Infra/https-config (#7)

* 🚀 프론트 https 설정

* 🚀 인증서 추가

* 🔧 application.yml 숨김

....

* 🚑 보안 설정 추가

.github/workflows/cicd.yml

@@ -4,7 +4,7 @@ on:
     branches:
       - "develop"
       - "main"
-      - "hotfix/cd-script"
+      - "infra/**"
   pull_request:
     branches:
       - "develop"
@@ -35,14 +35,25 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-gradle-
 
-#      - name: Make 'application.yml'
-#        if: contains(github.ref, 'develop')
-#        run: |
-#          cd ./src/main/resources
-#          touch ./application.yml
-#          echo "${{ secrets.APPLICATION_YML_DEV }}" > ./application.yml
-#          cat ./application.yml
-#        shell: bash
+      - name: Inject Resource Files
+        run: |
+          mkdir ./src/main/resources
+        shell: bash
+
+      - name: Make 'application.yml'
+#        if: contains(github.ref, 'main')
+        run: |
+          cd ./src/main/resources
+          touch ./application.yml
+          echo "${{ secrets.APPLICATION_YML_DEV }}" | base64 --decode > ./application.yml
+        shell: bash
+
+      - name: Make 'keystore.p12'
+        run: |
+          cd ./src/main/resources
+          touch ./keystore.p12
+          echo "${{ secrets.KEYSTORE }}" | base64 --decode > ./keystore.p12
+        shell: bash
 
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew

.gitignore

@@ -4,6 +4,10 @@ build/
 !gradle/wrapper/gradle-wrapper.jar
 !**/src/main/**/build/
 !**/src/test/**/build/
+application.yml
+**/keystore.p12
+**/keystore.p12.base64
+
 
 ### IntelliJ IDEA ###
 .idea

src/main/kotlin/retepmil/personal/dailysteady/common/security/config/WebConfig.kt

@@ -12,7 +12,7 @@ class WebConfig : WebMvcConfigurer {
     // CORS 설정
     override fun addCorsMappings(registry: CorsRegistry) {
         registry.addMapping("/**")
-            .allowedOrigins("http://localhost:5173", "http://dailysteady.site/")
+            .allowedOrigins("http://localhost:5173", "https://dailysteady.site/")
             .allowedMethods("*")
             .allowCredentials(true)
             .exposedHeaders("*")

src/main/kotlin/retepmil/personal/dailysteady/common/security/jwt/JwtTokenProvider.kt

@@ -125,15 +125,15 @@ class JwtTokenProvider(
             .value(refreshTokenValue)
             .path("/")
             .maxAge(maxAgeSeconds)
-            .httpOnly(false) // 배포 환경에서는 true로 설정 필요
+            .httpOnly(true)
             .secure(true)
             .sameSite("None")
             .build()
 
         fun generateAccessTokenCookie(accessTokenValue: String): ResponseCookie = ResponseCookie.from("x-access-token")
             .value(accessTokenValue)
             .maxAge(expirationMiliseconds)
-            .httpOnly(false)
+            .httpOnly(true)
             .secure(true)
             .sameSite("None")
             .build()