-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
255 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
src/main/java/com/tune/server/dto/apple/AppleAuthTokenDto.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| package com.tune.server.dto.apple; | ||
|
|
||
| import lombok.*; | ||
|
|
||
| @Getter | ||
| @NoArgsConstructor | ||
| @AllArgsConstructor | ||
| @Builder | ||
| @ToString | ||
| public class AppleAuthTokenDto { | ||
| private String access_token; | ||
| private String token_type; | ||
| private String expires_in; | ||
| private String refresh_token; | ||
| private String id_token; | ||
|
|
||
| @Setter | ||
| private String user_id; | ||
| } |
13 changes: 13 additions & 0 deletions
13
src/main/java/com/tune/server/dto/request/AppleLoginRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| package com.tune.server.dto.request; | ||
|
|
||
| import lombok.*; | ||
|
|
||
| @Getter | ||
| @Builder | ||
| @ToString | ||
| @NoArgsConstructor | ||
| @AllArgsConstructor | ||
| public class AppleLoginRequest { | ||
| private String authorizationCode; | ||
| private String user; | ||
| } |
167 changes: 167 additions & 0 deletions
167
src/main/java/com/tune/server/filter/AppleLoginFilter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,167 @@ | ||
| package com.tune.server.filter; | ||
|
|
||
| import com.fasterxml.jackson.databind.ObjectMapper; | ||
| import com.tune.server.domain.Member; | ||
| import com.tune.server.dto.apple.AppleAuthTokenDto; | ||
| import com.tune.server.dto.request.AppleLoginRequest; | ||
| import com.tune.server.dto.response.FullTokenResponse; | ||
| import com.tune.server.exceptions.login.TokenNotFoundException; | ||
| import com.tune.server.service.member.MemberService; | ||
| import com.tune.server.util.JwtUtil; | ||
| import io.jsonwebtoken.Jwts; | ||
| import io.jsonwebtoken.SignatureAlgorithm; | ||
| import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; | ||
| import org.bouncycastle.openssl.PEMParser; | ||
| import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; | ||
| import org.springframework.beans.factory.annotation.Value; | ||
| import org.springframework.boot.web.client.RestTemplateBuilder; | ||
| import org.springframework.http.HttpEntity; | ||
| import org.springframework.http.HttpHeaders; | ||
| import org.springframework.http.MediaType; | ||
| import org.springframework.http.ResponseEntity; | ||
| import org.springframework.util.LinkedMultiValueMap; | ||
| import org.springframework.util.MultiValueMap; | ||
| import org.springframework.web.client.HttpClientErrorException; | ||
| import org.springframework.web.client.RestTemplate; | ||
| import org.springframework.web.filter.OncePerRequestFilter; | ||
|
|
||
| import javax.servlet.FilterChain; | ||
| import javax.servlet.ServletException; | ||
| import javax.servlet.http.HttpServletRequest; | ||
| import javax.servlet.http.HttpServletResponse; | ||
| import java.io.IOException; | ||
| import java.io.Reader; | ||
| import java.io.StringReader; | ||
| import java.security.PrivateKey; | ||
| import java.util.Collections; | ||
| import java.util.Date; | ||
|
|
||
| public class AppleLoginFilter extends OncePerRequestFilter { | ||
| private final String SIGNUP_URI; | ||
| private final String APPLE_TOKEN_URI = "https://appleid.apple.com/auth/token"; | ||
| private final String APPLE_AUDIENCE_URI = "https://appleid.apple.com"; | ||
| private final ObjectMapper objectMapper; | ||
| private final MemberService memberService; | ||
|
|
||
| @Value("${external.apple.clientId}") | ||
| private String clientId; | ||
|
|
||
| @Value("${external.apple.teamId}") | ||
| private String teamId; | ||
|
|
||
| @Value("${external.apple.keyId}") | ||
| private String keyId; | ||
|
|
||
| @Value("${external.apple.privateKey}") | ||
| private String appleSignKey; | ||
|
|
||
| public AppleLoginFilter(String signupUri, ObjectMapper objectMapper, MemberService memberService) { | ||
| this.SIGNUP_URI = signupUri; | ||
| this.objectMapper = objectMapper; | ||
| this.memberService = memberService; | ||
| } | ||
|
|
||
| @Override | ||
| protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { | ||
| if (request.getRequestURI().equals(SIGNUP_URI) && request.getMethod().equals("POST")) { | ||
| // 1. AppleLoginRequest 파싱 | ||
| AppleLoginRequest appleLoginRequest = getAppleLoginRequest(request); | ||
|
|
||
| // 2. Apple JWT 생성 및 검증 | ||
| AppleAuthTokenDto appleAuthTokenDto = getAppleAuthTokenDto(appleLoginRequest); | ||
| appleAuthTokenDto.setUser_id(appleAuthTokenDto.getUser_id()); | ||
|
|
||
| // 3. 회원정보로 로그인/회원가입 | ||
| if (!memberService.isExistMember(appleAuthTokenDto)) { | ||
| // 회원가입 | ||
| if (!memberService.signUp(appleAuthTokenDto)) { | ||
| throw new InternalError("회원가입에 실패했습니다."); | ||
| } | ||
| } | ||
|
|
||
| // 4. JWT 토큰 발급 | ||
| Member member = memberService.getMember(appleAuthTokenDto); | ||
| FullTokenResponse fullTokenResponse = FullTokenResponse | ||
| .builder() | ||
| .access_token(JwtUtil.generateJwt(member)) | ||
| .refresh_token(member.getRefreshToken()) | ||
| .build(); | ||
|
|
||
| // 5. 응답 | ||
| response.setContentType("application/json"); | ||
| response.setCharacterEncoding("UTF-8"); | ||
| response.getWriter().write(objectMapper.writeValueAsString(fullTokenResponse)); | ||
| return; | ||
| } | ||
|
|
||
| filterChain.doFilter(request, response); | ||
| } | ||
|
|
||
| private AppleAuthTokenDto getAppleAuthTokenDto(AppleLoginRequest appleLoginRequest) { | ||
| RestTemplate restTemplate = new RestTemplateBuilder().build(); | ||
|
|
||
| MultiValueMap<String, String> params = new LinkedMultiValueMap<>(); | ||
| params.add("code", appleLoginRequest.getAuthorizationCode()); | ||
| params.add("client_id", teamId); | ||
| params.add("client_secret", generateAppleSignKey()); | ||
| params.add("grant_type", "authorization_code"); | ||
|
|
||
| HttpHeaders headers = new HttpHeaders(); | ||
| headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); | ||
| headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON)); | ||
| HttpEntity<MultiValueMap<String, String>> httpEntity = new HttpEntity<>(params, headers); | ||
|
|
||
| try { | ||
| ResponseEntity<AppleAuthTokenDto> response = restTemplate.postForEntity(APPLE_TOKEN_URI, httpEntity, AppleAuthTokenDto.class); | ||
| return response.getBody(); | ||
| } catch (HttpClientErrorException e) { | ||
| throw new IllegalArgumentException("Apple Auth Token Error"); | ||
| } | ||
| } | ||
|
|
||
| private String generateAppleSignKey() { | ||
| try { | ||
| PrivateKey privateKey = getPrivateKey(); | ||
| return Jwts.builder() | ||
| .setHeaderParam("kid", keyId) | ||
| .setHeaderParam("alg", "ES256") | ||
| .setIssuer(teamId) | ||
| .setIssuedAt(new Date()) | ||
| .setAudience(APPLE_AUDIENCE_URI) | ||
| .setExpiration(new Date(System.currentTimeMillis() + 86400000)) | ||
| .setSubject(clientId) | ||
| .signWith(privateKey, SignatureAlgorithm.ES256) | ||
| .compact(); | ||
| } catch (Exception e) { | ||
| throw new IllegalArgumentException("Apple Sign Key Error"); | ||
| } | ||
| } | ||
|
|
||
| private AppleLoginRequest getAppleLoginRequest(HttpServletRequest request) { | ||
| try { | ||
| AppleLoginRequest appleLoginRequest = objectMapper.readValue(request.getInputStream(), AppleLoginRequest.class); | ||
| if (appleLoginRequest.getAuthorizationCode() == null) { | ||
| throw new TokenNotFoundException("Autorization Code is null"); | ||
| } | ||
|
|
||
| return appleLoginRequest; | ||
| } catch (Exception e) { | ||
| throw new TokenNotFoundException("Apple Token Parse Error"); | ||
| } | ||
| } | ||
|
|
||
| private PrivateKey getPrivateKey() throws IOException { | ||
| // PRIVATE_KEY 렌더링 | ||
| appleSignKey = appleSignKey.replace(' ', '\n'); | ||
| String SSH_SUFFIX = "\n-----END PRIVATE KEY-----"; | ||
| String SSH_PREFIX = "-----BEGIN PRIVATE KEY-----\n"; | ||
| appleSignKey = SSH_PREFIX + appleSignKey + SSH_SUFFIX; | ||
|
|
||
| Reader pemReader = new StringReader(appleSignKey); | ||
| PEMParser pemParser = new PEMParser(pemReader); | ||
| JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); | ||
| PrivateKeyInfo object = (PrivateKeyInfo) pemParser.readObject(); | ||
| return converter.getPrivateKey(object); | ||
| } | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters