From 7cac10a375abb551cbfc328533d30cd1af2b5a1d Mon Sep 17 00:00:00 2001 From: Naeun Kim <102296721+Nico1eKim@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:46:42 +0900 Subject: [PATCH 1/2] =?UTF-8?q?feat:=20UserController=20=EC=99=84=EC=84=B1?= =?UTF-8?q?=ED=95=98=EA=B8=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/UserController.java | 55 +++++++++++++++++++ .../kuit/kuit4serverauth/service/JwtUtil.java | 2 +- 2 files changed, 56 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java b/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java index 18cb7af..c936f2c 100644 --- a/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java +++ b/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java @@ -1,5 +1,9 @@ package com.kuit.kuit4serverauth.controller; +import com.kuit.kuit4serverauth.model.User; +import com.kuit.kuit4serverauth.repository.UserRepository; +import com.kuit.kuit4serverauth.service.JwtUtil; +import io.jsonwebtoken.Claims; import jakarta.servlet.http.HttpServletRequest; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -8,16 +12,67 @@ @RestController public class UserController { + private final UserRepository userRepository; + private final JwtUtil jwtUtil; + + public UserController(UserRepository userRepository, JwtUtil jwtUtil) { + this.userRepository = userRepository; + this.jwtUtil = jwtUtil; + } @GetMapping("/profile") public ResponseEntity getProfile(HttpServletRequest request) { // TODO : 로그인 한 사용자면 username 이용해 "Hello, {username}" 반환하기 + String token = extractToken(request); + + if (token != null) { + try { + Claims claims = jwtUtil.validateToken(token); + String userName = claims.getSubject(); + + User user = userRepository.findByUsername(userName); + if (user != null) { + return ResponseEntity.ok("Hello, " + user.getUsername()); + } + } catch (Exception e) { + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized"); + } + } + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized"); } @GetMapping("/admin") public ResponseEntity getAdmin(HttpServletRequest request) { // TODO: role이 admin이면 "Hello, admin" 반환하기 + String token = extractToken(request); + + if (token != null) { + try { + Claims claims = jwtUtil.validateToken(token); + String userName = claims.getSubject(); + + User user = userRepository.findByUsername(userName); + if (user == null || !"ROLE_ADMIN".equals(user.getRole())) { + return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Forbidden"); + } + + return ResponseEntity.ok("Hello, admin"); + } catch (Exception e) { + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized"); + } + } + return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Forbidden"); } + + + private String extractToken(HttpServletRequest request) { + String bearerToken = request.getHeader("Authorization"); + if (bearerToken != null && bearerToken.startsWith("Bearer ")) { + return bearerToken.substring(7); // "Bearer " 제거 + } + + return null; + } } diff --git a/src/main/java/com/kuit/kuit4serverauth/service/JwtUtil.java b/src/main/java/com/kuit/kuit4serverauth/service/JwtUtil.java index ead240e..7f5be17 100644 --- a/src/main/java/com/kuit/kuit4serverauth/service/JwtUtil.java +++ b/src/main/java/com/kuit/kuit4serverauth/service/JwtUtil.java @@ -11,7 +11,7 @@ @Component public class JwtUtil { - private final String secret = "mysecretkey"; + private final String secret = "mysecurekeymysecurekeymysecurekeymysecurekey"; private final long expirationMs = 3600000; // 1 hour public String generateToken(String username, String role) { From c06905523af2c0e9791bb1bb7a0e4850bbe917f4 Mon Sep 17 00:00:00 2001 From: Naeun Kim <102296721+Nico1eKim@users.noreply.github.com> Date: Fri, 22 Nov 2024 16:19:29 +0900 Subject: [PATCH 2/2] =?UTF-8?q?feat:=208=EC=A3=BC=EC=B0=A8=20=ED=95=84?= =?UTF-8?q?=EC=88=98=20=EC=9A=94=EA=B5=AC=EC=82=AC=ED=95=AD=20=EC=99=84?= =?UTF-8?q?=EB=A3=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kuit4serverauth/config/WebConfig.java | 2 + .../controller/UserController.java | 49 ++++--------------- 2 files changed, 11 insertions(+), 40 deletions(-) diff --git a/src/main/java/com/kuit/kuit4serverauth/config/WebConfig.java b/src/main/java/com/kuit/kuit4serverauth/config/WebConfig.java index a0b47b4..36f876a 100644 --- a/src/main/java/com/kuit/kuit4serverauth/config/WebConfig.java +++ b/src/main/java/com/kuit/kuit4serverauth/config/WebConfig.java @@ -16,5 +16,7 @@ public WebConfig(AuthInterceptor authInterceptor) { @Override public void addInterceptors(InterceptorRegistry registry) { // TODO /profile, /admin 앞에 붙이기 + registry.addInterceptor(authInterceptor) + .addPathPatterns("/profile", "/admin"); } } diff --git a/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java b/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java index c936f2c..8ebffda 100644 --- a/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java +++ b/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java @@ -13,29 +13,20 @@ @RestController public class UserController { private final UserRepository userRepository; - private final JwtUtil jwtUtil; - public UserController(UserRepository userRepository, JwtUtil jwtUtil) { + public UserController(UserRepository userRepository) { this.userRepository = userRepository; - this.jwtUtil = jwtUtil; } @GetMapping("/profile") public ResponseEntity getProfile(HttpServletRequest request) { // TODO : 로그인 한 사용자면 username 이용해 "Hello, {username}" 반환하기 - String token = extractToken(request); + String username = (String) request.getAttribute("username"); - if (token != null) { - try { - Claims claims = jwtUtil.validateToken(token); - String userName = claims.getSubject(); - - User user = userRepository.findByUsername(userName); - if (user != null) { - return ResponseEntity.ok("Hello, " + user.getUsername()); - } - } catch (Exception e) { - return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized"); + if (username != null) { + User user = userRepository.findByUsername(username); + if (user != null) { + return ResponseEntity.ok("Hello, " + user.getUsername()); } } @@ -45,34 +36,12 @@ public ResponseEntity getProfile(HttpServletRequest request) { @GetMapping("/admin") public ResponseEntity getAdmin(HttpServletRequest request) { // TODO: role이 admin이면 "Hello, admin" 반환하기 - String token = extractToken(request); - - if (token != null) { - try { - Claims claims = jwtUtil.validateToken(token); - String userName = claims.getSubject(); - - User user = userRepository.findByUsername(userName); - if (user == null || !"ROLE_ADMIN".equals(user.getRole())) { - return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Forbidden"); - } + String role = (String) request.getAttribute("role"); - return ResponseEntity.ok("Hello, admin"); - } catch (Exception e) { - return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized"); - } + if ("ROLE_ADMIN".equals(role)) { + return ResponseEntity.ok("Hello, admin"); } return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Forbidden"); } - - - private String extractToken(HttpServletRequest request) { - String bearerToken = request.getHeader("Authorization"); - if (bearerToken != null && bearerToken.startsWith("Bearer ")) { - return bearerToken.substring(7); // "Bearer " 제거 - } - - return null; - } }