Merge pull request #134 from wafflestudio/develop

소셜로그인 고쳐서 prod 배포

Author: ohsuhyeon0119

hangsha/src/main/kotlin/com/team1/hangsha/auth/service/AuthService.kt

@@ -103,7 +103,6 @@ class AuthService(
     }
 
     private fun getKakaoProfile(code: String): SocialUserProfile {
-        println(">>> DEBUG: ID=$kakaoClientId, SECRET=$kakaoClientSecret")
         val tokenUrl = "https://kauth.kakao.com/oauth/token"
 
         val headers = HttpHeaders().apply { contentType = MediaType.APPLICATION_FORM_URLENCODED }

hangsha/src/main/kotlin/com/team1/hangsha/config/WebConfig.kt

@@ -23,12 +23,13 @@ class WebConfig(
 
     override fun addCorsMappings(registry: CorsRegistry) {
         registry.addMapping("/**") // 모든 경로에 대해
-            .allowedOrigins(
+            .allowedOriginPatterns(
                 "http://localhost:3000",                  // 로컬 프론트엔드
                 "http://localhost:5173",                  // 로컬 프론트엔드 (Vite)
                 "http://localhost:5174",                  // 로컬 프론트엔드 (Vite 대체 포트)
                 "https://hangsha-dev.wafflestudio.com",   // Dev 프론트엔드
-                "https://hangsha.wafflestudio.com"        // Prod 프론트엔드
+                "https://hangsha.wafflestudio.com",       // Prod 프론트엔드
+                "https://*.app.github.dev"                // GitHub Codespaces 포워딩 도메인
             )
             .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS")
             .allowedHeaders("*")

hangsha/src/main/kotlin/com/team1/hangsha/user/AuthCookieSupport.kt

@@ -10,22 +10,36 @@ class AuthCookieSupport(
     private val secure: Boolean,
     @Value("\${auth.refresh-cookie.same-site}")
     private val sameSite: String,
+    @Value("\${auth.refresh-cookie.domain:}")
+    private val domain: String,
 ) {
-    fun buildRefreshCookie(token: String, maxAgeSeconds: Long): ResponseCookie =
-        ResponseCookie.from("refreshToken", token)
+    fun buildRefreshCookie(token: String, maxAgeSeconds: Long): ResponseCookie {
+        val builder = ResponseCookie.from("refreshToken", token)
             .httpOnly(true)
             .secure(secure)
             .sameSite(sameSite)
             .path("/api/v1/auth")
             .maxAge(maxAgeSeconds)
-            .build()
 
-    fun clearRefreshCookie(): ResponseCookie =
-        ResponseCookie.from("refreshToken", "")
+        if (domain.isNotBlank()) {
+            builder.domain(domain)
+        }
+
+        return builder.build()
+    }
+
+    fun clearRefreshCookie(): ResponseCookie {
+        val builder = ResponseCookie.from("refreshToken", "")
             .httpOnly(true)
             .secure(secure)
             .sameSite(sameSite)
             .path("/api/v1/auth")
             .maxAge(0)
-            .build()
+
+        if (domain.isNotBlank()) {
+            builder.domain(domain)
+        }
+
+        return builder.build()
+    }
 }

hangsha/src/main/kotlin/com/team1/hangsha/user/controller/AuthController.kt

@@ -13,6 +13,8 @@ import com.team1.hangsha.common.error.DomainException
 import com.team1.hangsha.common.error.ErrorCode
 import com.team1.hangsha.user.service.UserService
 import com.team1.hangsha.user.AuthCookieSupport
+import com.team1.hangsha.user.LoggedInUser
+import com.team1.hangsha.user.model.User
 import io.swagger.v3.oas.annotations.Operation
 import io.swagger.v3.oas.annotations.Parameter
 import org.springframework.http.HttpHeaders
@@ -57,6 +59,19 @@ class AuthController(
             .body(RefreshResponse(accessToken = issued.accessToken))
     }
 
+    @PostMapping("/session")
+    fun establishSession(
+        @Parameter(hidden = true)
+        @LoggedInUser user: User?
+    ): ResponseEntity<Unit> {
+        val authenticatedUser = user ?: throw DomainException(ErrorCode.AUTH_UNAUTHORIZED)
+        val issued = userService.issueAfterSocialLogin(authenticatedUser.id!!)
+
+        return ResponseEntity.noContent()
+            .header(HttpHeaders.SET_COOKIE, issued.refreshCookie.toString())
+            .build()
+    }
+
     @PostMapping("/logout")
     @Operation(
         summary = "로그아웃",

hangsha/src/main/resources/application.yml

@@ -121,8 +121,8 @@ app:
 auth:
   refresh-cookie:
     secure: true
-    same-site: Lax
-    domain: ".wafflestudio.com"
+    # OAuth 콜백 302(cross-site 리다이렉트)에서 심기는 쿠키는 SameSite=Lax면 브라우저가 저장을 거부 : None + Secure로 설정 변경
+    same-site: None
 ---
 # ==========================================
 # prod
@@ -137,5 +137,5 @@ app:
 auth:
   refresh-cookie:
     secure: true
-    same-site: Lax
-    domain: ".wafflestudio.com"
+    # OAuth 콜백 302(cross-site 리다이렉트)에서 심기는 쿠키는 SameSite=Lax면 브라우저가 저장을 거부 : None + Secure로 설정 변경
+    same-site: None

hangsha/src/test/kotlin/com/team1/hangsha/AuthIntegrationTest.kt

@@ -178,6 +178,36 @@ class AuthIntegrationTest : IntegrationTestBase() {
         }
     }
 
+    @Test
+    fun `session endpoint issues refresh cookie with valid access token`() {
+        val email = "test_${UUID.randomUUID()}@example.com"
+        val password = "Abcd1234!"
+
+        val (accessToken, _) = postRegister(email, password)
+
+        val res = mockMvc.post("/api/v1/auth/session") {
+            secure = true
+            header(HttpHeaders.AUTHORIZATION, bearer(accessToken))
+        }.andExpect {
+            status { isNoContent() }
+            header { exists(HttpHeaders.SET_COOKIE) }
+        }.andReturn()
+
+        val setCookie = res.response.getHeader(HttpHeaders.SET_COOKIE)
+            ?: fail("Expected Set-Cookie for refreshToken, but it was null")
+
+        assertTrue(setCookie.startsWith("refreshToken="), "Set-Cookie must include refreshToken")
+    }
+
+    @Test
+    fun `session endpoint fails without access token`() {
+        mockMvc.post("/api/v1/auth/session") {
+            secure = true
+        }.andExpect {
+            status { isUnauthorized() }
+        }
+    }
+
     @Test
     fun `logout clears refresh cookie`() {
         val email = "test_${UUID.randomUUID()}@example.com"
@@ -322,4 +352,4 @@ class AuthIntegrationTest : IntegrationTestBase() {
             status { isUnauthorized() }
         }
     }
-}
+}