From d0ab42ef799082c54c6eebdcfc3c44b7ebed777d Mon Sep 17 00:00:00 2001
From: rim109 <fla7722@naver.com>
Date: Sat, 20 Jul 2024 05:17:53 +0900
Subject: [PATCH 1/2] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Refactor:=20=EA=B2=BD?=
 =?UTF-8?q?=EB=A1=9C=20=EC=88=98=EC=A0=95=20(#68)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

-통일성을 위해서 변경
---
 .../eatsfinder/domain/follow/controller/FollowController.kt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/kotlin/com/eatsfinder/domain/follow/controller/FollowController.kt b/src/main/kotlin/com/eatsfinder/domain/follow/controller/FollowController.kt
index 3987e27d..c0ab7972 100644
--- a/src/main/kotlin/com/eatsfinder/domain/follow/controller/FollowController.kt
+++ b/src/main/kotlin/com/eatsfinder/domain/follow/controller/FollowController.kt
@@ -20,14 +20,14 @@ class FollowController(
 ) {
 
     @Operation(summary = "팔로우 확인")
-    @GetMapping("/follow")
+    @GetMapping("/follows")
     fun checkFollowing(@AuthenticationPrincipal userPrincipal: UserPrincipal, @RequestParam followUserId: Long): ResponseEntity<FollowResponse>{
         val userId = userPrincipal.id
         return ResponseEntity.status(HttpStatus.OK).body(followService.checkFollowing(userId, followUserId))
     }
 
     @Operation(summary = "유저 팔로우 하기")
-    @PostMapping("/follow")
+    @PostMapping("/follows")
     fun createUserFollow(
         @AuthenticationPrincipal userPrincipal: UserPrincipal,
         @RequestParam followUserId: Long
@@ -38,7 +38,7 @@ class FollowController(
     }
 
     @Operation(summary = "유저 언팔로우 하기")
-    @DeleteMapping("/follow")
+    @DeleteMapping("/follows")
     fun deleteUserFollow(
         @AuthenticationPrincipal userPrincipal: UserPrincipal,
         @RequestParam unfollowUserId: Long

From fe61023ed8db51ac9b95b70eba91058a321210de Mon Sep 17 00:00:00 2001
From: rim109 <fla7722@naver.com>
Date: Fri, 26 Jul 2024 14:36:23 +0900
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=90=9B=20Fix:=20=EA=B2=BD=EB=A1=9C=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95=20(#72)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

-securityconfig에 cors disable 추가 및 세션 관련 설정도 추가
- webconfig에 프론트 도메인 추가
- response 추가
- OAuth2LoginController 수정
---
 .../user/controller/OAuth2LoginController.kt  | 23 ++++---------------
 .../domain/user/dto/oauth/OAuthResponse.kt    |  5 ++++
 .../global/security/SecurityConfig.kt         |  8 ++++++-
 .../com/eatsfinder/global/web/WebConfig.kt    |  5 ++--
 4 files changed, 19 insertions(+), 22 deletions(-)
 create mode 100644 src/main/kotlin/com/eatsfinder/domain/user/dto/oauth/OAuthResponse.kt

diff --git a/src/main/kotlin/com/eatsfinder/domain/user/controller/OAuth2LoginController.kt b/src/main/kotlin/com/eatsfinder/domain/user/controller/OAuth2LoginController.kt
index ed418dea..7cf60f1e 100644
--- a/src/main/kotlin/com/eatsfinder/domain/user/controller/OAuth2LoginController.kt
+++ b/src/main/kotlin/com/eatsfinder/domain/user/controller/OAuth2LoginController.kt
@@ -1,14 +1,12 @@
 package com.eatsfinder.domain.user.controller
 
+import com.eatsfinder.domain.user.dto.oauth.OAuthResponse
 import com.eatsfinder.domain.user.model.SocialType
 import com.eatsfinder.domain.user.service.OAuth2LoginService
 import com.eatsfinder.global.oauth.client.OAuth2ClientService
 import io.swagger.v3.oas.annotations.Operation
 import jakarta.servlet.http.HttpServletResponse
-import org.springframework.beans.factory.annotation.Value
-import org.springframework.http.HttpHeaders
 import org.springframework.http.HttpStatus
-import org.springframework.http.ResponseCookie
 import org.springframework.http.ResponseEntity
 import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.web.bind.annotation.GetMapping
@@ -16,16 +14,13 @@ import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RequestParam
 import org.springframework.web.bind.annotation.RestController
-import java.net.URI
 
 @RestController
 @RequestMapping("/auth")
 class OAuth2LoginController(
-    @Value("\${frontend.domain}") private val loginRedirectUrl: String,
     private val oAuth2LoginService: OAuth2LoginService,
     private val oAuth2Client: OAuth2ClientService
 ) {
-    private val localHost = "$loginRedirectUrl/"
 
     @Operation(summary = "소셜 로그인 (로그인 페이지로 Redirect 하기)")
     @PreAuthorize("isAnonymous()")
@@ -43,21 +38,11 @@ class OAuth2LoginController(
     fun callback(
         @PathVariable provider: SocialType,
         @RequestParam(name = "code") authorizationCode: String
-    ): ResponseEntity<Unit> {
+    ): ResponseEntity<OAuthResponse> {
 
         val accessToken = oAuth2LoginService.login(provider, authorizationCode)
-        val cookie = ResponseCookie
-            .from("accessToken", accessToken)
-            .httpOnly(true)
-            .path("/")
-            .maxAge(604800)
-            .build()
+        val oauthResponse = OAuthResponse(accessToken)
 
-        val headers = HttpHeaders()
-            .also { it.location = URI.create(localHost) }
-            .also { it.add(HttpHeaders.SET_COOKIE, cookie.toString()) }
-
-
-        return ResponseEntity(headers, HttpStatus.PERMANENT_REDIRECT)
+        return ResponseEntity(oauthResponse, HttpStatus.OK)
     }
 }
\ No newline at end of file
diff --git a/src/main/kotlin/com/eatsfinder/domain/user/dto/oauth/OAuthResponse.kt b/src/main/kotlin/com/eatsfinder/domain/user/dto/oauth/OAuthResponse.kt
new file mode 100644
index 00000000..1dd3d48e
--- /dev/null
+++ b/src/main/kotlin/com/eatsfinder/domain/user/dto/oauth/OAuthResponse.kt
@@ -0,0 +1,5 @@
+package com.eatsfinder.domain.user.dto.oauth
+
+data class OAuthResponse(
+    val accessToken: String
+)
diff --git a/src/main/kotlin/com/eatsfinder/global/security/SecurityConfig.kt b/src/main/kotlin/com/eatsfinder/global/security/SecurityConfig.kt
index 7ae3a445..bd4c2f54 100644
--- a/src/main/kotlin/com/eatsfinder/global/security/SecurityConfig.kt
+++ b/src/main/kotlin/com/eatsfinder/global/security/SecurityConfig.kt
@@ -3,9 +3,11 @@ package com.eatsfinder.global.security
 import com.eatsfinder.global.security.jwt.JwtAuthenticationFilter
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
@@ -22,11 +24,14 @@ class SecurityConfig(
             .httpBasic { it.disable() }
             .formLogin { it.disable() }
             .csrf { it.disable() }
+            .cors { it.disable() }
+            .sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
             .authorizeHttpRequests {
                 it.requestMatchers(
                     "/swagger-ui/**",
                     "/v3/api-docs/**",
-                    "/auth/**",
+                    "/auth/login/**",
+                    "/auth/callback/**",
                     "/profile/**",
                     "/my-profile/**",
                     "/post-like/**",
@@ -36,6 +41,7 @@ class SecurityConfig(
                 ).permitAll().anyRequest().authenticated()
             }
             .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter::class.java)
+            .headers { it.frameOptions { it1 -> it1.disable() } }
             .build()
     }
 }
\ No newline at end of file
diff --git a/src/main/kotlin/com/eatsfinder/global/web/WebConfig.kt b/src/main/kotlin/com/eatsfinder/global/web/WebConfig.kt
index 2d126869..1b1f394a 100644
--- a/src/main/kotlin/com/eatsfinder/global/web/WebConfig.kt
+++ b/src/main/kotlin/com/eatsfinder/global/web/WebConfig.kt
@@ -9,7 +9,8 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
 
 @Configuration
 class WebConfig(
-    @Value("\${kApi.url}") private val kApiUrl: String
+    @Value("\${kApi.url}") private val kApiUrl: String,
+    @Value("\${frontend.domain}") private val frontDomain: String,
 ) : WebMvcConfigurer {
     override fun addFormatters(registry: FormatterRegistry) {
         registry.addConverter(OAuth2ProviderConverter())
@@ -18,7 +19,7 @@ class WebConfig(
     override fun addCorsMappings(registry: CorsRegistry) {
         registry.addMapping("/**")
             .allowedOrigins(
-                "http://localhost:8080", "http://localhost:8090", "http://localhost:3000", kApiUrl,
+                "http://localhost:8080", "http://localhost:8090", "http://localhost:3000", kApiUrl, frontDomain
             )
             .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS")
             .allowedHeaders("*")