feat : jwt 발급 로직 구현

Author: EpicFn

src/main/java/org/tuna/zoopzoop/backend/domain/dashboard/controller/ApiV1DashboardController.java

@@ -71,6 +71,6 @@ public ResponseEntity<RsData<BodyForReactFlow>> getGraph(
                         "ID: " + dashboardId + " 의 React-flow 데이터를 조회했습니다.",
                         BodyForReactFlow.from(graph)
                 ));
-
     }
+
 }

src/main/java/org/tuna/zoopzoop/backend/domain/dashboard/dto/ReqBodyForLiveblocksAuth.java

@@ -0,0 +1,15 @@
+package org.tuna.zoopzoop.backend.domain.dashboard.dto;
+
+import java.util.List;
+import java.util.Map;
+
+public record ReqBodyForLiveblocksAuth(
+        String userId,
+        UserInfo userInfo,
+        Map<String, List<String>>permissions
+) {
+    public record UserInfo(
+            String name,
+            String avatar
+    ) {}
+}

src/main/java/org/tuna/zoopzoop/backend/domain/dashboard/dto/ResBodyForAuthToken.java

@@ -0,0 +1,5 @@
+package org.tuna.zoopzoop.backend.domain.dashboard.dto;
+
+public record ResBodyForAuthToken(
+        String token
+){ }

src/main/java/org/tuna/zoopzoop/backend/domain/dashboard/service/DashboardService.java

@@ -10,16 +10,24 @@
 import org.springframework.transaction.annotation.Transactional;
 import org.tuna.zoopzoop.backend.domain.dashboard.dto.BodyForReactFlow;
 import org.tuna.zoopzoop.backend.domain.dashboard.dto.GraphUpdateMessage;
+import org.tuna.zoopzoop.backend.domain.dashboard.dto.ReqBodyForLiveblocksAuth;
 import org.tuna.zoopzoop.backend.domain.dashboard.entity.Dashboard;
 import org.tuna.zoopzoop.backend.domain.dashboard.entity.Edge;
 import org.tuna.zoopzoop.backend.domain.dashboard.entity.Graph;
 import org.tuna.zoopzoop.backend.domain.dashboard.entity.Node;
 import org.tuna.zoopzoop.backend.domain.dashboard.repository.DashboardRepository;
 import org.tuna.zoopzoop.backend.domain.member.entity.Member;
+import org.tuna.zoopzoop.backend.domain.space.membership.entity.Membership;
+import org.tuna.zoopzoop.backend.domain.space.membership.enums.Authority;
 import org.tuna.zoopzoop.backend.domain.space.membership.service.MembershipService;
+import org.tuna.zoopzoop.backend.domain.space.space.entity.Space;
+import org.tuna.zoopzoop.backend.domain.space.space.service.SpaceService;
+import org.tuna.zoopzoop.backend.global.clients.liveblocks.LiveblocksClient;
 
 import java.nio.file.AccessDeniedException;
+import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 
 @Service
 @RequiredArgsConstructor
@@ -30,7 +38,8 @@ public class DashboardService {
     private final ObjectMapper objectMapper;
     private final SignatureService signatureService;
     private final RabbitTemplate rabbitTemplate;
-
+    private final SpaceService spaceService;
+    private final LiveblocksClient liveblocksClient;
 
 
     // =========================== Graph 관련 메서드 ===========================
@@ -134,8 +143,59 @@ public void queueGraphUpdate(Integer dashboardId, String requestBody, String sig
         rabbitTemplate.convertAndSend("zoopzoop.exchange", "graph.update.rk", message);
     }
 
+    // =========================== 기타 메서드 ===========================
+
+    /**
+     * 특정 스페이스에 대한 Liveblocks 접속 토큰(JWT)을 발급합니다.
+     * @param spaceId 스페이스 ID
+     * @param member 토큰을 요청하는 멤버
+     * @return 발급된 JWT 문자열
+     * @throws AccessDeniedException 멤버가 해당 스페이스에 속해있지 않거나 권한이 없는 경우
+     */
+    @Transactional(readOnly = true)
+    public String getAuthTokenForSpace(Integer spaceId, Member member) throws AccessDeniedException {
+        Space space = spaceService.findById(spaceId);
+
+        // 해당 스페이스에 멤버가 속해있는지, PENDING 상태는 아닌지 확인
+        Membership membership = membershipService.findByMemberAndSpace(member, space);
+        if (membership.getAuthority().equals(Authority.PENDING)) {
+            throw new AccessDeniedException("스페이스에 가입된 멤버가 아닙니다.");
+        }
 
+        // Liveblocks Room ID 생성
+        String roomId = "space_" + space.getId();
+
+        // Liveblocks에 전달할 사용자 정보 생성
+        String userId = String.valueOf(member.getId());
+        ReqBodyForLiveblocksAuth.UserInfo userInfo = new ReqBodyForLiveblocksAuth.UserInfo(
+                member.getName(),
+                member.getProfileImageUrl()
+        );
+
+        // Liveblocks 권한 설정 (내 서비스의 Authority -> Liveblocks 권한으로 변환)
+        List<String> permissions;
+        switch (membership.getAuthority()) {
+            case ADMIN, READ_WRITE:
+                permissions = List.of("room:write");
+                break;
+            case READ_ONLY:
+                permissions = Collections.emptyList(); // 빈 리스트는 읽기 전용을 의미
+                break;
+            default:
+                // PENDING 등 다른 상태는 위에서 이미 필터링됨
+                throw new AccessDeniedException("유효하지 않은 권한입니다.");
+        }
 
+        // Liveblocks Client에 전달할 요청 객체 생성
+        ReqBodyForLiveblocksAuth authRequest = new ReqBodyForLiveblocksAuth(
+                userId,
+                userInfo,
+                Map.of(roomId, permissions)
+        );
+
+        // LiveblocksClient를 통해 토큰 발급 요청
+        return liveblocksClient.getAuthToken(authRequest);
+    }
 
 
 }

src/main/java/org/tuna/zoopzoop/backend/domain/space/space/controller/ApiV1SpaceController.java

@@ -8,9 +8,13 @@
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.domain.Sort;
 import org.springframework.data.web.PageableDefault;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
+import org.tuna.zoopzoop.backend.domain.dashboard.dto.ResBodyForAuthToken;
+import org.tuna.zoopzoop.backend.domain.dashboard.service.DashboardService;
 import org.tuna.zoopzoop.backend.domain.member.entity.Member;
 import org.tuna.zoopzoop.backend.domain.space.membership.dto.etc.SpaceMemberInfo;
 import org.tuna.zoopzoop.backend.domain.space.membership.entity.Membership;
@@ -38,6 +42,7 @@
 public class ApiV1SpaceController {
     private final SpaceService spaceService;
     private final MembershipService membershipService;
+    private final DashboardService dashboardService;
 
     @PostMapping
     @Operation(summary = "스페이스 생성")
@@ -206,5 +211,30 @@ public RsData<ResBodyForSpaceInfo> getSpace(
         );
     }
 
+    /**
+     * Liveblocks 접속을 위한 인증 토큰(JWT) 발급 API
+     * @param spaceId 스페이스 ID
+     * @param userDetails 현재 로그인한 사용자 정보
+     * @return ResponseEntity<RsData<AuthTokenResponse>>
+     */
+    @PostMapping("/dashboard-auth/{spaceId}")
+    @Operation(summary = "Liveblocks 접속 토큰 발급")
+    public ResponseEntity<RsData<ResBodyForAuthToken>> getAuthToken(
+            @PathVariable Integer spaceId,
+            @AuthenticationPrincipal CustomUserDetails userDetails) throws AccessDeniedException {
+
+        Member member = userDetails.getMember();
+        String token = dashboardService.getAuthTokenForSpace(spaceId, member);
+
+        ResBodyForAuthToken response = new ResBodyForAuthToken(token);
+
+        return ResponseEntity
+                .status(HttpStatus.OK)
+                .body(new RsData<>(
+                        "200",
+                        "Liveblocks 접속 토큰이 발급되었습니다.",
+                        response
+                ));
+    }
 
 }

src/main/java/org/tuna/zoopzoop/backend/global/clients/liveblocks/LiveblocksClient.java

@@ -7,6 +7,8 @@
 import org.springframework.stereotype.Component;
 import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestTemplate;
+import org.tuna.zoopzoop.backend.domain.dashboard.dto.ReqBodyForLiveblocksAuth;
+import org.tuna.zoopzoop.backend.domain.dashboard.dto.ResBodyForAuthToken;
 
 import java.util.Collections;
 import java.util.HashMap;
@@ -23,7 +25,7 @@ public class LiveblocksClient {
     private String secretKey;
 
     private static final String LIVEBLOCKS_API_URL = "https://api.liveblocks.io/v2/rooms";
-
+    private static final String AUTH_API_URL = "https://api.liveblocks.io/v2/authorize-user";
     /**
      * Liveblocks 서버에 새로운 방을 생성합니다.
      * @param roomId 생성할 방의 고유 ID (워크스페이스 ID와 동일하게 사용)
@@ -80,4 +82,32 @@ public void deleteRoom(String roomId) {
             throw new RuntimeException("Liveblocks API call failed", e);
         }
     }
+
+    /**
+     * Liveblocks 사용자 인증 토큰(JWT)을 발급받습니다.
+     * @param request 인증에 필요한 사용자 정보, 권한 등을 담은 객체
+     * @return 발급된 JWT 문자열
+     */
+    public String getAuthToken(ReqBodyForLiveblocksAuth request) {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setBearerAuth(secretKey);
+        headers.setContentType(MediaType.APPLICATION_JSON);
+
+        HttpEntity<ReqBodyForLiveblocksAuth> requestEntity = new HttpEntity<>(request, headers);
+
+        try {
+            ResponseEntity<String> response = restTemplate.postForEntity(AUTH_API_URL, requestEntity, String.class);
+            if (response.getStatusCode().is2xxSuccessful()) {
+                log.info("Liveblocks auth token issued successfully for user: {}", request.userId());
+                return response.getBody();
+            } else {
+                log.error("Failed to issue Liveblocks auth token. user: {}, status: {}, body: {}",
+                        request.userId(), response.getStatusCode(), response.getBody());
+                throw new RuntimeException("Failed to issue Liveblocks auth token.");
+            }
+        } catch (RestClientException e) {
+            log.error("Error while calling Liveblocks auth API for user: {}", request.userId(), e);
+            throw new RuntimeException("Liveblocks auth API call failed", e);
+        }
+    }
 }