Feat(SignUp): 카카오 회원가입, jwt 로그인 구현

jabiseo-api/build.gradle

@@ -17,4 +17,9 @@ dependencies {
     implementation project(":jabiseo-domain")
     implementation project(":jabiseo-infrastructure")
     implementation project(":jabiseo-common")
+
+
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.2'
 }

jabiseo-api/src/main/java/com/jabiseo/JabiseoApiApplication.java

@@ -3,7 +3,9 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
 
+@ConfigurationPropertiesScan
 @SpringBootApplication
 public class JabiseoApiApplication {
 

jabiseo-api/src/main/java/com/jabiseo/auth/application/JwtHandler.java

@@ -0,0 +1,111 @@
+package com.jabiseo.auth.application;
+
+import com.jabiseo.auth.exception.AuthenticationBusinessException;
+import com.jabiseo.auth.exception.AuthenticationErrorCode;
+import com.jabiseo.member.domain.Member;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.stereotype.Component;
+
+import java.security.Key;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.*;
+
+@Component
+public class JwtHandler {
+
+    private final Key accessKey;
+    private final Key refreshKey;
+    private final Integer accessExpiredMin;
+    private final Integer refreshExpiredDay;
+    private final String APP_ISSUER = "jabiseo";
+
+    public JwtHandler(JwtProperty jwtProperty) {
+        byte[] accessEncodeByte = Base64.getEncoder().encode((jwtProperty.getAccessKey().getBytes()));
+        byte[] refreshEncodeByte = Base64.getEncoder().encode(jwtProperty.getRefreshKey().getBytes());
+        this.accessExpiredMin = jwtProperty.getAccessExpiredMin();
+        this.refreshExpiredDay = jwtProperty.getRefreshExpiredDay();
+        this.accessKey = Keys.hmacShaKeyFor(accessEncodeByte);
+        this.refreshKey = Keys.hmacShaKeyFor(refreshEncodeByte);
+    }
+
+
+    public String createAccessToken(Member member) {
+        Instant accessExpiredTime = Instant.now()
+                .plus(this.accessExpiredMin, ChronoUnit.MINUTES);
+
+        Map<String, Object> payload = new HashMap<>();
+
+        return Jwts.builder()
+                .setSubject(member.getId().toString())
+                .setIssuer(APP_ISSUER)
+                .setExpiration(Date.from(accessExpiredTime))
+                .addClaims(payload)
+                .signWith(accessKey)
+                .compact();
+    }
+
+    public String createRefreshToken() {
+        Instant refreshExpiredTime = Instant.now()
+                .plus(this.refreshExpiredDay, ChronoUnit.DAYS);
+        return Jwts.builder()
+                .setExpiration(Date.from(refreshExpiredTime))
+                .signWith(refreshKey)
+                .compact();
+    }
+
+
+    public boolean validateAccessToken(String token) {
+        try {
+            Jwts.parserBuilder()
+                    .setSigningKey(accessKey)
+                    .build()
+                    .parseClaimsJws(token);
+            return true;
+        } catch (ExpiredJwtException e) {
+            throw new AuthenticationBusinessException(AuthenticationErrorCode.EXPIRED_APP_JWT);
+        } catch (Exception e) {
+            throw new AuthenticationBusinessException(AuthenticationErrorCode.INVALID_APP_JWT);
+        }
+    }
+
+    public void validateRefreshToken(String refreshToken) {
+        try {
+            Jwts.parserBuilder()
+                    .setSigningKey(refreshKey)
+                    .build()
+                    .parseClaimsJws(refreshToken);
+        } catch (ExpiredJwtException e) {
+            throw new AuthenticationBusinessException(AuthenticationErrorCode.EXPIRED_APP_JWT);
+        } catch (Exception e) {
+            throw new AuthenticationBusinessException(AuthenticationErrorCode.INVALID_APP_JWT);
+        }
+    }
+
+
+    public Claims getClaimFromExpiredAccessToken(String accessToken) {
+        try {
+            return Jwts.parserBuilder()
+                    .setSigningKey(accessKey)
+                    .build()
+                    .parseClaimsJws(accessToken)
+                    .getBody();
+        } catch (ExpiredJwtException e) {
+            return e.getClaims();
+        } catch (Exception e) {
+            throw new AuthenticationBusinessException(AuthenticationErrorCode.INVALID_APP_JWT);
+        }
+    }
+
+    public Claims getClaimsFromAccessToken(String token) {
+        return Jwts
+                .parserBuilder()
+                .setSigningKey(accessKey)
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+    }
+}

jabiseo-api/src/main/java/com/jabiseo/auth/application/JwtProperty.java

@@ -0,0 +1,22 @@
+package com.jabiseo.auth.application;
+
+
+import lombok.Getter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+@Getter
+@ConfigurationProperties(prefix = "jwt")
+public class JwtProperty {
+
+    private final String accessKey;
+    private final String refreshKey;
+    private final Integer accessExpiredMin;
+    private final Integer refreshExpiredDay;
+
+    public JwtProperty(String accessKey, String refreshKey, Integer accessExpiredMin, Integer refreshExpiredDay) {
+        this.accessKey = accessKey;
+        this.refreshKey = refreshKey;
+        this.accessExpiredMin = accessExpiredMin;
+        this.refreshExpiredDay = refreshExpiredDay;
+    }
+}

jabiseo-api/src/main/java/com/jabiseo/auth/application/MemberFactory.java

@@ -0,0 +1,29 @@
+package com.jabiseo.auth.application;
+
+
+import com.jabiseo.auth.application.oidc.OauthMemberInfo;
+import com.jabiseo.member.domain.Member;
+import com.jabiseo.member.domain.OauthServer;
+import com.jabiseo.member.domain.RandomNicknameGenerator;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+import java.util.UUID;
+
+@Component
+@RequiredArgsConstructor
+public class MemberFactory {
+
+    private final RandomNicknameGenerator randomNicknameGenerator;
+
+    // TODO: S3 + CDN 생성 후 변경해야 한다.
+    private final String DEFAULT_IMAGE_URL = "https://github.com/Jabiseo/Jabiseo-Backend/assets/28949213/fb6cb510-05fa-4791-a9c1-74a379294936";
+
+    public Member createNew(OauthMemberInfo oauthMemberInfo) {
+        String nickname = randomNicknameGenerator.generate();
+
+        // TODO: ID 생성 전략을 통해 따로 생성해야 한다.
+        String id = UUID.randomUUID().toString();
+        return Member.of(id, oauthMemberInfo.getEmail(), nickname, oauthMemberInfo.getOauthId(), oauthMemberInfo.getOauthServer(), DEFAULT_IMAGE_URL);
+    }
+}

jabiseo-api/src/main/java/com/jabiseo/auth/application/oidc/AbstractIdTokenValidator.java

@@ -0,0 +1,40 @@
+package com.jabiseo.auth.application.oidc;
+
+
+import com.jabiseo.client.OidcPublicKey;
+import com.jabiseo.auth.application.oidc.property.OidcIdTokenProperty;
+import com.jabiseo.member.domain.OauthServer;
+
+import java.util.Map;
+
+public abstract class AbstractIdTokenValidator {
+
+    private final OidcIdTokenProperty oidcIdTokenProperty;
+    private final IdTokenJwtHandler idTokenJwtHandler;
+
+    public AbstractIdTokenValidator(OidcIdTokenProperty oidcIdTokenProperty, IdTokenJwtHandler idTokenJwtHandler) {
+        this.oidcIdTokenProperty = oidcIdTokenProperty;
+        this.idTokenJwtHandler = idTokenJwtHandler;
+    }
+
+    /*
+     * 1. idToken Header 에서 kid라는 key 를 찾고 kid에 맞는 public key를 가져온다.
+     * 2. 우리 앱의 issuer, client-id가 jwt token안에 있는지 확인/ signature 에 대한 검증을 진행한다.
+     * 3. payload에서 원하는 값을 추출해 return.
+     */
+
+    public OauthMemberInfo validate(String idToken) {
+        String kid = idTokenJwtHandler.findKidFromHeader(idToken);
+
+        OidcPublicKey oidcPublicKey = getOidcPublicKey(kid);
+        Map<String, Object> payload = idTokenJwtHandler.validateAndExtractPayload(idToken, oidcPublicKey, oidcIdTokenProperty.audience(), oidcIdTokenProperty.issuer());
+
+        return extractMemberInfoFromPayload(payload);
+    }
+
+    abstract protected OidcPublicKey getOidcPublicKey(String kid);
+
+    abstract protected OauthMemberInfo extractMemberInfoFromPayload(Map<String, Object> payload);
+
+    abstract OauthServer getOauthServer();
+}

jabiseo-api/src/main/java/com/jabiseo/auth/application/oidc/IdTokenJwtHandler.java

@@ -0,0 +1,79 @@
+package com.jabiseo.auth.application.oidc;
+
+import com.jabiseo.client.OidcPublicKey;
+import com.jabiseo.auth.exception.AuthenticationBusinessException;
+import com.jabiseo.auth.exception.AuthenticationErrorCode;
+import io.jsonwebtoken.*;
+import org.springframework.stereotype.Component;
+
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.RSAPublicKeySpec;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+
+@Component
+public class IdTokenJwtHandler {
+
+
+    public String findKidFromHeader(String jwt) {
+        try {
+            Jwt<Header, Claims> headerClaimsJwt = Jwts.parserBuilder()
+                    .build()
+                    .parseClaimsJwt(parseToken(jwt));
+            Header header = headerClaimsJwt.getHeader();
+            Object kid = header.get("kid");
+            if (kid == null) {
+                throw new AuthenticationBusinessException(AuthenticationErrorCode.INVALID_ID_TOKEN);
+            }
+
+            return (String) kid;
+        } catch (ExpiredJwtException e) {
+            throw new AuthenticationBusinessException(AuthenticationErrorCode.EXPIRED_ID_TOKEN);
+        } catch (Exception e) {
+            throw new AuthenticationBusinessException(AuthenticationErrorCode.INVALID_ID_TOKEN);
+        }
+    }
+
+    public Map<String, Object> validateAndExtractPayload(String idToken, OidcPublicKey publicKey, String aud, String issuer) {
+        try {
+            Jws<Claims> claimsJws = Jwts.parserBuilder()
+                    .requireAudience(aud)
+                    .requireIssuer(issuer)
+                    .setSigningKey(getRSAPublicKey(publicKey.getN(), publicKey.getE()))
+                    .build()
+                    .parseClaimsJws(idToken);
+
+            Claims body = claimsJws.getBody();
+            return new HashMap<>(body);
+        } catch (Exception e) {
+            throw new AuthenticationBusinessException(AuthenticationErrorCode.INVALID_ID_TOKEN);
+        }
+    }
+
+    private String parseToken(String token) {
+        String[] splitToken = token.split("\\.");
+        if (splitToken.length != 3) {
+            throw new AuthenticationBusinessException(AuthenticationErrorCode.INVALID_ID_TOKEN);
+        }
+        return splitToken[0] + "." + splitToken[1] + ".";
+    }
+
+    private Key getRSAPublicKey(String modulus, String exponent)
+            throws InvalidKeySpecException, NoSuchAlgorithmException {
+        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        byte[] decodeN = Base64.getUrlDecoder()
+                .decode(modulus);
+        byte[] decodeE = Base64.getUrlDecoder()
+                .decode(exponent);
+        BigInteger n = new BigInteger(1, decodeN);
+        BigInteger e = new BigInteger(1, decodeE);
+
+        RSAPublicKeySpec keySpec = new RSAPublicKeySpec(n, e);
+        return keyFactory.generatePublic(keySpec);
+    }
+}

jabiseo-api/src/main/java/com/jabiseo/auth/application/oidc/KakaoIdTokenValidator.java

@@ -0,0 +1,86 @@
+package com.jabiseo.auth.application.oidc;
+
+import com.jabiseo.cache.RedisCacheRepository;
+import com.jabiseo.client.KakaoKauthClient;
+import com.jabiseo.client.NetworkApiException;
+import com.jabiseo.client.OidcPublicKey;
+import com.jabiseo.client.OidcPublicKeyResponse;
+import com.jabiseo.auth.exception.AuthenticationBusinessException;
+import com.jabiseo.auth.exception.AuthenticationErrorCode;
+import com.jabiseo.auth.application.oidc.property.KakaoOidcProperty;
+import com.jabiseo.exception.CommonErrorCode;
+import com.jabiseo.member.domain.OauthServer;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+import java.util.Map;
+
+@Slf4j
+@Component
+public class KakaoIdTokenValidator extends AbstractIdTokenValidator {
+
+    private static final String KAKAO_ID_KEY = "sub";
+    private static final String KAKAO_EMAIL_KEY = "email";
+    private final KakaoKauthClient kakaoKauthClient;
+    private final RedisCacheRepository redisCacheRepository;
+    private static final String CACHE_KEY = "KAKAO_OIDC_PUBLIC_KEY";
+
+    public KakaoIdTokenValidator(KakaoOidcProperty kakaoOidcProperty, IdTokenJwtHandler idTokenJwtHandler, KakaoKauthClient kakaoKauthClient, RedisCacheRepository redisCacheRepository) {
+        super(kakaoOidcProperty.toIdTokenProperty(), idTokenJwtHandler);
+        this.kakaoKauthClient = kakaoKauthClient;
+        this.redisCacheRepository = redisCacheRepository;
+    }
+
+    @Override
+    protected OidcPublicKey getOidcPublicKey(String kid) {
+
+        List<OidcPublicKey> keys = redisCacheRepository.getPublicKeys(CACHE_KEY);
+        if (keys == null) {
+            keys = getOidcPublicKeyByKakaoClient();
+            redisCacheRepository.savePublicKey(CACHE_KEY, keys);
+        }
+
+        return keys.stream().filter((key) -> key.getKid().equals(kid))
+                .findAny()
+                .orElseThrow(() -> new AuthenticationBusinessException(AuthenticationErrorCode.INVALID_ID_TOKEN));
+    }
+
+    private List<OidcPublicKey> getOidcPublicKeyByKakaoClient() {
+        try {
+            ResponseEntity<OidcPublicKeyResponse> publicKeys = kakaoKauthClient.getPublicKeys();
+            return publicKeys.getBody().getKeys();
+        } catch (NetworkApiException e) {
+            log.error(e.getMessage());
+            throw new AuthenticationBusinessException(AuthenticationErrorCode.GET_JWK_FAIL);
+        }
+    }
+
+    @Override
+    protected OauthMemberInfo extractMemberInfoFromPayload(Map<String, Object> payload) {
+        String oauthId = (String) payload.get(KAKAO_ID_KEY);
+        String email = (String) payload.get(KAKAO_EMAIL_KEY);
+        if (requireValueIsNull(oauthId, email)) {
+            throw new AuthenticationBusinessException(CommonErrorCode.INTERNAL_SERVER_ERROR);
+        }
+
+        return OauthMemberInfo.builder()
+                .oauthId(oauthId)
+                .oauthServer(OauthServer.KAKAO)
+                .email(email)
+                .build();
+    }
+
+    @Override
+    OauthServer getOauthServer() {
+        return OauthServer.KAKAO;
+    }
+
+    /*
+     *  해당 예외가 발생하는건 카카오에서 프로퍼티 key 값을 바꾸지 않는 이상은 발생하지 않는다.
+     */
+    private boolean requireValueIsNull(String oauthId, String email) {
+        return oauthId == null || email == null;
+    }
+}