Merge remote-tracking branch 'origin/Core' into Core

Author: developowl

src/main/java/roomescape/authentication/AdminAccessInterceptor.java

@@ -0,0 +1,53 @@
+package roomescape.authentication;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+import roomescape.exception.AuthorizationException;
+import roomescape.domain.member.Member;
+
+import java.util.Arrays;
+
+@Component
+public class AdminAccessInterceptor implements HandlerInterceptor {
+    private final AuthService authService;
+
+    public AdminAccessInterceptor(AuthService authService) {
+        this.authService = authService;
+    }
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        String token = extractTokenFromCookies(request.getCookies());
+
+        String email = authService.getEmailFromToken(token);
+        Member member = authService.findLoginMemberByEmail(email);
+
+        if (member == null) {
+            response.setStatus(401);
+            return false;
+        }
+
+        if (!"ADMIN".equals(member.getRole())) {
+            response.setStatus(401);
+            response.getWriter().write("권한이 없습니다.");
+            return false;
+        }
+
+        return true;
+    }
+
+    private String extractTokenFromCookies(Cookie[] cookies) {
+        if (cookies == null) {
+            throw new AuthorizationException("쿠키가 존재하지 않습니다.");
+        }
+
+        return Arrays.stream(cookies)
+                .filter(cookie -> "token".equals(cookie.getName()))
+                .findFirst()
+                .map(Cookie::getValue)
+                .orElseThrow(() -> new AuthorizationException("토큰 쿠키가 없습니다."));
+    }
+}

src/main/java/roomescape/authentication/AuthService.java

@@ -0,0 +1,44 @@
+package roomescape.authentication;
+
+import org.springframework.stereotype.Service;
+import roomescape.domain.token.TokenRequest;
+import roomescape.domain.token.TokenResponse;
+import roomescape.exception.AuthorizationException;
+import roomescape.domain.member.Member;
+import roomescape.domain.member.MemberRepository;
+
+@Service
+public class AuthService {
+    private final JwtTokenProvider jwtTokenProvider;
+    private final MemberRepository memberRepository;
+
+    public AuthService(JwtTokenProvider jwtTokenProvider, MemberRepository memberRepository) {
+        this.jwtTokenProvider = jwtTokenProvider;
+        this.memberRepository = memberRepository;
+    }
+
+    public Member findLoginMemberByEmail(String email) {
+        return memberRepository.findByEmail(email)
+                .orElseThrow(() -> new AuthorizationException("사용자를 찾을 수 없습니다."));
+    }
+
+    public String getEmailFromToken(String token) {
+        return jwtTokenProvider.getPayload(token);
+    }
+
+    public TokenResponse createToken(TokenRequest tokenRequest) {
+        checkInvalidLogin(tokenRequest.getEmail(), tokenRequest.getPassword());
+
+        String accessToken = jwtTokenProvider.createToken(tokenRequest.getEmail());
+        return new TokenResponse(accessToken);
+    }
+
+    public void checkInvalidLogin(String email, String password) {
+        Member member = memberRepository.findByEmailAndPassword(email, password)
+                .orElseThrow(() -> new AuthorizationException("이메일 또는 비밀번호가 잘못되었습니다."));
+    }
+
+    public void verifyToken(String token) {
+        jwtTokenProvider.validateToken(token);
+    }
+}

src/main/java/roomescape/authentication/JwtTokenProvider.java

@@ -0,0 +1,44 @@
+package roomescape.authentication;
+
+import io.jsonwebtoken.*;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import java.util.Date;
+
+@Component
+public class JwtTokenProvider {
+    @Value("${roomescape.auth.jwt.secret}")
+    private String secretKey;
+
+    @Value("${roomescape.auth.jwt.expire-length}")
+    private long validityInMilliseconds;
+
+    public String createToken(String payload) {
+        Claims claims = Jwts.claims().setSubject(payload);
+        Date now = new Date();
+        Date validity = new Date(now.getTime() + validityInMilliseconds);
+        return Jwts.builder()
+                .setClaims(claims)
+                .setIssuedAt(now)
+                .setExpiration(validity)
+                .signWith(SignatureAlgorithm.HS256, secretKey)
+                .compact();
+    }
+
+    public String getPayload(String token) {
+        return Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody().getSubject();
+    }
+
+    public void validateToken(String token) {
+        try {
+            Jws<Claims> claims = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token);
+            if (claims.getBody().getExpiration().before(new Date())) {
+                throw new IllegalArgumentException("토큰이 만료되었습니다.");
+            }
+        } catch (JwtException | IllegalArgumentException e) {
+            throw new IllegalArgumentException("유효하지 않은 토큰 입니다.", e);
+        }
+    }
+
+}

src/main/java/roomescape/authentication/LoginMemberArgumentResolver.java

@@ -0,0 +1,56 @@
+package roomescape.authentication;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.core.MethodParameter;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+import roomescape.exception.AuthorizationException;
+import roomescape.domain.member.Member;
+
+import java.util.Arrays;
+
+@Component
+public class LoginMemberArgumentResolver implements HandlerMethodArgumentResolver {
+    private final AuthService authService;
+
+    public LoginMemberArgumentResolver(AuthService authService) {
+        this.authService = authService;
+    }
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.getParameterType().equals(Member.class);
+    }
+
+    @Override
+    public Object resolveArgument(MethodParameter parameter,
+                                  ModelAndViewContainer mavContainer,
+                                  NativeWebRequest webRequest,
+                                  WebDataBinderFactory binderFactory) throws Exception {
+        HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest();
+
+        String token = extractTokenFromCookies(request.getCookies());
+
+        authService.verifyToken(token);
+
+        String email = authService.getEmailFromToken(token);
+
+        return authService.findLoginMemberByEmail(email);
+    }
+
+    private String extractTokenFromCookies(Cookie[] cookies) {
+        if (cookies == null) {
+            throw new AuthorizationException("쿠키가 존재하지 않습니다.");
+        }
+
+        return Arrays.stream(cookies)
+                .filter(cookie -> "token".equals(cookie.getName()))
+                .findFirst()
+                .map(Cookie::getValue)
+                .orElseThrow(() -> new AuthorizationException("토큰 쿠키가 없습니다."));
+    }
+}

src/main/java/roomescape/controller/ReservationController.java

@@ -1,3 +1,4 @@
+<<<<<<<< HEAD:src/main/java/roomescape/controller/ReservationController.java
 package roomescape.controller;
 
 import org.springframework.http.ResponseEntity;
@@ -62,3 +63,5 @@ public ResponseEntity delete(@PathVariable Long id) {
         return ResponseEntity.noContent().build();
     }
 }
+========
+>>>>>>>> origin/JPA:src/main/java/roomescape/reservation/ReservationController.java

src/main/java/roomescape/controller/ThemeController.java

@@ -1,4 +1,12 @@
+<<<<<<<< HEAD:src/main/java/roomescape/controller/ThemeController.java
+<<<<<<<< HEAD:src/main/java/roomescape/controller/ThemeController.java
 package roomescape.controller;
+========
+package roomescape.domain.theme;
+>>>>>>>> origin/JPA:src/main/java/roomescape/domain/theme/ThemeController.java
+========
+package roomescape.domain.theme;
+>>>>>>>> upstream/0094-gengar:src/main/java/roomescape/domain/theme/ThemeController.java
 
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.DeleteMapping;
@@ -19,17 +27,29 @@ public class ThemeController {
 
     public ThemeController(ThemeRepository themeRepository) {
         this.themeRepository = themeRepository;
+<<<<<<<< HEAD:src/main/java/roomescape/controller/ThemeController.java
+========
+    }
+
+    @PostMapping("/themes")
+    public ResponseEntity<Theme> createTheme(@RequestBody Theme theme) {
+        Theme newTheme = themeRepository.save(theme);
+        return ResponseEntity.created(URI.create("/themes/" + newTheme.getId())).body(newTheme);
+>>>>>>>> upstream/0094-gengar:src/main/java/roomescape/domain/theme/ThemeController.java
     }
 
     @GetMapping("/themes")
     public ResponseEntity<List<Theme>> list() {
         return ResponseEntity.ok(themeRepository.findAll());
+<<<<<<<< HEAD:src/main/java/roomescape/controller/ThemeController.java
     }
 
     @PostMapping("/themes")
     public ResponseEntity<Theme> createTheme(@RequestBody Theme theme) {
         Theme newTheme = themeRepository.save(theme);
         return ResponseEntity.created(URI.create("/themes/" + newTheme.getId())).body(newTheme);
+========
+>>>>>>>> upstream/0094-gengar:src/main/java/roomescape/domain/theme/ThemeController.java
     }
 
     @DeleteMapping("/themes/{id}")

src/main/java/roomescape/controller/TimeController.java

@@ -1,4 +1,12 @@
+<<<<<<<< HEAD:src/main/java/roomescape/controller/TimeController.java
+<<<<<<<< HEAD:src/main/java/roomescape/controller/TimeController.java
 package roomescape.controller;
+========
+package roomescape.domain.time;
+>>>>>>>> origin/JPA:src/main/java/roomescape/domain/time/TimeController.java
+========
+package roomescape.domain.time;
+>>>>>>>> upstream/0094-gengar:src/main/java/roomescape/domain/time/TimeController.java
 
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.DeleteMapping;
@@ -30,7 +38,7 @@ public List<Time> list() {
 
     @PostMapping("/times")
     public ResponseEntity<Time> create(@RequestBody Time time) {
-        if (time.getValue() == null || time.getValue().isEmpty()) {
+        if (time.getTime() == null || time.getTime().isEmpty()) {
             throw new RuntimeException();
         }
 

src/main/java/roomescape/controller/TokenLoginController.java

@@ -0,0 +1,45 @@
+package roomescape.controller;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+import roomescape.authentication.AuthService;
+import roomescape.domain.token.TokenRequest;
+import roomescape.domain.token.TokenResponse;
+import roomescape.domain.member.Member;
+import roomescape.domain.member.MemberResponse;
+
+@RestController
+public class TokenLoginController {
+    private final AuthService authService;
+
+    public TokenLoginController(AuthService authService) {
+        this.authService = authService;
+    }
+
+    @PostMapping("/login")
+    public ResponseEntity<TokenResponse> tokenLogin(@RequestBody TokenRequest tokenRequest, HttpServletResponse response) {
+        TokenResponse tokenResponse = authService.createToken(tokenRequest);
+
+        Cookie cookie = new Cookie("token", tokenResponse.getAccessToken());
+        cookie.setHttpOnly(true);
+        cookie.setPath("/");
+        response.addCookie(cookie);
+
+        return ResponseEntity.ok().body(tokenResponse);
+    }
+
+    @GetMapping("/login/check")
+    public ResponseEntity<MemberResponse> checkLogin(Member loginMember) {
+        MemberResponse memberResponse = new MemberResponse(
+                loginMember.getId(),
+                loginMember.getName(),
+                loginMember.getEmail()
+        );
+        return ResponseEntity.ok(memberResponse);
+    }
+}

src/main/java/roomescape/domain/member/LoginMember.java

@@ -1,3 +1,5 @@
+<<<<<<<< HEAD:src/main/java/roomescape/domain/reservation/ReservationRequest.java
+<<<<<<<< HEAD:src/main/java/roomescape/domain/reservation/ReservationRequest.java
 package roomescape.domain.reservation;
 
 public class ReservationRequest {
@@ -35,3 +37,7 @@ public String getTime() {
         return time;
     }
 }
+========
+>>>>>>>> origin/JPA:src/main/java/roomescape/reservation/ReservationRequest.java
+========
+>>>>>>>> upstream/0094-gengar:src/main/java/roomescape/reservation/ReservationRequest.java

src/main/java/roomescape/domain/reservation/ReservationRequest.java

@@ -0,0 +1,22 @@
+package roomescape.domain.token;
+
+public class TokenRequest {
+    private String email;
+    private String password;
+
+    public TokenRequest() {
+    }
+
+    public TokenRequest(String email, String password) {
+        this.email = email;
+        this.password = password;
+    }
+
+    public String getEmail() {
+        return email;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+}

src/main/java/roomescape/domain/token/TokenRequest.java

@@ -0,0 +1,13 @@
+package roomescape.domain.token;
+
+public class TokenResponse {
+    private String accessToken;
+
+    public TokenResponse(String accessToken) {
+        this.accessToken = accessToken;
+    }
+
+    public String getAccessToken() {
+        return accessToken;
+    }
+}

src/main/java/roomescape/domain/token/TokenResponse.java

@@ -3,9 +3,21 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ResponseStatus;
 
-@ResponseStatus(HttpStatus.UNAUTHORIZED)
+@ResponseStatus
 public class AuthorizationException extends RuntimeException {
+<<<<<<<< HEAD:src/main/java/roomescape/exception/AuthorizationException.java
     public AuthorizationException(String message) {
         super(message);
+========
+    private final HttpStatus httpStatus;
+
+    public AuthorizationException(String message, HttpStatus httpStatus) {
+        super(message);
+        this.httpStatus = httpStatus;
+    }
+
+    public HttpStatus getHttpStatus() {
+        return httpStatus;
+>>>>>>>> origin/JPA:src/main/java/roomescape/application/AuthorizationException.java
     }
 }