Merge pull request #20 from Central-MakeUs/refactor/19

Refactor/19: spring security 리팩토링

.github/workflows/dev_deploy_beanstalk.yml

@@ -33,6 +33,9 @@ jobs:
           spring.datasource.url: ${{ secrets.DB_URL }}
           spring.datasource.username: ${{ secrets.DB_USER }}
           spring.datasource.password: ${{ secrets.DB_PASSWORD }}
+          spring.datasource.driver-class-name: ${{ secrets.DB_DRIVER }}
+          jwt.token.secret: ${{ secrets.JWT_TOKEN_SECRET }}
+          jwt.token.expiration: ${{ secrets.ACCESS_EXPIRY_SECONDS }}
 
       # gradlew 실행 권한 부여
       - name: Grant execute permission for gradlew

src/main/java/com/cmc/suppin/global/enums/UserRole.java

@@ -0,0 +1,6 @@
+package com.cmc.suppin.global.enums;
+
+public enum UserRole {
+    ROLE_ADMIN,
+    ROLE_USER
+}

src/main/java/com/cmc/suppin/global/enums/UserStatus.java

@@ -0,0 +1,5 @@
+package com.cmc.suppin.global.enums;
+
+public enum UserStatus {
+    ACTIVE, INACTIVE, DELETED
+}

src/main/java/com/cmc/suppin/global/exception/BaseErrorCode.java

@@ -1,8 +1,13 @@
 package com.cmc.suppin.global.exception;
 
+import com.cmc.suppin.global.response.ErrorResponse;
+import org.springframework.http.HttpStatus;
+
 public interface BaseErrorCode {
 
-    public ErrorReasonDTO getReason();
+    ErrorResponse getErrorResponse();
+
+    String getMessage();
 
-    public ErrorReasonDTO getReasonHttpStatus();
+    HttpStatus getStatus();
 }

src/main/java/com/cmc/suppin/global/exception/CommonErrorCode.java

@@ -0,0 +1,37 @@
+package com.cmc.suppin.global.exception;
+
+import com.cmc.suppin.global.response.ErrorResponse;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import org.springframework.http.HttpStatus;
+
+@Getter
+@AllArgsConstructor
+public enum CommonErrorCode implements BaseErrorCode {
+
+    // 가장 일반적인 에러
+    _INTERNAL_SERVER_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "COMMON500", "서버 에러, 관리자에게 문의 바랍니다."),
+    _BAD_REQUEST(HttpStatus.BAD_REQUEST, "COMMON400", "잘못된 요청입니다."),
+    _FORBIDDEN(HttpStatus.FORBIDDEN, "COMMON403", "금지된 요청입니다."),
+
+    // test
+    TEMP_EXCEPTION(HttpStatus.BAD_REQUEST, "TEMP4001", "테스트"),
+
+    // 페이징 관련 에러
+    PAGE_NEGATIVE_INPUT(HttpStatus.BAD_REQUEST, "PAGE4001", "페이지 번호는 1이상의 숫자여야 합니다."),
+    ;
+
+    private final HttpStatus httpStatus;
+    private final String code;
+    private final String message;
+
+    @Override
+    public ErrorResponse getErrorResponse() {
+        return null;
+    }
+
+    @Override
+    public HttpStatus getStatus() {
+        return null;
+    }
+}

src/main/java/com/cmc/suppin/global/exception/CustomException.java

@@ -0,0 +1,14 @@
+package com.cmc.suppin.global.exception;
+
+import lombok.Getter;
+
+@Getter
+public class CustomException extends RuntimeException {
+
+    private final BaseErrorCode errorCode;
+
+    public CustomException(BaseErrorCode errorCode) {
+        super(errorCode.getMessage());
+        this.errorCode = errorCode;
+    }
+}

src/main/java/com/cmc/suppin/global/exception/MemberErrorCode.java

@@ -0,0 +1,30 @@
+package com.cmc.suppin.global.exception;
+
+import com.cmc.suppin.global.response.ErrorResponse;
+import lombok.Getter;
+import org.springframework.http.HttpStatus;
+
+@Getter
+public enum MemberErrorCode implements BaseErrorCode {
+    MEMBER_NOT_FOUND("mem-404/01", HttpStatus.NOT_FOUND, "회원을 찾을 수 없습니다."),
+    VALIDATION_FAILED("mem-400/01", HttpStatus.BAD_REQUEST, "입력값에 대한 검증에 실패했습니다."),
+    MEMBER_ALREADY_DELETED("mem-400/02", HttpStatus.BAD_REQUEST, "탈퇴한 회원입니다."),
+    PASSWORD_CONFIRM_NOT_MATCHED("mem-400/03", HttpStatus.BAD_REQUEST, "비밀번호가 확인이 일치하지 않습니다."),
+    DUPLICATE_MEMBER_EMAIL("mem-409/01", HttpStatus.CONFLICT, "이미 존재하는 이메일입니다."),
+    DUPLICATE_NICKNAME("mem-409/01", HttpStatus.CONFLICT, "이미 존재하는 닉네임입니다.");
+
+    private final String code;
+    private final HttpStatus status;
+    private final String message;
+
+    MemberErrorCode(String code, HttpStatus status, String message) {
+        this.code = code;
+        this.status = status;
+        this.message = message;
+    }
+
+    @Override
+    public ErrorResponse getErrorResponse() {
+        return ErrorResponse.of(code, message);
+    }
+}

src/main/java/com/cmc/suppin/global/exception/SecurityErrorCode.java

@@ -0,0 +1,32 @@
+package com.cmc.suppin.global.exception;
+
+import com.cmc.suppin.global.response.ErrorResponse;
+import lombok.Getter;
+import org.springframework.http.HttpStatus;
+
+@Getter
+public enum SecurityErrorCode implements BaseErrorCode {
+    INVALID_TOKEN("sec-400/01", HttpStatus.BAD_REQUEST, "유효하지 않은 토큰입니다."),
+    INVALID_OAUTH_CODE("sec-400/02", HttpStatus.BAD_REQUEST, "유효하지 않은 소셜 로그인 코드입니다."),
+    UNAUTHORIZED("sec-401/01", HttpStatus.UNAUTHORIZED, "로그인 해주세요."),
+    ACCESS_TOKEN_EXPIRED("sec-401/02", HttpStatus.UNAUTHORIZED, "토큰이 만료되었습니다"),
+    REFRESH_TOKEN_EXPIRED("sec-401/03", HttpStatus.UNAUTHORIZED, "다시 로그인 해주세요."),
+    ALREADY_LOGOUT("sec-401/04", HttpStatus.UNAUTHORIZED, "로그아웃 상태로 재로그인이 필요합니다."),
+    FORBIDDEN("sec-403/01", HttpStatus.FORBIDDEN, "권한이 없습니다"),
+    OAUTH_LOGIN_FAILED("sec-500", HttpStatus.INTERNAL_SERVER_ERROR, "소셜 로그인 중 오류가 발생했습니다. 관리자에게 문의하세요.");
+
+    private final String code;
+    private final HttpStatus status;
+    private final String message;
+
+    SecurityErrorCode(String code, HttpStatus status, String message) {
+        this.code = code;
+        this.status = status;
+        this.message = message;
+    }
+
+    @Override
+    public ErrorResponse getErrorResponse() {
+        return ErrorResponse.of(code, message);
+    }
+}

src/main/java/com/cmc/suppin/global/exception/handler/GlobalExceptionHandler.java

@@ -1,4 +1,45 @@
 package com.cmc.suppin.global.exception.handler;
 
+import com.cmc.suppin.global.exception.BaseErrorCode;
+import com.cmc.suppin.global.exception.CustomException;
+import com.cmc.suppin.global.response.ErrorResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.validation.BindingResult;
+import org.springframework.validation.FieldError;
+import org.springframework.web.bind.MethodArgumentNotValidException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+import java.util.List;
+
+@Slf4j
+@RestControllerAdvice
 public class GlobalExceptionHandler {
+
+    @ExceptionHandler(CustomException.class)
+    protected ResponseEntity<ErrorResponse> handleCustomException(CustomException e) {
+        log.warn(">>>>> Custom Exception: ", e);
+        BaseErrorCode errorCode = e.getErrorCode();
+        return ResponseEntity.status(errorCode.getStatus())
+                .body(errorCode.getErrorResponse());
+    }
+
+    @ExceptionHandler(MethodArgumentNotValidException.class)
+    protected ResponseEntity<ErrorResponse> handleMethodArgumentNotValidException(MethodArgumentNotValidException e) {
+        log.warn(">>>>> Validation Failed: ", e);
+        BindingResult bindingResult = e.getBindingResult();
+        List<FieldError> fieldErrors = bindingResult.getFieldErrors();
+        ErrorResponse errorResponse = ErrorResponse.of("400", "입력값에 대한 검증에 실패했습니다.");
+        fieldErrors.forEach(error -> errorResponse.addValidation(error.getField(), error.getDefaultMessage()));
+        return ResponseEntity.status(e.getStatusCode()).body(errorResponse);
+    }
+
+    @ExceptionHandler(Exception.class)
+    protected ResponseEntity<ErrorResponse> handleGlobalException(Exception e) {
+        log.error(">>>>> Internal Server Error: ", e);
+        ErrorResponse errorResponse = ErrorResponse.of("500", e.getMessage());
+        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(errorResponse);
+    }
 }