From c8fe5aa111e0bdd2ddd8a220830420fcc0a68a9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E1=84=8B=E1=85=A9=E1=84=8B=E1=85=B2=E1=84=8E=E1=85=A1?= =?UTF-8?q?=E1=86=AB?= Date: Wed, 15 Jan 2025 18:08:34 +0900 Subject: [PATCH 1/6] =?UTF-8?q?:recycle:=20=ED=86=A0=ED=81=B0=20=EC=9D=B8?= =?UTF-8?q?=EC=A6=9D=EC=8B=9C=20=EC=BF=A0=ED=82=A4=20=EB=B0=A9=EC=8B=9D?= =?UTF-8?q?=EC=9D=B4=20=EC=95=84=EB=8B=8C=20Bearer=20=EC=9D=B8=EC=A6=9D=20?= =?UTF-8?q?=EB=B0=A9=EC=8B=9D=EC=9C=BC=EB=A1=9C=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/mycom/socket/auth/jwt/JWTFilter.java | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/mycom/socket/auth/jwt/JWTFilter.java b/src/main/java/com/mycom/socket/auth/jwt/JWTFilter.java index d235d3d..7f1252b 100644 --- a/src/main/java/com/mycom/socket/auth/jwt/JWTFilter.java +++ b/src/main/java/com/mycom/socket/auth/jwt/JWTFilter.java @@ -30,9 +30,10 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { try { - String token = resolveTokenFromCookie(request); - if (StringUtils.hasText(token) && jwtUtil.validateToken(token, "ACCESS_TOKEN")) { - setAuthentication(token); + // Bearer 토큰 확인 + String bearerToken = resolveTokenFromHeader(request); + if (StringUtils.hasText(bearerToken) && jwtUtil.validateToken(bearerToken, "ACCESS_TOKEN")) { + setAuthentication(bearerToken); } } catch (Exception e) { log.warn("인증 처리 실패", e); @@ -42,14 +43,10 @@ protected void doFilterInternal(HttpServletRequest request, filterChain.doFilter(request, response); } - private String resolveTokenFromCookie(HttpServletRequest request) { - Cookie[] cookies = request.getCookies(); - if (cookies != null) { - for (Cookie cookie : cookies) { - if (jwtProperties.getAccessTokenCookieName().equals(cookie.getName())) { - return cookie.getValue(); - } - } + private String resolveTokenFromHeader(HttpServletRequest request) { + String bearerToken = request.getHeader("Authorization"); + if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) { + return bearerToken.substring(7); } return null; } From 4cfbf8db243102399255ce258e75adcfc1569cfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E1=84=8B=E1=85=A9=E1=84=8B=E1=85=B2=E1=84=8E=E1=85=A1?= =?UTF-8?q?=E1=86=AB?= Date: Wed, 15 Jan 2025 18:08:48 +0900 Subject: [PATCH 2/6] =?UTF-8?q?:wrench:=20ddl-auto=20update=EB=A1=9C=20?= =?UTF-8?q?=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/resources/yaml/application-dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/yaml/application-dev.yml b/src/main/resources/yaml/application-dev.yml index 449e43e..de934b1 100644 --- a/src/main/resources/yaml/application-dev.yml +++ b/src/main/resources/yaml/application-dev.yml @@ -2,4 +2,4 @@ spring: jpa: show-sql: true hibernate: - ddl-auto: create \ No newline at end of file + ddl-auto: update \ No newline at end of file From a07c48bd3a6feda7e3b3c30e0aef147e11be5f32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E1=84=8B=E1=85=A9=E1=84=8B=E1=85=B2=E1=84=8E=E1=85=A1?= =?UTF-8?q?=E1=86=AB?= Date: Wed, 15 Jan 2025 18:09:00 +0900 Subject: [PATCH 3/6] =?UTF-8?q?:sparkles:=20=EC=82=AC=EC=9A=A9=EC=9E=90=20?= =?UTF-8?q?=ED=94=84=EB=A1=9C=ED=95=84=20=EC=A1=B0=ED=9A=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/ProfileController.java | 23 +++++++++++++++++++ .../dto/response/ProfileResponse.java | 17 ++++++++++++++ .../go_socket/service/MemberService.java | 22 ++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 src/main/java/com/mycom/socket/go_socket/controller/ProfileController.java create mode 100644 src/main/java/com/mycom/socket/go_socket/dto/response/ProfileResponse.java create mode 100644 src/main/java/com/mycom/socket/go_socket/service/MemberService.java diff --git a/src/main/java/com/mycom/socket/go_socket/controller/ProfileController.java b/src/main/java/com/mycom/socket/go_socket/controller/ProfileController.java new file mode 100644 index 0000000..b21334b --- /dev/null +++ b/src/main/java/com/mycom/socket/go_socket/controller/ProfileController.java @@ -0,0 +1,23 @@ +package com.mycom.socket.go_socket.controller; + +import com.mycom.socket.auth.security.MemberDetails; +import com.mycom.socket.go_socket.dto.response.ProfileResponse; +import com.mycom.socket.go_socket.service.MemberService; +import lombok.RequiredArgsConstructor; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@RequiredArgsConstructor +@RequestMapping("/api/profile") +public class ProfileController { + + private final MemberService memberService; + + @GetMapping + public ProfileResponse getProfile(@AuthenticationPrincipal MemberDetails memberDetails) { + return ProfileResponse.of(memberDetails.getMember()); + } +} diff --git a/src/main/java/com/mycom/socket/go_socket/dto/response/ProfileResponse.java b/src/main/java/com/mycom/socket/go_socket/dto/response/ProfileResponse.java new file mode 100644 index 0000000..bf170f8 --- /dev/null +++ b/src/main/java/com/mycom/socket/go_socket/dto/response/ProfileResponse.java @@ -0,0 +1,17 @@ +package com.mycom.socket.go_socket.dto.response; + +import com.mycom.socket.go_socket.entity.Member; + +public record ProfileResponse( + String email, + String nickname, + String intro +) { + public static ProfileResponse of(Member member) { + return new ProfileResponse( + member.getEmail(), + member.getNickname(), + member.getIntro() + ); + } +} diff --git a/src/main/java/com/mycom/socket/go_socket/service/MemberService.java b/src/main/java/com/mycom/socket/go_socket/service/MemberService.java new file mode 100644 index 0000000..c7842b5 --- /dev/null +++ b/src/main/java/com/mycom/socket/go_socket/service/MemberService.java @@ -0,0 +1,22 @@ +package com.mycom.socket.go_socket.service; + + +import com.mycom.socket.global.exception.NotFoundException; +import com.mycom.socket.go_socket.entity.Member; +import com.mycom.socket.go_socket.repository.MemberRepository; +import lombok.RequiredArgsConstructor; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +@Service +@RequiredArgsConstructor +@Transactional(readOnly = true) +public class MemberService { + + private final MemberRepository memberRepository; + + public Member getMember(String email) { + return memberRepository.findByEmail(email) + .orElseThrow(() -> new NotFoundException("사용자를 찾을 수 없습니다.")); + } +} From a3bffe35e5e472356f85fbf40b2375b369c83539 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E1=84=8B=E1=85=A9=E1=84=8B=E1=85=B2=E1=84=8E=E1=85=A1?= =?UTF-8?q?=E1=86=AB?= Date: Wed, 15 Jan 2025 18:10:44 +0900 Subject: [PATCH 4/6] =?UTF-8?q?:fire:=20=EB=B6=88=ED=95=84=EC=9A=94?= =?UTF-8?q?=ED=95=9C=20MemberService=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../socket/go_socket/controller/ProfileController.java | 3 --- .../com/mycom/socket/go_socket/service/MemberService.java | 8 -------- 2 files changed, 11 deletions(-) diff --git a/src/main/java/com/mycom/socket/go_socket/controller/ProfileController.java b/src/main/java/com/mycom/socket/go_socket/controller/ProfileController.java index b21334b..c7e37db 100644 --- a/src/main/java/com/mycom/socket/go_socket/controller/ProfileController.java +++ b/src/main/java/com/mycom/socket/go_socket/controller/ProfileController.java @@ -2,7 +2,6 @@ import com.mycom.socket.auth.security.MemberDetails; import com.mycom.socket.go_socket.dto.response.ProfileResponse; -import com.mycom.socket.go_socket.service.MemberService; import lombok.RequiredArgsConstructor; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.web.bind.annotation.GetMapping; @@ -14,8 +13,6 @@ @RequestMapping("/api/profile") public class ProfileController { - private final MemberService memberService; - @GetMapping public ProfileResponse getProfile(@AuthenticationPrincipal MemberDetails memberDetails) { return ProfileResponse.of(memberDetails.getMember()); diff --git a/src/main/java/com/mycom/socket/go_socket/service/MemberService.java b/src/main/java/com/mycom/socket/go_socket/service/MemberService.java index c7842b5..c1f09f1 100644 --- a/src/main/java/com/mycom/socket/go_socket/service/MemberService.java +++ b/src/main/java/com/mycom/socket/go_socket/service/MemberService.java @@ -1,8 +1,5 @@ package com.mycom.socket.go_socket.service; - -import com.mycom.socket.global.exception.NotFoundException; -import com.mycom.socket.go_socket.entity.Member; import com.mycom.socket.go_socket.repository.MemberRepository; import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Service; @@ -14,9 +11,4 @@ public class MemberService { private final MemberRepository memberRepository; - - public Member getMember(String email) { - return memberRepository.findByEmail(email) - .orElseThrow(() -> new NotFoundException("사용자를 찾을 수 없습니다.")); - } } From a7196facb53272e6536d4a9cb84732aab4b00b3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E1=84=8B=E1=85=A9=E1=84=8B=E1=85=B2=E1=84=8E=E1=85=A1?= =?UTF-8?q?=E1=86=AB?= Date: Wed, 15 Jan 2025 18:21:08 +0900 Subject: [PATCH 5/6] =?UTF-8?q?:recycle:=20jwtFilter=20=EC=BD=94=EB=93=9C?= =?UTF-8?q?=20=EB=A6=AC=ED=8C=A9=ED=86=A0=EB=A7=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/mycom/socket/auth/jwt/JWTFilter.java | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/mycom/socket/auth/jwt/JWTFilter.java b/src/main/java/com/mycom/socket/auth/jwt/JWTFilter.java index 7f1252b..b7074d9 100644 --- a/src/main/java/com/mycom/socket/auth/jwt/JWTFilter.java +++ b/src/main/java/com/mycom/socket/auth/jwt/JWTFilter.java @@ -1,10 +1,8 @@ package com.mycom.socket.auth.jwt; -import com.mycom.socket.auth.config.JWTProperties; import com.mycom.socket.auth.service.MemberDetailsService; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; -import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; @@ -21,10 +19,13 @@ @RequiredArgsConstructor public class JWTFilter extends OncePerRequestFilter { - private final JWTProperties jwtProperties; + private final JWTUtil jwtUtil; private final MemberDetailsService memberDetailsService; + private static final String BEARER_PREFIX = "Bearer "; + private static final String TOKEN_TYPE = "ACCESS_TOKEN"; + @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, @@ -32,7 +33,7 @@ protected void doFilterInternal(HttpServletRequest request, try { // Bearer 토큰 확인 String bearerToken = resolveTokenFromHeader(request); - if (StringUtils.hasText(bearerToken) && jwtUtil.validateToken(bearerToken, "ACCESS_TOKEN")) { + if (isValidBearerToken(bearerToken)) { setAuthentication(bearerToken); } } catch (Exception e) { @@ -45,7 +46,7 @@ protected void doFilterInternal(HttpServletRequest request, private String resolveTokenFromHeader(HttpServletRequest request) { String bearerToken = request.getHeader("Authorization"); - if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) { + if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(BEARER_PREFIX)) { return bearerToken.substring(7); } return null; @@ -64,4 +65,10 @@ private void setAuthentication(String token) { SecurityContextHolder.getContext().setAuthentication(authentication); } + + private boolean isValidBearerToken(String token) { + return StringUtils.hasText(token) && + token.matches("^[A-Za-z0-9-_=]+\\.[A-Za-z0-9-_=]+\\.?[A-Za-z0-9-_.+/=]*$") && + jwtUtil.validateToken(token, TOKEN_TYPE); + } } \ No newline at end of file From 99593bc11d5aa1d81841311f654799e3035ee4a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E1=84=8B=E1=85=A9=E1=84=8B=E1=85=B2=E1=84=8E=E1=85=A1?= =?UTF-8?q?=E1=86=AB?= Date: Wed, 15 Jan 2025 18:23:11 +0900 Subject: [PATCH 6/6] =?UTF-8?q?:fire:=20properties=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/com/mycom/socket/auth/config/SecurityConfig.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/com/mycom/socket/auth/config/SecurityConfig.java b/src/main/java/com/mycom/socket/auth/config/SecurityConfig.java index 0ecda28..5295378 100644 --- a/src/main/java/com/mycom/socket/auth/config/SecurityConfig.java +++ b/src/main/java/com/mycom/socket/auth/config/SecurityConfig.java @@ -20,7 +20,6 @@ public class SecurityConfig{ private final JWTUtil jwtUtil; - private final JWTProperties properties; private final MemberDetailsService memberDetailsService; @Bean @@ -32,7 +31,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .formLogin(AbstractHttpConfigurer::disable) .addFilterBefore( - new JWTFilter(properties, jwtUtil, memberDetailsService), + new JWTFilter(jwtUtil, memberDetailsService), UsernamePasswordAuthenticationFilter.class )