Merge pull request #78 from ConnectCo/fix/coupon

feat: 로그인 API 완료

Author: junseokkim

build.gradle

@@ -45,6 +45,7 @@ dependencies {
 	implementation 'io.jsonwebtoken:jjwt-impl:0.11.5'
 	implementation 'io.jsonwebtoken:jjwt-jackson:0.11.5'
 	implementation 'com.auth0:java-jwt:4.4.0'
+	implementation("com.nimbusds:nimbus-jose-jwt:9.37")
 
 	// WebClient
 	implementation 'org.springframework.boot:spring-boot-starter-webflux'

src/main/java/com/connectCo/domain/member/client/AppleMemberClient.java

@@ -0,0 +1,101 @@
+package com.connectCo.domain.member.client;
+
+import com.connectCo.global.exception.CustomApiException;
+import com.connectCo.global.exception.ErrorCode;
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWSObject;
+import com.nimbusds.jose.jwk.JWKSet;
+import com.nimbusds.jose.jwk.JWK;
+import com.nimbusds.jose.jwk.KeyUse;
+import com.nimbusds.jwt.SignedJWT;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import java.io.IOException;
+import java.net.URL;
+import java.security.PublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.text.ParseException;
+import java.time.Instant;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.concurrent.ConcurrentHashMap;
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class AppleMemberClient {
+
+    private static final String APPLE_PUBLIC_KEYS_URL = "https://appleid.apple.com/auth/keys";
+    @Value("${social.apple.client-id}")
+    private String APPLE_CLIENT_ID;
+    private static final long CACHE_TTL = 10 * 60 * 1000; // 10분
+
+    private volatile JWKSet cachedJwkSet;
+    private volatile long lastFetchedTime = 0;
+
+    public String getAppleUserId(String identityToken) {
+        try {
+            SignedJWT signedJWT = SignedJWT.parse(identityToken);
+            String keyId = signedJWT.getHeader().getKeyID();
+
+            // 애플 공개 키 가져오기 (캐싱 적용)
+            JWKSet jwkSet = getAppleJwkSet();
+            List<JWK> keys = jwkSet.getKeys();
+
+            // Key ID에 맞는 공개 키 찾기
+            JWK matchedKey = keys.stream()
+                .filter(k -> Objects.equals(k.getKeyID(), keyId) && k.getKeyUse() == KeyUse.SIGNATURE)
+                .findFirst()
+                .orElseThrow(() -> {
+                    log.warn("Apple public key not found for keyId: {}", keyId);
+                    return new CustomApiException(ErrorCode.INVALID_APPLE_TOKEN);
+                });
+
+            // 공개 키로 JWT 검증
+            PublicKey publicKey = matchedKey.toRSAKey().toPublicKey();
+            if (!signedJWT.verify(new com.nimbusds.jose.crypto.RSASSAVerifier((RSAPublicKey) publicKey))) {
+                log.warn("Apple identityToken signature verification failed");
+                throw new CustomApiException(ErrorCode.INVALID_APPLE_TOKEN);
+            }
+
+            // 만료 시간(exp) 검증
+            Instant expirationTime = signedJWT.getJWTClaimsSet().getExpirationTime().toInstant();
+            if (Instant.now().isAfter(expirationTime)) {
+                log.warn("Apple identityToken is expired");
+                throw new CustomApiException(ErrorCode.EXPIRED_APPLE_TOKEN);
+            }
+
+            // Audience(aud) 검증
+            String audience = signedJWT.getJWTClaimsSet().getAudience().get(0);
+            if (!APPLE_CLIENT_ID.equals(audience)) {
+                log.warn("Invalid Apple identityToken audience: {}", audience);
+                throw new CustomApiException(ErrorCode.INVALID_APPLE_TOKEN_AUDIENCE);
+            }
+
+            // 검증 후 'sub' 값 반환 (애플의 고유 사용자 ID)
+            return signedJWT.getJWTClaimsSet().getSubject();
+
+        } catch (ParseException | JOSEException | IOException e) {
+            log.error("AppleMemberClient.getAppleUserId() error", e);
+            throw new CustomApiException(ErrorCode.INVALID_APPLE_TOKEN);
+        }
+    }
+
+    private JWKSet getAppleJwkSet() throws IOException, ParseException {
+        long currentTime = System.currentTimeMillis();
+        if (cachedJwkSet == null || currentTime - lastFetchedTime > CACHE_TTL) {
+            synchronized (this) {
+                if (cachedJwkSet == null || currentTime - lastFetchedTime > CACHE_TTL) {
+                    cachedJwkSet = JWKSet.load(new URL(APPLE_PUBLIC_KEYS_URL));
+                    lastFetchedTime = currentTime;
+                    log.info("Fetched new Apple public keys from {}", APPLE_PUBLIC_KEYS_URL);
+                }
+            }
+        }
+        return cachedJwkSet;
+    }
+}

src/main/java/com/connectCo/domain/member/client/GoogleMemberClient.java

@@ -1,18 +1,31 @@
 package com.connectCo.domain.member.client;
 
-import com.auth0.jwt.JWT;
-import com.auth0.jwt.interfaces.DecodedJWT;
+import com.connectCo.domain.member.dto.client.GoogleMemberResponse;
+import com.connectCo.global.exception.CustomApiException;
+import com.connectCo.global.exception.ErrorCode;
 import org.springframework.stereotype.Component;
+import org.springframework.web.reactive.function.client.WebClient;
 
 @Component
 public class GoogleMemberClient {
 
+    private final WebClient webClient;
+
+    public GoogleMemberClient(WebClient.Builder webClientBuilder) {
+        this.webClient = webClientBuilder.build();
+    }
+
     public String getGoogleUserId(String idToken) {
-        try {
-            DecodedJWT decodedJWT = JWT.decode(idToken);
-            return decodedJWT.getClaim("sub").asString(); // 사용자 고유 ID 반환
-        } catch (Exception e) {
-            throw new RuntimeException("Invalid Google ID Token", e);
+        GoogleMemberResponse response = webClient.get()
+            .uri("https://oauth2.googleapis.com/tokeninfo?id_token=" + idToken)
+            .retrieve()
+            .bodyToMono(GoogleMemberResponse.class)
+            .block();
+
+        if (response != null) {
+            return response.getSub(); // 사용자 고유 ID 반환
         }
+
+        throw new CustomApiException(ErrorCode.INVALID_GOOGLE_TOKEN);
     }
 }

src/main/java/com/connectCo/domain/member/client/KakaoMemberClient.java

@@ -12,21 +12,38 @@ public class KakaoMemberClient {
     private final WebClient webClient;
 
     public KakaoMemberClient(WebClient.Builder webClientBuilder) {
-        this.webClient = webClientBuilder
-                .baseUrl("https://kapi.kakao.com/v2/user/me")
-                .build();
+        this.webClient = webClientBuilder.build();
     }
 
     public String getKakaoUserId(String accessToken) {
+        // 🔹 1. accessToken 검증 (유효하지 않으면 예외 발생)
+        validateKakaoToken(accessToken);
+
+        // 🔹 2. 사용자 정보 가져오기
         KakaoMemberResponse response = webClient
-                .get()
-                .header("Authorization", "Bearer " + accessToken)
-                .retrieve()
-                .bodyToMono(KakaoMemberResponse.class)
-                .block();
-        if(response != null) {
+            .get()
+            .uri("https://kapi.kakao.com/v2/user/me")
+            .header("Authorization", "Bearer " + accessToken)
+            .retrieve()
+            .bodyToMono(KakaoMemberResponse.class)
+            .block();
+
+        if (response != null) {
             return response.getId();
         }
         throw new CustomApiException(ErrorCode.INVALID_KAKAO_TOKEN);
     }
+
+    private void validateKakaoToken(String accessToken) {
+        try {
+            webClient.get()
+                .uri("https://kapi.kakao.com/v1/user/access_token_info")
+                .header("Authorization", "Bearer " + accessToken)
+                .retrieve()
+                .toBodilessEntity()
+                .block();  // 🔹 토큰이 유효하지 않으면 여기서 예외 발생
+        } catch (Exception e) {
+            throw new CustomApiException(ErrorCode.INVALID_KAKAO_TOKEN);
+        }
+    }
 }

src/main/java/com/connectCo/domain/member/dto/client/GoogleMemberResponse.java

@@ -1,13 +1,13 @@
 package com.connectCo.domain.member.dto.client;
 
-import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 
 @Getter
 @NoArgsConstructor
-@AllArgsConstructor
 public class GoogleMemberResponse {
     private String sub;
-    private String name;
+    private String aud;
+    private String iss;
+    private String email;
 }

src/main/java/com/connectCo/domain/member/service/AuthServiceImpl.java

@@ -3,6 +3,7 @@
 import com.connectCo.config.security.jwt.JwtToken;
 import com.connectCo.config.security.jwt.JwtTokenProvider;
 import com.connectCo.config.security.jwt.RefreshTokenInfo;
+import com.connectCo.domain.member.client.AppleMemberClient;
 import com.connectCo.domain.member.client.GoogleMemberClient;
 import com.connectCo.domain.member.client.KakaoMemberClient;
 import com.connectCo.domain.member.client.NaverMemberClient;
@@ -33,6 +34,7 @@ public class AuthServiceImpl implements AuthService{
     private final NaverMemberClient naverMemberClient;
     private final KakaoMemberClient kakaoMemberClient;
     private final GoogleMemberClient googleMemberClient;
+    private final AppleMemberClient appleMemberClient;
 
     private final AuthMapper authMapper;
     private final MemberRepository memberRepository;
@@ -126,7 +128,8 @@ private String getClientIdByProvider(String accessToken, LoginType provider) {
             case NAVER -> naverMemberClient.getNaverUserId(accessToken);
             case KAKAO -> kakaoMemberClient.getKakaoUserId(accessToken);
             case GOOGLE -> googleMemberClient.getGoogleUserId(accessToken);
-            default -> throw new IllegalArgumentException("지원하지 않는 LoginType입니다: " + provider);
+            case APPLE -> appleMemberClient.getAppleUserId(accessToken);
+            default -> throw new CustomApiException(ErrorCode.INVALID_LOGIN_TYPE);
         };
     }
 

src/main/java/com/connectCo/global/exception/ErrorCode.java

@@ -31,10 +31,14 @@ public enum  ErrorCode {
     INVALID_LOCATION(HttpStatus.BAD_REQUEST, "MAP01", "잘못된 위치 정보입니다."),
     INVALID_RADIUS(HttpStatus.BAD_REQUEST, "MAP02", "반경은 양의 정수 값이어야 합니다."),
 
-    // Auth
+    // Login
     INVALID_GOOGLE_TOKEN(HttpStatus.BAD_REQUEST, "AUTH401", "잘못된 구글 토큰입니다."),
     INVALID_KAKAO_TOKEN(HttpStatus.BAD_REQUEST, "AUTH402", "잘못된 카카오 토큰입니다."),
     INVALID_NAVER_TOKEN(HttpStatus.BAD_REQUEST, "AUTH403", "잘못된 네이버 토큰입니다."),
+    INVALID_APPLE_TOKEN(HttpStatus.BAD_REQUEST, "AUTH404", "잘못된 애플 토큰입니다."),
+    INVALID_LOGIN_TYPE(HttpStatus.BAD_REQUEST, "AUTH405", "잘못된 로그인 타입입니다."),
+    EXPIRED_APPLE_TOKEN(HttpStatus.BAD_REQUEST, "AUTH406", "만료된 애플 토큰입니다."),
+    INVALID_APPLE_TOKEN_AUDIENCE(HttpStatus.BAD_REQUEST, "AUTH407", "잘못된 애플 토큰 audience입니다."),
 
     // Member
     USER_NOT_FOUND(HttpStatus.NOT_FOUND, "MEMBER401", "사용자를 찾을 수 없습니다."),