prgrms-web-devcourse-final-project
diff --git a/‎backend/src/main/java/io/f1/backend/domain/admin/app/AdminDetailService.java‎
Lines changed: 30 additions & 0 deletions b/‎backend/src/main/java/io/f1/backend/domain/admin/app/AdminDetailService.java‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎backend/src/main/java/io/f1/backend/domain/admin/app/handler/AdminLoginFailureHandler.java‎
Lines changed: 38 additions & 0 deletions b/‎backend/src/main/java/io/f1/backend/domain/admin/app/handler/AdminLoginFailureHandler.java‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎backend/src/main/java/io/f1/backend/domain/admin/app/handler/AdminLoginSuccessHandler.java‎
Lines changed: 47 additions & 0 deletions b/‎backend/src/main/java/io/f1/backend/domain/admin/app/handler/AdminLoginSuccessHandler.java‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎backend/src/main/java/io/f1/backend/domain/admin/dao/AdminRepository.java‎
Lines changed: 14 additions & 0 deletions b/‎backend/src/main/java/io/f1/backend/domain/admin/dao/AdminRepository.java‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎backend/src/main/java/io/f1/backend/domain/admin/dto/AdminLoginFailResponse.java‎
Lines changed: 11 additions & 0 deletions b/‎backend/src/main/java/io/f1/backend/domain/admin/dto/AdminLoginFailResponse.java‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎backend/src/main/java/io/f1/backend/domain/admin/dto/AdminPrincipal.java‎
Lines changed: 59 additions & 0 deletions b/‎backend/src/main/java/io/f1/backend/domain/admin/dto/AdminPrincipal.java‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎backend/src/main/java/io/f1/backend/domain/admin/dto/AuthenticationAdmin.java‎
Lines changed: 10 additions & 0 deletions b/‎backend/src/main/java/io/f1/backend/domain/admin/dto/AuthenticationAdmin.java‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎backend/src/main/java/io/f1/backend/domain/admin/entity/Admin.java‎
Lines changed: 7 additions & 0 deletions b/‎backend/src/main/java/io/f1/backend/domain/admin/entity/Admin.java‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎backend/src/main/java/io/f1/backend/domain/auth/api/AuthController.java‎
Lines changed: 32 additions & 0 deletions b/‎backend/src/main/java/io/f1/backend/domain/auth/api/AuthController.java‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎backend/src/main/java/io/f1/backend/domain/auth/dto/CurrentUserAndAdminResponse.java‎
Lines changed: 21 additions & 0 deletions b/‎backend/src/main/java/io/f1/backend/domain/auth/dto/CurrentUserAndAdminResponse.java‎
Lines changed: 21 additions & 0 deletions
@@ -0,0 +1,30 @@
+package io.f1.backend.domain.admin.app;
+
+import io.f1.backend.domain.admin.dao.AdminRepository;
+import io.f1.backend.domain.admin.dto.AdminPrincipal;
+import io.f1.backend.domain.admin.entity.Admin;
+
+import lombok.RequiredArgsConstructor;
+
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class AdminDetailService implements UserDetailsService {
+
+    private final AdminRepository adminRepository;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        Admin admin =
+                adminRepository
+                        .findByUsername(username)
+                        .orElseThrow(
+                                () -> new UsernameNotFoundException("E404007: 존재하지 않는 관리자입니다."));
+        // 프론트엔드로 내려가지 않는 예외
+        return new AdminPrincipal(admin);
+    }
+}
@@ -0,0 +1,38 @@
+package io.f1.backend.domain.admin.app.handler;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import io.f1.backend.domain.admin.dto.AdminLoginFailResponse;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import lombok.RequiredArgsConstructor;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+@RequiredArgsConstructor
+public class AdminLoginFailureHandler implements AuthenticationFailureHandler {
+
+    private final ObjectMapper objectMapper;
+
+    @Override
+    public void onAuthenticationFailure(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            AuthenticationException exception)
+            throws IOException {
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); // 401
+        response.setContentType("application/json;charset=UTF-8");
+
+        AdminLoginFailResponse errorResponse =
+                new AdminLoginFailResponse("E401005", "아이디 또는 비밀번호가 일치하지 않습니다.");
+
+        response.getWriter().write(objectMapper.writeValueAsString(errorResponse));
+    }
+}
@@ -0,0 +1,47 @@
+package io.f1.backend.domain.admin.app.handler;
+
+import static io.f1.backend.domain.user.constants.SessionKeys.ADMIN;
+import static io.f1.backend.global.util.SecurityUtils.getCurrentAdminPrincipal;
+
+import io.f1.backend.domain.admin.dao.AdminRepository;
+import io.f1.backend.domain.admin.dto.AdminPrincipal;
+import io.f1.backend.domain.admin.entity.Admin;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+
+import lombok.RequiredArgsConstructor;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import java.time.LocalDateTime;
+
+@Component
+@RequiredArgsConstructor
+public class AdminLoginSuccessHandler implements AuthenticationSuccessHandler {
+
+    private final AdminRepository adminRepository;
+    private final HttpSession httpSession;
+
+    @Override
+    public void onAuthenticationSuccess(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            Authentication authentication) {
+
+        AdminPrincipal principal = getCurrentAdminPrincipal();
+        Admin admin =
+                adminRepository
+                        .findByUsername(principal.getUsername())
+                        .orElseThrow(() -> new RuntimeException("E404007: 존재하지 않는 관리자입니다."));
+
+        admin.updateLastLogin(LocalDateTime.now());
+        adminRepository.save(admin);
+        httpSession.setAttribute(ADMIN, principal.getAuthenticationAdmin());
+
+        response.setStatus(HttpServletResponse.SC_OK); // 200
+    }
+}
@@ -0,0 +1,14 @@
+package io.f1.backend.domain.admin.dao;
+
+import io.f1.backend.domain.admin.entity.Admin;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.Optional;
+
+@Repository
+public interface AdminRepository extends JpaRepository<Admin, Long> {
+
+    Optional<Admin> findByUsername(String username);
+}
@@ -0,0 +1,11 @@
+package io.f1.backend.domain.admin.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
+public class AdminLoginFailResponse {
+    private String code;
+    private String message;
+}
@@ -0,0 +1,59 @@
+package io.f1.backend.domain.admin.dto;
+
+import io.f1.backend.domain.admin.entity.Admin;
+
+import lombok.Getter;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.Collections;
+
+@Getter
+public class AdminPrincipal implements UserDetails {
+
+    public static final String ROLE_ADMIN = "ROLE_ADMIN";
+    private final AuthenticationAdmin authenticationAdmin;
+    private final String password;
+
+    public AdminPrincipal(Admin admin) {
+        this.authenticationAdmin = AuthenticationAdmin.from(admin);
+        this.password = admin.getPassword();
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return Collections.singleton(() -> ROLE_ADMIN);
+    }
+
+    @Override
+    public String getPassword() {
+        return this.password;
+    }
+
+    @Override
+    public String getUsername() {
+        return authenticationAdmin.username();
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+}
@@ -0,0 +1,10 @@
+package io.f1.backend.domain.admin.dto;
+
+import io.f1.backend.domain.admin.entity.Admin;
+
+public record AuthenticationAdmin(Long adminId, String username) {
+
+    public static AuthenticationAdmin from(Admin admin) {
+        return new AuthenticationAdmin(admin.getId(), admin.getUsername());
+    }
+}
@@ -8,9 +8,12 @@
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
 
+import lombok.Getter;
+
 import java.time.LocalDateTime;
 
 @Entity
+@Getter
 public class Admin extends BaseEntity {
 
     @Id
@@ -25,4 +28,8 @@ public class Admin extends BaseEntity {
 
     @Column(nullable = false)
     private LocalDateTime lastLogin;
+
+    public void updateLastLogin(LocalDateTime lastLogin) {
+        this.lastLogin = lastLogin;
+    }
 }
@@ -0,0 +1,32 @@
+package io.f1.backend.domain.auth.api;
+
+import static io.f1.backend.global.util.SecurityUtils.getAuthentication;
+
+import io.f1.backend.domain.admin.dto.AdminPrincipal;
+import io.f1.backend.domain.auth.dto.CurrentUserAndAdminResponse;
+import io.f1.backend.domain.user.dto.UserPrincipal;
+
+import lombok.RequiredArgsConstructor;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/auth")
+@RequiredArgsConstructor
+public class AuthController {
+
+    @GetMapping("/me")
+    public ResponseEntity<?> getCurrentUserOrAdmin() {
+        Authentication authentication = getAuthentication();
+        Object principal = authentication.getPrincipal();
+
+        if (principal instanceof UserPrincipal userPrincipal) {
+            return ResponseEntity.ok(CurrentUserAndAdminResponse.from(userPrincipal));
+        }
+        return ResponseEntity.ok(CurrentUserAndAdminResponse.from((AdminPrincipal) principal));
+    }
+}
@@ -0,0 +1,21 @@
+package io.f1.backend.domain.auth.dto;
+
+import io.f1.backend.domain.admin.dto.AdminPrincipal;
+import io.f1.backend.domain.user.dto.UserPrincipal;
+
+public record CurrentUserAndAdminResponse(Long id, String name, String role) {
+
+    public static CurrentUserAndAdminResponse from(UserPrincipal userPrincipal) {
+        return new CurrentUserAndAdminResponse(
+                userPrincipal.getUserId(),
+                userPrincipal.getUserNickname(),
+                UserPrincipal.ROLE_USER);
+    }
+
+    public static CurrentUserAndAdminResponse from(AdminPrincipal adminPrincipal) {
+        return new CurrentUserAndAdminResponse(
+                adminPrincipal.getAuthenticationAdmin().adminId(),
+                adminPrincipal.getUsername(),
+                AdminPrincipal.ROLE_ADMIN);
+    }
+}