From eb68ed3554a15c35827a2a8eba9d1343b4fdce81 Mon Sep 17 00:00:00 2001 From: hoon7566 Date: Wed, 2 Mar 2022 13:55:44 +0900 Subject: [PATCH] =?UTF-8?q?feat(user-service):=20Oauth=20=EC=82=AC?= =?UTF-8?q?=EC=9A=A9=EC=9E=90=20JWT?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Oauth google, naver로그인시 Refresh token을 cookie에 저장 --- customer-vue/vue.config.js | 5 ++- .../domain/jwt/service/OAuthService.java | 39 ++++++++++++------- .../global/security/SecurityConfig.java | 6 ++- 3 files changed, 34 insertions(+), 16 deletions(-) diff --git a/customer-vue/vue.config.js b/customer-vue/vue.config.js index 5b768af..d385ceb 100644 --- a/customer-vue/vue.config.js +++ b/customer-vue/vue.config.js @@ -1,3 +1,6 @@ module.exports = { - transpileDependencies: true + transpileDependencies: true, + devServer: { + allowedHosts: 'all', + }, } diff --git a/user-service/src/main/java/com/justpickup/userservice/domain/jwt/service/OAuthService.java b/user-service/src/main/java/com/justpickup/userservice/domain/jwt/service/OAuthService.java index e0bf2bb..8fad368 100644 --- a/user-service/src/main/java/com/justpickup/userservice/domain/jwt/service/OAuthService.java +++ b/user-service/src/main/java/com/justpickup/userservice/domain/jwt/service/OAuthService.java @@ -1,15 +1,17 @@ package com.justpickup.userservice.domain.jwt.service; -import com.justpickup.userservice.domain.user.dto.CustomerDto; +import com.fasterxml.jackson.databind.ObjectMapper; import com.justpickup.userservice.domain.user.dto.OAuthAttributeDto; import com.justpickup.userservice.domain.user.entity.Customer; import com.justpickup.userservice.domain.user.repository.CustomerRepository; -import com.justpickup.userservice.domain.user.repository.UserRepository; -import com.justpickup.userservice.domain.user.service.UserService; import com.justpickup.userservice.domain.user.service.UserServiceImpl; +import com.justpickup.userservice.global.dto.Result; +import com.justpickup.userservice.global.utils.CookieProvider; import com.justpickup.userservice.global.utils.JwtTokenProvider; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.http.ResponseCookie; +import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService; import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; @@ -20,12 +22,19 @@ import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.text.SimpleDateFormat; import java.util.Collection; +import java.util.Date; import java.util.List; +import java.util.Map; import java.util.stream.Collectors; +import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE; + @Slf4j @RequiredArgsConstructor @Service @@ -37,6 +46,7 @@ public class OAuthService implements OAuth2UserService authorities = userServiceImpl.loadUserByUsername(userEmail).getAuthorities(); - List roles = authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()); - String accessToken = jwtTokenProvider.createJwtAccessToken(userEmail, request.getRequestURI(), roles); + List roles = authorities + .stream() + .map(GrantedAuthority::getAuthority) + .collect(Collectors.toList()); + + Long customerId = customer.getId(); + String refreshToken = jwtTokenProvider.createJwtRefreshToken(); - refreshTokenService.updateRefreshToken(customer.getId(), jwtTokenProvider.getRefreshTokenId(refreshToken)); + refreshTokenService.updateRefreshToken(customerId, jwtTokenProvider.getRefreshTokenId(refreshToken)); - response.setHeader("Access-token",accessToken); - response.setHeader("refresh-token",refreshToken); + // 쿠키 설정 + ResponseCookie refreshTokenCookie = cookieProvider.createRefreshTokenCookie(refreshToken); + Cookie cookie = cookieProvider.of(refreshTokenCookie); + response.setContentType(APPLICATION_JSON_VALUE); + response.addCookie(cookie); return new DefaultOAuth2User( authorities diff --git a/user-service/src/main/java/com/justpickup/userservice/global/security/SecurityConfig.java b/user-service/src/main/java/com/justpickup/userservice/global/security/SecurityConfig.java index e0da657..0e01c59 100644 --- a/user-service/src/main/java/com/justpickup/userservice/global/security/SecurityConfig.java +++ b/user-service/src/main/java/com/justpickup/userservice/global/security/SecurityConfig.java @@ -52,9 +52,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .deleteCookies("refresh-token"); http.oauth2Login() - .defaultSuccessUrl("http://just-pickup.com:8000/customer-frontend-service/") + .defaultSuccessUrl("http://just-pickup.com:8080/") .userInfoEndpoint() - .userService(oAuthService); + .userService(oAuthService) + .and() + .failureUrl("http://just-pickup.com:8080/login"); http.addFilter(loginAuthenticationFilter); // http.addFilterBefore(new HeaderAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class);