From 47433f5c697c61cb9fb5bdc253ee3c17f2daeca0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=98=A4=ED=98=95=EC=84=9D?= <77862152+kuk6933@users.noreply.github.com> Date: Thu, 28 Sep 2023 22:03:29 +0900 Subject: [PATCH] =?UTF-8?q?feat:=20[#131]=20=20Security=20=EC=A0=81?= =?UTF-8?q?=EC=9A=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/org/rf/rfserver/config/WebSecurityConfig.java | 4 ++-- src/main/java/org/rf/rfserver/constant/RfRule.java | 2 +- src/main/java/org/rf/rfserver/user/service/UserService.java | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/rf/rfserver/config/WebSecurityConfig.java b/src/main/java/org/rf/rfserver/config/WebSecurityConfig.java index 976d77fe..42eb095f 100644 --- a/src/main/java/org/rf/rfserver/config/WebSecurityConfig.java +++ b/src/main/java/org/rf/rfserver/config/WebSecurityConfig.java @@ -32,8 +32,8 @@ public SecurityFilterChain filterChain(HttpSecurity http, TokenAuthenticationFil return http .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(requests -> - requests.requestMatchers("/", "/swagger-ui/**", "/user/**", "/party/**" - , "/mail/**", "/schedule/**", "/report/**","/chat/**", "/block/**", + requests.requestMatchers("/", "/user/login", "/chat/**", "/user", "/user/idCheck/**", "/user/nicknameCheck/**" , + "/user/findId", "/user/resetPassword", "/token", "/enums", "/apns/**", "/ws/**").permitAll() // requestMatchers의 인자로 전달된 url은 모두에게 허용 .anyRequest().authenticated() // 그 외의 모든 요청은 인증 필요 ) diff --git a/src/main/java/org/rf/rfserver/constant/RfRule.java b/src/main/java/org/rf/rfserver/constant/RfRule.java index 9f1ae7d9..e7153b81 100644 --- a/src/main/java/org/rf/rfserver/constant/RfRule.java +++ b/src/main/java/org/rf/rfserver/constant/RfRule.java @@ -2,6 +2,6 @@ public class RfRule { public static final int MAX_PARTY_NUMBER = 5; - public static final int ACCESS_TOKEN_EXPIRATION = 2; + public static final int ACCESS_TOKEN_EXPIRATION = 70; public static final int REFRESH_TOKEN_EXPIRATION = 7; } diff --git a/src/main/java/org/rf/rfserver/user/service/UserService.java b/src/main/java/org/rf/rfserver/user/service/UserService.java index da1c5fb1..5bd43a31 100644 --- a/src/main/java/org/rf/rfserver/user/service/UserService.java +++ b/src/main/java/org/rf/rfserver/user/service/UserService.java @@ -223,7 +223,7 @@ public LoginRes login(LoginReq loginReq) throws BaseException { User user = userRepository.findByLoginId(loginReq.getLoginId()) .filter(it -> bCryptPasswordEncoder.matches(loginReq.getPassword(), it.getPassword())) // 암호화된 비밀번호와 비교하도록 수정 .orElseThrow(() -> new BaseException(INVALID_LOGIN_IR_OR_PASSWORD)); - String accessToken = tokenProvider.generateToken(user, Duration.ofHours(ACCESS_TOKEN_EXPIRATION)); + String accessToken = tokenProvider.generateToken(user, Duration.ofDays(ACCESS_TOKEN_EXPIRATION)); String refreshToken = tokenProvider.generateToken(user, Duration.ofDays(REFRESH_TOKEN_EXPIRATION)); refreshTokenService.saveRefreshToken(user.getId(), refreshToken); user.setDeviceToken(loginReq.getDeviceToken());