diff --git a/src/main/java/io/oeid/mogakgo/common/swagger/template/AuthSwagger.java b/src/main/java/io/oeid/mogakgo/common/swagger/template/AuthSwagger.java index 70c7eade..efede638 100644 --- a/src/main/java/io/oeid/mogakgo/common/swagger/template/AuthSwagger.java +++ b/src/main/java/io/oeid/mogakgo/common/swagger/template/AuthSwagger.java @@ -3,7 +3,7 @@ import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; import io.oeid.mogakgo.core.properties.swagger.error.SwaggerAuthErrorExamples; -import io.oeid.mogakgo.domain.auth.presentation.dto.res.AuthAccessTokenApiResponse; +import io.oeid.mogakgo.domain.auth.presentation.dto.res.AuthTokenApiResponse; import io.oeid.mogakgo.exception.dto.ErrorResponse; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; @@ -23,14 +23,14 @@ public interface AuthSwagger { @Operation(summary = "토큰 재발급", description = "Access Token을 재발급 받을 때 사용하는 API") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "토큰 재발급 성공", - content = @Content(schema = @Schema(implementation = AuthAccessTokenApiResponse.class))), + content = @Content(schema = @Schema(implementation = AuthTokenApiResponse.class))), @ApiResponse(responseCode = "401", description = "재발급 토큰 인증정보가 유효하지 않음", content = @Content( mediaType = APPLICATION_JSON_VALUE, schema = @Schema(implementation = ErrorResponse.class), examples = @ExampleObject(name = "E010201", value = SwaggerAuthErrorExamples.AUTH_MISSING_CREDENTIALS))) }) - ResponseEntity reissue( + ResponseEntity reissue( @Parameter(in = ParameterIn.HEADER, hidden = true) String accessToken, @Parameter(in = ParameterIn.COOKIE, required = true) String refreshToken); @@ -38,7 +38,7 @@ ResponseEntity reissue( @ApiResponses( value = { @ApiResponse(responseCode = "200", description = "로그인 성공", - content = @Content(schema = @Schema(implementation = AuthAccessTokenApiResponse.class))), + content = @Content(schema = @Schema(implementation = AuthTokenApiResponse.class))), @ApiResponse(responseCode = "401", description = "로그인 실패", content = @Content( mediaType = APPLICATION_JSON_VALUE, @@ -46,6 +46,6 @@ ResponseEntity reissue( examples = @ExampleObject(name = "E010201", value = SwaggerAuthErrorExamples.AUTH_MISSING_CREDENTIALS))) } ) - ResponseEntity login( + ResponseEntity login( @Parameter(in = ParameterIn.QUERY) String code); } diff --git a/src/main/java/io/oeid/mogakgo/core/configuration/SecurityConfig.java b/src/main/java/io/oeid/mogakgo/core/configuration/SecurityConfig.java index 8a263e8c..39f5bb5f 100644 --- a/src/main/java/io/oeid/mogakgo/core/configuration/SecurityConfig.java +++ b/src/main/java/io/oeid/mogakgo/core/configuration/SecurityConfig.java @@ -55,16 +55,10 @@ SecurityFilterChain filterChainApi(HttpSecurity http) throws Exception { @Bean public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); - configuration.setAllowedOrigins(List.of( - "http://localhost:8080", - "http://3.38.76.76:8080", - "https://mogak-go.shop", - "https://mogak-go.shop:443" - )); + configuration.setAllowedOrigins(List.of("*")); configuration.setAllowedMethods( Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS")); configuration.setAllowedHeaders(List.of("*")); - configuration.setAllowCredentials(true); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; diff --git a/src/main/java/io/oeid/mogakgo/domain/auth/presentation/AuthController.java b/src/main/java/io/oeid/mogakgo/domain/auth/presentation/AuthController.java index b1aa8623..8c706f26 100644 --- a/src/main/java/io/oeid/mogakgo/domain/auth/presentation/AuthController.java +++ b/src/main/java/io/oeid/mogakgo/domain/auth/presentation/AuthController.java @@ -1,13 +1,11 @@ package io.oeid.mogakgo.domain.auth.presentation; import static org.springframework.http.HttpHeaders.AUTHORIZATION; -import static org.springframework.http.HttpHeaders.SET_COOKIE; import io.oeid.mogakgo.common.swagger.template.AuthSwagger; import io.oeid.mogakgo.domain.auth.application.AuthService; -import io.oeid.mogakgo.domain.auth.presentation.dto.res.AuthAccessTokenApiResponse; +import io.oeid.mogakgo.domain.auth.presentation.dto.res.AuthTokenApiResponse; import lombok.RequiredArgsConstructor; -import org.springframework.http.ResponseCookie; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.bind.annotation.PostMapping; @@ -24,33 +22,19 @@ public class AuthController implements AuthSwagger { private final AuthService authService; @PostMapping("/reissue") - public ResponseEntity reissue( + public ResponseEntity reissue( @RequestHeader(AUTHORIZATION) String accessToken, @CookieValue(value = "refreshToken") String refreshToken) { var accessTokenDto = authService.reissue(accessToken, refreshToken); return ResponseEntity.ok( - AuthAccessTokenApiResponse.of(accessTokenDto.getAccessToken(), null)); + AuthTokenApiResponse.of(accessTokenDto.getAccessToken(), null, null)); } @PostMapping("/login") - public ResponseEntity login(@RequestParam String code) { + public ResponseEntity login(@RequestParam String code) { var response = authService.loginViaGithubCode(code); - ResponseCookie responseCookie = generateCookieHeader(response.getRefreshToken(), - response.getRefreshTokenExpirySeconds()); - return ResponseEntity.ok() - .header(SET_COOKIE, responseCookie.toString()) - .body(AuthAccessTokenApiResponse.of(response.getAccessToken(), - response.getSignUpCompleteYn())); + return ResponseEntity.ok( + AuthTokenApiResponse.of(response.getAccessToken(), response.getRefreshToken(), response.getSignUpCompleteYn())); } - private ResponseCookie generateCookieHeader(String refreshToken, - int refreshTokenExpirySeconds) { - return ResponseCookie.from("refreshToken", refreshToken) - .maxAge(refreshTokenExpirySeconds) - .httpOnly(true) - .path("/") - .sameSite("None") - .secure(true) - .build(); - } } diff --git a/src/main/java/io/oeid/mogakgo/domain/auth/presentation/dto/res/AuthAccessTokenApiResponse.java b/src/main/java/io/oeid/mogakgo/domain/auth/presentation/dto/res/AuthAccessTokenApiResponse.java deleted file mode 100644 index ba7bb5d6..00000000 --- a/src/main/java/io/oeid/mogakgo/domain/auth/presentation/dto/res/AuthAccessTokenApiResponse.java +++ /dev/null @@ -1,23 +0,0 @@ -package io.oeid.mogakgo.domain.auth.presentation.dto.res; - -import io.swagger.v3.oas.annotations.media.Schema; -import lombok.Getter; - -@Schema(description = "Access Token 재발급 응답") -@Getter -public class AuthAccessTokenApiResponse { - - @Schema(description = "Access Token", example="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNb0dha0dvIiwiaWF0IjoxNzA4MjE5NDA3LCJleHAiOjE3NDQyMTk0MDcsInVzZXJJZCI6Miwicm9sZXMiOlsiUk9MRV9VU0VSIl19.vu_Oq5dX3cMYAOwFIk_BvqkEGrkk0Reth2FBde7pcKw") - private final String accessToken; - @Schema(description = "회원가입 완료 여부", example="true", nullable = true) - private final Boolean signUpComplete; - - private AuthAccessTokenApiResponse(String accessToken, Boolean signUpComplete) { - this.accessToken = accessToken; - this.signUpComplete = signUpComplete; - } - - public static AuthAccessTokenApiResponse of(String accessToken, Boolean signUpComplete) { - return new AuthAccessTokenApiResponse(accessToken, signUpComplete); - } -} diff --git a/src/main/java/io/oeid/mogakgo/domain/auth/presentation/dto/res/AuthTokenApiResponse.java b/src/main/java/io/oeid/mogakgo/domain/auth/presentation/dto/res/AuthTokenApiResponse.java new file mode 100644 index 00000000..1355b81b --- /dev/null +++ b/src/main/java/io/oeid/mogakgo/domain/auth/presentation/dto/res/AuthTokenApiResponse.java @@ -0,0 +1,28 @@ +package io.oeid.mogakgo.domain.auth.presentation.dto.res; + +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Getter; + +@Schema(description = "Access Token 재발급 응답") +@Getter +public class AuthTokenApiResponse { + + @Schema(description = "Access Token", example = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNb0dha0dvIiwiaWF0IjoxNzA4MjE5NDA3LCJleHAiOjE3NDQyMTk0MDcsInVzZXJJZCI6Miwicm9sZXMiOlsiUk9MRV9VU0VSIl19.vu_Oq5dX3cMYAOwFIk_BvqkEGrkk0Reth2FBde7pcKw") + private final String accessToken; + @Schema(description = "Refresh Token", example = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJNb0dha0dvIiwiaWF0IjoxNzA4MjE5NDA3LCJleHAiOjE3NDQyMTk0MDcsInVzZXJJZCI6Miwicm9sZXMiOlsiUk9MRV9VU0VSIl19.vu_Oq5dX3cMYAOwFIk_BvqkEGrkk0Reth2FBde7pcKw") + private final String refreshToken; + @Schema(description = "회원가입 완료 여부", example = "true", nullable = true) + private final Boolean signUpComplete; + + private AuthTokenApiResponse(String accessToken, String refreshToken, + Boolean signUpComplete) { + this.accessToken = accessToken; + this.refreshToken = refreshToken; + this.signUpComplete = signUpComplete; + } + + public static AuthTokenApiResponse of(String accessToken, String refreshToken, + Boolean signUpComplete) { + return new AuthTokenApiResponse(accessToken, refreshToken, signUpComplete); + } +}