🔧 chore: 임시 토큰 발급 설정 추가

jiwon1217 · jiwon1217 · commit cff695f0e22b · 2025-07-18T17:48:58.000+09:00
diff --git a/backend/src/main/java/io/f1/backend/domain/admin/entity/Admin.java b/backend/src/main/java/io/f1/backend/domain/admin/entity/Admin.java
@@ -8,12 +8,15 @@
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
 
+import lombok.Builder;
 import lombok.Getter;
 
 import java.time.LocalDateTime;
+import lombok.NoArgsConstructor;
 
 @Entity
 @Getter
+@NoArgsConstructor
 public class Admin extends BaseEntity {
 
     @Id
@@ -32,4 +35,12 @@ public class Admin extends BaseEntity {
     public void updateLastLogin(LocalDateTime lastLogin) {
         this.lastLogin = lastLogin;
     }
+
+    @Builder
+    public Admin(Long id, String username, String password, LocalDateTime lastLogin) {
+        this.id = id;
+        this.username = username;
+        this.password = password;
+        this.lastLogin = LocalDateTime.now();
+    }
 }
diff --git a/backend/src/main/java/io/f1/backend/global/config/SecurityConfig.java b/backend/src/main/java/io/f1/backend/global/config/SecurityConfig.java
@@ -7,6 +7,7 @@
 import io.f1.backend.domain.user.app.handler.OAuthSuccessHandler;
 import io.f1.backend.domain.user.app.handler.UserAndAdminLogoutSuccessHandler;
 
+import io.f1.backend.global.filter.DevTokenAuthFilter;
 import lombok.RequiredArgsConstructor;
 
 import org.springframework.context.annotation.Bean;
@@ -17,6 +18,7 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @Configuration
 @EnableWebSecurity
@@ -34,6 +36,7 @@ public class SecurityConfig {
     public SecurityFilterChain userFilterChain(HttpSecurity http) throws Exception {
         http.csrf(AbstractHttpConfigurer::disable)
                 .cors(Customizer.withDefaults())
+                .addFilterBefore(new DevTokenAuthFilter(), UsernamePasswordAuthenticationFilter.class)
                 .exceptionHandling(
                         exception ->
                                 exception.authenticationEntryPoint(customAuthenticationEntryPoint))
diff --git a/backend/src/main/java/io/f1/backend/global/filter/DevTokenAuthFilter.java b/backend/src/main/java/io/f1/backend/global/filter/DevTokenAuthFilter.java
@@ -0,0 +1,70 @@
+package io.f1.backend.global.filter;
+
+import io.f1.backend.domain.admin.dto.AdminPrincipal;
+import io.f1.backend.domain.admin.entity.Admin;
+import io.f1.backend.domain.user.dto.UserPrincipal;
+import io.f1.backend.domain.user.entity.User;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@Component
+public class DevTokenAuthFilter extends OncePerRequestFilter {
+
+    private static final String DEV_TOKEN = "dev-secret-token-1234";
+    private static final String ADMIN_TOKEN = "admin-secret-token-1234";
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+        FilterChain filterChain) throws ServletException, IOException {
+
+        User fakeUser = User.builder()
+            .provider("kakao")
+            .providerId("dev")
+            .lastLogin(LocalDateTime.now())
+            .build();
+
+        fakeUser.setId(1L);
+        fakeUser.updateNickname("user");
+
+        UserPrincipal principal = new UserPrincipal(fakeUser, Map.of());
+
+        Admin fakeAdmin = Admin.builder()
+            .id(1L)
+            .username("admin")
+            .password("admin")
+            .lastLogin(LocalDateTime.now())
+            .build();
+
+        AdminPrincipal adminPrincipal = new AdminPrincipal(fakeAdmin);
+
+        String authHeader = request.getHeader("Authorization");
+
+        if (authHeader != null && authHeader.equals("Bearer " + DEV_TOKEN)) {
+            List<GrantedAuthority> authorities = List.of(new SimpleGrantedAuthority("ROLE_USER"));
+
+            Authentication auth = new UsernamePasswordAuthenticationToken(principal, null,
+                authorities);
+            SecurityContextHolder.getContext().setAuthentication(auth);
+        } else if (authHeader != null && authHeader.equals("Bearer " + ADMIN_TOKEN)) {
+            List<GrantedAuthority> authorities = List.of(new SimpleGrantedAuthority("ROLE_ADMIN"));
+
+            Authentication auth = new UsernamePasswordAuthenticationToken(adminPrincipal, null,
+                authorities);
+            SecurityContextHolder.getContext().setAuthentication(auth);
+        }
+        filterChain.doFilter(request, response);
+    }
+}
