diff --git a/src/main/java/com/depromeet/global/common/constants/EnvironmentConstants.java b/src/main/java/com/depromeet/global/common/constants/EnvironmentConstants.java index 8ee41f6d6..7bc7c17c2 100644 --- a/src/main/java/com/depromeet/global/common/constants/EnvironmentConstants.java +++ b/src/main/java/com/depromeet/global/common/constants/EnvironmentConstants.java @@ -1,15 +1,14 @@ package com.depromeet.global.common.constants; -import lombok.AllArgsConstructor; -import lombok.Getter; +import java.util.List; +import lombok.AccessLevel; +import lombok.NoArgsConstructor; -@Getter -@AllArgsConstructor -public enum EnvironmentConstants { - PROD("prod"), - DEV("dev"), - LOCAL("local"), - ; +@NoArgsConstructor(access = AccessLevel.PRIVATE) +public class EnvironmentConstants { - private String value; + public static final String PROD = "prod"; + public static final String DEV = "dev"; + public static final String LOCAL = "local"; + public static final List PROD_AND_DEV = List.of(PROD, DEV); } diff --git a/src/main/java/com/depromeet/global/config/security/WebSecurityConfig.java b/src/main/java/com/depromeet/global/config/security/WebSecurityConfig.java index 6517453d5..b149a7118 100644 --- a/src/main/java/com/depromeet/global/config/security/WebSecurityConfig.java +++ b/src/main/java/com/depromeet/global/config/security/WebSecurityConfig.java @@ -1,5 +1,7 @@ package com.depromeet.global.config.security; +import static com.depromeet.global.common.constants.EnvironmentConstants.*; +import static org.springframework.http.HttpHeaders.*; import static org.springframework.security.config.Customizer.*; import com.depromeet.domain.auth.application.JwtTokenService; @@ -117,26 +119,19 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); - switch (springEnvironmentUtil.getCurrentProfile()) { - case "prod": - configuration.addAllowedOriginPattern(UrlConstants.PROD_DOMAIN_URL.getValue()); - break; - // TODO: 프론트 모바일에서 웹뷰 테스트를 위해 임시 주석 처리 - // case "dev": - // - // configuration.addAllowedOriginPattern(UrlConstants.DEV_DOMAIN_URL.getValue()); - // - // configuration.addAllowedOriginPattern(UrlConstants.LOCAL_DOMAIN_URL.getValue()); - // break; - default: - configuration.addAllowedOriginPattern("*"); - break; + if (springEnvironmentUtil.isProdProfile()) { + configuration.addAllowedOriginPattern(UrlConstants.PROD_DOMAIN_URL.getValue()); + } + + if (springEnvironmentUtil.isDevProfile()) { + configuration.addAllowedOriginPattern(UrlConstants.DEV_DOMAIN_URL.getValue()); + configuration.addAllowedOriginPattern(UrlConstants.LOCAL_DOMAIN_URL.getValue()); } configuration.addAllowedHeader("*"); configuration.addAllowedMethod("*"); configuration.setAllowCredentials(true); - configuration.addExposedHeader("Set-Cookie"); + configuration.addExposedHeader(SET_COOKIE); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); diff --git a/src/main/java/com/depromeet/global/util/CookieUtil.java b/src/main/java/com/depromeet/global/util/CookieUtil.java index 7d464f8df..e859f4630 100644 --- a/src/main/java/com/depromeet/global/util/CookieUtil.java +++ b/src/main/java/com/depromeet/global/util/CookieUtil.java @@ -4,6 +4,7 @@ import static com.depromeet.global.common.constants.SecurityConstants.REFRESH_TOKEN_COOKIE_NAME; import lombok.RequiredArgsConstructor; +import org.springframework.boot.web.server.Cookie; import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseCookie; import org.springframework.stereotype.Component; @@ -23,7 +24,7 @@ public HttpHeaders generateTokenCookies(String accessToken, String refreshToken) .path("/") .secure(true) .sameSite(sameSite) - .httpOnly(false) + .httpOnly(true) .build(); ResponseCookie refreshTokenCookie = @@ -31,7 +32,7 @@ public HttpHeaders generateTokenCookies(String accessToken, String refreshToken) .path("/") .secure(true) .sameSite(sameSite) - .httpOnly(false) + .httpOnly(true) .build(); HttpHeaders headers = new HttpHeaders(); @@ -43,8 +44,8 @@ public HttpHeaders generateTokenCookies(String accessToken, String refreshToken) private String determineSameSitePolicy() { if (springEnvironmentUtil.isProdProfile()) { - return "Strict"; + return Cookie.SameSite.STRICT.attributeValue(); } - return "None"; + return Cookie.SameSite.NONE.attributeValue(); } } diff --git a/src/main/java/com/depromeet/global/util/SpringEnvironmentUtil.java b/src/main/java/com/depromeet/global/util/SpringEnvironmentUtil.java index 9b7278e8c..2fafd4a32 100644 --- a/src/main/java/com/depromeet/global/util/SpringEnvironmentUtil.java +++ b/src/main/java/com/depromeet/global/util/SpringEnvironmentUtil.java @@ -1,8 +1,8 @@ package com.depromeet.global.util; -import com.depromeet.global.common.constants.EnvironmentConstants; +import static com.depromeet.global.common.constants.EnvironmentConstants.*; + import java.util.Arrays; -import java.util.List; import java.util.stream.Stream; import lombok.RequiredArgsConstructor; import org.springframework.core.env.Environment; @@ -11,30 +11,25 @@ @Component @RequiredArgsConstructor public class SpringEnvironmentUtil { - private final Environment environment; - private final List PROD_AND_DEV = - List.of(EnvironmentConstants.PROD.getValue(), EnvironmentConstants.DEV.getValue()); + private final Environment environment; public String getCurrentProfile() { return getActiveProfiles() - .filter( - profile -> - profile.equals(EnvironmentConstants.PROD.getValue()) - || profile.equals(EnvironmentConstants.DEV.getValue())) + .filter(profile -> profile.equals(PROD) || profile.equals(DEV)) .findFirst() - .orElse(EnvironmentConstants.LOCAL.getValue()); + .orElse(LOCAL); } - public Boolean isProdProfile() { - return getActiveProfiles().anyMatch(EnvironmentConstants.PROD.getValue()::equals); + public boolean isProdProfile() { + return getActiveProfiles().anyMatch(PROD::equals); } - public Boolean isDevProfile() { - return getActiveProfiles().anyMatch(EnvironmentConstants.DEV.getValue()::equals); + public boolean isDevProfile() { + return getActiveProfiles().anyMatch(DEV::equals); } - public Boolean isProdAndDevProfile() { + public boolean isProdAndDevProfile() { return getActiveProfiles().anyMatch(PROD_AND_DEV::contains); } diff --git a/src/test/java/com/depromeet/global/util/SpringEnvironmentUtilTest.java b/src/test/java/com/depromeet/global/util/SpringEnvironmentUtilTest.java index fa7ed177a..a571bdfd2 100644 --- a/src/test/java/com/depromeet/global/util/SpringEnvironmentUtilTest.java +++ b/src/test/java/com/depromeet/global/util/SpringEnvironmentUtilTest.java @@ -1,9 +1,9 @@ package com.depromeet.global.util; +import static com.depromeet.global.common.constants.EnvironmentConstants.*; import static org.junit.jupiter.api.Assertions.*; import static org.mockito.BDDMockito.*; -import com.depromeet.global.common.constants.EnvironmentConstants; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.InjectMocks; @@ -17,9 +17,9 @@ class SpringEnvironmentUtilTest { @InjectMocks private SpringEnvironmentUtil springEnvironmentUtil; - private final String[] PROD_ARRAY = new String[] {EnvironmentConstants.PROD.getValue()}; - private final String[] DEV_ARRAY = new String[] {EnvironmentConstants.DEV.getValue()}; - private final String[] LOCAL_ARRAY = new String[] {EnvironmentConstants.LOCAL.getValue()}; + private static final String[] PROD_ARRAY = new String[] {PROD}; + private static final String[] DEV_ARRAY = new String[] {DEV}; + private static final String[] LOCAL_ARRAY = new String[] {LOCAL}; @Test void 상용_환경이라면_isProdProfile은_true를_반환한다() { @@ -88,8 +88,7 @@ class SpringEnvironmentUtilTest { // when // then - assertEquals( - springEnvironmentUtil.getCurrentProfile(), EnvironmentConstants.PROD.getValue()); + assertEquals(springEnvironmentUtil.getCurrentProfile(), PROD); } @Test @@ -99,8 +98,7 @@ class SpringEnvironmentUtilTest { // when // then - assertEquals( - springEnvironmentUtil.getCurrentProfile(), EnvironmentConstants.DEV.getValue()); + assertEquals(springEnvironmentUtil.getCurrentProfile(), DEV); } @Test @@ -110,7 +108,6 @@ class SpringEnvironmentUtilTest { // when // then - assertEquals( - springEnvironmentUtil.getCurrentProfile(), EnvironmentConstants.LOCAL.getValue()); + assertEquals(springEnvironmentUtil.getCurrentProfile(), LOCAL); } }