feat: 회원가입 로그인 시 redirect 제거, samesite none 쿠키 제공 (#88)

* feat: 회원가입, 로그인 시 302 대싱 200 반환 * chore: apply ktlint * test: 302 -> 200 으로 변경하여 깨진 테스트 복구 * feat: 로그인 시 same site none 쿠키 발급
2024-celuveat · Nov 17, 2024 · 363e256 · 363e256
1 parent a9a1f02
commit 363e256
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 24 deletions.
diff --git a/src/main/kotlin/com/celuveat/auth/adapter/in/rest/AuthContextArgumentResolver.kt b/src/main/kotlin/com/celuveat/auth/adapter/in/rest/AuthContextArgumentResolver.kt
@@ -2,7 +2,6 @@ package com.celuveat.auth.adapter.`in`.rest
 
 import com.celuveat.auth.application.port.`in`.ExtractMemberIdUseCase
 import com.celuveat.common.adapter.`in`.rest.getAccessTokenFromCookie
-import com.celuveat.common.adapter.`in`.rest.getTokenAuthorizationOrNull
 import com.celuveat.common.adapter.`in`.rest.toHttpServletRequest
 import org.springframework.core.MethodParameter
 import org.springframework.stereotype.Component

diff --git a/src/main/kotlin/com/celuveat/common/utils/CookieExtensions.kt b/src/main/kotlin/com/celuveat/common/utils/CookieExtensions.kt
@@ -1,21 +1,25 @@
 package com.celuveat.common.utils
 
-import jakarta.servlet.http.Cookie
 import jakarta.servlet.http.HttpServletResponse
+import org.springframework.http.ResponseCookie
 
 inline fun HttpServletResponse.addSecureCookie(
     name: String,
     value: String,
     path: String = "/",
-    maxAge: Int = -1,
+    maxAge: Long = -1,
     isHttpOnly: Boolean = true,
-    isSecure: Boolean = true
+    isSecure: Boolean = true,
+    sameSite: String = "Lex",
 ) {
-    val cookie = Cookie(name, value).apply {
-        this.isHttpOnly = isHttpOnly
-        this.secure = isSecure
-        this.path = path
-        this.maxAge = maxAge
-    }
-    this.addCookie(cookie)
+
+    val cookie = ResponseCookie.from(name, value)
+        .path(path)
+        .sameSite(sameSite)
+        .httpOnly(isHttpOnly)
+        .secure(isSecure)
+        .maxAge(maxAge)
+        .build()
+
+    this.addHeader("Set-Cookie", cookie.toString())
 }
diff --git a/src/main/kotlin/com/celuveat/member/adapter/in/rest/SocialLoginController.kt b/src/main/kotlin/com/celuveat/member/adapter/in/rest/SocialLoginController.kt
@@ -12,7 +12,6 @@ import com.celuveat.member.application.port.`in`.command.SocialLoginCommand
 import com.celuveat.member.application.port.`in`.command.WithdrawSocialLoginCommand
 import com.celuveat.member.domain.SocialLoginType
 import jakarta.servlet.http.HttpServletResponse
-import java.net.URI
 import org.springframework.http.HttpHeaders
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
@@ -45,9 +44,9 @@ class SocialLoginController(
         response.addSecureCookie(
             name = "accessToken",
             value = token.token,
+            sameSite = "None"
         )
-        return ResponseEntity.status(HttpStatus.FOUND)
-            .location(URI.create(requestOrigin))
+        return ResponseEntity.status(HttpStatus.OK)
             .build()
     }
 

diff --git a/src/main/kotlin/com/celuveat/region/adapter/out/static/RegionStaticRepository.kt b/src/main/kotlin/com/celuveat/region/adapter/out/static/RegionStaticRepository.kt
@@ -13,43 +13,43 @@ class RegionStaticRepository(
             name = "잠실",
             imageUrl = "${property.domain}/regions/jamsil.webp",
             latitude = 37.5067945,
-            longitude = 127.0830482
+            longitude = 127.0830482,
         ),
         RepresentativeRegionResult(
             name = "성수",
             imageUrl = "${property.domain}/regions/seongsu.webp",
             latitude = 37.5436099,
-            longitude = 127.0428194
+            longitude = 127.0428194,
         ),
         RepresentativeRegionResult(
             name = "홍대",
             imageUrl = "${property.domain}/regions/hongdae.webp",
             latitude = 37.5507254,
-            longitude = 126.9256382
+            longitude = 126.9256382,
         ),
         RepresentativeRegionResult(
             name = "을지로",
             imageUrl = "${property.domain}/regions/euljiro.webp",
             latitude = 37.5660286,
-            longitude = 126.9954924
+            longitude = 126.9954924,
         ),
         RepresentativeRegionResult(
             name = "압구정",
             imageUrl = "${property.domain}/regions/apgujeong.webp",
             latitude = 37.5271478,
-            longitude = 127.0334517
+            longitude = 127.0334517,
         ),
         RepresentativeRegionResult(
             name = "여의도",
             imageUrl = "${property.domain}/regions/yeouido.webp",
             latitude = 37.5295808,
-            longitude = 126.9326803
+            longitude = 126.9326803,
         ),
         RepresentativeRegionResult(
             name = "이태원",
             imageUrl = "${property.domain}/regions/leetaewon.webp",
             latitude = 37.5385051,
-            longitude = 126.9925224
+            longitude = 126.9925224,
         ),
     )
 

diff --git a/src/test/kotlin/com/celuveat/member/adapter/in/rest/SocialLoginControllerTest.kt b/src/test/kotlin/com/celuveat/member/adapter/in/rest/SocialLoginControllerTest.kt
@@ -49,8 +49,7 @@ class SocialLoginControllerTest(
                 param("authCode", authCode)
                 header("Origin", requestOrigin)
             }.andExpect {
-                status { isFound() }
-                header { string("Location", requestOrigin) }
+                status { isOk() }
                 cookie { exists("accessToken") }
             }.andDo {
                 print()

diff --git a/src/test/kotlin/com/celuveat/support/PersistenceAdapterTest.kt b/src/test/kotlin/com/celuveat/support/PersistenceAdapterTest.kt
@@ -18,7 +18,8 @@ import org.springframework.context.annotation.Import
     useDefaultFilters = false,
     includeFilters = [
         ComponentScan.Filter(type = FilterType.ANNOTATION, classes = [Adapter::class, Mapper::class]),
-        ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, classes = [EnablePropertiesConfiguration::class])],
+        ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, classes = [EnablePropertiesConfiguration::class]),
+    ],
     excludeFilters = [ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, classes = [TokenAdapter::class])],
 )
 @Import(JpaConfig::class, KotlinJdslAutoConfiguration::class, JdslConfig::class)