From 05cbef4d904944023c4ca68c624c6829f8ce606a Mon Sep 17 00:00:00 2001 From: yeseul106 <20191037@sungshin.ac.kr> Date: Tue, 5 Dec 2023 17:29:14 +0900 Subject: [PATCH] =?UTF-8?q?[#89]=20fix:=20security=EB=A5=BC=20=EB=B6=99?= =?UTF-8?q?=EC=9E=84=EC=97=90=20=EB=94=B0=EB=9D=BC=20jwt=20=ED=86=A0?= =?UTF-8?q?=ED=81=B0=20=EC=9C=A0=EC=A0=80=EC=9D=98=20=EB=8D=B0=EC=9D=B4?= =?UTF-8?q?=ED=84=B0=EB=A5=BC=20=EB=82=B4=EB=A0=A4=EC=A3=BC=EB=8F=84?= =?UTF-8?q?=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../crew/main/common/config/SecurityConfig.java | 2 +- .../config/jwt/JwtAuthenticationEntryPoint.java | 4 ---- .../makers/crew/main/common/util/UserUtil.java | 16 ++++++++++++++++ .../crew/main/user/v2/UserV2Controller.java | 16 ++++++++++++++-- .../main/user/v2/service/UserV2ServiceImpl.java | 9 ++++++++- 5 files changed, 39 insertions(+), 8 deletions(-) create mode 100644 main/src/main/java/org/sopt/makers/crew/main/common/util/UserUtil.java diff --git a/main/src/main/java/org/sopt/makers/crew/main/common/config/SecurityConfig.java b/main/src/main/java/org/sopt/makers/crew/main/common/config/SecurityConfig.java index 83a6243e..980a8373 100644 --- a/main/src/main/java/org/sopt/makers/crew/main/common/config/SecurityConfig.java +++ b/main/src/main/java/org/sopt/makers/crew/main/common/config/SecurityConfig.java @@ -38,7 +38,7 @@ public class SecurityConfig { @Bean @Profile("dev") - SecurityFilterChain prodSecurityFilterChain(HttpSecurity http) throws Exception { + SecurityFilterChain devSecurityFilterChain(HttpSecurity http) throws Exception { return http.csrf((csrfConfig) -> csrfConfig.disable() ) diff --git a/main/src/main/java/org/sopt/makers/crew/main/common/config/jwt/JwtAuthenticationEntryPoint.java b/main/src/main/java/org/sopt/makers/crew/main/common/config/jwt/JwtAuthenticationEntryPoint.java index 4fc968cc..aae9b01b 100644 --- a/main/src/main/java/org/sopt/makers/crew/main/common/config/jwt/JwtAuthenticationEntryPoint.java +++ b/main/src/main/java/org/sopt/makers/crew/main/common/config/jwt/JwtAuthenticationEntryPoint.java @@ -4,7 +4,6 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; -import org.sopt.makers.crew.main.common.response.CommonResponseDto; import org.sopt.makers.crew.main.common.response.ErrorStatus; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; @@ -25,9 +24,6 @@ public void commence(HttpServletRequest request, HttpServletResponse response, public void setResponse(HttpServletResponse response, ErrorStatus status) throws IOException { response.setContentType("application/json;charset=UTF-8"); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - - CommonResponseDto apiResponse = CommonResponseDto.fail(status.getErrorCode()); - response.getWriter().println(mapper.writeValueAsString(apiResponse)); } } diff --git a/main/src/main/java/org/sopt/makers/crew/main/common/util/UserUtil.java b/main/src/main/java/org/sopt/makers/crew/main/common/util/UserUtil.java new file mode 100644 index 00000000..d5b66e1a --- /dev/null +++ b/main/src/main/java/org/sopt/makers/crew/main/common/util/UserUtil.java @@ -0,0 +1,16 @@ +package org.sopt.makers.crew.main.common.util; + +import java.security.Principal; +import lombok.RequiredArgsConstructor; +import org.sopt.makers.crew.main.common.exception.UnAuthorizedException; + +@RequiredArgsConstructor +public class UserUtil { + + public static Integer getUserId(Principal principal) { + if (principal == null) { + throw new UnAuthorizedException(); + } + return Integer.valueOf(principal.getName()); + } +} diff --git a/main/src/main/java/org/sopt/makers/crew/main/user/v2/UserV2Controller.java b/main/src/main/java/org/sopt/makers/crew/main/user/v2/UserV2Controller.java index acc74e72..c8aa632a 100644 --- a/main/src/main/java/org/sopt/makers/crew/main/user/v2/UserV2Controller.java +++ b/main/src/main/java/org/sopt/makers/crew/main/user/v2/UserV2Controller.java @@ -1,8 +1,14 @@ package org.sopt.makers.crew.main.user.v2; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.media.Content; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.responses.ApiResponses; import io.swagger.v3.oas.annotations.tags.Tag; +import java.security.Principal; import java.util.List; import lombok.RequiredArgsConstructor; +import org.sopt.makers.crew.main.common.util.UserUtil; import org.sopt.makers.crew.main.user.v2.dto.response.UserV2GetAllMeetingByUserMeetingDto; import org.sopt.makers.crew.main.user.v2.service.UserV2Service; import org.springframework.http.HttpStatus; @@ -20,10 +26,16 @@ public class UserV2Controller { private final UserV2Service userV2Service; + @Operation(summary = "내가 속한 모임 조회") @GetMapping("/meeting/all") @ResponseStatus(HttpStatus.OK) - public ResponseEntity> getAllMeetingByUser() { - Integer userId = 267; //현재는 security 붙이기 전이라 추후 수정 + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "성공"), + @ApiResponse(responseCode = "204", description = "내가 속한 모임 리스트가 없는 경우", content = @Content), + }) + public ResponseEntity> getAllMeetingByUser( + Principal principal) { + Integer userId = UserUtil.getUserId(principal); return ResponseEntity.ok(userV2Service.getAllMeetingByUser(userId)); } } diff --git a/main/src/main/java/org/sopt/makers/crew/main/user/v2/service/UserV2ServiceImpl.java b/main/src/main/java/org/sopt/makers/crew/main/user/v2/service/UserV2ServiceImpl.java index e024e04a..804e5f5b 100644 --- a/main/src/main/java/org/sopt/makers/crew/main/user/v2/service/UserV2ServiceImpl.java +++ b/main/src/main/java/org/sopt/makers/crew/main/user/v2/service/UserV2ServiceImpl.java @@ -5,11 +5,13 @@ import java.util.stream.Collectors; import java.util.stream.Stream; import lombok.RequiredArgsConstructor; +import org.sopt.makers.crew.main.common.exception.BaseException; import org.sopt.makers.crew.main.entity.apply.ApplyRepository; import org.sopt.makers.crew.main.entity.apply.enums.EnApplyStatus; import org.sopt.makers.crew.main.entity.user.User; import org.sopt.makers.crew.main.entity.user.UserRepository; import org.sopt.makers.crew.main.user.v2.dto.response.UserV2GetAllMeetingByUserMeetingDto; +import org.springframework.http.HttpStatus; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -25,7 +27,7 @@ public class UserV2ServiceImpl implements UserV2Service { public List getAllMeetingByUser(Integer userId) { User user = userRepository.findByIdOrThrow(userId); - return Stream.concat( + List userJoinedList = Stream.concat( user.getMeetings().stream(), applyRepository.findAllByUserIdAndStatus(userId, EnApplyStatus.APPROVE) .stream() @@ -40,5 +42,10 @@ public List getAllMeetingByUser(Integer use )) .sorted(Comparator.comparing(UserV2GetAllMeetingByUserMeetingDto::getId).reversed()) .collect(Collectors.toList()); + + if (userJoinedList.isEmpty()) { + throw new BaseException(HttpStatus.NO_CONTENT); + } + return userJoinedList; } }