๋ณธ๋ฌธ์œผ๋กœ ๊ฑด๋„ˆ๋›ฐ๊ธฐ

"Auth" ํƒœ๊ทธ๋กœ ์—ฐ๊ฒฐ๋œ 2๊ฐœ ๊ฒŒ์‹œ๋ฌผ๊ฐœ์˜ ๊ฒŒ์‹œ๋ฌผ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

๋ชจ๋“  ํƒœ๊ทธ ๋ณด๊ธฐ

ยท ์•ฝ 8๋ถ„

PMP ๊ฐ€์ด๋“œ#

OAuth#

OAuth ๊ธฐ์ˆ ์˜ ์ฐธ์—ฌ์ž

Our Service ( example.com ), User(์‚ฌ์šฉ์ž), Their(Google, Facebook, Twitter ๋“ฑ๋“ฑ)


User์—๊ฒŒ Their์˜ id , pw ๋ฅผ ๊ทธ๋Œ€๋กœ ์ „๋‹ฌ๋ฐ›๋Š” ๋ฐฉ๋ฒ•

  • User : ์ฒ˜์Œ๋ณด๋Š” ์„œ๋น„์Šค๋ฅผ ๋ฏฟ์„ ์ˆ˜ ์—†๋‹ค.

  • Our Service : ์œ ์ €์˜ id , pw ๋ฅผ ์•ˆ์ „ํ•˜๊ฒŒ ๊ด€๋ฆฌํ•ด์•ผํ•  ์ฑ…์ž„์„ ์ง€๋‹ˆ๊ฒŒ ๋œ๋‹ค.

  • Their Service : ์ œ 3์ž์˜ ์„œ๋น„์Šค๊ฐ€ ๋ณธ์ธ๋“ค์˜ id , pw ๋ฅผ ๊ฐ–๊ณ  ์žˆ๋‹ค๋Š” ๊ฒƒ์— ๋ถˆ๋งŒ์ด ์ƒ๊ธด๋‹ค.


Their๊ฐ€ accessToken ์„ ๋ฐœ๊ธ‰ํ•˜๋Š” ๋ฐฉ๋ฒ•

  • accessToken ์€ id , pw ๊ฐ€ ์•„๋‹ˆ๋‹ค.

  • Their Service๋Š” ์ œ๊ณตํ•˜๊ธฐ ์›ํ•˜๋Š” ๊ธฐ๋Šฅ๋งŒ ์ œ๊ณตํ•  ์ˆ˜ ์žˆ๋‹ค.


์šฉ์–ด#

  • Client(Our Service)

  • Resource Owner(User)

  • Resource Server(Their) + Authorization Server(์ธ์ฆ ์„œ๋ฒ„๋ฅผ ๋”ฐ๋กœ ๊ตฌ๋ถ„ํ•˜๊ธฐ๋„ ํ•จ)


๋“ฑ๋ก#

2020-12-21-201221-image-0

  • Client ID : ์„œ๋น„์Šค๋ฅผ ์‹๋ณ„ํ•˜๋Š” ์•„์ด๋””

  • Client Secret : ์„œ๋น„์Šค์— ๋Œ€ํ•œ ๋น„๋ฐ€๋ฒˆํ˜ธ (์ ˆ๋Œ€๋กœ ๋…ธ์ถœ์ด ๋˜์–ด์„  ์•ˆ๋œ๋‹ค.)

  • Authorized redirect URIs : Resource Server๊ฐ€ ์ธ์ฆ ์ฝ”๋“œ๋ฅผ ์ œ๊ณตํ•  ์„œ๋น„์Šค์˜ URL

  • Scope : Resource Server์—์„œ ์ œ๊ณตํ•˜๋Š” ๊ธฐ๋Šฅ (ํ•„์š”ํ•œ ๊ธฐ๋Šฅ์— ๋Œ€ํ•œ ์ธ์ฆ๋งŒ ์ œ๊ณต ๊ฐ€๋Šฅ )

์†Œ์…œ ๋กœ๊ทธ์ธ ๋ฒ„ํŠผ์€ ๋‹ค์Œ์˜ ๋งํฌ๊ฐ€ ๋‹ด๊ฒจ์žˆ๋‹ค.

  • http://{๋ฆฌ์†Œ์Šค ์„œ๋ฒ„์˜ ์ฃผ์†Œ}/?{ํด๋ผ์ด์–ธํŠธ ID=id}&{์Šค์ฝ”ํ”„=b,c}&{๋ฆฌ๋‹ค์ด๋ ‰ํŠธ URL=url}

๋ฆฌ์†Œ์Šค ์„œ๋ฒ„๋Š” ์œ ์ €์˜ ๋กœ๊ทธ์ธ ์ •๋ณด๋ฅผ ๋ฐ›๊ณ , ํด๋ผ์ด์–ธํŠธ ์•„์ด๋””์™€ ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ URL์ด ์ผ์น˜ํ•˜๋Š”์ง€ ํ™•์ธํ•˜๊ณ , ๊ถŒํ•œ ํ—ˆ์šฉ์— ๋Œ€ํ•œ ์•ˆ๋‚ด๋ฅผ ์œ ์ €์—๊ฒŒ ์ „๋‹ฌํ•˜๊ณ , ์œ ์ €๊ฐ€ ํ—ˆ์šฉํ•œ ๊ถŒํ•œ์ด ๋ฌด์—‡์ธ์ง€์— ๋Œ€ํ•ด ์ €์žฅํ•œ๋‹ค.

๋ฆฌ์†Œ์Šค ์„œ๋ฒ„๋Š” authorization code ๋ฅผ ๋‹ด์•„์„œ ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ URL๋กœ ์œ ์ €์˜ ๋ธŒ๋ผ์šฐ์ €๋ฅผ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ ์‹œํ‚จ๋‹ค.

ํด๋ผ์ด์–ธํŠธ๋Š” authorization code ๋ฅผ ์œ ์ €์—๊ฒŒ ๋ฐ›๊ณ , ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ URL, ํด๋ผ์ด์–ธํŠธ ID, ํด๋ผ์ด์–ธํŠธ ์‹œํฌ๋ฆฟ์„ ๊ฐ–๊ณ  ๋ฆฌ์†Œ์Šค ์„œ๋ฒ„์— ์š”์ฒญํ•œ๋‹ค.

์ด ๊ณผ์ •์ด ์™„๋ฃŒ๋˜๋ฉด access token์„ ๋ฐœ๊ธ‰ํ•œ๋‹ค.

access token์„ Header: { Authorization : Bearer token } ์— ๋‹ด์•„ ๋ณด๋‚ผ ์ˆ˜ ์žˆ๋‹ค.


OAuth๋ฅผ ํ™œ์šฉํ•ด์„œ API ์‚ฌ์šฉํ•˜๊ธฐ#

2020-12-21-201221-image-1

Using OAuth 2.0 to Access Google APIs | Google Identity


Database Naming Convention#

๋ณต์ˆ˜ํ˜• vs ๋‹จ์ˆ˜ํ˜•#

  • ํ…Œ์ด๋ธ”์€ ์—”ํ‹ฐํ‹ฐ์˜ ์ธ์Šคํ„ด์Šค๋“ค์„ ํ‘œํ˜„ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ์˜๋ฏธ์ ์œผ๋กœ ๋ณต์ˆ˜ํ˜•์ด ๋” ๋งž๋‹ค.

  • ํ…Œ์ด๋ธ”์„ ๋‹จ์ˆ˜ํ˜•์„ ์‚ฌ์šฉํ–ˆ์„ ๋•Œ SQL ๋ฌธ์—์„œ SELECT activity.name ์œผ๋กœ ํ‘œํ˜„ํ•  ์ˆ˜์žˆ๋Š” ์žฅ์ ์ด ์žˆ๋‹ค.

    • ํ•˜์ง€๋งŒ ๋ณต์ˆ˜ํ˜•์„ ์‚ฌ์šฉํ•˜๋”๋ผ๋„ SQL alias๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์œผ๋กœ ๊ทน๋ณต ๊ฐ€๋Šฅํ•˜๋‹ค.

    • SELECT id, name, description FROM products product WHERE product.name = โ€˜fooโ€™ AND product.description = โ€˜barโ€™

  • REST API์—์„œ ์ž์›์— ๋Œ€ํ•œ ์š”์ฒญ ์—ญ์‹œ ํ…Œ์ด๋ธ”์— ๋”ฐ๋ผ ๋ณต์ˆ˜ํ˜•์œผ๋กœ ํ•˜๋Š” ๊ฒƒ์ด ์ข‹๋‹ค. ex) GET /users/1

The table naming dilemma: singular vs. plural

camelCase vs snake_case#

  • MySQL ์—์„œ ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค๋Š” ๋ฐ์ดํ„ฐ ๋””๋ ‰ํ† ๋ฆฌ ๋‚ด์˜ ๋””๋ ‰ํ† ๋ฆฌ์— ํ•ด๋‹นํ•˜๊ณ , ํ…Œ์ด๋ธ”์€ํŒŒ์ผ์— ํ•ด๋‹นํ•œ๋‹ค. ๋”ฐ๋ผ์„œ, ์šด์˜์ฒด์ œ์˜ ๋Œ€์†Œ๋ฌธ์ž ๊ตฌ๋ถ„์ด ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค, ํ…Œ์ด๋ธ” ๋ฐ ํŠธ๋ฆฌ๊ฑฐ ์ด๋ฆ„์˜ ๋Œ€์†Œ๋ฌธ์ž ๊ตฌ๋ถ„์— ์˜ํ–ฅ์„ ์ค€๋‹ค.

  • Windows๋Š” ๋Œ€์†Œ๋ฌธ์ž๋ฅผ ๊ตฌ๋ถ„ํ•˜์ง€ ์•Š์ง€๋งŒ Unix๋Š” ๊ตฌ๋ถ„, macOS๋Š” ๊ตฌ๋ถ„ํ•˜์ง€ ์•Š๋Š” ํŒŒ์ผ์‹œ์Šคํ…œ์„ ์‚ฌ์šฉํ•˜์ง€๋งŒ ๋Œ€์†Œ๋ฌธ์ž๋ฅผ ๊ตฌ๋ถ„ํ•˜๋Š” ๋ณผ๋ฅจ๋„ ์ง€์›ํ•จ.

  • ๋”ฐ๋ผ์„œ snake_case ๊ฐ€ ์ด์‹์„ฑ๊ณผ ์‚ฌ์šฉ ํŽธ์˜์„ฑ ์ธก๋ฉด์—์„œ ๊ฐ€์žฅ ๊ถŒ์žฅ๋œ๋‹ค.

  • ํ•˜์ง€๋งŒ camelCase ๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒฝ์šฐ๋„ ์žˆ๊ณ , JS๊ฐ€ camelCase๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ ๋•Œ๋ฌธ์—์–ป์„ ์ˆ˜ ์žˆ๋Š” ํŽธ์˜์„ฑ์ด ์žˆ๋‹ค.

  • ๋ฌด์—‡๋ณด๋‹ค ์ผ๊ด€๋œ ๊ทœ์น™์„ ์ฑ„ํƒํ•˜๋Š” ๊ฒƒ์ด ๊ฐ€์žฅ ์ข‹๋‹ค.

MySQL :: MySQL 8.0 Reference Manual :: 9.2.3 Identifier Case Sensitivity

RESTful API#

์„œ๋ฒ„ ์‘๋‹ต์— HTTP ์ƒํƒœ ์ฝ”๋“œ๋ฅผ ์‚ฌ์šฉํ•ด๋ผ#

์˜ค๋ฅ˜ ๋ฐœ์ƒ์‹œ API ์‚ฌ์šฉ์ž์˜ ํ˜ผ๋™์„ ์—†์• ๊ธฐ ์œ„ํ•ด ์˜ค๋ฅ˜๋ฅผ ์ •์ƒ์ ์œผ๋กœ ์ฒ˜๋ฆฌํ•˜๊ณ  ๋ฐœ์ƒํ•œ ์˜ค๋ฅ˜์˜ ์ข…๋ฅ˜๋ฅผ ๋‚˜ํƒ€๋‚ด๋Š” HTTP ์‘๋‹ต ์ฝ”๋“œ๋ฅผ ๋ฐ˜ํ™˜ํ•ด์•ผํ•ฉ๋‹ˆ๋‹ค.ย ์ด๋ฅผ ํ†ตํ•ด API ๊ด€๋ฆฌ์ž๋Š” ๋ฐœ์ƒํ•œ ๋ฌธ์ œ๋ฅผ ์ดํ•ดํ•  ์ˆ˜์žˆ๋Š” ์ถฉ๋ถ„ํ•œ ์ •๋ณด๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.ย ์˜ค๋ฅ˜๋กœ ์ธํ•ด ์‹œ์Šคํ…œ์ด์ค‘๋‹จ๋˜๋Š” ๊ฒƒ์„ ์›ํ•˜์ง€ ์•Š์œผ๋ฏ€๋กœ ์˜ค๋ฅ˜๋ฅผ ์ฒ˜๋ฆฌํ•˜์ง€ ์•Š์€ ์ฑ„๋กœ ๋‘˜ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ฆ‰, API ์†Œ๋น„์ž๊ฐ€ ์˜ค๋ฅ˜๋ฅผ ์ฒ˜๋ฆฌํ•ด์•ผํ•ฉ๋‹ˆ๋‹ค.

์ผ๋ฐ˜์ ์ธ ์˜ค๋ฅ˜ HTTP ์ƒํƒœ ์ฝ”๋“œ๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™์Šต๋‹ˆ๋‹ค.

  • 400 ์ž˜๋ชป๋œ ์š”์ฒญ โ€“ ์ด๋Š” ํด๋ผ์ด์–ธํŠธ ์ธก ์ž…๋ ฅ์ด ์œ ํšจ์„ฑ ๊ฒ€์‚ฌ์— ์‹คํŒจ ํ•จ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค .

  • 401 Unauthorized โ€“ ์‚ฌ์šฉ์ž๊ฐ€ ๋ฆฌ์†Œ์Šค์— ์•ก์„ธ์Šค ํ•  ์ˆ˜์žˆ๋Š” ๊ถŒํ•œ์ด ์—†์Œ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค .ย ์ผ๋ฐ˜์ ์œผ๋กœ ์‚ฌ์šฉ์ž๊ฐ€ ์ธ์ฆ๋˜์ง€ ์•Š์€ ๊ฒฝ์šฐ ๋ฐ˜ํ™˜๋ฉ๋‹ˆ๋‹ค.

  • 403 ๊ธˆ์ง€๋จ โ€“ ์‚ฌ์šฉ์ž๊ฐ€ ์ธ์ฆ๋˜์—ˆ์ง€๋งŒ ๋ฆฌ์†Œ์Šค์— ์•ก์„ธ์Šค ํ•  ์ˆ˜ ์—†์Œ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

  • 404 Not Found โ€“ ๋ฆฌ์†Œ์Šค๋ฅผ ์ฐพ์„ ์ˆ˜ ์—†์Œ์„ ๋‚˜ํƒ€๋ƒ…๋‹ˆ๋‹ค.

  • 500 ๋‚ด๋ถ€ ์„œ๋ฒ„ ์˜ค๋ฅ˜ โ€“ ์ผ๋ฐ˜์ ์ธ ์„œ๋ฒ„ ์˜ค๋ฅ˜์ž…๋‹ˆ๋‹ค.ย ์•„๋งˆ๋„ ๋ช…์‹œ ์ ์œผ๋กœ ๋˜์ ธ์„œ๋Š” ์•ˆ๋ฉ๋‹ˆ๋‹ค.

  • 502ย Bad Gateway โ€“ ์—…์ŠคํŠธ๋ฆผ ์„œ๋ฒ„์˜ ์ž˜๋ชป๋œ ์‘๋‹ต์„ ๋‚˜ํƒ€๋ƒ…๋‹ˆ๋‹ค.

  • 503 ์„œ๋น„์Šค๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์—†์Œ โ€“ ์„œ๋ฒ„ ์ธก์—์„œ ์˜ˆ๊ธฐ์น˜ ์•Š์€ ์ผ์ด ๋ฐœ์ƒํ–ˆ์Œ์„ ๋‚˜ํƒ€๋ƒ…๋‹ˆ๋‹ค (์„œ๋ฒ„ ๊ณผ๋ถ€ํ•˜, ์‹œ์Šคํ…œ์˜ ์ผ๋ถ€ ์˜ค๋ฅ˜ ๋“ฑ์ด ๋  ์ˆ˜ ์žˆ์Œ).

Best practices for REST API design - Stack Overflow Blog

Best Practices for your REST API

FE API ์—๋Ÿฌ ํ•ธ๋“ค๋ง#

Catch request errors with Axios

Handling Failed HTTP Responses With fetch()

ยท ์•ฝ 5๋ถ„

์ธ์ฆ ์„œ๋น„์Šค ๊ธฐ์ดˆ ๊ฐ•์˜#

Auth Service Fundamentals#

  • ๊ตฌ๊ธ€๊ณผ ์œ ํŠœ๋ธŒ์˜ ์‚ฌ๋ก€ - ์ธ์ฆ์ด ํ•„์š”ํ•œ ์ด์œ ๊ฐ€ ์žˆ์–ด์•ผ ํ•œ๋‹ค.

2020-12-16-201216-image-0

  • ์„œ๋น„์Šค ์ œ๊ณต์ž : ํšŒ์› ํ™•๋ณด โ†’ ๋ฐ์ดํ„ฐ ๋ถ„์„ โ†’ ์„œ๋น„์Šค ๋ฐฉํ–ฅ ์„ค์ •, ๋‹ค์–‘ํ•œ ๋งˆ์ผ€ํŒ… ํ™œ์šฉ

  • ์‚ฌ์šฉ์ž : ์„œ๋น„์Šค ์ด์šฉ ํŽธ์˜์„ฑ, ๊ฐœ์ธํ™” ์„œ๋น„์Šค ์ด์šฉ

ํšŒ์› ๊ฐ€์ž…#

  • ์„œ๋น„์Šค์˜ ์ผ์›์ด ๋˜๊ธฐ ์œ„ํ•œ ์ ˆ์ฐจ

  • ์ด ๊ณผ์ •์„ ๊ฑฐ์น˜์ง€ ๋ชปํ•œ๋‹ค๋ฉด ๊ฒฝ์šฐ์— ๋”ฐ๋ผ์„œ ํ•ด๋‹น ์„œ๋น„์Šค์— ๊ฒŒ์‹œ๋˜์–ด ์žˆ๋Š” ๊ธ€ ์ž์ฒด๋ฅผ๋ชป ๋ณด๊ฒŒ ๋˜๋Š” ๋“ฑ ๊ฐ€์ž…์ž๋“ค์— ๋น„ํ•ด ํ™œ๋™์˜ ์ œ์•ฝ์ด ๋ฐœ์ƒ

๋กœ๊ทธ์ธ#

  • ๋กœ๊ทธ์ธ์€ ์ ‘๊ทผ ํ—ˆ๊ฐ€ ์ฆ๋ช…์„ ์–ป๊ธฐ ์œ„ํ•ด ์‚ฌ์šฉ์ž ์ธ์ฆ์œผ๋กœ ๊ฐœ์ธ์ด ์ปดํ“จํ„ฐ ์‹œ์Šคํ…œ์— ์ ‘๊ทผํ•˜๋Š” ์ž‘์—…

์ธ์ฆ ๋ฐฉ๋ฒ•#

2020-12-16-201216-image-1

Authentication vs Authorization#

2020-12-16-201216-image-2

  • Authorization์€ ์˜ฌ๋ฐ”๋ฅด๊ฒŒ ์ธ์ฆ๋œ ์œ ์ €์—๊ฒŒ ์ž์›์˜ ์†Œ์œ ์ž๊ฐ€ ํ—ˆ๊ฐ€ํ•œ ์ž์›์— ์ ‘๊ทผํ• ์ˆ˜ ์žˆ๋Š” ๊ถŒํ•œ์„ ๋ถ€์—ฌํ•˜๋Š” ๊ฒƒ์ด๋‹ค.

OAuth 2.0#

  • OAuth 2.0์€ ๋‹ค์–‘ํ•œ ํ”Œ๋žซํผ ํ™˜๊ฒฝ์—์„œ ๊ถŒํ•œ ๋ถ€์—ฌ๋ฅผ ์œ„ํ•œ ํ‘œ์ค€ ํ”„๋กœํ† ์ฝœ

  • ์ œ 3์˜ ์•ฑ์ด ์ž์›์˜ ์†Œ์œ ์ž์ธ ์„œ๋น„์Šค ์ด์šฉ์ž๋ฅผ ๋Œ€์‹ ํ•˜์—ฌ ์„œ๋น„์Šค๋ฅผ ์š”์ฒญํ•  ์ˆ˜ ์žˆ๋„๋ก์ž์› ์ ‘๊ทผ ๊ถŒํ•œ์„ ์œ„์ž„ํ•˜๋Š” ๋ฐฉ๋ฒ•

2020-12-16-201216-image-3

2020-12-16-201216-image-4

Sample#

ํ•„์ˆ˜ ์ •๋ณด - key (์‚ฌ์šฉ์ž์— ๋Œ€ํ•œ ์œ ๋‹ˆํฌ ๊ฐ’), id , password

  • ? ์œ ์ € ์•„์ด๋””๋ฅผ key ๋กœ ์‚ฌ์šฉํ–ˆ์„ ๋•Œ์˜ ๋ฌธ์ œ์ 

    • id ๋Š” public ํ•˜๋‹ค.

    • id ๋Š” ๋ณ€๊ฒฝ๋  ์ˆ˜ ์žˆ๋‹ค. (์œ ์ €์˜ key ๊ฐ’์ด ๋ฐ”๋€” ์ˆ˜ ์žˆ๋‹ค.)

      • ๊ด€๊ณ„๋œ ๋ฐ์ดํ„ฐ์— ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•œ๋‹ค.
  • id ๋Š” unique ํ•ด์•ผ ํ•œ๋‹ค.

    • ๋Œ€์†Œ๋ฌธ์ž๋ฅผ ํ—ˆ์šฉํ•  ๊ฒฝ์šฐ ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋‹ค.
  • password ๋Š” ์•”ํ˜ธํ™” ๋˜์–ด์•ผ ํ•œ๋‹ค.

2020-12-16-201216-image-5

    • ๊ฐ€์ž… ์ผ์ž
  • key ๊ฐ’์œผ๋กœ ์ˆซ์ž๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ๊ณต๊ฒฉ์˜ ์—ฌ์ง€๋ฅผ ์ค„ ์ˆ˜ ์žˆ๋‹ค.

  • ๋ฌธ์ž์—ด์„ ๋งŽ์ด ์“ฐ๋Š”๋ฐ, ์œ ์ถ”ํ•˜๊ธฐ ์–ด๋ ค์›Œ์•ผ ํ•œ๋‹ค.

  • user_id ๋Š” ์ด๋ฉ”์ผ์„ ๋งŽ์ด ์“ฐ๋Š”๋ฐ, ์ด๋ฉ”์ผ์€ ์œ ๋‹ˆํฌ ํ•˜๋‹ค๋Š” ์ ์ด ๋ณด์žฅ๋œ๋‹ค.

    • ์ด๋ฉ”์ผ์ด ํ•ด๋‹น ์œ ์ €์˜ ์†Œ์œ ์ธ์ง€ ์ธ์ฆ ๊ณผ์ •์ด ํ•„์š”ํ•˜๋‹ค.
  • password ๋Š” ๋ฌธ์ž์™€ ์ˆซ์ž, ํŠน์ˆ˜ ๋ฌธ์ž ๋“ฑ์„ ์กฐํ•ฉํ•˜๋Š” ๊ฒƒ์ด ์ข‹๋‹ค.

2020-12-16-201216-image-6

2020-12-16-201216-image-7

2020-12-16-201216-image-8

  • Cookie vs Session

์ฟ ํ‚ค๊ฐ€ ๋ณด์•ˆ์— ์ทจ์•ฝํ•œ ์ด์œ 

2020-12-16-201216-image-9

2020-12-16-201216-image-10

๋งŽ์€ ๊ฒฝ์šฐ ์ฟ ํ‚ค์— token ์„ ๋„ฃ๋Š”๋ฐ, ๋ณด์•ˆ ์ธก๋ฉด์—์„œ ๊ทธ๋ƒฅ ๋„ฃ๋Š” ๊ฒฝ์šฐ, ์กฐํ•ฉํ•ด์„œ ๋„ฃ๋Š”๊ฒฝ์šฐ ๋“ฑ์ด ์žˆ๋‹ค.

2020-12-16-201216-image-11

  • access token ์€ ์‹œ๊ฐ„ ๋‹จ์œ„๋ฅผ ๋งŽ์ด ์“ฐ๊ณ  ex) 6์‹œ๊ฐ„ , refresh token์€ ๋ช‡ ์ผ ๋‹จ์œ„ , ex) 1์ฃผ 2์ฃผ ํ•œ ๋‹ฌ

2020-12-16-201216-image-12

  • ์žฌ๋ฐœ๊ธ‰ ํ•˜์ง€ ์•Š๊ณ  ๊ธฐ์กด ๊ฒƒ์„ ์‚ฌ์šฉํ•˜๋ฉด, refresh token์€ ์–ธ์  ๊ฐ€ ๋งŒ๋ฃŒ ๋˜์–ด ์‚ฌ์šฉ์ž์—๊ฒŒ ๋ถˆํŽธํ•จ์„ ์ค„ ์ˆ˜ ์žˆ๋‹ค.

  • ํ•ญ์ƒ ์‹ ๊ทœ๋กœ ๋ฐœ๊ธ‰ํ•˜๋ฉด, ์—ฌ๋Ÿฌ ํ”Œ๋žซํผ ๊ฐ„์— ์žฌ๋ฐœ๊ธ‰ ๋œ ํ† ํฐ์„ ์–ด๋–ป๊ฒŒ ๋™๊ธฐํ™” ํ•  ๊ฒƒ์ด๋ƒ์— ๋Œ€ํ•œ ๊ณ ๋ฏผ์ด ํ•„์š”ํ•˜๋‹ค.


Storybook ๊ธ€๋กœ๋ฒŒ ์Šคํƒ€์ผ ์„ค์ •#

preview.js

import React from 'react';
import {ThemeProvider} from 'styled-components';
import GlobalStyle from 'src/styles/GlobalStyle';import theme from 'src/styles/theme';
export const parameters = {    actions: {argTypesRegex: '^on[A-Z].*'},};
export const decorators = [    (Story) => (        <ThemeProvider theme={theme}>            <GlobalStyle />            <Story />        </ThemeProvider>    ),];

Styled-components#

The Advanced Way to Style with Styled Components

์ด์Šˆ - styled-components์˜ craeteGlobalStyle ์ ์šฉ ์‹œ user agent stylesheet๊ฐ€ override ํ•˜๋Š” ์ด์Šˆ

2020-12-16-201216-image-13


Validation#

Use RegEx To Test Password Strength In JavaScript

Form Validation