diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index d1ba61c..62d1e22 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -59,7 +59,30 @@ jobs: docker stop auth-server || true docker rm auth-server || true docker pull bjisu/auth-server:latest - docker run -d --name auth-server -p 8080:8080 bjisu/auth-server:latest + docker run -d --name auth-server -p 8081:8080 \ + -e SPRING_PROFILES_ACTIVE=prod \ + -e APP_BASE_URL=${{ secrets.APP_BASE_URL }} \ + -e JWT_PRIVATE_KEY=${{ secrets.JWT_PRIVATE_KEY }} \ + -e JWT_PUBLIC_KEY=${{ secrets.JWT_PUBLIC_KEY }} \ + -e "DB_URL=jdbc:mysql://${{ secrets.DB_HOST }}:${{ secrets.DB_PORT }}/${{ secrets.AUTH_DB_NAME }}?useSSL=false&serverTimezone=Asia/Seoul&allowPublicKeyRetrieval=true" \ + -e DB_USERNAME=${{ secrets.DB_USERNAME }} \ + -e DB_PASSWORD=${{ secrets.DB_PASSWORD }} \ + -e GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }} \ + -e GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }} \ + -e KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }} \ + -e KAKAO_CLIENT_SECRET=${{ secrets.KAKAO_CLIENT_SECRET }} \ + -e NAVER_CLIENT_ID=${{ secrets.NAVER_CLIENT_ID }} \ + -e NAVER_CLIENT_SECRET=${{ secrets.NAVER_CLIENT_SECRET }} \ + -e MAIL_USERNAME=${{ secrets.MAIL_USERNAME }} \ + -e MAIL_PASSWORD=${{ secrets.MAIL_PASSWORD }} \ + -e FRONTEND_CALLBACK_URL=${{ secrets.FRONTEND_CALLBACK_URL || 'https://retrip-web.vercel.app/auth/callback' }} \ + -e FRONTEND_PASSWORD_RESET_URL=${{ secrets.FRONTEND_PASSWORD_RESET_URL || 'https://retrip-web.vercel.app/reset-password' }} \ + -e AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ + -e AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ + -e PORTONE_STORE_ID=${{ secrets.PORTONE_STORE_ID }} \ + -e PORTONE_CHANNEL_KEY=${{ secrets.PORTONE_CHANNEL_KEY }} \ + -e PORTONE_API_SECRET=${{ secrets.PORTONE_API_SECRET }} \ + bjisu/auth-server:latest - name: IP 제거 (SSH 포트) if: ${{ always() }} diff --git a/.gitignore b/.gitignore index 93f67ae..480b112 100644 --- a/.gitignore +++ b/.gitignore @@ -14,7 +14,6 @@ application-prod-debug.yml .env.*.local # 테스트 파일 -test.html *.test.html # ==================================== diff --git a/src/main/java/com/retrip/auth/application/config/SecurityConfig.java b/src/main/java/com/retrip/auth/application/config/SecurityConfig.java index 227e39e..8318d47 100644 --- a/src/main/java/com/retrip/auth/application/config/SecurityConfig.java +++ b/src/main/java/com/retrip/auth/application/config/SecurityConfig.java @@ -8,6 +8,7 @@ import com.retrip.auth.infra.adapter.in.rest.filter.LoginAuthenticationFilter; import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -33,6 +34,7 @@ import java.util.List; +@Slf4j @Configuration @EnableWebSecurity @RequiredArgsConstructor @@ -68,6 +70,9 @@ public AuthenticationManager authenticationManager( @Value("${app.cookie.secure:true}") private boolean cookieSecure; + @Value("${app.frontend-callback-url:http://localhost:3000/auth/callback}") + private String frontendCallbackUrl; + @Bean public LoginAuthenticationFilter loginAuthenticationFilter( JwtConfig jwtConfig, @@ -111,6 +116,11 @@ public SecurityFilterChain securityFilterChain( .userService(customOAuth2UserService) ) .successHandler(oAuth2LoginSuccessHandler) + .failureHandler((request, response, exception) -> { + log.error("OAuth2 로그인 실패: {}", exception.getMessage()); + response.sendRedirect(frontendCallbackUrl + "?error=" + + java.net.URLEncoder.encode(exception.getMessage(), java.nio.charset.StandardCharsets.UTF_8)); + }) ) .authorizeHttpRequests(auth -> auth @@ -122,7 +132,8 @@ public SecurityFilterChain securityFilterChain( "/auth/password-reset/by-verification", "/auth/password-reset/by-email", "/auth/password-reset").permitAll() - .requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**").permitAll() + .requestMatchers("/swagger-ui/**", "/swagger-ui.html", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**").permitAll() + .requestMatchers("/test.html", "/").permitAll() // ✅ 추가: 본인인증 및 여행 스타일 조회 API 허용 .requestMatchers(HttpMethod.GET, "/api/travel-styles", "/api/users/check-nickname").permitAll() .requestMatchers(HttpMethod.POST, "/api/auth/verify-identity").authenticated() diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml index 86dcce8..1dd299f 100644 --- a/src/main/resources/application-prod.yml +++ b/src/main/resources/application-prod.yml @@ -1,3 +1,10 @@ +server: + forward-headers-strategy: framework + +app: + cookie: + secure: false + spring: datasource: url: ${DB_URL} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index a86d86d..c4b0f83 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -36,6 +36,7 @@ spring: authorization-grant-type: authorization_code scope: - profile_nickname + - account_email redirect-uri: "${APP_BASE_URL:http://localhost:8080}/login/oauth2/code/kakao" client-name: Kakao diff --git a/src/main/resources/test.html b/src/main/resources/static/test.html similarity index 100% rename from src/main/resources/test.html rename to src/main/resources/static/test.html