Merge branch 'main' of https://github.com/Octa-Cloud/BE-auth-service

Author: KoungQ

build.gradle

@@ -32,6 +32,9 @@ dependencies {
     // Apache HttpClient5
     implementation 'org.apache.httpcomponents.client5:httpclient5:5.3.1'
 
+    // Kafka
+    implementation "org.springframework.kafka:spring-kafka"
+
     // Lombok
     compileOnly 'org.projectlombok:lombok'
     annotationProcessor 'org.projectlombok:lombok'

src/main/java/com/project/auth/domain/infra/kafka/AuthDltListeners.java

@@ -0,0 +1,27 @@
+package com.project.auth.domain.infra.kafka;
+
+import lombok.RequiredArgsConstructor;
+import org.apache.kafka.clients.consumer.ConsumerRecord;
+import org.springframework.kafka.annotation.KafkaListener;
+import org.springframework.kafka.support.KafkaHeaders;
+import org.springframework.messaging.handler.annotation.Header;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class AuthDltListeners {
+
+    private final DltLogger dlt;
+
+    @KafkaListener(topics = "auth.token-delete.command.dlt", groupId = "auth-service")
+    public void onTokenDeleteCmdDlt(
+            ConsumerRecord<String,String> rec,
+            @Header(name = KafkaHeaders.DLT_ORIGINAL_TOPIC, required = false)   String oTopic,
+            @Header(name = KafkaHeaders.DLT_ORIGINAL_PARTITION, required = false) Integer oPart,
+            @Header(name = KafkaHeaders.DLT_ORIGINAL_OFFSET, required = false)   Long oOffset,
+            @Header(name = KafkaHeaders.DLT_EXCEPTION_FQCN, required = false)    String exClass,
+            @Header(name = KafkaHeaders.DLT_EXCEPTION_MESSAGE, required = false) String exMsg
+    ){
+        dlt.logAndCount("auth.token-delete.command.dlt", rec, oTopic, oPart, oOffset, exClass, exMsg);
+    }
+}

src/main/java/com/project/auth/domain/infra/kafka/AuthRevokeListener.java

@@ -0,0 +1,74 @@
+// com.project.auth.domain.infra.kafka.AuthRevokeListener.java
+package com.project.auth.domain.infra.kafka;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.project.auth.domain.domain.service.TokenBlacklistService;
+import com.project.auth.domain.domain.service.RefreshTokenService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.kafka.clients.consumer.ConsumerRecord;
+import org.springframework.kafka.annotation.KafkaListener;
+import org.springframework.kafka.annotation.RetryableTopic;
+import org.springframework.kafka.support.Acknowledgment;
+import org.springframework.retry.annotation.Backoff;
+import org.springframework.stereotype.Component;
+
+import java.time.Duration;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class AuthRevokeListener {
+
+    private final ObjectMapper om;
+    private final TokenBlacklistService blacklist;
+    private final RefreshTokenService refreshTokens;
+
+    @RetryableTopic(
+            attempts = "3",
+            backoff = @Backoff(delay = 1000, multiplier = 2.0),
+            autoCreateTopics = "false",
+            dltTopicSuffix = ".dlt",
+            exclude = { InvalidPayloadException.class } // 독성 → 즉시 DLT
+    )
+    @KafkaListener(
+            topics = "auth.token-delete.command",
+            groupId = "auth-service",
+            containerFactory = "kafkaManualAckFactory"
+    )
+    public void onRevoke(ConsumerRecord<String, String> rec, Acknowledgment ack) throws Exception {
+        final JsonNode n;
+        try {
+            n = om.readTree(rec.value());
+        } catch (Exception e) {
+            log.error("[auth] toxic payload -> DLT, value={}", rec.value());
+            throw new InvalidPayloadException("Invalid JSON: " + e.getMessage(), e);
+        }
+
+        long userNo = n.path("userNo").asLong(0L);
+        String accessToken = n.path("accessToken").asText(null);
+        long ttlSec = n.path("blacklistSeconds").asLong(0L);
+
+        if (userNo <= 0L) {
+            log.error("[auth] toxic payload -> DLT (invalid userNo), value={}", rec.value());
+            throw new InvalidPayloadException("Missing/invalid userNo");
+        }
+
+        // 1) 액세스 토큰 블랙리스트: 남은 TTL이 있을 때만
+        if (accessToken != null && !accessToken.isBlank() && ttlSec > 0) {
+            blacklist.blacklist(accessToken, Duration.ofSeconds(ttlSec));
+            log.info("[auth] access token blacklisted userNo={}, ttlSec={}", userNo, ttlSec);
+        } else {
+            log.info("[auth] skip access-token blacklist (tokenMissingOrTtl<=0) userNo={}, ttlSec={}, tokenPresent={}",
+                    userNo, ttlSec, accessToken != null && !accessToken.isBlank());
+        }
+
+        // 2) 리프레시 토큰은 ‘항상’ 제거 (재발급 경로 차단)
+        refreshTokens.deleteRefreshToken(userNo);
+
+        // 3) 오프셋 커밋
+        ack.acknowledge();
+    }
+
+}

src/main/java/com/project/auth/domain/infra/kafka/DltLogger.java

@@ -0,0 +1,44 @@
+package com.project.auth.domain.infra.kafka;
+
+// 공통 유틸(선택): 헤더를 예쁘게 로깅하고, 카운터 증가
+
+import io.micrometer.core.instrument.MeterRegistry;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.kafka.clients.consumer.ConsumerRecord;
+import org.springframework.kafka.support.KafkaHeaders;
+import org.springframework.messaging.handler.annotation.Header;
+import org.springframework.stereotype.Component;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class DltLogger {
+
+    private final MeterRegistry meter; // micrometer
+
+    public void logAndCount(
+            String dltTopic,
+            ConsumerRecord<String, String> rec,
+            @Header(name = KafkaHeaders.DLT_ORIGINAL_TOPIC, required = false)   String oTopic,
+            @Header(name = KafkaHeaders.DLT_ORIGINAL_PARTITION, required = false) Integer oPart,
+            @Header(name = KafkaHeaders.DLT_ORIGINAL_OFFSET, required = false)   Long oOffset,
+            @Header(name = KafkaHeaders.DLT_EXCEPTION_FQCN, required = false)    String exClass,
+            @Header(name = KafkaHeaders.DLT_EXCEPTION_MESSAGE, required = false) String exMsg
+    ) {
+        // 메트릭: dlt 카운트
+        meter.counter("kafka.dlt.count",
+                        "dltTopic", dltTopic,
+                        "origTopic", String.valueOf(oTopic))
+                .increment();
+
+        log.error("[DLT] topic={}, origTopic={}, origPartition={}, origOffset={}, key={}, ts={}, exClass={}, exMsg={}, payload={}",
+                dltTopic,
+                oTopic, oPart, oOffset,
+                rec.key(),
+                rec.timestamp(),
+                exClass, exMsg,
+                rec.value()
+        );
+    }
+}

src/main/java/com/project/auth/domain/infra/kafka/InvalidPayloadException.java

@@ -0,0 +1,6 @@
+package com.project.auth.domain.infra.kafka;
+
+public class InvalidPayloadException extends RuntimeException {
+    public InvalidPayloadException(String msg) { super(msg); }
+    public InvalidPayloadException(String msg, Throwable cause) { super(msg, cause); }
+}

src/main/java/com/project/auth/global/config/KafkaConfig.java

@@ -0,0 +1,53 @@
+// com.project.auth.global.config.KafkaConfig.java
+package com.project.auth.global.config;
+
+import org.apache.kafka.clients.consumer.ConsumerConfig;
+import org.apache.kafka.common.serialization.StringDeserializer;
+import org.springframework.boot.autoconfigure.kafka.KafkaProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.kafka.annotation.EnableKafka;
+import org.springframework.kafka.annotation.EnableKafkaRetryTopic;
+import org.springframework.kafka.config.ConcurrentKafkaListenerContainerFactory;
+import org.springframework.kafka.core.ConsumerFactory;
+import org.springframework.kafka.core.DefaultKafkaConsumerFactory;
+import org.springframework.kafka.listener.ContainerProperties;
+import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
+
+import java.util.HashMap;
+import java.util.Map;
+
+@Configuration
+@EnableKafka
+@EnableKafkaRetryTopic   // @RetryableTopic 활성화
+public class KafkaConfig {
+
+    @Bean
+    public ConsumerFactory<String, String> consumerFactory(KafkaProperties props) {
+        Map<String, Object> cfg = new HashMap<>(props.buildConsumerProperties());
+        cfg.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
+        cfg.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
+        cfg.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, false);
+        return new DefaultKafkaConsumerFactory<>(cfg);
+    }
+
+    @Bean(name = "kafkaManualAckFactory")
+    public ConcurrentKafkaListenerContainerFactory<String, String> kafkaManualAckFactory(
+            ConsumerFactory<String, String> cf) {
+        var f = new ConcurrentKafkaListenerContainerFactory<String, String>();
+        f.setConsumerFactory(cf);
+        f.getContainerProperties().setAckMode(ContainerProperties.AckMode.MANUAL_IMMEDIATE);
+        //f.setConcurrency(1);
+        return f;
+    }
+
+    // @RetryableTopic의 백오프 스케줄링용
+    @Bean
+    public org.springframework.scheduling.TaskScheduler taskScheduler() {
+        ThreadPoolTaskScheduler t = new ThreadPoolTaskScheduler();
+        t.setPoolSize(2);
+        t.setThreadNamePrefix("auth-sched-");
+        t.initialize();
+        return t;
+    }
+}

src/main/resources/application.yml

@@ -2,6 +2,31 @@ server:
   port: 8080
 
 spring:
+  kafka:
+    bootstrap-servers: pkc-gq2xn.asia-northeast3.gcp.confluent.cloud:9092
+    properties:
+      security.protocol: SASL_SSL
+      sasl.mechanism: PLAIN
+      sasl.jaas.config: >
+        org.apache.kafka.common.security.plain.PlainLoginModule required
+        username="AGQDVMNB6DVPXFX7"
+        password="cfltBaumbQnzwuPIRS3E8S1MNrfqrsb9LXzDvUBPBrP0YQRUTfBqdD2nOKmzUXFw";
+    producer:
+      acks: all
+      retries: 3
+      key-serializer: org.apache.kafka.common.serialization.StringSerializer
+      value-serializer: org.apache.kafka.common.serialization.StringSerializer
+    consumer:
+      enable-auto-commit: false
+      auto-offset-reset: latest
+      key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
+      value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
+      max-poll-records: 100
+      max-poll-interval-ms: 300000  # 5분
+    admin:
+      auto-create: false
+      fail-fast: true
+
   data:
     redis:
       host: ${SPRING_DATA_REDIS_HOST:localhost}
@@ -80,7 +105,7 @@ logging:
     org.springframework: DEBUG
     org.springframework.web: DEBUG
     org.springframework.boot: DEBUG
-    com.project.user: DEBUG
+    com.project.auth: DEBUG
     org.hibernate.SQL: DEBUG
     org.hibernate.type.descriptor.sql: TRACE
 
@@ -109,7 +134,7 @@ management:
       enabled: true
   metrics:
     tags:
-      application: user-service
+      application: auth-service
     distribution:
       percentiles-histogram:
         http.server.requests: true