[fix] 댓글 수정/삭제 500 오류 해결 #222 (#224)

MEOHIN · web-flow · commit 56fe1f3341e6 · 2025-10-02T10:46:52.000+09:00
* Revert "chore: initData용 이미지 추가" This reverts commit ef30eef. * . * fix: 댓글 수정/삭제 시 작성자 비교 로직 개선 댓글 수정 및 삭제 로직에서 현재 로그인한 사용자와 댓글 작성자를 비교할 때, 기존에 객체(`comment.getUser().equals(user)`)를 비교하던 방식에서 ID 값(`comment.getUser().getId().equals(user.getId())`)을 비교하는 방식으로 변경 * fix: JWT 인증 토큰 획득 로직 개선 (Header 우선 적용)
diff --git a/src/main/java/com/back/domain/post/comment/service/CommentService.java b/src/main/java/com/back/domain/post/comment/service/CommentService.java
@@ -95,7 +95,7 @@ public CommentResponseDto updateComment(Long postId, Long commentId, CommentUpda
 
     Comment comment = findCommentWithValidation(postId, commentId);
 
-    if (!comment.getUser().equals(user)) {
+    if (!comment.getUser().getId().equals(user.getId())) {
       throw new IllegalStateException("본인의 댓글만 수정할 수 있습니다.");
     }
 
@@ -113,7 +113,7 @@ public void deleteComment(Long postId, Long commentId) {
 
     Comment comment = findCommentWithValidation(postId, commentId);
 
-    if (!comment.getUser().equals(user)) {
+    if (!comment.getUser().getId().equals(user.getId())) {
       throw new IllegalStateException("본인의 댓글만 삭제할 수 있습니다.");
     }
 
diff --git a/src/main/java/com/back/global/security/CustomAuthenticationFilter.java b/src/main/java/com/back/global/security/CustomAuthenticationFilter.java
@@ -55,87 +55,120 @@ private void work(HttpServletRequest request, HttpServletResponse response, Filt
         String uri = request.getRequestURI();
         String method = request.getMethod();
 
-        // 개발 편의성을 위해 모든 요청 통과 (SecurityConfig에서 모든 요청 permitAll)
-        /*
-        if (
-                uri.startsWith("/h2-console") ||
-                uri.startsWith("/login/oauth2/") ||
-                uri.startsWith("/oauth2/") ||
-                uri.startsWith("/actuator/") ||
-                uri.startsWith("/swagger-ui/") ||
-                uri.startsWith("/api-docs/") ||
-                uri.equals("/") ||
-                // 조회 API들 - 권한 불필요
-                (method.equals("GET") && uri.startsWith("/cocktails")) ||
-                (method.equals("POST") && uri.equals("/cocktails/search")) ||
-                (method.equals("GET") && uri.startsWith("/posts")) ||
-                (method.equals("GET") && uri.contains("/comments"))
-        ) {
-            filterChain.doFilter(request, response);
-            return;
-        }
-        */
+        log.debug("===== Authentication Filter Start =====");
+        log.debug("Request: {} {}", method, uri);
 
-        // 쿠키에서 accessToken 가져오기
-        String accessToken = rq.getCookieValue("accessToken", "");
+        String accessToken = null;
+
+        // 1. 먼저 Authorization 헤더에서 토큰 가져오기 시도
+        String authHeader = request.getHeader("Authorization");
+        if (authHeader != null && authHeader.startsWith("Bearer ")) {
+            accessToken = authHeader.substring(7);
+            log.debug("Token found in Authorization header");
+        }
 
-        logger.debug("accessToken : " + accessToken);
+        // 2. Authorization 헤더에 없으면 쿠키에서 가져오기
+        if (accessToken == null || accessToken.isBlank()) {
+            accessToken = rq.getCookieValue("accessToken", "");
+            if (!accessToken.isBlank()) {
+                log.debug("Token found in Cookie");
+            }
+        }
 
         boolean isAccessTokenExists = !accessToken.isBlank();
 
         if (!isAccessTokenExists) {
+            log.debug("No access token found - proceeding without authentication");
             filterChain.doFilter(request, response);
             return;
         }
 
         User user = null;
-        boolean isAccessTokenValid = false;
 
         // accessToken 검증
-        if (isAccessTokenExists) {
-            if (jwtUtil.validateAccessToken(accessToken)) {
+        if (jwtUtil.validateAccessToken(accessToken)) {
+            log.debug("Access token is valid");
+
+            try {
                 Long userId = jwtUtil.getUserIdFromToken(accessToken);
                 String email = jwtUtil.getEmailFromToken(accessToken);
                 String nickname = jwtUtil.getNicknameFromToken(accessToken);
 
-                user = User.builder()
-                        .id(userId)
-                        .email(email)
-                        .nickname(nickname)
-                        .role("USER")
-                        .build();
-                isAccessTokenValid = true;
+                if (userId != null) {
+                    user = User.builder()
+                            .id(userId)
+                            .email(email)
+                            .nickname(nickname)
+                            .role("USER")
+                            .build();
+
+                    log.debug("User extracted - ID: {}, Email: {}, Nickname: {}", userId, email, nickname);
+                } else {
+                    log.warn("User ID is null in token");
+                }
+            } catch (Exception e) {
+                log.error("Error extracting user info from token", e);
+            }
+        } else {
+            log.warn("Access token validation failed");
+
+            // 토큰이 만료된 경우에도 정보 추출 시도 (선택적)
+            try {
+                Long userId = jwtUtil.getUserIdFromToken(accessToken);
+                String email = jwtUtil.getEmailFromToken(accessToken);
+                String nickname = jwtUtil.getNicknameFromToken(accessToken);
+
+                if (userId != null && email != null && nickname != null) {
+                    user = User.builder()
+                            .id(userId)
+                            .email(email)
+                            .nickname(nickname)
+                            .role("USER")
+                            .build();
+
+                    // 새 토큰 발급 (쿠키 방식을 사용하는 경우만)
+                    if (authHeader == null) {
+                        String newAccessToken = jwtUtil.generateAccessToken(userId, email, nickname);
+                        rq.setCrossDomainCookie("accessToken", newAccessToken, accessTokenExpiration);
+                        log.info("New access token issued for user: {}", userId);
+                    }
+                }
+            } catch (Exception e) {
+                log.error("Failed to extract user info from expired token", e);
             }
         }
 
+        // user가 null이면 인증 실패
         if (user == null) {
+            log.warn("Authentication failed - user is null");
             filterChain.doFilter(request, response);
             return;
         }
 
-        // accessToken이 만료됐으면 새로 발급
-        if (isAccessTokenExists && !isAccessTokenValid) {
-            String newAccessToken = jwtUtil.generateAccessToken(user.getId(), user.getEmail(), user.getNickname());
-            rq.setCrossDomainCookie("accessToken", newAccessToken, accessTokenExpiration);
-        }
-
         // SecurityContext에 인증 정보 저장
-        UserDetails userDetails = new SecurityUser(
-                user.getId(),
-                user.getEmail(),
-                user.getNickname(),
-                user.isFirstLogin(),
-                user.getAuthorities(),
-                Map.of() // JWT 인증에서는 빈 attributes
-        );
-        Authentication authentication = new UsernamePasswordAuthenticationToken(
-                userDetails,
-                userDetails.getPassword(),
-                userDetails.getAuthorities()
-        );
-        SecurityContextHolder
-                .getContext()
-                .setAuthentication(authentication);
+        try {
+            UserDetails userDetails = new SecurityUser(
+                    user.getId(),
+                    user.getEmail(),
+                    user.getNickname(),
+                    user.isFirstLogin(),
+                    user.getAuthorities(),
+                    Map.of() // JWT 인증에서는 빈 attributes
+            );
+
+            Authentication authentication = new UsernamePasswordAuthenticationToken(
+                    userDetails,
+                    userDetails.getPassword(),
+                    userDetails.getAuthorities()
+            );
+
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+
+            log.info("✅ Authentication SUCCESS - User ID: {}, Nickname: {}", user.getId(), user.getNickname());
+            log.debug("===== Authentication Filter End =====");
+        } catch (Exception e) {
+            log.error("Error setting authentication in SecurityContext", e);
+        }
 
         filterChain.doFilter(request, response);
     }

Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,7 @@ public CommentResponseDto updateComment(Long postId, Long commentId, CommentUpda`
`95`	`95`
`96`	`96`	`Comment comment = findCommentWithValidation(postId, commentId);`
`97`	`97`
`98`		`- if (!comment.getUser().equals(user)) {`
	`98`	`+ if (!comment.getUser().getId().equals(user.getId())) {`
`99`	`99`	`throw new IllegalStateException("본인의 댓글만 수정할 수 있습니다.");`
`100`	`100`	`}`
`101`	`101`
`@@ -113,7 +113,7 @@ public void deleteComment(Long postId, Long commentId) {`
`113`	`113`
`114`	`114`	`Comment comment = findCommentWithValidation(postId, commentId);`
`115`	`115`
`116`		`- if (!comment.getUser().equals(user)) {`
	`116`	`+ if (!comment.getUser().getId().equals(user.getId())) {`
`117`	`117`	`throw new IllegalStateException("본인의 댓글만 삭제할 수 있습니다.");`
`118`	`118`	`}`
`119`	`119`