feat: 로그인 로직 개선 및 버그 수정, 보안 문제 해결

ImGdevel · ImGdevel · commit de13a99dd495 · 2025-08-31T23:57:44.000+09:00
diff --git a/Assets/Infrastructure/Auth/AuthManager.cs b/Assets/Infrastructure/Auth/AuthManager.cs
@@ -41,6 +41,8 @@ public static AuthManager Instance
         
         private bool _isInitialized = false;
         private bool _isAutoRefreshInProgress = false;
+        private bool _initStarted = false;
+        private UniTask _initTask;
         
         #endregion
         
@@ -106,15 +108,27 @@ private void Awake()
             {
                 _instance = this;
                 DontDestroyOnLoad(gameObject);
-                InitializeAsync().Forget();
+                _initStarted = true;
+                _initTask = InitializeAsync();
             }
             else if (_instance != this)
             {
                 Destroy(gameObject);
             }
         }
         
-        private async UniTaskVoid InitializeAsync()
+        private async UniTask EnsureInitializedAsync()
+        {
+            if (_isInitialized) return;
+            if (!_initStarted)
+            {
+                _initStarted = true;
+                _initTask = InitializeAsync();
+            }
+            await _initTask;
+        }
+        
+        private async UniTask InitializeAsync()
         {
             try
             {
@@ -183,9 +197,11 @@ private void OnDestroy()
         /// <returns>로그인 성공 여부</returns>
         public async UniTask<bool> LoginAsGuestAsync()
         {
+            await EnsureInitializedAsync();
+            
             if (!_isInitialized)
             {
-                Debug.LogError("[AuthManager] AuthManager가 초기화되지 않았습니다.");
+                Debug.LogError("[AuthManager] AuthManager 초기화에 실패했습니다.");
                 return false;
             }
             
@@ -208,9 +224,11 @@ public async UniTask<bool> LoginAsGuestAsync()
         /// <returns>로그인 성공 여부</returns>
         public async UniTask<bool> LoginWithOAuth2Async()
         {
+            await EnsureInitializedAsync();
+            
             if (!_isInitialized)
             {
-                Debug.LogError("[AuthManager] AuthManager가 초기화되지 않았습니다.");
+                Debug.LogError("[AuthManager] AuthManager 초기화에 실패했습니다.");
                 return false;
             }
             
@@ -281,9 +299,11 @@ public void Logout()
         /// <returns>갱신 성공 여부</returns>
         public async UniTask<bool> RefreshTokenAsync()
         {
+            await EnsureInitializedAsync();
+            
             if (!_isInitialized)
             {
-                Debug.LogError("[AuthManager] AuthManager가 초기화되지 않았습니다.");
+                Debug.LogError("[AuthManager] AuthManager 초기화에 실패했습니다.");
                 return false;
             }
             
@@ -306,9 +326,11 @@ public async UniTask<bool> RefreshTokenAsync()
         /// <returns>유효한 토큰 보장 여부</returns>
         public async UniTask<bool> EnsureValidTokenAsync(int minutesBeforeExpiry = 5)
         {
+            await EnsureInitializedAsync();
+            
             if (!_isInitialized)
             {
-                Debug.LogError("[AuthManager] AuthManager가 초기화되지 않았습니다.");
+                Debug.LogError("[AuthManager] AuthManager 초기화에 실패했습니다.");
                 return false;
             }
             
diff --git a/Assets/Infrastructure/Auth/OAuth2/Utils/OAuth2CallbackParser.cs b/Assets/Infrastructure/Auth/OAuth2/Utils/OAuth2CallbackParser.cs
@@ -29,8 +29,8 @@ public static OAuth2CallbackResult ParseCallbackUrl(string callbackUrl)
                 var uri = new Uri(callbackUrl);
                 var query = HttpUtility.ParseQueryString(uri.Query);
                 
-                // 쿼리 파라미터를 Dictionary로 변환
-                var queryParams = new Dictionary<string, string>();
+                // 쿼리 파라미터를 Dictionary로 변환 (대소문자 무시)
+                var queryParams = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
                 foreach (string key in query.AllKeys)
                 {
                     if (!string.IsNullOrEmpty(key))
@@ -40,14 +40,13 @@ public static OAuth2CallbackResult ParseCallbackUrl(string callbackUrl)
                 }
                 
                 // success 파라미터 확인
-                if (!queryParams.ContainsKey("success"))
+                if (!queryParams.TryGetValue("success", out var successRaw) || string.IsNullOrEmpty(successRaw))
                 {
-                    return OAuth2CallbackResult.ErrorResult("success 파라미터가 없습니다.", callbackUrl);
+                    return OAuth2CallbackResult.ErrorResult("success 파라미터가 비어있습니다.", callbackUrl);
                 }
+                var success = successRaw.Equals("true", StringComparison.OrdinalIgnoreCase);
                 
-                var success = queryParams["success"].ToLower();
-                
-                if (success == "true")
+                if (success)
                 {
                     // 성공 케이스: state 파라미터 확인
                     if (!queryParams.ContainsKey("state"))
diff --git a/Assets/Infrastructure/Auth/TokenManager.cs b/Assets/Infrastructure/Auth/TokenManager.cs
@@ -235,11 +235,13 @@ private string EncryptData(string data)
                 using (var aes = Aes.Create())
                 {
                     aes.Key = Encoding.UTF8.GetBytes(ENCRYPTION_KEY.PadRight(32, '0').Substring(0, 32));
-                    aes.IV = new byte[16];
+                    aes.GenerateIV(); // 랜덤 IV 생성
                     
                     using (var encryptor = aes.CreateEncryptor())
                     using (var ms = new System.IO.MemoryStream())
                     {
+                        // 먼저 IV를 기록
+                        ms.Write(aes.IV, 0, aes.IV.Length);
                         using (var cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
                         using (var sw = new System.IO.StreamWriter(cs))
                         {
@@ -260,24 +262,68 @@ private string DecryptData(string encryptedData)
         {
             try
             {
-                using (var aes = Aes.Create())
+                // 새로운 방식 (랜덤 IV) 시도
+                return DecryptDataWithRandomIV(encryptedData);
+            }
+            catch (Exception)
+            {
+                // 실패 시 기존 방식 (고정 IV) 시도
+                try
                 {
-                    aes.Key = Encoding.UTF8.GetBytes(ENCRYPTION_KEY.PadRight(32, '0').Substring(0, 32));
-                    aes.IV = new byte[16];
-                    
-                    using (var decryptor = aes.CreateDecryptor())
-                    using (var ms = new System.IO.MemoryStream(Convert.FromBase64String(encryptedData)))
-                    using (var cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
-                    using (var sr = new System.IO.StreamReader(cs))
-                    {
-                        return sr.ReadToEnd();
-                    }
+                    Debug.LogWarning("[TokenManager] 새로운 방식 복호화 실패, 기존 방식으로 시도합니다.");
+                    return DecryptDataWithFixedIV(encryptedData);
+                }
+                catch (Exception ex)
+                {
+                    Debug.LogError($"[TokenManager] 모든 복호화 방식 실패: {ex.Message}");
+                    throw;
                 }
             }
-            catch (Exception ex)
+        }
+        
+        private string DecryptDataWithRandomIV(string encryptedData)
+        {
+            using (var aes = Aes.Create())
             {
-                Debug.LogError($"[TokenManager] 복호화 실패: {ex.Message}");
-                throw;
+                aes.Key = Encoding.UTF8.GetBytes(ENCRYPTION_KEY.PadRight(32, '0').Substring(0, 32));
+                
+                var allBytes = Convert.FromBase64String(encryptedData);
+                if (allBytes.Length < 16) throw new InvalidOperationException("암호문 길이가 유효하지 않습니다.");
+                
+                // IV 추출
+                var iv = new byte[16];
+                Buffer.BlockCopy(allBytes, 0, iv, 0, iv.Length);
+                
+                // 암호문 추출
+                var cipher = new byte[allBytes.Length - iv.Length];
+                Buffer.BlockCopy(allBytes, iv.Length, cipher, 0, cipher.Length);
+                
+                aes.IV = iv;
+                
+                using (var decryptor = aes.CreateDecryptor())
+                using (var ms = new System.IO.MemoryStream(cipher))
+                using (var cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
+                using (var sr = new System.IO.StreamReader(cs))
+                {
+                    return sr.ReadToEnd();
+                }
+            }
+        }
+        
+        private string DecryptDataWithFixedIV(string encryptedData)
+        {
+            using (var aes = Aes.Create())
+            {
+                aes.Key = Encoding.UTF8.GetBytes(ENCRYPTION_KEY.PadRight(32, '0').Substring(0, 32));
+                aes.IV = new byte[16]; // 기존 고정 IV
+                
+                using (var decryptor = aes.CreateDecryptor())
+                using (var ms = new System.IO.MemoryStream(Convert.FromBase64String(encryptedData)))
+                using (var cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
+                using (var sr = new System.IO.StreamReader(cs))
+                {
+                    return sr.ReadToEnd();
+                }
             }
         }
         
diff --git a/Assets/Infrastructure/Network/DTOs/Auth/GuestLoginResponse.cs b/Assets/Infrastructure/Network/DTOs/Auth/GuestLoginResponse.cs
@@ -44,6 +44,11 @@ public TokenSet ToTokenSet()
                 return null;
             }
 
+            if (string.IsNullOrEmpty(Tokens.AccessToken))
+            {
+                // 서버 응답에 액세스 토큰이 없으면 TokenSet 생성 불가
+                return null;
+            }
             var accessToken = new AccessToken(Tokens.AccessToken);
 
             RefreshToken refreshToken = null;
diff --git a/Assets/Infrastructure/Network/Http/HttpApiClient.cs b/Assets/Infrastructure/Network/Http/HttpApiClient.cs
@@ -118,6 +118,19 @@ public async UniTask<T> GetAsync<T>(string endpoint, Dictionary<string, string>
             return await SendJsonRequestWithHeadersAsync<T>(url, UnityWebRequest.kHttpVerbGET, null, headers, cancellationToken);
         }
 
+        /// <summary>
+        /// POST 요청 (HTTP 헤더 포함 응답)
+        /// </summary>
+        public async UniTask<(T Data, Dictionary<string, string> Headers)> PostWithHeadersAsync<T>(string endpoint, object data = null, Dictionary<string, string> headers = null, bool requiresAuth = false, CancellationToken cancellationToken = default)
+        {
+            EnsureInitialized();
+            EnsureAuthToken(requiresAuth);
+            
+            var url = GetFullUrl(endpoint);
+            var jsonData = SerializeData(data);
+            return await SendJsonRequestWithHeadersAsync<T>(url, UnityWebRequest.kHttpVerbPOST, jsonData, headers, cancellationToken);
+        }
+
         public async UniTask<T> PostAsync<T>(string endpoint, object data = null, Dictionary<string, string> headers = null, bool requiresAuth = false, CancellationToken cancellationToken = default)
         {
             EnsureInitialized();
@@ -384,7 +397,7 @@ private WWWForm CreateFormData(Dictionary<string, object> formData, Dictionary<s
                 }
                 else
                 {
-                    form.AddField(kvp.Key, kvp.Value.ToString());
+                    form.AddField(kvp.Key, kvp.Value?.ToString() ?? string.Empty);
                 }
             }
             

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,8 @@ public static AuthManager Instance`
`41`	`41`
`42`	`42`	`private bool _isInitialized = false;`
`43`	`43`	`private bool _isAutoRefreshInProgress = false;`
	`44`	`+ private bool _initStarted = false;`
	`45`	`+ private UniTask _initTask;`
`44`	`46`
`45`	`47`	`#endregion`
`46`	`48`
`@@ -106,15 +108,27 @@ private void Awake()`
`106`	`108`	`{`
`107`	`109`	`_instance = this;`
`108`	`110`	`DontDestroyOnLoad(gameObject);`
`109`		`- InitializeAsync().Forget();`
	`111`	`+ _initStarted = true;`
	`112`	`+ _initTask = InitializeAsync();`
`110`	`113`	`}`
`111`	`114`	`else if (_instance != this)`
`112`	`115`	`{`
`113`	`116`	`Destroy(gameObject);`
`114`	`117`	`}`
`115`	`118`	`}`
`116`	`119`
`117`		`- private async UniTaskVoid InitializeAsync()`
	`120`	`+ private async UniTask EnsureInitializedAsync()`
	`121`	`+ {`
	`122`	`+ if (_isInitialized) return;`
	`123`	`+ if (!_initStarted)`
	`124`	`+ {`
	`125`	`+ _initStarted = true;`
	`126`	`+ _initTask = InitializeAsync();`
	`127`	`+ }`
	`128`	`+ await _initTask;`
	`129`	`+ }`
	`130`	`+`
	`131`	`+ private async UniTask InitializeAsync()`
`118`	`132`	`{`
`119`	`133`	`try`
`120`	`134`	`{`
`@@ -183,9 +197,11 @@ private void OnDestroy()`
`183`	`197`	`/// <returns>로그인 성공 여부</returns>`
`184`	`198`	`public async UniTask<bool> LoginAsGuestAsync()`
`185`	`199`	`{`
	`200`	`+ await EnsureInitializedAsync();`
	`201`	`+`
`186`	`202`	`if (!_isInitialized)`
`187`	`203`	`{`
`188`		`- Debug.LogError("[AuthManager] AuthManager가 초기화되지 않았습니다.");`
	`204`	`+ Debug.LogError("[AuthManager] AuthManager 초기화에 실패했습니다.");`
`189`	`205`	`return false;`
`190`	`206`	`}`
`191`	`207`
`@@ -208,9 +224,11 @@ public async UniTask<bool> LoginAsGuestAsync()`
`208`	`224`	`/// <returns>로그인 성공 여부</returns>`
`209`	`225`	`public async UniTask<bool> LoginWithOAuth2Async()`
`210`	`226`	`{`
	`227`	`+ await EnsureInitializedAsync();`
	`228`	`+`
`211`	`229`	`if (!_isInitialized)`
`212`	`230`	`{`
`213`		`- Debug.LogError("[AuthManager] AuthManager가 초기화되지 않았습니다.");`
	`231`	`+ Debug.LogError("[AuthManager] AuthManager 초기화에 실패했습니다.");`
`214`	`232`	`return false;`
`215`	`233`	`}`
`216`	`234`
`@@ -281,9 +299,11 @@ public void Logout()`
`281`	`299`	`/// <returns>갱신 성공 여부</returns>`
`282`	`300`	`public async UniTask<bool> RefreshTokenAsync()`
`283`	`301`	`{`
	`302`	`+ await EnsureInitializedAsync();`
	`303`	`+`
`284`	`304`	`if (!_isInitialized)`
`285`	`305`	`{`
`286`		`- Debug.LogError("[AuthManager] AuthManager가 초기화되지 않았습니다.");`
	`306`	`+ Debug.LogError("[AuthManager] AuthManager 초기화에 실패했습니다.");`
`287`	`307`	`return false;`
`288`	`308`	`}`
`289`	`309`
`@@ -306,9 +326,11 @@ public async UniTask<bool> RefreshTokenAsync()`
`306`	`326`	`/// <returns>유효한 토큰 보장 여부</returns>`
`307`	`327`	`public async UniTask<bool> EnsureValidTokenAsync(int minutesBeforeExpiry = 5)`
`308`	`328`	`{`
	`329`	`+ await EnsureInitializedAsync();`
	`330`	`+`
`309`	`331`	`if (!_isInitialized)`
`310`	`332`	`{`
`311`		`- Debug.LogError("[AuthManager] AuthManager가 초기화되지 않았습니다.");`
	`333`	`+ Debug.LogError("[AuthManager] AuthManager 초기화에 실패했습니다.");`
`312`	`334`	`return false;`
`313`	`335`	`}`
`314`	`336`
Original file line number	Diff line number	Diff line change
`@@ -29,8 +29,8 @@ public static OAuth2CallbackResult ParseCallbackUrl(string callbackUrl)`
`29`	`29`	`var uri = new Uri(callbackUrl);`
`30`	`30`	`var query = HttpUtility.ParseQueryString(uri.Query);`
`31`	`31`
`32`		`- // 쿼리 파라미터를 Dictionary로 변환`
`33`		`- var queryParams = new Dictionary<string, string>();`
	`32`	`+ // 쿼리 파라미터를 Dictionary로 변환 (대소문자 무시)`
	`33`	`+ var queryParams = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);`
`34`	`34`	`foreach (string key in query.AllKeys)`
`35`	`35`	`{`
`36`	`36`	`if (!string.IsNullOrEmpty(key))`
`@@ -40,14 +40,13 @@ public static OAuth2CallbackResult ParseCallbackUrl(string callbackUrl)`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`// success 파라미터 확인`
`43`		`- if (!queryParams.ContainsKey("success"))`
	`43`	`+ if (!queryParams.TryGetValue("success", out var successRaw) \|\| string.IsNullOrEmpty(successRaw))`
`44`	`44`	`{`
`45`		`- return OAuth2CallbackResult.ErrorResult("success 파라미터가 없습니다.", callbackUrl);`
	`45`	`+ return OAuth2CallbackResult.ErrorResult("success 파라미터가 비어있습니다.", callbackUrl);`
`46`	`46`	`}`
	`47`	`+ var success = successRaw.Equals("true", StringComparison.OrdinalIgnoreCase);`
`47`	`48`
`48`		`- var success = queryParams["success"].ToLower();`
`49`		`-`
`50`		`- if (success == "true")`
	`49`	`+ if (success)`
`51`	`50`	`{`
`52`	`51`	`// 성공 케이스: state 파라미터 확인`
`53`	`52`	`if (!queryParams.ContainsKey("state"))`
Original file line number	Diff line number	Diff line change
`@@ -118,6 +118,19 @@ public async UniTask<T> GetAsync<T>(string endpoint, Dictionary<string, string>`
`118`	`118`	`return await SendJsonRequestWithHeadersAsync<T>(url, UnityWebRequest.kHttpVerbGET, null, headers, cancellationToken);`
`119`	`119`	`}`
`120`	`120`
	`121`	`+ /// <summary>`
	`122`	`+ /// POST 요청 (HTTP 헤더 포함 응답)`
	`123`	`+ /// </summary>`
	`124`	`+ public async UniTask<(T Data, Dictionary<string, string> Headers)> PostWithHeadersAsync<T>(string endpoint, object data = null, Dictionary<string, string> headers = null, bool requiresAuth = false, CancellationToken cancellationToken = default)`
	`125`	`+ {`
	`126`	`+ EnsureInitialized();`
	`127`	`+ EnsureAuthToken(requiresAuth);`
	`128`	`+`
	`129`	`+ var url = GetFullUrl(endpoint);`
	`130`	`+ var jsonData = SerializeData(data);`
	`131`	`+ return await SendJsonRequestWithHeadersAsync<T>(url, UnityWebRequest.kHttpVerbPOST, jsonData, headers, cancellationToken);`
	`132`	`+ }`
	`133`	`+`
`121`	`134`	`public async UniTask<T> PostAsync<T>(string endpoint, object data = null, Dictionary<string, string> headers = null, bool requiresAuth = false, CancellationToken cancellationToken = default)`
`122`	`135`	`{`
`123`	`136`	`EnsureInitialized();`
`@@ -384,7 +397,7 @@ private WWWForm CreateFormData(Dictionary<string, object> formData, Dictionary<s`
`384`	`397`	`}`
`385`	`398`	`else`
`386`	`399`	`{`
`387`		`- form.AddField(kvp.Key, kvp.Value.ToString());`
	`400`	`+ form.AddField(kvp.Key, kvp.Value?.ToString() ?? string.Empty);`
`388`	`401`	`}`
`389`	`402`	`}`
`390`	`403`