From f4f826e050f26dedc1da6328277e86c968830c01 Mon Sep 17 00:00:00 2001 From: leejongwook2 <34103253+leejongwook2@users.noreply.github.com> Date: Fri, 3 Jan 2025 18:58:32 +0900 Subject: [PATCH] =?UTF-8?q?[error]=20=ED=9A=8C=EC=9B=90=EA=B0=80=EC=9E=85?= =?UTF-8?q?=20=EC=8B=9C=EC=97=90=EB=8F=84=20=EB=B0=9C=EA=B8=89=EB=90=98?= =?UTF-8?q?=EB=8A=94=20=EB=A6=AC=ED=94=84=EB=A0=88=EC=8B=9C=20=EC=BF=A0?= =?UTF-8?q?=ED=82=A4=EB=A5=BC=20=EC=82=AC=EC=9A=A9=ED=95=A0=EC=88=98=20?= =?UTF-8?q?=EC=9E=88=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- build.gradle | 5 +++++ .../server/auth/controller/ReIssueController.java | 2 +- .../org/myteam/server/board/entity/Category.java | 3 ++- .../server/board/service/CategoryService.java | 1 - .../java/org/myteam/server/global/domain/Base.java | 3 ++- .../org/myteam/server/global/domain/BaseTime.java | 6 +++--- .../org/myteam/server/global/domain/PlayHive.java | 1 + .../myteam/server/global/exception/ErrorCode.java | 2 ++ .../global/security/config/SecurityConfig.java | 2 ++ .../security/filter/JwtAuthenticationFilter.java | 6 +++--- .../myteam/server/member/service/MemberService.java | 13 +++++++------ .../oauth2/handler/CustomOauth2SuccessHandler.java | 6 +++--- 12 files changed, 31 insertions(+), 19 deletions(-) diff --git a/build.gradle b/build.gradle index f182efc9..9d2e75cf 100644 --- a/build.gradle +++ b/build.gradle @@ -64,6 +64,11 @@ dependencies { // mysql-connector 추가 implementation group: 'com.mysql', name: 'mysql-connector-j', version: '8.3.0' + // imgscalr-lib + implementation group: 'org.imgscalr', name: 'imgscalr-lib', version: '4.2' + + // commons-io + implementation 'commons-io:commons-io:2.14.0' // Swagger implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.6.0' diff --git a/src/main/java/org/myteam/server/auth/controller/ReIssueController.java b/src/main/java/org/myteam/server/auth/controller/ReIssueController.java index e01fa6cc..641f15d6 100644 --- a/src/main/java/org/myteam/server/auth/controller/ReIssueController.java +++ b/src/main/java/org/myteam/server/auth/controller/ReIssueController.java @@ -16,7 +16,7 @@ import static org.myteam.server.global.exception.ErrorCode.INTERNAL_SERVER_ERROR; import static org.myteam.server.global.security.jwt.JwtProvider.*; -import static org.myteam.server.util.cookie.CookieUtil.createCookie; +import static org.myteam.server.global.util.cookie.CookieUtil.createCookie; /** * TODO_ : 리프레시 토큰에 대한 블랙 리스트 작성 diff --git a/src/main/java/org/myteam/server/board/entity/Category.java b/src/main/java/org/myteam/server/board/entity/Category.java index 6c835d2d..efb1d20c 100644 --- a/src/main/java/org/myteam/server/board/entity/Category.java +++ b/src/main/java/org/myteam/server/board/entity/Category.java @@ -6,6 +6,7 @@ import lombok.Getter; import lombok.NoArgsConstructor; import org.myteam.server.board.dto.CategorySaveRequest; +import org.myteam.server.global.domain.Base; import java.util.ArrayList; import java.util.List; @@ -14,7 +15,7 @@ @Entity @NoArgsConstructor(access = AccessLevel.PROTECTED) @Table(name = "p_categories") -public class Category { +public class Category extends Base { @Id @GeneratedValue(strategy = GenerationType.IDENTITY) private Long id; diff --git a/src/main/java/org/myteam/server/board/service/CategoryService.java b/src/main/java/org/myteam/server/board/service/CategoryService.java index a445ef28..b4cae9db 100644 --- a/src/main/java/org/myteam/server/board/service/CategoryService.java +++ b/src/main/java/org/myteam/server/board/service/CategoryService.java @@ -57,7 +57,6 @@ public CategoryResponse create(CategorySaveRequest categorySaveRequest) { } categoryEntity.updateOrderIndex(calculateOrderIndex(categoryJpaRepository.findByParentIsNull())); - // categoryEntity.updateOrderIndex(); } Category savedEntity = categoryJpaRepository.save(categoryEntity); diff --git a/src/main/java/org/myteam/server/global/domain/Base.java b/src/main/java/org/myteam/server/global/domain/Base.java index deb96d5f..48d6f479 100644 --- a/src/main/java/org/myteam/server/global/domain/Base.java +++ b/src/main/java/org/myteam/server/global/domain/Base.java @@ -13,9 +13,10 @@ @Getter public class Base extends BaseTime { @CreatedBy - @Column(updatable = false) + @Column(name = "created_by", updatable = false) private String createdBy; @LastModifiedBy + @Column(name = "last_modified_by") private String lastModifiedBy; } \ No newline at end of file diff --git a/src/main/java/org/myteam/server/global/domain/BaseTime.java b/src/main/java/org/myteam/server/global/domain/BaseTime.java index 4f1ccdb7..6d038298 100644 --- a/src/main/java/org/myteam/server/global/domain/BaseTime.java +++ b/src/main/java/org/myteam/server/global/domain/BaseTime.java @@ -14,11 +14,11 @@ @MappedSuperclass @Getter public class BaseTime { - @CreatedDate - @Column(updatable = false) + @Column(name = "create_date", updatable = false) private LocalDateTime createDate; + @LastModifiedDate + @Column(name = "last_modified_date") private LocalDateTime lastModifiedDate; - } \ No newline at end of file diff --git a/src/main/java/org/myteam/server/global/domain/PlayHive.java b/src/main/java/org/myteam/server/global/domain/PlayHive.java index d13478b6..36bf27eb 100644 --- a/src/main/java/org/myteam/server/global/domain/PlayHive.java +++ b/src/main/java/org/myteam/server/global/domain/PlayHive.java @@ -1,6 +1,7 @@ package org.myteam.server.global.domain; public class PlayHive { + public static final String PLAYHIVE_HOME = "playhive.home"; public static final String CLIENT_ID_KEY = "PLAYHIVE_CLIENT_ID"; public static final String CLIENT_SECRET_KEY = "PLAYHIVE_CLIENT_SECRET"; diff --git a/src/main/java/org/myteam/server/global/exception/ErrorCode.java b/src/main/java/org/myteam/server/global/exception/ErrorCode.java index 949b71c3..7a9546bd 100644 --- a/src/main/java/org/myteam/server/global/exception/ErrorCode.java +++ b/src/main/java/org/myteam/server/global/exception/ErrorCode.java @@ -9,12 +9,14 @@ public enum ErrorCode { // 500 Server Error INTERNAL_SERVER_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "PlayHive Server Error"), API_SERVER_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "API Server Error"), + IO_EXCEPTION(HttpStatus.INTERNAL_SERVER_ERROR, "File I/O operation failed"), // 400 Bad Request INVALID_CREDENTIALS(HttpStatus.BAD_REQUEST, "Invalid password"), UNSUPPORTED_OAUTH_PROVIDER(HttpStatus.BAD_REQUEST, "Not Supported OAuth2 provider"), INVALID_PARAMETER(HttpStatus.BAD_REQUEST, "Invalid parameter value"), EMPTY_COOKIE(HttpStatus.BAD_REQUEST, "Cookie value is empty"), + INVALID_TYPE(HttpStatus.BAD_REQUEST, "Invalid type provided"), // 401 Unauthorized, UNAUTHORIZED(HttpStatus.UNAUTHORIZED, "Unauthorized"), diff --git a/src/main/java/org/myteam/server/global/security/config/SecurityConfig.java b/src/main/java/org/myteam/server/global/security/config/SecurityConfig.java index cbc569f2..deb986fc 100644 --- a/src/main/java/org/myteam/server/global/security/config/SecurityConfig.java +++ b/src/main/java/org/myteam/server/global/security/config/SecurityConfig.java @@ -122,6 +122,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .requestMatchers("/h2-console").permitAll() // H2 콘솔 접근 허용 .requestMatchers("/api/members/get-token/**").permitAll() // 테스트용 토큰 발급용 + .requestMatchers("/api/attachments/**").permitAll() // 테스트용 + .requestMatchers("/api/posts/**").permitAll() // 테스트용 .requestMatchers("/api/admin/**").hasAnyAuthority(MemberRole.ADMIN.name()) .requestMatchers(HttpMethod.POST, "/api/me/create").permitAll() diff --git a/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java b/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java index 666a3dd5..e808a861 100644 --- a/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java +++ b/src/main/java/org/myteam/server/global/security/filter/JwtAuthenticationFilter.java @@ -29,7 +29,7 @@ import static org.myteam.server.auth.controller.ReIssueController.TOKEN_REISSUE_PATH; import static org.myteam.server.global.security.jwt.JwtProvider.*; import static org.myteam.server.member.domain.MemberStatus.*; -import static org.myteam.server.util.cookie.CookieUtil.createCookie; +import static org.myteam.server.global.util.cookie.CookieUtil.createCookie; @Slf4j public class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilter { @@ -87,7 +87,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR if (status.equals(PENDING.name())) { log.warn("PENDING 상태인 경우 로그인이 불가능합니다"); // X-Refresh-Token - String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), publicId, auth.getAuthority(), status); + String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofMinutes(5), publicId, auth.getAuthority(), status); String cookieValue = URLEncoder.encode(TOKEN_PREFIX + refreshToken, StandardCharsets.UTF_8); response.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, TOKEN_REISSUE_PATH, 5 * 60, true)); @@ -109,7 +109,7 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR // Authorization String accessToken = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofMinutes(10), publicId, role, status); // X-Refresh-Token - String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofHours(24), publicId, role, status); + String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofDays(1), publicId, role, status); // URLEncoder.encode: 공백을 %2B 로 처리 String cookieValue = URLEncoder.encode(TOKEN_PREFIX + refreshToken, StandardCharsets.UTF_8); diff --git a/src/main/java/org/myteam/server/member/service/MemberService.java b/src/main/java/org/myteam/server/member/service/MemberService.java index b703fbaa..1b475092 100644 --- a/src/main/java/org/myteam/server/member/service/MemberService.java +++ b/src/main/java/org/myteam/server/member/service/MemberService.java @@ -56,9 +56,9 @@ public MemberResponse create(MemberSaveRequest memberSaveRequest) throws PlayHiv } @Transactional - public MemberResponse update(String email, MemberUpdateRequest memberUpdateRequest) { + public MemberResponse update(String loginUserEmail, MemberUpdateRequest memberUpdateRequest) { // 1. 동일한 유저 이름 존재 검사 - Optional memberOP = memberRepository.findByEmail(email); + Optional memberOP = memberRepository.findByEmail(loginUserEmail); // 2. 아이디 미존재 체크 if (memberOP.isEmpty()) { @@ -66,7 +66,7 @@ public MemberResponse update(String email, MemberUpdateRequest memberUpdateReque } // 3. 자신의 계정이 아닌 다른 계정을 수정하려고 함 - if (!memberOP.get().verifyOwnEmail(email)) { + if (!memberOP.get().verifyOwnEmail(memberUpdateRequest.getEmail())) { throw new PlayHiveException(NO_PERMISSION); } @@ -107,11 +107,11 @@ public MemberResponse getByNickname(String nickname) { } @Transactional - public void delete(String email, String password) { - Member findMember = memberRepository.getByEmail(email); + public void delete(String requestEmail, String loginUserEmail, String password) { + Member findMember = memberRepository.getByEmail(loginUserEmail); // 자신의 계정인지 체크 - boolean isOwnValid = findMember.verifyOwnEmail(email); + boolean isOwnValid = findMember.verifyOwnEmail(requestEmail); if (!isOwnValid) throw new PlayHiveException(NO_PERMISSION); // 비밀번호 일치 여부 확인 @@ -179,6 +179,7 @@ public void updateStatus(String targetEmail, MemberStatusUpdateRequest memberSta // 1. 요청자가 본인의 상태를 변경하려는 경우 if (requester.verifyOwnEmail(memberStatusUpdateRequest.getEmail())) { log.info("사용자가 자신의 상태를 변경 중: {}", targetEmail); + if (!requester.getStatus().equals(MemberStatus.PENDING)) throw new PlayHiveException(NO_PERMISSION); // PENDING 인 경우에만 본인의 상태 변경 가능하도록 처리 requester.updateStatus(memberStatusUpdateRequest.getStatus()); return; } diff --git a/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java b/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java index a465cc47..e902e810 100644 --- a/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java +++ b/src/main/java/org/myteam/server/oauth2/handler/CustomOauth2SuccessHandler.java @@ -25,7 +25,7 @@ import static org.myteam.server.auth.controller.ReIssueController.TOKEN_REISSUE_PATH; import static org.myteam.server.global.security.jwt.JwtProvider.*; import static org.myteam.server.member.domain.MemberStatus.*; -import static org.myteam.server.util.cookie.CookieUtil.createCookie; +import static org.myteam.server.global.util.cookie.CookieUtil.createCookie; @Slf4j @Component @@ -65,7 +65,7 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo log.warn("PENDING 상태인 경우 로그인이 불가능합니다"); // sendErrorResponse(response, HttpStatus.FORBIDDEN, "PENDING 상태인 경우 로그인이 불가능합니다"); // X-Refresh-Token - String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofDays(7), member.getPublicId(), member.getRole().name(), member.getStatus().name()); + String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofMinutes(5), member.getPublicId(), member.getRole().name(), member.getStatus().name()); String cookieValue = URLEncoder.encode(TOKEN_PREFIX + refreshToken, StandardCharsets.UTF_8); response.addCookie(createCookie(REFRESH_TOKEN_KEY, cookieValue, TOKEN_REISSUE_PATH, 5 * 60, true)); @@ -86,7 +86,7 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo // Authorization String accessToken = jwtProvider.generateToken(TOKEN_CATEGORY_ACCESS, Duration.ofHours(1), member.getPublicId(), member.getRole().name(), member.getStatus().name()); // X-Refresh-Token - String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofDays(7), member.getPublicId(), member.getRole().name(), member.getStatus().name()); + String refreshToken = jwtProvider.generateToken(TOKEN_CATEGORY_REFRESH, Duration.ofDays(1), member.getPublicId(), member.getRole().name(), member.getStatus().name()); String cookieValue = URLEncoder.encode(TOKEN_PREFIX + refreshToken, StandardCharsets.UTF_8); // redirect 순간 Header 값 날아감