[그리디] 강동현 Spring JPA (2차) 4, 5, 6 단계 미션 제출합니다.

.gitignore

@@ -35,3 +35,6 @@ out/
 
 ### VS Code ###
 .vscode/
+
+
+application-local.properties

build.gradle

@@ -6,16 +6,22 @@ plugins {
 
 group = 'nextstep'
 version = '0.0.1-SNAPSHOT'
-sourceCompatibility = '17'
+
 
 repositories {
     mavenCentral()
 }
 
 dependencies {
+
+
     implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
-    implementation 'org.springframework.boot:spring-boot-starter-jdbc'
+    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+    implementation 'org.springframework.boot:spring-boot-starter-validation'
+
+    compileOnly 'org.projectlombok:lombok:1.18.30'
+    annotationProcessor 'org.projectlombok:lombok:1.18.30'
 
     implementation 'dev.akkinoc.spring.boot:logback-access-spring-boot-starter:4.0.0'
 

gradle.properties

@@ -0,0 +1,4 @@
+org.gradle.java.home=C:\\Program Files\\Eclipse Adoptium\\jdk-17.0.17.10-hotspot
+
+
+

src/main/java/auth/JwtUtils.java

@@ -0,0 +1,52 @@
+package auth;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import jakarta.servlet.http.Cookie;
+
+import java.util.Date;
+
+public final class JwtUtils {
+    public static final int DEFAULT_MAX_AGE_SECONDS = 10 * 60; // 10 minutes
+
+    private final String secretKey;
+
+    public JwtUtils(String secretKey) {
+        this.secretKey = secretKey;
+    }
+
+    public String extractTokenFromCookies(Cookie[] cookies) {
+        if (cookies == null || cookies.length == 0) {
+            return "";
+        }
+        for (Cookie cookie : cookies) {
+            if ("token".equals(cookie.getName())) {
+                return cookie.getValue();
+            }
+        }
+        return "";
+    }
+
+    public Claims parseClaims(String token) {
+        return Jwts.parserBuilder()
+                .setSigningKey(Keys.hmacShaKeyFor(secretKey.getBytes()))
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+    }
+
+    public String createToken(String subject, String name, String role) {
+        Date now = new Date();
+        Date expiresAt = new Date(now.getTime() + (long) DEFAULT_MAX_AGE_SECONDS * 1000);
+        return Jwts.builder()
+                .setSubject(subject)
+                .setExpiration(expiresAt)
+                .claim("name", name)
+                .claim("role", role)
+                .signWith(Keys.hmacShaKeyFor(secretKey.getBytes()))
+                .compact();
+    }
+}
+
+

src/main/java/roomescape/WebConfig.java

@@ -0,0 +1,33 @@
+package roomescape;
+
+import auth.JwtUtils;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import roomescape.auth.AdminAuthInterceptor;
+import roomescape.auth.LoginMemberArgumentResolver;
+
+import java.util.List;
+
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+    private final JwtUtils jwtUtils;
+
+    public WebConfig(JwtUtils jwtUtils) {
+        this.jwtUtils = jwtUtils;
+    }
+
+    @Override
+    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
+        resolvers.add(new LoginMemberArgumentResolver(jwtUtils));
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(new AdminAuthInterceptor(jwtUtils))
+                .addPathPatterns("/admin", "/admin/**");
+    }
+}
+
+

src/main/java/roomescape/auth/AdminAuthInterceptor.java

@@ -0,0 +1,57 @@
+package roomescape.auth;
+
+import auth.JwtUtils;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.web.servlet.HandlerInterceptor;
+import roomescape.common.ApiError;
+
+import java.io.IOException;
+
+public class AdminAuthInterceptor implements HandlerInterceptor {
+
+    private final JwtUtils jwtUtils;
+
+    public AdminAuthInterceptor(JwtUtils jwtUtils) {
+        this.jwtUtils = jwtUtils;
+    }
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        String token = jwtUtils.extractTokenFromCookies(request.getCookies());
+        if (token.isEmpty()) {
+            writeError(response, ApiError.UNAUTHORIZED_MISSING_TOKEN);
+            return false;
+        }
+
+        try {
+            Claims claims = jwtUtils.parseClaims(token);
+            String role = claims.get("role", String.class);
+            if (!"ADMIN".equals(role)) {
+                writeError(response, ApiError.FORBIDDEN_ADMIN_ONLY);
+                return false;
+            }
+            return true;
+        } catch (ExpiredJwtException e) {
+            writeError(response, ApiError.UNAUTHORIZED_EXPIRED_TOKEN);
+            return false;
+        } catch (Exception e) {
+            writeError(response, ApiError.UNAUTHORIZED_INVALID_TOKEN);
+            return false;
+        }
+    }
+
+    private void writeError(HttpServletResponse response, ApiError apiError) {
+        response.setStatus(apiError.getHttpStatus().value());
+        response.setContentType("application/json;charset=UTF-8");
+        try {
+            String payload = "{\"code\":" + apiError.getCode() + ",\"message\":\"" + apiError.getMessage() + "\"}";
+            response.getWriter().write(payload);
+        } catch (IOException ignored) {
+        }
+    }
+}
+
+

src/main/java/roomescape/auth/LoginMemberArgumentResolver.java

@@ -0,0 +1,55 @@
+package roomescape.auth;
+
+import auth.JwtUtils;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.core.MethodParameter;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+import roomescape.member.LoginMemberDto;
+
+public class LoginMemberArgumentResolver implements HandlerMethodArgumentResolver {
+
+    private final JwtUtils jwtUtils;
+
+    public LoginMemberArgumentResolver(JwtUtils jwtUtils) {
+        this.jwtUtils = jwtUtils;
+    }
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.getParameterType().equals(LoginMemberDto.class);
+    }
+
+    @Override
+    public Object resolveArgument(
+            MethodParameter parameter,
+            ModelAndViewContainer mavContainer,
+            NativeWebRequest webRequest,
+            WebDataBinderFactory binderFactory
+    ) {
+        HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest();
+        String token = jwtUtils.extractTokenFromCookies(request.getCookies());
+
+        if (token.isEmpty()) {
+            return null;
+        }
+
+        try {
+            Claims claims = jwtUtils.parseClaims(token);
+
+            Long id = Long.valueOf(claims.getSubject());
+            String name = claims.get("name", String.class);
+            String role = claims.get("role", String.class);
+
+            return new LoginMemberDto(id, name, null, role);
+        } catch (ExpiredJwtException e) {
+            return null;
+        } catch (Exception e) {
+            return null;
+        }
+    }
+}

src/main/java/roomescape/common/ApiError.java

@@ -0,0 +1,26 @@
+package roomescape.common;
+
+import lombok.Getter;
+import org.springframework.http.HttpStatus;
+
+@Getter
+public enum ApiError {
+    BAD_REQUEST_INVALID_INPUT(HttpStatus.BAD_REQUEST, 40001, "잘못된 요청입니다."),
+    BAD_REQUEST_ILLEGAL_STATE(HttpStatus.BAD_REQUEST, 40002, "요청을 처리할 수 없습니다."),
+    NOT_FOUND_RESOURCE(HttpStatus.NOT_FOUND, 40401, "리소스를 찾을 수 없습니다."),
+    UNAUTHORIZED_MISSING_TOKEN(HttpStatus.UNAUTHORIZED, 40101, "토큰이 없습니다."),
+    UNAUTHORIZED_INVALID_TOKEN(HttpStatus.UNAUTHORIZED, 40102, "토큰이 유효하지 않습니다."),
+    UNAUTHORIZED_EXPIRED_TOKEN(HttpStatus.UNAUTHORIZED, 40103, "토큰이 만료되었습니다."),
+    FORBIDDEN_ADMIN_ONLY(HttpStatus.FORBIDDEN, 40301, "관리자 권한이 필요합니다."),
+    INTERNAL_SERVER_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, 50000, "서버 오류가 발생했습니다.");
+
+    private final HttpStatus httpStatus;
+    private final int code;
+    private final String message;
+
+    ApiError(HttpStatus httpStatus, int code, String message) {
+        this.httpStatus = httpStatus;
+        this.code = code;
+        this.message = message;
+    }
+}

src/main/java/roomescape/common/ExceptionController.java

@@ -0,0 +1,50 @@
+package roomescape.common;
+
+import jakarta.persistence.EntityNotFoundException;
+import org.springframework.http.ResponseEntity;
+import org.springframework.http.converter.HttpMessageNotReadableException;
+import org.springframework.web.bind.MethodArgumentNotValidException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.NoSuchElementException;
+
+@RestControllerAdvice
+public class ExceptionController {
+    @ExceptionHandler(MethodArgumentNotValidException.class)
+    public ResponseEntity<Map<String, Object>> handleValidation(MethodArgumentNotValidException e) {
+        return build(ApiError.BAD_REQUEST_INVALID_INPUT);
+    }
+
+    @ExceptionHandler({IllegalStateException.class})
+    public ResponseEntity<Map<String, Object>> handleIllegalState(IllegalStateException e) {
+        return build(ApiError.BAD_REQUEST_ILLEGAL_STATE);
+    }
+
+    @ExceptionHandler({NoSuchElementException.class, EntityNotFoundException.class})
+    public ResponseEntity<Map<String, Object>> handleNotFound(RuntimeException e) {
+        return build(ApiError.NOT_FOUND_RESOURCE);
+    }
+
+    @ExceptionHandler(HttpMessageNotReadableException.class)
+    public ResponseEntity<Map<String, Object>> handleNotReadable(HttpMessageNotReadableException e) {
+        return build(ApiError.BAD_REQUEST_INVALID_INPUT);
+    }
+
+    @ExceptionHandler(Exception.class)
+    public ResponseEntity<Map<String, Object>> handleUnknown(Exception e) {
+        e.printStackTrace();
+        return build(ApiError.INTERNAL_SERVER_ERROR);
+    }
+
+    private ResponseEntity<Map<String, Object>> build(ApiError apiError) {
+        Map<String, Object> body = new HashMap<>();
+        body.put("code", apiError.getCode());
+        body.put("message", apiError.getMessage());
+        return ResponseEntity.status(apiError.getHttpStatus()).body(body);
+    }
+}
+
+

src/main/java/roomescape/config/AuthConfig.java

@@ -0,0 +1,17 @@
+package roomescape.config;
+
+import auth.JwtUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class AuthConfig {
+
+    @Bean
+    public JwtUtils jwtUtils(@Value("${roomescape.auth.jwt.secret}") String secretKey) {
+        return new JwtUtils(secretKey);
+    }
+}
+
+

src/main/java/roomescape/member/LoginMemberDto.java

@@ -0,0 +1,7 @@
+package roomescape.member;
+
+public record LoginMemberDto(Long id, String name, String email, String role) {
+}
+
+
+