Merge pull request #182 from DevKor-github/mod/googlelogin

[Mod] google 로그인 요청을 idtoken로 수정

Author: JunbeomKoreaUniv

ontime-back/src/main/java/devkor/ontime_back/dto/OAuthGoogleRequestDto.java

@@ -4,6 +4,6 @@
 
 @Getter
 public class OAuthGoogleRequestDto {
-    private String accessToken;
+    private String idToken;
     private String refreshToken;
 }

ontime-back/src/main/java/devkor/ontime_back/dto/OAuthGoogleUserDto.java

@@ -1,21 +1,19 @@
 package devkor.ontime_back.dto;
 
-import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Getter;
-import lombok.Setter;
 
 @Getter
 public class OAuthGoogleUserDto {
 
     private String id;           // 고유 사용자 ID
     private String name;          // 사용자 이름
-    @JsonProperty("given_name") // JSON의 given_name 필드와 매핑
-    private String givenName;
-    @JsonProperty("family_name") // JSON의 family_name 필드와 매핑
-    private String familyName;
     private String picture;       // 프로필 이미지 URL
     private String email;         // 이메일
-    @JsonProperty("email_verified")
-    private boolean emailVerified; // 이메일 인증 여부
 
+    public OAuthGoogleUserDto(String id, String name, String picture, String email) {
+        this.id = id;
+        this.name = name;
+        this.picture = picture;
+        this.email = email;
+    }
 }

ontime-back/src/main/java/devkor/ontime_back/global/oauth/apple/AppleLoginService.java

@@ -3,26 +3,25 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import devkor.ontime_back.dto.AppleTokenResponseDto;
-import devkor.ontime_back.dto.OAuthAppleRequestDto;
 import devkor.ontime_back.dto.OAuthAppleUserDto;
 import devkor.ontime_back.entity.Role;
 import devkor.ontime_back.entity.SocialType;
 import devkor.ontime_back.entity.User;
+import devkor.ontime_back.entity.UserSetting;
 import devkor.ontime_back.global.jwt.JwtTokenProvider;
 import devkor.ontime_back.global.jwt.JwtUtils;
 import devkor.ontime_back.repository.UserRepository;
+import devkor.ontime_back.response.InvalidTokenException;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
-import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.*;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
@@ -39,10 +38,8 @@
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Map;
-import java.util.Optional;
+import java.time.Instant;
+import java.util.*;
 
 @Slf4j
 @RequiredArgsConstructor
@@ -114,6 +111,15 @@ public Authentication handleRegister(String appleRefreshToken, OAuthAppleUserDto
                 .socialLoginToken(appleRefreshToken)
                 .build();
 
+        UUID userSettingId = UUID.randomUUID();
+
+        UserSetting userSetting = UserSetting.builder()
+                .userSettingId(userSettingId)
+                .user(newUser)
+                .build();
+
+        newUser.setUserSetting(userSetting);
+
         User savedUser = userRepository.save(newUser);
 
         String accessToken = jwtTokenProvider.createAccessToken(newUser.getEmail(), newUser.getId());
@@ -151,11 +157,16 @@ public Claims verifyIdentityToken(String identityToken) throws
         Claims tokenClaims = jwtUtils.getTokenClaims(identityToken, publicKey);
         // iss 확인
         if (!issuer.equals(tokenClaims.getIssuer())) {
-            throw new IllegalArgumentException("Invalid JWT: Issuer mismatch. Expected: " + issuer);
+            throw new InvalidTokenException("유효하지 않은 JWT입니다. issuer가 일치하지 않습니다.");
         }
         // aud 확인
         if (!clientId.equals(tokenClaims.getAudience())) {
-            throw new IllegalArgumentException("Invalid JWT: Audience mismatch. Expected: " + clientId);
+            throw new InvalidTokenException("유효하지 않은 JWT입니다. audience가 일치하지 않습니다.");
+        }
+        // exp(만료 시간) 확인
+        Date expiration = tokenClaims.getExpiration();
+        if (expiration == null || expiration.before(Date.from(Instant.now()))) {
+            throw new InvalidTokenException("유효하지 않은 JWT입니다. 만료되었습니다.");
         }
 
         return tokenClaims;

ontime-back/src/main/java/devkor/ontime_back/global/oauth/google/GoogleLoginFilter.java

@@ -1,31 +1,23 @@
 package devkor.ontime_back.global.oauth.google;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
 import devkor.ontime_back.dto.OAuthGoogleRequestDto;
 import devkor.ontime_back.dto.OAuthGoogleUserDto;
-import devkor.ontime_back.entity.Role;
 import devkor.ontime_back.entity.SocialType;
 import devkor.ontime_back.entity.User;
-import devkor.ontime_back.global.jwt.JwtTokenProvider;
 import devkor.ontime_back.repository.UserRepository;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.http.HttpEntity;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.ResponseEntity;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
-import org.springframework.web.client.RestTemplate;
 
 import java.io.IOException;
-import java.util.Collections;
 import java.util.Optional;
 
 @Slf4j
@@ -45,21 +37,27 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
             throws AuthenticationException, IOException, ServletException {
         ObjectMapper objectMapper = new ObjectMapper();
         OAuthGoogleRequestDto oAuthGoogleRequestDto = objectMapper.readValue(request.getInputStream(), OAuthGoogleRequestDto.class);
-        OAuthGoogleUserDto oAuthGoogleUserInfo = googleLoginService.getUserInfoFromAccessToken(oAuthGoogleRequestDto.getAccessToken());
 
-        Optional<User> existingUser = userRepository.findBySocialTypeAndSocialId(SocialType.GOOGLE, oAuthGoogleUserInfo.getId());
+        try {
+            GoogleIdToken.Payload googlePayload = googleLoginService.verifyIdentityToken(oAuthGoogleRequestDto.getIdToken());
+            String googleUserId = googlePayload.getSubject();
 
+            Optional<User> existingUser = userRepository.findBySocialTypeAndSocialId(SocialType.GOOGLE, googleUserId);
 
-        if (existingUser.isPresent()) {
-            return googleLoginService.handleLogin(oAuthGoogleRequestDto, existingUser.get(), response);
-        } else {
-            return googleLoginService.handleRegister(oAuthGoogleRequestDto, oAuthGoogleUserInfo, response);
-        }
-    }
-
+            if (existingUser.isPresent()) {
+                return googleLoginService.handleLogin(oAuthGoogleRequestDto, existingUser.get(), response);
+            } else {
+                OAuthGoogleUserDto oAuthGoogleUserDto = new OAuthGoogleUserDto(googleUserId, (String) googlePayload.get("name"), (String) googlePayload.get("picture"), googlePayload.getEmail());
+                return googleLoginService.handleRegister(oAuthGoogleRequestDto, oAuthGoogleUserDto, response);
+            }
 
+        } catch (Exception e) {
+            log.error("Google 로그인 실패: {}", e.getMessage(), e);
+            throw new AuthenticationException("Google 로그인 실패") {};
+        }
 
 
+    }
 
     // 인증 성공 처리
     @Override

ontime-back/src/main/java/devkor/ontime_back/global/oauth/google/GoogleLoginService.java

@@ -1,15 +1,21 @@
 package devkor.ontime_back.global.oauth.google;
-
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
+import com.google.api.client.http.javanet.NetHttpTransport;
+import com.google.api.client.json.gson.GsonFactory;
 import devkor.ontime_back.dto.OAuthGoogleRequestDto;
 import devkor.ontime_back.dto.OAuthGoogleUserDto;
 import devkor.ontime_back.entity.Role;
 import devkor.ontime_back.entity.SocialType;
 import devkor.ontime_back.entity.User;
+import devkor.ontime_back.entity.UserSetting;
 import devkor.ontime_back.global.jwt.JwtTokenProvider;
 import devkor.ontime_back.repository.UserRepository;
+import io.jsonwebtoken.Claims;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -24,6 +30,7 @@
 import java.io.IOException;
 import java.util.Collections;
 import java.util.Optional;
+import java.util.UUID;
 
 @Slf4j
 @Service
@@ -35,25 +42,9 @@ public class GoogleLoginService {
     private static final String GOOGLE_USER_INFO_URL = "https://www.googleapis.com/userinfo/v2/me";
     private static final String GOOGLE_REVOKE_URL = "https://oauth2.googleapis.com/revoke?token=";
 
+    @Value("${spring.security.oauth2.client.registration.google.client-id}")
+    private String clientId;
 
-
-    public OAuthGoogleUserDto getUserInfoFromAccessToken(String accessToken) {
-        RestTemplate restTemplate = new RestTemplate();
-
-        HttpHeaders headers = new HttpHeaders();
-        headers.set("Authorization", "Bearer " + accessToken);
-
-        HttpEntity<String> entity = new HttpEntity<>(headers);
-
-        ResponseEntity<OAuthGoogleUserDto> response = restTemplate.exchange(
-                GOOGLE_USER_INFO_URL,
-                org.springframework.http.HttpMethod.GET,
-                entity,
-                OAuthGoogleUserDto.class
-        );
-
-        return response.getBody();
-    }
     public Authentication handleLogin(OAuthGoogleRequestDto oAuthGoogleRequestDto, User user, HttpServletResponse response) throws IOException {
         user.updateSocialLoginToken(oAuthGoogleRequestDto.getRefreshToken());
 
@@ -98,6 +89,15 @@ public Authentication handleRegister(OAuthGoogleRequestDto oAuthGoogleRequestDto
                 .socialLoginToken(oAuthGoogleRequestDto.getRefreshToken())
                 .build();
 
+        UUID userSettingId = UUID.randomUUID();
+
+        UserSetting userSetting = UserSetting.builder()
+                .userSettingId(userSettingId)
+                .user(newUser)
+                .build();
+
+        newUser.setUserSetting(userSetting);
+
         User savedUser = userRepository.save(newUser);
 
         String accessToken = jwtTokenProvider.createAccessToken(newUser.getEmail(), newUser.getId());
@@ -123,6 +123,23 @@ public Authentication handleRegister(OAuthGoogleRequestDto oAuthGoogleRequestDto
         return authentication;
     }
 
+    public GoogleIdToken.Payload verifyIdentityToken(String identityToken) throws Exception {
+        GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(
+                new NetHttpTransport(),
+                GsonFactory.getDefaultInstance())
+                .setAudience(Collections.singletonList(clientId)) // aud 확인
+                .build();
+
+        GoogleIdToken idToken = verifier.verify(identityToken); // Google의 공개 키를 사용하여 idToken 서명을 검증
+        if (idToken != null) {
+            GoogleIdToken.Payload payload = idToken.getPayload();
+            return payload;
+        } else {
+            log.info("유효하지 않은 idtoken 입니다.");
+            return null;
+        }
+    }
+
     public boolean revokeToken(Long userId) {
         User user = userRepository.findById(userId)
                 .orElseThrow(() -> new IllegalArgumentException("User not found with id: " + userId));