12th-OnGil-BE/src/main/java/com/ongil/backend/global/config/SecurityConfig.java at 58b98c1f98176f830b84fd26b07847a138005ecd · IT-Cotato/12th-OnGil-BE · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package com.ongil.backend.global.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfigurationSource;

import com.ongil.backend.global.security.jwt.JwtAuthenticationFilter;

import lombok.RequiredArgsConstructor;

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {

	private final JwtAuthenticationFilter jwtAuthenticationFilter;
	private final CorsConfigurationSource corsConfigurationSource;

	@Bean
	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
		http
			.cors(cors -> cors.configurationSource(corsConfigurationSource))
			.csrf(AbstractHttpConfigurer::disable)
			.sessionManagement(s -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
			.formLogin(AbstractHttpConfigurer::disable)
			.httpBasic(AbstractHttpConfigurer::disable)

			.authorizeHttpRequests(auth -> auth
				// [1] 시스템 및 문서화 관련 (Swagger)
				.requestMatchers("/ping", "/swagger-ui/**", "/v3/api-docs/**").permitAll()

				// [Admin] 관리자 API (Swagger 테스트용)
				.requestMatchers("/api/admin/**").permitAll()

				// WebSocket
				.requestMatchers("/ws/**").permitAll()

				// [2] 인증 관련 - 인증 필요
				.requestMatchers("/api/auth/logout", "/api/auth/withdraw").authenticated()

				// [3] 인증 관련 - 인증 불필요 (로그인, 소셜로그인, 토큰갱신)
				.requestMatchers("/api/auth/login").permitAll()
				.requestMatchers("/api/auth/oauth/**").permitAll()
				.requestMatchers("/api/auth/token/refresh").permitAll()

				// [4] 홈 & 광고
				.requestMatchers("/api/home").permitAll()
				.requestMatchers("/api/advertisements/**").permitAll()

				// [5] 상품 관련
				.requestMatchers("/api/products/*/size-guide").authenticated()  // 사이즈 가이드는 인증 필요
				.requestMatchers("/api/products/**").permitAll()  // 나머지는 인증 불필요

				// [6] 브랜드 & 카테고리
				.requestMatchers("/api/brands/**").permitAll()
				.requestMatchers("/api/categories/**").permitAll()

				// [7] 검색
				.requestMatchers("/api/search/**").permitAll()

				// [8] 리뷰 - 조회는 permitAll, 작성/수정/삭제는 authenticated
				.requestMatchers(HttpMethod.GET, "/api/products/*/reviews").permitAll()
				.requestMatchers(HttpMethod.GET, "/api/products/*/reviews/summary").permitAll()
				.requestMatchers(HttpMethod.GET, "/api/reviews/*/details").permitAll()
				.requestMatchers(HttpMethod.POST, "/api/reviews/*/helpful").authenticated()
				.requestMatchers("/api/users/me/reviews/**").authenticated()

				// [9] 장바구니 & 찜 - 전체 인증 필요
				.requestMatchers("/api/carts/**").authenticated()
				.requestMatchers("/api/wishlists/**").authenticated()

				// [10] 사용자 관련
				.requestMatchers(HttpMethod.GET, "/api/users/body-info/**").permitAll()  // 사이즈 옵션, 약관 조회는 인증 불필요
				.requestMatchers("/api/users/me/**").authenticated()
				.requestMatchers("/api/users/**").authenticated()

				//[11] 매거진
				.requestMatchers(HttpMethod.POST, "/api/magazines/*/bookmark").authenticated()
				.requestMatchers(HttpMethod.POST, "/api/magazines/comments/*").authenticated()
				.requestMatchers(HttpMethod.POST, "/api/magazines/*/like").authenticated()
				.requestMatchers(HttpMethod.GET, "/api/magazines/**").permitAll()
				.anyRequest().authenticated()
			)

			// JWT 필터 적용
			.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

		return http.build();
	}

	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
}