Merge pull request #311 from boostcampwm-2024/feature-be-#279

권한 관련 api 구현

Author: github-actions[bot]

apps/backend/src/auth/auth.controller.spec.ts

@@ -3,10 +3,10 @@ import { AuthController } from './auth.controller';
 import { AuthService } from './auth.service';
 import { JwtAuthGuard } from './guards/jwt-auth.guard';
 import { TokenService } from './token/token.service';
-import { LoginRequiredException } from '../exception/login.exception';
+import { User } from '../user/user.entity';
 
 describe('AuthController', () => {
-  let authController: AuthController;
+  let controller: AuthController;
   let authService: AuthService;
 
   beforeEach(async () => {
@@ -37,33 +37,27 @@ describe('AuthController', () => {
       })
       .compile();
 
-    authController = module.get<AuthController>(AuthController);
+    controller = module.get<AuthController>(AuthController);
     authService = module.get<AuthService>(AuthService);
   });
 
   it('컨트롤러 클래스가 정상적으로 인스턴스화된다.', () => {
-    expect(authController).toBeDefined();
+    expect(controller).toBeDefined();
   });
 
   describe('getProfile', () => {
     it('JWT 토큰이 유효한 경우 profile을 return한다.', async () => {
       const req = {
-        user: { sub: 1, email: '[email protected]', provider: 'naver' },
+        user: { sub: 1 },
       } as any;
-      const result = await authController.getProfile(req);
+      const returnedUser = { id: 1, snowflakeId: 'snowflake-id-1' } as User;
+      jest.spyOn(authService, 'findUserById').mockResolvedValue(returnedUser);
+
+      const result = await controller.getProfile(req);
       expect(result).toEqual({
         message: '인증된 사용자 정보',
-        user: req.user,
+        snowflakeId: returnedUser.snowflakeId,
       });
     });
-
-    it('JWT 토큰이 없는 경우 예외를 던진다.', async () => {
-      const req = {} as any;
-      try {
-        authController.getProfile(req);
-      } catch (error) {
-        expect(error).toBeInstanceOf(LoginRequiredException);
-      }
-    });
   });
 });

apps/backend/src/auth/auth.controller.ts

@@ -82,15 +82,17 @@ export class AuthController {
     });
   }
 
-  // Example: 로그인한 사용자만 접근할 수 있는 엔드포인트
+  // 클라이언트가 사용자의 외부 id(snowflakeId) + 이름을 알 수 있는 엔드포인트
   // auth/profile
+  // TODO: 사용자 지정 닉네임 + 프로필 이미지도 return하게 확장
   @Get('profile')
   @UseGuards(JwtAuthGuard) // JWT 인증 검사
   async getProfile(@Req() req) {
+    const user = await this.authService.findUserById(req.user.sub);
     // JWT 토큰을 검증하고 사용자 정보 반환
     return {
       message: '인증된 사용자 정보',
-      user: req.user,
+      snowflakeId: user.snowflakeId,
     };
   }
 }

apps/backend/src/auth/auth.service.ts

@@ -22,7 +22,7 @@ export class AuthService {
     return this.userRepository.save(user);
   }
 
-  async findUserBySnowflakeId(snowflakeId: string): Promise<User | null> {
-    return await this.userRepository.findOneBy({ snowflakeId });
+  async findUserById(id: number): Promise<User | null> {
+    return await this.userRepository.findOneBy({ id });
   }
 }

apps/backend/src/auth/token/token.service.ts

@@ -1,8 +1,10 @@
 import { Injectable } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import { Response } from 'express';
+import { InvalidTokenException } from '../../exception/invalid.exception';
 
 const HOUR = 60 * 60;
+const DAY = 24 * 60 * 60;
 const FIVE_MONTHS = 5 * 30 * 24 * 60 * 60;
 const MS_HALF_YEAR = 6 * 30 * 24 * 60 * 60 * 1000;
 
@@ -22,6 +24,25 @@ export class TokenService {
     });
   }
 
+  generateInviteToken(workspaceId: number, role: string): string {
+    // 초대용 JWT 토큰 생성
+    const payload = { workspaceId, role };
+    return this.jwtService.sign(payload, {
+      expiresIn: DAY, // 초대 유효 기간: 1일
+      secret: process.env.JWT_SECRET,
+    });
+  }
+
+  verifyInviteToken(token: string): { workspaceId: string; role: string } {
+    try {
+      return this.jwtService.verify(token, {
+        secret: process.env.JWT_SECRET,
+      });
+    } catch (error) {
+      throw new InvalidTokenException();
+    }
+  }
+
   // 후에 DB 로직 (지금은 refreshToken이 DB로 관리 X)
   // 추가될 때를 위해 일단 비동기 선언
   async refreshAccessToken(refreshToken: string): Promise<string> {

apps/backend/src/exception/access.exception.ts

@@ -0,0 +1,7 @@
+import { HttpException, HttpStatus } from '@nestjs/common';
+
+export class ForbiddenAccessException extends HttpException {
+  constructor() {
+    super('워크스페이스에 접근할 권한이 없습니다.', HttpStatus.FORBIDDEN);
+  }
+}

apps/backend/src/exception/role-duplicate.exception.ts

@@ -0,0 +1,7 @@
+import { BadRequestException } from '@nestjs/common';
+
+export class UserAlreadyInWorkspaceException extends BadRequestException {
+  constructor() {
+    super('사용자가 이미 워크스페이스에 등록되어 있습니다.');
+  }
+}

apps/backend/src/exception/workspace-auth.exception.ts

@@ -2,6 +2,6 @@ import { HttpException, HttpStatus } from '@nestjs/common';
 
 export class NotWorkspaceOwnerException extends HttpException {
   constructor() {
-    super('You are not the owner of this workspace.', HttpStatus.FORBIDDEN);
+    super('해당 워크스페이스의 소유자가 아닙니다.', HttpStatus.FORBIDDEN);
   }
 }

apps/backend/src/workspace/dtos/createWorkspaceInviteUrl.dto.ts

@@ -0,0 +1,18 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsString } from 'class-validator';
+
+export class CreateWorkspaceInviteUrlDto {
+  @ApiProperty({
+    example: 'OO 생성에 성공했습니다.',
+    description: 'api 요청 결과 메시지',
+  })
+  @IsString()
+  message: string;
+
+  @ApiProperty({
+    example: 'https://octodocs.local/api/workspace/join?token=12345',
+    description: '워크스페이스 초대용 링크입니다.',
+  })
+  @IsString()
+  inviteUrl: string;
+}

apps/backend/src/workspace/dtos/getUserWorkspacesResponse.dto.ts

@@ -2,7 +2,7 @@ import { ApiProperty } from '@nestjs/swagger';
 import { IsString, IsArray } from 'class-validator';
 import { UserWorkspaceDto } from './userWorkspace.dto';
 
-export class getUserWorkspacesResponseDto {
+export class GetUserWorkspacesResponseDto {
   @ApiProperty({
     example: 'OO 생성에 성공했습니다.',
     description: 'api 요청 결과 메시지',

apps/backend/src/workspace/workspace.controller.spec.ts

@@ -6,6 +6,9 @@ import { CreateWorkspaceDto } from './dtos/createWorkspace.dto';
 import { WorkspaceResponseMessage } from './workspace.controller';
 import { NotWorkspaceOwnerException } from '../exception/workspace-auth.exception';
 import { UserWorkspaceDto } from './dtos/userWorkspace.dto';
+import { TokenService } from '../auth/token/token.service';
+import { WorkspaceNotFoundException } from '../exception/workspace.exception';
+import { ForbiddenAccessException } from '../exception/access.exception';
 
 describe('WorkspaceController', () => {
   let controller: WorkspaceController;
@@ -21,8 +24,15 @@ describe('WorkspaceController', () => {
             createWorkspace: jest.fn(),
             deleteWorkspace: jest.fn(),
             getUserWorkspaces: jest.fn(),
+            generateInviteUrl: jest.fn(),
+            processInviteUrl: jest.fn(),
+            checkAccess: jest.fn(),
           },
         },
+        {
+          provide: TokenService,
+          useValue: {},
+        },
       ],
     })
       .overrideGuard(JwtAuthGuard)
@@ -116,14 +126,126 @@ describe('WorkspaceController', () => {
         },
       ] as UserWorkspaceDto[];
 
+      const expectedResult = {
+        message: WorkspaceResponseMessage.WORKSPACES_RETURNED,
+        workspaces: mockWorkspaces,
+      };
+
       jest
         .spyOn(service, 'getUserWorkspaces')
         .mockResolvedValue(mockWorkspaces);
 
       const result = await controller.getUserWorkspaces(req);
 
       expect(service.getUserWorkspaces).toHaveBeenCalledWith(req.user.sub);
-      expect(result).toEqual(mockWorkspaces);
+      expect(result).toEqual(expectedResult);
+    });
+  });
+
+  it('컨트롤러가 정상적으로 인스턴스화된다.', () => {
+    expect(controller).toBeDefined();
+  });
+
+  describe('generateInviteLink', () => {
+    it('초대 링크를 생성하고 반환한다.', async () => {
+      const req = { user: { sub: 1 } };
+      const workspaceId = 'workspace-snowflake-id';
+      const mockInviteUrl =
+        'https://example.com/api/workspace/join?token=abc123';
+
+      jest.spyOn(service, 'generateInviteUrl').mockResolvedValue(mockInviteUrl);
+
+      const result = await controller.generateInviteLink(req, workspaceId);
+
+      expect(service.generateInviteUrl).toHaveBeenCalledWith(
+        req.user.sub,
+        workspaceId,
+      );
+      expect(result).toEqual({
+        message: WorkspaceResponseMessage.WORKSPACE_INVITED,
+        inviteUrl: mockInviteUrl,
+      });
+    });
+  });
+
+  describe('joinWorkspace', () => {
+    it('초대 토큰을 처리하고 성공 메시지를 반환한다.', async () => {
+      const req = { user: { sub: 1 } };
+      const token = 'valid-token';
+
+      jest.spyOn(service, 'processInviteUrl').mockResolvedValue();
+
+      const result = await controller.joinWorkspace(req, token);
+
+      expect(service.processInviteUrl).toHaveBeenCalledWith(
+        req.user.sub,
+        token,
+      );
+      expect(result).toEqual({
+        message: WorkspaceResponseMessage.WORKSPACE_INVITED,
+      });
+    });
+  });
+
+  describe('checkWorkspaceAccess', () => {
+    it('워크스페이스에 접근 가능한 경우 메시지를 반환한다.', async () => {
+      const workspaceId = 'workspace-snowflake-id';
+      const userId = 'user-snowflake-id';
+
+      jest.spyOn(service, 'checkAccess').mockResolvedValue(undefined);
+
+      const result = await controller.checkWorkspaceAccess(workspaceId, userId);
+
+      expect(service.checkAccess).toHaveBeenCalledWith(userId, workspaceId);
+      expect(result).toEqual({
+        message: WorkspaceResponseMessage.WORKSPACE_ACCESS_CHECKED,
+      });
+    });
+
+    it('로그인하지 않은 사용자의 경우 null로 처리하고 접근 가능한 경우 메시지를 반환한다.', async () => {
+      const workspaceId = 'workspace-snowflake-id';
+      const userId = 'null'; // 로그인되지 않은 상태를 나타냄
+
+      jest.spyOn(service, 'checkAccess').mockResolvedValue(undefined);
+
+      const result = await controller.checkWorkspaceAccess(workspaceId, userId);
+
+      expect(service.checkAccess).toHaveBeenCalledWith(null, workspaceId);
+      expect(result).toEqual({
+        message: WorkspaceResponseMessage.WORKSPACE_ACCESS_CHECKED,
+      });
+    });
+
+    it('권한이 없는 경우 ForbiddenAccessException을 던진다.', async () => {
+      const workspaceId = 'workspace-snowflake-id';
+      const userId = 'user-snowflake-id';
+
+      // 권한 없음
+      jest
+        .spyOn(service, 'checkAccess')
+        .mockRejectedValue(new ForbiddenAccessException());
+
+      await expect(
+        controller.checkWorkspaceAccess(workspaceId, userId),
+      ).rejects.toThrow(ForbiddenAccessException);
+
+      expect(service.checkAccess).toHaveBeenCalledWith(userId, workspaceId);
+    });
+
+    it('워크스페이스가 존재하지 않는 경우 WorkspaceNotFoundException을 던진다.', async () => {
+      const workspaceId = 'invalid-snowflake-id';
+      const userId = 'user-snowflake-id';
+
+      // 워크스페이스 없음
+      jest
+        .spyOn(service, 'checkAccess')
+        .mockRejectedValue(new WorkspaceNotFoundException());
+
+      await expect(
+        controller.checkWorkspaceAccess(workspaceId, userId),
+      ).rejects.toThrow(WorkspaceNotFoundException);
+
+      expect(service.checkAccess).toHaveBeenCalledWith(userId, workspaceId);
     });
   });
 });