✨ User CRUD, 로컬 로그인, 구글 로그인 구현 (#6)

* feat: user, auth

* feat: local login

* feat: google login

* feat: frontend url setting

* feat: frontend url setting

* fix: spring properties

* fix: resolve some reviews

* fix: resolve reviews

* fix: cd

* fix: reviews

Author: tteokgook1

.github/workflows/cd.yml

@@ -11,6 +11,8 @@ env:
   DB_NAME: mydatabase
   DB_USER: ${{ secrets.DB_USER }}
   DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
+  GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
+  GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
 
 jobs:
   build-and-push:
@@ -23,6 +25,15 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Generate Dynamic JWT Secret
+        run: |
+          # Generate a 64-byte hex string
+          DYNAMIC_JWT=$(openssl rand -hex 64)
+          # Mask it so it doesn't show up in GitHub logs
+          echo "::add-mask::$DYNAMIC_JWT"
+          # Save it to the environment for subsequent steps
+          echo "JWT_SECRET=$DYNAMIC_JWT" >> $GITHUB_ENV
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -63,7 +74,7 @@ jobs:
           host: ${{ secrets.EC2_HOST }}
           username: ${{ secrets.EC2_USERNAME }}
           key: ${{ secrets.EC2_SSH_KEY }}
-          envs: REGISTRY,IMAGE_NAME,DB_NAME,DB_USER,DB_PASSWORD,GITHUB_ACTOR
+          envs: REGISTRY,IMAGE_NAME,DB_NAME,DB_USER,DB_PASSWORD,GITHUB_ACTOR,GOOGLE_CLIENT_ID,GOOGLE_CLIENT_SECRET,JWT_SECRET
           script: |
             # Define the image string inside the script for safety
             IMAGE="${REGISTRY}/${IMAGE_NAME}:latest"
@@ -87,6 +98,9 @@ jobs:
               -e SPRING_DATASOURCE_URL=jdbc:mysql://mysql:3306/$DB_NAME \
               -e DB_USER="$DB_USER" \
               -e DB_PASSWORD="$DB_PASSWORD" \
+              -e GOOGLE_CLIENT_ID="$GOOGLE_CLIENT_ID" \
+              -e GOOGLE_CLIENT_SECRET="$GOOGLE_CLIENT_SECRET" \
+              -e JWT_SECRET="$JWT_SECRET" \
               $IMAGE
             
             echo "== PRUNE =="

.github/workflows/ci.yml

@@ -7,7 +7,7 @@ on:
     branches: [ "main" ]
 
 jobs:
-  build:
+  lint-and-test:
 
     runs-on: ubuntu-latest
 

.gitignore

@@ -38,3 +38,4 @@ out/
 
 ### Kotlin ###
 .kotlin
+/.env

Dockerfile

@@ -9,4 +9,4 @@ RUN ./gradlew bootJar
 # 5. 포트 노출 (컨테이너가 8080 포트를 사용함을 명시)
 EXPOSE 8080
 # 6. 실행 명령어 (컨테이너 시작 시 실행될 명령어)
-ENTRYPOINT exec java $JAVA_OPTS -jar build/libs/team2-server-0.0.1-SNAPSHOT.jar
+ENTRYPOINT exec java $JAVA_OPTS -jar build/libs/team2-server-0.0.1-SNAPSHOT.jar --spring.profiles.active=prod

README.md

@@ -1,2 +1,25 @@
 # 23-5-team2-server
-와플스튜디오 23.5기 2조 server
+와플스튜디오 23.5기 2조 server
+
+# env
+
+루트 경로에 다음의 `.env` 파일을 작성합니다.
+
+```env
+GOOGLE_CLIENT_ID=YOUR-GOOGLE-CLIENT-ID
+GOOGLE_CLIENT_SECRET=YOUR-GOOGLE-CLIENT-SECRET
+```
+
+| Key Name               | Description              |
+|------------------------|--------------------------|
+| `GOOGLE_CLIENT_ID`     | 구글 OAuth2 Client ID      |
+| `GOOGLE_CLIENT_SECRET` | 구글 OAuth2 Client Secret  |
+
+# Auth
+
+- AUTH-TOKEN 쿠키를 사용합니다.
+
+## Google OAuth2
+
+- `/oauth2/authorization/google` 로 GET 요청을 보내면 구글 로그인 과정이 진행됩니다. 
+- 로그인 성공 / 실패 모두 프론트엔드 루트 경로로 리다이렉트됩니다.

build.gradle.kts

@@ -31,15 +31,21 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-flyway")
     implementation("org.springframework.boot:spring-boot-starter-webmvc")
     implementation("org.springframework.boot:spring-boot-starter-actuator")
+    implementation("org.springframework.boot:spring-boot-starter-security")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
+    implementation("io.github.cdimascio:dotenv-kotlin:6.4.2")
+    implementation("io.jsonwebtoken:jjwt-api:0.11.5")
+    implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
     implementation("com.mysql:mysql-connector-j")
     implementation("org.flywaydb:flyway-mysql")
     implementation("org.jetbrains.kotlin:kotlin-reflect")
-    implementation("tools.jackson.module:jackson-module-kotlin")
     implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.7.0")
     implementation("org.jsoup:jsoup:1.17.2")
     compileOnly("org.projectlombok:lombok")
     developmentOnly("org.springframework.boot:spring-boot-docker-compose")
     runtimeOnly("com.mysql:mysql-connector-j")
+    runtimeOnly("io.jsonwebtoken:jjwt-impl:0.11.5")
+    runtimeOnly("io.jsonwebtoken:jjwt-jackson:0.11.5")
     annotationProcessor("org.projectlombok:lombok")
     testImplementation("org.springframework.boot:spring-boot-starter-data-jdbc-test")
     testImplementation("org.springframework.boot:spring-boot-starter-flyway-test")

src/main/kotlin/com/wafflestudio/team2server/DomainException.kt

@@ -0,0 +1,15 @@
+package com.wafflestudio.team2server
+
+import org.springframework.http.HttpStatus
+import org.springframework.http.HttpStatusCode
+
+open class DomainException(
+    // client 와 약속된 Application Error 에 대한 코드 필요 시 Enum 으로 관리하자.
+    val errorCode: Int,
+    // HTTP Status Code, 비어있다면 500 이다.
+    val httpErrorCode: HttpStatusCode = HttpStatus.INTERNAL_SERVER_ERROR,
+    val msg: String,
+    cause: Throwable? = null,
+) : RuntimeException(msg, cause) {
+    override fun toString(): String = "DomainException(msg='$msg', errorCode=$errorCode, httpErrorCode=$httpErrorCode)"
+}

src/main/kotlin/com/wafflestudio/team2server/GlobalControllerExceptionHandler.kt

@@ -0,0 +1,14 @@
+package com.wafflestudio.team2server
+
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.ControllerAdvice
+import org.springframework.web.bind.annotation.ExceptionHandler
+
+@ControllerAdvice
+class GlobalControllerExceptionHandler {
+    @ExceptionHandler(DomainException::class)
+    fun handle(exception: DomainException): ResponseEntity<Map<String, Any>> =
+        ResponseEntity
+            .status(exception.httpErrorCode)
+            .body(mapOf("error" to exception.msg, "errorCode" to exception.errorCode))
+}

src/main/kotlin/com/wafflestudio/team2server/config/JacksonConfig.kt

@@ -0,0 +1,12 @@
+package com.wafflestudio.team2server.config
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.module.kotlin.registerKotlinModule
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+
+@Configuration
+class JacksonConfig {
+    @Bean
+    fun objectMapper(): ObjectMapper = ObjectMapper().registerKotlinModule()
+}

src/main/kotlin/com/wafflestudio/team2server/config/SecurityConfig.kt

@@ -0,0 +1,40 @@
+package com.wafflestudio.team2server.config
+
+import com.wafflestudio.team2server.user.OAuth2SuccessHandler
+import com.wafflestudio.team2server.user.service.GoogleOAuth2UserService
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.security.web.SecurityFilterChain
+
+@EnableWebSecurity
+@Configuration
+class SecurityConfig(
+    private val googleOAuth2UserService: GoogleOAuth2UserService,
+    private val oAuth2SuccessHandler: OAuth2SuccessHandler,
+    @Value("\${app.frontend.url}") private val frontendUrl: String,
+) {
+    @Bean
+    fun filterChain(http: HttpSecurity): SecurityFilterChain {
+        // it does not use authorizeHttpRequests
+        // requiring authorization is handled at the controller level
+        // when use @LoggedInUser, if there is no authorization, UserArgumentResolver will return 401.
+        http
+            .csrf { it.disable() }
+            .httpBasic { it.disable() }
+            .formLogin { it.disable() }
+            .oauth2Login { oauth2 ->
+                oauth2
+                    .userInfoEndpoint { it.userService(googleOAuth2UserService) }
+                    .successHandler(oAuth2SuccessHandler)
+                    .failureUrl(frontendUrl)
+            }
+        return http.build()
+    }
+
+    @Bean
+    fun bcryptPasswordEncoder(): BCryptPasswordEncoder = BCryptPasswordEncoder()
+}