[8주차/레오] 워크북 제출합니다

build.gradle

@@ -35,6 +35,10 @@ dependencies {
 	implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:3.0.1'
 	implementation 'org.springdoc:springdoc-openapi-starter-webmvc-api:3.0.1'
     implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8"
+
+	// Security
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	testImplementation 'org.springframework.security:spring-security-test'
 }
 
 tasks.named('test') {

src/main/java/umc/Inquiry/exception/InquiryException.java

@@ -1,7 +1,7 @@
 package umc.Inquiry.exception;
 
-import umc.apiPayload.code.BaseErrorCode;
-import umc.apiPayload.exception.ProjectException;
+import umc.global.apiPayload.code.BaseErrorCode;
+import umc.global.apiPayload.exception.ProjectException;
 
 public class InquiryException extends ProjectException {
     public InquiryException(BaseErrorCode errorCode) {

src/main/java/umc/Inquiry/exception/code/InquiryErrorCode.java

@@ -3,7 +3,7 @@
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
-import umc.apiPayload.code.BaseErrorCode;
+import umc.global.apiPayload.code.BaseErrorCode;
 
 @Getter
 @RequiredArgsConstructor

src/main/java/umc/config/SecurityConfig.java

@@ -0,0 +1,64 @@
+package umc.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import umc.global.security.handler.CustomAccessDenied;
+import umc.global.security.handler.CustomEntryPoint;
+
+@EnableWebSecurity
+@Configuration
+public class SecurityConfig {
+    private final String[] allowUris = {
+            // Swagger 허용
+            "/swagger-ui/**",
+            "/swagger-resources/**",
+            "/v3/api-docs/**",
+            "/auth/**",
+            "/api/v1/auth/signup"
+    };
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception{
+        http
+                .csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests(requests -> requests
+                        .requestMatchers(allowUris).permitAll()
+                        .anyRequest().authenticated()
+                )
+                .formLogin(form -> form
+                        .defaultSuccessUrl("/swagger-ui/index.html", true)
+                        .permitAll()
+                )
+                .logout(logout -> logout
+                        .logoutUrl("/logout")
+                        .logoutSuccessUrl("/login?logout")
+                        .permitAll()
+                )
+                .exceptionHandling(exception -> exception
+                        .accessDeniedHandler(customAccessDenied())
+                        .authenticationEntryPoint(customEntryPoint())
+                );
+        return http.build();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public CustomAccessDenied customAccessDenied(){
+        return new CustomAccessDenied();
+    }
+
+    @Bean
+    public CustomEntryPoint customEntryPoint(){
+        return new CustomEntryPoint();
+    }
+}

src/main/java/umc/food/exeption/FoodException.java

@@ -1,7 +1,7 @@
 package umc.food.exeption;
 
-import umc.apiPayload.code.BaseErrorCode;
-import umc.apiPayload.exception.ProjectException;
+import umc.global.apiPayload.code.BaseErrorCode;
+import umc.global.apiPayload.exception.ProjectException;
 
 public class FoodException extends ProjectException {
     public FoodException(BaseErrorCode errorCode) {

src/main/java/umc/food/exeption/code/FoodErrorCode.java

@@ -3,7 +3,7 @@
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
-import umc.apiPayload.code.BaseErrorCode;
+import umc.global.apiPayload.code.BaseErrorCode;
 
 @Getter
 @RequiredArgsConstructor

src/main/java/umc/apiPayload/ApiResponse.java → src/main/java/umc/global/apiPayload/ApiResponse.java

@@ -1,11 +1,11 @@
-package umc.apiPayload;
+package umc.global.apiPayload;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
-import umc.apiPayload.code.BaseErrorCode;
-import umc.apiPayload.code.BaseSuccessCode;
+import umc.global.apiPayload.code.BaseErrorCode;
+import umc.global.apiPayload.code.BaseSuccessCode;
 
 @Getter
 @AllArgsConstructor

src/main/java/umc/apiPayload/code/BaseErrorCode.java → src/main/java/umc/global/apiPayload/code/BaseErrorCode.java

@@ -1,4 +1,4 @@
-package umc.apiPayload.code;
+package umc.global.apiPayload.code;
 
 import org.springframework.http.HttpStatus;
 

src/main/java/umc/apiPayload/code/BaseSuccessCode.java → src/main/java/umc/global/apiPayload/code/BaseSuccessCode.java

@@ -1,4 +1,4 @@
-package umc.apiPayload.code;
+package umc.global.apiPayload.code;
 
 import org.springframework.http.HttpStatus;
 

src/main/java/umc/apiPayload/code/GeneralErrorCode.java → src/main/java/umc/global/apiPayload/code/GeneralErrorCode.java

@@ -1,4 +1,4 @@
-package umc.apiPayload.code;
+package umc.global.apiPayload.code;
 
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;

src/main/java/umc/apiPayload/code/GeneralSuccessCode.java → src/main/java/umc/global/apiPayload/code/GeneralSuccessCode.java

@@ -1,4 +1,4 @@
-package umc.apiPayload.code;
+package umc.global.apiPayload.code;
 
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;

src/main/java/umc/apiPayload/exception/ProjectException.java → src/main/java/umc/global/apiPayload/exception/ProjectException.java

@@ -1,8 +1,8 @@
-package umc.apiPayload.exception;
+package umc.global.apiPayload.exception;
 
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
-import umc.apiPayload.code.BaseErrorCode;
+import umc.global.apiPayload.code.BaseErrorCode;
 
 @Getter
 @RequiredArgsConstructor

src/main/java/umc/apiPayload/handler/GeneralExceptionAdvice.java → src/main/java/umc/global/apiPayload/handler/GeneralExceptionAdvice.java

@@ -1,13 +1,13 @@
-package umc.apiPayload.handler;
+package umc.global.apiPayload.handler;
 
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
-import umc.apiPayload.ApiResponse;
-import umc.apiPayload.code.BaseErrorCode;
-import umc.apiPayload.code.GeneralErrorCode;
-import umc.apiPayload.exception.ProjectException;
+import umc.global.apiPayload.ApiResponse;
+import umc.global.apiPayload.code.BaseErrorCode;
+import umc.global.apiPayload.code.GeneralErrorCode;
+import umc.global.apiPayload.exception.ProjectException;
 
 import java.util.HashMap;
 import java.util.Map;

src/main/java/umc/apiPayload/converter/BaseConverter.java → src/main/java/umc/global/converter/BaseConverter.java

@@ -1,6 +1,6 @@
-package umc.apiPayload.converter;
+package umc.global.converter;
 
-import umc.apiPayload.dto.BaseResDTO;
+import umc.global.dto.BaseResDTO;
 
 import java.util.List;
 

src/main/java/umc/apiPayload/dto/BaseResDTO.java → src/main/java/umc/global/dto/BaseResDTO.java

@@ -1,4 +1,4 @@
-package umc.apiPayload.dto;
+package umc.global.dto;
 
 import lombok.Builder;
 

src/main/java/umc/apiPayload/entity/BaseEntity.java → src/main/java/umc/global/entity/BaseEntity.java

@@ -1,4 +1,4 @@
-package umc.apiPayload.entity;
+package umc.global.entity;
 
 import jakarta.persistence.Column;
 import jakarta.persistence.EntityListeners;

src/main/java/umc/global/security/entity/AuthMember.java

@@ -0,0 +1,33 @@
+package umc.global.security.entity;
+
+import jakarta.annotation.Nullable;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import umc.member.entity.Member;
+
+import java.util.Collection;
+import java.util.List;
+
+@Getter
+@RequiredArgsConstructor
+public class AuthMember implements UserDetails {
+
+    private final Member member;
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities(){
+        return List.of();
+    }
+
+    @Override
+    public @Nullable String getPassword(){
+        return member.getPassword();
+    }
+
+    @Override
+    public String getUsername(){
+        return member.getEmail();
+    }
+}

src/main/java/umc/global/security/handler/CustomAccessDenied.java

@@ -0,0 +1,36 @@
+package umc.global.security.handler;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import umc.global.apiPayload.ApiResponse;
+import umc.global.apiPayload.code.BaseErrorCode;
+import umc.global.apiPayload.code.GeneralErrorCode;
+
+import java.io.IOException;
+
+public class CustomAccessDenied implements AccessDeniedHandler {
+
+    @Override
+    public void handle(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            AccessDeniedException accessDeniedException
+    ) throws IOException {
+        ObjectMapper objectMapper = new ObjectMapper();
+        BaseErrorCode code = GeneralErrorCode.FORBIDDEN;
+
+        // 응답 Content-Type, HTTP 상태코드 정의
+        response.setContentType("application/json;charset=UTF-8");
+        response.setStatus(code.getStatus().value());
+
+        // Response Body에 응답통일한 객체를 넣기
+        ApiResponse<Void> errorResponse = ApiResponse.onFailure(code,null);
+
+        // 실제 Response로 덮어쓰기
+        objectMapper.writeValue(response.getOutputStream(), errorResponse);
+    }
+}
+

src/main/java/umc/global/security/handler/CustomEntryPoint.java

@@ -0,0 +1,35 @@
+package umc.global.security.handler;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import umc.global.apiPayload.ApiResponse;
+import umc.global.apiPayload.code.BaseErrorCode;
+import umc.global.apiPayload.code.GeneralErrorCode;
+
+import java.io.IOException;
+
+public class CustomEntryPoint implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            AuthenticationException authException
+    ) throws IOException {
+        ObjectMapper objectMapper = new ObjectMapper();
+        BaseErrorCode code = GeneralErrorCode.UNAUTHORIZED;
+
+        // 응답 Content-Type, HTTP 상태코드 정의
+        response.setContentType("application/json;charset=UTF-8");
+        response.setStatus(code.getStatus().value());
+
+        // Response Body에 응답통일한 객체를 넣기
+        ApiResponse<Void> errorResponse = ApiResponse.onFailure(code,null);
+
+        // 실제 Response로 덮어쓰기
+        objectMapper.writeValue(response.getOutputStream(), errorResponse);
+    }
+}

src/main/java/umc/global/security/service/CustomUserDetailService.java

@@ -0,0 +1,28 @@
+package umc.global.security.service;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+import umc.global.security.entity.AuthMember;
+import umc.member.entity.Member;
+import umc.member.exception.MemberException;
+import umc.member.exception.code.MemberErrorCode;
+import umc.member.repository.MemberRepository;
+
+@Service
+@RequiredArgsConstructor
+public class CustomUserDetailService implements UserDetailsService {
+
+    private final MemberRepository memberRepository;
+
+    @Override
+    public UserDetails loadUserByUsername(
+            String username
+    ) throws UsernameNotFoundException{
+        Member member = memberRepository.findByEmail(username)
+                .orElseThrow(() -> new MemberException(MemberErrorCode.MEMBER_NOT_FOUND));
+        return new AuthMember(member);
+    }
+}

src/main/java/umc/location/exception/LocationException.java

@@ -1,7 +1,7 @@
 package umc.location.exception;
 
-import umc.apiPayload.code.BaseErrorCode;
-import umc.apiPayload.exception.ProjectException;
+import umc.global.apiPayload.code.BaseErrorCode;
+import umc.global.apiPayload.exception.ProjectException;
 
 public class LocationException extends ProjectException {
     public LocationException(BaseErrorCode errorCode) {

src/main/java/umc/location/exception/code/LocationErrorCode.java

@@ -3,7 +3,7 @@
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
-import umc.apiPayload.code.BaseErrorCode;
+import umc.global.apiPayload.code.BaseErrorCode;
 
 @Getter
 @RequiredArgsConstructor

src/main/java/umc/member/controller/MemberController.java

@@ -1,12 +1,12 @@
 package umc.member.controller;
 
+import io.swagger.v3.oas.annotations.Operation;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
-import umc.apiPayload.ApiResponse;
-import umc.apiPayload.code.BaseSuccessCode;
+import umc.global.apiPayload.ApiResponse;
+import umc.global.apiPayload.code.BaseSuccessCode;
 import umc.member.dto.MemberReqDTO;
 import umc.member.dto.MemberResDTO;
-import umc.member.entity.Member;
 import umc.member.exception.code.MemberSuccessCode;
 import umc.member.service.MemberService;
 import umc.mission.dto.MissionResDTO;
@@ -21,6 +21,7 @@ public class MemberController {
     private final MissionService missionService;
 
     @PostMapping("/v1/users/me")
+    @Operation(summary = "마이페이지 조회")
     public ApiResponse<MemberResDTO.GetInfo> getInfo(
             @RequestBody MemberReqDTO.GetInfo dto
     ){
@@ -29,6 +30,7 @@ public ApiResponse<MemberResDTO.GetInfo> getInfo(
     }
 
     @GetMapping("/v1/home")
+    @Operation(summary = "지역 미션 조회")
     public ApiResponse<MissionResDTO.MissionListDTO> getHomeInfo(
             @RequestParam(name = "memberId") Long memberId,
             @RequestParam(name = "regionName") String regionName,
@@ -38,6 +40,7 @@ public ApiResponse<MissionResDTO.MissionListDTO> getHomeInfo(
     }
 
     @PostMapping("/v1/auth/signup")
+    @Operation(summary = "회원가입")
     public ApiResponse<MemberResDTO.AuthResDTO.SignUpResultDTO> signUp(
             @RequestBody MemberReqDTO.SingUpDTO request
     ) {