-
Notifications
You must be signed in to change notification settings - Fork 0
Feature/사용자 소셜 로그인, 회원가입 기능 구현 #102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
20 commits
Select commit
Hold shift + click to select a range
189fd0c
추가정보 api 완료
KII1ua 489bd70
추가정보 테스트 코드, flyway 추가
KII1ua 79d5907
UserService 테스트 코드 추가
KII1ua 78cf5d7
닉네임 사용 가능 여부 확인 추가
KII1ua 70feb8d
내 프로필 조회 api 구현
KII1ua 4ff0d67
토큰 재발급 로직 구현
KII1ua 8710ca6
추천 닉네임 생성 + 기본 이미지 선택
KII1ua bba8875
OAuth2 로그인 성공 후 회원 상태 분기 작성 완료
KII1ua 15482a6
코드 구조 개선(피드백 수정)
KII1ua 622f778
docs: OpenAPI spec → TypeScript 클라이언트 코드 생성 문서 추가
tlarbals824 59e9e82
Limit local CORS defaults to port 3000
tlarbals824 f43c21b
Use production domain as default CORS origin
tlarbals824 fe970df
Ensure release publishing checks pushed changes
tlarbals824 c175868
Avoid apt curl install in runtime image
tlarbals824 5e38144
Build jars outside runtime images with Gradle cache
tlarbals824 94c58ab
Allow local frontend origins in production CORS
tlarbals824 7f8c947
docs: 투표 기능 API 스펙 및 구현 계획 문서 추가
Junhyukkkk 2351924
git ignore api key 추가
KII1ua 1c229b1
security config 충돌 해결
KII1ua 1b56f81
Merge branch 'develop' into feature/register
KII1ua File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,38 +1,43 @@ | ||
| package com.ject.vs.config; | ||
|
|
||
| import com.ject.vs.service.CustomOAuth2UserService; | ||
| import org.springframework.context.annotation.Bean; | ||
| import org.springframework.context.annotation.Configuration; | ||
| import org.springframework.http.HttpMethod; | ||
| import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
| import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; | ||
| import org.springframework.security.web.SecurityFilterChain; | ||
| import org.springframework.security.web.csrf.CookieCsrfTokenRepository; | ||
| import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler; | ||
| import org.springframework.web.cors.CorsConfigurationSource; | ||
|
|
||
| @Configuration | ||
| public class SecurityConfig { | ||
|
|
||
| @Bean | ||
| public SecurityFilterChain securityFilterChain(HttpSecurity http, | ||
| OAuth2LoginSuccessHandler oAuth2LoginSuccessHandler, | ||
| CorsConfigurationSource corsConfigurationSource) throws Exception { | ||
| return http | ||
| public SecurityFilterChain securityFilterChain( | ||
| HttpSecurity http, | ||
| OAuth2LoginSuccessHandler oAuth2LoginSuccessHandler, | ||
| CustomOAuth2UserService customOAuth2UserService, | ||
| CorsConfigurationSource corsConfigurationSource | ||
| ) throws Exception { | ||
| CsrfTokenRequestAttributeHandler requestHandler = new CsrfTokenRequestAttributeHandler(); | ||
| requestHandler.setCsrfRequestAttributeName(null); | ||
|
|
||
| http | ||
| .cors(cors -> cors.configurationSource(corsConfigurationSource)) | ||
| .csrf(AbstractHttpConfigurer::disable) | ||
| .csrf(csrf -> csrf | ||
| .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) | ||
| .csrfTokenRequestHandler(requestHandler) | ||
| ) | ||
| .authorizeHttpRequests(auth -> auth | ||
| .requestMatchers( | ||
| "/v3/api-docs/**", | ||
| "/swagger-ui/**", | ||
| "/swagger-ui.html", | ||
| "/api/**", | ||
| "/actuator/health", | ||
| "/actuator/health/**", | ||
| "/", | ||
| "/error", | ||
| "/auth/reissue" | ||
| ).permitAll() | ||
| .requestMatchers(SecurityPaths.PUBLIC_ENDPOINTS.toArray(String[]::new)).permitAll() | ||
| .requestMatchers(HttpMethod.POST, "/auth/reissue").permitAll() | ||
| .anyRequest().authenticated() | ||
| ) | ||
| .oauth2Login(oauth2 -> oauth2 | ||
| .successHandler(oAuth2LoginSuccessHandler)) | ||
| .build(); | ||
| .successHandler(oAuth2LoginSuccessHandler) | ||
| .userInfoEndpoint(userInfo -> userInfo.userService(customOAuth2UserService))); | ||
|
|
||
| return http.build(); | ||
| } | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| package com.ject.vs.config; | ||
|
|
||
| import java.util.ArrayList; | ||
| import java.util.List; | ||
|
|
||
| public class SecurityPaths { | ||
|
|
||
| public static final List<String> PUBLIC_ENDPOINTS = List.of( | ||
| "/v3/api-docs/**", | ||
| "/swagger-ui/**", | ||
| "/swagger-ui.html", | ||
| "/actuator/health", | ||
| "/actuator/health/**", | ||
| "/", | ||
| "/error", | ||
| "/oauth2/authorization/**", | ||
| "/login/oauth2/code/**" | ||
| ); | ||
|
|
||
| public static final List<String> JWT_EXCLUDED_PATHS = createJwtExcludedPaths(); | ||
|
|
||
| private static List<String> createJwtExcludedPaths() { | ||
| List<String> paths = new ArrayList<>(PUBLIC_ENDPOINTS); | ||
|
|
||
| paths.add("/auth/reissue"); | ||
|
|
||
| return List.copyOf(paths); | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
이 변경으로
JwtAuthFilter생성자와validationToken()반환 타입이 바뀌었는데 기존 테스트가 반영되지 않아 로컬에서./gradlew test --no-daemon실행 시 테스트 컴파일이 실패합니다.보안 로직 변경인 만큼
TokenStatus.VALID/EXPIRED/INVALID/EMPTY, access/refresh token type 구분 케이스를 회귀 테스트로 같이 보강하면 좋겠습니다.