️♻️ refactor: 시큐리티 모듈 분리 (#258)

* ♻️ refactor/#257

* 🐛 fix: db.yml local profile 주석 처리

* ♻️ refactor: ci 파일 수정

* ♻️ refactor: api yml 변경

* 🐛 fix: db.yml local profile 주석 처리

Author: seheonnn

.github/workflows/ci_gradle.yml

@@ -24,8 +24,7 @@ jobs:
           echo "spring:" > application.yml
           echo "  profiles:" >> application.yml
           echo "    group:" >> application.yml
-          echo "      "local": "db, s3, email, portone, firebase, secret"" >> application.yml
-          echo "      "prod": "db, s3, redis, email, portone, firebase"" >> application.yml
+          echo "      "prod": "db, s3, redis, email, portone, firebase, security"" >> application.yml
           echo "    default: prod" >> application.yml
           
           echo "  servlet:" >> application.yml
@@ -41,10 +40,10 @@ jobs:
           mkdir -p ./core/core-infra-firebase/src/main/resources/firebase
           echo $DATA > ./core/core-infra-firebase/src/main/resources/firebase/firebase-key.json
 
-      - name: 3) Set prod.yml
+      - name: 3) application-security.yml
         uses: microsoft/variable-substitution@v1
         with:
-          files: ./api/src/main/resources/application-prod.yml
+          files: ./core/core-infra-security/src/main/resources/application-security.yml
         env:
           spring.jwt.secret: ${{ secrets.JWT_SECRET }}
           spring.jwt.token.access-expiration-time: ${{ secrets.JWT_ACCESS_EXPIRATION_TIME }}

api/build.gradle

@@ -7,30 +7,16 @@ dependencies {
     implementation project(':core:core-infra-email');
     implementation project(':core:core-infra-portone');
     implementation project(':core:core-infra-firebase');
+    implementation project(':core:core-infra-security');
 
     // Core
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 
-    implementation 'org.springframework.boot:spring-boot-starter-web'
-    implementation 'org.springframework.boot:spring-boot-starter-security'
+//    implementation 'org.springframework.boot:spring-boot-starter-web'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation 'org.springframework.security:spring-security-test'
     implementation 'org.slf4j:slf4j-api:2.0.7'
 
-    // Lombok
-//    implementation 'org.projectlombok:lombok:1.18.22'
-//    annotationProcessor('org.projectlombok:lombok')
-//    testAnnotationProcessor('org.projectlombok:lombok')
-
-    // Jwt
-    implementation 'io.jsonwebtoken:jjwt-api:0.12.3'
-    implementation 'io.jsonwebtoken:jjwt-impl:0.12.3'
-    implementation 'io.jsonwebtoken:jjwt-jackson:0.12.3'
-
-    // Swagger
-    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.0.4'
-    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-api:2.0.4'
-
     // Validation
     implementation 'org.springframework.boot:spring-boot-starter-validation'
 }

api/src/main/java/com/sponus/sponusbe/auth/controller/AuthController.java

@@ -1,18 +1,14 @@
 package com.sponus.sponusbe.auth.controller;
 
-import static com.sponus.sponusbe.auth.jwt.exception.SecurityErrorCode.*;
-
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import com.sponus.coredomain.domain.common.ApiResponse;
-import com.sponus.sponusbe.auth.jwt.dto.JwtPair;
-import com.sponus.sponusbe.auth.jwt.exception.SecurityCustomException;
-import com.sponus.sponusbe.auth.jwt.util.JwtUtil;
+import com.sponus.coreinfrasecurity.jwt.dto.JwtPair;
+import com.sponus.coreinfrasecurity.jwt.util.JwtUtil;
 
-import io.jsonwebtoken.ExpiredJwtException;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 
@@ -26,16 +22,6 @@ public class AuthController {
 
 	@GetMapping("/reissue")
 	public ApiResponse<JwtPair> reissueToken(@RequestHeader("RefreshToken") String refreshToken) {
-		try {
-			jwtUtil.validateRefreshToken(refreshToken);
-			log.info("[*] Valid RefreshToken");
-			return ApiResponse.onSuccess(
-				jwtUtil.reissueToken(refreshToken)
-			);
-		} catch (IllegalArgumentException iae) {
-			throw new SecurityCustomException(INVALID_TOKEN, iae);
-		} catch (ExpiredJwtException eje) {
-			throw new SecurityCustomException(TOKEN_EXPIRED, eje);
-		}
+		return ApiResponse.onSuccess(jwtUtil.reissueToken(refreshToken));
 	}
 }

api/src/main/java/com/sponus/sponusbe/domain/announcement/controller/AnnouncementController.java

@@ -18,7 +18,7 @@
 import com.sponus.coredomain.domain.announcement.enums.AnnouncementType;
 import com.sponus.coredomain.domain.common.ApiResponse;
 import com.sponus.coredomain.domain.organization.Organization;
-import com.sponus.sponusbe.auth.annotation.AuthOrganization;
+import com.sponus.coreinfrasecurity.annotation.AuthOrganization;
 import com.sponus.sponusbe.domain.announcement.dto.request.AnnouncementCreateRequest;
 import com.sponus.sponusbe.domain.announcement.dto.request.AnnouncementUpdateRequest;
 import com.sponus.sponusbe.domain.announcement.dto.response.AnnouncementCreateResponse;

api/src/main/java/com/sponus/sponusbe/domain/bookmark/controller/BookmarkController.java

@@ -13,7 +13,7 @@
 import com.sponus.coredomain.domain.bookmark.BookmarkStatus;
 import com.sponus.coredomain.domain.common.ApiResponse;
 import com.sponus.coredomain.domain.organization.Organization;
-import com.sponus.sponusbe.auth.annotation.AuthOrganization;
+import com.sponus.coreinfrasecurity.annotation.AuthOrganization;
 import com.sponus.sponusbe.domain.bookmark.dto.BookmarkGetResponse;
 import com.sponus.sponusbe.domain.bookmark.dto.BookmarkToggleRequest;
 import com.sponus.sponusbe.domain.bookmark.dto.BookmarkToggleResponse;

api/src/main/java/com/sponus/sponusbe/domain/notification/controller/FirebaseTestController.java

@@ -9,7 +9,7 @@
 
 import com.sponus.coredomain.domain.organization.Organization;
 import com.sponus.coreinfrafirebase.FirebaseService;
-import com.sponus.sponusbe.auth.annotation.AuthOrganization;
+import com.sponus.coreinfrasecurity.annotation.AuthOrganization;
 import com.sponus.sponusbe.domain.notification.dto.request.NotificationTestRequest;
 
 import lombok.RequiredArgsConstructor;

api/src/main/java/com/sponus/sponusbe/domain/organization/controller/OrganizationController.java

@@ -16,7 +16,7 @@
 
 import com.sponus.coredomain.domain.common.ApiResponse;
 import com.sponus.coredomain.domain.organization.Organization;
-import com.sponus.sponusbe.auth.annotation.AuthOrganization;
+import com.sponus.coreinfrasecurity.annotation.AuthOrganization;
 import com.sponus.sponusbe.domain.notification.dto.response.NotificationSummaryResponse;
 import com.sponus.sponusbe.domain.organization.dto.OrganizationDetailGetResponse;
 import com.sponus.sponusbe.domain.organization.dto.OrganizationJoinRequest;

api/src/main/java/com/sponus/sponusbe/domain/organizationLink/controller/OrganizationLinkController.java

@@ -11,7 +11,7 @@
 
 import com.sponus.coredomain.domain.common.ApiResponse;
 import com.sponus.coredomain.domain.organization.Organization;
-import com.sponus.sponusbe.auth.annotation.AuthOrganization;
+import com.sponus.coreinfrasecurity.annotation.AuthOrganization;
 import com.sponus.sponusbe.domain.organizationLink.dto.request.OrganizationLinkCreateRequest;
 import com.sponus.sponusbe.domain.organizationLink.dto.request.OrganizationLinkUpdateRequest;
 import com.sponus.sponusbe.domain.organizationLink.dto.response.OrganizationLinkCreateResponse;

api/src/main/java/com/sponus/sponusbe/domain/propose/controller/ProposeController.java

@@ -17,7 +17,7 @@
 
 import com.sponus.coredomain.domain.common.ApiResponse;
 import com.sponus.coredomain.domain.organization.Organization;
-import com.sponus.sponusbe.auth.annotation.AuthOrganization;
+import com.sponus.coreinfrasecurity.annotation.AuthOrganization;
 import com.sponus.sponusbe.domain.propose.dto.request.ProposeCreateRequest;
 import com.sponus.sponusbe.domain.propose.dto.request.ProposeStatusUpdateRequest;
 import com.sponus.sponusbe.domain.propose.dto.request.ProposeUpdateRequest;

api/src/main/java/com/sponus/sponusbe/domain/report/controller/ReportController.java

@@ -14,7 +14,7 @@
 
 import com.sponus.coredomain.domain.common.ApiResponse;
 import com.sponus.coredomain.domain.organization.Organization;
-import com.sponus.sponusbe.auth.annotation.AuthOrganization;
+import com.sponus.coreinfrasecurity.annotation.AuthOrganization;
 import com.sponus.sponusbe.domain.report.dto.request.ReportCreateRequest;
 import com.sponus.sponusbe.domain.report.dto.request.ReportUpdateRequest;
 import com.sponus.sponusbe.domain.report.dto.response.ReportCreateResponse;

api/src/main/java/com/sponus/sponusbe/domain/tag/controller/TagController.java

@@ -11,7 +11,7 @@
 
 import com.sponus.coredomain.domain.common.ApiResponse;
 import com.sponus.coredomain.domain.organization.Organization;
-import com.sponus.sponusbe.auth.annotation.AuthOrganization;
+import com.sponus.coreinfrasecurity.annotation.AuthOrganization;
 import com.sponus.sponusbe.domain.tag.dto.TagGetResponse;
 import com.sponus.sponusbe.domain.tag.dto.request.TagCreateRequest;
 import com.sponus.sponusbe.domain.tag.dto.request.TagUpdateRequest;

api/src/main/resources/application-local.yml

@@ -4,8 +4,8 @@ server:
 spring:
   profiles:
     group:
-      "local": "db, s3, email, portone, firebase, secret"
-      "prod": "db, s3, redis, email, portone, firebase"
+      "local": "db, secret"
+      "prod": "db, s3, redis, email, portone, firebase, security"
     default: local
 
   servlet:

api/src/main/resources/application.yml

@@ -0,0 +1,17 @@
+dependencies {
+
+    implementation project(':core:core-domain');
+    implementation project(':core:core-infra-redis');
+
+    implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+
+    // Jwt
+    implementation 'io.jsonwebtoken:jjwt-api:0.12.3'
+    implementation 'io.jsonwebtoken:jjwt-impl:0.12.3'
+    implementation 'io.jsonwebtoken:jjwt-jackson:0.12.3'
+}
+
+bootJar { enabled = false }
+jar { enabled = true }

core/core-infra-security/build.gradle

@@ -1,4 +1,4 @@
-package com.sponus.sponusbe.auth.annotation;
+package com.sponus.coreinfrasecurity.annotation;
 
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;

api/src/main/java/com/sponus/sponusbe/auth/annotation/AuthOrganization.java core/core-infra-security/src/main/java/com/sponus/coreinfrasecurity/annotation/AuthOrganization.java

@@ -1,4 +1,4 @@
-package com.sponus.sponusbe.auth.annotation;
+package com.sponus.coreinfrasecurity.annotation;
 
 import org.springframework.core.MethodParameter;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -11,11 +11,9 @@
 
 import com.sponus.coredomain.domain.organization.Organization;
 import com.sponus.coredomain.domain.organization.repository.OrganizationRepository;
-import com.sponus.sponusbe.auth.jwt.exception.SecurityCustomException;
-import com.sponus.sponusbe.auth.jwt.exception.SecurityErrorCode;
-import com.sponus.sponusbe.auth.user.CustomUserDetails;
-import com.sponus.sponusbe.domain.organization.exception.OrganizationErrorCode;
-import com.sponus.sponusbe.domain.organization.exception.OrganizationException;
+import com.sponus.coreinfrasecurity.jwt.exception.SecurityCustomException;
+import com.sponus.coreinfrasecurity.jwt.exception.SecurityErrorCode;
+import com.sponus.coreinfrasecurity.user.CustomUserDetails;
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -48,6 +46,6 @@ public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer m
 		}
 
 		return organizationRepository.findById(((CustomUserDetails)userDetails).getId())
-			.orElseThrow(() -> new OrganizationException(OrganizationErrorCode.ORGANIZATION_NOT_FOUND));
+			.orElseThrow(() -> new SecurityCustomException(SecurityErrorCode.TOKEN_ORGANIZATION_NOT_FOND));
 	}
 }

api/src/main/java/com/sponus/sponusbe/auth/annotation/AuthOrganizationArgumentResolver.java core/core-infra-security/src/main/java/com/sponus/coreinfrasecurity/annotation/AuthOrganizationArgumentResolver.java

@@ -1,4 +1,4 @@
-package com.sponus.sponusbe.global.config;
+package com.sponus.coreinfrasecurity.config;
 
 import java.util.ArrayList;
 

api/src/main/java/com/sponus/sponusbe/global/config/CorsConfig.java core/core-infra-security/src/main/java/com/sponus/coreinfrasecurity/config/CorsConfig.java

@@ -1,4 +1,4 @@
-package com.sponus.sponusbe.global.config;
+package com.sponus.coreinfrasecurity.config;
 
 import java.util.Arrays;
 import java.util.stream.Stream;
@@ -17,14 +17,14 @@
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import com.sponus.coreinfraredis.util.RedisUtil;
-import com.sponus.sponusbe.auth.jwt.exception.JwtAccessDeniedHandler;
-import com.sponus.sponusbe.auth.jwt.exception.JwtAuthenticationEntryPoint;
-import com.sponus.sponusbe.auth.jwt.filter.CustomLoginFilter;
-import com.sponus.sponusbe.auth.jwt.filter.CustomLogoutHandler;
-import com.sponus.sponusbe.auth.jwt.filter.JwtAuthenticationFilter;
-import com.sponus.sponusbe.auth.jwt.filter.JwtExceptionFilter;
-import com.sponus.sponusbe.auth.jwt.util.HttpResponseUtil;
-import com.sponus.sponusbe.auth.jwt.util.JwtUtil;
+import com.sponus.coreinfrasecurity.jwt.exception.JwtAccessDeniedHandler;
+import com.sponus.coreinfrasecurity.jwt.exception.JwtAuthenticationEntryPoint;
+import com.sponus.coreinfrasecurity.jwt.filter.CustomLoginFilter;
+import com.sponus.coreinfrasecurity.jwt.filter.CustomLogoutHandler;
+import com.sponus.coreinfrasecurity.jwt.filter.JwtAuthenticationFilter;
+import com.sponus.coreinfrasecurity.jwt.filter.JwtExceptionFilter;
+import com.sponus.coreinfrasecurity.jwt.util.HttpResponseUtil;
+import com.sponus.coreinfrasecurity.jwt.util.JwtUtil;
 
 import lombok.RequiredArgsConstructor;
 

api/src/main/java/com/sponus/sponusbe/global/config/SecurityConfig.java core/core-infra-security/src/main/java/com/sponus/coreinfrasecurity/config/SecurityConfig.java

@@ -1,12 +1,12 @@
-package com.sponus.sponusbe.global.config;
+package com.sponus.coreinfrasecurity.config;
 
 import java.util.List;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
-import com.sponus.sponusbe.auth.annotation.AuthOrganizationArgumentResolver;
+import com.sponus.coreinfrasecurity.annotation.AuthOrganizationArgumentResolver;
 
 import lombok.RequiredArgsConstructor;
 

api/src/main/java/com/sponus/sponusbe/global/config/WebMvcConfig.java core/core-infra-security/src/main/java/com/sponus/coreinfrasecurity/config/WebMvcConfig.java

@@ -1,4 +1,4 @@
-package com.sponus.sponusbe.auth.jwt.dto;
+package com.sponus.coreinfrasecurity.jwt.dto;
 
 public record JwtPair(
 	String accessToken,

api/src/main/java/com/sponus/sponusbe/auth/jwt/dto/JwtPair.java core/core-infra-security/src/main/java/com/sponus/coreinfrasecurity/jwt/dto/JwtPair.java

@@ -1,4 +1,4 @@
-package com.sponus.sponusbe.auth.jwt.exception;
+package com.sponus.coreinfrasecurity.jwt.exception;
 
 import java.io.IOException;
 
@@ -7,7 +7,7 @@
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.stereotype.Component;
 
-import com.sponus.sponusbe.auth.jwt.util.HttpResponseUtil;
+import com.sponus.coreinfrasecurity.jwt.util.HttpResponseUtil;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;

api/src/main/java/com/sponus/sponusbe/auth/jwt/exception/JwtAccessDeniedHandler.java core/core-infra-security/src/main/java/com/sponus/coreinfrasecurity/jwt/exception/JwtAccessDeniedHandler.java

@@ -1,4 +1,4 @@
-package com.sponus.sponusbe.auth.jwt.exception;
+package com.sponus.coreinfrasecurity.jwt.exception;
 
 import java.io.IOException;
 
@@ -8,7 +8,7 @@
 import org.springframework.stereotype.Component;
 
 import com.sponus.coredomain.domain.common.ApiResponse;
-import com.sponus.sponusbe.auth.jwt.util.HttpResponseUtil;
+import com.sponus.coreinfrasecurity.jwt.util.HttpResponseUtil;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;

api/src/main/java/com/sponus/sponusbe/auth/jwt/exception/JwtAuthenticationEntryPoint.java core/core-infra-security/src/main/java/com/sponus/coreinfrasecurity/jwt/exception/JwtAuthenticationEntryPoint.java

@@ -1,22 +1,23 @@
-package com.sponus.sponusbe.auth.jwt.exception;
+package com.sponus.coreinfrasecurity.jwt.exception;
 
 import com.sponus.coredomain.domain.common.BaseErrorCode;
-import com.sponus.sponusbe.global.exception.CustomException;
 
 import lombok.Getter;
 
 @Getter
-public class SecurityCustomException extends CustomException {
+public class SecurityCustomException extends RuntimeException {
+
+	private final BaseErrorCode errorCode;
 
 	private final Throwable cause;
 
 	public SecurityCustomException(BaseErrorCode errorCode) {
-		super(errorCode);
+		this.errorCode = errorCode;
 		this.cause = null;
 	}
 
 	public SecurityCustomException(BaseErrorCode errorCode, Throwable cause) {
-		super(errorCode);
+		this.errorCode = errorCode;
 		this.cause = cause;
 	}
 }

api/src/main/java/com/sponus/sponusbe/auth/jwt/exception/SecurityCustomException.java core/core-infra-security/src/main/java/com/sponus/coreinfrasecurity/jwt/exception/SecurityCustomException.java

@@ -1,4 +1,4 @@
-package com.sponus.sponusbe.auth.jwt.exception;
+package com.sponus.coreinfrasecurity.jwt.exception;
 
 import org.springframework.http.HttpStatus;
 
@@ -18,6 +18,7 @@ public enum SecurityErrorCode implements BaseErrorCode {
 	TOKEN_SIGNATURE_ERROR(HttpStatus.UNAUTHORIZED, "SEC4012", "토큰이 위조되었거나 손상되었습니다."),
 	FORBIDDEN(HttpStatus.FORBIDDEN, "SEC4030", "권한이 없습니다."),
 	TOKEN_NOT_FOUND(HttpStatus.UNAUTHORIZED, "SEC4041", "토큰이 존재하지 않습니다."),
+	TOKEN_ORGANIZATION_NOT_FOND(HttpStatus.UNAUTHORIZED, "SEC4042", "존재하지 않는 단체입니다."),
 	INTERNAL_SECURITY_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "SEC5000", "인증 처리 중 서버 에러가 발생했습니다."),
 	INTERNAL_TOKEN_SERVER_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "SEC5001", "토큰 처리 중 서버 에러가 발생했습니다.");
 

api/src/main/java/com/sponus/sponusbe/auth/jwt/exception/SecurityErrorCode.java core/core-infra-security/src/main/java/com/sponus/coreinfrasecurity/jwt/exception/SecurityErrorCode.java

@@ -1,4 +1,4 @@
-package com.sponus.sponusbe.auth.jwt.filter;
+package com.sponus.coreinfrasecurity.jwt.filter;
 
 import java.io.BufferedReader;
 import java.io.IOException;
@@ -20,10 +20,10 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.sponus.coredomain.domain.common.ApiResponse;
 import com.sponus.coreinfraredis.util.RedisUtil;
-import com.sponus.sponusbe.auth.jwt.dto.JwtPair;
-import com.sponus.sponusbe.auth.jwt.util.HttpResponseUtil;
-import com.sponus.sponusbe.auth.jwt.util.JwtUtil;
-import com.sponus.sponusbe.auth.user.CustomUserDetails;
+import com.sponus.coreinfrasecurity.jwt.dto.JwtPair;
+import com.sponus.coreinfrasecurity.jwt.util.HttpResponseUtil;
+import com.sponus.coreinfrasecurity.jwt.util.JwtUtil;
+import com.sponus.coreinfrasecurity.user.CustomUserDetails;
 
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.http.HttpServletRequest;