[🚌 Issue] dev api 로그인 요청 위치에 따라 redirect url 변환

backend/application/api/src/main/kotlin/io/raemian/api/support/limiter/CheeringLimiter.kt → backend/application/api/src/main/kotlin/io/raemian/api/cheer/service/CheeringLimiter.kt

@@ -1,4 +1,4 @@
-package io.raemian.api.support.limiter
+package io.raemian.api.cheer.service
 
 import com.github.benmanes.caffeine.cache.Caffeine
 import org.springframework.stereotype.Component

backend/application/api/src/main/kotlin/io/raemian/api/cheer/service/CheeringService.kt

@@ -7,7 +7,6 @@ import io.raemian.api.cheer.model.CheeringCountResult
 import io.raemian.api.event.model.CheeredEvent
 import io.raemian.api.support.exception.CoreApiException
 import io.raemian.api.support.exception.ErrorInfo
-import io.raemian.api.support.limiter.CheeringLimiter
 import io.raemian.api.support.response.CursorPaginationResult
 import io.raemian.storage.db.core.cheer.CheerJdbcQueryRepository
 import io.raemian.storage.db.core.cheer.Cheerer

backend/application/api/src/main/kotlin/io/raemian/api/config/WebSecurityConfig.kt

@@ -4,14 +4,13 @@ import io.raemian.api.auth.converter.TokenRequestEntityConverter
 import io.raemian.api.auth.model.CurrentUser
 import io.raemian.api.auth.service.OAuth2UserService
 import io.raemian.api.support.constant.WebSecurityConstant
+import io.raemian.api.support.security.LoginRedirector
 import io.raemian.api.support.security.StateOAuth2AuthorizationRequestRepository
 import io.raemian.api.support.security.TokenProvider
 import jakarta.servlet.http.HttpServletResponse
 import org.slf4j.LoggerFactory
-import org.springframework.beans.factory.annotation.Value
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
-import org.springframework.http.MediaType
 import org.springframework.security.config.annotation.SecurityConfigurerAdapter
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
@@ -25,16 +24,14 @@ import org.springframework.security.web.DefaultSecurityFilterChain
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 import org.springframework.web.filter.CorsFilter
-import java.nio.charset.StandardCharsets
 
 @Configuration
 @EnableWebSecurity
 class WebSecurityConfig(
     private val corsFilter: CorsFilter,
     private val tokenProvider: TokenProvider,
     private val oAuth2UserService: OAuth2UserService,
-    @Value("\${spring.profiles.active:local}")
-    private val profile: String,
+    private val loginRedirector: LoginRedirector,
     private val tokenRequestEntityConverter: TokenRequestEntityConverter,
     private val httpCookieOAuth2AuthorizationRequestRepository: StateOAuth2AuthorizationRequestRepository,
 ) : SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity>() {
@@ -66,23 +63,9 @@ class WebSecurityConfig(
                 it.authorizationEndpoint { it.authorizationRequestRepository(httpCookieOAuth2AuthorizationRequestRepository) }
                 it.successHandler { request, response, authentication ->
                     val user = authentication.principal as CurrentUser
-                    response.contentType = MediaType.APPLICATION_JSON_VALUE
-                    response.characterEncoding = StandardCharsets.UTF_8.name()
-
-                    val tokenDTO = tokenProvider.generateTokenDto(user)
-                    response.setHeader("x-token", tokenDTO.accessToken)
-                    log.info("x-token access ${tokenDTO.accessToken}")
-
-                    // TODO edit redirect url
-                    val referer = request.getHeader("referer")
-                    val redirectUrl =
-                        if (profile == "live") {
-                            "https://bandiboodi.com/oauth2/token"
-                        } else {
-                            "http://localhost:3000/oauth2/token"
-                        }
-
-                    response.sendRedirect("$redirectUrl?token=${tokenDTO.accessToken}&refresh=${tokenDTO.refreshToken}")
+                    val token = tokenProvider.generateTokenDto(user)
+                    val redirectUrl = loginRedirector.getUrl(request.getParameter("state"), token)
+                    response.sendRedirect(redirectUrl)
                 }
                 it.failureHandler { request, response, exception ->
                     log.error("x-token error ${exception.message}")

backend/application/api/src/main/kotlin/io/raemian/api/support/security/LoginRedirector.kt

@@ -0,0 +1,29 @@
+package io.raemian.api.support.security
+
+import io.raemian.api.auth.model.Token
+import org.slf4j.LoggerFactory
+import org.springframework.stereotype.Component
+
+@Component
+class LoginRedirector(
+    val profilePlaceHolder: ProfileHolder,
+    val redirectUrlHolder: RedirectUrlHolder,
+    val loginRequestRefererStorage: LoginRequestRefererStorage,
+) {
+    private val log = LoggerFactory.getLogger(javaClass)
+
+    fun getUrl(state: String, token: Token): String {
+        if (profilePlaceHolder.isLive()) {
+            return "${redirectUrlHolder.live}?token=${token.accessToken}&refresh=${token.refreshToken}"
+        }
+
+        val referer = loginRequestRefererStorage.get(state)
+        log.info("get referer: {}", referer)
+
+        if (profilePlaceHolder.isDev() && referer.contains("dev-bandiboodi")) {
+            return "${redirectUrlHolder.dev}?token=${token.accessToken}&refresh=${token.refreshToken}"
+        }
+
+        return "${redirectUrlHolder.local}?token=${token.accessToken}&refresh=${token.refreshToken}"
+    }
+}

backend/application/api/src/main/kotlin/io/raemian/api/support/security/LoginRequestRefererStorage.kt

@@ -0,0 +1,24 @@
+package io.raemian.api.support.security
+
+import com.github.benmanes.caffeine.cache.Caffeine
+import org.springframework.stereotype.Component
+import java.util.concurrent.TimeUnit
+
+@Component
+class LoginRequestRefererStorage {
+    private val timedStorage = Caffeine.newBuilder()
+        .expireAfterWrite(60L, TimeUnit.SECONDS)
+        .build<String, String>()
+
+    fun put(state: String, referer: String?) {
+        if (referer.isNullOrBlank()) {
+            return
+        } else {
+            timedStorage.put(state, referer)
+        }
+    }
+
+    fun get(state: String): String {
+        return timedStorage.getIfPresent(state) ?: ""
+    }
+}

backend/application/api/src/main/kotlin/io/raemian/api/support/security/ProfileHolder.kt

@@ -0,0 +1,18 @@
+package io.raemian.api.support.security
+
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.stereotype.Component
+
+@Component
+class ProfileHolder(
+    @Value("\${spring.profiles.active:local}")
+    private val profile: String,
+) {
+    fun isLive(): Boolean {
+        return ProfileType.fromString(profile) == ProfileType.LIVE
+    }
+
+    fun isDev(): Boolean {
+        return ProfileType.fromString(profile) == ProfileType.DEV
+    }
+}

backend/application/api/src/main/kotlin/io/raemian/api/support/security/ProfileType.kt

@@ -0,0 +1,17 @@
+package io.raemian.api.support.security
+
+enum class ProfileType(
+    value: String,
+) {
+    LIVE("live"),
+    DEV("dev"),
+    LOCAL("local"), ;
+    companion object {
+        fun fromString(value: String): ProfileType =
+            when (value) {
+                "live" -> LIVE
+                "dev" -> DEV
+                else -> LOCAL
+            }
+    }
+}

backend/application/api/src/main/kotlin/io/raemian/api/support/security/RedirectUrlHolder.kt

@@ -0,0 +1,10 @@
+package io.raemian.api.support.security
+
+import org.springframework.boot.context.properties.ConfigurationProperties
+
+@ConfigurationProperties(prefix = "redirect-url")
+data class RedirectUrlHolder(
+    val live: String,
+    val dev: String,
+    val local: String,
+)

backend/application/api/src/main/kotlin/io/raemian/api/support/security/StateOAuth2AuthorizationRequestRepository.kt

@@ -4,13 +4,19 @@ import com.github.benmanes.caffeine.cache.Cache
 import com.github.benmanes.caffeine.cache.Caffeine
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
+import org.slf4j.LoggerFactory
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
 import org.springframework.stereotype.Component
 import java.util.concurrent.TimeUnit
 
 @Component
-class StateOAuth2AuthorizationRequestRepository() : AuthorizationRequestRepository<OAuth2AuthorizationRequest> {
+class StateOAuth2AuthorizationRequestRepository(
+    val profilePlaceHolder: ProfileHolder,
+    val loginRequestRefererStorage: LoginRequestRefererStorage,
+) : AuthorizationRequestRepository<OAuth2AuthorizationRequest> {
+    private val log = LoggerFactory.getLogger(javaClass)
+
     private val oauthRequestStorage: Cache<String, OAuth2AuthorizationRequest> = Caffeine.newBuilder()
         .expireAfterWrite(60L, TimeUnit.SECONDS)
         .build()
@@ -25,6 +31,12 @@ class StateOAuth2AuthorizationRequestRepository() : AuthorizationRequestReposito
         response: HttpServletResponse,
     ) {
         if (authorizationRequest != null) {
+            /*** for frontend dev test ***/
+            if (profilePlaceHolder.isDev()) {
+                log.info("save referer: {}", request.getParameter("referer"))
+                loginRequestRefererStorage.put(authorizationRequest.state, request.getParameter("referer"))
+            }
+
             oauthRequestStorage.put(authorizationRequest.state, authorizationRequest)
         }
     }

backend/application/api/src/main/resources/application-security-dev.yml

@@ -13,6 +13,11 @@ apple-login:
   team-id: ENC(jzk4UvjfcLerYSo05oJ8vNGGxgt4SLuS)
   key-id: ENC(T/yX80PVdBkgQcFkOs/H2dFgAuBKDeNR)
 
+redirect-url:
+  live: ENC(n7sXFCoABK2wVGKkMdhVLJEtvfHXtds+NwvpxWntSnYArf3DGN2cFbKlCR9hIACj)
+  dev: ENC(ZOWsz9hwBfF4yJrxHevHshhkGZqYuS9XyoFFLQQea473KOSJoKg2zMgHOGXkoGGz8jZ3Zc4rnQE=)
+  local: ENC(LxpM8W1yvAXRpin++amkeEhqGXro90Y2E3tQgD4EzOJnOZfBVKST3TF/0T3CqvZZ)
+
 
 spring:
   security:

backend/application/api/src/main/resources/application-security-live.yml

@@ -12,6 +12,11 @@ apple-login:
   team-id: ENC(jzk4UvjfcLerYSo05oJ8vNGGxgt4SLuS)
   key-id: ENC(T/yX80PVdBkgQcFkOs/H2dFgAuBKDeNR)
 
+redirect-url:
+  live: ENC(n7sXFCoABK2wVGKkMdhVLJEtvfHXtds+NwvpxWntSnYArf3DGN2cFbKlCR9hIACj)
+  dev: ENC(ZOWsz9hwBfF4yJrxHevHshhkGZqYuS9XyoFFLQQea473KOSJoKg2zMgHOGXkoGGz8jZ3Zc4rnQE=)
+  local: ENC(LxpM8W1yvAXRpin++amkeEhqGXro90Y2E3tQgD4EzOJnOZfBVKST3TF/0T3CqvZZ)
+
 spring:
   security:
     oauth2:

backend/application/api/src/main/resources/application-security-local.yml

@@ -12,6 +12,11 @@ apple-login:
   team-id: ENC(jzk4UvjfcLerYSo05oJ8vNGGxgt4SLuS)
   key-id: ENC(T/yX80PVdBkgQcFkOs/H2dFgAuBKDeNR)
 
+redirect-url:
+  live: ENC(n7sXFCoABK2wVGKkMdhVLJEtvfHXtds+NwvpxWntSnYArf3DGN2cFbKlCR9hIACj)
+  dev: ENC(ZOWsz9hwBfF4yJrxHevHshhkGZqYuS9XyoFFLQQea473KOSJoKg2zMgHOGXkoGGz8jZ3Zc4rnQE=)
+  local: ENC(LxpM8W1yvAXRpin++amkeEhqGXro90Y2E3tQgD4EzOJnOZfBVKST3TF/0T3CqvZZ)
+
 
 spring:
   security:

backend/application/api/src/main/resources/application-security-test.yml

@@ -13,6 +13,11 @@ apple-login:
   team-id: EMPTY-VALUE
   key-id: EMPTY-VALUE
 
+redirect-url:
+  live: EMPTY-VALUE
+  dev: EMPTY-VALUE
+  local: EMPTY-VALUE
+
 spring:
   security:
     oauth2:
@@ -62,7 +67,7 @@ spring:
             redirect-uri: EMPTY-VALUE
             authorizationGrantType: authorization_code
             clientAuthenticationMethod: POST
-            clientName: pple
+            clientName: apple
             scope:
               - email
               - name