diff --git a/server/src/main/java/seb4141preproject/security/auth/config/SecurityConfig.java b/server/src/main/java/seb4141preproject/security/auth/config/SecurityConfig.java index bffacb6..2edfaae 100644 --- a/server/src/main/java/seb4141preproject/security/auth/config/SecurityConfig.java +++ b/server/src/main/java/seb4141preproject/security/auth/config/SecurityConfig.java @@ -47,16 +47,16 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .and() .authorizeRequests(auth -> auth // TODO : 회원, 비회원 권한 조정 필요 - .antMatchers("/members/test").hasRole("USER") .antMatchers("/h2/**").permitAll() // h2 데이터베이스 확인 가능하게 - .antMatchers(HttpMethod.POST, "/questions").hasRole("USER") // 질문 작성 - .antMatchers(HttpMethod.PATCH, "/questions/{question-id}").hasRole("USER") // 질문 수정 - .antMatchers(HttpMethod.DELETE, "/questions/{question-id}").hasRole("USER") // 질문 삭제 - .antMatchers(HttpMethod.POST, "/answers").hasRole("USER") // 답변 작성 - .antMatchers(HttpMethod.PATCH, "/answers/{answer-id}").hasRole("USER") // 답변 수정 - .antMatchers(HttpMethod.DELETE, "/answers/{answer-id}").hasRole("USER") // 답변 삭제 - .antMatchers("/logout").hasRole("USER") // 로그아웃 - .antMatchers("/members/{member-id}").hasRole("USER") // 마이페이지 확인, 회원정보 수정 + .antMatchers(HttpMethod.POST, "/api/questions").hasRole("USER") // 질문 작성 + .antMatchers(HttpMethod.PATCH, "/api/questions/{question-id}").hasRole("USER") // 질문 수정 + .antMatchers(HttpMethod.DELETE, "/api/questions/{question-id}").hasRole("USER") // 질문 삭제 + .antMatchers(HttpMethod.POST, "/api/answers").hasRole("USER") // 답변 작성 + .antMatchers(HttpMethod.PATCH, "/api/answers/{answer-id}").hasRole("USER") // 답변 수정 + .antMatchers(HttpMethod.DELETE, "/api/answers/{answer-id}").hasRole("USER") // 답변 삭제 + .antMatchers("/api/auths/reissue").hasRole("USER") // 토큰 재발급 + .antMatchers("/api/auths/logout").hasRole("USER") // 로그아웃 + .antMatchers("/api/members/{member-id}").hasRole("USER") // 마이페이지 확인, 회원정보 수정 .anyRequest().permitAll()) .logout() diff --git a/server/src/main/java/seb4141preproject/security/auth/controller/AuthController.java b/server/src/main/java/seb4141preproject/security/auth/controller/AuthController.java index 45024cc..7dda5ac 100644 --- a/server/src/main/java/seb4141preproject/security/auth/controller/AuthController.java +++ b/server/src/main/java/seb4141preproject/security/auth/controller/AuthController.java @@ -12,6 +12,9 @@ import seb4141preproject.security.auth.dto.*; import seb4141preproject.security.auth.service.*; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletResponse; + @RestController @RequestMapping("/api/auths") @RequiredArgsConstructor @@ -20,9 +23,15 @@ public class AuthController { // 회원가입 -> MemberService에서 처리. - @PostMapping("/login") - public ResponseEntity login(@RequestBody LoginDto loginDto) { - return new ResponseEntity<>(authService.login(loginDto), HttpStatus.OK); + @PostMapping("/login") // TODO : refresh Token 생성 후 cookie 저장? + public ResponseEntity login(@RequestBody LoginDto loginDto, HttpServletResponse response) { + +// Cookie setting 로직 초안 + TokenDto tokenDto = authService.login(loginDto); +// Cookie cookie = authService.createCookie(tokenDto); +// response.addCookie(cookie); + + return new ResponseEntity<>(tokenDto, HttpStatus.OK); } @PostMapping("/reissue") diff --git a/server/src/main/java/seb4141preproject/security/auth/service/AuthService.java b/server/src/main/java/seb4141preproject/security/auth/service/AuthService.java index 0f06878..f7b8a54 100644 --- a/server/src/main/java/seb4141preproject/security/auth/service/AuthService.java +++ b/server/src/main/java/seb4141preproject/security/auth/service/AuthService.java @@ -13,6 +13,8 @@ import seb4141preproject.security.auth.entity.*; import seb4141preproject.security.auth.repository.RefreshTokenRepository; +import javax.servlet.http.Cookie; + @Service @RequiredArgsConstructor public class AuthService { @@ -24,11 +26,10 @@ public class AuthService { private final MemberMapper mapper; public TokenDto login(LoginDto loginDto) { - // 1. Login ID/PW 를 기반으로 AuthenticationToken 생성 + // 1. loginDto 기반 authenticationToken 생성 (toAuthentication 메소드 활용) UsernamePasswordAuthenticationToken authenticationToken = loginDto.toAuthentication(); - // 2. 실제로 검증 (사용자 비밀번호 체크) 이 이루어지는 부분 - // authenticate 메서드가 실행이 될 때 CustomUserDetailsService 에서 만들었던 loadUserByUsername 메서드가 실행됨 + // 2. token 검증 Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken); // 3. 인증 정보를 기반으로 JWT 토큰 생성 @@ -87,6 +88,14 @@ public void logout(TokenRequestDto tokenRequestDto) { refreshTokenRepository.delete(refreshToken); } + // refresh token Cookie 생성 로직 + public Cookie createCookie(TokenDto tokenDto) { + Cookie cookie = new Cookie("refresh-token", tokenDto.getRefreshToken()); + cookie.setHttpOnly(true); + cookie.setPath("/"); + return cookie; + } + // 클래스 내부에서만 사용 가능한 토큰 생성하는 로직 private TokenDto createToken(Authentication authentication) { String accessToken = jwtTokenizer.generateAccessToken(authentication); diff --git a/server/src/main/resources/import.sql b/server/src/main/resources/import.sql index 8613a82..b81cfa2 100644 --- a/server/src/main/resources/import.sql +++ b/server/src/main/resources/import.sql @@ -1,7 +1,7 @@ -insert into member (member_id, name, email, password) -values -(1, '홍길동1', 'hgd1@asdf.com', '1111'), -(2, '홍길동2', 'hgd2@asdf.com', '2222'), -(3, '홍길동3', 'hgd3@asdf.com', '3333'), -(4, '홍길동4', 'hgd4@asdf.com', '4444'), -(5, '홍길동5', 'hgd5@asdf.com', '5555'); +--insert into member (member_id, name, email, password) +--values +--(1, '홍길동1', 'hgd1@asdf.com', '1111'), +--(2, '홍길동2', 'hgd2@asdf.com', '2222'), +--(3, '홍길동3', 'hgd3@asdf.com', '3333'), +--(4, '홍길동4', 'hgd4@asdf.com', '4444'), +--(5, '홍길동5', 'hgd5@asdf.com', '5555');