fix: Dev 환경 쿠키 이슈 해결 및 관련 로직 개선 (#276)

* chore: 테스트 트리거 활성화

* fix: 개발환경에서는 쿠키의 secure 옵션 false이도록 수정

* refactor: 변수명 변경

* fix: CORS dev 설정 롤백

* refactor: enum을 대체하는 환경변수 상수 클래스 추가

* refactor: 운영환경 체크 유틸리티에서 새로운 상수 클래스를 사용하도록 개선

* refactor: 원시 boolean 사용하도록 변경

* refactor: 새로운 상수 클래스 사용하도록 개선

* refactor: 기존 상수 클래스 대체하도록 변경

* refactor: sameSite 상수 사용하도록 변경

* refactor: 쿠키 헤더 상수로 변경

* refactor: cors origin 로직에서 switch문 제거하도록 개선

* refactor: secure 정책 로직 개선

* chore: 테스트 트리거 비활성화

* fix: SameSite가 None일 때 작동할 수 있도록 secure을 항상 참으로 설정

* refactor: 롬복 기본 생성자를 사용하도록 변경

Author: uwoobeat

src/main/java/com/depromeet/global/common/constants/EnvironmentConstants.java

@@ -1,15 +1,14 @@
 package com.depromeet.global.common.constants;
 
-import lombok.AllArgsConstructor;
-import lombok.Getter;
+import java.util.List;
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
 
-@Getter
-@AllArgsConstructor
-public enum EnvironmentConstants {
-    PROD("prod"),
-    DEV("dev"),
-    LOCAL("local"),
-    ;
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
+public class EnvironmentConstants {
 
-    private String value;
+    public static final String PROD = "prod";
+    public static final String DEV = "dev";
+    public static final String LOCAL = "local";
+    public static final List<String> PROD_AND_DEV = List.of(PROD, DEV);
 }

src/main/java/com/depromeet/global/config/security/WebSecurityConfig.java

@@ -1,5 +1,7 @@
 package com.depromeet.global.config.security;
 
+import static com.depromeet.global.common.constants.EnvironmentConstants.*;
+import static org.springframework.http.HttpHeaders.*;
 import static org.springframework.security.config.Customizer.*;
 
 import com.depromeet.domain.auth.application.JwtTokenService;
@@ -117,26 +119,19 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
 
-        switch (springEnvironmentUtil.getCurrentProfile()) {
-            case "prod":
-                configuration.addAllowedOriginPattern(UrlConstants.PROD_DOMAIN_URL.getValue());
-                break;
-                // TODO: 프론트 모바일에서 웹뷰 테스트를 위해 임시 주석 처리
-                //            case "dev":
-                //
-                // configuration.addAllowedOriginPattern(UrlConstants.DEV_DOMAIN_URL.getValue());
-                //
-                // configuration.addAllowedOriginPattern(UrlConstants.LOCAL_DOMAIN_URL.getValue());
-                //                break;
-            default:
-                configuration.addAllowedOriginPattern("*");
-                break;
+        if (springEnvironmentUtil.isProdProfile()) {
+            configuration.addAllowedOriginPattern(UrlConstants.PROD_DOMAIN_URL.getValue());
+        }
+
+        if (springEnvironmentUtil.isDevProfile()) {
+            configuration.addAllowedOriginPattern(UrlConstants.DEV_DOMAIN_URL.getValue());
+            configuration.addAllowedOriginPattern(UrlConstants.LOCAL_DOMAIN_URL.getValue());
         }
 
         configuration.addAllowedHeader("*");
         configuration.addAllowedMethod("*");
         configuration.setAllowCredentials(true);
-        configuration.addExposedHeader("Set-Cookie");
+        configuration.addExposedHeader(SET_COOKIE);
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);

src/main/java/com/depromeet/global/util/CookieUtil.java

@@ -4,6 +4,7 @@
 import static com.depromeet.global.common.constants.SecurityConstants.REFRESH_TOKEN_COOKIE_NAME;
 
 import lombok.RequiredArgsConstructor;
+import org.springframework.boot.web.server.Cookie;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseCookie;
 import org.springframework.stereotype.Component;
@@ -23,15 +24,15 @@ public HttpHeaders generateTokenCookies(String accessToken, String refreshToken)
                         .path("/")
                         .secure(true)
                         .sameSite(sameSite)
-                        .httpOnly(false)
+                        .httpOnly(true)
                         .build();
 
         ResponseCookie refreshTokenCookie =
                 ResponseCookie.from(REFRESH_TOKEN_COOKIE_NAME, refreshToken)
                         .path("/")
                         .secure(true)
                         .sameSite(sameSite)
-                        .httpOnly(false)
+                        .httpOnly(true)
                         .build();
 
         HttpHeaders headers = new HttpHeaders();
@@ -43,8 +44,8 @@ public HttpHeaders generateTokenCookies(String accessToken, String refreshToken)
 
     private String determineSameSitePolicy() {
         if (springEnvironmentUtil.isProdProfile()) {
-            return "Strict";
+            return Cookie.SameSite.STRICT.attributeValue();
         }
-        return "None";
+        return Cookie.SameSite.NONE.attributeValue();
     }
 }

src/main/java/com/depromeet/global/util/SpringEnvironmentUtil.java

@@ -1,8 +1,8 @@
 package com.depromeet.global.util;
 
-import com.depromeet.global.common.constants.EnvironmentConstants;
+import static com.depromeet.global.common.constants.EnvironmentConstants.*;
+
 import java.util.Arrays;
-import java.util.List;
 import java.util.stream.Stream;
 import lombok.RequiredArgsConstructor;
 import org.springframework.core.env.Environment;
@@ -11,30 +11,25 @@
 @Component
 @RequiredArgsConstructor
 public class SpringEnvironmentUtil {
-    private final Environment environment;
 
-    private final List<String> PROD_AND_DEV =
-            List.of(EnvironmentConstants.PROD.getValue(), EnvironmentConstants.DEV.getValue());
+    private final Environment environment;
 
     public String getCurrentProfile() {
         return getActiveProfiles()
-                .filter(
-                        profile ->
-                                profile.equals(EnvironmentConstants.PROD.getValue())
-                                        || profile.equals(EnvironmentConstants.DEV.getValue()))
+                .filter(profile -> profile.equals(PROD) || profile.equals(DEV))
                 .findFirst()
-                .orElse(EnvironmentConstants.LOCAL.getValue());
+                .orElse(LOCAL);
     }
 
-    public Boolean isProdProfile() {
-        return getActiveProfiles().anyMatch(EnvironmentConstants.PROD.getValue()::equals);
+    public boolean isProdProfile() {
+        return getActiveProfiles().anyMatch(PROD::equals);
     }
 
-    public Boolean isDevProfile() {
-        return getActiveProfiles().anyMatch(EnvironmentConstants.DEV.getValue()::equals);
+    public boolean isDevProfile() {
+        return getActiveProfiles().anyMatch(DEV::equals);
     }
 
-    public Boolean isProdAndDevProfile() {
+    public boolean isProdAndDevProfile() {
         return getActiveProfiles().anyMatch(PROD_AND_DEV::contains);
     }
 

src/test/java/com/depromeet/global/util/SpringEnvironmentUtilTest.java

@@ -1,9 +1,9 @@
 package com.depromeet.global.util;
 
+import static com.depromeet.global.common.constants.EnvironmentConstants.*;
 import static org.junit.jupiter.api.Assertions.*;
 import static org.mockito.BDDMockito.*;
 
-import com.depromeet.global.common.constants.EnvironmentConstants;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.InjectMocks;
@@ -17,9 +17,9 @@ class SpringEnvironmentUtilTest {
 
     @InjectMocks private SpringEnvironmentUtil springEnvironmentUtil;
 
-    private final String[] PROD_ARRAY = new String[] {EnvironmentConstants.PROD.getValue()};
-    private final String[] DEV_ARRAY = new String[] {EnvironmentConstants.DEV.getValue()};
-    private final String[] LOCAL_ARRAY = new String[] {EnvironmentConstants.LOCAL.getValue()};
+    private static final String[] PROD_ARRAY = new String[] {PROD};
+    private static final String[] DEV_ARRAY = new String[] {DEV};
+    private static final String[] LOCAL_ARRAY = new String[] {LOCAL};
 
     @Test
     void 상용_환경이라면_isProdProfile은_true를_반환한다() {
@@ -88,8 +88,7 @@ class SpringEnvironmentUtilTest {
 
         // when
         // then
-        assertEquals(
-                springEnvironmentUtil.getCurrentProfile(), EnvironmentConstants.PROD.getValue());
+        assertEquals(springEnvironmentUtil.getCurrentProfile(), PROD);
     }
 
     @Test
@@ -99,8 +98,7 @@ class SpringEnvironmentUtilTest {
 
         // when
         // then
-        assertEquals(
-                springEnvironmentUtil.getCurrentProfile(), EnvironmentConstants.DEV.getValue());
+        assertEquals(springEnvironmentUtil.getCurrentProfile(), DEV);
     }
 
     @Test
@@ -110,7 +108,6 @@ class SpringEnvironmentUtilTest {
 
         // when
         // then
-        assertEquals(
-                springEnvironmentUtil.getCurrentProfile(), EnvironmentConstants.LOCAL.getValue());
+        assertEquals(springEnvironmentUtil.getCurrentProfile(), LOCAL);
     }
 }