From cf8761f8061dcdb9ac03b46a656c7aaca4516c30 Mon Sep 17 00:00:00 2001
From: ttasjwi <ttasjwi920@gmail.com>
Date: Fri, 15 Nov 2024 20:25:47 +0900
Subject: [PATCH] =?UTF-8?q?Feature:=20(BRD-74)=20=EC=8A=A4=ED=94=84?=
 =?UTF-8?q?=EB=A7=81=20=EC=8B=9C=ED=81=90=EB=A6=AC=ED=8B=B0=20=ED=95=84?=
 =?UTF-8?q?=ED=84=B0=EC=B2=B4=EC=9D=B8=20=EA=B8=B0=EB=B3=B8=20=EC=84=A4?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../external-security/build.gradle.kts        |  4 +-
 .../system/core/config/FilterChainConfig.kt   | 60 +++++++++++++++++++
 buildSrc/src/main/kotlin/Dependencies.kt      |  2 +-
 3 files changed, 63 insertions(+), 3 deletions(-)
 create mode 100644 board-system-external/external-security/src/main/kotlin/com/ttasjwi/board/system/core/config/FilterChainConfig.kt

diff --git a/board-system-external/external-security/build.gradle.kts b/board-system-external/external-security/build.gradle.kts
index 37754532..f8589562 100644
--- a/board-system-external/external-security/build.gradle.kts
+++ b/board-system-external/external-security/build.gradle.kts
@@ -1,6 +1,6 @@
 dependencies {
-    implementation(Dependencies.SPRING_BOOT_STARTER.fullName)
-    implementation(Dependencies.SPRING_SECURITY_CRYPTO.fullName)
+    implementation(Dependencies.SPRING_BOOT_SECURITY.fullName)
+    implementation(Dependencies.SPRING_BOOT_WEB.fullName)
     implementation(Dependencies.SPRING_SECURITY_JOSE.fullName)
     implementation(project(":board-system-domain:domain-core"))
     implementation(project(":board-system-domain:domain-member"))
diff --git a/board-system-external/external-security/src/main/kotlin/com/ttasjwi/board/system/core/config/FilterChainConfig.kt b/board-system-external/external-security/src/main/kotlin/com/ttasjwi/board/system/core/config/FilterChainConfig.kt
new file mode 100644
index 00000000..ff2088a8
--- /dev/null
+++ b/board-system-external/external-security/src/main/kotlin/com/ttasjwi/board/system/core/config/FilterChainConfig.kt
@@ -0,0 +1,60 @@
+package com.ttasjwi.board.system.core.config
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.core.annotation.Order
+import org.springframework.http.HttpMethod
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.config.annotation.web.invoke
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.web.savedrequest.NullRequestCache
+
+@Configuration
+class FilterChainConfig {
+
+    @Bean
+    @Order(0)
+    fun apiSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        http {
+            securityMatcher("/api/**")
+            authorizeHttpRequests {
+                authorize(HttpMethod.GET, "/api/v1/deploy/health-check", permitAll)
+
+                authorize(HttpMethod.GET, "/api/v1/members/email-available", permitAll)
+                authorize(HttpMethod.GET, "/api/v1/members/username-available", permitAll)
+                authorize(HttpMethod.GET, "/api/v1/members/nickname-available", permitAll)
+
+                authorize(HttpMethod.POST, "/api/v1/members/email-verification/start", permitAll)
+                authorize(HttpMethod.POST, "/api/v1/members/email-verification", permitAll)
+                authorize(HttpMethod.POST, "/api/v1/members", permitAll)
+
+                authorize(HttpMethod.POST, "/api/v1/auth/login", permitAll)
+
+                authorize(anyRequest, authenticated)
+            }
+
+            csrf { disable() }
+
+            sessionManagement {
+                sessionCreationPolicy = SessionCreationPolicy.STATELESS
+            }
+
+            requestCache {
+                requestCache = NullRequestCache()
+            }
+        }
+        return http.build()
+    }
+
+    @Bean
+    @Order(1)
+    fun staticResourceSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        http {
+            authorizeHttpRequests {
+                authorize(anyRequest, permitAll)
+            }
+        }
+        return http.build()
+    }
+}
diff --git a/buildSrc/src/main/kotlin/Dependencies.kt b/buildSrc/src/main/kotlin/Dependencies.kt
index 839a1ffd..5b527261 100644
--- a/buildSrc/src/main/kotlin/Dependencies.kt
+++ b/buildSrc/src/main/kotlin/Dependencies.kt
@@ -15,9 +15,9 @@ enum class Dependencies(
     SPRING_BOOT_WEB(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-web"),
     SPRING_BOOT_DATA_JPA(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-data-jpa"),
     SPRING_BOOT_DATA_REDIS(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-data-redis"),
+    SPRING_BOOT_SECURITY(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-security"),
     SPRING_BOOT_MAIL(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-mail"),
     SPRING_BOOT_TEST(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-test"),
-    SPRING_SECURITY_CRYPTO(groupId = "org.springframework.security", artifactId = "spring-security-crypto"),
     SPRING_SECURITY_JOSE(groupId = "org.springframework.security", artifactId = "spring-security-oauth2-jose"),
 
     // jackson date time