refactor: apple login 방식에 login-secret을 추가한다

devxb · devxb · commit 4fe857290026 · 2025-08-02T20:10:55.000+09:00
diff --git a/docs/api/identity/login-apple.md b/docs/api/identity/login-apple.md
@@ -3,6 +3,8 @@
 ## Request
 ### HTTP METHOD : `POST`
 ### url : `https://api.gitanimals.org/logins/oauth/apple`
+### Header
+- Login-Secret: 내부 로그인 토큰을 전달 하세요.
 
 ### Request Body
 ```json
diff --git a/src/main/kotlin/org/gitanimals/identity/app/AppleLoginFacade.kt b/src/main/kotlin/org/gitanimals/identity/app/AppleLoginFacade.kt
@@ -3,10 +3,12 @@ package org.gitanimals.identity.app
 import com.fasterxml.jackson.core.type.TypeReference
 import com.fasterxml.jackson.databind.ObjectMapper
 import io.jsonwebtoken.Jwts
+import org.gitanimals.core.AUTHORIZATION_EXCEPTION
 import org.gitanimals.identity.app.AppleOauth2Api.AppleAuthKeyResponse
 import org.gitanimals.identity.domain.EntryPoint
 import org.gitanimals.identity.domain.UserService
 import org.slf4j.LoggerFactory
+import org.springframework.beans.factory.annotation.Value
 import org.springframework.stereotype.Component
 import java.math.BigInteger
 import java.security.KeyFactory
@@ -20,11 +22,13 @@ class AppleLoginFacade(
     private val userService: UserService,
     private val appleOauth2Api: AppleOauth2Api,
     private val objectMapper: ObjectMapper,
+    @Value("\${login.secret}") private val loginSecret: String,
 ) {
 
     private val logger = LoggerFactory.getLogger(this::class.simpleName)
 
-    fun login(accessToken: String): String {
+    fun login(loginSecret: String, accessToken: String): String {
+        require(this.loginSecret == loginSecret) { throw AUTHORIZATION_EXCEPTION }
         val appleUserInfo = getAppleUserInfo(accessToken)
 
         val isExistsUser = userService.existsByEntryPointAndAuthenticationId(
diff --git a/src/main/kotlin/org/gitanimals/identity/controller/Oauth2Controller.kt b/src/main/kotlin/org/gitanimals/identity/controller/Oauth2Controller.kt
@@ -52,9 +52,11 @@ class Oauth2Controller(
     @ResponseStatus(HttpStatus.OK)
     fun loginWithApple(
         @RequestBody appleLoginRequest: AppleLoginRequest,
+        @RequestHeader("Login-Secret") loginSecret: String,
     ): TokenResponse {
         val token = appleLoginFacade.login(
-            accessToken = appleLoginRequest.accessToken
+            loginSecret = loginSecret,
+            accessToken = appleLoginRequest.accessToken,
         )
 
         return TokenResponse(token)
