Feat/follow

src/main/kotlin/com/eatsfinder/domain/follow/controller/FollowController.kt

@@ -20,14 +20,14 @@ class FollowController(
 ) {
 
     @Operation(summary = "팔로우 확인")
-    @GetMapping("/follow")
+    @GetMapping("/follows")
     fun checkFollowing(@AuthenticationPrincipal userPrincipal: UserPrincipal, @RequestParam followUserId: Long): ResponseEntity<FollowResponse>{
         val userId = userPrincipal.id
         return ResponseEntity.status(HttpStatus.OK).body(followService.checkFollowing(userId, followUserId))
     }
 
     @Operation(summary = "유저 팔로우 하기")
-    @PostMapping("/follow")
+    @PostMapping("/follows")
     fun createUserFollow(
         @AuthenticationPrincipal userPrincipal: UserPrincipal,
         @RequestParam followUserId: Long
@@ -38,7 +38,7 @@ class FollowController(
     }
 
     @Operation(summary = "유저 언팔로우 하기")
-    @DeleteMapping("/follow")
+    @DeleteMapping("/follows")
     fun deleteUserFollow(
         @AuthenticationPrincipal userPrincipal: UserPrincipal,
         @RequestParam unfollowUserId: Long

src/main/kotlin/com/eatsfinder/domain/user/controller/OAuth2LoginController.kt

@@ -1,31 +1,26 @@
 package com.eatsfinder.domain.user.controller
 
+import com.eatsfinder.domain.user.dto.oauth.OAuthResponse
 import com.eatsfinder.domain.user.model.SocialType
 import com.eatsfinder.domain.user.service.OAuth2LoginService
 import com.eatsfinder.global.oauth.client.OAuth2ClientService
 import io.swagger.v3.oas.annotations.Operation
 import jakarta.servlet.http.HttpServletResponse
-import org.springframework.beans.factory.annotation.Value
-import org.springframework.http.HttpHeaders
 import org.springframework.http.HttpStatus
-import org.springframework.http.ResponseCookie
 import org.springframework.http.ResponseEntity
 import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RequestParam
 import org.springframework.web.bind.annotation.RestController
-import java.net.URI
 
 @RestController
 @RequestMapping("/auth")
 class OAuth2LoginController(
-    @Value("\${frontend.domain}") private val loginRedirectUrl: String,
     private val oAuth2LoginService: OAuth2LoginService,
     private val oAuth2Client: OAuth2ClientService
 ) {
-    private val localHost = "$loginRedirectUrl/"
 
     @Operation(summary = "소셜 로그인 (로그인 페이지로 Redirect 하기)")
     @PreAuthorize("isAnonymous()")
@@ -43,21 +38,11 @@ class OAuth2LoginController(
     fun callback(
         @PathVariable provider: SocialType,
         @RequestParam(name = "code") authorizationCode: String
-    ): ResponseEntity<Unit> {
+    ): ResponseEntity<OAuthResponse> {
 
         val accessToken = oAuth2LoginService.login(provider, authorizationCode)
-        val cookie = ResponseCookie
-            .from("accessToken", accessToken)
-            .httpOnly(true)
-            .path("/")
-            .maxAge(604800)
-            .build()
+        val oauthResponse = OAuthResponse(accessToken)
 
-        val headers = HttpHeaders()
-            .also { it.location = URI.create(localHost) }
-            .also { it.add(HttpHeaders.SET_COOKIE, cookie.toString()) }
-
-
-        return ResponseEntity(headers, HttpStatus.PERMANENT_REDIRECT)
+        return ResponseEntity(oauthResponse, HttpStatus.OK)
     }
 }

src/main/kotlin/com/eatsfinder/domain/user/dto/oauth/OAuthResponse.kt

@@ -0,0 +1,5 @@
+package com.eatsfinder.domain.user.dto.oauth
+
+data class OAuthResponse(
+    val accessToken: String
+)

src/main/kotlin/com/eatsfinder/global/security/SecurityConfig.kt

@@ -3,9 +3,11 @@ package com.eatsfinder.global.security
 import com.eatsfinder.global.security.jwt.JwtAuthenticationFilter
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
@@ -22,11 +24,14 @@ class SecurityConfig(
             .httpBasic { it.disable() }
             .formLogin { it.disable() }
             .csrf { it.disable() }
+            .cors { it.disable() }
+            .sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
             .authorizeHttpRequests {
                 it.requestMatchers(
                     "/swagger-ui/**",
                     "/v3/api-docs/**",
-                    "/auth/**",
+                    "/auth/login/**",
+                    "/auth/callback/**",
                     "/profile/**",
                     "/my-profile/**",
                     "/post-like/**",
@@ -36,6 +41,7 @@ class SecurityConfig(
                 ).permitAll().anyRequest().authenticated()
             }
             .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter::class.java)
+            .headers { it.frameOptions { it1 -> it1.disable() } }
             .build()
     }
 }

src/main/kotlin/com/eatsfinder/global/web/WebConfig.kt

@@ -9,7 +9,8 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
 
 @Configuration
 class WebConfig(
-    @Value("\${kApi.url}") private val kApiUrl: String
+    @Value("\${kApi.url}") private val kApiUrl: String,
+    @Value("\${frontend.domain}") private val frontDomain: String,
 ) : WebMvcConfigurer {
     override fun addFormatters(registry: FormatterRegistry) {
         registry.addConverter(OAuth2ProviderConverter())
@@ -18,7 +19,7 @@ class WebConfig(
     override fun addCorsMappings(registry: CorsRegistry) {
         registry.addMapping("/**")
             .allowedOrigins(
-                "http://localhost:8080", "http://localhost:8090", "http://localhost:3000", kApiUrl,
+                "http://localhost:8080", "http://localhost:8090", "http://localhost:3000", kApiUrl, frontDomain
             )
             .allowedMethods("GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS")
             .allowedHeaders("*")