feat: APPLE_USER 가입 파이프라인을 추가한다

Author: devxb

.github/workflows/deploy.yml

@@ -87,6 +87,7 @@ jobs:
             "QUIZ_APPROVE_TOKEN=${{ secrets.QUIZ_APPROVE_TOKEN }}"
             "RELAY_APPROVE_TOKEN=${{ secrets.RELAY_APPROVE_TOKEN }}"
             "INTERNAL_AUTH_SECRET=${{ secrets.INTERNAL_AUTH_SECRET }}"
+            "LOGIN_SECRET=${{ secrets.LOGIN_SECRET }}"
 
       - name: build and push filebeat
         uses: docker/build-push-action@v4

deploy/api/Dockerfile

@@ -22,6 +22,7 @@ ARG ELASTIC_SEARCH_PASSWORD
 ARG QUIZ_APPROVE_TOKEN
 ARG RELAY_APPROVE_TOKEN
 ARG INTERNAL_AUTH_SECRET
+ARG LOGIN_SECRET
 
 ARG JAR_FILE=./*.jar
 COPY ${JAR_FILE} gitanimals-api.jar
@@ -47,7 +48,8 @@ ENV db_url=${DB_URL} \
   elastic_search_password=${ELASTIC_SEARCH_PASSWORD} \
   quiz_approve_token=${QUIZ_APPROVE_TOKEN} \
   relay_approve_token=${RELAY_APPROVE_TOKEN} \
-  internal_auth_secret=${INTERNAL_AUTH_SECRET}
+  internal_auth_secret=${INTERNAL_AUTH_SECRET} \
+  login_secret=${LOGIN_SECRET}
 
 ENTRYPOINT java -Djava.net.preferIPv4Stack=true -jar gitanimals-api.jar \
   --spring.datasource.url=${db_url} \
@@ -71,4 +73,5 @@ ENTRYPOINT java -Djava.net.preferIPv4Stack=true -jar gitanimals-api.jar \
   --spring.elasticsearch.password=${elastic_search_password} \
   --quiz.approve.token=${quiz_approve_token} \
   --relay.approve.token=${relay_approve_token} \
-  --internal.auth.secret=${internal_auth_secret}
+  --internal.auth.secret=${internal_auth_secret} \
+  --login.secret=${login_secret}

src/main/kotlin/org/gitanimals/core/auth/RequiredUserEntryPointAspect.kt

@@ -4,12 +4,15 @@ import org.aspectj.lang.ProceedingJoinPoint
 import org.aspectj.lang.annotation.Around
 import org.aspectj.lang.annotation.Aspect
 import org.gitanimals.core.auth.UserEntryPointValidationExtension.withUserEntryPointValidation
+import org.slf4j.LoggerFactory
 import org.springframework.stereotype.Component
 
 @Aspect
 @Component
 class RequiredUserEntryPointAspect {
 
+    private val logger = LoggerFactory.getLogger(this::class.simpleName)
+
     @Around("@annotation(requiredUserEntryPoints)")
     fun validate(
         proceedingJoinPoint: ProceedingJoinPoint,
@@ -18,6 +21,12 @@ class RequiredUserEntryPointAspect {
         return withUserEntryPointValidation(
             expectedUserEntryPoints = requiredUserEntryPoints.expected,
             onSuccess = { proceedingJoinPoint.proceed() },
+            failMessage = {
+                val message =
+                    "ExpectedUserEntryPoints: \"${requiredUserEntryPoints.expected}\" but request user entryPoint is \"$it\""
+                logger.info("[RequiredUserEntryPointAspect] $message")
+                message
+            }
         )
     }
 }

src/main/kotlin/org/gitanimals/core/auth/UserEntryPointValidationExtension.kt

@@ -9,20 +9,23 @@ object UserEntryPointValidationExtension {
     fun <T> withUserEntryPointValidation(
         expectedUserEntryPoints: Array<UserEntryPoint>,
         onSuccess: () -> T,
-        failMessage: () -> String = {
-            "\"$expectedUserEntryPoints\" User cannot pass."
+        failMessage: (UserEntryPoint?) -> String = { userEntryPoint ->
+            "ExpectedUserEntryPoints: \"$expectedUserEntryPoints\" but request user entryPoint is \"$userEntryPoint\""
         }
     ): T {
-        val userEntryPoint = internalAuth.getUserEntryPoint {
-            throw IllegalArgumentException(failMessage.invoke())
+        val userEntryPoint = runCatching {
+            val userEntryPointString = internalAuth.getUserEntryPoint {
+                throw IllegalArgumentException(failMessage.invoke(null))
+            }
+            UserEntryPoint.valueOf(userEntryPointString)
+        }.getOrElse {
+            throw IllegalArgumentException(failMessage.invoke(null))
         }
 
         require(
-            expectedUserEntryPoints.contains(UserEntryPoint.ANY) ||
-            UserEntryPoint.valueOf(userEntryPoint) in expectedUserEntryPoints
-        ) {
-            failMessage.invoke()
-        }
+            expectedUserEntryPoints.contains(UserEntryPoint.ANY)
+                    || userEntryPoint in expectedUserEntryPoints
+        ) { failMessage.invoke(userEntryPoint) }
 
         return onSuccess.invoke()
     }

src/main/kotlin/org/gitanimals/identity/app/AppleLoginFacade.kt

@@ -0,0 +1,36 @@
+package org.gitanimals.identity.app
+
+import org.gitanimals.identity.domain.EntryPoint
+import org.gitanimals.identity.domain.UserService
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.stereotype.Component
+
+@Component
+class AppleLoginFacade(
+    @Value("\${login.secret}") private val loginSecret: String,
+    private val tokenManager: TokenManager,
+    private val userService: UserService,
+) {
+
+    fun login(loginSecret: String, username: String, profileImage: String): String {
+        require(loginSecret == this.loginSecret) {
+            "Fail to login cause wrong loginSecret"
+        }
+
+        val isExistsUser = userService.existsUser(username, EntryPoint.APPLE)
+
+        val user = when (isExistsUser) {
+            true -> userService.getUserByNameAndEntryPoint(username, EntryPoint.APPLE)
+            false -> {
+                userService.newUser(
+                    username = username,
+                    entryPoint = EntryPoint.APPLE,
+                    profileImage = profileImage,
+                    contributionPerYears = mapOf(),
+                )
+            }
+        }
+
+        return tokenManager.createToken(user).withType()
+    }
+}

src/main/kotlin/org/gitanimals/identity/controller/Oauth2Controller.kt

@@ -1,6 +1,8 @@
 package org.gitanimals.identity.controller
 
+import org.gitanimals.identity.app.AppleLoginFacade
 import org.gitanimals.identity.app.GithubLoginFacade
+import org.gitanimals.identity.controller.request.AppleLoginRequest
 import org.gitanimals.identity.controller.request.RedirectWhenSuccess
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.http.HttpStatus
@@ -11,6 +13,7 @@ import org.springframework.web.bind.annotation.*
 class Oauth2Controller(
     @Value("\${oauth.client.id.github}") private val githubClientId: String,
     private val githubLoginFacade: GithubLoginFacade,
+    private val appleLoginFacade: AppleLoginFacade,
 ) {
 
     @GetMapping("/logins/oauth/github")
@@ -43,4 +46,24 @@ class Oauth2Controller(
             )
             .build()
     }
+
+    @PostMapping("/logins/oauth/apple")
+    fun loginWithAppleAndRedirect(
+        @RequestHeader(
+            name = "Redirect-When-Success",
+            defaultValue = "HOME"
+        ) redirectWhenSuccess: RedirectWhenSuccess,
+        @RequestHeader(name = "Login-Secret") loginSecret: String,
+        @RequestBody appleLoginRequest: AppleLoginRequest,
+    ): ResponseEntity<Unit> {
+        val token = appleLoginFacade.login(
+            username = appleLoginRequest.name,
+            profileImage = appleLoginRequest.profileImage,
+            loginSecret = loginSecret,
+        )
+
+        return ResponseEntity.status(HttpStatus.TEMPORARY_REDIRECT)
+            .header("Location", redirectWhenSuccess.successUriWithToken(token))
+            .build()
+    }
 }

src/main/kotlin/org/gitanimals/identity/controller/request/AppleLoginRequest.kt

@@ -0,0 +1,6 @@
+package org.gitanimals.identity.controller.request
+
+data class AppleLoginRequest(
+    val name: String,
+    val profileImage: String,
+)

src/main/resources/application.properties

@@ -32,6 +32,7 @@ sentry.traces-sample-rate=1.0
 
 internal.secret=
 internal.auth.secret=
+login.secret=
 test.secret=
 openai.key=
 openai.project=

src/test/resources/test.properties

@@ -19,6 +19,7 @@ spring.jpa.properties.hibernate.use_sql_comments = true
 
 internal.secret=foo
 internal.auth.secret=p4K86j8sl9LDufoN/2rpj8df+gc2SAGHUKKup6l695o=
+login.secret=foo
 test.secret=foo
 jwt.key=adsfbsadhfbsadghfavjshfvgqwehfvagvfhgasdvfghavsfvasghdfcvdsafhgadsgfhvasdhfgasdvfghdasvfas