From 7772001f4527114ed7c8465af8fa9caa888ae7f3 Mon Sep 17 00:00:00 2001 From: dogsub Date: Thu, 20 Feb 2025 03:31:01 +0900 Subject: [PATCH 1/3] =?UTF-8?q?[feat]=20#140=20api.wedit.com=20=EA=B4=80?= =?UTF-8?q?=EB=A0=A8=202=EA=B0=9C=20=EC=B6=94=EA=B0=80=20=ED=97=88?= =?UTF-8?q?=EC=9A=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../wedit/weditapp/global/config/SecurityConfig.java | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/wedit/weditapp/global/config/SecurityConfig.java b/src/main/java/com/wedit/weditapp/global/config/SecurityConfig.java index 7cf62be..0bfcd10 100644 --- a/src/main/java/com/wedit/weditapp/global/config/SecurityConfig.java +++ b/src/main/java/com/wedit/weditapp/global/config/SecurityConfig.java @@ -30,9 +30,6 @@ @RequiredArgsConstructor public class SecurityConfig { - // @Value("#{'${cors.allowed-origins}'.split(',')}") - // private String[] allowedOrigins; - private final JwtAuthenticationFilter jwtAuthenticationFilter; private final CustomOAuth2UserService customOAuth2UserService; private final OAuth2LoginSuccessHandler oAuth2LoginSuccessHandler; @@ -63,7 +60,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti "/api/decisions", "/api/comments/**") .permitAll() - //.anyRequest().permitAll() .anyRequest().authenticated() ) // 4. OAuth2 설정 @@ -82,14 +78,14 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); - //configuration.setAllowedOrigins(Arrays.asList(allowedOrigins)); configuration.setAllowedOrigins(Arrays.asList( "http://localhost:3000", "http://localhost:5173", "http://localhost:8080", "https://wedit.site", - "https://43.201.85.194.nip.io", - "https://wedit.site/oauth/callback/kakao" + "https://wedit.site/oauth/callback/kakao", + "https://api.wedit.site", + "https://api.wedit.site/oauth/callback/kakao" )); configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PATCH", "DELETE", "OPTIONS")); configuration.setAllowedHeaders(Arrays.asList("*")); From 9065e548ca542f35ac0adb3fd628a6ee3425ab3e Mon Sep 17 00:00:00 2001 From: dogsub Date: Thu, 20 Feb 2025 03:32:25 +0900 Subject: [PATCH 2/3] =?UTF-8?q?[fix]=20#140=20api.wedit.site=EB=A1=9C=20?= =?UTF-8?q?=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/wedit/weditapp/global/auth/jwt/JwtProvider.java | 6 ++---- .../global/auth/login/controller/AuthController.java | 7 +------ 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/src/main/java/com/wedit/weditapp/global/auth/jwt/JwtProvider.java b/src/main/java/com/wedit/weditapp/global/auth/jwt/JwtProvider.java index a044e37..a13bbff 100644 --- a/src/main/java/com/wedit/weditapp/global/auth/jwt/JwtProvider.java +++ b/src/main/java/com/wedit/weditapp/global/auth/jwt/JwtProvider.java @@ -84,8 +84,7 @@ public void setAccessTokenCookie(HttpServletResponse response, String accessToke accessCookie.setSecure(true); // HTTPS 상황에서만 전송 accessCookie.setPath("/"); accessCookie.setAttribute("SameSite", "None"); - //accessCookie.setDomain(cookieDomain); - accessCookie.setDomain("43.201.85.194.nip.io"); + accessCookie.setDomain("api.wedit.site"); accessCookie.setMaxAge((int) TimeUnit.MILLISECONDS.toSeconds(accessTokenExpiry)); response.addCookie(accessCookie); @@ -100,8 +99,7 @@ public void setRefreshTokenCookie(HttpServletResponse response, String refreshTo refreshCookie.setSecure(true); // HTTPS 환경에서만 전송 refreshCookie.setPath("/"); refreshCookie.setAttribute("SameSite", "None"); - //refreshCookie.setDomain(cookieDomain); - refreshCookie.setDomain("43.201.85.194.nip.io"); + refreshCookie.setDomain("api.wedit.site"); refreshCookie.setMaxAge((int) TimeUnit.MILLISECONDS.toSeconds(refreshTokenExpiry)); response.addCookie(refreshCookie); diff --git a/src/main/java/com/wedit/weditapp/global/auth/login/controller/AuthController.java b/src/main/java/com/wedit/weditapp/global/auth/login/controller/AuthController.java index f409c14..0ad1d4f 100644 --- a/src/main/java/com/wedit/weditapp/global/auth/login/controller/AuthController.java +++ b/src/main/java/com/wedit/weditapp/global/auth/login/controller/AuthController.java @@ -15,7 +15,6 @@ import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; -import org.springframework.beans.factory.annotation.Value; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; @@ -26,9 +25,6 @@ @RequiredArgsConstructor public class AuthController { - @Value("${cookie-domain}") - private String cookieDomain; - private final JwtProvider jwtProvider; private final MemberRepository memberRepository; private final RefreshTokenService refreshTokenService; @@ -100,8 +96,7 @@ public ResponseEntity>> logout(HttpServlet private void expireCookie(HttpServletResponse response, String cookieName) { Cookie cookie = new Cookie(cookieName, null); - //cookie.setDomain(cookieDomain); - cookie.setDomain("43.201.85.194.nip.io"); + cookie.setDomain("api.wedit.site"); cookie.setPath("/"); cookie.setHttpOnly(true); cookie.setSecure(true); From aeb242e88d28cd442ab468aa5901ad4f3c6b27de Mon Sep 17 00:00:00 2001 From: Dongyun Kim Date: Thu, 20 Feb 2025 07:21:01 +0900 Subject: [PATCH 3/3] =?UTF-8?q?[fix]=20#140=20=EB=8F=84=EB=A9=94=EC=9D=B8?= =?UTF-8?q?=20=ED=97=88=EC=9A=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/wedit/weditapp/global/auth/jwt/JwtProvider.java | 4 ++-- .../weditapp/global/auth/login/controller/AuthController.java | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/wedit/weditapp/global/auth/jwt/JwtProvider.java b/src/main/java/com/wedit/weditapp/global/auth/jwt/JwtProvider.java index a13bbff..ba1662b 100644 --- a/src/main/java/com/wedit/weditapp/global/auth/jwt/JwtProvider.java +++ b/src/main/java/com/wedit/weditapp/global/auth/jwt/JwtProvider.java @@ -84,7 +84,7 @@ public void setAccessTokenCookie(HttpServletResponse response, String accessToke accessCookie.setSecure(true); // HTTPS 상황에서만 전송 accessCookie.setPath("/"); accessCookie.setAttribute("SameSite", "None"); - accessCookie.setDomain("api.wedit.site"); + accessCookie.setDomain(".wedit.site"); accessCookie.setMaxAge((int) TimeUnit.MILLISECONDS.toSeconds(accessTokenExpiry)); response.addCookie(accessCookie); @@ -99,7 +99,7 @@ public void setRefreshTokenCookie(HttpServletResponse response, String refreshTo refreshCookie.setSecure(true); // HTTPS 환경에서만 전송 refreshCookie.setPath("/"); refreshCookie.setAttribute("SameSite", "None"); - refreshCookie.setDomain("api.wedit.site"); + refreshCookie.setDomain(".wedit.site"); refreshCookie.setMaxAge((int) TimeUnit.MILLISECONDS.toSeconds(refreshTokenExpiry)); response.addCookie(refreshCookie); diff --git a/src/main/java/com/wedit/weditapp/global/auth/login/controller/AuthController.java b/src/main/java/com/wedit/weditapp/global/auth/login/controller/AuthController.java index 0ad1d4f..33a2a1b 100644 --- a/src/main/java/com/wedit/weditapp/global/auth/login/controller/AuthController.java +++ b/src/main/java/com/wedit/weditapp/global/auth/login/controller/AuthController.java @@ -96,7 +96,7 @@ public ResponseEntity>> logout(HttpServlet private void expireCookie(HttpServletResponse response, String cookieName) { Cookie cookie = new Cookie(cookieName, null); - cookie.setDomain("api.wedit.site"); + cookie.setDomain(".wedit.site"); cookie.setPath("/"); cookie.setHttpOnly(true); cookie.setSecure(true);