release: 1.5.8 (#171)

Author: devxb

.github/workflows/deploy.yml

@@ -87,6 +87,7 @@ jobs:
             "QUIZ_APPROVE_TOKEN=${{ secrets.QUIZ_APPROVE_TOKEN }}"
             "RELAY_APPROVE_TOKEN=${{ secrets.RELAY_APPROVE_TOKEN }}"
             "INTERNAL_AUTH_SECRET=${{ secrets.INTERNAL_AUTH_SECRET }}"
+            "LOGIN_SECRET=${{ secrets.LOGIN_SECRET }}"
 
       - name: build and push filebeat
         uses: docker/build-push-action@v4

deploy/api/Dockerfile

@@ -22,6 +22,7 @@ ARG ELASTIC_SEARCH_PASSWORD
 ARG QUIZ_APPROVE_TOKEN
 ARG RELAY_APPROVE_TOKEN
 ARG INTERNAL_AUTH_SECRET
+ARG LOGIN_SECRET
 
 ARG JAR_FILE=./*.jar
 COPY ${JAR_FILE} gitanimals-api.jar
@@ -47,7 +48,8 @@ ENV db_url=${DB_URL} \
   elastic_search_password=${ELASTIC_SEARCH_PASSWORD} \
   quiz_approve_token=${QUIZ_APPROVE_TOKEN} \
   relay_approve_token=${RELAY_APPROVE_TOKEN} \
-  internal_auth_secret=${INTERNAL_AUTH_SECRET}
+  internal_auth_secret=${INTERNAL_AUTH_SECRET} \
+  login_secret=${LOGIN_SECRET}
 
 ENTRYPOINT java -Djava.net.preferIPv4Stack=true -jar gitanimals-api.jar \
   --spring.datasource.url=${db_url} \
@@ -71,4 +73,5 @@ ENTRYPOINT java -Djava.net.preferIPv4Stack=true -jar gitanimals-api.jar \
   --spring.elasticsearch.password=${elastic_search_password} \
   --quiz.approve.token=${quiz_approve_token} \
   --relay.approve.token=${relay_approve_token} \
-  --internal.auth.secret=${internal_auth_secret}
+  --internal.auth.secret=${internal_auth_secret} \
+  --login.secret=${login_secret}

docs/api/identity/get_user_by_token.md

@@ -15,6 +15,7 @@
   "id": "1",
   "username": "devxb",
   "points": "491128",
-  "profileImage": "https://avatars.githubusercontent.com/u/62425964?v=4"
+  "profileImage": "https://avatars.githubusercontent.com/u/62425964?v=4",
+  "entryPoint": "GITHUB" // GITHUB OR APPLE
 }
 ```

docs/api/identity/login-apple.md

@@ -0,0 +1,23 @@
+# APPLE login
+
+## Request
+### HTTP METHOD : `POST`
+### url : `https://api.gitanimals.org/logins/oauth/apple`
+### Header
+- Redirect-When-Success : `HOME`, `ADMIN`, `LOCAL`, `LOCAL_ADMIN` 중 하나를 입력해주세요. HOME은 로그인 성공시 홈페이지로 로그인, ADMIN은 로그인 성공시 어드민 페이지로 리다이렉트 됩니다. LOCAL은 `http://localhost:3000?jwt={jwt}` 로 리다이렉트 됩니다.
+- Login-Secret: 내부 로그인 토큰을 전달 하세요.
+
+### Request Body
+```json
+{
+  "name": "유저의 이름",
+  "profileImage": "유저의 프로필 이미지"
+}
+```
+
+# Response
+로그인 성공시 등록한 url로 jwt를 전달합니다.   
+ADMIN : `https://admin.gitanimals.org?jwt={jwtToken}`   
+HOME : `https://www.gitanimals.org?jwt={jwtToken}`
+LOCAL : `http://localhost:3000?jwt={jwtToken}`
+LOCAL_ADMIN : `http://localhost:5173?jwt={jwtToken}`

gradle/spring.gradle

@@ -5,6 +5,7 @@ jar {
 dependencies {
     implementation "org.springframework.boot:spring-boot-starter"
     implementation "org.springframework.boot:spring-boot-starter-web"
+    implementation "org.springframework.boot:spring-boot-starter-aop"
     implementation "org.springframework.boot:spring-boot-starter-data-jpa"
     implementation "org.springframework.boot:spring-boot-starter-data-redis"
     implementation "org.springframework.boot:spring-boot-starter-actuator"

src/main/kotlin/org/gitanimals/core/auth/InternalAuth.kt

@@ -3,6 +3,7 @@ package org.gitanimals.core.auth
 import jakarta.servlet.http.HttpServletRequest
 import org.gitanimals.core.AUTHORIZATION_EXCEPTION
 import org.gitanimals.core.AuthorizationException
+import org.gitanimals.core.filter.MDCFilter.Companion.USER_ENTRY_POINT
 import org.gitanimals.core.filter.MDCFilter.Companion.USER_ID
 import org.slf4j.LoggerFactory
 import org.slf4j.MDC
@@ -29,7 +30,7 @@ class InternalAuth(
         SecretKeySpec(decodedKey, "AES")
     }
 
-    fun getUserId(throwOnFailure: () -> Unit = throwCannotGetUserId): Long {
+    fun getUserId(throwOnFailure: () -> Unit = throwCannotGetUserInfo): Long {
         val userId = findUserId()
 
         if (userId == null) {
@@ -80,6 +81,36 @@ class InternalAuth(
         return userId
     }
 
+    fun getUserEntryPoint(throwOnFailure: () -> Unit = throwCannotGetUserInfo): String {
+        val entryPoint = findUserEntryPoint()
+
+        if (entryPoint == null) {
+            throwOnFailure.invoke()
+        }
+
+        return entryPoint ?: throw AUTHORIZATION_EXCEPTION
+    }
+
+    fun findUserEntryPoint(): String? {
+        val entryPointInMdc = runCatching {
+            MDC.get(USER_ENTRY_POINT)
+        }.getOrNull()
+
+        if (entryPointInMdc != null) {
+            return entryPointInMdc
+        }
+
+        httpServletRequest.getHeader(INTERNAL_ENTRY_POINT_KEY)?.let {
+            return it
+        }
+
+        val token: String = httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION) ?: return null
+
+        return runCatching {
+            internalAuthClient.getUserByToken(token).entryPoint
+        }.getOrNull()
+    }
+
     private fun decrypt(iv: ByteArray, secret: ByteArray): Long {
         val cipher = Cipher.getInstance("AES/GCM/NoPadding")
         val spec = GCMParameterSpec(128, iv)
@@ -108,8 +139,9 @@ class InternalAuth(
     companion object {
         const val INTERNAL_AUTH_IV_KEY = "Internal-Auth-Iv"
         const val INTERNAL_AUTH_SECRET_KEY = "Internal-Auth-Secret"
+        const val INTERNAL_ENTRY_POINT_KEY = "Internal-Entry-Point"
 
-        private val throwCannotGetUserId: () -> Unit = {
+        private val throwCannotGetUserInfo: () -> Unit = {
             throw AUTHORIZATION_EXCEPTION
         }
     }

src/main/kotlin/org/gitanimals/core/auth/InternalAuthClient.kt

@@ -22,6 +22,7 @@ fun interface InternalAuthClient {
 
     data class UserResponse(
         val id: String,
+        val entryPoint: String,
     )
 }
 

src/main/kotlin/org/gitanimals/core/auth/InternalAuthRequestInterceptor.kt

@@ -1,5 +1,6 @@
 package org.gitanimals.core.auth
 
+import org.gitanimals.core.filter.MDCFilter.Companion.USER_ENTRY_POINT
 import org.gitanimals.core.filter.MDCFilter.Companion.USER_ID
 import org.slf4j.MDC
 import org.springframework.http.HttpRequest
@@ -23,6 +24,10 @@ class InternalAuthRequestInterceptor(
             MDC.get(USER_ID).toLong()
         }.getOrNull()
 
+        val userEntryPoint = runCatching {
+            MDC.get(USER_ENTRY_POINT)
+        }.getOrNull()
+
         if (userId != null) {
             val encrypt = internalAuth.encrypt(userId = userId)
 
@@ -34,6 +39,10 @@ class InternalAuthRequestInterceptor(
                 InternalAuth.INTERNAL_AUTH_IV_KEY,
                 Base64.getEncoder().encodeToString(encrypt.iv),
             )
+            request.headers.add(
+                InternalAuth.INTERNAL_ENTRY_POINT_KEY,
+                userEntryPoint,
+            )
         }
 
         return execution.execute(request, body)

src/main/kotlin/org/gitanimals/core/auth/RequiredUserEntryPointAspect.kt

@@ -0,0 +1,32 @@
+package org.gitanimals.core.auth
+
+import org.aspectj.lang.ProceedingJoinPoint
+import org.aspectj.lang.annotation.Around
+import org.aspectj.lang.annotation.Aspect
+import org.gitanimals.core.auth.UserEntryPointValidationExtension.withUserEntryPointValidation
+import org.slf4j.LoggerFactory
+import org.springframework.stereotype.Component
+
+@Aspect
+@Component
+class RequiredUserEntryPointAspect {
+
+    private val logger = LoggerFactory.getLogger(this::class.simpleName)
+
+    @Around("@annotation(requiredUserEntryPoints)")
+    fun validate(
+        proceedingJoinPoint: ProceedingJoinPoint,
+        requiredUserEntryPoints: RequiredUserEntryPoints,
+    ): Any? {
+        return withUserEntryPointValidation(
+            expectedUserEntryPoints = requiredUserEntryPoints.expected,
+            onSuccess = { proceedingJoinPoint.proceed() },
+            failMessage = {
+                val message =
+                    "ExpectedUserEntryPoints: \"${requiredUserEntryPoints.expected}\" but request user entryPoint is \"$it\""
+                logger.info("[RequiredUserEntryPointAspect] $message")
+                message
+            }
+        )
+    }
+}

src/main/kotlin/org/gitanimals/core/auth/RequiredUserEntryPoints.kt

@@ -0,0 +1,14 @@
+package org.gitanimals.core.auth
+
+@Target(AnnotationTarget.FUNCTION)
+@Retention(AnnotationRetention.RUNTIME)
+annotation class RequiredUserEntryPoints(
+    val expected: Array<UserEntryPoint>,
+)
+
+enum class UserEntryPoint {
+    ANY,
+    GITHUB,
+    APPLE,
+    ;
+}