feat: #172 Apple 로그인 구현

build.gradle.kts

@@ -74,6 +74,9 @@ dependencies {
 
     // Redis
     implementation("org.springframework.boot:spring-boot-starter-data-redis")
+
+    // Caffeine
+    implementation("com.github.ben-manes.caffeine:caffeine:3.1.8")
 }
 
 kotlin {

src/main/kotlin/org/appjam/smashing/domain/auth/controller/AuthController.kt

@@ -24,10 +24,10 @@ class AuthController(
     private val authService: AuthService,
 ) {
     @Operation(
-        summary = "카카오 로그인 API",
-        description = "카카오 로그인을 진행합니다."
+        summary = "소셜 로그인 API",
+        description = "소셜 로그인을 진행합니다."
     )
-    @PostMapping("/login/kakao")
+    @PostMapping("/login")
     fun signIn(
         @Valid @RequestBody signInRequest: SignInRequest
     ): ResponseEntity<ApiResponse<SignInResponse>> {

src/main/kotlin/org/appjam/smashing/domain/auth/dto/command/SignInRequestCommand.kt

@@ -1,5 +1,8 @@
 package org.appjam.smashing.domain.auth.dto.command
 
+import org.appjam.smashing.domain.auth.enums.ProviderType
+
 data class SignInRequestCommand(
-    val accessToken: String,
+    val idToken: String,
+    val provider: ProviderType,
 )

src/main/kotlin/org/appjam/smashing/domain/auth/dto/command/SignUpRequestCommand.kt

@@ -1,10 +1,12 @@
 package org.appjam.smashing.domain.auth.dto.command
 
+import org.appjam.smashing.domain.auth.enums.ProviderType
 import org.appjam.smashing.domain.sport.enums.ExperienceRange
 import org.appjam.smashing.domain.user.enums.Gender
 
 data class SignUpRequestCommand(
-    val kakaoId: String,
+    val socialId: String,
+    val provider: ProviderType,
     val nickname: String,
     val gender: Gender,
     val openChatUrl: String,

src/main/kotlin/org/appjam/smashing/domain/auth/dto/request/SignInRequest.kt

@@ -2,13 +2,19 @@ package org.appjam.smashing.domain.auth.dto.request
 
 import jakarta.validation.constraints.NotBlank
 import org.appjam.smashing.domain.auth.dto.command.SignInRequestCommand
+import org.appjam.smashing.domain.auth.enums.ProviderType
+import org.appjam.smashing.global.common.validator.annotation.ValidEnum
+import org.appjam.smashing.global.extensions.ofIgnoreCase
 
 data class SignInRequest(
-    @field:NotBlank(message = "엑세스 토큰을 입력해주세요.")
-    val accessToken: String?,
+    @field:NotBlank(message = "idToken을 입력해주세요.")
+    val idToken: String?,
+    @field:NotBlank(message = "provider를 입력해주세요.")
+    @field:ValidEnum(message = "잘못된 provider 값입니다.", enumClass = ProviderType::class)
+    val provider: String?,
 ) {
-    fun toCommand(): SignInRequestCommand =
-        SignInRequestCommand(
-            accessToken = accessToken!!,
-        )
+    fun toCommand() = SignInRequestCommand(
+        idToken = idToken!!,
+        provider = ofIgnoreCase<ProviderType>(provider!!),
+    )
 }

src/main/kotlin/org/appjam/smashing/domain/auth/dto/request/SignUpRequest.kt

@@ -2,14 +2,17 @@ package org.appjam.smashing.domain.auth.dto.request
 
 import jakarta.validation.constraints.NotBlank
 import org.appjam.smashing.domain.auth.dto.command.SignUpRequestCommand
+import org.appjam.smashing.domain.auth.enums.ProviderType
 import org.appjam.smashing.domain.sport.enums.ExperienceRange
 import org.appjam.smashing.domain.user.enums.Gender
 import org.appjam.smashing.global.common.validator.annotation.ValidEnum
 import org.appjam.smashing.global.extensions.ofIgnoreCase
 
 data class SignUpRequest(
-    @field:NotBlank(message = "kakaoId를 입력해주세요.")
-    val kakaoId: String?,
+    @field:NotBlank(message = "socialId를 입력해주세요.")
+    val socialId: String?,
+    @field:ValidEnum(message = "잘못된 provider 값입니다.", enumClass = ProviderType::class)
+    val provider: String?,
     @field:NotBlank(message = "nickname을 입력해주세요.")
     val nickname: String?,
     @field:NotBlank(message = "gender를 입력해주세요.")
@@ -26,7 +29,8 @@ data class SignUpRequest(
     val region: String?,
 ) {
     fun toCommand() = SignUpRequestCommand(
-        kakaoId = kakaoId!!,
+        socialId = socialId!!,
+        provider = ofIgnoreCase<ProviderType>(provider!!),
         nickname = nickname!!,
         gender = ofIgnoreCase<Gender>(gender!!),
         openChatUrl = openChatUrl!!,

src/main/kotlin/org/appjam/smashing/domain/auth/dto/response/SignInResponse.kt

@@ -3,7 +3,7 @@ package org.appjam.smashing.domain.auth.dto.response
 data class SignInResponse(
     val accessToken: String?,
     val refreshToken: String?,
-    val kakaoId: String,
+    val socialId: String,
     val userId: String?,
     val nickname: String?,
 ) {
@@ -13,13 +13,13 @@ data class SignInResponse(
         fun from(
             accessToken: String? = null,
             refreshToken: String? = null,
-            kakaoId: String,
+            socialId: String,
             userId: String? = null,
             nickname: String? = null,
         ) = SignInResponse(
             accessToken = accessToken,
             refreshToken = refreshToken,
-            kakaoId = kakaoId,
+            socialId = socialId,
             userId = userId,
             nickname = nickname,
         )

src/main/kotlin/org/appjam/smashing/domain/auth/dto/response/SocialType.kt

@@ -0,0 +1,8 @@
+package org.appjam.smashing.domain.auth.dto.response
+
+import org.appjam.smashing.domain.auth.enums.ProviderType
+
+data class SocialType(
+    val provider: ProviderType,
+    val socialId: String,
+)

src/main/kotlin/org/appjam/smashing/domain/auth/enums/ProviderType.kt

@@ -0,0 +1,5 @@
+package org.appjam.smashing.domain.auth.enums
+
+enum class ProviderType {
+    KAKAO, APPLE
+}

src/main/kotlin/org/appjam/smashing/domain/auth/service/AuthService.kt

@@ -42,12 +42,12 @@ class AuthService(
     fun signIn(
         requestCommand: SignInRequestCommand,
     ): SignInResponse {
-        val kakaoId = socialAuthServiceManager.getKakaoId(requestCommand.accessToken)
+        val (provider, socialId) = socialAuthServiceManager.getSocialId(requestCommand)
 
-        val user = userRepository.findByKakaoId(kakaoId)
-            ?: return SignInResponse.from(
-                kakaoId = kakaoId,
-            )
+        val user = userRepository.findBySocialIdAndProvider(
+            socialId = socialId,
+            provider = provider,
+        ) ?: return SignInResponse.from(socialId = socialId)
 
         val userId = user.id ?: throw CustomException(ErrorCode.USER_NOT_FOUND)
 
@@ -56,7 +56,7 @@ class AuthService(
         return SignInResponse.from(
             accessToken = token.accessToken.token,
             refreshToken = token.refreshToken.token,
-            kakaoId = kakaoId,
+            socialId = socialId,
             userId = userId,
             nickname = user.nickname,
         )
@@ -81,7 +81,8 @@ class AuthService(
 
         val user = userRepository.save(
             User.create(
-                kakaoId = requestCommand.kakaoId,
+                socialId = requestCommand.socialId,
+                provider = requestCommand.provider,
                 nickname = requestCommand.nickname,
                 gender = requestCommand.gender,
                 openchatUrl = requestCommand.openChatUrl.trim(),
@@ -173,8 +174,8 @@ class AuthService(
     }
 
     private fun validateUser(requestCommand: SignUpRequestCommand) {
-        if (userRepository.existsByKakaoId(requestCommand.kakaoId)) {
-            throw CustomException(ErrorCode.DUPLICATE_KAKAO_ID)
+        if (userRepository.existsBySocialId(requestCommand.socialId)) {
+            throw CustomException(ErrorCode.DUPLICATE_SOCIAL_ID)
         }
 
         if (userRepository.existsByNickname(requestCommand.nickname)) {

src/main/kotlin/org/appjam/smashing/domain/auth/social/OidcJwksClient.kt

@@ -0,0 +1,28 @@
+package org.appjam.smashing.domain.auth.social
+
+import com.fasterxml.jackson.databind.JsonNode
+import com.github.benmanes.caffeine.cache.Cache
+import com.github.benmanes.caffeine.cache.Caffeine
+import org.appjam.smashing.global.exception.CustomException
+import org.appjam.smashing.global.exception.ErrorCode
+import org.springframework.stereotype.Component
+import org.springframework.web.client.RestTemplate
+import java.util.concurrent.TimeUnit
+
+@Component
+class OidcJwksClient(
+    private val restTemplate: RestTemplate,
+) {
+    private val cache: Cache<String, JsonNode> = Caffeine.newBuilder()
+        .expireAfterWrite(1, TimeUnit.HOURS)
+        .maximumSize(10)
+        .build()
+
+    fun getKeys(
+        jwksUri: String,
+    ): JsonNode = cache.get(jwksUri) {
+        restTemplate.getForObject(jwksUri, JsonNode::class.java)
+            ?: throw CustomException(ErrorCode.INVALID_ID_TOKEN)
+    } ?: throw CustomException(ErrorCode.INVALID_ID_TOKEN)
+
+}

src/main/kotlin/org/appjam/smashing/domain/auth/social/OidcProperties.kt

@@ -0,0 +1,15 @@
+package org.appjam.smashing.domain.auth.social
+
+import org.appjam.smashing.domain.auth.enums.ProviderType
+import org.springframework.boot.context.properties.ConfigurationProperties
+
+@ConfigurationProperties(prefix = "oidc")
+data class OidcProperties(
+    val kakaoClientId: String,
+    val appleClientId: String,
+) {
+    fun getClientId(providerType: ProviderType): String = when (providerType) {
+        ProviderType.KAKAO -> kakaoClientId
+        ProviderType.APPLE -> appleClientId
+    }
+}

src/main/kotlin/org/appjam/smashing/domain/auth/social/OidcTokenValidator.kt

@@ -0,0 +1,79 @@
+package org.appjam.smashing.domain.auth.social
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import io.jsonwebtoken.Jwts
+import org.appjam.smashing.domain.auth.enums.ProviderType
+import org.appjam.smashing.global.exception.CustomException
+import org.appjam.smashing.global.exception.ErrorCode
+import org.springframework.stereotype.Component
+import java.math.BigInteger
+import java.security.KeyFactory
+import java.security.PublicKey
+import java.security.spec.RSAPublicKeySpec
+import java.util.*
+
+@Component
+class OidcTokenValidator(
+    private val oidcProperties: OidcProperties,
+    private val jwksClient: OidcJwksClient,
+) {
+    fun extractSocialId(
+        idToken: String,
+        providerType: ProviderType,
+    ): String {
+        // 회웑 정보 가져오기
+        val (iss, jwksUri) = when (providerType) {
+            ProviderType.KAKAO -> KAKAO_ISS to KAKAO_JWKS_URI
+            ProviderType.APPLE -> APPLE_ISS to APPLE_JWKS_URI
+        }
+        val clientId = oidcProperties.getClientId(providerType)
+
+        val publicKey = getPublicKey(
+            idToken = idToken,
+            jwksUri = jwksUri,
+        )
+
+        val claims = Jwts.parserBuilder()
+            .setSigningKey(publicKey)
+            .build()
+            .parseClaimsJws(idToken)
+            .body
+
+        // 회원 검증
+        if (claims.issuer != iss) throw CustomException(ErrorCode.INVALID_ISS)
+        if (claims.audience != clientId) throw CustomException(ErrorCode.INVALID_AUD)
+
+        return claims.subject
+    }
+
+    private fun getPublicKey(
+        idToken: String,
+        jwksUri: String,
+    ): PublicKey {
+        val header = String(Base64.getUrlDecoder().decode(idToken.split(".")[0]))
+        val kid = ObjectMapper().readTree(header).get(KID).asText()
+
+        val keys = jwksClient.getKeys(jwksUri)
+
+        val key = keys[KEYS].find { it[KID].asText() == kid }
+            ?: throw CustomException(ErrorCode.INVALID_ID_TOKEN)
+
+        val n = BigInteger(1, Base64.getUrlDecoder().decode(key[N].asText()))
+        val e = BigInteger(1, Base64.getUrlDecoder().decode(key[E].asText()))
+
+        return KeyFactory.getInstance(RSA)
+            .generatePublic(RSAPublicKeySpec(n, e))
+    }
+
+    companion object {
+        private const val KID = "kid"
+        private const val KEYS = "keys"
+        private const val N = "n"
+        private const val E = "e"
+        private const val RSA = "RSA"
+        private const val KAKAO_JWKS_URI = "https://kauth.kakao.com/.well-known/jwks.json"
+        private const val KAKAO_ISS = "https://kauth.kakao.com"
+        private const val APPLE_JWKS_URI = "https://appleid.apple.com/auth/keys"
+        private const val APPLE_ISS = "https://appleid.apple.com"
+    }
+}

src/main/kotlin/org/appjam/smashing/domain/auth/social/SocialAuthServiceManager.kt

@@ -1,11 +1,22 @@
 package org.appjam.smashing.domain.auth.social
 
-import org.appjam.smashing.domain.auth.social.kakao.KakaoAuthTokenValidator
+import org.appjam.smashing.domain.auth.dto.command.SignInRequestCommand
+import org.appjam.smashing.domain.auth.dto.response.SocialType
 import org.springframework.stereotype.Component
 
 @Component
 class SocialAuthServiceManager(
-    private val kakaoAuthTokenValidator: KakaoAuthTokenValidator,
+    private val oidcTokenValidator: OidcTokenValidator,
 ) {
-    fun getKakaoId(authAccessToken: String): String = kakaoAuthTokenValidator.extractKakaoId(authAccessToken)
+    fun getSocialId(command: SignInRequestCommand): SocialType {
+        val socialId = oidcTokenValidator.extractSocialId(
+            idToken = command.idToken,
+            providerType = command.provider
+        )
+
+        return SocialType(
+            provider = command.provider,
+            socialId = socialId,
+        )
+    }
 }