Merge pull request #103 from codestates-seb/feat_be_profile

refactor: security configure & pakage

server/build.gradle

@@ -25,7 +25,6 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-validation'
 	implementation 'org.springframework.boot:spring-boot-starter-jdbc'
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
-	implementation 'org.springframework.boot:spring-boot-starter-data-redis'
 
 	implementation 'com.google.code.gson:gson'
 

server/src/main/java/com/main36/pikcha/domain/attraction/controller/AttractionController.java

@@ -5,14 +5,12 @@
 import com.main36.pikcha.domain.attraction.entity.Attraction;
 import com.main36.pikcha.domain.attraction.mapper.AttractionMapper;
 import com.main36.pikcha.domain.attraction.service.AttractionService;
-import com.main36.pikcha.domain.attraction_file.service.AttractionImageService;
 import com.main36.pikcha.domain.member.entity.Member;
 import com.main36.pikcha.domain.member.service.MemberService;
 import com.main36.pikcha.domain.post.dto.PostResponseDto;
 import com.main36.pikcha.domain.post.entity.Post;
 import com.main36.pikcha.domain.post.service.PostService;
 import com.main36.pikcha.global.aop.LoginUser;
-import com.main36.pikcha.global.security.jwt.JwtParser;
 
 import com.main36.pikcha.global.response.DataResponseDto;
 import com.main36.pikcha.global.response.MultiResponseDto;
@@ -26,8 +24,6 @@
 import org.springframework.web.bind.annotation.*;
 
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
 import javax.validation.constraints.Positive;
 import java.io.IOException;
 
@@ -228,9 +224,8 @@ public ResponseEntity<MultiResponseDto<?>> getSearchedAttractions(@Positive @Req
                 mapper.attractionsToAttractionResponseDtos(attractions), attractionPage), HttpStatus.OK);
     }
 
-
     // 6. 명소를 아예 삭제하는 요청을 처리하는 핸들러
-    @DeleteMapping("/{attraction-id}")
+    @DeleteMapping("/delete/{attraction-id}")
     public ResponseEntity<HttpStatus> deleteAttraction(@PathVariable("attraction-id") @Positive long attractionId) {
         attractionService.deleteAttraction(attractionId);
 

server/src/main/java/com/main36/pikcha/domain/attraction/service/AttractionService.java

@@ -2,9 +2,9 @@
 
 import com.main36.pikcha.domain.attraction.entity.Attraction;
 import com.main36.pikcha.domain.attraction.repository.AttractionRepository;
-import com.main36.pikcha.domain.attraction_file.service.AttractionImageService;
-import com.main36.pikcha.domain.attraction_likes.entity.AttractionLikes;
-import com.main36.pikcha.domain.attraction_likes.repository.AttractionLikesRepository;
+import com.main36.pikcha.domain.image.service.AttractionImageService;
+import com.main36.pikcha.domain.like.entity.AttractionLikes;
+import com.main36.pikcha.domain.like.repository.AttractionLikesRepository;
 import com.main36.pikcha.domain.member.entity.Member;
 import com.main36.pikcha.domain.save.entity.Save;
 import com.main36.pikcha.domain.save.repository.SaveRepository;

server/src/main/java/com/main36/pikcha/domain/attraction_file/entity/AttractionImage.java → server/src/main/java/com/main36/pikcha/domain/image/entity/AttractionImage.java

@@ -1,4 +1,4 @@
-package com.main36.pikcha.domain.attraction_file.entity;
+package com.main36.pikcha.domain.image.entity;
 
 import lombok.*;
 

server/src/main/java/com/main36/pikcha/domain/post_image/entity/PostImage.java → server/src/main/java/com/main36/pikcha/domain/image/entity/PostImage.java

@@ -1,4 +1,4 @@
-package com.main36.pikcha.domain.post_image.entity;
+package com.main36.pikcha.domain.image.entity;
 
 import com.main36.pikcha.domain.post.entity.Post;
 import lombok.Getter;

server/src/main/java/com/main36/pikcha/domain/attraction_file/repository/AttractionImageRepository.java → server/src/main/java/com/main36/pikcha/domain/image/repository/AttractionImageRepository.java

@@ -1,6 +1,6 @@
-package com.main36.pikcha.domain.attraction_file.repository;
+package com.main36.pikcha.domain.image.repository;
 
-import com.main36.pikcha.domain.attraction_file.entity.AttractionImage;
+import com.main36.pikcha.domain.image.entity.AttractionImage;
 import org.springframework.data.jpa.repository.JpaRepository;
 
 import java.util.Optional;

server/src/main/java/com/main36/pikcha/domain/post_image/repository/PostImageRepository.java → server/src/main/java/com/main36/pikcha/domain/image/repository/PostImageRepository.java

@@ -1,10 +1,7 @@
-package com.main36.pikcha.domain.post_image.repository;
+package com.main36.pikcha.domain.image.repository;
 
-import com.main36.pikcha.domain.post_image.entity.PostImage;
+import com.main36.pikcha.domain.image.entity.PostImage;
 import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.data.jpa.repository.Query;
-
-import java.util.List;
 
 
 public interface PostImageRepository extends JpaRepository<PostImage, Long> {

server/src/main/java/com/main36/pikcha/domain/attraction_file/service/AttractionImageService.java → server/src/main/java/com/main36/pikcha/domain/image/service/AttractionImageService.java

@@ -1,7 +1,7 @@
-package com.main36.pikcha.domain.attraction_file.service;
+package com.main36.pikcha.domain.image.service;
 
-import com.main36.pikcha.domain.attraction_file.entity.AttractionImage;
-import com.main36.pikcha.domain.attraction_file.repository.AttractionImageRepository;
+import com.main36.pikcha.domain.image.entity.AttractionImage;
+import com.main36.pikcha.domain.image.repository.AttractionImageRepository;
 import com.main36.pikcha.global.config.S3Service;
 import com.main36.pikcha.global.exception.BusinessLogicException;
 import com.main36.pikcha.global.exception.ExceptionCode;

server/src/main/java/com/main36/pikcha/domain/post_image/service/PostImageService.java → server/src/main/java/com/main36/pikcha/domain/image/service/PostImageService.java

@@ -1,7 +1,7 @@
-package com.main36.pikcha.domain.post_image.service;
+package com.main36.pikcha.domain.image.service;
 
-import com.main36.pikcha.domain.post_image.entity.PostImage;
-import com.main36.pikcha.domain.post_image.repository.PostImageRepository;
+import com.main36.pikcha.domain.image.entity.PostImage;
+import com.main36.pikcha.domain.image.repository.PostImageRepository;
 import com.main36.pikcha.global.config.S3Service;
 import com.main36.pikcha.global.exception.BusinessLogicException;
 import com.main36.pikcha.global.exception.ExceptionCode;

server/src/main/java/com/main36/pikcha/domain/attraction_likes/entity/AttractionLikes.java → server/src/main/java/com/main36/pikcha/domain/like/entity/AttractionLikes.java

@@ -1,4 +1,4 @@
-package com.main36.pikcha.domain.attraction_likes.entity;
+package com.main36.pikcha.domain.like.entity;
 
 import com.main36.pikcha.domain.attraction.entity.Attraction;
 import com.main36.pikcha.domain.member.entity.Member;

server/src/main/java/com/main36/pikcha/domain/post_likes/entity/PostLikes.java → server/src/main/java/com/main36/pikcha/domain/like/entity/PostLikes.java

@@ -1,4 +1,4 @@
-package com.main36.pikcha.domain.post_likes.entity;
+package com.main36.pikcha.domain.like.entity;
 
 
 import com.main36.pikcha.domain.member.entity.Member;

server/src/main/java/com/main36/pikcha/domain/attraction_likes/repository/AttractionLikesRepository.java → server/src/main/java/com/main36/pikcha/domain/like/repository/AttractionLikesRepository.java

@@ -1,7 +1,7 @@
-package com.main36.pikcha.domain.attraction_likes.repository;
+package com.main36.pikcha.domain.like.repository;
 
 import com.main36.pikcha.domain.attraction.entity.Attraction;
-import com.main36.pikcha.domain.attraction_likes.entity.AttractionLikes;
+import com.main36.pikcha.domain.like.entity.AttractionLikes;
 import com.main36.pikcha.domain.member.entity.Member;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Query;

server/src/main/java/com/main36/pikcha/domain/post_likes/repository/PostLikesRepository.java → server/src/main/java/com/main36/pikcha/domain/like/repository/PostLikesRepository.java

@@ -1,8 +1,8 @@
-package com.main36.pikcha.domain.post_likes.repository;
+package com.main36.pikcha.domain.like.repository;
 
 import com.main36.pikcha.domain.member.entity.Member;
 import com.main36.pikcha.domain.post.entity.Post;
-import com.main36.pikcha.domain.post_likes.entity.PostLikes;
+import com.main36.pikcha.domain.like.entity.PostLikes;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Query;
 

server/src/main/java/com/main36/pikcha/domain/post/controller/PostController.java

@@ -15,10 +15,9 @@
 import com.main36.pikcha.domain.post.service.PostService;
 
 
-import com.main36.pikcha.domain.post_image.entity.PostImage;
-import com.main36.pikcha.domain.post_image.service.PostImageService;
+import com.main36.pikcha.domain.image.entity.PostImage;
+import com.main36.pikcha.domain.image.service.PostImageService;
 import com.main36.pikcha.global.aop.LoginUser;
-import com.main36.pikcha.global.config.S3Service;
 
 
 import com.main36.pikcha.global.exception.BusinessLogicException;
@@ -35,7 +34,6 @@
 import org.springframework.web.multipart.MultipartFile;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.validation.Valid;
 import javax.validation.constraints.Positive;
 
 import java.io.IOException;

server/src/main/java/com/main36/pikcha/domain/post/entity/Post.java

@@ -4,7 +4,7 @@
 import com.main36.pikcha.domain.comment.entity.Comment;
 import com.main36.pikcha.domain.hashtag.entity.HashTag;
 import com.main36.pikcha.domain.member.entity.Member;
-import com.main36.pikcha.domain.post_image.entity.PostImage;
+import com.main36.pikcha.domain.image.entity.PostImage;
 import com.main36.pikcha.global.audit.Auditable;
 import lombok.*;
 

server/src/main/java/com/main36/pikcha/domain/post/mapper/PostMapper.java

@@ -5,11 +5,10 @@
 import com.main36.pikcha.domain.hashtag.entity.HashTag;
 import com.main36.pikcha.domain.post.dto.*;
 import com.main36.pikcha.domain.post.entity.Post;
-import com.main36.pikcha.domain.post_image.entity.PostImage;
+import com.main36.pikcha.domain.image.entity.PostImage;
 import org.mapstruct.Mapper;
 import org.mapstruct.MappingConstants;
 
-import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
 

server/src/main/java/com/main36/pikcha/domain/post/repository/PostRepository.java

@@ -1,8 +1,6 @@
 package com.main36.pikcha.domain.post.repository;
 
-import com.main36.pikcha.domain.attraction.entity.Attraction;
 import com.main36.pikcha.domain.post.entity.Post;
-import com.main36.pikcha.domain.post_image.entity.PostImage;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.jpa.repository.JpaRepository;

server/src/main/java/com/main36/pikcha/domain/post/service/PostService.java

@@ -1,19 +1,15 @@
 package com.main36.pikcha.domain.post.service;
 
 
-import com.amazonaws.AmazonServiceException;
-import com.main36.pikcha.domain.hashtag.entity.HashTag;
 import com.main36.pikcha.domain.member.entity.Member;
 
 
 import com.main36.pikcha.domain.post.entity.Post;
 import com.main36.pikcha.domain.post.repository.PostRepository;
-import com.main36.pikcha.domain.post_image.entity.PostImage;
-import com.main36.pikcha.domain.post_likes.entity.PostLikes;
-import com.main36.pikcha.domain.post_likes.repository.PostLikesRepository;
+import com.main36.pikcha.domain.like.entity.PostLikes;
+import com.main36.pikcha.domain.like.repository.PostLikesRepository;
 import com.main36.pikcha.global.exception.BusinessLogicException;
 import com.main36.pikcha.global.exception.ExceptionCode;
-import com.main36.pikcha.global.response.MultiResponseDto;
 import lombok.RequiredArgsConstructor;
 
 import org.springframework.data.domain.Page;
@@ -22,10 +18,7 @@
 import org.springframework.data.domain.Sort;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
-import org.springframework.web.multipart.MultipartFile;
 
-import java.io.IOException;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
 

server/src/main/java/com/main36/pikcha/global/security/SecurityConfiguration.java

@@ -0,0 +1,118 @@
+package com.main36.pikcha.global.security;
+
+
+import com.main36.pikcha.domain.member.repository.MemberRepository;
+import com.main36.pikcha.domain.member.service.MemberService;
+import com.main36.pikcha.global.security.filter.JwtAuthenticationFilter;
+import com.main36.pikcha.global.security.filter.JwtVerificationFilter;
+import com.main36.pikcha.global.security.jwt.JwtGenerator;
+import com.main36.pikcha.global.security.handler.*;
+import com.main36.pikcha.global.security.jwt.JwtParser;
+import com.main36.pikcha.global.security.oauth.OAuth2MemberSuccessHandler;
+import com.main36.pikcha.global.security.oauth.OauthService;
+import com.main36.pikcha.global.utils.CustomAuthorityUtils;
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+import java.util.List;
+
+import static org.springframework.boot.autoconfigure.security.servlet.PathRequest.toH2Console;
+
+
+@Configuration
+@RequiredArgsConstructor
+public class SecurityConfiguration {
+	private final JwtParser jwtParser;
+	private final JwtGenerator jwtGenerator;
+	private final CustomAuthorityUtils customAuthorityUtils;
+	private final MemberService memberService;
+	private final OauthService oauthService;
+
+	@Bean
+	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+		http
+
+				.httpBasic().disable()
+				.formLogin().disable()
+				.csrf().disable()
+				.headers().frameOptions().sameOrigin()
+
+				.and()
+				.cors().configurationSource(corsConfigurationSource())
+
+				.and()
+				.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+
+				.and()
+				.exceptionHandling()
+				.authenticationEntryPoint(new MemberAuthenticationEntryPoint())
+				.accessDeniedHandler(new MemberAccessDeniedHandler())
+
+				.and()
+				.apply(new CustomFilterConfigure())
+
+				.and()
+				.authorizeHttpRequests(authorize -> authorize
+						.requestMatchers(toH2Console()).permitAll()
+						.antMatchers("attractions/upload", "attractions/edit/**", "attractions/delete", "admin").hasRole("ADMIN")
+						.anyRequest().permitAll())
+
+				.oauth2Login(oauth2 -> oauth2
+						.successHandler(new OAuth2MemberSuccessHandler(customAuthorityUtils, memberService, jwtGenerator))
+						.userInfoEndpoint()
+						.userService(oauthService));
+
+		return http.build();
+	}
+
+	@Bean
+	CorsConfigurationSource corsConfigurationSource() {
+		CorsConfiguration configuration = new CorsConfiguration();
+		configuration.setAllowedOrigins(
+				List.of(
+						"http://localhost:3000",
+						"http://pikcha36.o-r.kr/",
+						"https://pikcha36.o-r.kr/")
+		);
+		configuration.setAllowCredentials(true);
+		configuration.addExposedHeader("Authorization");
+		configuration.addAllowedHeader("*");
+		configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PATCH", "DELETE"));
+
+		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+		source.registerCorsConfiguration("/**", configuration);
+
+		return source;
+	}
+
+	public class CustomFilterConfigure extends AbstractHttpConfigurer<CustomFilterConfigure, HttpSecurity> {
+		@Override
+		public void configure(HttpSecurity builder) throws Exception {
+			AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
+
+			JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(jwtGenerator, authenticationManager);
+			jwtAuthenticationFilter.setFilterProcessesUrl("/login");
+			jwtAuthenticationFilter.setAuthenticationSuccessHandler(new MemberAuthenticationSuccessHandler());
+			jwtAuthenticationFilter.setAuthenticationFailureHandler(new MemberAuthenticationFailureHandler());
+
+			JwtVerificationFilter jwtVerificationFilter = new JwtVerificationFilter(jwtGenerator, jwtParser);
+
+			builder
+					.addFilter(jwtAuthenticationFilter)
+					.addFilterAfter(jwtVerificationFilter, OAuth2LoginAuthenticationFilter.class);
+
+		}
+	}
+}
+