fix: 충돌해결

woowacourse-teams · Oct 24, 2024 · a767b2d · a767b2d
2 parents 651d44e + dffc4da
commit a767b2d
Show file tree

Hide file tree

Showing 496 changed files with 15,493 additions and 3,900 deletions.
diff --git a/.github/workflows/be-rolling-deploy.yml b/.github/workflows/be-rolling-deploy.yml
@@ -0,0 +1,68 @@
+name: Rolling Deployment
+
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  deploy-prod1:
+    name: Deploy to Prod1 Instance
+    runs-on: runner-prod1
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Run Prod1 instance deploy script
+        run: |
+          cd ~/deploy && ./deploy.sh
+
+  check-prod1:
+    name: Check Prod1 Instance
+    runs-on: runner-prod1
+    needs: deploy-prod1
+
+    steps:
+      - name: Wait for Prod1 instance to be ready
+        run: sleep 30
+
+      - name: Health check for Prod1 instance
+        run: |
+          RESPONSE=$(curl --write-out '%{http_code}' --silent --output /dev/null http://localhost:8080/health)
+          if [ $RESPONSE -ne 200 ]; then
+            echo "Prod1 instance deployment failed."
+            exit 1
+          fi
+          echo "Prod1 instance is healthy."
+
+  deploy-prod2:
+    name: Deploy to Prod2 Instance
+    runs-on: runner-prod2
+    needs: check-prod1
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Run Prod2 instance deploy script
+        run: |
+          cd ~/deploy && ./deploy.sh
+
+  check-prod2:
+    name: Check Prod2 Instance
+    runs-on: runner-prod2
+    needs: deploy-prod2
+
+    steps:
+      - name: Wait for Prod2 instance to be ready
+        run: sleep 30
+
+      - name: Health check for Prod2 instance
+        run: |
+          RESPONSE=$(curl --write-out '%{http_code}' --silent --output /dev/null http://localhost:8080/health)
+          if [ $RESPONSE -ne 200 ]; then
+            echo "Prod2 instance deployment failed."
+            exit 1
+          fi
+          echo "Prod2 instance is healthy."
diff --git a/.github/workflows/cd-prod.yml b/.github/workflows/cd-prod.yml
@@ -6,10 +6,35 @@ on:
       - develop
 
 jobs:
-  deploy:
-    runs-on: prod
+  deploy-on-prod1:
+    runs-on: [self-hosted, runner-prod1]
 
     steps:
+      - name: update properties if exists
+        run: |
+          if [ -n "${{ secrets.NEW_PROPERTIES }}" ]; then
+            cd ~/deploy
+            echo "${{ secrets.NEW_PROPERTIES }}" > new_properties
+            ./update-properties.sh
+          fi
+
+      - name: deploy
+        run: |
+          cd ~/deploy && ./deploy.sh
+
+  deploy-on-prod2:
+    runs-on: [self-hosted, runner-prod2]
+    needs: deploy-on-prod1
+
+    steps:
+      - name: update properties if exists
+        run: |
+          if [ -n "${{ secrets.NEW_PROPERTIES }}" ]; then
+            cd ~/deploy
+            echo "${{ secrets.NEW_PROPERTIES }}" > new_properties
+            ./update-properties.sh
+          fi
+
       - name: deploy
         run: |
           cd ~/deploy && ./deploy.sh
diff --git a/.github/workflows/cicd-backend-dev.yml b/.github/workflows/cicd-backend-dev.yml
@@ -29,6 +29,11 @@ jobs:
           mkdir -p src/main/resources/firebase
           echo ${{ secrets.BACKEND_FIREBASE_JSON }} > src/main/resources/firebase/serviceAccountKey.json
 
+      - name: Apple Auth Key 파일 이동
+        run: |
+          mkdir -p src/main/resources/auth
+          printf "%s" "${{ secrets.APPLE_AUTH_KEY }}" > src/main/resources/auth/AuthKey.p8
+          
       - name: gradlew 권한 부여
         run: chmod +x ./gradlew
 
@@ -51,10 +56,6 @@ jobs:
     runs-on: [self-hosted, develop]
 
     steps:
-      - name: change permission
-        run: |
-          sudo chown -R ubuntu:ubuntu /home/ubuntu/actions-runner/_work/2024-mouda
-
       - name: DockerHub login
         uses: docker/login-action@v1
         with:
@@ -63,6 +64,7 @@ jobs:
 
       - name: Docker Compose up
         run: |
-          docker compose -f ./backend/docker-compose.yml down mouda-be
-          docker compose -f ./backend/docker-compose.yml pull mouda-be
-          docker compose -f ./backend/docker-compose.yml up -d mouda-be
+          cd ~/deploy
+          docker compose -f docker-compose-be.yml down
+          docker compose -f docker-compose-be.yml pull
+          docker compose -f docker-compose-be.yml up -d 
diff --git a/.github/workflows/pr-test.yml b/.github/workflows/pr-test.yml
@@ -29,6 +29,11 @@ jobs:
           mkdir -p src/main/resources/firebase
           echo ${{ secrets.BACKEND_FIREBASE_JSON }} > src/main/resources/firebase/serviceAccountKey.json
 
+      - name: Apple Auth Key 파일 이동
+        run: |
+          mkdir -p src/main/resources/auth
+          printf "%s" "${{ secrets.APPLE_AUTH_KEY }}" > src/main/resources/auth/AuthKey.p8
+          
       - name: gradlew 권한 부여
         run: chmod +x ./gradlew
 

diff --git a/.gitignore b/.gitignore
@@ -4,3 +4,4 @@
 /frontend/.idea
 /backend/htmlReport
 *.pem
+backend/src/main/resources/auth/AuthKey.p8
diff --git a/backend/.gitignore b/backend/.gitignore
@@ -7,4 +7,3 @@ build/
 out
 logs
 src/main/resources/firebase
-src/main/resources/application-prod.yml
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -49,9 +49,23 @@ dependencies {
     testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
     testCompileOnly 'org.projectlombok:lombok'
     testAnnotationProcessor 'org.projectlombok:lombok'
+    testImplementation 'org.awaitility:awaitility:4.2.0'
+
+    // jackson
+    implementation 'com.fasterxml.jackson.core:jackson-databind:2.14.2'
 
     // notification
     implementation 'com.google.firebase:firebase-admin:9.3.0'
+
+    //Google Oauth
+    implementation 'com.google.api-client:google-api-client:1.32.1'
+
+    // S3
+    implementation 'com.amazonaws:aws-java-sdk-s3:1.12.773'
+
+    // monitoring
+    implementation 'org.springframework.boot:spring-boot-starter-actuator'
+    implementation 'io.micrometer:micrometer-registry-prometheus'
 }
 
 tasks.named('test') {

diff --git a/backend/src/main/java/mouda/backend/aop/logging/RequestLoggingAspect.java b/backend/src/main/java/mouda/backend/aop/logging/RequestLoggingAspect.java
@@ -46,20 +46,30 @@ public void logController(JoinPoint joinPoint) {
 
 		String memberInfo = getMemberInfo(joinPoint);
 
-		log.info("Request Logging: {} {} member - {} body - {} parameters - {}", httpMethod, uri, memberInfo, body,
-			queryParameters);
+		StringBuilder stringBuilder = new StringBuilder();
+		stringBuilder.append(String.format("Request : %s %s", httpMethod, uri));
+		if (memberInfo != null) {
+			stringBuilder.append(String.format(", member : %s", memberInfo));
+		}
+		if (body != null) {
+			stringBuilder.append(String.format(", body : %s", body));
+		}
+		if (queryParameters != null) {
+			stringBuilder.append(String.format(", parameters : %s", queryParameters));
+		}
+		log.info(stringBuilder.toString());
 	}
 
 	private String getMemberInfo(JoinPoint joinPoint) {
 		for (Object arg : joinPoint.getArgs()) {
 			if (arg instanceof Member) {
-				return "Member ID: " + ((Member)arg).getId();
+				return "Member ID = " + ((Member)arg).getId();
 			}
 			if (arg instanceof DarakbangMember) {
-				return "DarakbangMember ID: " + ((DarakbangMember)arg).getId();
+				return "DarakbangMember ID = " + ((DarakbangMember)arg).getId();
 			}
 		}
-		return "No member";
+		return null;
 	}
 
 	private HttpServletRequest getHttpServletRequest() {

diff --git a/backend/src/main/java/mouda/backend/auth/Infrastructure/AppleOauthClient.java b/backend/src/main/java/mouda/backend/auth/Infrastructure/AppleOauthClient.java
@@ -0,0 +1,93 @@
+package mouda.backend.auth.Infrastructure;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Component;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.RestClient;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import mouda.backend.auth.Infrastructure.response.AppleRefreshTokenResponse;
+import mouda.backend.auth.implement.jwt.ClientSecretProvider;
+import mouda.backend.auth.presentation.response.OauthResponse;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class AppleOauthClient implements OauthClient {
+
+	public static final String CLIENT_ID = "site.mouda.backend";
+	private static final String APPLE_API_URL = "https://appleid.apple.com/auth";
+	private static final String GRANT_TYPE = "authorization_code";
+
+	private final RestClient restClient;
+	private final ClientSecretProvider clientSecretProvider;
+
+	@Value("${oauth.apple.redirect-uri}")
+	private String redirectUri;
+
+	@Override
+	public String getIdToken(String code) {
+		String tokenUrl = APPLE_API_URL + "/token";
+		MultiValueMap<String, String> formData = getFormData(code);
+
+		OauthResponse oauthResponse = restClient.method(HttpMethod.POST)
+			.uri(tokenUrl)
+			.headers(httpHeaders -> httpHeaders.addAll(getHttpHeaders()))
+			.body(formData)
+			.retrieve()
+			.body(OauthResponse.class);
+		return oauthResponse.id_token();
+	}
+
+	public String getRefreshToken(String code) {
+		String tokenUrl = APPLE_API_URL + "/token";
+		MultiValueMap<String, String> formData = getFormData(code);
+
+		AppleRefreshTokenResponse response = restClient.method(HttpMethod.POST)
+			.uri(tokenUrl)
+			.headers(httpHeaders -> httpHeaders.addAll(getHttpHeaders()))
+			.body(formData)
+			.retrieve()
+			.body(AppleRefreshTokenResponse.class);
+		return response.refresh_token();
+	}
+
+	// TODO: 애플 심사 시 필요할 수 있으므로 제거하지 않습니다.
+	// public void revoke(String refreshToken) {
+	// 	String revokeUrl = APPLE_API_URL + "/oauth2/v2/revoke";
+	// 	MultiValueMap<String, String> formData = new LinkedMultiValueMap<>();
+	// 	formData.add("client_id", CLIENT_ID);
+	// 	formData.add("client_secret", clientSecretProvider.provide());
+	// 	formData.add("token", refreshToken);
+	// 	formData.add("token_hint_type", "refresh_token");
+	//
+	// 	ResponseEntity<String> result = restClient.method(HttpMethod.POST)
+	// 		.uri(revokeUrl)
+	// 		.headers(httpHeaders -> httpHeaders.addAll(getHttpHeaders()))
+	// 		.body(formData)
+	// 		.retrieve()
+	// 		.toEntity(String.class);
+	// 	log.info("revoke status code : {}", result.getStatusCode());
+	// }
+
+	private MultiValueMap<String, String> getFormData(String code) {
+		MultiValueMap<String, String> formData = new LinkedMultiValueMap<>();
+		formData.add("client_id", CLIENT_ID);
+		formData.add("client_secret", clientSecretProvider.provide());
+		formData.add("code", code);
+		formData.add("grant_type", GRANT_TYPE);
+		formData.add("redirect_uri", redirectUri);
+		return formData;
+	}
+
+	private HttpHeaders getHttpHeaders() {
+		HttpHeaders headers = new HttpHeaders();
+		headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+		return headers;
+	}
+}
diff --git a/backend/src/main/java/mouda/backend/auth/Infrastructure/GoogleOauthClient.java b/backend/src/main/java/mouda/backend/auth/Infrastructure/GoogleOauthClient.java
@@ -0,0 +1,74 @@
+package mouda.backend.auth.Infrastructure;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Component;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.RestClient;
+
+import com.fasterxml.jackson.databind.JsonNode;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+@Component
+@Slf4j
+@RequiredArgsConstructor
+public class GoogleOauthClient implements OauthClient {
+
+	private static final String CLIENT_ID = "630308965506-4eiek02jh2a5fbj7as1o84l4mks3s2tu.apps.googleusercontent.com";
+	private static final String GRANT_TYPE = "authorization_code";
+	private static final String GOOGLE_API_URL = "https://oauth2.googleapis.com/token";
+
+	@Value("${oauth.google.client-secret}")
+	private String clientSecret;
+
+	@Value("${oauth.google.redirect-uri}")
+	private String redirectUri;
+
+	private final RestClient restClient;
+
+	@Override
+	public String getIdToken(String code) {
+		try {
+			HttpHeaders headers = getHttpHeaders();
+			MultiValueMap<String, String> formData = getFormData(code);
+
+			JsonNode oauthResponse = restClient.method(HttpMethod.POST)
+				.uri(GOOGLE_API_URL)
+				.headers(httpHeaders -> httpHeaders.addAll(headers))
+				.body(formData)
+				.retrieve()
+				.body(JsonNode.class);
+			return oauthResponse.get("id_token").asText();
+		} catch (Exception e) {
+			log.warn(e.getMessage());
+			// throw new AuthException(HttpStatus.BAD_GATEWAY, TOKEN_ISSUE_FAILED);
+			throw e;
+		}
+	}
+
+	private HttpHeaders getHttpHeaders() {
+		HttpHeaders headers = new HttpHeaders();
+		headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+		return headers;
+	}
+
+	private MultiValueMap<String, String> getFormData(String code) {
+		String scope = "https://www.googleapis.com/auth/userinfo.email " +
+			"https://www.googleapis.com/auth/userinfo.profile " +
+			"openid";
+
+		MultiValueMap<String, String> formData = new LinkedMultiValueMap<>();
+		formData.add("client_id", CLIENT_ID);
+		formData.add("client_secret", clientSecret);
+		formData.add("code", code);
+		formData.add("grant_type", GRANT_TYPE);
+		formData.add("redirect_uri", redirectUri);
+		formData.add("scope", scope);
+		return formData;
+	}
+}