Merge pull request #98 from wafflestudio/feat/make-oauth-log

feat: implement OAuth logs

Author: Tapha-K

src/main/kotlin/com/wafflestudio/team8server/common/exception/GlobalExceptionHandler.kt

@@ -1,7 +1,7 @@
 package com.wafflestudio.team8server.common.exception
 
-import com.wafflestudio.team8server.course.service.CourseExcelParser
 import io.swagger.v3.oas.annotations.media.Schema
+import jakarta.servlet.http.HttpServletRequest
 import org.slf4j.LoggerFactory
 import org.springframework.dao.CannotAcquireLockException
 import org.springframework.dao.DataIntegrityViolationException
@@ -36,6 +36,8 @@ data class ErrorResponse(
 
 @RestControllerAdvice
 class GlobalExceptionHandler {
+    private val log = LoggerFactory.getLogger(GlobalExceptionHandler::class.java)
+
     // NullSafety에 위배된 예외 처리 -> 404 NOT FOUND (데이터 없음)
     @ExceptionHandler(ResourceNotFoundException::class)
     fun handleResourceNotFoundException(e: ResourceNotFoundException): ResponseEntity<ErrorResponse> {
@@ -88,14 +90,23 @@ class GlobalExceptionHandler {
 
     // 유효성 검증 실패 예외 처리 → 400 BAD_REQUEST
     @ExceptionHandler(MethodArgumentNotValidException::class)
-    fun handleValidationException(e: MethodArgumentNotValidException): ResponseEntity<ErrorResponse> {
+    fun handleValidationException(
+        e: MethodArgumentNotValidException,
+        request: HttpServletRequest,
+    ): ResponseEntity<ErrorResponse> {
         // 모든 검증 에러를 Map으로 변환 (필드명 → 에러 메시지)
         val errors =
             e.bindingResult.allErrors.associate { error ->
                 val field = (error as FieldError).field // 필드명 (email, password 등)
                 val message = error.defaultMessage // 에러 메시지 (@NotBlank의 message)
                 field to message // map pair 생성
             }
+        log.warn(
+            "Request validation failed: method={}, path={}, errors={}",
+            request.method,
+            request.requestURI,
+            errors,
+        )
 
         val response =
             ErrorResponse(
@@ -133,7 +144,18 @@ class GlobalExceptionHandler {
     }
 
     @ExceptionHandler(HttpMessageNotReadableException::class)
-    fun handleHttpMessageNotReadableException(e: HttpMessageNotReadableException): ResponseEntity<ErrorResponse> {
+    fun handleHttpMessageNotReadableException(
+        e: HttpMessageNotReadableException,
+        request: HttpServletRequest,
+    ): ResponseEntity<ErrorResponse> {
+        log.warn(
+            "Request body parsing failed: method={}, path={}, contentType={}, cause={}({})",
+            request.method,
+            request.requestURI,
+            request.contentType,
+            e::class.simpleName,
+            e.message,
+        )
         val response =
             ErrorResponse(
                 status = HttpStatus.BAD_REQUEST.value(),
@@ -146,7 +168,16 @@ class GlobalExceptionHandler {
     }
 
     @ExceptionHandler(UnauthorizedException::class)
-    fun handleUnauthorizedException(e: UnauthorizedException): ResponseEntity<ErrorResponse> {
+    fun handleUnauthorizedException(
+        e: UnauthorizedException,
+        request: HttpServletRequest,
+    ): ResponseEntity<ErrorResponse> {
+        log.warn(
+            "Unauthorized request handled: method={}, path={}, message={}",
+            request.method,
+            request.requestURI,
+            e.message,
+        )
         val response =
             ErrorResponse(
                 status = HttpStatus.UNAUTHORIZED.value(), // 401
@@ -184,8 +215,6 @@ class GlobalExceptionHandler {
     // 예상하지 못한 예외를 잡는 handler
     @ExceptionHandler(Exception::class)
     fun handleUnexpectedException(e: Exception): ResponseEntity<ErrorResponse> {
-        // 배포 시 로깅 (logger.error("Unexpected error", e))
-        val log = LoggerFactory.getLogger(CourseExcelParser::class.java)
         log.error("UNEXPECTED_ERROR", e)
         val response =
             ErrorResponse(
@@ -219,7 +248,6 @@ class GlobalExceptionHandler {
         CannotAcquireLockException::class,
     )
     fun handleDbLockException(e: Exception): ResponseEntity<ErrorResponse> {
-        val log = LoggerFactory.getLogger(GlobalExceptionHandler::class.java)
         log.error("DB_LOCK_ERROR", e)
 
         val response =
@@ -234,7 +262,6 @@ class GlobalExceptionHandler {
 
     @ExceptionHandler(QueryTimeoutException::class)
     fun handleQueryTimeoutException(e: QueryTimeoutException): ResponseEntity<ErrorResponse> {
-        val log = LoggerFactory.getLogger(GlobalExceptionHandler::class.java)
         log.error("DB_TIMEOUT", e)
 
         val response =
@@ -249,7 +276,6 @@ class GlobalExceptionHandler {
 
     @ExceptionHandler(DataIntegrityViolationException::class)
     fun handleDataIntegrityViolationException(e: DataIntegrityViolationException): ResponseEntity<ErrorResponse> {
-        val log = LoggerFactory.getLogger(GlobalExceptionHandler::class.java)
         log.error("DB_CONSTRAINT_VIOLATION", e)
 
         val response =

src/main/kotlin/com/wafflestudio/team8server/config/OAuthConfigurationLogger.kt

@@ -0,0 +1,42 @@
+package com.wafflestudio.team8server.config
+
+import org.slf4j.LoggerFactory
+import org.springframework.boot.context.event.ApplicationReadyEvent
+import org.springframework.context.event.EventListener
+import org.springframework.stereotype.Component
+
+@Component
+class OAuthConfigurationLogger(
+    private val props: OAuthProperties,
+) {
+    private val log = LoggerFactory.getLogger(OAuthConfigurationLogger::class.java)
+
+    @EventListener(ApplicationReadyEvent::class)
+    fun logOAuthConfiguration() {
+        log.info(
+            "OAuth configuration loaded: kakao.clientId={}, kakao.clientSecret={}, kakao.adminKey={}, " +
+                "google.clientId={}, google.clientSecret={}",
+            describe(props.kakao.clientId),
+            describe(props.kakao.clientSecret),
+            describe(props.kakao.adminKey),
+            describe(props.google.clientId),
+            describe(props.google.clientSecret),
+        )
+    }
+
+    private fun describe(value: String?): String {
+        val normalized = value.orEmpty()
+        return "present=${normalized.isNotBlank()},length=${normalized.length},base64PaddedLike=${isBase64PaddedLike(normalized)}"
+    }
+
+    private fun isBase64PaddedLike(value: String): Boolean {
+        if (value.isBlank() || value.length % 4 != 0 || !value.endsWith("=")) {
+            return false
+        }
+        return BASE64_PATTERN.matches(value)
+    }
+
+    companion object {
+        private val BASE64_PATTERN = Regex("^[A-Za-z0-9+/]+={0,2}$")
+    }
+}

src/main/kotlin/com/wafflestudio/team8server/user/controller/AuthController.kt

@@ -18,6 +18,7 @@ import io.swagger.v3.oas.annotations.responses.ApiResponses
 import io.swagger.v3.oas.annotations.security.SecurityRequirement
 import io.swagger.v3.oas.annotations.tags.Tag
 import jakarta.validation.Valid
+import org.slf4j.LoggerFactory
 import org.springframework.http.HttpStatus
 import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestBody
@@ -33,6 +34,8 @@ class AuthController(
     private val authService: AuthService,
     private val socialAuthService: SocialAuthService,
 ) {
+    private val log = LoggerFactory.getLogger(AuthController::class.java)
+
     @Operation(
         summary = "회원가입",
         description =
@@ -263,7 +266,14 @@ class AuthController(
     @ResponseStatus(HttpStatus.OK)
     fun kakaoLogin(
         @Valid @RequestBody request: SocialLoginRequest,
-    ): LoginResponse = socialAuthService.kakaoLogin(request.code, request.redirectUri)
+    ): LoginResponse {
+        log.info(
+            "Social login request received: provider=kakao, codePresent={}, redirectUri={}",
+            request.code.isNotBlank(),
+            request.redirectUri,
+        )
+        return socialAuthService.kakaoLogin(request.code, request.redirectUri)
+    }
 
     @Operation(
         summary = "구글 소셜 로그인",
@@ -340,7 +350,14 @@ class AuthController(
     @ResponseStatus(HttpStatus.OK)
     fun googleLogin(
         @Valid @RequestBody request: SocialLoginRequest,
-    ): LoginResponse = socialAuthService.googleLogin(request.code, request.redirectUri)
+    ): LoginResponse {
+        log.info(
+            "Social login request received: provider=google, codePresent={}, redirectUri={}",
+            request.code.isNotBlank(),
+            request.redirectUri,
+        )
+        return socialAuthService.googleLogin(request.code, request.redirectUri)
+    }
 
     @Operation(
         summary = "로그아웃",

src/main/kotlin/com/wafflestudio/team8server/user/service/SocialAuthService.kt

@@ -14,6 +14,7 @@ import com.wafflestudio.team8server.user.service.social.google.GoogleIdTokenVeri
 import com.wafflestudio.team8server.user.service.social.google.GoogleOAuthClient
 import com.wafflestudio.team8server.user.service.social.kakao.KakaoOAuthClient
 import com.wafflestudio.team8server.user.util.NicknameGenerator
+import org.slf4j.LoggerFactory
 import org.springframework.stereotype.Service
 import org.springframework.transaction.annotation.Transactional
 
@@ -26,15 +27,27 @@ class SocialAuthService(
     private val googleOAuthClient: GoogleOAuthClient,
     private val googleIdTokenVerifier: GoogleIdTokenVerifier,
 ) {
+    private val log = LoggerFactory.getLogger(SocialAuthService::class.java)
+
     @Transactional
     fun kakaoLogin(
         code: String,
         redirectUri: String?,
     ): LoginResponse {
+        log.info(
+            "Social login started: provider=kakao, redirectUri={}",
+            redirectUri,
+        )
         val kakaoUserInfo =
             try {
                 kakaoOAuthClient.getUserInfo(code, redirectUri)
             } catch (e: Exception) {
+                log.warn(
+                    "Social login failed during OAuth exchange: provider=kakao, redirectUri={}, cause={}({})",
+                    redirectUri,
+                    e::class.simpleName,
+                    e.message,
+                )
                 throw UnauthorizedException("카카오 인증에 실패했습니다")
             }
 
@@ -44,6 +57,7 @@ class SocialAuthService(
 
         val existingCredential = socialCredentialRepository.findByProviderAndSocialId(provider, socialId)
         if (existingCredential != null) {
+            log.info("Social login succeeded: provider=kakao, existingUser=true")
             val accessToken = jwtTokenProvider.createToken(existingCredential.user.id.ensureNotNull(), existingCredential.user.role.name)
             return LoginResponse(
                 accessToken = accessToken,
@@ -67,6 +81,7 @@ class SocialAuthService(
                 socialId = socialId,
             )
         socialCredentialRepository.save(credential)
+        log.info("Social login succeeded: provider=kakao, existingUser=false")
 
         // JWT 발급 및 응답
         val accessToken = jwtTokenProvider.createToken(savedUser.id.ensureNotNull(), savedUser.role.name)
@@ -81,10 +96,20 @@ class SocialAuthService(
         code: String,
         redirectUri: String?,
     ): LoginResponse {
+        log.info(
+            "Social login started: provider=google, redirectUri={}",
+            redirectUri,
+        )
         val tokenResult =
             try {
                 googleOAuthClient.exchangeCodeForTokenResult(code, redirectUri)
             } catch (e: Exception) {
+                log.warn(
+                    "Social login failed during token exchange: provider=google, redirectUri={}, cause={}({})",
+                    redirectUri,
+                    e::class.simpleName,
+                    e.message,
+                )
                 throw UnauthorizedException("구글 인증에 실패했습니다")
             }
 
@@ -94,6 +119,11 @@ class SocialAuthService(
             try {
                 googleIdTokenVerifier.verifyAndExtract(idToken)
             } catch (e: Exception) {
+                log.warn(
+                    "Social login failed during id token verification: provider=google, cause={}({})",
+                    e::class.simpleName,
+                    e.message,
+                )
                 throw UnauthorizedException("구글 인증에 실패했습니다")
             }
 
@@ -106,6 +136,7 @@ class SocialAuthService(
             if (!tokenResult.refreshToken.isNullOrBlank()) {
                 existingCredential.refreshToken = tokenResult.refreshToken
             }
+            log.info("Social login succeeded: provider=google, existingUser=true")
             val accessToken = jwtTokenProvider.createToken(existingCredential.user.id.ensureNotNull(), existingCredential.user.role.name)
             return LoginResponse(
                 accessToken = accessToken,
@@ -128,6 +159,7 @@ class SocialAuthService(
                 refreshToken = tokenResult.refreshToken,
             )
         socialCredentialRepository.save(credential)
+        log.info("Social login succeeded: provider=google, existingUser=false")
 
         val accessToken = jwtTokenProvider.createToken(savedUser.id.ensureNotNull(), savedUser.role.name)
         return LoginResponse(

src/main/kotlin/com/wafflestudio/team8server/user/service/social/google/GoogleIdTokenVerifier.kt

@@ -2,6 +2,7 @@ package com.wafflestudio.team8server.user.service.social.google
 
 import com.wafflestudio.team8server.common.exception.UnauthorizedException
 import com.wafflestudio.team8server.config.OAuthProperties
+import org.slf4j.LoggerFactory
 import org.springframework.security.oauth2.jwt.Jwt
 import org.springframework.security.oauth2.jwt.JwtDecoder
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder
@@ -18,6 +19,7 @@ data class GoogleUserInfo(
 class GoogleIdTokenVerifier(
     private val props: OAuthProperties,
 ) {
+    private val log = LoggerFactory.getLogger(GoogleIdTokenVerifier::class.java)
     private val decoder: JwtDecoder =
         NimbusJwtDecoder.withJwkSetUri(props.google.jwkSetUri).build()
 
@@ -43,19 +45,34 @@ class GoogleIdTokenVerifier(
         try {
             decoder.decode(idToken)
         } catch (e: Exception) {
+            log.warn(
+                "Google id token decode failed: cause={}({})",
+                e::class.simpleName,
+                e.message,
+            )
             throw UnauthorizedException("구글 id_token 검증에 실패했습니다")
         }
 
     private fun validateIssuer(jwt: Jwt) {
         val issuer = jwt.issuer?.toString()
         if (issuer.isNullOrBlank() || issuer != props.google.issuer) {
+            log.warn(
+                "Google id token issuer mismatch: expected={}, actual={}",
+                props.google.issuer,
+                issuer,
+            )
             throw UnauthorizedException("구글 토큰 issuer가 올바르지 않습니다")
         }
     }
 
     private fun validateAudience(jwt: Jwt) {
         val aud = jwt.audience
         if (aud.isNullOrEmpty() || !aud.contains(props.google.clientId)) {
+            log.warn(
+                "Google id token audience mismatch: expectedClientIdLength={}, audienceCount={}",
+                props.google.clientId.length,
+                aud?.size ?: 0,
+            )
             throw UnauthorizedException("구글 토큰 audience가 올바르지 않습니다")
         }
     }