Merge pull request #81 from Team-Shaka/refactor/80

♻️ Refactor : Spring Security 인증 추가

build.gradle

@@ -1,6 +1,6 @@
 plugins {
     id 'java'
-    id 'org.springframework.boot' version '3.2.1'
+    id 'org.springframework.boot' version '3.1.4'
     id 'io.spring.dependency-management' version '1.1.4'
     id 'org.jetbrains.kotlin.jvm'
 }
@@ -47,6 +47,12 @@ dependencies {
     // aws s3
     implementation 'org.springframework.cloud:spring-cloud-starter-aws:2.2.6.RELEASE'
 
+    // spring security
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+
+    // jackson
+    implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.9.8'
+
     runtimeOnly 'com.h2database:h2'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8"

src/main/java/org/example/tree/domain/comment/controller/CommentController.java

@@ -1,11 +1,14 @@
 package org.example.tree.domain.comment.controller;
 
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
 import lombok.RequiredArgsConstructor;
 import org.example.tree.domain.comment.dto.CommentRequestDTO;
 import org.example.tree.domain.comment.dto.CommentResponseDTO;
 import org.example.tree.domain.comment.service.CommentService;
+import org.example.tree.domain.member.entity.Member;
 import org.example.tree.global.common.ApiResponse;
+import org.example.tree.global.security.handler.annotation.AuthMember;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -20,12 +23,11 @@ public class CommentController {
     public ApiResponse createComment(
             @PathVariable final Long treeId,
             @PathVariable final Long postId,
-            @RequestHeader("Authorization") final String header,
-            @RequestBody final CommentRequestDTO.createComment request
+            @RequestBody final CommentRequestDTO.createComment request,
+            @AuthMember @Parameter(hidden = true) Member member
 
-    ) {
-        String token = header.replace("Bearer ", "");
-        commentService.createComment(treeId, postId, request, token);
+            ) {
+        commentService.createComment(treeId, postId, request, member);
         return ApiResponse.onSuccess("");
     }
 
@@ -34,10 +36,9 @@ public ApiResponse createComment(
     public ApiResponse<List<CommentResponseDTO.getComment>> getComments(
             @PathVariable final Long treeId,
             @PathVariable final Long postId,
-            @RequestHeader("Authorization") final String header
+            @AuthMember @Parameter(hidden = true) Member member
     ) {
-        String token = header.replace("Bearer ", "");
-        return ApiResponse.onSuccess(commentService.getComments(treeId, postId, token));
+        return ApiResponse.onSuccess(commentService.getComments(treeId, postId, member));
     }
 
     @PatchMapping("/trees/{treeId}/feed/posts/{postId}/comments/{commentId}")
@@ -46,11 +47,10 @@ public ApiResponse updateComment(
             @PathVariable final Long treeId,
             @PathVariable final Long postId,
             @PathVariable final Long commentId,
-            @RequestHeader("Authorization") final String header,
-            @RequestBody final CommentRequestDTO.updateComment request
+            @RequestBody final CommentRequestDTO.updateComment request,
+            @AuthMember @Parameter(hidden = true) Member member
     ) {
-        String token = header.replace("Bearer ", "");
-        commentService.updateComment(treeId, postId, commentId, request, token);
+        commentService.updateComment(treeId, postId, commentId, request, member);
         return ApiResponse.onSuccess("");
     }
 
@@ -60,10 +60,9 @@ public ApiResponse deleteComment(
             @PathVariable final Long treeId,
             @PathVariable final Long postId,
             @PathVariable final Long commentId,
-            @RequestHeader("Authorization") final String header
+            @AuthMember @Parameter(hidden = true) Member member
     ) {
-        String token = header.replace("Bearer ", "");
-        commentService.deleteComment(treeId, postId, commentId, token);
+        commentService.deleteComment(treeId, postId, commentId, member);
         return ApiResponse.onSuccess("");
     }
 }

src/main/java/org/example/tree/domain/comment/controller/ReplyController.java

@@ -1,10 +1,13 @@
 package org.example.tree.domain.comment.controller;
 
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
 import lombok.RequiredArgsConstructor;
 import org.example.tree.domain.comment.dto.ReplyRequestDTO;
 import org.example.tree.domain.comment.service.ReplyService;
+import org.example.tree.domain.member.entity.Member;
 import org.example.tree.global.common.ApiResponse;
+import org.example.tree.global.security.handler.annotation.AuthMember;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
@@ -17,11 +20,10 @@ public class ReplyController {
     public ApiResponse createReply(
             @PathVariable final Long treeId,
             @PathVariable final Long commentId,
-            @RequestHeader("Authorization") final String header,
-            @RequestBody final ReplyRequestDTO.createReply request
-    ) {
-        String token = header.replace("Bearer ", "");
-        replyService.createReply(treeId, commentId, request, token);
+            @RequestBody final ReplyRequestDTO.createReply request,
+            @AuthMember @Parameter(hidden = true) Member member
+            ) {
+        replyService.createReply(treeId, commentId, request, member);
         return ApiResponse.onSuccess("");
     }
 
@@ -31,11 +33,10 @@ public ApiResponse updateReply(
             @PathVariable final Long treeId,
             @PathVariable final Long commentId,
             @PathVariable final Long replyId,
-            @RequestHeader("Authorization") final String header,
-            @RequestBody final ReplyRequestDTO.updateReply request
+            @RequestBody final ReplyRequestDTO.updateReply request,
+            @AuthMember @Parameter(hidden = true) Member member
     ) {
-        String token = header.replace("Bearer ", "");
-        replyService.updateReply(treeId, commentId, replyId, request, token);
+        replyService.updateReply(treeId, commentId, replyId, request, member);
         return ApiResponse.onSuccess("");
     }
 
@@ -45,10 +46,9 @@ public ApiResponse deleteReply(
             @PathVariable final Long treeId,
             @PathVariable final Long commentId,
             @PathVariable final Long replyId,
-            @RequestHeader("Authorization") final String header
+            @AuthMember @Parameter(hidden = true) Member member
     ) {
-        String token = header.replace("Bearer ", "");
-        replyService.deleteReply(treeId, commentId, replyId, token);
+        replyService.deleteReply(treeId, commentId, replyId, member);
         return ApiResponse.onSuccess("");
     }
 

src/main/java/org/example/tree/domain/comment/service/CommentService.java

@@ -7,6 +7,7 @@
 import org.example.tree.domain.comment.dto.CommentResponseDTO;
 import org.example.tree.domain.comment.dto.ReplyResponseDTO;
 import org.example.tree.domain.comment.entity.Comment;
+import org.example.tree.domain.member.entity.Member;
 import org.example.tree.domain.notification.entity.NotificationType;
 import org.example.tree.domain.notification.service.NotificationService;
 import org.example.tree.domain.post.entity.Post;
@@ -35,8 +36,8 @@ public class CommentService {
     private final NotificationService notificationService;
 
     @Transactional
-    public void createComment(Long treeId, Long postId, CommentRequestDTO.createComment request, String token) {
-        Profile profile = profileService.getTreeProfile(token, treeId);
+    public void createComment(Long treeId, Long postId, CommentRequestDTO.createComment request, Member member) {
+        Profile profile = profileService.getTreeProfile(member, treeId);
         Post post = postQueryService.findById(postId);
         Comment comment = commentConverter.toComment(request.getContent(), profile, post);
         post.increaseCommentCount();
@@ -46,22 +47,22 @@ public void createComment(Long treeId, Long postId, CommentRequestDTO.createComm
     }
 
     @Transactional
-    public List<CommentResponseDTO.getComment> getComments(Long treeId, Long postId, String token) {
-        Profile profile = profileService.getTreeProfile(token, treeId);
+    public List<CommentResponseDTO.getComment> getComments(Long treeId, Long postId, Member member) {
+        Profile profile = profileService.getTreeProfile(member, treeId);
         Post post = postQueryService.findById(postId);
         List<Comment> comments = commentQueryService.getComments(post);
         return comments.stream()
                 .map(comment -> {
-                    List<ReactionResponseDTO.getReaction> reactions = reactionService.getCommentReactions(treeId, comment.getId(), token);
+                    List<ReactionResponseDTO.getReaction> reactions = reactionService.getCommentReactions(treeId, comment.getId(), member);
                     List<ReplyResponseDTO.getReply> repliesForComment = replyService.getReplies(comment);
                     return commentConverter.toGetComment(comment, reactions, repliesForComment); // toGetComment 메서드 수정 필요
                 })
                 .collect(Collectors.toList());
     }
 
     @Transactional
-    public void updateComment(Long treeId, Long postId, Long commentId, CommentRequestDTO.updateComment request, String token) {
-        Profile profile = profileService.getTreeProfile(token, treeId);
+    public void updateComment(Long treeId, Long postId, Long commentId, CommentRequestDTO.updateComment request, Member member) {
+        Profile profile = profileService.getTreeProfile(member, treeId);
         Post post = postQueryService.findById(postId);
         Comment comment = commentQueryService.findById(commentId);
         if (!comment.getProfile().getId().equals(profile.getId())) {
@@ -71,8 +72,8 @@ public void updateComment(Long treeId, Long postId, Long commentId, CommentReque
     }
 
     @Transactional
-    public void deleteComment(Long treeId, Long postId, Long commentId, String token) {
-        Profile profile = profileService.getTreeProfile(token, treeId);
+    public void deleteComment(Long treeId, Long postId, Long commentId, Member member) {
+        Profile profile = profileService.getTreeProfile(member, treeId);
         Post post = postQueryService.findById(postId);
         Comment comment = commentQueryService.findById(commentId);
         if (!comment.getProfile().getId().equals(profile.getId())) {

src/main/java/org/example/tree/domain/comment/service/ReplyService.java

@@ -7,6 +7,7 @@
 import org.example.tree.domain.comment.dto.ReplyResponseDTO;
 import org.example.tree.domain.comment.entity.Comment;
 import org.example.tree.domain.comment.entity.Reply;
+import org.example.tree.domain.member.entity.Member;
 import org.example.tree.domain.profile.entity.Profile;
 import org.example.tree.domain.profile.service.ProfileService;
 import org.example.tree.domain.reaction.dto.ReactionResponseDTO;
@@ -29,8 +30,8 @@ public class ReplyService {
     private final ReactionService reactionService;
 
     @Transactional
-    public void createReply(Long treeId, Long commentId, ReplyRequestDTO.createReply request, String token) {
-        Profile profile = profileService.getTreeProfile(token, treeId);
+    public void createReply(Long treeId, Long commentId, ReplyRequestDTO.createReply request, Member member) {
+        Profile profile = profileService.getTreeProfile(member, treeId);
         Comment comment = commentQueryService.findById(commentId);
         Reply reply = replyConverter.toReply(request.getContent(), profile, comment);
         replyCommandService.createReply(reply);
@@ -48,8 +49,8 @@ public List<ReplyResponseDTO.getReply> getReplies(Comment comment) {
     }
 
     @Transactional
-    public void updateReply(Long treeId, Long commentId, Long replyId, ReplyRequestDTO.updateReply request, String token) {
-        Profile profile = profileService.getTreeProfile(token, treeId);
+    public void updateReply(Long treeId, Long commentId, Long replyId, ReplyRequestDTO.updateReply request, Member member) {
+        Profile profile = profileService.getTreeProfile(member, treeId);
         Comment comment = commentQueryService.findById(commentId);
         Reply reply = replyQueryService.findById(replyId);
         if (!reply.getProfile().getId().equals(profile.getId())) {
@@ -59,8 +60,8 @@ public void updateReply(Long treeId, Long commentId, Long replyId, ReplyRequestD
     }
 
     @Transactional
-    public void deleteReply(Long treeId, Long commentId, Long replyId, String token) {
-        Profile profile = profileService.getTreeProfile(token, treeId);
+    public void deleteReply(Long treeId, Long commentId, Long replyId, Member member) {
+        Profile profile = profileService.getTreeProfile(member, treeId);
         Comment comment = commentQueryService.findById(commentId);
         Reply reply = replyQueryService.findById(replyId);
         if (!reply.getProfile().getId().equals(profile.getId())) {

src/main/java/org/example/tree/domain/member/controller/MemberController.java

@@ -35,6 +35,4 @@ public ApiResponse<MemberResponseDTO.reissue> reissue(
     ) {
         return ApiResponse.onSuccess(memberService.reissue(request));
     }
-
-
 }

src/main/java/org/example/tree/domain/member/converter/MemberConverter.java

@@ -1,18 +1,41 @@
 package org.example.tree.domain.member.converter;
 
+import jakarta.annotation.PostConstruct;
+import lombok.RequiredArgsConstructor;
 import org.example.tree.domain.member.dto.MemberResponseDTO;
 import org.example.tree.domain.member.entity.Member;
 import org.example.tree.domain.member.entity.MemberRole;
+import org.example.tree.domain.member.service.MemberQueryService;
+import org.example.tree.domain.member.service.MemberService;
 import org.springframework.stereotype.Component;
 
 @Component
+@RequiredArgsConstructor
 public class MemberConverter {
 
+    private final MemberQueryService memberQueryService;
+
+    private static MemberQueryService staticMemberQueryService;
+
+    @PostConstruct
+    public void init() {
+        this.staticMemberQueryService = this.memberQueryService;
+    }
+
+    /**
+     * Security 어노테이션, AuthMember에서 사용함
+     * @param id
+     * @return Member
+     */
+    public static Member toMemberSecurity(String id){
+        return staticMemberQueryService.findById(id);
+    }
+
     public Member toMember (String id, String phone) {
         return Member.builder()
                 .id(id)
                 .phone(phone)
-                .role(MemberRole.USER)
+                .role(MemberRole.ROLE_USER)
                 .build();
     }
 

src/main/java/org/example/tree/domain/member/entity/MemberRole.java

@@ -1,5 +1,16 @@
 package org.example.tree.domain.member.entity;
 
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
 public enum MemberRole {
-    USER, ADMIN
+    ROLE_GUEST("게스트"),
+    ROLE_USER("회원"),
+    ROLE_ADMIN("관리자"),
+    ADMIN("lagacy 관리자"),
+    USER("lagacy 회원");
+
+    private final String description;
 }

src/main/java/org/example/tree/domain/member/service/MemberCommandService.java

@@ -3,15 +3,19 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.example.tree.domain.member.entity.Member;
+import org.example.tree.domain.member.entity.MemberRole;
 import org.example.tree.domain.member.repository.MemberRepository;
 import org.example.tree.domain.member.repository.RefreshTokenRepository;
 import org.example.tree.global.exception.GeneralException;
 import org.example.tree.global.exception.GlobalErrorCode;
 import org.example.tree.global.security.jwt.RefreshToken;
-import org.example.tree.global.security.jwt.TokenProvider;
+import org.example.tree.global.security.provider.TokenProvider;
 import org.example.tree.global.security.jwt.dto.TokenDTO;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.stereotype.Service;
 
+import java.util.List;
+
 @Service
 @Slf4j
 @RequiredArgsConstructor
@@ -24,11 +28,17 @@ public class MemberCommandService {
 
 
     public Member register(Member member) {
-        return memberRepository.save(member);
+        try {
+            return memberRepository.save(member);
+        }
+        catch (Exception e){
+            log.error("eerror");
+            return null;
+        }
     }
     public TokenDTO login(Member member) {
 
-        String accessToken = tokenProvider.createAccessToken(member.getId());
+        String accessToken = tokenProvider.createAccessToken(member.getId(), List.of(new SimpleGrantedAuthority(MemberRole.ROLE_USER.name())));
         String rawToken = tokenProvider.createRefreshToken(member.getId());
         RefreshToken refreshToken = RefreshToken.builder()
                 .memberId(member.getId())
@@ -45,7 +55,7 @@ public TokenDTO reissue(Member member) {
         RefreshToken invalidToken = refreshTokenRepository.findByMemberId(member.getId())
                 .orElseThrow(() -> new GeneralException(GlobalErrorCode.REFRESH_TOKEN_NOT_FOUND));
         refreshTokenRepository.delete(invalidToken);
-        String accessToken = tokenProvider.createAccessToken(member.getId());
+        String accessToken = tokenProvider.createAccessToken(member.getId(),List.of(new SimpleGrantedAuthority(MemberRole.ROLE_USER.name())));
         String rawToken = tokenProvider.createRefreshToken(member.getId());
         RefreshToken refreshToken = RefreshToken.builder()
                 .memberId(member.getId())

src/main/java/org/example/tree/domain/member/service/MemberQueryService.java

@@ -1,14 +1,11 @@
 package org.example.tree.domain.member.service;
 
-import io.jsonwebtoken.Claims;
 import lombok.RequiredArgsConstructor;
 import org.example.tree.domain.member.entity.Member;
 import org.example.tree.domain.member.repository.MemberRepository;
 import org.example.tree.global.exception.GeneralException;
 import org.example.tree.global.exception.GlobalErrorCode;
-import org.example.tree.global.security.jwt.TokenProvider;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
+import org.example.tree.global.security.provider.TokenProvider;
 import org.springframework.stereotype.Service;
 
 import java.util.Optional;