diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index d1ba61c..62d1e22 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -59,7 +59,30 @@ jobs: docker stop auth-server || true docker rm auth-server || true docker pull bjisu/auth-server:latest - docker run -d --name auth-server -p 8080:8080 bjisu/auth-server:latest + docker run -d --name auth-server -p 8081:8080 \ + -e SPRING_PROFILES_ACTIVE=prod \ + -e APP_BASE_URL=${{ secrets.APP_BASE_URL }} \ + -e JWT_PRIVATE_KEY=${{ secrets.JWT_PRIVATE_KEY }} \ + -e JWT_PUBLIC_KEY=${{ secrets.JWT_PUBLIC_KEY }} \ + -e "DB_URL=jdbc:mysql://${{ secrets.DB_HOST }}:${{ secrets.DB_PORT }}/${{ secrets.AUTH_DB_NAME }}?useSSL=false&serverTimezone=Asia/Seoul&allowPublicKeyRetrieval=true" \ + -e DB_USERNAME=${{ secrets.DB_USERNAME }} \ + -e DB_PASSWORD=${{ secrets.DB_PASSWORD }} \ + -e GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }} \ + -e GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }} \ + -e KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }} \ + -e KAKAO_CLIENT_SECRET=${{ secrets.KAKAO_CLIENT_SECRET }} \ + -e NAVER_CLIENT_ID=${{ secrets.NAVER_CLIENT_ID }} \ + -e NAVER_CLIENT_SECRET=${{ secrets.NAVER_CLIENT_SECRET }} \ + -e MAIL_USERNAME=${{ secrets.MAIL_USERNAME }} \ + -e MAIL_PASSWORD=${{ secrets.MAIL_PASSWORD }} \ + -e FRONTEND_CALLBACK_URL=${{ secrets.FRONTEND_CALLBACK_URL || 'https://retrip-web.vercel.app/auth/callback' }} \ + -e FRONTEND_PASSWORD_RESET_URL=${{ secrets.FRONTEND_PASSWORD_RESET_URL || 'https://retrip-web.vercel.app/reset-password' }} \ + -e AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ + -e AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ + -e PORTONE_STORE_ID=${{ secrets.PORTONE_STORE_ID }} \ + -e PORTONE_CHANNEL_KEY=${{ secrets.PORTONE_CHANNEL_KEY }} \ + -e PORTONE_API_SECRET=${{ secrets.PORTONE_API_SECRET }} \ + bjisu/auth-server:latest - name: IP 제거 (SSH 포트) if: ${{ always() }} diff --git a/src/main/java/com/retrip/auth/application/config/SecurityConfig.java b/src/main/java/com/retrip/auth/application/config/SecurityConfig.java index 227e39e..1955157 100644 --- a/src/main/java/com/retrip/auth/application/config/SecurityConfig.java +++ b/src/main/java/com/retrip/auth/application/config/SecurityConfig.java @@ -122,7 +122,8 @@ public SecurityFilterChain securityFilterChain( "/auth/password-reset/by-verification", "/auth/password-reset/by-email", "/auth/password-reset").permitAll() - .requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**").permitAll() + .requestMatchers("/swagger-ui/**", "/swagger-ui.html", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**").permitAll() + .requestMatchers("/test.html", "/").permitAll() // ✅ 추가: 본인인증 및 여행 스타일 조회 API 허용 .requestMatchers(HttpMethod.GET, "/api/travel-styles", "/api/users/check-nickname").permitAll() .requestMatchers(HttpMethod.POST, "/api/auth/verify-identity").authenticated() diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml index 86dcce8..1dd299f 100644 --- a/src/main/resources/application-prod.yml +++ b/src/main/resources/application-prod.yml @@ -1,3 +1,10 @@ +server: + forward-headers-strategy: framework + +app: + cookie: + secure: false + spring: datasource: url: ${DB_URL} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index a86d86d..9c39afb 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -26,6 +26,7 @@ spring: client-id: ${GOOGLE_CLIENT_ID:your-google-client-id} client-secret: ${GOOGLE_CLIENT_SECRET:your-google-client-secret} scope: + - openid - profile - email redirect-uri: "${APP_BASE_URL:http://localhost:8080}/login/oauth2/code/google" @@ -36,6 +37,7 @@ spring: authorization-grant-type: authorization_code scope: - profile_nickname + - account_email redirect-uri: "${APP_BASE_URL:http://localhost:8080}/login/oauth2/code/kakao" client-name: Kakao