[Spring MVC] 김준수 미션 제출합니다.

README.md

@@ -0,0 +1,25 @@
+## 요구사항 분석
+### 1단계 - 로그인
+- 로그인 기능을 구현하세요.
+- 로그인 후 Cookie를 이용하여 사용자의 정보를 조회하는 API를 구현하세요.
+#### 로그인 기능
+- 아래의 request와 response 요구사항에 따라 /login에 email, password 값을 body에 포함하세요.
+- 응답에 Cookie에 "token"값으로 토큰이 포함되도록 하세요.
+#### 인증 정보 조회
+- 상단바 우측 로그인 상태를 표현해주기 위해 사용자의 정보를 조회하는 API를 구현하세요.
+- Cookie를 이용하여 로그인 사용자의 정보확인하세요.
+
+### 2단계 - 로그인 리팩터링
+- 사용자의 정보를 조회하는 로직을 리팩터링 합니다.
+- 예약 생성 API 및 기능을 리팩터링 합니다. 
+#### 로그인 리팩터링
+- Cookie에 담긴 인증 정보를 이용해서 멤버 객체를 만드는 로직을 분리합니다.
+  - HandlerMethodArgumentResolver을 활용하면 회원정보를 객체를 컨트롤러 메서드에 주입할 수 있습니다.
+#### 예약 생성 기능 변경
+- 예약 생성 시 ReservationReqeust의 name이 없는 경우 Cookie에 담긴 정보를 활용하도록 리팩터링 합니다.
+  - ReservationReqeust에 name값이 있으면 name으로 Member를 찾고
+  - 없으며 로그인 정보를 활용해서 Member를 찾도록 수정합니다.
+
+### 3단계 - 관리자 기능
+- 어드민 페이지 진입은 admin권한이 있는 사람만 할 수 있도록 제한하세요.
+- HandlerInterceptor를 활용하여 권한이 없는 경우 401코드를 응답하세요.

src/main/java/roomescape/auth/AuthAdminInteceptor.java

@@ -0,0 +1,31 @@
+package roomescape.auth;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+import roomescape.infrastructure.JwtTokenUtil;
+import roomescape.member.Member;
+import roomescape.member.MemberService;
+
+@Component
+public class AuthAdminInteceptor implements HandlerInterceptor {
+    private MemberService memberService;
+    private JwtTokenUtil jwtTokenUtil;
+
+    public AuthAdminInteceptor(MemberService memberService, JwtTokenUtil jwtTokenUtil) {
+        this.memberService = memberService;
+        this.jwtTokenUtil = jwtTokenUtil;
+    }
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        Long memberId = jwtTokenUtil.getPayload(request);
+        Member member = memberService.findMemberById(memberId);
+        if (member == null || !member.getRole().equals("ADMIN")) {
+            response.setStatus(401);
+            return false;
+        }
+        return true;
+    }
+}

src/main/java/roomescape/auth/AuthConfig.java

@@ -0,0 +1,29 @@
+package roomescape.auth;
+
+import java.util.List;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import roomescape.infrastructure.LoginMemberArgumentResolver;
+
+@Configuration
+public class AuthConfig implements WebMvcConfigurer {
+    private final LoginMemberArgumentResolver loginMemberArgumentResolver;
+    private final AuthAdminInteceptor authAdminInteceptor;
+
+    public AuthConfig(LoginMemberArgumentResolver loginMemberArgumentResolver, AuthAdminInteceptor authAdminInteceptor) {
+        this.loginMemberArgumentResolver = loginMemberArgumentResolver;
+        this.authAdminInteceptor = authAdminInteceptor;
+    }
+
+    @Override
+    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
+        resolvers.add(loginMemberArgumentResolver);
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(authAdminInteceptor);
+    }
+}

src/main/java/roomescape/auth/AuthService.java

@@ -0,0 +1,41 @@
+package roomescape.auth;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.stereotype.Service;
+import roomescape.infrastructure.JwtTokenUtil;
+import roomescape.member.Member;
+import roomescape.member.MemberDao;
+import roomescape.token.TokenRequest;
+import roomescape.token.TokenResponse;
+
+@Service
+public class AuthService {
+    private JwtTokenUtil jwtTokenUtil;
+    private MemberDao memberDao;
+
+    public AuthService(JwtTokenUtil jwtTokenUtil, MemberDao memberDao) {
+        this.jwtTokenUtil = jwtTokenUtil;
+        this.memberDao = memberDao;
+    }
+
+    public Member checkInvalidLogin(String principal, String credentials) {
+        Member member = null;
+        try {
+        member = memberDao.findByEmailAndPassword(principal, credentials);
+        } catch(AuthorizationException e) {
+            e.printStackTrace();
+        }
+        return member;
+    }
+
+    public Long findMemberIdByToken(HttpServletRequest request) {
+        return jwtTokenUtil.getPayload(request);
+    }
+
+    public TokenResponse createToken(TokenRequest tokenRequest) {
+        Member member = checkInvalidLogin(tokenRequest.getEmail(), tokenRequest.getPassword());
+        String accessToken = jwtTokenUtil.createToken(member);
+        return new TokenResponse(accessToken);
+    }
+}

src/main/java/roomescape/auth/AuthorizationException.java

@@ -0,0 +1,14 @@
+package roomescape.auth;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(HttpStatus.UNAUTHORIZED)
+public class AuthorizationException extends RuntimeException {
+    public AuthorizationException() {
+    }
+
+    public AuthorizationException(String message) {
+        super(message);
+    }
+}

src/main/java/roomescape/infrastructure/JwtTokenUtil.java

@@ -0,0 +1,65 @@
+package roomescape.infrastructure;
+
+import io.jsonwebtoken.*;
+import io.jsonwebtoken.security.Keys;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import java.util.Date;
+import roomescape.member.Member;
+
+@Component
+public class JwtTokenUtil {
+    @Value("${security.jwt.token.secret-key}")
+    private String secretKey;
+    @Value("${security.jwt.token.expire-length}")
+    private long validityInMilliseconds;
+
+    public String createToken(Member member) {
+        Date now = new Date();
+        Date validity = new Date(now.getTime() + validityInMilliseconds);
+
+        return Jwts.builder()
+                .setSubject(member.getId().toString())
+                .claim("email", member.getEmail())
+                .claim("name", member.getName())
+                .claim("role", member.getRole())
+                .setIssuedAt(now)
+                .setExpiration(validity)
+                .signWith(Keys.hmacShaKeyFor(secretKey.getBytes()))
+                .compact();
+    }
+
+    public Long getPayload(HttpServletRequest request) {
+        String token = extractTokenFromCookie(request);
+         return Long.valueOf(Jwts.parserBuilder()
+                .setSigningKey(Keys.hmacShaKeyFor(secretKey.getBytes()))
+                .build()
+                .parseClaimsJws(token)
+                .getBody().getSubject());
+    }
+
+    public boolean validateToken(String token) {
+        try {
+            Jws<Claims> claims = Jwts.parser()
+                    .setSigningKey(secretKey)
+                    .parseClaimsJws(token);
+
+            return !claims.getBody().getExpiration().before(new Date());
+        } catch (JwtException | IllegalArgumentException e) {
+            return false;
+        }
+    }
+
+    private String extractTokenFromCookie(HttpServletRequest request) {
+        Cookie[] cookies = request.getCookies();
+        for (Cookie cookie : cookies) {
+            if (cookie.getName().equals("token")) {
+                return cookie.getValue();
+            }
+        }
+        return "";
+    }
+}

src/main/java/roomescape/infrastructure/LoginMemberArgumentResolver.java

@@ -0,0 +1,41 @@
+package roomescape.infrastructure;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.core.MethodParameter;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+import roomescape.member.LoginMember;
+import roomescape.member.Member;
+import roomescape.member.MemberService;
+
+@Component
+public class LoginMemberArgumentResolver implements HandlerMethodArgumentResolver {
+    private MemberService memberService;
+    private JwtTokenUtil jwtTokenUtil;
+
+    public LoginMemberArgumentResolver(MemberService memberService, JwtTokenUtil jwtTokenUtil) {
+        this.memberService = memberService;
+        this.jwtTokenUtil = jwtTokenUtil;
+    }
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.getParameterType().equals(LoginMember.class);
+    }
+
+    @Override
+    public Object resolveArgument(MethodParameter parameter,
+                                  ModelAndViewContainer mavContainer,
+                                  NativeWebRequest webRequest,
+                                  WebDataBinderFactory binderFactory) throws Exception {
+        HttpServletRequest httpServletRequest = (HttpServletRequest) webRequest.getNativeRequest();
+
+        Long memberId = jwtTokenUtil.getPayload(httpServletRequest);
+        Member member = memberService.findMemberById(memberId);
+
+        return new LoginMember(member.getId(), member.getName(), member.getEmail(), member.getRole());
+    }
+}

src/main/java/roomescape/member/LoginMember.java

@@ -0,0 +1,31 @@
+package roomescape.member;
+
+public class LoginMember {
+    private Long id;
+    private String name;
+    private String email;
+    private String role;
+
+    public LoginMember(Long id, String name, String email, String role) {
+        this.id = id;
+        this.name = name;
+        this.email = email;
+        this.role = role;
+    }
+
+    public Long getId() {
+        return id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public String getEmail() {
+        return email;
+    }
+
+    public String getRole() {
+        return role;
+    }
+}

src/main/java/roomescape/member/MemberController.java

@@ -10,13 +10,18 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import java.net.URI;
+import roomescape.auth.AuthService;
+import roomescape.token.TokenRequest;
+import roomescape.token.TokenResponse;
 
 @RestController
 public class MemberController {
     private MemberService memberService;
+    private AuthService authService;
 
-    public MemberController(MemberService memberService) {
+    public MemberController(MemberService memberService, AuthService authService) {
         this.memberService = memberService;
+        this.authService = authService;
     }
 
     @PostMapping("/members")
@@ -25,6 +30,31 @@ public ResponseEntity createMember(@RequestBody MemberRequest memberRequest) {
         return ResponseEntity.created(URI.create("/members/" + member.getId())).body(member);
     }
 
+    @PostMapping("/login")
+    public ResponseEntity login(@RequestBody TokenRequest request, HttpServletResponse response) {
+        TokenResponse tokenResponse = authService.createToken(request);
+
+        Cookie cookie = new Cookie("token", tokenResponse.getAccessToken());
+        cookie.setHttpOnly(true);
+        cookie.setPath("/");
+        response.addCookie(cookie);
+
+        // HttpHeaders 객체 생성
+//        HttpHeaders headers = new HttpHeaders();
+//        headers.add("Set-Cookie", "token=" + tokenResponse.getAccessToken() + "; Path=/; HttpOnly");
+
+        return ResponseEntity.ok().build();
+    }
+
+    @GetMapping("/login/check")
+    public ResponseEntity<MemberResponse> checkLogin(HttpServletRequest request) {
+        Long memberId = authService.findMemberIdByToken(request);
+        Member member = memberService.findMemberById(memberId);
+        MemberResponse response = new MemberResponse(member.getName());
+        return ResponseEntity.ok()
+                .body(response);
+    }
+
     @PostMapping("/logout")
     public ResponseEntity logout(HttpServletResponse response) {
         Cookie cookie = new Cookie("token", "");

src/main/java/roomescape/member/MemberDao.java

@@ -52,4 +52,17 @@ public Member findByName(String name) {
                 name
         );
     }
+
+    public Member findById(Long id) {
+        return jdbcTemplate.queryForObject(
+                "SELECT id, name, email, role FROM member WHERE id = ?",
+                (rs, rowNum) -> new Member(
+                        rs.getLong("id"),
+                        rs.getString("name"),
+                        rs.getString("email"),
+                        rs.getString("role")
+                ),
+                id
+        );
+    }
 }

src/main/java/roomescape/member/MemberResponse.java

@@ -1,10 +1,17 @@
 package roomescape.member;
 
+import com.fasterxml.jackson.annotation.JsonInclude;
+
+@JsonInclude(JsonInclude.Include.NON_NULL)
 public class MemberResponse {
     private Long id;
     private String name;
     private String email;
 
+    public MemberResponse(String name) {
+        this.name = name;
+    }
+
     public MemberResponse(Long id, String name, String email) {
         this.id = id;
         this.name = name;

src/main/java/roomescape/member/MemberService.java

@@ -14,4 +14,8 @@ public MemberResponse createMember(MemberRequest memberRequest) {
         Member member = memberDao.save(new Member(memberRequest.getName(), memberRequest.getEmail(), memberRequest.getPassword(), "USER"));
         return new MemberResponse(member.getId(), member.getName(), member.getEmail());
     }
+
+    public Member findMemberById(Long memberId) {
+        return memberDao.findById(memberId);
+    }
 }