[Hotfix] 소셜 로그린 콜백 설정

Author: nsh0919

devicelife-api/src/main/java/com/devicelife/devicelife_api/common/config/SecurityConfig.java

@@ -3,6 +3,7 @@
 import com.devicelife.devicelife_api.common.security.InternalTokenAuthFilter;
 import com.devicelife.devicelife_api.common.security.JwtAuthFilter;
 import com.devicelife.devicelife_api.common.security.JwtUtil;
+import com.devicelife.devicelife_api.common.security.oauth2.CustomAuthorizationRequestResolver;
 import com.devicelife.devicelife_api.common.security.oauth2.OAuth2SuccessHandler;
 import com.devicelife.devicelife_api.common.security.oauth2.OAuth2UserProviderRouter;
 import com.devicelife.devicelife_api.service.auth.CustomUserDetailsService;
@@ -17,6 +18,11 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
+import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
+import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.expression.WebExpressionAuthorizationManager;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -34,16 +40,28 @@ public class SecurityConfig {
     private final CustomUserDetailsService customUserDetailsService;
     private final OAuth2UserProviderRouter oAuth2UserProviderRouter;
     private final OAuth2SuccessHandler oAuth2SuccessHandler;
+    private final ClientRegistrationRepository clientRegistrationRepository;
 
     @Value("${INTERNAL_API_TOKEN}")
     private String internalApiToken;
 
+    @Bean
+    public AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository() {
+        return new HttpSessionOAuth2AuthorizationRequestRepository();
+    }
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+
+        DefaultOAuth2AuthorizationRequestResolver defaultResolver =
+                new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository, "/oauth2/authorization");
+        CustomAuthorizationRequestResolver customResolver =
+                new CustomAuthorizationRequestResolver(defaultResolver);
+
         http
                 .csrf(csrf -> csrf.disable())
                 .cors(cors -> cors.configurationSource(corsConfigurationSource()))
-                .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED))
                 .formLogin((auth) -> auth.disable())
                 .httpBasic((auth) -> auth.disable())
                 .addFilterBefore(internalTokenAuthFilter(), UsernamePasswordAuthenticationFilter.class)
@@ -85,6 +103,10 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         }))
 
                 .oauth2Login(oauth2 -> oauth2
+                        .authorizationEndpoint(auth -> auth
+                                .authorizationRequestRepository(authorizationRequestRepository())
+                                .authorizationRequestResolver(customResolver)
+                        )
                         .userInfoEndpoint(userInfo -> userInfo
                                 .userService(oAuth2UserProviderRouter) // 사용자 정보 받아오기
                         )

devicelife-api/src/main/java/com/devicelife/devicelife_api/common/security/oauth2/CustomAuthorizationRequestResolver.java

@@ -0,0 +1,45 @@
+package com.devicelife.devicelife_api.common.security.oauth2;
+
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+
+import java.util.HashMap;
+import java.util.Map;
+
+@RequiredArgsConstructor
+public class CustomAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
+
+    private final OAuth2AuthorizationRequestResolver delegate;
+
+    @Override
+    public OAuth2AuthorizationRequest resolve(HttpServletRequest request) {
+        OAuth2AuthorizationRequest authRequest = delegate.resolve(request);
+        return customize(request, authRequest);
+    }
+
+    @Override
+    public OAuth2AuthorizationRequest resolve(HttpServletRequest request, String clientRegistrationId) {
+        OAuth2AuthorizationRequest authRequest = delegate.resolve(request, clientRegistrationId);
+        return customize(request, authRequest);
+    }
+
+    private OAuth2AuthorizationRequest customize(HttpServletRequest request, OAuth2AuthorizationRequest authRequest) {
+        if (authRequest == null) return null;
+
+        String redirectUri = request.getParameter("redirect_uri");
+
+        // redirect_uri가 없으면 그대로(= 기본 흐름)
+        if (redirectUri == null || redirectUri.isBlank()) {
+            return authRequest;
+        }
+
+        Map<String, Object> additional = new HashMap<>(authRequest.getAdditionalParameters());
+        additional.put("redirect_uri", redirectUri);
+
+        return OAuth2AuthorizationRequest.from(authRequest)
+                .additionalParameters(additional)
+                .build();
+    }
+}

devicelife-api/src/main/java/com/devicelife/devicelife_api/common/security/oauth2/OAuth2SuccessHandler.java

@@ -16,13 +16,16 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseCookie;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.util.UriComponentsBuilder;
 
 import java.io.IOException;
+import java.net.URI;
 
 import static com.devicelife.devicelife_api.common.response.SuccessCode.*;
 import static org.springframework.http.HttpHeaders.SET_COOKIE;
@@ -36,6 +39,8 @@ public class OAuth2SuccessHandler implements AuthenticationSuccessHandler {
     private final RefreshTokenRepository refreshTokenRepository;
     private final SHA256 sha256;
 
+    private final AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository;
+
     @Override
     @Transactional
     public void onAuthenticationSuccess(HttpServletRequest request,
@@ -44,10 +49,6 @@ public void onAuthenticationSuccess(HttpServletRequest request,
             throws IOException {
         CustomUserDetails userDetails = (CustomUserDetails) authentication.getPrincipal();
 
-        String resultStr = (String) userDetails.getAttributes().get("oauth_result");
-        OAuthResult result = (resultStr == null) ? OAuthResult.EXISTING_SOCIAL : OAuthResult.valueOf(resultStr);
-
-
         User user = userDetails.getUser();
         String accessToken = jwtUtil.createAccessToken(userDetails);
         String refreshToken = jwtUtil.createRefreshToken(userDetails);
@@ -57,48 +58,71 @@ public void onAuthenticationSuccess(HttpServletRequest request,
                         .user(user)
                 .build());
 
-        String redirectUri = request.getParameter("redirect_uri");
+        OAuth2AuthorizationRequest authRequest =
+                authorizationRequestRepository.removeAuthorizationRequest(request, response);
+
+        String redirectUri = null;
+        if (authRequest != null && authRequest.getAdditionalParameters() != null) {
+            Object v = authRequest.getAdditionalParameters().get("redirect_uri");
+            redirectUri = (v == null) ? null : String.valueOf(v);
+        }
         String target = resolveTarget(redirectUri);
 
-        // 로컬 여부 판단(redirect_uri 기준)
-        boolean isLocal = target.startsWith("http://localhost:5173");
+        boolean isLocal = isLocalTarget(target);
+
+        ResponseCookie refreshCookie = buildRefreshCookie(refreshToken, isLocal);
+
+        response.addHeader(SET_COOKIE, refreshCookie.toString());
+        response.sendRedirect(target);
+    }
 
-        ResponseCookie refreshCookie;
+    private boolean isLocalTarget(String target) {
+        try {
+            URI uri = URI.create(target);
+            String host = uri.getHost();
+            int port = uri.getPort();
+
+            // localhost:5173 / 127.0.0.1:5173 둘 다 허용
+            boolean isLocalHost = "localhost".equalsIgnoreCase(host) || "127.0.0.1".equals(host);
+            return isLocalHost && port == 5173;
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    private ResponseCookie buildRefreshCookie(String refreshToken, boolean isLocal) {
         if (isLocal) {
-            // 로컬(http) 개발용: SameSite=Lax + Secure=false + Domain 미설정
-            refreshCookie = ResponseCookie.from("refreshToken", refreshToken)
+            // 로컬(http) 개발용
+            return ResponseCookie.from("refreshToken", refreshToken)
                     .httpOnly(true)
                     .secure(false)
                     .sameSite("Lax")
                     .path("/")
                     .maxAge(60L * 60 * 24 * 30) // 30일
                     .build();
-        } else {
-            // 운영(https)용: SameSite=None + Secure=true + Domain 설정
-            refreshCookie = ResponseCookie.from("refreshToken", refreshToken)
-                    .httpOnly(true)
-                    .secure(true)
-                    .sameSite("None")
-                    .domain(".devicelife.site")
-                    .path("/")
-                    .maxAge(60L * 60 * 24 * 30) // 30일
-                    .build();
         }
 
-        response.sendRedirect(target);
+        // 운영(https)용
+        return ResponseCookie.from("refreshToken", refreshToken)
+                .httpOnly(true)
+                .secure(true)
+                .sameSite("None")
+                .domain(".devicelife.site")
+                .path("/")
+                .maxAge(60L * 60 * 24 * 30) // 30일
+                .build();
     }
 
     private String resolveTarget(String redirectUri) {
-        // 기본값: 운영 프론트
         String defaultTarget = "https://devicelife.site/auth/callback/google";
 
         if (redirectUri == null || redirectUri.isBlank()) {
             return defaultTarget;
         }
 
-        // 허용된 프론트만 리다이렉트
         if (redirectUri.startsWith("https://devicelife.site")
-                || redirectUri.startsWith("http://localhost:5173")) {
+                || redirectUri.startsWith("http://localhost:5173")
+                || redirectUri.startsWith("http://127.0.0.1:5173")) {
             return redirectUri;
         }