fix: admin token fix (#235)

* feat: 회원의 랭킹 redis에 추가 및 삭제, 업데이트 기능 추가

* test: 회원 정보 변경 및 삭제 추가에 따른 랭킹 참여, 제외 테스트 코드 추가

* feat: 랭킹시스템 API 추가 및 랭킹 조회 기능 추가

* feat: 랭킹 조회 테스트 코드 추가 및 랭킹 업데이트 로직 각 업데이트 -> 스케쥴러

* style: checkstyle 에러 fix

* refactor: 응답 객체명 변경 TopRankingInfoResponse -> TopRankingInfo

* fix: 랭킹 업데이트 시간 15분 매초마다 동작하는 방식 -> 15분에 한 번만 실행되도록 변경

* refactor: 랭킹 응답 반환 객체 변수면 s 제거

Co-authored-by: Kim Heebin <[email protected]>

* refactor: ToprankingResponses 응답 객체 반환명 TopRankingResponse로 변경

* fix: ObjectMapper에러 수정

* fix: objectMapper 삭제 추가

* feat: 어드민 서비스 로그인 기능 추가

* refactor: 어드민 config 업데이트

* fix: test application.yml 수정

* test: stub에서의 타입 오류 해결

* style: 변수면 변경

* feat: 어드민과 일반 유저간 토큰 생성, 검증 분리 및 로그인 분리

* feat: 회원 인증시 뱃지 생성기능 추가

* refactor: config 수정

* refactor: 코딩 스타일 재적용

* fix: 도메인 변경

* hotfix: 서버 도메인 변경

* feat: 로그인 쿠키 도메인 관련 SameSite를 None으로 변경

---------

Co-authored-by: Kim Heebin <[email protected]>

src/main/java/com/moabam/api/application/auth/AuthorizationService.java

@@ -76,7 +76,8 @@ public AuthorizationTokenResponse requestToken(AuthorizationCodeResponse authori
 	public AuthorizationTokenInfoResponse requestTokenInfo(AuthorizationTokenResponse authorizationTokenResponse) {
 		String tokenValue = generateTokenValue(authorizationTokenResponse.accessToken());
 		ResponseEntity<AuthorizationTokenInfoResponse> authorizationTokenInfoResponse =
-			oauth2AuthorizationServerRequestService.tokenInfoRequest(oAuthConfig.provider().tokenInfo(), tokenValue);
+			oauth2AuthorizationServerRequestService
+				.tokenInfoRequest(oAuthConfig.provider().tokenInfo(), tokenValue);
 
 		return authorizationTokenInfoResponse.getBody();
 	}
@@ -99,12 +100,12 @@ public void issueServiceToken(HttpServletResponse response, PublicClaim publicCl
 		String domain = getDomain(publicClaim.role());
 
 		response.addCookie(CookieUtils.typeCookie("Bearer", tokenConfig.getRefreshExpire(), domain));
-		response.addCookie(
-			CookieUtils.typeCookie("Test_be_erase", tokenConfig.getRefreshExpire(), publicClaim.role().name()));
-		response.addCookie(
-			CookieUtils.tokenCookie("access_token", accessToken, tokenConfig.getRefreshExpire(), domain));
-		response.addCookie(
-			CookieUtils.tokenCookie("refresh_token", refreshToken, tokenConfig.getRefreshExpire(), domain));
+		response.addCookie(CookieUtils
+			.tokenCookie("Test", publicClaim.role().name(), tokenConfig.getRefreshExpire(), domain));
+		response.addCookie(CookieUtils
+			.tokenCookie("access_token", accessToken, tokenConfig.getRefreshExpire(), domain));
+		response.addCookie(CookieUtils
+			.tokenCookie("refresh_token", refreshToken, tokenConfig.getRefreshExpire(), domain));
 	}
 
 	public void validTokenPair(Long id, String oldRefreshToken, Role role) {
@@ -117,8 +118,8 @@ public void validTokenPair(Long id, String oldRefreshToken, Role role) {
 		}
 	}
 
-	public void logout(AuthMember authMember, HttpServletRequest httpServletRequest,
-		HttpServletResponse httpServletResponse) {
+	public void logout(AuthMember authMember,
+		HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
 		removeToken(httpServletRequest, httpServletResponse);
 		tokenRepository.delete(authMember.id(), authMember.role());
 		fcmService.deleteTokenByMemberId(authMember.id());
@@ -180,11 +181,13 @@ private String generateTokenValue(String token) {
 	}
 
 	private String generateQueryParamsWith(AuthorizationCodeRequest authorizationCodeRequest) {
-		UriComponentsBuilder authorizationCodeUri = UriComponentsBuilder.fromUriString(
-				oAuthConfig.provider().authorizationUri())
-			.queryParam("response_type", "code")
-			.queryParam("client_id", authorizationCodeRequest.clientId())
-			.queryParam("redirect_uri", authorizationCodeRequest.redirectUri());
+		UriComponentsBuilder authorizationCodeUri =
+			UriComponentsBuilder.fromUriString(
+					oAuthConfig.provider()
+						.authorizationUri())
+				.queryParam("response_type", "code")
+				.queryParam("client_id", authorizationCodeRequest.clientId())
+				.queryParam("redirect_uri", authorizationCodeRequest.redirectUri());
 
 		if (authorizationCodeRequest.scope() != null && !authorizationCodeRequest.scope().isEmpty()) {
 			String scopes = String.join(",", authorizationCodeRequest.scope());
@@ -201,8 +204,8 @@ private void validAuthorizationGrant(String code) {
 	}
 
 	private AuthorizationTokenResponse issueTokenToAuthorizationServer(String code, String redirectUri) {
-		AuthorizationTokenRequest authorizationTokenRequest = AuthorizationMapper.toAuthorizationTokenRequest(
-			oAuthConfig, code, redirectUri);
+		AuthorizationTokenRequest authorizationTokenRequest =
+			AuthorizationMapper.toAuthorizationTokenRequest(oAuthConfig, code, redirectUri);
 		MultiValueMap<String, String> uriParams = generateTokenRequest(authorizationTokenRequest);
 		ResponseEntity<AuthorizationTokenResponse> authorizationTokenResponse =
 			oauth2AuthorizationServerRequestService

src/main/java/com/moabam/global/auth/filter/AuthorizationFilter.java

@@ -73,7 +73,7 @@ private void invoke(HttpServletRequest httpServletRequest, HttpServletResponse h
 		Cookie[] cookies = getCookiesOrThrow(httpServletRequest);
 
 		if (!isTokenTypeBearer(cookies)) {
-			throw new UnauthorizedException(ErrorMessage.GRANT_FAILED);
+			throw new UnauthorizedException(ErrorMessage.TOKEN_TYPE_FAILED);
 		}
 
 		handleTokenAuthenticate(cookies, httpServletResponse, httpServletRequest);
@@ -92,7 +92,7 @@ private void handleTokenAuthenticate(Cookie[] cookies, HttpServletResponse httpS
 			String refreshToken = extractTokenFromCookie(cookies, "refresh_token");
 
 			if (authenticationService.isTokenExpire(refreshToken, publicClaim.role())) {
-				throw new UnauthorizedException(ErrorMessage.AUTHENTICATE_FAIL);
+				throw new UnauthorizedException(ErrorMessage.TOKEN_EXPIRE);
 			}
 
 			validInvalidMember(publicClaim, refreshToken, httpServletRequest);
@@ -117,14 +117,14 @@ private void validInvalidMember(PublicClaim publicClaim, String refreshToken,
 
 	private Cookie[] getCookiesOrThrow(HttpServletRequest httpServletRequest) {
 		return Optional.ofNullable(httpServletRequest.getCookies())
-			.orElseThrow(() -> new UnauthorizedException(ErrorMessage.GRANT_FAILED));
+			.orElseThrow(() -> new UnauthorizedException(ErrorMessage.COOKIE_NOT_FOUND));
 	}
 
 	private String extractTokenFromCookie(Cookie[] cookies, String tokenName) {
 		return Arrays.stream(cookies)
 			.filter(cookie -> tokenName.equals(cookie.getName()))
 			.map(Cookie::getValue)
 			.findFirst()
-			.orElseThrow(() -> new UnauthorizedException(ErrorMessage.AUTHENTICATE_FAIL));
+			.orElseThrow(() -> new UnauthorizedException(ErrorMessage.TOKEN_NOT_FOUND));
 	}
 }

src/main/java/com/moabam/global/common/util/CookieUtils.java

@@ -12,8 +12,9 @@ public static Cookie tokenCookie(String name, String value, long expireTime, Str
 		cookie.setSecure(true);
 		cookie.setHttpOnly(true);
 		cookie.setPath("/");
+		cookie.setDomain(domain);
 		cookie.setMaxAge((int)expireTime);
-		cookie.setAttribute("SameSite", "Lax");
+		cookie.setAttribute("SameSite", "None");
 
 		return cookie;
 	}
@@ -23,8 +24,9 @@ public static Cookie typeCookie(String value, long expireTime, String domain) {
 		cookie.setSecure(true);
 		cookie.setHttpOnly(true);
 		cookie.setPath("/");
+		cookie.setDomain(domain);
 		cookie.setMaxAge((int)expireTime);
-		cookie.setAttribute("SameSite", "Lax");
+		cookie.setAttribute("SameSite", "None");
 
 		return cookie;
 	}

src/main/java/com/moabam/global/error/model/ErrorMessage.java

@@ -40,8 +40,12 @@ public enum ErrorMessage {
 	LOGIN_FAILED("로그인에 실패했습니다."),
 	LOGIN_FAILED_ADMIN_KEY("어드민키가 달라요"),
 	REQUEST_FAILED("네트워크 접근 실패입니다."),
+	TOKEN_TYPE_FAILED("토큰 타일이 일치하지 않습니다."),
 	GRANT_FAILED("인가 코드 실패"),
+	TOKEN_EXPIRE("토큰이 만료되었습니다."),
 	AUTHENTICATE_FAIL("인증 실패"),
+	TOKEN_NOT_FOUND("토큰이 존재하지 않습니다."),
+	COOKIE_NOT_FOUND("쿠키가 없습니다"),
 	MEMBER_NOT_FOUND("존재하지 않는 회원입니다."),
 	MEMBER_NOT_FOUND_BY_MANAGER_OR_NULL("방의 매니저거나 회원이 존재하지 않습니다."),
 	MEMBER_ROOM_EXCEED("참여할 수 있는 방의 개수가 모두 찼습니다."),

src/test/java/com/moabam/global/common/util/CookieMakeTest.java

@@ -27,7 +27,7 @@ void create_test() {
 			() -> assertThat(cookie.getSecure()).isTrue(),
 			() -> assertThat(cookie.getPath()).isEqualTo("/"),
 			() -> assertThat(cookie.getMaxAge()).isEqualTo(10000),
-			() -> assertThat(cookie.getAttribute("SameSite")).isEqualTo("Lax")
+			() -> assertThat(cookie.getAttribute("SameSite")).isEqualTo("None")
 		);
 	}