fix: Google OIDC 오류 수정 및 test.html static 이동

.github/workflows/deploy.yml

@@ -59,7 +59,30 @@ jobs:
           docker stop auth-server || true
           docker rm auth-server || true
           docker pull bjisu/auth-server:latest
-          docker run -d --name auth-server -p 8080:8080 bjisu/auth-server:latest
+          docker run -d --name auth-server -p 8081:8080 \
+            -e SPRING_PROFILES_ACTIVE=prod \
+            -e APP_BASE_URL=${{ secrets.APP_BASE_URL }} \
+            -e JWT_PRIVATE_KEY=${{ secrets.JWT_PRIVATE_KEY }} \
+            -e JWT_PUBLIC_KEY=${{ secrets.JWT_PUBLIC_KEY }} \
+            -e "DB_URL=jdbc:mysql://${{ secrets.DB_HOST }}:${{ secrets.DB_PORT }}/${{ secrets.AUTH_DB_NAME }}?useSSL=false&serverTimezone=Asia/Seoul&allowPublicKeyRetrieval=true" \
+            -e DB_USERNAME=${{ secrets.DB_USERNAME }} \
+            -e DB_PASSWORD=${{ secrets.DB_PASSWORD }} \
+            -e GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }} \
+            -e GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }} \
+            -e KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }} \
+            -e KAKAO_CLIENT_SECRET=${{ secrets.KAKAO_CLIENT_SECRET }} \
+            -e NAVER_CLIENT_ID=${{ secrets.NAVER_CLIENT_ID }} \
+            -e NAVER_CLIENT_SECRET=${{ secrets.NAVER_CLIENT_SECRET }} \
+            -e MAIL_USERNAME=${{ secrets.MAIL_USERNAME }} \
+            -e MAIL_PASSWORD=${{ secrets.MAIL_PASSWORD }} \
+            -e FRONTEND_CALLBACK_URL=${{ secrets.FRONTEND_CALLBACK_URL || 'https://retrip-web.vercel.app/auth/callback' }} \
+            -e FRONTEND_PASSWORD_RESET_URL=${{ secrets.FRONTEND_PASSWORD_RESET_URL || 'https://retrip-web.vercel.app/reset-password' }} \
+            -e AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \
+            -e AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \
+            -e PORTONE_STORE_ID=${{ secrets.PORTONE_STORE_ID }} \
+            -e PORTONE_CHANNEL_KEY=${{ secrets.PORTONE_CHANNEL_KEY }} \
+            -e PORTONE_API_SECRET=${{ secrets.PORTONE_API_SECRET }} \
+            bjisu/auth-server:latest
 
     - name: IP 제거 (SSH 포트)
       if: ${{ always() }}

.gitignore

@@ -14,7 +14,6 @@ application-prod-debug.yml
 .env.*.local
 
 # 테스트 파일
-test.html
 *.test.html
 
 # ====================================

src/main/java/com/retrip/auth/application/config/SecurityConfig.java

@@ -8,6 +8,7 @@
 import com.retrip.auth.infra.adapter.in.rest.filter.LoginAuthenticationFilter;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -33,6 +34,7 @@
 
 import java.util.List;
 
+@Slf4j
 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
@@ -68,6 +70,9 @@ public AuthenticationManager authenticationManager(
     @Value("${app.cookie.secure:true}")
     private boolean cookieSecure;
 
+    @Value("${app.frontend-callback-url:http://localhost:3000/auth/callback}")
+    private String frontendCallbackUrl;
+
     @Bean
     public LoginAuthenticationFilter loginAuthenticationFilter(
             JwtConfig jwtConfig,
@@ -111,6 +116,11 @@ public SecurityFilterChain securityFilterChain(
                                 .userService(customOAuth2UserService)
                         )
                         .successHandler(oAuth2LoginSuccessHandler)
+                        .failureHandler((request, response, exception) -> {
+                            log.error("OAuth2 로그인 실패: {}", exception.getMessage());
+                            response.sendRedirect(frontendCallbackUrl + "?error=" +
+                                    java.net.URLEncoder.encode(exception.getMessage(), java.nio.charset.StandardCharsets.UTF_8));
+                        })
                 )
 
                 .authorizeHttpRequests(auth -> auth
@@ -122,7 +132,8 @@ public SecurityFilterChain securityFilterChain(
                                 "/auth/password-reset/by-verification",
                                 "/auth/password-reset/by-email",
                                 "/auth/password-reset").permitAll()
-                        .requestMatchers("/swagger-ui/**", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**").permitAll()
+                        .requestMatchers("/swagger-ui/**", "/swagger-ui.html", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**").permitAll()
+                        .requestMatchers("/test.html", "/").permitAll()
                         // ✅ 추가: 본인인증 및 여행 스타일 조회 API 허용
                         .requestMatchers(HttpMethod.GET, "/api/travel-styles", "/api/users/check-nickname").permitAll()
                         .requestMatchers(HttpMethod.POST, "/api/auth/verify-identity").authenticated()

src/main/resources/application-prod.yml

@@ -1,3 +1,10 @@
+server:
+  forward-headers-strategy: framework
+
+app:
+  cookie:
+    secure: false
+
 spring:
   datasource:
     url: ${DB_URL}

src/main/resources/application.yml

@@ -36,6 +36,7 @@ spring:
             authorization-grant-type: authorization_code
             scope:
               - profile_nickname
+              - account_email
             redirect-uri: "${APP_BASE_URL:http://localhost:8080}/login/oauth2/code/kakao"
             client-name: Kakao