[feat] 카카오, 구글, 애플 회원가입 및 로그인 구현

docker/init.sql

@@ -20,7 +20,9 @@ CREATE TABLE users
 (
     user_id                 BIGSERIAL PRIMARY KEY,
     email                   VARCHAR(100) NOT NULL,
-    authentication_code     VARCHAR(6)   NOT NULL,
+    provider                VARCHAR(15)  NULL,
+    sub                     VARCHAR(255) NULL,
+    authentication_code     VARCHAR(6)   NULL,
     is_authenticated        BOOLEAN      NOT NULL,
     username                VARCHAR(20)  NULL,
     password                VARCHAR(255) NULL,
@@ -29,7 +31,7 @@ CREATE TABLE users
     deleted_date            TIMESTAMP(6) NULL,
     created_date_time       TIMESTAMP(6) NULL,
     last_modified_date_time TIMESTAMP(6) NULL,
-    CONSTRAINT uq_email UNIQUE (email),
+    CONSTRAINT uq_user_provider_sub UNIQUE (provider, sub),
     CONSTRAINT uq_username UNIQUE (username)
 );
 

photi-apis/enduser/build.gradle.kts

@@ -1,10 +1,17 @@
+dependencyManagement {
+    imports {
+        mavenBom("org.springframework.cloud:spring-cloud-dependencies:2024.0.0")
+    }
+}
+
 dependencies {
     implementation("org.springframework.boot:spring-boot-starter-web")
     implementation("org.springframework.boot:spring-boot-starter-validation")
     implementation("org.springframework.boot:spring-boot-starter-security")
     implementation("org.springframework.boot:spring-boot-starter-mail")
     implementation("org.springframework.boot:spring-boot-starter-thymeleaf")
     implementation("org.springframework.boot:spring-boot-starter-actuator")
+    implementation("org.springframework.cloud:spring-cloud-starter-openfeign")
     implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.13")
     implementation("io.jsonwebtoken:jjwt-api:0.13.0")
     implementation("io.micrometer:micrometer-registry-prometheus")

photi-apis/enduser/src/main/kotlin/com/photi/apis/enduser/common/exception/CustomExceptionHandler.kt

@@ -3,6 +3,7 @@ package com.photi.apis.enduser.common.exception
 import com.photi.apis.enduser.common.exception.dto.ErrorResponse
 import com.photi.core.domain.common.exception.GlobalErrorCode
 import com.photi.core.domain.common.exception.PhotiException
+import com.photi.core.domain.user.exception.UserErrorCode
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.validation.ConstraintViolationException
 import org.springframework.beans.TypeMismatchException
@@ -71,10 +72,18 @@ class CustomExceptionHandler : ResponseEntityExceptionHandler() {
         status: HttpStatusCode,
         request: WebRequest
     ): ResponseEntity<Any>? {
-        val response = ErrorResponse(
-            GlobalErrorCode.DATE_FORMAT_INVALID.name,
-            GlobalErrorCode.DATE_FORMAT_INVALID.message,
-        )
+        val isEnum = ex.requiredType?.isEnum == true
+        val response = if (isEnum) {
+            ErrorResponse(
+                UserErrorCode.OAUTH_PROVIDER_INVALID.name,
+                UserErrorCode.OAUTH_PROVIDER_INVALID.message,
+            )
+        } else {
+            ErrorResponse(
+                GlobalErrorCode.DATE_FORMAT_INVALID.name,
+                GlobalErrorCode.DATE_FORMAT_INVALID.message,
+            )
+        }
         return ResponseEntity.status(BAD_REQUEST).body(response)
     }
 

photi-apis/enduser/src/main/kotlin/com/photi/apis/enduser/config/InfraConfig.kt

@@ -12,6 +12,9 @@ import org.springframework.context.annotation.Configuration
         PhotiConfigGroup.REDIS,
         PhotiConfigGroup.S3,
         PhotiConfigGroup.ASYNC,
+        PhotiConfigGroup.REDIS_CACHE,
+        PhotiConfigGroup.FEIGN,
+        PhotiConfigGroup.CONFIGURATION_PROPERTIES,
     ]
 )
 class InfraConfig

photi-apis/enduser/src/main/kotlin/com/photi/apis/enduser/config/oidc/JwtOidcProvider.kt

@@ -0,0 +1,95 @@
+package com.photi.apis.enduser.config.oidc
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.photi.core.domain.common.exception.GlobalException
+import com.photi.core.domain.user.dto.OidcPayload
+import com.photi.core.infra.oauth.port.JwtOidcPort
+import io.jsonwebtoken.*
+import org.springframework.stereotype.Component
+import java.math.BigInteger
+import java.security.KeyFactory
+import java.security.PublicKey
+import java.security.spec.RSAPublicKeySpec
+import java.util.*
+
+@Component
+class JwtOidcProvider(
+    private val objectMapper: ObjectMapper,
+) : JwtOidcPort {
+
+    override fun getKidFromUnsignedIdToken(idToken: String, iss: String, aud: String): String {
+        val splitIdToken = getSplitIdToken(idToken)
+        validatePayload(splitIdToken[1], iss, aud)
+        val headerJson = String(Base64.getUrlDecoder().decode(splitIdToken[0]))
+        val headerMap = objectMapper.readValue(headerJson, Map::class.java)
+        return headerMap[KID].toString()
+    }
+
+    override fun getIdTokenPayload(
+        idToken: String,
+        modulus: String,
+        exponent: String,
+    ): OidcPayload {
+        val claims = getIdTokenClaims(idToken, modulus, exponent)
+        return OidcPayload(
+            claims.issuer,
+            claims.audience.first(),
+            claims.subject,
+            claims[EMAIL].toString(),
+            claims[PICTURE].toString(),
+        )
+    }
+
+    private fun getSplitIdToken(idToken: String): List<String> {
+        val splitToken = idToken.split(".")
+        if (splitToken.size != 3) {
+            throw GlobalException.InvalidTokenException()
+        }
+        return splitToken
+    }
+
+    private fun validatePayload(payload: String, iss: String, aud: String) {
+        val payloadJson = String(Base64.getUrlDecoder().decode(payload))
+        val payloadMap = objectMapper.readValue(payloadJson, Map::class.java)
+        if (payloadMap[ISS] != iss || payloadMap[AUD] != aud) {
+            throw GlobalException.InvalidTokenException()
+        }
+        val exp = (payloadMap[EXP] as? Number)?.toLong()
+            ?: throw GlobalException.InvalidTokenException()
+        if (Date().time / 1000 > exp) throw GlobalException.ExpiredTokenException()
+    }
+
+    private fun getIdTokenClaims(idToken: String, modulus: String, exponent: String): Claims {
+        return try {
+            Jwts.parser()
+                .verifyWith(getRsaPublicKey(modulus, exponent))
+                .build()
+                .parseSignedClaims(idToken)
+                .payload
+        } catch (e: ExpiredJwtException) {
+            throw GlobalException.ExpiredTokenException()
+        } catch (e: Exception) {
+            throw GlobalException.InvalidTokenException()
+        }
+    }
+
+    private fun getRsaPublicKey(modulus: String, exponent: String): PublicKey {
+        val keyFactory = KeyFactory.getInstance(ALGORITHM)
+        val decodeN = Base64.getUrlDecoder().decode(modulus)
+        val decodeE = Base64.getUrlDecoder().decode(exponent)
+        val n = BigInteger(1, decodeN)
+        val e = BigInteger(1, decodeE)
+        val keySpec = RSAPublicKeySpec(n, e)
+        return keyFactory.generatePublic(keySpec)
+    }
+
+    companion object {
+        private const val KID = "kid"
+        private const val ISS = "iss"
+        private const val AUD = "aud"
+        private const val EXP = "exp"
+        private const val EMAIL = "email"
+        private const val PICTURE = "picture"
+        private const val ALGORITHM = "RSA"
+    }
+}

photi-apis/enduser/src/main/kotlin/com/photi/apis/enduser/controller/oauth/OAuthController.kt

@@ -0,0 +1,66 @@
+package com.photi.apis.enduser.controller.oauth
+
+import com.photi.apis.enduser.common.exception.GlobalApiErrorResponses
+import com.photi.apis.enduser.common.exception.UserApiErrorResponses
+import com.photi.apis.enduser.config.security.JwtTokenProvider
+import com.photi.apis.enduser.controller.auth.dto.response.LoginResponse
+import com.photi.apis.enduser.controller.auth.dto.response.SignUpResponse
+import com.photi.apis.enduser.controller.oauth.request.OAuthSignUpRequest
+import com.photi.core.domain.common.exception.GlobalErrorCode.EXPIRED_TOKEN
+import com.photi.core.domain.common.exception.GlobalErrorCode.INVALID_TOKEN
+import com.photi.core.domain.user.exception.UserErrorCode.*
+import com.photi.core.domain.user.model.OAuthProviderType
+import com.photi.core.domain.user.model.RoleType
+import com.photi.core.domain.user.model.RoleType.Companion.getRole
+import com.photi.core.domain.user.service.OAuthService
+import io.swagger.v3.oas.annotations.Operation
+import io.swagger.v3.oas.annotations.Parameter
+import io.swagger.v3.oas.annotations.responses.ApiResponse
+import io.swagger.v3.oas.annotations.tags.Tag
+import jakarta.validation.Valid
+import org.springframework.http.HttpStatus.CREATED
+import org.springframework.http.HttpStatus.OK
+import org.springframework.http.ResponseEntity
+import org.springframework.validation.annotation.Validated
+import org.springframework.web.bind.annotation.*
+
+@Validated
+@RestController
+@RequestMapping("/api/v2/oauth")
+@Tag(name = "OAuth", description = "OAuth API")
+class OAuthController(
+    private val oAuthService: OAuthService,
+    private val jwtTokenProvider: JwtTokenProvider,
+) {
+
+    @PostMapping("/{provider}/signup")
+    @Operation(summary = "OAuth 회원가입")
+    @ApiResponse(responseCode = "201")
+    @UserApiErrorResponses([EXISTING_USER])
+    @GlobalApiErrorResponses([INVALID_TOKEN, EXPIRED_TOKEN])
+    fun signUp(
+        @PathVariable provider: OAuthProviderType,
+        @RequestParam("id_token") @Parameter(description = "ID 토큰") idToken: String,
+        @RequestBody @Valid request: OAuthSignUpRequest,
+    ): ResponseEntity<SignUpResponse> {
+        val signUpUser = oAuthService.signUp(provider, idToken, request.toServiceDto())
+        val response = SignUpResponse.of(signUpUser)
+        val headers = jwtTokenProvider.createToken(response.userId, RoleType.USER)
+        return ResponseEntity.status(CREATED).headers(headers).body(response)
+    }
+
+    @GetMapping("/{provider}/login")
+    @Operation(summary = "OAuth 로그인")
+    @ApiResponse(responseCode = "200")
+    @UserApiErrorResponses([USER_NOT_FOUND, DELETED_USER])
+    @GlobalApiErrorResponses([INVALID_TOKEN, EXPIRED_TOKEN])
+    fun login(
+        @PathVariable provider: OAuthProviderType,
+        @RequestParam("id_token") @Parameter(description = "ID 토큰") idToken: String,
+    ): ResponseEntity<LoginResponse> {
+        val loginUser = oAuthService.login(provider, idToken)
+        val response = LoginResponse.of(loginUser)
+        val headers = jwtTokenProvider.createToken(response.userId, getRole(response.username))
+        return ResponseEntity.status(OK).headers(headers).body(response)
+    }
+}

photi-apis/enduser/src/main/kotlin/com/photi/apis/enduser/controller/oauth/OAuthProviderConverter.kt

@@ -0,0 +1,18 @@
+package com.photi.apis.enduser.controller.oauth
+
+import com.photi.core.domain.user.exception.UserException
+import com.photi.core.domain.user.model.OAuthProviderType
+import org.springframework.core.convert.converter.Converter
+import org.springframework.stereotype.Component
+
+@Component
+class OAuthProviderConverter : Converter<String, OAuthProviderType> {
+
+    override fun convert(source: String): OAuthProviderType? {
+        return try {
+            OAuthProviderType.valueOf(source.uppercase())
+        } catch (e: IllegalArgumentException) {
+            throw UserException.InvalidOAuthProviderException()
+        }
+    }
+}

photi-apis/enduser/src/main/kotlin/com/photi/apis/enduser/controller/oauth/request/OAuthSignUpRequest.kt

@@ -0,0 +1,24 @@
+package com.photi.apis.enduser.controller.oauth.request
+
+import com.photi.core.domain.common.consts.RegexPattern.LOWERCASE_NUMBER_UNDERSCORE
+import com.photi.core.domain.user.dto.OAuthSignUpDto
+import io.swagger.v3.oas.annotations.media.Schema
+import jakarta.validation.constraints.NotBlank
+import jakarta.validation.constraints.Pattern
+import jakarta.validation.constraints.Size
+
+@Schema(description = "OAuth 회원가입 요청 객체")
+data class OAuthSignUpRequest(
+
+    @Schema(description = "아이디", example = "photi")
+    @field:NotBlank(message = "아이디는 필수 입력입니다.")
+    @field:Size(min = 5, max = 20, message = "아이디는 5~20자만 가능합니다.")
+    @field:Pattern(
+        regexp = LOWERCASE_NUMBER_UNDERSCORE,
+        message = "아이디는 소문자 영어, 숫자, 특수문자(_)의 조합으로 입력해 주세요."
+    )
+    val username: String,
+) {
+
+    fun toServiceDto() = OAuthSignUpDto(username)
+}

photi-core/domain/src/main/kotlin/com/photi/core/domain/common/properties/AppleOAuthProperties.kt

@@ -0,0 +1,9 @@
+package com.photi.core.domain.common.properties
+
+import org.springframework.boot.context.properties.ConfigurationProperties
+
+@ConfigurationProperties("oauth.apple")
+data class AppleOAuthProperties(
+    override val baseUrl: String,
+    override val nativeAppKey: String,
+) : OAuthProperties

photi-core/domain/src/main/kotlin/com/photi/core/domain/common/properties/GoogleOAuthProperties.kt

@@ -0,0 +1,9 @@
+package com.photi.core.domain.common.properties
+
+import org.springframework.boot.context.properties.ConfigurationProperties
+
+@ConfigurationProperties("oauth.google")
+data class GoogleOAuthProperties(
+    override val baseUrl: String,
+    override val nativeAppKey: String,
+) : OAuthProperties

photi-core/domain/src/main/kotlin/com/photi/core/domain/common/properties/KakaoOAuthProperties.kt

@@ -0,0 +1,9 @@
+package com.photi.core.domain.common.properties
+
+import org.springframework.boot.context.properties.ConfigurationProperties
+
+@ConfigurationProperties("oauth.kakao")
+data class KakaoOAuthProperties(
+    override val baseUrl: String,
+    override val nativeAppKey: String,
+) : OAuthProperties

photi-core/domain/src/main/kotlin/com/photi/core/domain/common/properties/OAuthProperties.kt

@@ -0,0 +1,6 @@
+package com.photi.core.domain.common.properties
+
+interface OAuthProperties {
+    val baseUrl: String
+    val nativeAppKey: String
+}

photi-core/domain/src/main/kotlin/com/photi/core/domain/user/dto/OAuthSignUpDto.kt

@@ -0,0 +1,20 @@
+package com.photi.core.domain.user.dto
+
+import com.photi.core.domain.user.model.OAuthInfo
+import com.photi.core.domain.user.model.RoleType
+import com.photi.core.domain.user.model.User
+
+data class OAuthSignUpDto(
+    val username: String,
+) {
+
+    fun toEntity(oAuthInfo: OAuthInfo, email: String, image: String) =
+        User(
+            email = email,
+            oAuthInfo = oAuthInfo,
+            username = username,
+            role = RoleType.USER,
+            isAuthenticated = true,
+            imageUrl = image,
+        )
+}

photi-core/domain/src/main/kotlin/com/photi/core/domain/user/dto/OidcPayload.kt

@@ -0,0 +1,9 @@
+package com.photi.core.domain.user.dto
+
+data class OidcPayload(
+    val iss: String,
+    val aud: String,
+    val sub: String,
+    val email: String,
+    val image: String,
+)

photi-core/domain/src/main/kotlin/com/photi/core/domain/user/exception/UserErrorCode.kt

@@ -31,5 +31,6 @@ enum class UserErrorCode(
         "USERNAME_FORMAT_INVALID",
         "아이디는 소문자 영어, 숫자, 특수문자(_)의 조합으로 입력해 주세요.",
         "아이디는 5~20자만 가능하고, 정규식은 ^[a-z0-9_]+$ 입니다.",
-    );
+    ),
+    OAUTH_PROVIDER_INVALID(BAD_REQUEST, "OAUTH_PROVIDER_INVALID", "지원하지 않는 OAuth Provider 입니다."),
 }

photi-core/domain/src/main/kotlin/com/photi/core/domain/user/exception/UserException.kt

@@ -24,4 +24,6 @@ sealed class UserException(errorCode: UserErrorCode) : PhotiException(errorCode)
     class ExistsUsernameException : UserException(UserErrorCode.EXISTING_USERNAME)
 
     class NotAvailableUsernameException : UserException(UserErrorCode.UNAVAILABLE_USERNAME)
+
+    class InvalidOAuthProviderException : UserException(UserErrorCode.OAUTH_PROVIDER_INVALID)
 }

photi-core/domain/src/main/kotlin/com/photi/core/domain/user/model/OAuthInfo.kt

@@ -0,0 +1,27 @@
+package com.photi.core.domain.user.model
+
+import jakarta.persistence.Column
+import jakarta.persistence.Embeddable
+import jakarta.persistence.EnumType
+import jakarta.persistence.Enumerated
+
+@Embeddable
+class OAuthInfo(
+
+    @Enumerated(value = EnumType.STRING)
+    @Column(nullable = true, length = 15)
+    val provider: OAuthProviderType?,
+
+    @Column(nullable = true, length = 255)
+    val sub: String?,
+) {
+
+    companion object {
+
+        fun ofKakao(sub: String) = OAuthInfo(OAuthProviderType.KAKAO, sub)
+
+        fun ofGoogle(sub: String) = OAuthInfo(OAuthProviderType.GOOGLE, sub)
+
+        fun ofApple(sub: String) = OAuthInfo(OAuthProviderType.APPLE, sub)
+    }
+}