feat(user): 사용자 이름, 비밀번호 수정 기능 추가 / fix(user/security): 보안 설정 수정

feat(user): 사용자 이름, 비밀번호 수정 기능 추가 / fix(user/security): 보안 설정 수정

Author: Hyeseung-OH

backend/src/main/java/com/backend/domain/user/controller/UserController.java

@@ -2,9 +2,12 @@
 
 import com.backend.domain.user.dto.UserDto;
 import com.backend.domain.user.entity.User;
+import com.backend.domain.user.service.JwtService;
 import com.backend.domain.user.service.UserService;
+import com.backend.domain.user.util.JwtUtil;
 import com.backend.global.response.ApiResponse;
 import jakarta.mail.MessagingException;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.Email;
 import jakarta.validation.constraints.NotBlank;
@@ -17,6 +20,8 @@
 @RequiredArgsConstructor
 public class UserController {
     private final UserService userService;
+    private final JwtService jwtService;
+    private final JwtUtil jwtUtil;
 
     /**
      * id를 입력받아 회원이 존재하면 해당 회원을 반환하는 api입니다.
@@ -63,6 +68,7 @@ record GetUsersResponse(
 
     @GetMapping("/api/users")
     public ApiResponse<GetUsersResponse> getUsers(){
+        System.out.println("다건 조회");
         List<User> users = userService.findByAll();
 
         List<UserDto> userDtoList = users.stream()
@@ -135,6 +141,61 @@ public ApiResponse<DeleteResponse> softDelete(
         return  ApiResponse.success(new DeleteResponse(new UserDto(softDeleteUser)));
     }
 
+
+    /**
+     * 이름 변경
+     */
+    record ModifyNameRequest (
+            @NotBlank(message = "이름은 필수 입력값 입니다.")
+            String name
+    ){
+
+    }
+    record ModifyNameResponse (
+            UserDto userDto
+    ){
+
+    }
+    @PostMapping("/api/user/name")
+    public  ApiResponse<ModifyNameResponse> modifyName(
+            HttpServletRequest request,
+            @Valid @RequestBody ModifyNameRequest modifyNameRequest
+    ){
+        String email = jwtUtil.getEmail(request);
+        System.out.println("email: " + email);
+        System.out.println("변경전 name :" + modifyNameRequest.name);
+        User user = userService.modifyName(email, modifyNameRequest.name);
+
+        System.out.println("변경후 name :" + user.getName());
+        return ApiResponse.success(new ModifyNameResponse(new UserDto(user)));
+    }
+
+    /**
+     * 비밀번호 변경
+     */
+    record ModifyPasswordRequest (
+            @NotBlank(message = "비밀번호는 필수 입력값 입니다.")
+            String password,
+            String passwordCheck
+    ){
+
+    }
+    record ModifyPasswordResponse (
+            UserDto userDto
+    ){
+
+    }
+    @PostMapping("/api/user/password")
+    public ApiResponse<ModifyPasswordResponse> modifyPassword(
+            HttpServletRequest request,
+            @Valid @RequestBody ModifyPasswordRequest  modifyPasswordRequest
+    ){
+        String email = jwtUtil.getEmail(request);
+        User user = userService.modifyPassword(email, modifyPasswordRequest.password, modifyPasswordRequest.passwordCheck);
+        return ApiResponse.success(new ModifyPasswordResponse(new UserDto(user)));
+    }
+
+
     /**
      * 삭제된 유저 복구
      */

backend/src/main/java/com/backend/domain/user/entity/User.java

@@ -1,5 +1,7 @@
 package com.backend.domain.user.entity;
 
+import com.backend.global.exception.BusinessException;
+import com.backend.global.exception.ErrorCode;
 import jakarta.persistence.*;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
@@ -58,4 +60,17 @@ public User(String email, String password, String name) {
         this.name = name;
     }
 
+    public void changeName(String name){
+        if(this.name==null || name.trim().isEmpty()){
+            throw new BusinessException(ErrorCode.NAME_NOT_FOUND);
+        }
+        this.name = name;
+    }
+
+    public void changePassword(String password){
+        if(this.password==null || password.trim().isEmpty()){
+            throw new BusinessException(ErrorCode.NAME_NOT_FOUND);
+        }
+        this.password = password;
+    }
 }

backend/src/main/java/com/backend/domain/user/service/UserService.java

@@ -106,4 +106,30 @@ public User restore(@NotBlank String email) {
             throw new BusinessException(ErrorCode.VALIDATION_FAILED);
         }
     }
+
+    public User modifyName(String email, @NotBlank(message = "이름은 필수 입력값 입니다.") String name) {
+        User user = userRepository.findByEmail(email).orElseThrow(() -> new BusinessException(ErrorCode.VALIDATION_FAILED));
+        user.changeName(name);
+        return user;
+
+    }
+
+    public User modifyPassword(String email, @NotBlank(message = "비밀번호는 필수 입력값 입니다.") String password) {
+        User user = userRepository.findByEmail(email).orElseThrow(() -> new BusinessException(ErrorCode.VALIDATION_FAILED));
+        user.changePassword(password);
+        return user;
+    }
+
+    public User modifyPassword(String email, @NotBlank(message = "비밀번호는 필수 입력값 입니다.") String password, String passwordCheck) {
+        User user = userRepository.findByEmail(email).orElseThrow(() -> new BusinessException(ErrorCode.VALIDATION_FAILED));
+
+        if(password.equals(passwordCheck)){
+            user.changePassword(password);
+        }else{
+            throw new BusinessException(ErrorCode.PASSWORD_NOT_EQUAL);
+        }
+
+
+        return user;
+    }
 }

backend/src/main/java/com/backend/domain/user/util/JwtUtil.java

@@ -42,7 +42,9 @@ public String createToken(String email, String name) {
         claims.put("name", name);
 
         Date now = new Date();
+        System.out.println("현재 시간 : " + now.toString());
         Date expiration = new Date(now.getTime() + tokenValidityMilliSeconds);
+        System.out.println("만료 시간 : " + expiration.toString());
         return Jwts.builder()
                 .claims(claims)
                 .issuedAt(now)

backend/src/main/java/com/backend/global/exception/ErrorCode.java

@@ -16,6 +16,9 @@ public enum ErrorCode {
     // ========== user 도메인 에러 ==========
     Login_Failed("U001", HttpStatus.BAD_REQUEST, "로그인에 실패했습니다."),
     Email_verify_Failed("U002", HttpStatus.BAD_REQUEST, "이메일 인증코드가 일치하지 않습니다"),
+    NAME_NOT_FOUND("U003", HttpStatus.NOT_FOUND, "이름이 입력되지 않았습니다."),
+    PASSWORD_NOT_FOUND("U004", HttpStatus.NOT_FOUND, "이름이 입력되지 않았습니다."),
+    PASSWORD_NOT_EQUAL("U005", HttpStatus.BAD_REQUEST, "비밀번호 확인이 일치하지 않습니다."),
 
     // ========== analysis 도메인 에러 ==========
     INVALID_GITHUB_URL("A001", HttpStatus.BAD_REQUEST, "올바른 GitHub 저장소 URL이 아닙니다."),

backend/src/main/java/com/backend/global/security/JwtAuthenticationFilter.java

@@ -14,6 +14,7 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.AntPathMatcher;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import java.io.IOException;
@@ -37,15 +38,40 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
         //  JWT 검증이 필요 없는 URL (회원가입, 로그인, 이메일 인증코드 발송,이메일 인증코드 검증)
         List<ExcludedRequest> excludedRequests = List.of(
+                // 개발 도구 (모든 메서드 허용)
+                new ExcludedRequest("/h2-console/**", null),
+                new ExcludedRequest("/swagger-ui/**", null),
+                new ExcludedRequest("/v3/api-docs/**", null),
+                new ExcludedRequest("/swagger-resources/**", null),
+                new ExcludedRequest("/webjars/**", null),
+
+                // 인증 관련 API
                 new ExcludedRequest("/api/login", "POST"),
                 new ExcludedRequest("/api/auth", "POST"),
                 new ExcludedRequest("/api/verify", "POST"),
-                new ExcludedRequest("/api/user", "POST")
+                new ExcludedRequest("/api/user", "POST"),
+
+                // 커뮤니티 관련 API
+                new ExcludedRequest("/api/community/**", null),
+
+                new ExcludedRequest("/api/analysis/**", null),
+                new ExcludedRequest("/api/repositories/**", null),
+                new ExcludedRequest("/api/ai/complete/**", null)
         );
 
-        // 요청 경로 + 메서드가 일치하는 경우 필터 스킵
+        AntPathMatcher pathMatcher = new AntPathMatcher();
+
         boolean excluded = excludedRequests.stream()
-                .anyMatch(ex -> requestURI.startsWith(ex.path()) && ex.method().equalsIgnoreCase(method));
+                .anyMatch(ex -> {
+                    //요청 url이 List의 url과 일치하는지 확인(/**도 지원)
+                    boolean pathMatches = pathMatcher.match(ex.path(), requestURI);
+
+                    // 메서드가 null (모든 메서드)이거나, 메서드가 일치하는 경우
+                    boolean methodMatches = ex.method() == null || ex.method().equalsIgnoreCase(method);
+                    
+                    //두 조건이 true일때 JWT인증을 스킵
+                    return pathMatches && methodMatches;
+                });
 
         if (excluded) {
             filterChain.doFilter(request, response);