feat: User EntryPoint에 APPLE을 추가한다

Author: devxb

gradle/spring.gradle

@@ -5,6 +5,7 @@ jar {
 dependencies {
     implementation "org.springframework.boot:spring-boot-starter"
     implementation "org.springframework.boot:spring-boot-starter-web"
+    implementation "org.springframework.boot:spring-boot-starter-aop"
     implementation "org.springframework.boot:spring-boot-starter-data-jpa"
     implementation "org.springframework.boot:spring-boot-starter-data-redis"
     implementation "org.springframework.boot:spring-boot-starter-actuator"

src/main/kotlin/org/gitanimals/core/auth/InternalAuth.kt

@@ -3,6 +3,7 @@ package org.gitanimals.core.auth
 import jakarta.servlet.http.HttpServletRequest
 import org.gitanimals.core.AUTHORIZATION_EXCEPTION
 import org.gitanimals.core.AuthorizationException
+import org.gitanimals.core.filter.MDCFilter.Companion.USER_ENTRY_POINT
 import org.gitanimals.core.filter.MDCFilter.Companion.USER_ID
 import org.slf4j.LoggerFactory
 import org.slf4j.MDC
@@ -29,7 +30,7 @@ class InternalAuth(
         SecretKeySpec(decodedKey, "AES")
     }
 
-    fun getUserId(throwOnFailure: () -> Unit = throwCannotGetUserId): Long {
+    fun getUserId(throwOnFailure: () -> Unit = throwCannotGetUserInfo): Long {
         val userId = findUserId()
 
         if (userId == null) {
@@ -80,6 +81,36 @@ class InternalAuth(
         return userId
     }
 
+    fun getUserEntryPoint(throwOnFailure: () -> Unit = throwCannotGetUserInfo): String {
+        val entryPoint = findUserEntryPoint()
+
+        if (entryPoint == null) {
+            throwOnFailure.invoke()
+        }
+
+        return entryPoint ?: throw AUTHORIZATION_EXCEPTION
+    }
+
+    fun findUserEntryPoint(): String? {
+        val entryPointInMdc = runCatching {
+            MDC.get(USER_ENTRY_POINT)
+        }.getOrNull()
+
+        if (entryPointInMdc != null) {
+            return entryPointInMdc
+        }
+
+        httpServletRequest.getHeader(INTERNAL_ENTRY_POINT_KEY)?.let {
+            return it
+        }
+
+        val token: String = httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION) ?: return null
+
+        return runCatching {
+            internalAuthClient.getUserByToken(token).entryPoint
+        }.getOrNull()
+    }
+
     private fun decrypt(iv: ByteArray, secret: ByteArray): Long {
         val cipher = Cipher.getInstance("AES/GCM/NoPadding")
         val spec = GCMParameterSpec(128, iv)
@@ -108,8 +139,9 @@ class InternalAuth(
     companion object {
         const val INTERNAL_AUTH_IV_KEY = "Internal-Auth-Iv"
         const val INTERNAL_AUTH_SECRET_KEY = "Internal-Auth-Secret"
+        const val INTERNAL_ENTRY_POINT_KEY = "Internal-Entry-Point"
 
-        private val throwCannotGetUserId: () -> Unit = {
+        private val throwCannotGetUserInfo: () -> Unit = {
             throw AUTHORIZATION_EXCEPTION
         }
     }

src/main/kotlin/org/gitanimals/core/auth/InternalAuthClient.kt

@@ -22,6 +22,7 @@ fun interface InternalAuthClient {
 
     data class UserResponse(
         val id: String,
+        val entryPoint: String,
     )
 }
 

src/main/kotlin/org/gitanimals/core/auth/InternalAuthRequestInterceptor.kt

@@ -1,5 +1,6 @@
 package org.gitanimals.core.auth
 
+import org.gitanimals.core.filter.MDCFilter.Companion.USER_ENTRY_POINT
 import org.gitanimals.core.filter.MDCFilter.Companion.USER_ID
 import org.slf4j.MDC
 import org.springframework.http.HttpRequest
@@ -23,6 +24,10 @@ class InternalAuthRequestInterceptor(
             MDC.get(USER_ID).toLong()
         }.getOrNull()
 
+        val userEntryPoint = runCatching {
+            MDC.get(USER_ENTRY_POINT)
+        }.getOrNull()
+
         if (userId != null) {
             val encrypt = internalAuth.encrypt(userId = userId)
 
@@ -34,6 +39,10 @@ class InternalAuthRequestInterceptor(
                 InternalAuth.INTERNAL_AUTH_IV_KEY,
                 Base64.getEncoder().encodeToString(encrypt.iv),
             )
+            request.headers.add(
+                InternalAuth.INTERNAL_ENTRY_POINT_KEY,
+                userEntryPoint,
+            )
         }
 
         return execution.execute(request, body)

src/main/kotlin/org/gitanimals/core/auth/RequiredUserEntryPointAspect.kt

@@ -0,0 +1,23 @@
+package org.gitanimals.core.auth
+
+import org.aspectj.lang.ProceedingJoinPoint
+import org.aspectj.lang.annotation.Around
+import org.aspectj.lang.annotation.Aspect
+import org.gitanimals.core.auth.UserEntryPointValidationExtension.withUserEntryPointValidation
+import org.springframework.stereotype.Component
+
+@Aspect
+@Component
+class RequiredUserEntryPointAspect {
+
+    @Around("@annotation(requiredUserEntryPoints)")
+    fun validate(
+        proceedingJoinPoint: ProceedingJoinPoint,
+        requiredUserEntryPoints: RequiredUserEntryPoints,
+    ): Any? {
+        return withUserEntryPointValidation(
+            expectedUserEntryPoints = requiredUserEntryPoints.expected,
+            onSuccess = { proceedingJoinPoint.proceed() },
+        )
+    }
+}

src/main/kotlin/org/gitanimals/core/auth/RequiredUserEntryPoints.kt

@@ -0,0 +1,14 @@
+package org.gitanimals.core.auth
+
+@Target(AnnotationTarget.FUNCTION)
+@Retention(AnnotationRetention.RUNTIME)
+annotation class RequiredUserEntryPoints(
+    val expected: Array<UserEntryPoint>,
+)
+
+enum class UserEntryPoint {
+    ANY,
+    GITHUB,
+    APPLE,
+    ;
+}

src/main/kotlin/org/gitanimals/core/auth/UserEntryPointValidationExtension.kt

@@ -0,0 +1,39 @@
+package org.gitanimals.core.auth
+
+import org.springframework.stereotype.Component
+
+object UserEntryPointValidationExtension {
+
+    private lateinit var internalAuth: InternalAuth
+
+    fun <T> withUserEntryPointValidation(
+        expectedUserEntryPoints: Array<UserEntryPoint>,
+        onSuccess: () -> T,
+        failMessage: () -> String = {
+            "\"$expectedUserEntryPoints\" User cannot pass."
+        }
+    ): T {
+        val userEntryPoint = internalAuth.getUserEntryPoint {
+            throw IllegalArgumentException(failMessage.invoke())
+        }
+
+        require(
+            expectedUserEntryPoints.contains(UserEntryPoint.ANY) ||
+            UserEntryPoint.valueOf(userEntryPoint) in expectedUserEntryPoints
+        ) {
+            failMessage.invoke()
+        }
+
+        return onSuccess.invoke()
+    }
+
+    @Component
+    class UserEntryPointValidationExtensionBeanInjector(
+        internalAuth: InternalAuth,
+    ) {
+
+        init {
+            UserEntryPointValidationExtension.internalAuth = internalAuth
+        }
+    }
+}

src/main/kotlin/org/gitanimals/core/filter/MDCFilter.kt

@@ -32,6 +32,7 @@ class MDCFilter(
             MDC.put(PATH, uri)
             if (uri != "/users") {
                 internalAuth.findUserId()?.let { MDC.put(USER_ID, it.toString()) }
+                internalAuth.findUserEntryPoint()?.let { MDC.put(USER_ENTRY_POINT, it) }
             }
 
             val elapsedTime = measureTimeMillis {
@@ -47,12 +48,14 @@ class MDCFilter(
             MDC.remove(ELAPSED_TIME)
             MDC.remove(PATH)
             MDC.remove(USER_ID)
+            MDC.remove(USER_ENTRY_POINT)
         }
     }
 
     companion object {
         const val USER_ID = "userId"
         const val TRACE_ID = "traceId"
+        const val USER_ENTRY_POINT = "userEntryPoint"
         const val ELAPSED_TIME = "elapsedTime"
         const val PATH = "path"
 

src/main/kotlin/org/gitanimals/coupon/controller/CouponController.kt

@@ -1,5 +1,7 @@
 package org.gitanimals.coupon.controller
 
+import org.gitanimals.core.auth.RequiredUserEntryPoints
+import org.gitanimals.core.auth.UserEntryPoint
 import org.gitanimals.coupon.app.CouponFacade
 import org.gitanimals.coupon.controller.request.CouponRequest
 import org.gitanimals.coupon.controller.response.CouponResponses
@@ -14,13 +16,15 @@ class CouponController(
 
     @PostMapping("/coupons")
     @ResponseStatus(HttpStatus.OK)
+    @RequiredUserEntryPoints([UserEntryPoint.GITHUB])
     fun useCoupon(
         @RequestHeader(HttpHeaders.AUTHORIZATION) token: String,
         @RequestBody couponRequest: CouponRequest,
     ) = couponFacade.useCoupon(token, couponRequest.code, couponRequest.dynamic)?.toResponse()
 
     @GetMapping("/coupons/users")
     @ResponseStatus(HttpStatus.OK)
+    @RequiredUserEntryPoints([UserEntryPoint.GITHUB])
     fun getUsedCoupons(
         @RequestHeader(HttpHeaders.AUTHORIZATION) token: String,
     ): CouponResponses = CouponResponses.from(couponFacade.getUsedCoupons())

src/main/kotlin/org/gitanimals/gotcha/controller/GotchaController.kt

@@ -1,5 +1,7 @@
 package org.gitanimals.gotcha.controller
 
+import org.gitanimals.core.auth.RequiredUserEntryPoints
+import org.gitanimals.core.auth.UserEntryPoint
 import org.gitanimals.gotcha.app.GotchaFacadeV3
 import org.gitanimals.gotcha.app.response.GotchaResponseV3
 import org.gitanimals.gotcha.controller.response.ErrorResponse
@@ -13,6 +15,7 @@ class GotchaController(
     private val gotchaFacadeV3: GotchaFacadeV3,
 ) {
 
+    @RequiredUserEntryPoints([UserEntryPoint.GITHUB])
     @PostMapping(path = ["/gotchas"], headers = ["Api-Version=3"])
     fun gotchaV3(
         @RequestHeader(HttpHeaders.AUTHORIZATION) token: String,