[Telos] week 2 과제 완료

build.gradle

@@ -20,11 +20,11 @@ repositories {
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter:3.4.4'
     implementation 'org.springframework.boot:spring-boot-starter-web:3.4.4'
-    implementation 'org.springframework.boot:spring-boot-starter-jdbc:3.4.4'
+    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf:3.4.4'
-
-    implementation 'dev.akkinoc.spring.boot:logback-access-spring-boot-starter:4.5.1'
-
+    implementation 'org.springframework.boot:spring-boot-starter-validation'
+    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0'
+    implementation 'ch.qos.logback:logback-access:1.4.14'
     implementation 'io.jsonwebtoken:jjwt-api:0.12.6'
     implementation 'io.jsonwebtoken:jjwt-impl:0.12.6'
     implementation 'io.jsonwebtoken:jjwt-gson:0.12.6'
@@ -33,7 +33,6 @@ dependencies {
 
     testImplementation 'org.springframework.boot:spring-boot-starter-test:3.4.4'
     testImplementation 'io.rest-assured:rest-assured:5.5.1'
-    testRuntimeOnly 'org.junit.platform:junit-platform-launcher:1.12.1'
 }
 
 tasks.named('test') {

src/main/java/com/yourssu/roomescape/auth/AdminAuthInterceptor.java

@@ -0,0 +1,68 @@
+package com.yourssu.roomescape.auth;
+
+import com.yourssu.roomescape.common.AppConstants;
+import com.yourssu.roomescape.common.security.JwtTokenProvider;
+import com.yourssu.roomescape.member.Member;
+import com.yourssu.roomescape.member.MemberService;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+@Component
+public class AdminAuthInterceptor implements HandlerInterceptor {
+
+    private final JwtTokenProvider jwtTokenProvider;
+    private final MemberService memberService;
+
+    public AdminAuthInterceptor(JwtTokenProvider jwtTokenProvider, MemberService memberService) {
+        this.jwtTokenProvider = jwtTokenProvider;
+        this.memberService = memberService;
+    }
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        Cookie[] cookies = request.getCookies();
+        if (cookies == null) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.getWriter().write("Authentication required");
+            return false;
+        }
+
+        String token = "";
+        for (Cookie cookie : cookies) {
+            if (cookie.getName() != null && AppConstants.TOKEN_COOKIE_NAME.equals(cookie.getName())) {
+                token = cookie.getValue();
+                break;
+            }
+        }
+
+        if (token.isEmpty()) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.getWriter().write("Token is missing");
+            return false;
+        }
+
+        try {
+            String email = jwtTokenProvider.getPayload(token);
+            Member member = memberService.findByEmail(email);
+
+            if (member == null) {
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                response.getWriter().write("User not found");
+                return false;
+            }
+
+            if (member.getRole() == null || !AppConstants.ROLE_ADMIN.equals(member.getRole())) {
+                response.setStatus(HttpServletResponse.SC_FORBIDDEN); // 403 상태 코드 사용
+                response.getWriter().write("Admin privileges required");
+                return false;
+            }
+            return true;
+        } catch (Exception e) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.getWriter().write("Invalid token: " + e.getMessage());
+            return false;
+        }
+    }}

src/main/java/com/yourssu/roomescape/auth/LoginCheckResponse.java

@@ -0,0 +1,3 @@
+package com.yourssu.roomescape.auth;
+
+public record LoginCheckResponse(String name) {}

src/main/java/com/yourssu/roomescape/auth/LoginMember.java

@@ -0,0 +1,10 @@
+package com.yourssu.roomescape.auth;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.PARAMETER)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface LoginMember {
+}

src/main/java/com/yourssu/roomescape/auth/LoginMemberArgumentResolver.java

@@ -0,0 +1,62 @@
+package com.yourssu.roomescape.auth;
+
+import com.yourssu.roomescape.common.AppConstants;
+import com.yourssu.roomescape.common.exception.UnauthorizedException;
+import com.yourssu.roomescape.common.security.JwtTokenProvider;
+import com.yourssu.roomescape.member.Member;
+import com.yourssu.roomescape.member.MemberService;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.core.MethodParameter;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+@Component
+public class LoginMemberArgumentResolver implements HandlerMethodArgumentResolver {
+    private final MemberService memberService;
+    private final JwtTokenProvider jwtTokenProvider;
+
+    public LoginMemberArgumentResolver(MemberService memberService, JwtTokenProvider jwtTokenProvider) {
+        this.memberService = memberService;
+        this.jwtTokenProvider = jwtTokenProvider;
+    }
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.hasParameterAnnotation(LoginMember.class) && UserInfo.class.isAssignableFrom(parameter.getParameterType());
+    }
+
+    @Override
+    public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
+                                  NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
+        HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest();
+        Cookie[] cookies = request.getCookies();
+
+        if (cookies == null) {
+            return null;
+        }
+
+        String token = "";
+
+        for (Cookie cookie : cookies) {
+            if (cookie.getName() != null && AppConstants.TOKEN_COOKIE_NAME.equals(cookie.getName())) {
+                token = cookie.getValue();
+                break;
+            }
+        }
+
+        if (token.isEmpty()) {
+            return null;
+        }
+
+        try {
+            String email = jwtTokenProvider.getPayload(token);
+            return memberService.findByEmail(email);
+        } catch (Exception e) {
+            throw new UnauthorizedException("Invalid credentials");
+        }
+    }
+}

src/main/java/com/yourssu/roomescape/auth/LoginRequest.java

@@ -0,0 +1,16 @@
+package com.yourssu.roomescape.auth;
+
+public class LoginRequest {
+
+    private String email;
+    private String password;
+
+    public String getEmail() {
+        return email;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+}

src/main/java/com/yourssu/roomescape/auth/TokenDto.java

@@ -0,0 +1,14 @@
+package com.yourssu.roomescape.auth;
+
+public class TokenDto {
+
+    private String token;
+
+    public TokenDto(final String token) {
+        this.token = token;
+    }
+
+    public String getToken() {
+        return token;
+    }
+}

src/main/java/com/yourssu/roomescape/auth/UserInfo.java

@@ -0,0 +1,8 @@
+package com.yourssu.roomescape.auth;
+
+public interface UserInfo {
+    Long getId();
+    String getName();
+    String getEmail();
+    String getRole();
+}

src/main/java/com/yourssu/roomescape/common/AppConstants.java

@@ -0,0 +1,11 @@
+package com.yourssu.roomescape.common;
+
+public class AppConstants {
+    public static final String TOKEN_COOKIE_NAME = "token";
+
+    public static final String ROLE_ADMIN = "ADMIN";
+
+    private AppConstants() {
+        throw new AssertionError("Constants class should not be instantiated");
+    }
+}

src/main/java/com/yourssu/roomescape/common/config/SwaggerConfig.java

@@ -0,0 +1,19 @@
+package com.yourssu.roomescape.common.config;
+
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class SwaggerConfig {
+
+    @Bean
+    public OpenAPI openAPI() {
+        return new OpenAPI()
+                .info(new Info()
+                        .title("API 문서")
+                        .description("API 명세서입니다.")
+                        .version("v1.0.0"));
+    }
+}

src/main/java/com/yourssu/roomescape/common/config/WebConfig.java

@@ -0,0 +1,32 @@
+package com.yourssu.roomescape.common.config;
+
+import com.yourssu.roomescape.auth.AdminAuthInterceptor;
+import com.yourssu.roomescape.auth.LoginMemberArgumentResolver;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.List;
+
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+
+    private final LoginMemberArgumentResolver loginMemberArgumentResolver;
+    private final AdminAuthInterceptor adminAuthInterceptor;
+
+    public WebConfig(LoginMemberArgumentResolver loginMemberArgumentResolver, AdminAuthInterceptor adminAuthInterceptor) {
+        this.loginMemberArgumentResolver = loginMemberArgumentResolver;
+        this.adminAuthInterceptor = adminAuthInterceptor;
+    }
+
+    @Override
+    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
+        resolvers.add(loginMemberArgumentResolver);
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(adminAuthInterceptor).addPathPatterns("/admin/**");
+    }
+}

src/main/java/com/yourssu/roomescape/PageController.java → src/main/java/com/yourssu/roomescape/common/controller/PageController.java

@@ -1,4 +1,4 @@
-package com.yourssu.roomescape;
+package com.yourssu.roomescape.common.controller;
 
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;

src/main/java/com/yourssu/roomescape/common/exception/BadRequestException.java

@@ -0,0 +1,7 @@
+package com.yourssu.roomescape.common.exception;
+
+public class BadRequestException extends RuntimeException {
+    public BadRequestException(String message) {
+        super(message);
+    }
+}

src/main/java/com/yourssu/roomescape/common/exception/ErrorResponse.java

@@ -0,0 +1,20 @@
+package com.yourssu.roomescape.common.exception;
+
+public class ErrorResponse {
+    private String message;
+    private String details;
+
+    public ErrorResponse(String message, String details) {
+        this.message = message;
+        this.details = details;
+    }
+
+    public String getDetails() {
+        return details;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+}
+

src/main/java/com/yourssu/roomescape/common/exception/ExceptionController.java

@@ -0,0 +1,55 @@
+package com.yourssu.roomescape.common.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+
+@ControllerAdvice
+public class ExceptionController {
+
+    @ExceptionHandler(BadRequestException.class)
+    public ResponseEntity<ErrorResponse> handleBadRequest(BadRequestException e) {
+        return ResponseEntity
+                .status(HttpStatus.BAD_REQUEST)
+                .body(new ErrorResponse("잘못된 요청입니다", e.getMessage()));
+    }
+
+    @ExceptionHandler(ResourceNotFoundException.class)
+    public ResponseEntity<ErrorResponse> handleNotFound(ResourceNotFoundException e) {
+        return ResponseEntity
+                .status(HttpStatus.NOT_FOUND)
+                .body(new ErrorResponse("리소스를 찾을 수 없습니다", e.getMessage()));
+    }
+
+    @ExceptionHandler(UnauthorizedException.class)
+    public ResponseEntity<ErrorResponse> handleUnauthorized(UnauthorizedException e) {
+        return ResponseEntity
+                .status(HttpStatus.UNAUTHORIZED)
+                .body(new ErrorResponse("인증이 필요합니다", e.getMessage()));
+    }
+
+    @ExceptionHandler(ForbiddenException.class)
+    public ResponseEntity<ErrorResponse> handleForbidden(ForbiddenException e) {
+        return ResponseEntity
+                .status(HttpStatus.FORBIDDEN)
+                .body(new ErrorResponse("접근 권한이 없습니다", e.getMessage()));
+    }
+
+    @ExceptionHandler(IllegalStateException.class)
+    public ResponseEntity<ErrorResponse> handleIllegalState(IllegalStateException e) {
+        return ResponseEntity
+                .status(HttpStatus.CONFLICT)
+                .body(new ErrorResponse("요청 처리 불가", e.getMessage()));
+    }
+
+    // 기타 예외에 대한 폴백 핸들러
+    @ExceptionHandler(Exception.class)
+    public ResponseEntity<ErrorResponse> handleServerError(Exception e) {
+        // 예기치 않은 서버 오류는 로깅 필요
+        e.printStackTrace();
+        return ResponseEntity
+                .status(HttpStatus.INTERNAL_SERVER_ERROR)
+                .body(new ErrorResponse("서버 오류가 발생했습니다", "시스템 관리자에게 문의하세요"));
+    }
+}

src/main/java/com/yourssu/roomescape/common/exception/ForbiddenException.java

@@ -0,0 +1,7 @@
+package com.yourssu.roomescape.common.exception;
+
+public class ForbiddenException extends RuntimeException {
+    public ForbiddenException(String message) {
+        super(message);
+    }
+}

src/main/java/com/yourssu/roomescape/common/exception/ResourceNotFoundException.java

@@ -0,0 +1,7 @@
+package com.yourssu.roomescape.common.exception;
+
+public class ResourceNotFoundException extends RuntimeException {
+    public ResourceNotFoundException(String message) {
+        super(message);
+    }
+}