feat: 쿠키 설정 추가

[#815]
woowacourse-teams · Sep 29, 2023 · 5a47f9a · 5a47f9a
1 parent 2925286
commit 5a47f9a
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 23 deletions.
diff --git a/...ain/java/com/carffeine/carffeine/auth/controller/support/RefreshTokenCookieGenerator.java b/...ain/java/com/carffeine/carffeine/auth/controller/support/RefreshTokenCookieGenerator.java
@@ -21,6 +21,7 @@ public ResponseCookie createCookie(String refreshToken) {
         return ResponseCookie.from(REFRESH_TOKEN, refreshToken)
                 .maxAge(Duration.ofMillis(expireLength))
                 .path(VALID_COOKIE_PATH)
+                .sameSite("None")
                 .secure(true)
                 .httpOnly(true)
                 .build();
@@ -29,6 +30,9 @@ public ResponseCookie createCookie(String refreshToken) {
     public ResponseCookie createLogoutCookie() {
         return ResponseCookie.from(REFRESH_TOKEN, LOGOUT_COOKIE_VALUE)
                 .maxAge(LOGOUT_COOKIE_AGE)
+                .sameSite("None")
+                .secure(true)
+                .httpOnly(true)
                 .build();
     }
 

diff --git a/backend/src/main/java/com/carffeine/carffeine/auth/service/AuthService.java b/backend/src/main/java/com/carffeine/carffeine/auth/service/AuthService.java
@@ -15,6 +15,7 @@
 
 import java.util.UUID;
 
+@Transactional
 @RequiredArgsConstructor
 @Service
 public class AuthService {
@@ -28,7 +29,6 @@ public String loginUri(String redirectUri, String provider) {
         return oAuthRequester.loginUri(Provider.from(provider), redirectUri);
     }
 
-    @Transactional
     public Tokens generateTokens(OAuthMember oAuthMember) {
         Member member = getMember(oAuthMember);
         String tokenId = UUID.randomUUID().toString();
@@ -55,7 +55,6 @@ private Member getMember(OAuthMember oAuthMember) {
                 .orElseGet(() -> memberRepository.save(newMember));
     }
 
-    @Transactional(readOnly = true)
     public String renewAccessToken(String refreshToken) {
         String tokenId = tokenProvider.extract(refreshToken);
         return refreshTokenRepository.findByTokenId(tokenId)

diff --git a/backend/src/main/java/com/carffeine/carffeine/config/WebConfig.java b/backend/src/main/java/com/carffeine/carffeine/config/WebConfig.java
@@ -4,10 +4,12 @@
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import javax.servlet.Filter;
 
+@Profile("!test")
 @Configuration
 public class WebConfig implements WebMvcConfigurer {
 

diff --git a/backend/src/main/java/com/carffeine/carffeine/web/CorsFilter.java b/backend/src/main/java/com/carffeine/carffeine/web/CorsFilter.java
@@ -1,19 +1,22 @@
 package com.carffeine.carffeine.web;
 
-import org.springframework.http.HttpMethod;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.Objects;
 
 public class CorsFilter extends OncePerRequestFilter {
+
+    private static final String CARFFEIN_DOMAIN_SUFFIX = ".carffe.in";
+
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-        response.setHeader("Access-Control-Allow-Origin", "*");
+        String origin = request.getHeader("Origin");
+
+        setOriginHeader(response, origin);
         response.setHeader("Access-Control-Allow-Credentials", "true");
         response.setHeader("Access-Control-Allow-Methods", "*");
         response.setHeader("Access-Control-Max-Age", "3600");
@@ -22,23 +25,13 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         filterChain.doFilter(request, response);
     }
 
-    private boolean isPreflightRequest(HttpServletRequest request) {
-        return isOptions(request) && hasHeaders(request) && hasMethod(request) && hasOrigin(request);
-    }
-
-    private boolean isOptions(HttpServletRequest request) {
-        return request.getMethod().equalsIgnoreCase(HttpMethod.OPTIONS.toString());
-    }
-
-    private boolean hasHeaders(HttpServletRequest request) {
-        return Objects.nonNull(request.getHeader("Access-Control-Request-Headers"));
-    }
-
-    private boolean hasMethod(HttpServletRequest request) {
-        return Objects.nonNull(request.getHeader("Access-Control-Request-Method"));
-    }
-
-    private boolean hasOrigin(HttpServletRequest request) {
-        return Objects.nonNull(request.getHeader("Origin"));
+    private void setOriginHeader(HttpServletResponse response, String origin) {
+        if (origin == null) {
+            response.setHeader("Access-Control-Allow-Origin", "*");
+            return;
+        }
+        if (origin.endsWith(CARFFEIN_DOMAIN_SUFFIX)) {
+            response.setHeader("Access-Control-Allow-Origin", origin);
+        }
     }
 }
diff --git a/backend/src/test/resources/application.yml b/backend/src/test/resources/application.yml
@@ -13,6 +13,8 @@ spring:
         format_sql: true
   flyway:
     enabled: false
+  profiles:
+    active: test
 
 jasypt:
   encryptor: