Merge pull request #261 from prgrms-web-devcourse-final-project/setting/security-uri(WR9-150)

leeys9423 · web-flow · commit 6cf05999b8b6 · 2025-03-13T22:49:16.000+09:00
Setting/security-uri(wr9 150)
diff --git a/src/main/java/io/crops/warmletter/domain/badword/controller/BadWordController.java b/src/main/java/io/crops/warmletter/domain/badword/controller/BadWordController.java
@@ -13,6 +13,7 @@
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -29,13 +30,15 @@ public class BadWordController {
 
     @PostMapping
     @Operation(summary = "금칙어 등록", description = "금칙어 등록하는 API입니다.")
+    @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<BaseResponse<BadWordResponse>> createBadWord(@RequestBody @Valid CreateBadWordRequest request) {
         BadWordResponse response = badWordService.createBadWord(request);
         return ResponseEntity.ok(BaseResponse.of(response, "금칙어 등록완료"));
     }
 
     @PatchMapping("/{badWordId}/status")
     @Operation(summary = "금칙어 상태변경", description = "금칙어 상태변경 활성여부 API입니다.")
+    @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<BaseResponse<BadWordResponse>> updateBadWordStatus(
             @PathVariable Long badWordId,
             @RequestBody @Valid UpdateBadWordStatusRequest request) {
@@ -45,13 +48,15 @@ public ResponseEntity<BaseResponse<BadWordResponse>> updateBadWordStatus(
 
     @GetMapping
     @Operation(summary = "금칙어 조회", description = "등록된 금칙어 조회하는 API입니다.")
+    @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<BaseResponse<List<Map<String, String>>>> getBadWords() {
         List<Map<String, String>> response = badWordService.getBadWords();
         return ResponseEntity.ok(BaseResponse.of(response, "금칙어 조회"));
     }
 
     @PatchMapping("/{badWordId}")
     @Operation(summary = "금칙어 변경", description = "기존에 있는 금칙어를 변경하는 API입니다.")
+    @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<BaseResponse<UpdateBadWordResponse>> updateBadWord(
             @PathVariable Long badWordId,
             @RequestBody @Valid UpdateBadWordRequest request) {
@@ -60,6 +65,7 @@ public ResponseEntity<BaseResponse<UpdateBadWordResponse>> updateBadWord(
     }
 
     @DeleteMapping("/{badwordId}")
+    @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<BaseResponse<String>> deleteBadWord(@PathVariable("badwordId") Long badWordId) {
         badWordService.deleteBadWord(badWordId);
         return ResponseEntity.ok(BaseResponse.of(null, "금칙어 영구삭제"));
diff --git a/src/main/java/io/crops/warmletter/domain/eventpost/controller/EventPostController.java b/src/main/java/io/crops/warmletter/domain/eventpost/controller/EventPostController.java
@@ -14,6 +14,7 @@
 import org.springframework.data.domain.Sort;
 import org.springframework.data.web.PageableDefault;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.Map;
@@ -27,6 +28,7 @@ public class EventPostController {
 
     @GetMapping("/admin/event-posts")
     @Operation(summary = "전체 이벤트 게시판 조회", description = "이벤트 게시판 전체를 조회합니다.")
+    @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<BaseResponse<PageResponse<EventPostsResponse>>> getEventPosts(
             @PageableDefault(size = 10, sort = "createdAt", direction = Sort.Direction.DESC) Pageable pageable) {
         Pageable eventPostsPageable = PageableConverter.convertToPageable(pageable);
@@ -35,12 +37,14 @@ public ResponseEntity<BaseResponse<PageResponse<EventPostsResponse>>> getEventPo
 
     @PostMapping("/admin/event-posts")
     @Operation(summary = "이벤트 게시판 생성", description = "미사용인 새로운 이벤트 게시판을 생성합니다.")
+    @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<BaseResponse<EventPostResponse>> createEventPost(@RequestBody @Valid CreateEventPostRequest createEventPostRequest){
         return ResponseEntity.ok(BaseResponse.of(eventPostService.createEventPost(createEventPostRequest),"게시판 생성 성공"));
     }
 
     @DeleteMapping("/admin/event-posts/{eventPostId}")
     @Operation(summary = "이벤트 게시판 삭제", description = "특정 이벤트 게시판을 삭제합니다.(임시 기능)")
+    @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<BaseResponse<Map<String,Long>>> deleteEventPost(@PathVariable Long eventPostId){
         return ResponseEntity.ok(BaseResponse.of(eventPostService.deleteEventPost(eventPostId),"게시판 삭제 성공"));
     }
@@ -62,6 +66,7 @@ public ResponseEntity<BaseResponse<EventPostDetailResponse>> getEventPostDetail(
 
     @PatchMapping("/admin/event-posts/{eventPostId}/status")
     @Operation(summary = "이벤트 게시판 사용여부 변경", description = "이벤트 게시판의 사용 여부를 변경하며, 사용중인 게시판은 하나만 적용됩니다. (사용중(true) <-> 미사용(false))")
+    @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<BaseResponse<EventPostStatusResponse>> updateEventPostIsUsed(@PathVariable Long eventPostId){
         return ResponseEntity.ok(BaseResponse.of(eventPostService.updateEventPostIsUsed(eventPostId),"게시판 사용여부 변경 성공"));
     }
diff --git a/src/main/java/io/crops/warmletter/domain/eventpost/entity/EventComment.java b/src/main/java/io/crops/warmletter/domain/eventpost/entity/EventComment.java
@@ -22,7 +22,7 @@ public class EventComment extends BaseEntity {
     @Column(nullable = false)
     private Long writerId;
 
-    @Column(nullable = false)
+    @Column(nullable = false, length = 1000)
     private String content;
 
     @Column(nullable = false)
diff --git a/src/main/java/io/crops/warmletter/domain/report/controller/ReportController.java b/src/main/java/io/crops/warmletter/domain/report/controller/ReportController.java
@@ -24,6 +24,7 @@
 import org.springframework.data.domain.Sort;
 import org.springframework.data.web.PageableDefault;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
@@ -44,6 +45,7 @@ public ResponseEntity<BaseResponse<ReportResponse>> createReport(@RequestBody Cr
 
     @GetMapping
     @Operation(summary = "신고 목록 조회", description = "신고 목록 조회하는 API입니다.")
+    @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<BaseResponse<PageResponse<ReportsResponse>>> getAllReports(
             @RequestParam(required = false) String reportType,
             @RequestParam(required = false) String status,
@@ -60,6 +62,7 @@ public ResponseEntity<BaseResponse<PageResponse<ReportsResponse>>> getAllReports
 
     @PatchMapping("/{reportId}")
     @Operation(summary = "신고 처리", description = "신고 처리해주는 API 입니다 . PENDING-미처리, RESOLVED-해결 ,REJECTED-거절 ")
+    @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<BaseResponse<UpdateReportResponse>> updateReport(@PathVariable Long reportId, @RequestBody @Valid UpdateReportRequest request) {
         UpdateReportResponse response = reportService.updateReport(reportId, request);
         return ResponseEntity.ok(BaseResponse.of(response, "신고 처리 완료"));
diff --git a/src/main/java/io/crops/warmletter/global/config/SecurityConfig.java b/src/main/java/io/crops/warmletter/global/config/SecurityConfig.java
@@ -62,11 +62,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                                 authorizeRequests
                                         .requestMatchers("/api/reissue")
                                         .permitAll()
-                                        .requestMatchers("/api/auth/**")
+                                        .requestMatchers("/api/auth/token")
                                         .permitAll()
                                         .requestMatchers("/swagger-ui/**")
                                         .permitAll() // Swagger UI 허용
-                                        .requestMatchers("/api/**").permitAll()
                                         .requestMatchers("/v3/api-docs/**")
                                         .permitAll() // API Docs 허용
                                         .requestMatchers("/login/**")
diff --git a/src/main/java/io/crops/warmletter/global/jwt/provider/JwtTokenProvider.java b/src/main/java/io/crops/warmletter/global/jwt/provider/JwtTokenProvider.java
@@ -25,7 +25,7 @@ public class JwtTokenProvider {
 
     private final RedisTemplate<String, String> redisTemplate;
 
-    private final long ACCESS_TOKEN_EXPIRE_TIME = 1000L * 60 * 5; // 30분
+    private final long ACCESS_TOKEN_EXPIRE_TIME = 1000L * 60 * 30; // 30분
     private final long REFRESH_TOKEN_EXPIRE_TIME = 1000L * 60 * 60 * 24 * 14; // 14일
 
     private Key key; // JWT 서명에 사용할 키
