feat: 인증 구현

.gitignore

@@ -38,3 +38,4 @@ out/
 
 ### Kotlin ###
 .kotlin
+/infra/infra-security/src/main/resources/application-security.yml

build.gradle.kts

@@ -53,4 +53,6 @@ subprojects {
             useJUnitPlatform()
         }
     }
+
+    tasks.register("prepareKotlinBuildScriptModel"){}
 }

data/src/main/kotlin/com/kw/data/domain/member/Member.kt

@@ -5,17 +5,14 @@ import jakarta.persistence.*
 import java.time.LocalDateTime
 
 @Entity
-class Member(username: String, nickname: String, email: String) : Base() {
+class Member(email: String) : Base() {
     @Id
     @Column(name = "id", nullable = false, updatable = false)
+    @GeneratedValue(strategy =  GenerationType.IDENTITY)
     val id: Long? = null
 
-    @Column(name = "username", nullable = false)
-    val username: String = username
-
-    @Column(name = "nickname", nullable = false)
-    var nickname: String = nickname
-        protected set
+    @Column(name = "nickname")
+    var nickname: String? = null
 
     @Column(name = "email", nullable = false, updatable = false)
     val email: String = email
@@ -32,6 +29,13 @@ class Member(username: String, nickname: String, email: String) : Base() {
     var deletedAt: LocalDateTime? = null
         protected set
 
+    var memberRoles : MutableList<MemberRoleType> = mutableListOf(MemberRoleType.ROLE_USER)
+
+    enum class MemberRoleType {
+        ROLE_USER,
+        ROLE_ADMIN
+    }
+
     enum class Provider {
         GOOGLE,
     }

data/src/main/kotlin/com/kw/data/domain/member/repository/MemberRepository.kt

@@ -0,0 +1,8 @@
+package com.kw.data.domain.member.repository
+
+import com.kw.data.domain.member.Member
+import org.springframework.data.jpa.repository.JpaRepository
+
+interface MemberRepository : JpaRepository<Member, Long> {
+    fun findMemberByEmail(email : String) : Member?
+}

docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+
+services:
+  redis:
+    image: redis:latest
+    ports:
+      - "6379:6379"

infra/infra-redis/build.gradle.kts

@@ -0,0 +1,13 @@
+import org.springframework.boot.gradle.tasks.bundling.BootJar
+
+val jar: Jar by tasks
+val bootJar: BootJar by tasks
+
+// 실행가능한 jar로 생성하는 옵션, main이 없는 라이브러리에서는 false로 비활성화함
+bootJar.enabled = false
+// 외부에서 의존하기 위한 jar로 생성하는 옵션, main이 없는 라이브러리에서는 true로 비활성화함
+jar.enabled = true
+
+dependencies {
+    implementation("org.springframework.boot:spring-boot-starter-data-redis")
+}

infra/infra-redis/gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists

infra/infra-redis/src/main/kotlin/com/kw/infraredis/config/RedisConfig.kt

@@ -0,0 +1,34 @@
+package com.kw.infraredis.config
+
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.data.redis.connection.RedisConnectionFactory
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory
+import org.springframework.data.redis.core.RedisTemplate
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer
+import org.springframework.data.redis.serializer.StringRedisSerializer
+
+
+@Configuration
+class RedisConfig(@Value("\${spring.data.redis.host}")
+                  val host: String,
+
+                  @Value("\${spring.data.redis.port}")
+                  val port: Int) {
+
+    @Bean
+    fun redisConnectionFactory(): RedisConnectionFactory {
+        return LettuceConnectionFactory(host, port)
+    }
+
+    @Bean
+    fun redisTemplate(connectionFactory: RedisConnectionFactory?): RedisTemplate<String, Any> {
+        val redisTemplate = RedisTemplate<String, Any>()
+        redisTemplate.keySerializer = StringRedisSerializer()
+        redisTemplate.valueSerializer = GenericJackson2JsonRedisSerializer()
+        redisTemplate.connectionFactory = connectionFactory
+        return redisTemplate
+    }
+}
+

infra/infra-redis/src/main/kotlin/com/kw/infraredis/repository/RedisRefreshTokenRepository.kt

@@ -0,0 +1,30 @@
+package com.kw.infraredis.repository
+
+import org.springframework.data.redis.core.RedisTemplate
+import org.springframework.data.redis.core.ValueOperations
+import org.springframework.stereotype.Repository
+import java.util.concurrent.TimeUnit
+
+
+@Repository
+class RedisRefreshTokenRepository(val redisTemplate: RedisTemplate<String, Any>) {
+    fun save(refreshToken: String, memberId: Long) {
+        val valueOperations: ValueOperations<String, Any> = redisTemplate.opsForValue()
+        valueOperations[refreshToken] = memberId
+        redisTemplate.expire(refreshToken, REFRESH_TOKEN_EXPIRE_LONG, TimeUnit.SECONDS)
+    }
+
+    fun delete(refreshToken: String) {
+        redisTemplate.delete(refreshToken)
+    }
+
+    fun findByRefreshToken(refreshToken: String?): Long? {
+        val valueOperations: ValueOperations<String, Long> = redisTemplate.opsForValue() as ValueOperations<String, Long>
+        return valueOperations[refreshToken!!]
+    }
+
+    companion object {
+        private const val REFRESH_TOKEN_EXPIRE_LONG = 259200L
+    }
+}
+

infra/infra-redis/src/main/resources/application-redis.yml

@@ -0,0 +1,5 @@
+spring:
+  data:
+    redis:
+      port: 6379
+      host: localhost

infra/infra-security/build.gradle.kts

@@ -0,0 +1,28 @@
+import org.springframework.boot.gradle.tasks.bundling.BootJar
+
+val jar: Jar by tasks
+val bootJar: BootJar by tasks
+
+// 실행가능한 jar로 생성하는 옵션, main이 없는 라이브러리에서는 false로 비활성화함
+bootJar.enabled = false
+// 외부에서 의존하기 위한 jar로 생성하는 옵션, main이 없는 라이브러리에서는 true로 비활성화함
+jar.enabled = true
+
+dependencies {
+    implementation(project(":data"))
+    implementation(project(":infra:infra-redis"))
+
+    implementation("org.springframework.boot:spring-boot-starter-web")
+
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+
+    // security
+    implementation("org.springframework.boot:spring-boot-starter-security")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
+    implementation("io.jsonwebtoken:jjwt-api:0.12.3")
+    implementation("io.jsonwebtoken:jjwt-impl:0.12.3")
+    implementation("io.jsonwebtoken:jjwt-jackson:0.12.3")
+
+    // redis
+    implementation("org.springframework.boot:spring-boot-starter-data-redis")
+}

infra/infra-security/gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists

infra/infra-security/src/main/kotlin/com/kw/infrasecurity/config/SecurityModuleConfig.kt

@@ -0,0 +1,13 @@
+package com.kw.infrasecurity.config
+
+import org.springframework.context.annotation.ComponentScan
+import org.springframework.context.annotation.Configuration
+import org.springframework.data.redis.repository.configuration.EnableRedisRepositories
+
+
+@Configuration
+@EnableRedisRepositories(basePackages = ["com.kw"])
+@ComponentScan(basePackages = ["com.kw"])
+class SecurityModuleConfig
+
+

infra/infra-security/src/main/kotlin/com/kw/infrasecurity/config/WebSecurityConfig.kt

@@ -0,0 +1,55 @@
+package com.kw.infrasecurity.config
+
+import com.kw.infrasecurity.jwt.JwtAccessDeniedHandler
+import com.kw.infrasecurity.jwt.JwtAuthenticationEntryPoint
+import com.kw.infrasecurity.jwt.JwtAuthenticationFilter
+import com.kw.infrasecurity.oauth.OAuth2SuccessHandler
+import com.kw.infrasecurity.oauth.OAuth2UserService
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.invoke
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.logout.LogoutFilter
+
+@Configuration
+@EnableWebSecurity
+class WebSecurityConfig(val jwtAuthenticationFilter: JwtAuthenticationFilter,
+    val jwtAccessDeniedHandler: JwtAccessDeniedHandler,
+    val jwtAuthenticationEntryPoint: JwtAuthenticationEntryPoint,
+    val oAuth2SuccessHandler: OAuth2SuccessHandler,
+    val oAuth2UserService: OAuth2UserService) {
+
+    @Bean
+    fun filterChain(http : HttpSecurity) : SecurityFilterChain {
+        http.invoke {
+            csrf { disable() }
+            anonymous { disable() }
+            formLogin { disable() }
+            httpBasic { disable() }
+            logout { disable() }
+            sessionManagement { SessionCreationPolicy.STATELESS }
+
+            addFilterAfter<LogoutFilter>(jwtAuthenticationFilter)
+            exceptionHandling {
+                authenticationEntryPoint = jwtAuthenticationEntryPoint
+                accessDeniedHandler = jwtAccessDeniedHandler
+            }
+
+            oauth2Login {
+                authenticationSuccessHandler = oAuth2SuccessHandler
+                userInfoEndpoint {
+                    userService = oAuth2UserService
+                }
+            }
+
+            authorizeHttpRequests {
+                authorize(anyRequest, permitAll)
+            }
+        }
+
+        return http.build()
+    }
+}

infra/infra-security/src/main/kotlin/com/kw/infrasecurity/jwt/JwtAccessDeniedHandler.kt

@@ -0,0 +1,27 @@
+package com.kw.infrasecurity.jwt
+
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.springframework.beans.factory.annotation.Qualifier
+import org.springframework.security.access.AccessDeniedException
+import org.springframework.security.web.access.AccessDeniedHandler
+import org.springframework.stereotype.Component
+import org.springframework.web.servlet.HandlerExceptionResolver
+
+@Component
+class JwtAccessDeniedHandler() : AccessDeniedHandler {
+
+    private lateinit var resolver: HandlerExceptionResolver
+
+    constructor (@Qualifier("handlerExceptionResolver") resolver: HandlerExceptionResolver) : this() {
+        this.resolver = resolver
+    }
+
+    override fun handle(
+        request: HttpServletRequest?,
+        response: HttpServletResponse?,
+        accessDeniedException: AccessDeniedException?
+    ) {
+        resolver.resolveException(request!!, response!!, null, accessDeniedException!!)
+    }
+}

infra/infra-security/src/main/kotlin/com/kw/infrasecurity/jwt/JwtAuthenticationEntryPoint.kt

@@ -0,0 +1,30 @@
+package com.kw.infrasecurity.jwt
+
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.springframework.beans.factory.annotation.Qualifier
+import org.springframework.security.core.AuthenticationException
+import org.springframework.security.web.AuthenticationEntryPoint
+import org.springframework.stereotype.Component
+import org.springframework.web.servlet.HandlerExceptionResolver
+
+@Component
+class JwtAuthenticationEntryPoint() : AuthenticationEntryPoint {
+
+    private lateinit var resolver: HandlerExceptionResolver
+
+    constructor (@Qualifier("handlerExceptionResolver") resolver: HandlerExceptionResolver) : this() {
+        this.resolver = resolver
+    }
+
+    override fun commence(
+        request: HttpServletRequest?,
+        response: HttpServletResponse?,
+        authException: AuthenticationException?
+    ) {
+        resolver.resolveException(
+            request!!, response!!, null,
+            (request.getAttribute("exception") as Exception)
+        )
+    }
+}

infra/infra-security/src/main/kotlin/com/kw/infrasecurity/jwt/JwtAuthenticationFilter.kt

@@ -0,0 +1,43 @@
+package com.kw.infrasecurity.jwt
+
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.springframework.security.access.AccessDeniedException
+import org.springframework.security.core.context.SecurityContextHolder
+import org.springframework.stereotype.Component
+import org.springframework.util.StringUtils
+import org.springframework.web.filter.OncePerRequestFilter
+
+@Component
+class JwtAuthenticationFilter(private val tokenProvider: JwtTokenProvider) : OncePerRequestFilter() {
+    override fun doFilterInternal(
+        request: HttpServletRequest,
+        response: HttpServletResponse,
+        filterChain: FilterChain
+    ) {
+        if (SecurityContextHolder.getContext().authentication == null) {
+            val accessToken = resolveToken(request)
+            if(accessToken != null) {
+                try {
+                    tokenProvider.validateAccessToken(accessToken)
+                    val authentication = tokenProvider.getAuthentication(accessToken)
+                    SecurityContextHolder.getContext().authentication = authentication
+                } catch (e : Exception) {
+                    request.setAttribute("exception", e)
+                }
+            }
+        }
+        else {
+            request.setAttribute("exception", AccessDeniedException("요청이 거부되었습니다"))
+        }
+        filterChain.doFilter(request, response)
+    }
+
+    private fun resolveToken(request: HttpServletRequest) : String? {
+        val authorizationHeader = request.getHeader("Authorization")
+        return if (StringUtils.hasText(authorizationHeader) && authorizationHeader.startsWith("Bearer")) {
+            authorizationHeader.substring(7)
+        } else null
+    }
+}