[feat] : 채팅방을 닫을 수 있는 권한은 요청자나 응답자만 가질 수 있도록 인증 로직 추가 #44

Author: Hyeromon

src/main/java/org/dfbf/soundlink/domain/chat/controller/ChatController.java

@@ -2,11 +2,10 @@
 
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
-import org.dfbf.soundlink.domain.chat.entity.ChatRoom;
 import org.dfbf.soundlink.domain.chat.service.ChatRoomService;
 import org.dfbf.soundlink.global.exception.ResponseResult;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -21,13 +20,13 @@ public class ChatController {
 
     @PostMapping("/create")
     @Operation(summary = "채팅요청 시 채팅방 생성", description = "requestId, responseId 값 확인")
-    public ResponseResult create(HttpServletRequest request, @RequestParam Long recordId) {
-        return chatRoomService.createChatRoom(request,recordId);
+    public ResponseResult create(@AuthenticationPrincipal Long userId, @RequestParam Long recordId) {
+        return chatRoomService.createChatRoom(userId, recordId);
     }
 
     @PostMapping("/close")
     @Operation(summary = "채팅방 닫기" , description="닫을 시 상태값 'close'변경, 레디스에서 삭제")
-    public ResponseResult close(Long chatRoomId) {
-        return chatRoomService.closeChatRoom(chatRoomId);
+    public ResponseResult close(@AuthenticationPrincipal Long userId, Long chatRoomId) {
+        return chatRoomService.closeChatRoom(userId, chatRoomId);
     }
 }

src/main/java/org/dfbf/soundlink/domain/chat/exception/UnauthorizedAccessException.java

@@ -0,0 +1,10 @@
+package org.dfbf.soundlink.domain.chat.exception;
+
+import org.dfbf.soundlink.global.exception.BusinessException;
+import org.dfbf.soundlink.global.exception.ErrorCode;
+
+public class UnauthorizedAccessException extends BusinessException {
+    public UnauthorizedAccessException() {
+        super(ErrorCode.CHAT_UNAUTHORIZED);
+    }
+}

src/main/java/org/dfbf/soundlink/domain/chat/service/ChatRoomService.java

@@ -1,10 +1,10 @@
 package org.dfbf.soundlink.domain.chat.service;
 
-import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.dfbf.soundlink.domain.chat.dto.ChatReqDto;
 import org.dfbf.soundlink.domain.chat.entity.ChatRoom;
 import org.dfbf.soundlink.domain.chat.exception.ChatRoomNotFoundException;
+import org.dfbf.soundlink.domain.chat.exception.UnauthorizedAccessException;
 import org.dfbf.soundlink.domain.chat.repository.ChatRoomRepository;
 import org.dfbf.soundlink.domain.emotionRecord.entity.EmotionRecord;
 import org.dfbf.soundlink.domain.emotionRecord.exception.EmotionRecordNotFoundException;
@@ -18,6 +18,7 @@
 import org.dfbf.soundlink.global.exception.ResponseResult;
 import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -31,14 +32,11 @@ public class ChatRoomService {
     private final UserRepository userRepository;
     private final EmotionRecordRepository emotionRecordRepository;
     private final RedisTemplate<String, String> redisTemplate;
-    private final JwtProvider jwtProvider;
+
 
     @Transactional
-    public ResponseResult createChatRoom(HttpServletRequest request, Long recordId){
+    public ResponseResult createChatRoom(@AuthenticationPrincipal Long userId, Long recordId){
         try {
-            String accessToken = jwtProvider.resolveAccessToken(request); //AT 추출
-            Long userId = jwtProvider.getUserId(accessToken);
-
             //요청 보내는사람
             User requestUserId = userRepository.findById(userId)
                     .orElseThrow(UserNotFoundException::new);
@@ -65,7 +63,8 @@ public ResponseResult createChatRoom(HttpServletRequest request, Long recordId){
             redisTemplate.opsForValue().set("Room::"+chatRoom.getChatRoomId(), String.valueOf(chatReqDto));
 
             return new ResponseResult(ErrorCode.SUCCESS, chatRoom);
-        }catch (DataIntegrityViolationException e) {
+        }
+        catch (DataIntegrityViolationException e) {
             return new ResponseResult(ErrorCode.CHAT_FAILED, "채팅방 생성 실패: 이미 존재하는 데이터입니다."); // recordId 값 중복 시
         } catch (Exception e) {
             return new ResponseResult(ErrorCode.INTERNAL_SERVER_ERROR, e.getMessage());
@@ -75,10 +74,17 @@ public ResponseResult createChatRoom(HttpServletRequest request, Long recordId){
 
     //채팅방 닫기
     @Transactional
-    public ResponseResult closeChatRoom(Long chatRoomId) {
+    public ResponseResult closeChatRoom(@AuthenticationPrincipal Long userId, Long chatRoomId) {
         try {
             ChatRoom chatRoom = chatRoomRepository.findById(chatRoomId)
                     .orElseThrow(ChatRoomNotFoundException::new);
+
+            //요청자 또는 응답자가 아니면 예외 처리
+            if(!chatRoom.getRequestUserId().getUserId().equals(userId) &&
+                    !chatRoom.getRecordId().getUser().getUserId().equals(userId)) {
+                throw new UnauthorizedAccessException();//권한이 없을 경우 예외 발생
+            }
+
             chatRoom.updateChatRoomStatus(RoomStatus.CLOSED); //삳태 '닫기'로 변경
             chatRoomRepository.save(chatRoom);//DB에 저장
 

src/main/java/org/dfbf/soundlink/global/exception/ErrorCode.java

@@ -59,6 +59,7 @@ public enum ErrorCode {
     KAKAOPAY_APPROVE_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "카카오페이 결제 승인 에러"),
 
     //채팅방 관련 에러
+    CHAT_UNAUTHORIZED(HttpStatus.FORBIDDEN,"권한이 없습니다"),
     CHATROOM_NOT_FOUND(HttpStatus.NOT_FOUND,"채팅방을 찾을 수 없습니다."),
     CHAT_FAILED(HttpStatus.INTERNAL_SERVER_ERROR,"서버 내부 에러. 중복된 레코드가 존재합니다.");