Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Swagger 세팅 #40

Merged
merged 16 commits into from
Feb 11, 2024
Merged

chore: Swagger 세팅 #40

Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
52f01b8
chore: springdoc 의존성 추가
uwoobeat Jan 31, 2024
21983c2
feat: 스웨거 전역 헤더 설정 추가
uwoobeat Jan 31, 2024
200e21d
feat: 스웨거 URL 상수 추가
uwoobeat Jan 31, 2024
afba0ee
feat: 스웨거 프로퍼티 추가
uwoobeat Jan 31, 2024
77aa9cd
feat: 스웨거가 운영환경에 맞는 서버 url로 요청하도록 설정
uwoobeat Jan 31, 2024
dec7c95
feat: 개발 및 운영환경에서의 스웨거 Basic 인증 추가
uwoobeat Jan 31, 2024
de63bb4
refactor: 불린 원시 타입을 사용하도록 개선
uwoobeat Jan 31, 2024
0fd37d2
Merge branch 'develop' into chore/21-swagger-setting
uwoobeat Feb 6, 2024
1fe89fa
chore: 스웨거 계정정보 수정
uwoobeat Feb 6, 2024
749f4c4
feat: 리다이렉트 수정 테스트
uwoobeat Feb 6, 2024
cfe0057
feat: 스웨거 전용 filterChain 추가
uwoobeat Feb 10, 2024
3310801
Merge branch 'develop' into chore/21-swagger-setting
uwoobeat Feb 10, 2024
948fb2c
feat: 개발서버 쿠키 설정을 위해 클라이언트 https 도메인 추가
uwoobeat Feb 10, 2024
3719039
refactor: `@ConditionalOnProperty` 를 사용하도록 개선
uwoobeat Feb 10, 2024
1afd0d6
feat: 스웨거 전용 헤더 로직 추가
uwoobeat Feb 10, 2024
8274950
refactor: 상수 이름 수정
uwoobeat Feb 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ dependencies {
annotationProcessor "com.querydsl:querydsl-apt:5.0.0:jakarta"
annotationProcessor "jakarta.annotation:jakarta.annotation-api"
annotationProcessor "jakarta.persistence:jakarta.persistence-api"

// Swagger
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0'
}

tasks.named('test') {
Expand Down
1 change: 1 addition & 0 deletions src/main/java/com/gdschongik/gdsc/global/common/constant/SecurityConstant.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ public class SecurityConstant {
public static final String REGISTRATION_REQUIRED_HEADER = "Registration-Required";
public static final String TOKEN_ROLE_NAME = "role";
public static final String GITHUB_NAME_ATTR_KEY = "id";
public static final String TOKEN_HEADER_PREFIX = "Bearer ";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

토큰 타입으로는 BEARER가 아닌 다른 타입도 올 수 있으니 BEARER_PREFIX와 같은 이름이 의미를 더 잘 담는 것 같습니다.
어떤가요?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACCESS_TOKEN_PREFIX 로 변경하도록 하겠습니다~
Bearer같이 내부의 리터럴 값보다는 사용되는 맥락의 의미가 잘 드러난다고 생각해요

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

좋습니다
미리 approve 해둘게요~


private SecurityConstant() {}
}
15 changes: 15 additions & 0 deletions src/main/java/com/gdschongik/gdsc/global/common/constant/SwaggerUrlConstant.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
package com.gdschongik.gdsc.global.common.constant;

import lombok.AllArgsConstructor;
import lombok.Getter;

@Getter
@AllArgsConstructor
public enum SwaggerUrlConstant {
SWAGGER_RESOURCES_URL("/swagger-resources/**"),
SWAGGER_UI_URL("/swagger-ui/**"),
SWAGGER_API_DOCS_URL("/v3/api-docs/**"),
;

private final String value;
}
6 changes: 6 additions & 0 deletions src/main/java/com/gdschongik/gdsc/global/common/constant/UrlConstant.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,11 @@ private UrlConstant() {}
public static final String PROD_CLIENT_URL = "https://onboarding.gdschongik.com";
public static final String DEV_CLIENT_URL = "https://dev-onboarding.gdschongik.com";
public static final String LOCAL_REACT_CLIENT_URL = "http://localhost:3000";
public static final String LOCAL_REACT_CLIENT_SECURE_URL = "https://localhost:3000";
public static final String LOCAL_VITE_CLIENT_URL = "http://localhost:5173";
public static final String LOCAL_VITE_CLIENT_SECURE_URL = "https://localhost:5173";

public static final String PROD_SERVER_URL = "https://api.gdschongik.com";
public static final String DEV_SERVER_URL = "https://dev-api.gdschongik.com";
public static final String LOCAL_SERVER_URL = "http://localhost:8080";
}
3 changes: 2 additions & 1 deletion src/main/java/com/gdschongik/gdsc/global/config/PropertyConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@

import com.gdschongik.gdsc.global.property.JwtProperty;
import com.gdschongik.gdsc.global.property.RedisProperty;
import com.gdschongik.gdsc.global.property.SwaggerProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;

@EnableConfigurationProperties({JwtProperty.class, RedisProperty.class})
@EnableConfigurationProperties({JwtProperty.class, RedisProperty.class, SwaggerProperty.class})
@Configuration
public class PropertyConfig {}
60 changes: 60 additions & 0 deletions src/main/java/com/gdschongik/gdsc/global/config/SwaggerConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
package com.gdschongik.gdsc.global.config;

import static com.gdschongik.gdsc.global.common.constant.EnvironmentConstant.*;
import static com.gdschongik.gdsc.global.common.constant.UrlConstant.*;
import static org.springframework.http.HttpHeaders.*;

import com.gdschongik.gdsc.global.util.EnvironmentUtil;
import io.swagger.v3.oas.models.Components;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.servers.Server;
import java.util.List;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
@RequiredArgsConstructor
public class SwaggerConfig {

private final EnvironmentUtil environmentUtil;

@Bean
public OpenAPI openAPI() {
return new OpenAPI()
.servers(swaggerServers())
.addSecurityItem(securityRequirement())
.components(authSetting());
}

private List<Server> swaggerServers() {
Server server = new Server().url(getServerUrl());
return List.of(server);
}

private String getServerUrl() {
return switch (environmentUtil.getCurrentProfile()) {
case PROD -> PROD_SERVER_URL;
case DEV -> DEV_SERVER_URL;
default -> LOCAL_SERVER_URL;
};
}

private Components authSetting() {
return new Components()
.addSecuritySchemes(
"Authorization",
new SecurityScheme()
.type(SecurityScheme.Type.HTTP)
.scheme("bearer")
.bearerFormat("JWT")
.in(SecurityScheme.In.HEADER)
.name(AUTHORIZATION));
}

private SecurityRequirement securityRequirement() {
return new SecurityRequirement().addList(AUTHORIZATION);
}
}
64 changes: 58 additions & 6 deletions src/main/java/com/gdschongik/gdsc/global/config/WebSecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,31 @@
import com.fasterxml.jackson.databind.ObjectMapper;
import com.gdschongik.gdsc.domain.auth.application.JwtService;
import com.gdschongik.gdsc.domain.member.dao.MemberRepository;
import com.gdschongik.gdsc.global.common.constant.SwaggerUrlConstant;
import com.gdschongik.gdsc.global.property.SwaggerProperty;
import com.gdschongik.gdsc.global.security.CustomSuccessHandler;
import com.gdschongik.gdsc.global.security.CustomUserService;
import com.gdschongik.gdsc.global.security.JwtExceptionFilter;
import com.gdschongik.gdsc.global.security.JwtFilter;
import com.gdschongik.gdsc.global.util.CookieUtil;
import com.gdschongik.gdsc.global.util.EnvironmentUtil;
import java.util.Arrays;
import lombok.RequiredArgsConstructor;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
Expand All @@ -36,25 +46,65 @@ public class WebSecurityConfig {
private final CookieUtil cookieUtil;
private final ObjectMapper objectMapper;
private final EnvironmentUtil environmentUtil;
private final SwaggerProperty swaggerProperty;

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
private static void defaultFilterChain(HttpSecurity http) throws Exception {
http.httpBasic(AbstractHttpConfigurer::disable)
.formLogin(AbstractHttpConfigurer::disable)
.logout(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.cors(withDefaults())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
}

@Bean
@Order(1)
@ConditionalOnProperty(name = "spring.profiles.active", havingValue = "dev")
public SecurityFilterChain swaggerSecurityFilterChain(HttpSecurity http) throws Exception {
defaultFilterChain(http);

http.securityMatcher(getSwaggerUrls())
.authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated())
.httpBasic(withDefaults());

return http.build();
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
defaultFilterChain(http);

http.oauth2Login(
oauth2 -> oauth2.userInfoEndpoint(userInfo -> userInfo.userService(customUserService(memberRepository)))
.successHandler(customSuccessHandler(jwtService, cookieUtil)));
.successHandler(customSuccessHandler(jwtService, cookieUtil))
.failureHandler((request, response, exception) -> response.setStatus(401)));

http.addFilterBefore(jwtFilter(jwtService, cookieUtil), UsernamePasswordAuthenticationFilter.class);
http.addFilterBefore(jwtExceptionFilter(objectMapper), JwtFilter.class);
http.addFilterAfter(jwtExceptionFilter(objectMapper), LogoutFilter.class);
http.addFilterAfter(jwtFilter(jwtService, cookieUtil), LogoutFilter.class);

return http.build();
}

private static String[] getSwaggerUrls() {
return Arrays.stream(SwaggerUrlConstant.values())
.map(SwaggerUrlConstant::getValue)
.toArray(String[]::new);
}

@Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
UserDetails user = User.withUsername(swaggerProperty.getUsername())
.password(passwordEncoder().encode(swaggerProperty.getPassword()))
.roles("SWAGGER")
.build();
return new InMemoryUserDetailsManager(user);
}

@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}

@Bean
public CustomUserService customUserService(MemberRepository memberRepository) {
return new CustomUserService(memberRepository);
Expand Down Expand Up @@ -86,7 +136,9 @@ public CorsConfigurationSource corsConfigurationSource() {
if (environmentUtil.isDevProfile()) {
configuration.addAllowedOriginPattern(DEV_CLIENT_URL);
configuration.addAllowedOriginPattern(LOCAL_REACT_CLIENT_URL);
configuration.addAllowedOriginPattern(LOCAL_REACT_CLIENT_SECURE_URL);
configuration.addAllowedOriginPattern(LOCAL_VITE_CLIENT_URL);
configuration.addAllowedOriginPattern(LOCAL_VITE_CLIENT_SECURE_URL);
}

configuration.addAllowedHeader("*");
Expand Down
14 changes: 14 additions & 0 deletions src/main/java/com/gdschongik/gdsc/global/property/SwaggerProperty.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package com.gdschongik.gdsc.global.property;

import lombok.AllArgsConstructor;
import lombok.Getter;
import org.springframework.boot.context.properties.ConfigurationProperties;

@Getter
@AllArgsConstructor
@ConfigurationProperties(prefix = "swagger")
public class SwaggerProperty {

private final String username;
private final String password;
}
21 changes: 21 additions & 0 deletions src/main/java/com/gdschongik/gdsc/global/security/JwtFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package com.gdschongik.gdsc.global.security;

import static com.gdschongik.gdsc.global.common.constant.SecurityConstant.*;

import com.gdschongik.gdsc.domain.auth.application.JwtService;
import com.gdschongik.gdsc.domain.auth.dto.AccessTokenDto;
import com.gdschongik.gdsc.domain.auth.dto.RefreshTokenDto;
Expand All @@ -14,6 +16,7 @@
import java.io.IOException;
import java.util.Optional;
import lombok.RequiredArgsConstructor;
import org.springframework.http.HttpHeaders;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
Expand All @@ -31,9 +34,20 @@ public class JwtFilter extends OncePerRequestFilter {
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {

String accessTokenHeaderValue = extractAccessTokenFromHeader(request);
String accessTokenValue = extractTokenValue(JwtConstant.ACCESS_TOKEN, request);
String refreshTokenValue = extractTokenValue(JwtConstant.REFRESH_TOKEN, request);

// 헤더에 AT가 있으면 우선적으로 검증 (Swagger 테스트 전용)
if (accessTokenHeaderValue != null) {
AccessTokenDto accessTokenDto = jwtService.retrieveAccessToken(accessTokenHeaderValue);
if (accessTokenDto != null) {
setAuthenticationToContext(accessTokenDto.memberId(), accessTokenDto.memberRole());
filterChain.doFilter(request, response);
return;
}
}

// AT와 RT 중 하나라도 없으면 실패
if (accessTokenValue == null || refreshTokenValue == null) {
filterChain.doFilter(request, response);
Expand Down Expand Up @@ -71,6 +85,13 @@ private String extractTokenValue(JwtConstant jwtConstant, HttpServletRequest req
.orElse(null);
}

private String extractAccessTokenFromHeader(HttpServletRequest request) {
return Optional.ofNullable(request.getHeader(HttpHeaders.AUTHORIZATION))
.filter(header -> header.startsWith(TOKEN_HEADER_PREFIX))
.map(header -> header.replace(TOKEN_HEADER_PREFIX, ""))
.orElse(null);
}

private void setAuthenticationToContext(Long memberId, MemberRole memberRole) {
UserDetails userDetails = new PrincipalDetails(memberId, memberRole);
Authentication authentication =
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/gdschongik/gdsc/global/util/CookieUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ private ResponseCookie generateCookie(String cookieName, String tokenValue, Stri
.path("/")
.secure(true)
.sameSite(sameSite)
.httpOnly(false)
.httpOnly(true)
.build();
}

Expand Down
6 changes: 3 additions & 3 deletions src/main/java/com/gdschongik/gdsc/global/util/EnvironmentUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,15 @@ public String getCurrentProfile() {
.orElse(LOCAL);
}

public Boolean isProdProfile() {
public boolean isProdProfile() {
return getActiveProfiles().anyMatch(PROD::equals);
}

public Boolean isDevProfile() {
public boolean isDevProfile() {
return getActiveProfiles().anyMatch(DEV::equals);
}

public Boolean isProdAndDevProfile() {
public boolean isProdAndDevProfile() {
return getActiveProfiles().anyMatch(PROD_AND_DEV::contains);
}

Expand Down
8 changes: 8 additions & 0 deletions src/main/resources/application-swagger.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
spring:
config:
activate:
on-profile: "security"

swagger:
username: ${SWAGGER_USER:default}
password: ${SWAGGER_PASSWORD:default}
1 change: 1 addition & 0 deletions src/main/resources/application.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ spring:
- redis
- storage
- security
- swagger

logging:
level:
Expand Down
Loading