[🔀 merge] Spring Security 제거 및 커스텀 인증 체계 운영 서버 적용

build.gradle

@@ -27,7 +27,6 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.springframework.boot:spring-boot-starter-aop'
-	implementation 'org.springframework.boot:spring-boot-starter-security'
 	implementation 'org.springframework.boot:spring-boot-starter-actuator'
 
 	// Lombok
@@ -101,4 +100,4 @@ configurations {
 
 tasks.named('test') {
 	useJUnitPlatform()
-}
+}

src/main/java/org/terning/terningserver/auth/api/AuthController.java

@@ -1,18 +1,17 @@
 package org.terning.terningserver.auth.api;
 
 import lombok.RequiredArgsConstructor;
-import lombok.val;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.*;
 import org.terning.terningserver.auth.application.AuthService;
+import org.terning.terningserver.auth.config.Login;
 import org.terning.terningserver.auth.dto.request.FcmTokenSyncRequest;
 import org.terning.terningserver.auth.dto.request.SignInRequest;
-import org.terning.terningserver.auth.dto.request.SignUpFilterRequestDto;
-import org.terning.terningserver.auth.dto.request.SignUpRequestDto;
-import org.terning.terningserver.auth.dto.response.AccessTokenGetResponseDto;
+import org.terning.terningserver.auth.dto.request.SignUpFilterRequest;
+import org.terning.terningserver.auth.dto.request.SignUpRequest;
 import org.terning.terningserver.auth.dto.response.SignInResponse;
-import org.terning.terningserver.auth.dto.response.SignUpResponseDto;
+import org.terning.terningserver.auth.dto.response.SignUpResponse;
+import org.terning.terningserver.auth.dto.response.TokenReissueResponse;
 import org.terning.terningserver.common.exception.dto.SuccessResponse;
 
 import static org.terning.terningserver.auth.common.success.AuthSuccessCode.SUCCESS_SIGN_IN;
@@ -33,48 +32,48 @@ public class AuthController implements AuthSwagger {
 
     @PostMapping("/sign-in")
     public ResponseEntity<SuccessResponse<SignInResponse>> signIn(
-            @RequestHeader("Authorization") String authAccessToken,
+            @RequestHeader("Authorization") String socialAccessToken,
             @RequestBody SignInRequest request
     ) {
-        return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_IN, authService.signIn(authAccessToken, request)));
+        SignInResponse response = authService.signIn(socialAccessToken, request);
+        return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_IN, response));
     }
 
     @PostMapping("/token-reissue")
-    public ResponseEntity<SuccessResponse<AccessTokenGetResponseDto>> reissueToken(
-            @RequestHeader("Authorization") String refreshToken
+    public ResponseEntity<SuccessResponse<TokenReissueResponse>> reissueToken(
+            @RequestHeader("Authorization") String authorizationHeader
     ) {
-        val response = authService.reissueToken(refreshToken);
-
+        TokenReissueResponse response = authService.reissueAccessToken(authorizationHeader);
         return ResponseEntity.ok(SuccessResponse.of(SUCCESS_REISSUE_TOKEN, response));
     }
 
     @PostMapping("/sign-up")
-    public ResponseEntity<SuccessResponse<SignUpResponseDto>> signUp(
+    public ResponseEntity<SuccessResponse<SignUpResponse>> signUp(
             @RequestHeader("Authorization") String authId,
-            @RequestBody SignUpRequestDto request
+            @RequestBody SignUpRequest request
     ) {
-        SignUpResponseDto signUpResponseDto = authService.signUp(authId, request);
-        return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_UP, signUpResponseDto));
+        SignUpResponse signUpResponse = authService.signUp(authId, request);
+        return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_UP, signUpResponse));
     }
 
     @PostMapping("/sign-up/filter")
     public ResponseEntity<SuccessResponse> registerUserFilter(
             @RequestHeader("User-Id") Long userId,
-            @RequestBody SignUpFilterRequestDto request
+            @RequestBody SignUpFilterRequest request
     ) {
-        authService.registerFilterWithUser(userId, request);
+        authService.registerUserFilter(userId, request);
         return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_UP_FILTER));
     }
 
     @PostMapping("/logout")
-    public ResponseEntity<SuccessResponse> signOut(@AuthenticationPrincipal Long userId) {
+    public ResponseEntity<SuccessResponse> signOut(@Login Long userId) {
 
         authService.signOut(userId);
 
         return ResponseEntity.ok(SuccessResponse.of(SUCCESS_SIGN_OUT));
     }
     @DeleteMapping("/withdraw")
-    public ResponseEntity<SuccessResponse> withdraw(@AuthenticationPrincipal Long userId) {
+    public ResponseEntity<SuccessResponse> withdraw(@Login Long userId) {
 
         authService.withdraw(userId);
 
@@ -83,7 +82,7 @@ public ResponseEntity<SuccessResponse> withdraw(@AuthenticationPrincipal Long us
 
     @PostMapping("/sync-user")
     public ResponseEntity<SuccessResponse> syncUser(
-            @AuthenticationPrincipal Long userId,
+            @Login Long userId,
             @RequestBody FcmTokenSyncRequest request
     ) {
         authService.syncUser(userId, request);

src/main/java/org/terning/terningserver/auth/api/AuthSwagger.java

@@ -4,16 +4,16 @@
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
+import org.terning.terningserver.auth.config.Login;
 import org.terning.terningserver.auth.dto.request.FcmTokenSyncRequest;
 import org.terning.terningserver.auth.dto.request.SignInRequest;
-import org.terning.terningserver.auth.dto.request.SignUpFilterRequestDto;
-import org.terning.terningserver.auth.dto.request.SignUpRequestDto;
-import org.terning.terningserver.auth.dto.response.AccessTokenGetResponseDto;
+import org.terning.terningserver.auth.dto.request.SignUpFilterRequest;
+import org.terning.terningserver.auth.dto.request.SignUpRequest;
 import org.terning.terningserver.auth.dto.response.SignInResponse;
-import org.terning.terningserver.auth.dto.response.SignUpResponseDto;
+import org.terning.terningserver.auth.dto.response.SignUpResponse;
+import org.terning.terningserver.auth.dto.response.TokenReissueResponse;
 import org.terning.terningserver.common.exception.dto.SuccessResponse;
 
 @Tag(name = "Auth", description = "소셜 로그인 및 회원가입 API")
@@ -27,7 +27,7 @@ ResponseEntity<SuccessResponse<SignInResponse>> signIn(
     );
 
     @Operation(summary = "토큰 재발급", description = "토큰 재발급 API")
-    ResponseEntity<SuccessResponse<AccessTokenGetResponseDto>> reissueToken(
+    ResponseEntity<SuccessResponse<TokenReissueResponse>> reissueToken(
             @Parameter(name = "Authorization", description = "", example = "refreshToken")
             @RequestHeader("Authorization") String refreshToken
     );
@@ -36,27 +36,27 @@ ResponseEntity<SuccessResponse<AccessTokenGetResponseDto>> reissueToken(
     ResponseEntity<SuccessResponse> registerUserFilter(
             @Parameter(name = "User-Id", description = "", example = "userId")
             @RequestHeader("User-Id") Long userId,
-            @RequestBody SignUpFilterRequestDto request
+            @RequestBody SignUpFilterRequest request
     );
 
     @Operation(summary = "회원가입", description = "회원가입 API")
-    ResponseEntity<SuccessResponse<SignUpResponseDto>> signUp(
+    ResponseEntity<SuccessResponse<SignUpResponse>> signUp(
             @Parameter(name = "Authorization", description = "", example = "authId")
             @RequestHeader("authId") String authId,
-            @RequestBody SignUpRequestDto request
+            @RequestBody SignUpRequest request
     );
 
     @Operation(summary = "로그아웃", description = "로그아웃 API")
     ResponseEntity<SuccessResponse> signOut(
-            @AuthenticationPrincipal Long userId);
+            @Parameter(hidden = true) @Login Long userId);
 
     @Operation(summary = "계정탈퇴", description = "계정탈퇴 API")
     ResponseEntity<SuccessResponse> withdraw(
-            @AuthenticationPrincipal Long userId);
+            @Parameter(hidden = true) @Login Long userId);
 
     @Operation(summary = "유저동기화", description = "유저동기화 API")
     ResponseEntity<SuccessResponse> syncUser(
-            @AuthenticationPrincipal Long userId,
+            @Parameter(hidden = true) @Login Long userId,
             @RequestBody FcmTokenSyncRequest request
     );
 }

src/main/java/org/terning/terningserver/auth/application/AuthService.java

@@ -1,69 +1,132 @@
 package org.terning.terningserver.auth.application;
 
 import lombok.RequiredArgsConstructor;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
-import org.terning.terningserver.auth.application.reissue.AuthReissueService;
-import org.terning.terningserver.auth.application.signin.AuthSignInService;
-import org.terning.terningserver.auth.application.signout.AuthSignOutService;
-import org.terning.terningserver.auth.application.signup.AuthSignUpService;
-import org.terning.terningserver.auth.application.syncUser.AuthSyncUserService;
-import org.terning.terningserver.auth.application.withdraw.AuthWithdrawService;
+import org.terning.terningserver.auth.application.social.SocialAuthProvider;
+import org.terning.terningserver.auth.application.social.SocialAuthServiceManager;
+import org.terning.terningserver.auth.common.exception.AuthErrorCode;
+import org.terning.terningserver.auth.common.exception.AuthException;
+import org.terning.terningserver.auth.dto.Token;
 import org.terning.terningserver.auth.dto.request.FcmTokenSyncRequest;
 import org.terning.terningserver.auth.dto.request.SignInRequest;
-import org.terning.terningserver.auth.dto.request.SignUpFilterRequestDto;
-import org.terning.terningserver.auth.dto.request.SignUpRequestDto;
-import org.terning.terningserver.auth.dto.response.AccessTokenGetResponseDto;
+import org.terning.terningserver.auth.dto.request.SignUpFilterRequest;
+import org.terning.terningserver.auth.dto.request.SignUpRequest;
 import org.terning.terningserver.auth.dto.response.SignInResponse;
-import org.terning.terningserver.auth.dto.response.SignUpResponseDto;
+import org.terning.terningserver.auth.dto.response.SignUpResponse;
+import org.terning.terningserver.auth.dto.response.TokenReissueResponse;
+import org.terning.terningserver.auth.jwt.JwtProvider;
+import org.terning.terningserver.auth.jwt.exception.JwtErrorCode;
+import org.terning.terningserver.auth.jwt.exception.JwtException;
+import org.terning.terningserver.external.pushNotification.notification.NotificationUserClient;
+import org.terning.terningserver.filter.domain.Filter;
+import org.terning.terningserver.filter.repository.FilterRepository;
+import org.terning.terningserver.user.application.UserService;
+import org.terning.terningserver.user.domain.User;
+import org.terning.terningserver.user.event.UserSignedUpEvent;
+import org.terning.terningserver.user.repository.UserRepository;
 
 @Service
 @RequiredArgsConstructor
 @Transactional(readOnly = true)
 public class AuthService {
 
-    private final AuthSignInService authSignInService;
-    private final AuthSignUpService authSignUpService;
-    private final AuthSignOutService authSignOutService;
-    private final AuthWithdrawService authWithdrawService;
-    private final AuthReissueService authReissueService;
-    private final AuthSyncUserService authSyncUserService;
+    private final UserService userService;
+    private final UserRepository userRepository;
+    private final JwtProvider jwtProvider;
+    private final SocialAuthServiceManager socialAuthServiceManager;
+    private final ApplicationEventPublisher eventPublisher;
+    private final NotificationUserClient notificationUserClient;
+    private final FilterRepository filterRepository;
 
     @Transactional
-    public SignInResponse signIn(String authAccessToken, SignInRequest request) {
-        SignInResponse signInResponse = authSignInService.signIn(authAccessToken, request);
-        return signInResponse;
+    public SignInResponse signIn(String socialAccessToken, SignInRequest request) {
+        SocialAuthProvider provider = socialAuthServiceManager.getAuthService(request.authType());
+        String authId = provider.getAuthId(socialAccessToken);
+
+        User user = userRepository.findByAuthIdAndAuthType(authId, request.authType())
+                .orElse(null);
+
+        if (user == null) {
+            return SignInResponse.ofNewUser(authId, request.authType());
+        }
+
+        Token token = jwtProvider.generateTokens(user.getId());
+        user.updateRefreshToken(token.refreshToken());
+        userRepository.save(user);
+
+        return SignInResponse.ofExistingUser(token, authId, request.authType(), user.getId());
     }
 
     @Transactional
-    public SignUpResponseDto signUp(String authId, SignUpRequestDto request) {
-        SignUpResponseDto signUpResponseDto = authSignUpService.signUp(authId, request);
-        return signUpResponseDto;
+    public SignUpResponse signUp(String authId, SignUpRequest request) {
+        if (userRepository.existsByAuthIdAndAuthType(authId, request.authType())) {
+            throw new AuthException(AuthErrorCode.USER_ALREADY_EXIST);
+        }
+
+        User userToSave = User.from(authId, request);
+        userRepository.save(userToSave);
+
+        Token token = jwtProvider.generateTokens(userToSave.getId());
+        userToSave.updateRefreshToken(token.refreshToken());
+
+        eventPublisher.publishEvent(UserSignedUpEvent.of(userToSave, request.fcmToken()));
+
+        notificationUserClient.createUserOnNotificationServer(
+                userToSave.getId(),
+                userToSave.getName(),
+                userToSave.getAuthType(),
+                request.fcmToken()
+        );
+
+        return SignUpResponse.of(token, userToSave);
     }
 
     @Transactional
-    public void registerFilterWithUser(Long userId, SignUpFilterRequestDto request) {
-        authSignUpService.registerFilterWithUser(userId, request);
+    public void registerUserFilter(Long userId, SignUpFilterRequest request) {
+        User user = userRepository.findById(userId)
+                .orElseThrow(() -> new AuthException(AuthErrorCode.USER_NOT_FOUND));
+
+        Filter newFilter = Filter.from(request);
+        filterRepository.save(newFilter);
+
+        user.assignFilter(newFilter);
     }
 
     @Transactional
     public void signOut(long userId) {
-        authSignOutService.signOut(userId);
+        User user = userRepository.findById(userId).orElseThrow(() -> new AuthException(AuthErrorCode.USER_NOT_FOUND));
+        user.resetRefreshToken();
     }
 
     @Transactional
     public void withdraw(long userId) {
-        authWithdrawService.withdraw(userId);
+        User user = userRepository.findById(userId).orElseThrow(() -> new AuthException(AuthErrorCode.USER_NOT_FOUND));
+        userService.deleteUser(user);
     }
 
     @Transactional
-    public AccessTokenGetResponseDto reissueToken(String refreshToken) {
-        AccessTokenGetResponseDto accessTokenGetResponseDto = authReissueService.reissueToken(refreshToken);
-        return accessTokenGetResponseDto;
+    public TokenReissueResponse reissueAccessToken(String authorizationHeader) {
+        Long userId = jwtProvider.getUserIdFrom(authorizationHeader);
+
+        User user = userRepository.findById(userId)
+                .orElseThrow(() -> new JwtException(JwtErrorCode.INVALID_TOKEN));
+
+        String providedToken = jwtProvider.resolveToken(authorizationHeader);
+        user.validateRefreshToken(providedToken);
+
+        Token accessToken = jwtProvider.generateAccessToken(userId);
+
+
+        return new TokenReissueResponse(accessToken.accessToken());
     }
 
     @Transactional
     public void syncUser(long userId, FcmTokenSyncRequest request) {
-        authSyncUserService.syncUser(userId, request);
+        User user = userRepository.findById(userId)
+                .orElseThrow(() -> new AuthException(AuthErrorCode.USER_NOT_FOUND));
+
+        notificationUserClient.createOrUpdateUser(user, request.fcmToken());
     }
 }