Merge pull request #148 from DevKor-github/develop

애플 로그인 main에 합병(develop -> main)

Author: Yyang-YE

src/main/java/devkor/com/teamcback/domain/user/validator/AppleValidator.java

@@ -9,6 +9,7 @@
 import devkor.com.teamcback.global.jwt.OIDC.dto.OIDCDecodePayload;
 import devkor.com.teamcback.global.jwt.OIDC.dto.OIDCPublicKeyDto;
 import devkor.com.teamcback.global.jwt.OIDC.dto.OIDCPublicKeysResponse;
+import devkor.com.teamcback.global.redis.RedisUtil;
 import io.jsonwebtoken.Header;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
@@ -19,11 +20,14 @@
 public class AppleValidator {
     private final OIDCUtil oidcUtil;
     private final AppleClient appleClient;
+    private final RedisUtil redisUtil;
     private static final String KID = "kid";
     private static final String ALG = "alg";
 
     @Value("${jwt.social.apple.iss}")
     private String ISS;
+    @Value("${jwt.social.apple.dev-aud}")
+    private String DEV_AUD;
     @Value("${jwt.social.apple.aud}")
     private String AUD;
 
@@ -34,7 +38,7 @@ public OIDCPublicKeysResponse getCachedData() {
     public String validateToken(String token) {
         try {
             // id_token 정보
-            Header tokenInfo = oidcUtil.getUnsignedTokenClaims(token, AUD, ISS).getHeader();
+            Header tokenInfo = oidcUtil.getUnsignedTokenClaims(token, new String[] {DEV_AUD, AUD}, ISS).getHeader();
             String kid = (String) tokenInfo.get(KID);
             String alg = (String) tokenInfo.get(ALG);
 
@@ -51,7 +55,8 @@ public String validateToken(String token) {
 
             return payload.getSub();
         } catch(GlobalException e) {
-            throw new GlobalException(LOG_IN_REQUIRED);
+            redisUtil.deleteCache("apple::data");
+            throw new GlobalException(e.getResultCode());
         } catch (Exception e) {
             throw new GlobalException(INVALID_TOKEN);
         }

src/main/java/devkor/com/teamcback/domain/user/validator/GoogleValidator.java

@@ -9,6 +9,7 @@
 import devkor.com.teamcback.global.jwt.OIDC.dto.OIDCDecodePayload;
 import devkor.com.teamcback.global.jwt.OIDC.dto.OIDCPublicKeyDto;
 import devkor.com.teamcback.global.jwt.OIDC.dto.OIDCPublicKeysResponse;
+import devkor.com.teamcback.global.redis.RedisUtil;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
@@ -18,6 +19,7 @@
 public class GoogleValidator {
     private final OIDCUtil oidcUtil;
     private final GoogleClient googleClient;
+    private final RedisUtil redisUtil;
 
     @Value("${jwt.social.google.iss}")
     private String ISS;
@@ -46,7 +48,8 @@ public String validateToken(String token) {
 
             return payload.getEmail();
         } catch(GlobalException e) {
-            throw new GlobalException(LOG_IN_REQUIRED);
+            redisUtil.deleteCache("google::data");
+            throw new GlobalException(e.getResultCode());
         } catch (Exception e) {
             throw new GlobalException(INVALID_TOKEN);
         }

src/main/java/devkor/com/teamcback/domain/user/validator/KakaoValidator.java

@@ -9,6 +9,7 @@
 import devkor.com.teamcback.global.jwt.OIDC.dto.OIDCDecodePayload;
 import devkor.com.teamcback.global.jwt.OIDC.dto.OIDCPublicKeyDto;
 import devkor.com.teamcback.global.jwt.OIDC.dto.OIDCPublicKeysResponse;
+import devkor.com.teamcback.global.redis.RedisUtil;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
@@ -18,6 +19,7 @@
 public class KakaoValidator{
     private final OIDCUtil oidcUtil;
     private final KakaoClient kakaoClient;
+    private final RedisUtil redisUtil;
 
     @Value("${jwt.social.kakao.iss}")
     private String ISS;
@@ -46,7 +48,8 @@ public String validateToken(String token) {
 
             return payload.getEmail();
         } catch(GlobalException e) {
-            throw new GlobalException(LOG_IN_REQUIRED);
+            redisUtil.deleteCache("kakao::data");
+            throw new GlobalException(e.getResultCode());
         } catch (Exception e) {
             throw new GlobalException(INVALID_TOKEN);
         }

src/main/java/devkor/com/teamcback/domain/user/validator/client/AppleClient.java

@@ -7,7 +7,7 @@
 
 @FeignClient(name = "appleClient", url = "https://appleid.apple.com")
 public interface AppleClient {
-    @Cacheable(value = "apple")
+    @Cacheable(value = "apple", key = "'data'")
     @GetMapping("/auth/keys")
     OIDCPublicKeysResponse getPublicKeys();
 }

src/main/java/devkor/com/teamcback/global/jwt/OIDC/OIDCUtil.java

@@ -15,6 +15,7 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.RSAPublicKeySpec;
+import java.util.Arrays;
 import java.util.Base64;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Component;
@@ -24,16 +25,25 @@
 public class OIDCUtil {
     private static final String KID = "kid";
     public String getKidFromUnsignedTokenHeader(String token, String aud, String iss) {
-        return (String) getUnsignedTokenClaims(token, aud, iss).getHeader().get(KID);
+        return (String) getUnsignedTokenClaims(token, new String[] {aud}, iss).getHeader().get(KID);
     }
 
-    public Jwt<Header, Claims> getUnsignedTokenClaims(String token, String aud, String iss) {
+    public Jwt<Header, Claims> getUnsignedTokenClaims(String token, String[] aud, String iss) {
         try {
-            return Jwts.parserBuilder()
-                .requireAudience(aud)
+            Jwt<Header, Claims> claims = Jwts.parserBuilder()
                 .requireIssuer(iss)
                 .build()
                 .parseClaimsJwt(getUnsignedToken(token));
+
+            // 추가적인 audience 검증
+            String audience = claims.getBody().getAudience();
+            if (audience == null || Arrays.stream(aud).noneMatch(audience::equals)) {
+                throw new GlobalException(INVALID_TOKEN);
+            }
+
+            return claims;
+        } catch (GlobalException e) {
+            throw new GlobalException(e.getResultCode());
         } catch (Exception e) {
             throw new GlobalException(INVALID_TOKEN);
         }

src/main/java/devkor/com/teamcback/global/redis/RedisUtil.java

@@ -35,5 +35,9 @@ public boolean delete(String key) {
     public boolean hasKey(String key) {
         return Boolean.TRUE.equals(redisTemplate.hasKey(key));
     }
+
+    public void deleteCache(String key) {
+        redisTemplate.delete(key);
+    }
 }
 

src/main/resources/application.yml

@@ -93,6 +93,7 @@ jwt:
     apple:
       iss: ${APPLE_ISS}
       aud: ${APPLE_AUD}
+      dev-aud: ${APPLE_DEV_AUD}
   admin:
     token: ${JWT_ADMIN_TOKEN}