Conversation
- QR 코드 기반 웹 로그인 세션 관리 (Redis) - 웹용 Access Token 발급 (3일 만료) - CORS에 web.toduck.app 도메인 추가 - 웹 로그인 인증 엔드포인트 보안 설정 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Caution Review failedThe pull request is closed. Note
|
| 코호트 / 파일 | 변경 요약 |
|---|---|
의존성 관리 build.gradle |
ZXing 라이브러리 2개 추가 (core, javase 3.5.3) |
JWT 토큰 생성 src/main/java/im/toduck/domain/auth/domain/service/JwtService.java, src/main/java/im/toduck/global/security/jwt/access/AccessTokenProvider.java |
웹 액세스 토큰 생성 메서드 추가 (3일 유효기간), 커스텀 만료 시간을 지원하는 generateTokenWithCustomExpiry 메서드 추가 |
웹 로그인 핵심 로직 src/main/java/im/toduck/domain/auth/domain/usecase/WebLoginUseCase.java |
세션 생성, 승인, 상태 폴링 및 QR 코드 생성 로직을 포함하는 웹 로그인 유스케이스 구현 |
Redis 세션 관리 src/main/java/im/toduck/infra/redis/weblogin/WebLoginSession.java, src/main/java/im/toduck/infra/redis/weblogin/WebLoginSessionRepository.java, src/main/java/im/toduck/infra/redis/weblogin/WebLoginSessionService.java, src/main/java/im/toduck/infra/redis/weblogin/WebLoginSessionServiceImpl.java, src/main/java/im/toduck/infra/redis/weblogin/WebLoginSessionStatus.java |
Redis 기반 세션 저장소, 저장소 인터페이스 및 구현, 상태 enum 추가 |
REST API 계층 src/main/java/im/toduck/domain/auth/presentation/api/WebLoginApi.java, src/main/java/im/toduck/domain/auth/presentation/controller/WebLoginController.java |
웹 로그인 API 인터페이스 및 컨트롤러 구현 (/v1/auth/web 엔드포인트) |
요청/응답 DTO src/main/java/im/toduck/domain/auth/presentation/dto/request/WebLoginAuthorizeRequest.java, src/main/java/im/toduck/domain/auth/presentation/dto/response/WebSessionCreateResponse.java, src/main/java/im/toduck/domain/auth/presentation/dto/response/WebSessionStatusResponse.java |
세션 생성 및 승인 요청/응답 객체, 세션 상태 응답 객체 추가 |
보안 설정 src/main/java/im/toduck/global/config/security/CorsConfig.java, src/main/java/im/toduck/global/config/security/SecurityConfig.java |
CORS 허용 원본에 https://web.toduck.app 추가, /v1/auth/web/authorize 엔드포인트 인증 필수 설정 |
Sequence Diagram(s)
sequenceDiagram
participant 클라이언트 as 클라이언트<br/>(웹)
participant API as WebLoginController<br/>/v1/auth/web
participant UseCase as WebLoginUseCase
participant Redis as Redis<br/>세션저장소
participant JWT as JwtService
rect rgba(100, 200, 150, 0.5)
Note over 클라이언트,JWT: 1. 세션 생성 및 QR 코드 생성
클라이언트->>API: POST /sessions (익명)
API->>UseCase: createWebSession()
UseCase->>Redis: createSession()
Redis-->>UseCase: sessionToken 반환
UseCase->>UseCase: generateQrCode(sessionToken)
UseCase-->>API: WebSessionCreateResponse<br/>(sessionToken, qrImageBase64)
API-->>클라이언트: ApiResponse with QR코드
end
rect rgba(100, 150, 200, 0.5)
Note over 클라이언트,JWT: 2. 세션 승인 (모바일에서)
클라이언트->>API: POST /authorize (인증됨)<br/>WebLoginAuthorizeRequest
API->>UseCase: authorizeWebSession(userId, role, request)
UseCase->>Redis: findBySessionToken()
Redis-->>UseCase: WebLoginSession
UseCase->>UseCase: approve(userId, role)
UseCase->>Redis: save(session)
UseCase-->>API: true
API-->>클라이언트: ApiResponse(true)
end
rect rgba(200, 150, 100, 0.5)
Note over 클라이언트,JWT: 3. 상태 폴링 및 토큰 발급
클라이언트->>API: GET /sessions/{sessionToken} (익명)
API->>UseCase: getWebSessionStatus(sessionToken)
UseCase->>Redis: findBySessionToken()
Redis-->>UseCase: WebLoginSession (APPROVED)
UseCase->>JWT: createWebAccessToken(userId, role)
JWT-->>UseCase: accessToken (3일 유효)
UseCase->>Redis: deleteSession(sessionToken)
UseCase-->>API: WebSessionStatusResponse<br/>(APPROVED, accessToken, userId)
API-->>클라이언트: ApiResponse with accessToken
end
Estimated code review effort
🎯 4 (Complex) | ⏱️ ~45분
Possibly related PRs
- 웹 로그인 기능 추가 #168: 동일한 QR 기반 웹 로그인 기능 구현 (Redis 세션, WebLogin API/컨트롤러/유스케이스, 3일 JWT, ZXing 의존성 포함)
- Main <- Develop #109: CorsConfig 클래스 수정으로 CORS 허용 원본 업데이트 (서로 다른 원본 추가)
- feat: 백오피스 기능 추가 #141: CorsConfig와 SecurityConfig 동시 수정 (CORS 원본 및 엔드포인트 상수 변경)
Suggested labels
✨ Feature
Suggested reviewers
- kang20
- Junad-Park
- jungbk0808
Poem
🐰 세션을 Redis에 담고,
QR 코드가 반짝 빛나네!
웹 로그인, 이제 더 쉬워,
토끼도 춤을 추며 노네~ 🎉
✨ Finishing Touches
- 📝 Generate docstrings (stacked PR)
- 📝 Generate docstrings (commit on current branch)
🧪 Generate unit tests (beta)
- Create PR with unit tests
- Post copyable unit tests in a comment
- Commit unit tests in branch
develop
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.
Comment @coderabbitai help to get the list of available commands and usage tips.
📝 Jacoco Test Coverage
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
새로운 기능
구성