Merge pull request #162 from Susanghan-guys/feat/#161-report-redirect

feat: 리포트 리디렉션 수정

Author: zyovn

src/main/java/com/susanghan_guys/server/global/config/SecurityConfig.java

@@ -1,6 +1,6 @@
 package com.susanghan_guys.server.global.config;
 
-import com.susanghan_guys.server.global.filter.RedirectUriFilter;
+import com.susanghan_guys.server.oauth2.filter.RedirectUriFilter;
 import com.susanghan_guys.server.global.security.handler.JwtAccessDeniedHandler;
 import com.susanghan_guys.server.global.security.handler.JwtAuthenticationEntryPoint;
 import com.susanghan_guys.server.global.security.jwt.JwtAuthenticationFilter;

src/main/java/com/susanghan_guys/server/oauth2/domain/validator/RedirectValidator.java

@@ -0,0 +1,29 @@
+package com.susanghan_guys.server.oauth2.domain.validator;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+@Component
+public class RedirectValidator {
+
+    @Value("${frontend.oauth2.allowed-redirect-origin}")
+    private String allowedOrigin;
+
+    public boolean isAuthorized(String redirect) {
+        try {
+            URI uri = new URI(redirect);
+
+            String origin = uri.getScheme() + "://" + uri.getHost();
+            if (uri.getPort() != -1) {
+                origin += ":" + uri.getPort();
+            }
+
+            return allowedOrigin.equalsIgnoreCase(origin);
+        } catch (URISyntaxException e) {
+            return false;
+        }
+    }
+}

…ver/global/filter/RedirectUriFilter.java …ver/oauth2/filter/RedirectUriFilter.javasrc/main/java/com/susanghan_guys/server/global/filter/RedirectUriFilter.java renamed to src/main/java/com/susanghan_guys/server/oauth2/filter/RedirectUriFilter.java src/main/java/com/susanghan_guys/server/global/filter/RedirectUriFilter.java renamed to src/main/java/com/susanghan_guys/server/oauth2/filter/RedirectUriFilter.java

@@ -1,4 +1,4 @@
-package com.susanghan_guys.server.global.filter;
+package com.susanghan_guys.server.oauth2.filter;
 
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;

src/main/java/com/susanghan_guys/server/oauth2/handler/OAuth2SuccessHandler.java

@@ -3,6 +3,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.susanghan_guys.server.global.security.jwt.JwtProvider;
 import com.susanghan_guys.server.oauth2.domain.RefreshToken;
+import com.susanghan_guys.server.oauth2.domain.validator.RedirectValidator;
 import com.susanghan_guys.server.oauth2.infrastructure.persistence.RefreshTokenRepository;
 import com.susanghan_guys.server.global.security.CustomUserDetails;
 import com.susanghan_guys.server.global.util.RedisUtil;
@@ -36,8 +37,13 @@ public class OAuth2SuccessHandler implements AuthenticationSuccessHandler {
     private final ObjectMapper objectMapper;
     private final RedisUtil redisUtil;
 
-    @Value("${frontend.oauth2.base-redirect-uri}")
-    private String baseRedirectUri;
+    @Value("${frontend.oauth2.allowed-redirect-origin}")
+    private String allowedOrigin;
+
+    @Value("${frontend.oauth2.base-redirect-path}")
+    private String baseRedirectPath;
+
+    private final RedirectValidator redirectValidator;
 
     @Override
     public void onAuthenticationSuccess(
@@ -67,16 +73,15 @@ public void onAuthenticationSuccess(
                         "isSignUp", String.valueOf(isSignUp)
                 )), 1000 * 60L);
 
-        String redirectPath = Arrays.stream(Optional.ofNullable(request.getCookies()).orElse(new Cookie[0]))
+        String redirectUri = Arrays.stream(Optional.ofNullable(request.getCookies()).orElse(new Cookie[0]))
                 .filter(c -> "redirect".equals(c.getName()))
                 .findFirst()
                 .map(c -> URLDecoder.decode(c.getValue(), StandardCharsets.UTF_8))
-                .orElse("/oauth/callback");
-
-        String targetUri = baseRedirectUri + redirectPath;
+                .filter(redirectValidator::isAuthorized)
+                .orElse(allowedOrigin + baseRedirectPath);
 
         String callbackUri = UriComponentsBuilder
-                .fromUriString(targetUri)
+                .fromUriString(redirectUri)
                 .queryParam("code", tempCode)
                 .build()
                 .toUriString();