Merge pull request #259 from FunD-StockProject/fix/social-login-providerId

Fix: 소셜 로그인 providerId를 식별자로 사용하도록 변경 및 애플 이메일 없는 경우 예외 처리

Author: MuuiGong

logs/stockProject-all.2025-11-01.0.log.gz

@@ -21,6 +21,7 @@
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import jakarta.validation.Valid;
+import jakarta.servlet.http.HttpServletRequest;
 
 import java.util.Map;
 
@@ -42,13 +43,17 @@ public class AuthController {
     })
     public ResponseEntity<Map<String, String>> register(
             @Parameter(description = "소셜 회원가입 요청 DTO", required = true)
-            @ModelAttribute OAuth2RegisterRequest request) {
+            @ModelAttribute OAuth2RegisterRequest request,
+            HttpServletRequest httpRequest) {
         try {
-            String imageUrl = authService.register(request);
+            String imageUrl = authService.register(request, buildClientKey(httpRequest));
             return ResponseEntity.ok(Map.of(
                     "message", "User registered successfully",
                     "profileImageUrl", imageUrl != null ? imageUrl : ""
             ));
+        } catch (IllegalArgumentException e) {
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST)
+                    .body(Map.of("message", e.getMessage()));
         } catch (Exception e) {
             return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
                     .body(Map.of("message", "Failed to complete social registration: " + e.getMessage()));
@@ -236,4 +241,17 @@ public ResponseEntity<Map<String, Boolean>> checkEmailDuplicate(
         boolean isDuplicate = authService.isEmailDuplicate(email);
         return ResponseEntity.ok(Map.of("duplicate", isDuplicate));
     }
+
+    private String buildClientKey(HttpServletRequest request) {
+        String forwardedFor = request.getHeader("X-Forwarded-For");
+        String ip;
+        if (forwardedFor != null && !forwardedFor.isBlank()) {
+            String[] parts = forwardedFor.split(",");
+            ip = parts.length > 0 ? parts[0].trim() : request.getRemoteAddr();
+        } else {
+            ip = request.getRemoteAddr();
+        }
+        String userAgent = request.getHeader("User-Agent");
+        return (ip == null ? "" : ip.trim()) + "|" + (userAgent == null ? "" : userAgent.trim());
+    }
 }

logs/stockProject-error.2025-11-01.0.log.gz

@@ -20,6 +20,7 @@
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.Parameter;
+import jakarta.servlet.http.HttpServletRequest;
 
 @Slf4j
 @RestController
@@ -119,10 +120,11 @@ public ResponseEntity<LoginResponse> googleLogin(
     })
     public ResponseEntity<LoginResponse> appleLogin(
             @Parameter(description = "인가 코드", example = "c1d2e3f4...") @RequestParam String code,
-            @Parameter(description = "redirect uri", example = "http://localhost:5173/login/oauth2/code/apple") @RequestParam String state) {
+            @Parameter(description = "redirect uri", example = "http://localhost:5173/login/oauth2/code/apple") @RequestParam String state,
+            HttpServletRequest request) {
         try {
             log.info("Apple login attempt - state: {}", state);
-            LoginResponse response = oAuth2Service.appleLogin(code, state);
+            LoginResponse response = oAuth2Service.appleLogin(code, state, null, buildClientKey(request));
 
             if ("NEED_REGISTER".equals(response.getState())) {
                 log.info("Apple login - registration required");
@@ -149,15 +151,16 @@ public ResponseEntity<LoginResponse> appleLoginFormPost(
             @Parameter(description = "redirect uri", example = "http://localhost:5173/login/oauth2/code/apple") @RequestParam String state,
             @Parameter(description = "user") @RequestParam(required = false) String user,
             @Parameter(description = "error", example = "invalid_request") @RequestParam(required = false) String error,
-            @Parameter(description = "error_description") @RequestParam(required = false, name = "error_description") String errorDescription) {
+            @Parameter(description = "error_description") @RequestParam(required = false, name = "error_description") String errorDescription,
+            HttpServletRequest request) {
         if (error != null && !error.isBlank()) {
             log.warn("Apple login form_post error: {} - {}", error, errorDescription);
             return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
         }
 
         try {
             log.info("Apple login (form_post) attempt - state: {}", state);
-            LoginResponse response = oAuth2Service.appleLogin(code, state, user);
+            LoginResponse response = oAuth2Service.appleLogin(code, state, user, buildClientKey(request));
 
             if ("NEED_REGISTER".equals(response.getState())) {
                 log.info("Apple login (form_post) - registration required");
@@ -172,4 +175,17 @@ public ResponseEntity<LoginResponse> appleLoginFormPost(
         }
     }
 
+    private String buildClientKey(HttpServletRequest request) {
+        String forwardedFor = request.getHeader("X-Forwarded-For");
+        String ip;
+        if (forwardedFor != null && !forwardedFor.isBlank()) {
+            String[] parts = forwardedFor.split(",");
+            ip = parts.length > 0 ? parts[0].trim() : request.getRemoteAddr();
+        } else {
+            ip = request.getRemoteAddr();
+        }
+        String userAgent = request.getHeader("User-Agent");
+        return (ip == null ? "" : ip.trim()) + "|" + (userAgent == null ? "" : userAgent.trim());
+    }
+
 }

logs/stockProject-info.2025-11-01.0.log.gz

@@ -14,10 +14,16 @@
 public class OAuth2RegisterRequest {
     @Schema(description = "사용자 닉네임", example = "human123", requiredMode = Schema.RequiredMode.REQUIRED)
     private String nickname;
-    @Schema(description = "사용자 이메일", example = "user@example.com", requiredMode = Schema.RequiredMode.REQUIRED)
+    @Schema(
+            description = "사용자 이메일 (Apple 최초 로그인 등 제공되지 않는 경우 생략 가능)",
+            example = "user@example.com",
+            requiredMode = Schema.RequiredMode.NOT_REQUIRED
+    )
     private String email;
     @Schema(description = "OAuth2 제공자", example = "KAKAO", allowableValues = {"KAKAO","NAVER","GOOGLE","APPLE"}, requiredMode = Schema.RequiredMode.REQUIRED)
     private PROVIDER provider;
+    @Schema(description = "OAuth2 제공자의 고유 사용자 ID(예: Apple sub)", example = "001234.abcd5678efgh", requiredMode = Schema.RequiredMode.NOT_REQUIRED)
+    private String providerId;
     @Schema(description = "생년월일 (yyyy-MM-dd)", example = "1993-08-15")
     @DateTimeFormat(pattern = "yyyy-MM-dd")
     private LocalDate birthDate;

logs/stockProject-warn.2025-11-01.0.log.gz

@@ -0,0 +1,163 @@
+package com.fund.stockProject.auth.service;
+
+import com.fund.stockProject.auth.domain.PROVIDER;
+import org.springframework.stereotype.Service;
+
+import java.time.Duration;
+import java.util.Optional;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+
+@Service
+public class AppleLoginContextService {
+
+    private static final String FALLBACK_PREFIX = "apple_";
+    private static final String FALLBACK_DOMAIN = "@apple.local";
+    private static final long PENDING_TTL_MILLIS = Duration.ofMinutes(30).toMillis();
+
+    private final ConcurrentMap<String, PendingProviderId> pendingProviderIdsByEmail = new ConcurrentHashMap<>();
+    private final ConcurrentMap<String, PendingProviderId> pendingProviderIdsByClient = new ConcurrentHashMap<>();
+
+    public void savePendingProviderId(PROVIDER provider, String email, String providerId) {
+        String normalizedEmail = normalizeEmail(email);
+        String scopedKey = buildScopedKey(provider, normalizedEmail);
+        if (scopedKey == null || isBlank(providerId)) {
+            return;
+        }
+        cleanupExpiredIfNeeded();
+        pendingProviderIdsByEmail.put(
+                scopedKey,
+                new PendingProviderId(providerId.trim(), System.currentTimeMillis() + PENDING_TTL_MILLIS)
+        );
+    }
+
+    public Optional<String> consumePendingProviderId(PROVIDER provider, String email) {
+        String normalizedEmail = normalizeEmail(email);
+        String scopedKey = buildScopedKey(provider, normalizedEmail);
+        if (scopedKey == null) {
+            return Optional.empty();
+        }
+
+        PendingProviderId pending = pendingProviderIdsByEmail.remove(scopedKey);
+        if (pending == null || pending.expiresAtMillis < System.currentTimeMillis()) {
+            return Optional.empty();
+        }
+        return Optional.of(pending.providerId);
+    }
+
+    public void savePendingProviderIdByClient(PROVIDER provider, String clientKey, String providerId) {
+        String normalizedClientKey = normalizeClientKey(clientKey);
+        String scopedKey = buildScopedKey(provider, normalizedClientKey);
+        if (scopedKey == null || isBlank(providerId)) {
+            return;
+        }
+        cleanupExpiredIfNeeded();
+        pendingProviderIdsByClient.put(
+                scopedKey,
+                new PendingProviderId(providerId.trim(), System.currentTimeMillis() + PENDING_TTL_MILLIS)
+        );
+    }
+
+    public Optional<String> consumePendingProviderIdByClient(PROVIDER provider, String clientKey) {
+        String normalizedClientKey = normalizeClientKey(clientKey);
+        String scopedKey = buildScopedKey(provider, normalizedClientKey);
+        if (scopedKey == null) {
+            return Optional.empty();
+        }
+
+        PendingProviderId pending = pendingProviderIdsByClient.remove(scopedKey);
+        if (pending == null || pending.expiresAtMillis < System.currentTimeMillis()) {
+            return Optional.empty();
+        }
+        return Optional.of(pending.providerId);
+    }
+
+    public String buildFallbackEmail(String providerId) {
+        if (isBlank(providerId)) {
+            throw new IllegalArgumentException("Apple providerId is required to build fallback email");
+        }
+        return FALLBACK_PREFIX + encodeHex(providerId.trim()) + FALLBACK_DOMAIN;
+    }
+
+    public Optional<String> extractProviderIdFromFallbackEmail(String email) {
+        String normalizedEmail = normalizeEmail(email);
+        if (normalizedEmail == null || !normalizedEmail.endsWith(FALLBACK_DOMAIN)) {
+            return Optional.empty();
+        }
+        String localPart = normalizedEmail.substring(0, normalizedEmail.length() - FALLBACK_DOMAIN.length());
+        if (!localPart.startsWith(FALLBACK_PREFIX)) {
+            return Optional.empty();
+        }
+
+        String encoded = localPart.substring(FALLBACK_PREFIX.length());
+        if (encoded.isEmpty() || encoded.length() % 2 != 0) {
+            return Optional.empty();
+        }
+
+        try {
+            return Optional.of(decodeHex(encoded));
+        } catch (IllegalArgumentException e) {
+            return Optional.empty();
+        }
+    }
+
+    private void cleanupExpiredIfNeeded() {
+        if (pendingProviderIdsByEmail.size() + pendingProviderIdsByClient.size() < 1000) {
+            return;
+        }
+        long now = System.currentTimeMillis();
+        pendingProviderIdsByEmail.entrySet().removeIf(entry -> entry.getValue().expiresAtMillis < now);
+        pendingProviderIdsByClient.entrySet().removeIf(entry -> entry.getValue().expiresAtMillis < now);
+    }
+
+    private String normalizeEmail(String email) {
+        if (isBlank(email)) {
+            return null;
+        }
+        return email.trim().toLowerCase(java.util.Locale.ROOT);
+    }
+
+    private boolean isBlank(String value) {
+        return value == null || value.trim().isEmpty();
+    }
+
+    private String normalizeClientKey(String clientKey) {
+        if (isBlank(clientKey)) {
+            return null;
+        }
+        return clientKey.trim().toLowerCase(java.util.Locale.ROOT);
+    }
+
+    private String buildScopedKey(PROVIDER provider, String key) {
+        if (provider == null || key == null) {
+            return null;
+        }
+        return provider.name() + "|" + key;
+    }
+
+    private String encodeHex(String value) {
+        byte[] bytes = value.getBytes(java.nio.charset.StandardCharsets.UTF_8);
+        StringBuilder sb = new StringBuilder(bytes.length * 2);
+        for (byte b : bytes) {
+            sb.append(String.format("%02x", b & 0xff));
+        }
+        return sb.toString();
+    }
+
+    private String decodeHex(String hex) {
+        int len = hex.length();
+        byte[] data = new byte[len / 2];
+        for (int i = 0; i < len; i += 2) {
+            int high = Character.digit(hex.charAt(i), 16);
+            int low = Character.digit(hex.charAt(i + 1), 16);
+            if (high < 0 || low < 0) {
+                throw new IllegalArgumentException("Invalid hex string");
+            }
+            data[i / 2] = (byte) ((high << 4) + low);
+        }
+        return new String(data, java.nio.charset.StandardCharsets.UTF_8);
+    }
+
+    private record PendingProviderId(String providerId, long expiresAtMillis) {
+    }
+}

src/main/java/com/fund/stockProject/auth/controller/AuthController.java

@@ -24,6 +24,8 @@
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.multipart.MultipartFile;
 
+import java.util.Optional;
+
 import static com.fund.stockProject.auth.domain.ROLE.ROLE_USER;
 
 @Service
@@ -40,6 +42,7 @@ public class AuthService {
     private final PasswordEncoder passwordEncoder;
     private final AuthenticationManager authenticationManager;
     private final TokenService tokenService;
+    private final AppleLoginContextService appleLoginContextService;
 
     /**
      * 현재 사용자가 인증된 상태인지 확인합니다.
@@ -109,19 +112,35 @@ public boolean isEmailDuplicate(String email) {
     }
 
     @Transactional(rollbackFor = Exception.class)
-    public String register(OAuth2RegisterRequest oAuth2RegisterRequest) {
+    public String register(OAuth2RegisterRequest oAuth2RegisterRequest, String clientKey) {
         try {
+            String nickname = normalizeToNull(oAuth2RegisterRequest.getNickname());
+            if (nickname == null) {
+                throw new IllegalArgumentException("Nickname is required.");
+            }
+
+            PROVIDER provider = oAuth2RegisterRequest.getProvider();
+            if (provider == null) {
+                throw new IllegalArgumentException("Provider is required.");
+            }
+
             MultipartFile image = oAuth2RegisterRequest.getImage();
             String imageUrl = (image != null && !image.isEmpty()) ? s3Service.uploadUserImage(image, "users") : null;
+            String providerId = resolveSocialProviderId(oAuth2RegisterRequest, provider, clientKey);
+            String email = resolveRegistrationEmail(oAuth2RegisterRequest, provider, providerId);
+            Boolean marketingAgreement = oAuth2RegisterRequest.getMarketingAgreement() != null
+                    ? oAuth2RegisterRequest.getMarketingAgreement()
+                    : false;
 
             User user = User.builder()
-                    .email(oAuth2RegisterRequest.getEmail())
-                    .nickname(oAuth2RegisterRequest.getNickname())
+                    .email(email)
+                    .nickname(nickname)
                     .birthDate(oAuth2RegisterRequest.getBirthDate())
-                    .provider(oAuth2RegisterRequest.getProvider())
+                    .provider(provider)
+                    .providerId(providerId)
                     .role(ROLE_USER)
                     .isActive(true)
-                    .marketingAgreement(oAuth2RegisterRequest.getMarketingAgreement())
+                    .marketingAgreement(marketingAgreement)
                     .profileImageUrl(imageUrl)
                     .build();
 
@@ -135,6 +154,54 @@ public String register(OAuth2RegisterRequest oAuth2RegisterRequest) {
         }
     }
 
+    private String resolveSocialProviderId(OAuth2RegisterRequest request, PROVIDER provider, String clientKey) {
+        String requestProviderId = normalizeToNull(request.getProviderId());
+        if (requestProviderId != null) {
+            return requestProviderId;
+        }
+
+        String email = normalizeToNull(request.getEmail());
+        if (email != null) {
+            Optional<String> pendingProviderId = appleLoginContextService.consumePendingProviderId(provider, email);
+            if (provider == PROVIDER.APPLE) {
+                return pendingProviderId
+                        .or(() -> appleLoginContextService.extractProviderIdFromFallbackEmail(email))
+                        .orElse(null);
+            }
+            return pendingProviderId.orElse(null);
+        }
+
+        if (provider != PROVIDER.APPLE) {
+            return null;
+        }
+
+        return appleLoginContextService.consumePendingProviderIdByClient(PROVIDER.APPLE, clientKey).orElse(null);
+    }
+
+    private String resolveRegistrationEmail(OAuth2RegisterRequest request, PROVIDER provider, String providerId) {
+        String email = normalizeToNull(request.getEmail());
+        if (email != null) {
+            return email;
+        }
+
+        if (provider == PROVIDER.APPLE) {
+            if (providerId == null) {
+                throw new IllegalArgumentException("Apple registration context expired. Please retry Apple login.");
+            }
+            return appleLoginContextService.buildFallbackEmail(providerId);
+        }
+
+        throw new IllegalArgumentException("Email is required.");
+    }
+
+    private String normalizeToNull(String value) {
+        if (value == null) {
+            return null;
+        }
+        String trimmed = value.trim();
+        return trimmed.isEmpty() ? null : trimmed;
+    }
+
     /**
      * 일반 회원가입
      */