Skip to content

Commit

Permalink
feat: [#131] Security 적용
Browse files Browse the repository at this point in the history
  • Loading branch information
kuk6933 committed Sep 28, 2023
1 parent 7624372 commit 47433f5
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions src/main/java/org/rf/rfserver/config/WebSecurityConfig.java
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ public SecurityFilterChain filterChain(HttpSecurity http, TokenAuthenticationFil
return http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(requests ->
requests.requestMatchers("/", "/swagger-ui/**", "/user/**", "/party/**"
, "/mail/**", "/schedule/**", "/report/**","/chat/**", "/block/**",
requests.requestMatchers("/", "/user/login", "/chat/**", "/user", "/user/idCheck/**", "/user/nicknameCheck/**" ,
"/user/findId", "/user/resetPassword",
"/token", "/enums", "/apns/**", "/ws/**").permitAll() // requestMatchers의 인자로 전달된 url은 모두에게 허용
.anyRequest().authenticated() // 그 외의 모든 요청은 인증 필요
)
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/rf/rfserver/constant/RfRule.java
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@

public class RfRule {
public static final int MAX_PARTY_NUMBER = 5;
public static final int ACCESS_TOKEN_EXPIRATION = 2;
public static final int ACCESS_TOKEN_EXPIRATION = 70;
public static final int REFRESH_TOKEN_EXPIRATION = 7;
}
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ public LoginRes login(LoginReq loginReq) throws BaseException {
User user = userRepository.findByLoginId(loginReq.getLoginId())
.filter(it -> bCryptPasswordEncoder.matches(loginReq.getPassword(), it.getPassword())) // 암호화된 비밀번호와 비교하도록 수정
.orElseThrow(() -> new BaseException(INVALID_LOGIN_IR_OR_PASSWORD));
String accessToken = tokenProvider.generateToken(user, Duration.ofHours(ACCESS_TOKEN_EXPIRATION));
String accessToken = tokenProvider.generateToken(user, Duration.ofDays(ACCESS_TOKEN_EXPIRATION));
String refreshToken = tokenProvider.generateToken(user, Duration.ofDays(REFRESH_TOKEN_EXPIRATION));
refreshTokenService.saveRefreshToken(user.getId(), refreshToken);
user.setDeviceToken(loginReq.getDeviceToken());
Expand Down

0 comments on commit 47433f5

Please sign in to comment.