toString())
+                    .roles(List.of(role))
+                    .social(true)
+                    .profileImageUrl(userPicture)
+                    .build();
+            return userRepository.save(newUser);
+        });
+
+        return new CustomOAuth2User(
+                Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")),
+                attributes,
+                "email" // Principal name
+        );
+    }
+}

src/main/java/ai/Mayi/oauth/OAuth2Properties.java

@@ -0,0 +1,15 @@
+package ai.Mayi.oauth;
+
+import lombok.Getter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+@Component
+@ConfigurationProperties(prefix = "app.oauth2")
+@Getter
+public class OAuth2Properties {
+    private String successRedirect;
+    public void setSuccessRedirect(String successRedirect) {
+        this.successRedirect = successRedirect;
+    }
+}