Merge branch 'develop'

src/main/java/io/oeid/mogakgo/common/swagger/template/AuthSwagger.java

@@ -3,7 +3,7 @@
 import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 
 import io.oeid.mogakgo.core.properties.swagger.error.SwaggerAuthErrorExamples;
-import io.oeid.mogakgo.domain.auth.presentation.dto.res.AuthAccessTokenApiResponse;
+import io.oeid.mogakgo.domain.auth.presentation.dto.res.AuthTokenApiResponse;
 import io.oeid.mogakgo.exception.dto.ErrorResponse;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
@@ -23,29 +23,29 @@ public interface AuthSwagger {
     @Operation(summary = "토큰 재발급", description = "Access Token을 재발급 받을 때 사용하는 API")
     @ApiResponses(value = {
         @ApiResponse(responseCode = "200", description = "토큰 재발급 성공",
-            content = @Content(schema = @Schema(implementation = AuthAccessTokenApiResponse.class))),
+            content = @Content(schema = @Schema(implementation = AuthTokenApiResponse.class))),
         @ApiResponse(responseCode = "401", description = "재발급 토큰 인증정보가 유효하지 않음",
             content = @Content(
                 mediaType = APPLICATION_JSON_VALUE,
                 schema = @Schema(implementation = ErrorResponse.class),
                 examples = @ExampleObject(name = "E010201", value = SwaggerAuthErrorExamples.AUTH_MISSING_CREDENTIALS)))
     })
-    ResponseEntity<AuthAccessTokenApiResponse> reissue(
+    ResponseEntity<AuthTokenApiResponse> reissue(
         @Parameter(in = ParameterIn.HEADER, hidden = true) String accessToken,
         @Parameter(in = ParameterIn.COOKIE, required = true) String refreshToken);
 
     @Operation(summary = "Github 로그인", description = "Github 로그인을 위한 API")
     @ApiResponses(
         value = {
             @ApiResponse(responseCode = "200", description = "로그인 성공",
-                content = @Content(schema = @Schema(implementation = AuthAccessTokenApiResponse.class))),
+                content = @Content(schema = @Schema(implementation = AuthTokenApiResponse.class))),
             @ApiResponse(responseCode = "401", description = "로그인 실패",
                 content = @Content(
                     mediaType = APPLICATION_JSON_VALUE,
                     schema = @Schema(implementation = ErrorResponse.class),
                     examples = @ExampleObject(name = "E010201", value = SwaggerAuthErrorExamples.AUTH_MISSING_CREDENTIALS)))
         }
     )
-    ResponseEntity<AuthAccessTokenApiResponse> login(
+    ResponseEntity<AuthTokenApiResponse> login(
         @Parameter(in = ParameterIn.QUERY) String code);
 }

src/main/java/io/oeid/mogakgo/core/configuration/SecurityConfig.java

@@ -55,16 +55,10 @@ SecurityFilterChain filterChainApi(HttpSecurity http) throws Exception {
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(List.of(
-            "http://localhost:8080",
-            "http://3.38.76.76:8080",
-            "https://mogak-go.shop",
-            "https://mogak-go.shop:443"
-        ));
+        configuration.setAllowedOrigins(List.of("*"));
         configuration.setAllowedMethods(
             Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
         configuration.setAllowedHeaders(List.of("*"));
-        configuration.setAllowCredentials(true);
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);
         return source;

src/main/java/io/oeid/mogakgo/domain/auth/presentation/AuthController.java

@@ -1,13 +1,11 @@
 package io.oeid.mogakgo.domain.auth.presentation;
 
 import static org.springframework.http.HttpHeaders.AUTHORIZATION;
-import static org.springframework.http.HttpHeaders.SET_COOKIE;
 
 import io.oeid.mogakgo.common.swagger.template.AuthSwagger;
 import io.oeid.mogakgo.domain.auth.application.AuthService;
-import io.oeid.mogakgo.domain.auth.presentation.dto.res.AuthAccessTokenApiResponse;
+import io.oeid.mogakgo.domain.auth.presentation.dto.res.AuthTokenApiResponse;
 import lombok.RequiredArgsConstructor;
-import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -24,33 +22,19 @@ public class AuthController implements AuthSwagger {
     private final AuthService authService;
 
     @PostMapping("/reissue")
-    public ResponseEntity<AuthAccessTokenApiResponse> reissue(
+    public ResponseEntity<AuthTokenApiResponse> reissue(
         @RequestHeader(AUTHORIZATION) String accessToken,
         @CookieValue(value = "refreshToken") String refreshToken) {
         var accessTokenDto = authService.reissue(accessToken, refreshToken);
         return ResponseEntity.ok(
-            AuthAccessTokenApiResponse.of(accessTokenDto.getAccessToken(), null));
+            AuthTokenApiResponse.of(accessTokenDto.getAccessToken(), null, null));
     }
 
     @PostMapping("/login")
-    public ResponseEntity<AuthAccessTokenApiResponse> login(@RequestParam String code) {
+    public ResponseEntity<AuthTokenApiResponse> login(@RequestParam String code) {
         var response = authService.loginViaGithubCode(code);
-        ResponseCookie responseCookie = generateCookieHeader(response.getRefreshToken(),
-            response.getRefreshTokenExpirySeconds());
-        return ResponseEntity.ok()
-            .header(SET_COOKIE, responseCookie.toString())
-            .body(AuthAccessTokenApiResponse.of(response.getAccessToken(),
-                response.getSignUpCompleteYn()));
+        return ResponseEntity.ok(
+            AuthTokenApiResponse.of(response.getAccessToken(), response.getRefreshToken(), response.getSignUpCompleteYn()));
     }
 
-    private ResponseCookie generateCookieHeader(String refreshToken,
-        int refreshTokenExpirySeconds) {
-        return ResponseCookie.from("refreshToken", refreshToken)
-            .maxAge(refreshTokenExpirySeconds)
-            .httpOnly(true)
-            .path("/")
-            .sameSite("None")
-            .secure(true)
-            .build();
-    }
 }

src/main/java/io/oeid/mogakgo/domain/auth/presentation/dto/res/AuthTokenApiResponse.java

@@ -0,0 +1,28 @@
+package io.oeid.mogakgo.domain.auth.presentation.dto.res;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Getter;
+
+@Schema(description = "Access Token 재발급 응답")
+@Getter
+public class AuthTokenApiResponse {
+
+    @Schema(description = "Access Token", example = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNb0dha0dvIiwiaWF0IjoxNzA4MjE5NDA3LCJleHAiOjE3NDQyMTk0MDcsInVzZXJJZCI6Miwicm9sZXMiOlsiUk9MRV9VU0VSIl19.vu_Oq5dX3cMYAOwFIk_BvqkEGrkk0Reth2FBde7pcKw")
+    private final String accessToken;
+    @Schema(description = "Refresh Token", example = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNb0dha0dvIiwiaWF0IjoxNzA4MjE5NDA3LCJleHAiOjE3NDQyMTk0MDcsInVzZXJJZCI6Miwicm9sZXMiOlsiUk9MRV9VU0VSIl19.vu_Oq5dX3cMYAOwFIk_BvqkEGrkk0Reth2FBde7pcKw")
+    private final String refreshToken;
+    @Schema(description = "회원가입 완료 여부", example = "true", nullable = true)
+    private final Boolean signUpComplete;
+
+    private AuthTokenApiResponse(String accessToken, String refreshToken,
+        Boolean signUpComplete) {
+        this.accessToken = accessToken;
+        this.refreshToken = refreshToken;
+        this.signUpComplete = signUpComplete;
+    }
+
+    public static AuthTokenApiResponse of(String accessToken, String refreshToken,
+        Boolean signUpComplete) {
+        return new AuthTokenApiResponse(accessToken, refreshToken, signUpComplete);
+    }
+}