Merge pull request #200 from prgrms-web-devcourse-final-project/test#179

[test] spring security test 작성

Author: seungwookc97

src/main/java/com/back/domain/cocktail/controller/CocktailShareController.java

@@ -3,6 +3,7 @@
 import com.back.domain.cocktail.repository.CocktailRepository;
 import com.back.global.rsData.RsData;
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -18,13 +19,16 @@
 public class CocktailShareController {
     private final CocktailRepository cocktailRepository;
 
+    @Value("${custom.prod.frontUrl}")
+    private String frontUrl;
+
     @GetMapping("/{id}/share")
     public ResponseEntity<RsData<Map<String, String>>> getShareLink(@PathVariable Long id) {
         return cocktailRepository.findById(id)
                 .map(cocktail -> {
                     Map<String, String> response = Map.of(
                             // 공유 URL
-                            "url", "https://www.ssoul.life/cocktails/" + cocktail.getId(),
+                            "url", frontUrl +"/cocktails/" + cocktail.getId(),
                             // 공유 제목
                             "title", cocktail.getCocktailName(),
                             // 공유 이미지 (선택)

src/main/java/com/back/global/jwt/JwtUtil.java

@@ -45,6 +45,21 @@ public String generateAccessToken(Long userId, String email, String nickname) {
                 .compact();
     }
 
+    // 테스트용: 커스텀 만료시간으로 토큰 생성
+    public String generateAccessTokenWithExpiration(Long userId, String email, String nickname, long customExpirationMs) {
+        Date now = new Date();
+        Date expiration = new Date(now.getTime() + customExpirationMs);
+
+        return Jwts.builder()
+                .setSubject(String.valueOf(userId))
+                .claim("email", email)
+                .claim("nickname", nickname)
+                .setIssuedAt(now)
+                .setExpiration(expiration)
+                .signWith(secretKey)
+                .compact();
+    }
+
 
     public void addAccessTokenToCookie(HttpServletResponse response, String accessToken) {
         Cookie cookie = new Cookie(ACCESS_TOKEN_COOKIE_NAME, accessToken);

src/main/java/com/back/global/rq/Rq.java

@@ -31,6 +31,9 @@ public class Rq {
     @Value("${custom.cookie.same}")
     private String cookieSameSite;
 
+    @Value("${custom.site.cookieDomain}")
+    private String cookieDomain;
+
 
     public User getActor() {
         return Optional.ofNullable(
@@ -95,6 +98,7 @@ public void setCrossDomainCookie(String name, String value, int maxAge) {
                 .maxAge(maxAge)
                 .secure(cookieSecure)
                 .sameSite(cookieSameSite)
+                .domain(cookieDomain)
                 .httpOnly(true)
                 .build();
         resp.addHeader("Set-Cookie", cookie.toString());

src/main/resources/application-dev.yml

@@ -60,7 +60,7 @@ logging:
 # 쿠키 보안 설정 (HTTP 환경용)
 custom:
   cookie:
-    secure: true
+    secure: false
     same: "Lax"
 
 #  # AI 설정

src/main/resources/application-prod.yml

@@ -19,7 +19,7 @@ spring:
     driver-class-name: com.mysql.cj.jdbc.Driver
   jpa:
     hibernate:
-      ddl-auto: create # 삭제 재성성 과정에서 외래키 제약발생. create 변경 후 배포 테스트
+      ddl-auto: update # 삭제 재성성 과정에서 외래키 제약발생. create 변경 후 배포 테스트
     properties:
       hibernate:
         show_sql: false
@@ -44,8 +44,8 @@ custom:
   cookie:
     secure: true
     same: "None"
-    domain: ${custom.prod.cookieDomain}
   site:
+    cookieDomain: "${BASE_URL}"
     frontUrl: "${custom.prod.frontUrl}"
     backUrl: "${custom.prod.backUrl}"
     name: ssoul

src/test/java/com/back/global/security/SecurityIntegrationTest.java

@@ -0,0 +1,153 @@
+package com.back.global.security;
+
+import com.back.domain.user.entity.User;
+import com.back.domain.user.repository.UserRepository;
+import com.back.global.jwt.JwtUtil;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureWebMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.MediaType;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.context.WebApplicationContext;
+
+import jakarta.servlet.http.Cookie;
+
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+
+@SpringBootTest
+@AutoConfigureWebMvc
+@TestPropertySource(locations = "classpath:application-test.yml")
+@Transactional
+class SecurityIntegrationTest {
+
+    @Autowired
+    private WebApplicationContext context;
+
+    @Autowired
+    private UserRepository userRepository;
+
+    @Autowired
+    private JwtUtil jwtUtil;
+
+    @Autowired
+    private ObjectMapper objectMapper;
+
+    private MockMvc mockMvc;
+    private User testUser;
+
+    @BeforeEach
+    void setUp() {
+        mockMvc = MockMvcBuilders
+                .webAppContextSetup(context)
+                .apply(springSecurity())
+                .build();
+
+        testUser = User.builder()
+                .email("test@example.com")
+                .nickname("테스트사용자")
+                .oauthId("test_123456")
+                .role("USER")
+                .build();
+        testUser = userRepository.save(testUser);
+    }
+
+    @Test
+    @DisplayName("JWT 토큰 없이 보호된 API 접근 - 통과 (현재 permitAll 설정)")
+    void accessProtectedApiWithoutToken() throws Exception {
+        mockMvc.perform(get("/api/test")
+                        .contentType(MediaType.APPLICATION_JSON))
+                .andExpect(status().isNotFound()); // 404 (엔드포인트 없음) - 인증은 통과
+    }
+
+    @Test
+    @DisplayName("유효한 JWT 토큰으로 API 접근 - CustomAuthenticationFilter 동작 확인")
+    void accessApiWithValidToken() throws Exception {
+        // given - 실제 JWT 토큰 생성
+        String accessToken = jwtUtil.generateAccessToken(testUser.getId(), testUser.getEmail(), testUser.getNickname());
+        Cookie tokenCookie = new Cookie("accessToken", accessToken);
+
+        // when & then - 실제 필터 체인 동작 확인
+        mockMvc.perform(get("/api/test")
+                        .cookie(tokenCookie)
+                        .contentType(MediaType.APPLICATION_JSON))
+                .andExpect(status().isNotFound()); // 엔드포인트 없음이지만 인증은 성공
+    }
+
+    @Test
+    @DisplayName("만료된 JWT 토큰으로 API 접근")
+    void accessApiWithExpiredToken() throws Exception {
+        // given - 만료된 토큰 생성 (음수 만료시간)
+        String expiredToken = jwtUtil.generateAccessTokenWithExpiration(
+                testUser.getId(), testUser.getEmail(), testUser.getNickname(), -1000);
+        Cookie tokenCookie = new Cookie("accessToken", expiredToken);
+
+        // when & then
+        mockMvc.perform(get("/api/test")
+                        .cookie(tokenCookie)
+                        .contentType(MediaType.APPLICATION_JSON))
+                .andExpect(status().isNotFound()); // 여전히 통과 (permitAll)
+    }
+
+    @Test
+    @DisplayName("잘못된 형식의 JWT 토큰으로 API 접근")
+    void accessApiWithInvalidToken() throws Exception {
+        // given
+        Cookie invalidTokenCookie = new Cookie("accessToken", "invalid.jwt.token");
+
+        // when & then
+        mockMvc.perform(get("/api/test")
+                        .cookie(invalidTokenCookie)
+                        .contentType(MediaType.APPLICATION_JSON))
+                .andExpect(status().isNotFound()); // 여전히 통과 (permitAll)
+    }
+
+    @Test
+    @DisplayName("OAuth2 로그인 엔드포인트 접근 - 실제 리다이렉트 확인")
+    void oAuth2LoginEndpoint() throws Exception {
+        mockMvc.perform(get("/oauth2/authorization/naver"))
+                .andExpect(status().is3xxRedirection())
+                .andExpect(header().exists("Location"))
+                .andExpect(header().string("Location",
+                    org.hamcrest.Matchers.containsString("nid.naver.com")));
+    }
+
+    @Test
+    @DisplayName("OAuth2 로그인 엔드포인트 - 카카오")
+    void kakaoLoginEndpoint() throws Exception {
+        mockMvc.perform(get("/oauth2/authorization/kakao"))
+                .andExpect(status().is3xxRedirection())
+                .andExpect(header().exists("Location"))
+                .andExpect(header().string("Location",
+                    org.hamcrest.Matchers.containsString("kauth.kakao.com")));
+    }
+
+    @Test
+    @DisplayName("OAuth2 로그인 엔드포인트 - 구글")
+    void googleLoginEndpoint() throws Exception {
+        mockMvc.perform(get("/oauth2/authorization/google"))
+                .andExpect(status().is3xxRedirection())
+                .andExpect(header().exists("Location"))
+                .andExpect(header().string("Location",
+                    org.hamcrest.Matchers.containsString("accounts.google.com")));
+    }
+
+    @Test
+    @DisplayName("CORS 헤더 확인")
+    void checkCorsHeaders() throws Exception {
+        mockMvc.perform(options("/api/test")
+                        .header("Origin", "http://localhost:3000")
+                        .header("Access-Control-Request-Method", "GET"))
+                .andExpect(status().isOk())
+                .andExpect(header().exists("Access-Control-Allow-Origin"))
+                .andExpect(header().exists("Access-Control-Allow-Credentials"));
+    }
+}

src/test/resources/application-test.yml

@@ -0,0 +1,75 @@
+spring:
+  profiles:
+    active: test
+
+  # H2 테스트 데이터베이스
+  datasource:
+    driver-class-name: org.h2.Driver
+    url: jdbc:h2:mem:testdb;MODE=MySQL
+    username: sa
+    password:
+
+  jpa:
+    hibernate:
+      ddl-auto: create-drop
+    properties:
+      hibernate:
+        show_sql: true
+        format_sql: true
+
+  # OAuth2 테스트 설정 (실제 동작하지 않지만 필터는 동작)
+  security:
+    oauth2:
+      client:
+        registration:
+          kakao:
+            clientId: test-kakao-client-id
+            scope: profile_nickname
+            client-name: Kakao
+            authorization-grant-type: authorization_code
+            redirect-uri: 'http://localhost:8080/login/oauth2/code/kakao'
+          google:
+            client-id: test-google-client-id
+            client-secret: test-google-client-secret
+            redirect-uri: 'http://localhost:8080/login/oauth2/code/google'
+            client-name: Google
+            scope: profile
+          naver:
+            client-id: test-naver-client-id
+            client-secret: test-naver-client-secret
+            scope: profile_nickname
+            client-name: Naver
+            authorization-grant-type: authorization_code
+            redirect-uri: 'http://localhost:8080/login/oauth2/code/naver'
+        provider:
+          kakao:
+            authorization-uri: https://kauth.kakao.com/oauth/authorize
+            token-uri: https://kauth.kakao.com/oauth/token
+            user-info-uri: https://kapi.kakao.com/v2/user/me
+            user-name-attribute: id
+          naver:
+            authorization-uri: https://nid.naver.com/oauth2.0/authorize
+            token-uri: https://nid.naver.com/oauth2.0/token
+            user-info-uri: https://openapi.naver.com/v1/nid/me
+            user-name-attribute: response
+
+
+custom:
+  dev:
+    cookieDomain: localhost
+    frontUrl: "http://localhost:3000"
+    backUrl: "http://localhost:8080"
+  site:
+    cookieDomain: localhost
+    frontUrl: "http://localhost:3000"
+    backUrl: "http://localhost:8080"
+    name: test
+  cookie:
+    secure: false
+    same: "Lax"
+  jwt:
+    secretKey: "test-secret-key-for-jwt-token-generation-and-validation-purposes-only"
+  accessToken:
+    expirationSeconds: "#{60*15}"
+  refreshToken:
+    expirationSeconds: "#{60*60*24*30}"

terraform/variables.tf

@@ -17,7 +17,7 @@ variable "prefix" {
 
 variable "app_1_domain" {
   description = "app_1 domain"
-  default     = "api.ssoul.o-r.kr"
+  default     = "api.ssoul.life"
 }
 
 variable "s3_bucket_name" {