T-10855 [feat] GET /authorize API 구현

operation-api/build.gradle

@@ -21,4 +21,8 @@ dependencies {
     // swagger
     implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.0.2'
 
+    // jwt builder library
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
+    runtimeOnly "io.jsonwebtoken:jjwt-impl:0.11.2"
+    runtimeOnly "io.jsonwebtoken:jjwt-jackson:0.11.2"
 }

operation-api/src/main/java/org/sopt/makers/operation/auth/api/AuthApi.java

@@ -0,0 +1,47 @@
+package org.sopt.makers.operation.auth.api;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import org.sopt.makers.operation.dto.BaseResponse;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.RequestParam;
+
+public interface AuthApi {
+    @Operation(
+            security = @SecurityRequirement(name = "Authorization"),
+            summary = "플랫폼 인가코드 반환 API",
+            responses = {
+                    @ApiResponse(
+                            responseCode = "200",
+                            description = "플랫폼 인가코드 반환 성공"
+                    ),
+                    @ApiResponse(
+                            responseCode = "400",
+                            description = """
+                                    1. 쿼리 파라미터 중 데이터가 들어오지 않았습니다.\n
+                                    2. 유효하지 않은 social type 입니다.\n
+                                    3. 유효하지 않은 id token 입니다.\n
+                                    4. 유효하지 않은 social code 입니다.
+                                    """
+                    ),
+                    @ApiResponse(
+                            responseCode = "404",
+                            description = """
+                                    등록되지 않은 팀입니다.
+                                    등록된 소셜 정보가 없습니다.
+                                    """
+                    ),
+                    @ApiResponse(
+                            responseCode = "500",
+                            description = "서버 내부 오류"
+                    )
+            }
+    )
+    ResponseEntity<BaseResponse<?>> authorize(
+            @RequestParam String type,
+            @RequestParam String code,
+            @RequestParam String clientId,
+            @RequestParam String redirectUri
+    );
+}

operation-api/src/main/java/org/sopt/makers/operation/auth/api/AuthApiController.java

@@ -0,0 +1,66 @@
+package org.sopt.makers.operation.auth.api;
+
+import lombok.RequiredArgsConstructor;
+import lombok.val;
+import org.sopt.makers.operation.auth.dto.response.AuthorizationCodeResponse;
+import org.sopt.makers.operation.auth.service.AuthService;
+import org.sopt.makers.operation.dto.BaseResponse;
+import org.sopt.makers.operation.exception.AuthException;
+import org.sopt.makers.operation.user.domain.SocialType;
+import org.sopt.makers.operation.util.ApiResponseUtil;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+import static org.sopt.makers.operation.code.failure.auth.AuthFailureCode.INVALID_SOCIAL_TYPE;
+import static org.sopt.makers.operation.code.failure.auth.AuthFailureCode.NOT_NULL_PARAMS;
+import static org.sopt.makers.operation.code.failure.auth.AuthFailureCode.NOT_FOUNT_REGISTERED_TEAM;
+import static org.sopt.makers.operation.code.success.auth.AuthSuccessCode.SUCCESS_GET_AUTHORIZATION_CODE;
+
+@RestController
+@RequestMapping("/api/v1")
+@RequiredArgsConstructor
+public class AuthApiController implements AuthApi {
+    private final ConcurrentHashMap<String, String> tempPlatformCode = new ConcurrentHashMap<>();
+    private final AuthService authService;
+
+    @Override
+    @GetMapping("/authorize")
+    public ResponseEntity<BaseResponse<?>> authorize(
+            @RequestParam String type,
+            @RequestParam String code,
+            @RequestParam String clientId,
+            @RequestParam String redirectUri
+    ) {
+        if (checkParamsIsNull(type, code, clientId, redirectUri)) throw new AuthException(NOT_NULL_PARAMS);
+        if (authService.checkRegisteredTeamOAuthInfo(clientId, redirectUri)) throw new AuthException(NOT_FOUNT_REGISTERED_TEAM);
+        if (!SocialType.isContains(type)) throw new AuthException(INVALID_SOCIAL_TYPE);
+
+        val userId = findUserIdBySocialTypeAndCode(type, code);
+        val platformCode = generatePlatformCode(userId);
+        return ApiResponseUtil.success(SUCCESS_GET_AUTHORIZATION_CODE, new AuthorizationCodeResponse(platformCode));
+    }
+
+    private boolean checkParamsIsNull(String... params) {
+        for (String param : params) {
+            if (param == null) return true;
+        }
+        return false;
+    }
+
+    private Long findUserIdBySocialTypeAndCode(String type, String code) {
+        val socialType = SocialType.valueOf(type);
+        val userSocialId = authService.getSocialUserInfo(socialType, code);
+        return authService.getUserId(socialType, userSocialId);
+    }
+
+    private String generatePlatformCode(Long userId) {
+        val platformCode = authService.generatePlatformCode(userId);
+        tempPlatformCode.putIfAbsent(platformCode, platformCode);
+        return platformCode;
+    }
+}

operation-api/src/main/java/org/sopt/makers/operation/auth/dto/response/AuthorizationCodeResponse.java

@@ -0,0 +1,4 @@
+package org.sopt.makers.operation.auth.dto.response;
+
+public record AuthorizationCodeResponse(String platformCode) {
+}

operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthService.java

@@ -0,0 +1,13 @@
+package org.sopt.makers.operation.auth.service;
+
+import org.sopt.makers.operation.user.domain.SocialType;
+
+public interface AuthService {
+    boolean checkRegisteredTeamOAuthInfo(String clientId, String redirectUri);
+
+    String getSocialUserInfo(SocialType type, String code);
+
+    Long getUserId(SocialType socialType, String userSocialId);
+
+    String generatePlatformCode(Long userId);
+}

operation-api/src/main/java/org/sopt/makers/operation/auth/service/AuthServiceImpl.java

@@ -0,0 +1,67 @@
+package org.sopt.makers.operation.auth.service;
+
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import jakarta.xml.bind.DatatypeConverter;
+import lombok.RequiredArgsConstructor;
+import lombok.val;
+import org.sopt.makers.operation.auth.repository.TeamOAuthInfoRepository;
+import org.sopt.makers.operation.client.social.SocialLoginManager;
+import org.sopt.makers.operation.config.ValueConfig;
+import org.sopt.makers.operation.exception.AuthException;
+import org.sopt.makers.operation.user.domain.SocialType;
+import org.sopt.makers.operation.user.repository.identityinfo.UserIdentityInfoRepository;
+import org.springframework.stereotype.Service;
+
+import javax.crypto.spec.SecretKeySpec;
+import java.time.ZoneId;
+import java.util.Date;
+
+import static org.sopt.makers.operation.code.failure.auth.AuthFailureCode.INVALID_SOCIAL_CODE;
+import static org.sopt.makers.operation.code.failure.auth.AuthFailureCode.NOT_FOUND_USER_SOCIAL_IDENTITY_INFO;
+
+@Service
+@RequiredArgsConstructor
+public class AuthServiceImpl implements AuthService {
+    private static final ZoneId KST = ZoneId.of("Asia/Seoul");
+    private final SocialLoginManager socialLoginManager;
+    private final TeamOAuthInfoRepository teamOAuthInfoRepository;
+    private final UserIdentityInfoRepository userIdentityInfoRepository;
+
+    private final ValueConfig valueConfig;
+
+    @Override
+    public boolean checkRegisteredTeamOAuthInfo(String clientId, String redirectUri) {
+        return teamOAuthInfoRepository.existsByClientIdAndRedirectUri(clientId, redirectUri);
+    }
+
+    @Override
+    public String getSocialUserInfo(SocialType type, String code) {
+        val idToken = socialLoginManager.getIdTokenByCode(type, code);
+        if (idToken == null) throw new AuthException(INVALID_SOCIAL_CODE);
+        return socialLoginManager.getUserInfo(idToken);
+    }
+
+    @Override
+    public Long getUserId(SocialType socialType, String userSocialId) {
+        val userIdentityInfo = userIdentityInfoRepository.findBySocialTypeAndSocialId(socialType, userSocialId)
+                .orElseThrow(() -> new AuthException(NOT_FOUND_USER_SOCIAL_IDENTITY_INFO));
+        return userIdentityInfo.getUserId();
+    }
+
+    @Override
+    public String generatePlatformCode(Long userId) {
+        val platformCodeSecretKey = valueConfig.getPlatformCodeSecretKey();
+
+        val signatureAlgorithm = SignatureAlgorithm.HS256;
+        val secretKeyBytes = DatatypeConverter.parseBase64Binary(platformCodeSecretKey);
+        val signingKey = new SecretKeySpec(secretKeyBytes, signatureAlgorithm.getJcaName());
+        val exp = new Date().toInstant().atZone(KST)
+                .toLocalDateTime().plusMinutes(5).atZone(KST).toInstant();
+        return Jwts.builder()
+                .setSubject(Long.toString(userId))
+                .setExpiration(Date.from(exp))
+                .signWith(signingKey, signatureAlgorithm)
+                .compact();
+    }
+}

operation-common/src/main/java/org/sopt/makers/operation/code/failure/auth/AuthFailureCode.java

@@ -0,0 +1,27 @@
+package org.sopt.makers.operation.code.failure.auth;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import org.sopt.makers.operation.code.failure.FailureCode;
+import org.springframework.http.HttpStatus;
+
+import static org.springframework.http.HttpStatus.BAD_REQUEST;
+import static org.springframework.http.HttpStatus.NOT_FOUND;
+
+@Getter
+@RequiredArgsConstructor
+public enum AuthFailureCode implements FailureCode {
+    // 400
+    NOT_NULL_PARAMS(BAD_REQUEST, "쿼리 파라미터 중 데이터가 들어오지 않았습니다."),
+    INVALID_SOCIAL_TYPE(BAD_REQUEST, "유효하지 않은 social type 입니다."),
+    INVALID_ID_TOKEN(BAD_REQUEST, "유효하지 않은 id token 입니다."),
+    INVALID_SOCIAL_CODE(BAD_REQUEST, "유효하지 않은 social code 입니다."),
+    FAILURE_READ_PRIVATE_KEY(BAD_REQUEST, "Private key 읽기 실패"),
+    // 404
+    NOT_FOUNT_REGISTERED_TEAM(NOT_FOUND, "등록되지 않은 팀입니다."),
+    NOT_FOUND_USER_SOCIAL_IDENTITY_INFO(NOT_FOUND, "등록된 소셜 정보가 없습니다."),
+    ;
+
+    private final HttpStatus status;
+    private final String message;
+}

operation-common/src/main/java/org/sopt/makers/operation/code/success/auth/AuthSuccessCode.java

@@ -0,0 +1,16 @@
+package org.sopt.makers.operation.code.success.auth;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import org.sopt.makers.operation.code.success.SuccessCode;
+import org.springframework.http.HttpStatus;
+
+import static org.springframework.http.HttpStatus.OK;
+
+@Getter
+@RequiredArgsConstructor
+public enum AuthSuccessCode implements SuccessCode {
+    SUCCESS_GET_AUTHORIZATION_CODE(OK, "플랫폼 인가코드 발급 성공");
+    private final HttpStatus status;
+    private final String message;
+}

operation-common/src/main/java/org/sopt/makers/operation/config/ValueConfig.java

@@ -36,6 +36,22 @@ public class ValueConfig {
 	private String playGroundURI;
 	@Value("${sopt.makers.playground.token}")
 	private String playGroundToken;
+	@Value("${oauth.apple.key.id}")
+	private String appleKeyId;
+	@Value("${oauth.apple.team.id}")
+	private String appleTeamId;
+	@Value("${oauth.apple.aud}")
+	private String appleAud;
+	@Value("${oauth.apple.sub}")
+	private String appleSub;
+	@Value("${oauth.google.client.id}")
+	private String googleClientId;
+	@Value("${oauth.google.client.secret}")
+	private String googleClientSecret;
+	@Value("${oauth.google.redirect.url}")
+	private String googleRedirectUrl;
+	@Value("${spring.jwt.secretKey.platform_code}")
+	private String platformCodeSecretKey;
 
 	private final int SUB_LECTURE_MAX_ROUND = 2;
 	private final int MAX_LECTURE_COUNT = 2;

operation-common/src/main/java/org/sopt/makers/operation/exception/AuthException.java

@@ -0,0 +1,14 @@
+package org.sopt.makers.operation.exception;
+
+import lombok.Getter;
+import org.sopt.makers.operation.code.failure.FailureCode;
+
+@Getter
+public class AuthException extends RuntimeException{
+    private final FailureCode failureCode;
+
+    public AuthException(FailureCode failureCode) {
+        super("[AuthException] : " + failureCode.getMessage());
+        this.failureCode = failureCode;
+    }
+}

operation-domain/src/main/java/org/sopt/makers/operation/auth/domain/Team.java

@@ -0,0 +1,5 @@
+package org.sopt.makers.operation.auth.domain;
+
+public enum Team {
+    PLAYGROUND, CREW, APP
+}

operation-domain/src/main/java/org/sopt/makers/operation/auth/domain/TeamOAuthInfo.java

@@ -0,0 +1,24 @@
+package org.sopt.makers.operation.auth.domain;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.Id;
+
+import static jakarta.persistence.GenerationType.IDENTITY;
+
+@Entity
+public class TeamOAuthInfo {
+    @Id
+    @GeneratedValue(strategy = IDENTITY)
+    private Long id;
+    @Column(name = "client_id", nullable = false)
+    private String clientId;
+    @Column(name = "redirect_uri", nullable = false)
+    private String redirectUri;
+    @Column(name = "team", nullable = false)
+    @Enumerated(EnumType.STRING)
+    private Team team;
+}

operation-domain/src/main/java/org/sopt/makers/operation/auth/repository/TeamOAuthInfoRepository.java

@@ -0,0 +1,8 @@
+package org.sopt.makers.operation.auth.repository;
+
+import org.sopt.makers.operation.auth.domain.TeamOAuthInfo;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface TeamOAuthInfoRepository extends JpaRepository<TeamOAuthInfo, Long> {
+    boolean existsByClientIdAndRedirectUri(String clientId, String redirectUri);
+}

operation-domain/src/main/java/org/sopt/makers/operation/user/domain/SocialType.java

@@ -1,6 +1,15 @@
 package org.sopt.makers.operation.user.domain;
 
+import java.util.Arrays;
+
 public enum SocialType {
     GOOGLE,
-    APPLE,
+    APPLE;
+
+
+    public static boolean isContains(String type) {
+        SocialType[] socialTypes = SocialType.values();
+        return Arrays.stream(socialTypes)
+                .anyMatch(socialType -> socialType.name().equals(type));
+    }
 }

operation-domain/src/main/java/org/sopt/makers/operation/user/repository/identityinfo/UserIdentityInfoRepository.java

@@ -0,0 +1,11 @@
+package org.sopt.makers.operation.user.repository.identityinfo;
+
+import org.sopt.makers.operation.user.domain.SocialType;
+import org.sopt.makers.operation.user.domain.UserIdentityInfo;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.Optional;
+
+public interface UserIdentityInfoRepository extends JpaRepository<UserIdentityInfo, Long> {
+    Optional<UserIdentityInfo> findBySocialTypeAndSocialId(SocialType socialType, String socialId);
+}

operation-external/build.gradle

@@ -11,6 +11,16 @@ dependencies {
     implementation project(path: ':operation-domain')
 
     implementation 'org.springframework.boot:spring-boot-starter-web'
+
+    implementation 'org.bouncycastle:bcprov-jdk18on:1.75'
+    implementation 'org.bouncycastle:bcpkix-jdk18on:1.75'
+
+    // jwt builder library
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
+    runtimeOnly "io.jsonwebtoken:jjwt-impl:0.11.2"
+    runtimeOnly "io.jsonwebtoken:jjwt-jackson:0.11.2"
+    // jwt payload read library
+    implementation "com.nimbusds:nimbus-jose-jwt:7.8.1"
 }
 
 test {