Merge pull request #30 from yumzen/main

Fix: 401 Error
kahluaband · Jul 20, 2024 · 985de36 · 985de36
2 parents e36002b + 631cc71
commit 985de36
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 8 deletions.
diff --git a/src/main/java/kahlua/KahluaProject/confg/CorsMvcConfig.java b/src/main/java/kahlua/KahluaProject/confg/CorsMvcConfig.java
@@ -11,6 +11,6 @@ public class CorsMvcConfig implements WebMvcConfigurer {
     public void addCorsMappings(CorsRegistry corsRegistry) {
 
         corsRegistry.addMapping("/**")
-                .allowedOrigins("http://localhost:3000");
+                .allowedOrigins("http://localhost:3000", "https://kahluaband.com/", "http://kahluaband.com/");
     }
 }
diff --git a/src/main/java/kahlua/KahluaProject/confg/SecurityConfig.java b/src/main/java/kahlua/KahluaProject/confg/SecurityConfig.java
@@ -36,8 +36,8 @@ public class SecurityConfig {
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.cors(Customizer.withDefaults())
-                .csrf(AbstractHttpConfigurer::disable);
+        http.cors(Customizer.withDefaults());
+        http.csrf((csrf) -> csrf.disable());
 
         http.sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));// Session 미사용
         http.httpBasic(AbstractHttpConfigurer::disable)
@@ -53,7 +53,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
         http.authorizeHttpRequests((authorize) ->
                 authorize
-                        .requestMatchers("/v1/auth/sign-out/**", "v1/auth/recreate","/v1/user/**", "/error/**")
+                        .requestMatchers("/v1/auth/sign-out/**", "v1/auth/recreate/**","/v1/user/**", "/error/**", "/v1/admin/**")
                         .authenticated()
                         .anyRequest()
                         .permitAll());

diff --git a/src/main/java/kahlua/KahluaProject/controller/AdminController.java b/src/main/java/kahlua/KahluaProject/controller/AdminController.java
@@ -1,10 +1,15 @@
 package kahlua.KahluaProject.controller;
 
 import kahlua.KahluaProject.apipayload.ApiResponse;
+import kahlua.KahluaProject.apipayload.code.status.ErrorStatus;
+import kahlua.KahluaProject.domain.user.UserType;
 import kahlua.KahluaProject.dto.response.ApplyGetResponse;
 import kahlua.KahluaProject.dto.response.ApplyListResponse;
+import kahlua.KahluaProject.exception.GeneralException;
+import kahlua.KahluaProject.security.AuthDetails;
 import kahlua.KahluaProject.service.ApplyService;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -19,13 +24,16 @@ public class AdminController {
     private final ApplyService applyService;
 
     @GetMapping("/apply")
-    public ApiResponse<ApplyListResponse> getApplyList() {
-        ApplyListResponse applyListResponse = applyService.getApplyList();
+    public ApiResponse<ApplyListResponse> getApplyList(@AuthenticationPrincipal AuthDetails authDetails) {
+        ApplyListResponse applyListResponse = applyService.getApplyList(authDetails.user());
         return ApiResponse.onSuccess(applyListResponse);
     }
 
     @GetMapping("/apply/{applyId}")
-    public ApiResponse<ApplyGetResponse> getApplyDetail(@PathVariable Long applyId) {
+    public ApiResponse<ApplyGetResponse> getApplyDetail(@PathVariable Long applyId, @AuthenticationPrincipal AuthDetails authDetails) {
+        if(authDetails.getUser().getUserType() != UserType.ADMIN){
+            throw new GeneralException(ErrorStatus.UNAUTHORIZED);
+        }
         ApplyGetResponse applyGetResponse = applyService.getApply(applyId);
         return ApiResponse.onSuccess(applyGetResponse);
     }

diff --git a/src/main/java/kahlua/KahluaProject/service/ApplyService.java b/src/main/java/kahlua/KahluaProject/service/ApplyService.java
@@ -4,6 +4,8 @@
 import kahlua.KahluaProject.apipayload.code.status.ErrorStatus;
 import kahlua.KahluaProject.converter.ApplyConverter;
 import kahlua.KahluaProject.domain.apply.Apply;
+import kahlua.KahluaProject.domain.user.User;
+import kahlua.KahluaProject.domain.user.UserType;
 import kahlua.KahluaProject.dto.request.ApplyCreateRequest;
 import kahlua.KahluaProject.dto.response.ApplyCreateResponse;
 import kahlua.KahluaProject.dto.response.ApplyGetResponse;
@@ -42,7 +44,11 @@ public ApplyGetResponse getApply(Long applyId) {
         return applyGetResponse;
     }
 
-    public ApplyListResponse getApplyList() {
+    public ApplyListResponse getApplyList(User user) {
+
+        if(user.getUserType() != UserType.ADMIN){
+            throw new GeneralException(ErrorStatus.UNAUTHORIZED);
+        }
 
         List<Apply> applies = applyRepository.findAll();
         List<ApplyItemResponse> applyItemResponses = new ArrayList<>();