[DEPLOY] v2.1.0

[DEPLOY] v2.1.0

Author: Gyuhyeok99

.github/CODEOWNERS

@@ -1 +1 @@
-* @Gyuhyeok99 @nayonsoso @wibaek @whqtker @lsy1307
+* @Gyuhyeok99 @wibaek @whqtker @lsy1307 @Hexeong @JAEHEE25 @sukangpunch

.github/workflows/dev-cd.yml

@@ -71,14 +71,28 @@ jobs:
           source: "./docs/infra-config/config.alloy"
           target: "/home/${{ secrets.DEV_USERNAME }}/solid-connection-dev/"
 
-      - name: Run docker compose
+      - name: Copy nginx config to remote
+        uses: appleboy/scp-action@master
+        with:
+          host: ${{ secrets.DEV_HOST }}
+          username: ${{ secrets.DEV_USERNAME }}
+          key: ${{ secrets.DEV_PRIVATE_KEY }}
+          source: "./docs/infra-config/nginx.dev.conf"
+          target: "/home/${{ secrets.DEV_USERNAME }}/solid-connection-dev/nginx"
+          rename: "default.conf"
+
+      - name: Run docker compose and apply nginx config
         uses: appleboy/ssh-action@master
         with:
           host: ${{ secrets.DEV_HOST }}
           username: ${{ secrets.DEV_USERNAME }}
           key: ${{ secrets.DEV_PRIVATE_KEY }}
           script_stop: true
           script: |
+            sudo cp /home/${{ secrets.DEV_USERNAME }}/solid-connection-dev/nginx/default.conf /etc/nginx/conf.d/default.conf
+            sudo nginx -t
+            sudo nginx -s reload
+
             cd /home/${{ secrets.DEV_USERNAME }}/solid-connection-dev
-            docker compose down
+            docker compose -f docker-compose.dev.yml down
             docker compose -f docker-compose.dev.yml up -d --build

.github/workflows/prod-cd.yml

@@ -71,14 +71,28 @@ jobs:
         source: "./docs/infra-config/config.alloy"
         target: "/home/${{ secrets.USERNAME }}/solid-connect-server/"
 
-    - name: Run docker compose
+    - name: Copy nginx config to remote
+      uses: appleboy/scp-action@master
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.PRIVATE_KEY }}
+        source: "./docs/infra-config/nginx.prod.conf"
+        target: "/home/${{ secrets.USERNAME }}/solid-connection-prod/nginx"
+        rename: "default.conf"
+
+    - name: Run docker compose and apply nginx config
       uses: appleboy/ssh-action@master
       with:
         host: ${{ secrets.HOST }}
         username: ${{ secrets.USERNAME }}
         key: ${{ secrets.PRIVATE_KEY }}
         script_stop: true
         script: |
+          sudo cp /home/${{ secrets.USERNAME }}/solid-connection-prod/nginx/default.conf /etc/nginx/conf.d/default.conf
+          sudo nginx -t
+          sudo nginx -s reload
+          
           cd /home/${{ secrets.USERNAME }}/solid-connect-server
-          docker compose down
+          docker compose -f docker-compose.prod.yml down
           docker compose -f docker-compose.prod.yml up -d --build

docs/infra-config/nginx.conf docs/infra-config/nginx.dev.confdocs/infra-config/nginx.conf renamed to docs/infra-config/nginx.dev.conf

@@ -1,5 +1,6 @@
 server {
     listen 80;
+    server_name api.stage.solid-connection.com;
 
 # http를 사용하는 경우 주석 해제
 #    location / {
@@ -17,9 +18,10 @@ server {
 
 server {
     listen 443 ssl;
+    server_name api.stage.solid-connection.com;
 
-    ssl_certificate /etc/letsencrypt/live/api.solid-connection.com/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/api.solid-connection.com/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/api.stage.solid-connection.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/api.stage.solid-connection.com/privkey.pem;
     client_max_body_size 10M;
 
     ssl_protocols TLSv1.2 TLSv1.3;
@@ -31,10 +33,13 @@ server {
     ssl_stapling_verify on;
 
     location / {
-        proxy_pass http://solid-connection-server:8080;
+        proxy_pass http://localhost:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
     }
-}
+}

docs/infra-config/nginx.prod.conf

@@ -0,0 +1,36 @@
+server {
+    listen 80;
+    server_name api.solid-connection.com;
+
+    location / {
+            return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name api.solid-connection.com;
+
+    ssl_certificate /etc/letsencrypt/live/api.solid-connection.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/api.solid-connection.com/privkey.pem;
+    client_max_body_size 10M;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on; # 클라이언트 보다 서버의 암호화 알고리즘을 우선하도록 설정
+    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256";
+    ssl_session_cache shared:SSL:10m; # SSL 세션 캐시 설정
+    ssl_session_timeout 10m;
+    ssl_stapling on; # OCSP 스테이플링 활성화
+    ssl_stapling_verify on;
+
+    location / {
+        proxy_pass http://127.0.0.1:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}

src/main/java/com/example/solidconnection/auth/client/AppleOAuthClient.java

@@ -25,8 +25,9 @@
 import org.springframework.web.client.RestTemplate;
 
 /*
- * 애플 인증을 위한 OAuth2 클라이언트
- * https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
+ * - 애플 인증을 위한 OAuth2 클라이언트
+ *   - https://developer.apple.com/documentation/signinwithapplerestapi/generate_and_validate_tokens
+ * - OAuthClient 인터페이스를 사용하는 전략 패턴으로 구현됨
  * */
 @Component
 @RequiredArgsConstructor

src/main/java/com/example/solidconnection/auth/client/KakaoOAuthClient.java

@@ -23,10 +23,11 @@
 import org.springframework.web.util.UriComponentsBuilder;
 
 /*
- * 카카오 인증을 위한 OAuth2 클라이언트
- * https://developers.kakao.com/docs/latest/ko/kakaologin/rest-api#request-code
- * https://developers.kakao.com/docs/latest/ko/kakaologin/rest-api#request-token
- * https://developers.kakao.com/docs/latest/ko/kakaologin/rest-api#req-user-info
+ * - 카카오 인증을 위한 OAuth2 클라이언트
+ *   - https://developers.kakao.com/docs/latest/ko/kakaologin/rest-api#request-code
+ *   - https://developers.kakao.com/docs/latest/ko/kakaologin/rest-api#request-token
+ *   - https://developers.kakao.com/docs/latest/ko/kakaologin/rest-api#req-user-info
+ * - OAuthClient 인터페이스를 사용하는 전략 패턴으로 구현됨
  * */
 @Component
 @RequiredArgsConstructor

src/main/java/com/example/solidconnection/auth/controller/AuthController.java

@@ -10,10 +10,10 @@
 import com.example.solidconnection.auth.dto.oauth.OAuthResponse;
 import com.example.solidconnection.auth.dto.oauth.OAuthSignInResponse;
 import com.example.solidconnection.auth.service.AuthService;
-import com.example.solidconnection.auth.service.EmailSignInService;
-import com.example.solidconnection.auth.service.EmailSignUpTokenProvider;
-import com.example.solidconnection.auth.service.SignUpService;
 import com.example.solidconnection.auth.service.oauth.OAuthService;
+import com.example.solidconnection.auth.service.signin.EmailSignInService;
+import com.example.solidconnection.auth.service.signup.EmailSignUpTokenProvider;
+import com.example.solidconnection.auth.service.signup.SignUpService;
 import com.example.solidconnection.common.exception.CustomException;
 import com.example.solidconnection.common.exception.ErrorCode;
 import com.example.solidconnection.common.resolver.AuthorizedUser;

src/main/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManager.java

@@ -3,11 +3,12 @@
 import static com.example.solidconnection.common.exception.ErrorCode.REFRESH_TOKEN_NOT_EXISTS;
 
 import com.example.solidconnection.auth.controller.config.RefreshTokenCookieProperties;
-import com.example.solidconnection.auth.domain.TokenType;
+import com.example.solidconnection.auth.token.config.TokenProperties;
 import com.example.solidconnection.common.exception.CustomException;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import java.time.Duration;
 import java.util.Arrays;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.web.server.Cookie.SameSite;
@@ -23,15 +24,17 @@ public class RefreshTokenCookieManager {
     private static final String PATH = "/";
 
     private final RefreshTokenCookieProperties properties;
+    private final TokenProperties tokenProperties;
 
     public void setCookie(HttpServletResponse response, String refreshToken) {
-        long maxAge = convertExpireTimeToCookieMaxAge(TokenType.REFRESH.getExpireTime());
-        setRefreshTokenCookie(response, refreshToken, maxAge);
+        Duration tokenExpireTime = tokenProperties.refresh().expireTime();
+        long cookieMaxAge = convertExpireTimeToCookieMaxAge(tokenExpireTime);
+        setRefreshTokenCookie(response, refreshToken, cookieMaxAge);
     }
 
-    private long convertExpireTimeToCookieMaxAge(long milliSeconds) {
+    private long convertExpireTimeToCookieMaxAge(Duration tokenExpireTime) {
         // jwt의 expireTime 단위인 millisecond를 cookie의 maxAge 단위인 second로 변환
-        return milliSeconds / 1000;
+        return tokenExpireTime.toSeconds();
     }
 
     public void deleteCookie(HttpServletResponse response) {

src/main/java/com/example/solidconnection/auth/domain/AccessToken.java

@@ -0,0 +1,7 @@
+package com.example.solidconnection.auth.domain;
+
+public record AccessToken(
+        String token
+) implements Token {
+
+}