Merge pull request #11 from MealTokTok/refactor/oidc-key-cache

refactor : OIDC 공유키 캐싱 구현 #9
MealTokTok · Jul 24, 2024 · 537d595 · 537d595
2 parents 4d08632 + 6b50d81
commit 537d595
Show file tree

Hide file tree

Showing 8 changed files with 82 additions and 8 deletions.
diff --git a/...n/app-api/src/main/java/core/startup/mealtoktok/api/global/security/SecurityConstant.java b/...n/app-api/src/main/java/core/startup/mealtoktok/api/global/security/SecurityConstant.java
@@ -15,7 +15,7 @@ public class SecurityConstant {
             "/swagger-ui/**"
     };
 
-    public static final String[] PERMIT_SERVICE_URIS = {"/", "/health", "/api/v1/auth/oauth/can-sign-up", "/api/v1/auth/oauth/sign-up"};
+    public static final String[] PERMIT_SERVICE_URIS = {"/", "/health", "/api/v1/auth/oauth/can-sign-up", "/api/v1/auth/oauth/sign-up", "/api/v1/auth/oauth/login/link", "/api/v1/auth/login/oauth2/code/kakao"};
 
     public static final String[] PERMIT_SYSTEM_URIS = {"/error", "/error/**", "/css/**", "/images/**", "/js/**", "/favicon.ico", "/h2-console/**"};
 }
diff --git a/application/app-api/src/main/resources/application.yml b/application/app-api/src/main/resources/application.yml
@@ -2,7 +2,7 @@ spring:
   profiles:
     group:
       local: common, domain, infra
-      prod: common, domain, infra
+      dev: common, domain, infra
 
   servlet:
     multipart:
@@ -18,13 +18,25 @@ server:
   shutdown: graceful
 
 jwt:
+  secret-key: ${JWT_SECRET_KEY}
   access-token:
     header: Access-token
   refresh-token:
     header: Refresh-token
 ---
+spring:
+  config:
+    activate:
+      on-profile: local
+jwt:
+  access-token:
+    expiration: 2592000 #3일
 
+---
+spring:
+  config:
+    activate:
+      on-profile: dev
 jwt:
-  secret-key: ${JWT_SECRET_KEY}
   access-token:
     expiration: 2592000 #3일
diff --git a/common/src/main/java/core/startup/mealtoktok/common/properties/OauthProperties.java b/common/src/main/java/core/startup/mealtoktok/common/properties/OauthProperties.java
@@ -11,9 +11,15 @@ public class OauthProperties {
     public static String REDIRECT_URL;
     public static String APP_ID;
     public static String ADMIN_KEY;
+    public static String SERVICE_KEY;
 
     public static final String KAKAO_OAUTH_QUERY_STRING = "/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=code&scope=openid";
 
+    @Value("${oauth.kakao.service-key}")
+    public void setServiceKey(String serviceKey) {
+        OauthProperties.SERVICE_KEY = serviceKey;
+    }
+
     @Value("${oauth.kakao.base-url}")
     public void setBaseUrl(String baseUrl) {
         OauthProperties.BASE_URL = baseUrl;

diff --git a/common/src/main/resources/application-common.yml b/common/src/main/resources/application-common.yml
@@ -1,7 +1,25 @@
+spring:
+  config:
+    activate:
+      on-profile: local
 oauth:
   kakao:
     base-url: https://kauth.kakao.com
-    client-id: ${KAKAO_CLIENT}
+    client-id: ${KAKAO_REST_API_KEY}
     redirect-url: ${KAKAO_REDIRECT}
     app-id: ${KAKAO_APP_ID}
-    admin-key: ${KAKAO_ADMIN_KEY}
+    admin-key: ${KAKAO_ADMIN_KEY}
+    service-key: ${KAKAO_REST_API_KEY}
+---
+spring:
+  config:
+    activate:
+      on-profile: dev
+oauth:
+  kakao:
+    base-url: https://kauth.kakao.com
+    client-id: ${KAKAO_REST_API_KEY}
+    redirect-url: ${KAKAO_REDIRECT}
+    app-id: ${KAKAO_APP_ID}
+    admin-key: ${KAKAO_ADMIN_KEY}
+    service-key: ${KAKAO_APP_ID}
diff --git a/domain/src/main/java/core/startup/mealtoktok/domain/auth/OAuthAuthenticator.java b/domain/src/main/java/core/startup/mealtoktok/domain/auth/OAuthAuthenticator.java
@@ -14,7 +14,7 @@ public class OAuthAuthenticator {
     private final OidcTokenParser oidcTokenParser;
 
     public OAuthInfo authenticate(String idToken) {
-        String kid = oidcTokenParser.getKid(idToken, BASE_URL, CLIENT_ID);
+        String kid = oidcTokenParser.getKid(idToken, BASE_URL, SERVICE_KEY);
         OIDCPublicKey matchedPublicKey = getMatchedPublicKey(kid);
         OIDCPayload payload = oidcTokenParser.getPayload(idToken, matchedPublicKey.n(), matchedPublicKey.e());
         return OAuthInfo.kakao(payload);

diff --git a/infra/src/main/java/core/startup/mealtoktok/infra/auth/client/KakaoAuthClient.java b/infra/src/main/java/core/startup/mealtoktok/infra/auth/client/KakaoAuthClient.java
@@ -3,6 +3,7 @@
 import core.startup.mealtoktok.infra.auth.config.KaKaoClientConfig;
 import core.startup.mealtoktok.infra.auth.dto.KakaoTokenResponse;
 import core.startup.mealtoktok.infra.auth.dto.KakaoOIDCPublicKeysResponse;
+import org.springframework.cache.annotation.Cacheable;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.*;
 
@@ -19,6 +20,7 @@ KakaoTokenResponse kakaoAuth(
             @PathVariable("REDIRECT_URI") String redirectUri,
             @PathVariable("CODE") String code);
 
+    @Cacheable(cacheNames = "oidc", key = "'kakao-oidc-open-keys'", cacheManager = "oidcCacheManager")
     @GetMapping("/.well-known/jwks.json")
     KakaoOIDCPublicKeysResponse getKakaoOIDCOpenKeys();
 

diff --git a/infra/src/main/java/core/startup/mealtoktok/infra/auth/config/FeignCacheConfig.java b/infra/src/main/java/core/startup/mealtoktok/infra/auth/config/FeignCacheConfig.java
@@ -0,0 +1,36 @@
+package core.startup.mealtoktok.infra.auth.config;
+
+import org.springframework.cache.CacheManager;
+import org.springframework.cache.annotation.EnableCaching;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.cache.RedisCacheConfiguration;
+import org.springframework.data.redis.cache.RedisCacheManager;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.RedisSerializationContext;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+
+import java.time.Duration;
+
+@Configuration
+@EnableCaching
+public class FeignCacheConfig {
+
+    @Bean
+    public CacheManager oidcCacheManager(RedisConnectionFactory cf) {
+        RedisCacheConfiguration redisCacheConfiguration =
+                RedisCacheConfiguration.defaultCacheConfig()
+                        .serializeKeysWith(
+                                RedisSerializationContext.SerializationPair.fromSerializer(
+                                        new StringRedisSerializer()))
+                        .serializeValuesWith(
+                                RedisSerializationContext.SerializationPair.fromSerializer(
+                                        new GenericJackson2JsonRedisSerializer()))
+                        .entryTtl(Duration.ofDays(1L));
+
+        return RedisCacheManager.RedisCacheManagerBuilder.fromConnectionFactory(cf)
+                .cacheDefaults(redisCacheConfiguration)
+                .build();
+    }
+}
diff --git a/infra/src/main/resources/application-infra.yml b/infra/src/main/resources/application-infra.yml
@@ -2,7 +2,7 @@ spring:
   profiles:
     group:
       local: common
-      prod: common
+      dev: common
   jpa:
     open-in-view: false
 
@@ -39,7 +39,7 @@ logging:
 spring:
   config:
     activate:
-      on-profile: prod
+      on-profile: dev
   datasource:
     url: jdbc:mysql://${DATABASE_HOST}:${DATABASE_PORT}/${DATABASE_NAME}?useSSL=false&allowPublicKeyRetrieval=true
     username: ${DATABASE_USER}