#6 refactor: security 리팩토링 일부

downfa11 · Oct 1, 2024 · 49b019f · 49b019f
1 parent caa3db3
commit 49b019f
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 12 deletions.
diff --git a/membership-service/src/main/java/com/ns/membership/adapter/in/web/FriendController.java b/membership-service/src/main/java/com/ns/membership/adapter/in/web/FriendController.java
@@ -36,7 +36,6 @@ public class FriendController {
 
     @GetMapping("/{membershipId}")
     ResponseEntity<userDataCommands> GetFriendList(@PathVariable String membershipId){
-        //Todo 친구 목록을 표시합니다.
         String memberId = jwtTokenProvider.getMembershipIdbyToken().toString();
 
         if(memberId != membershipId)
@@ -78,7 +77,6 @@ ResponseEntity<userDataCommands> GetFriendList(@PathVariable String membershipId
 
     @GetMapping("/wanted/{membershipId}")
     ResponseEntity<userDataCommands> GetWantedFriendList(@PathVariable String membershipId){
-        //Todo 친구신청 목록을 표시합니다.
         String memberId = jwtTokenProvider.getMembershipIdbyToken().toString();
 
         if(memberId != membershipId)
@@ -119,7 +117,6 @@ ResponseEntity<userDataCommands> GetWantedFriendList(@PathVariable String member
 
     @PostMapping("/wanted/add")
     ResponseEntity<Membership> PostSendWantFriend(@RequestBody FriendRequest request){
-        //Todo 친구 신청합니다.
         String memberId = jwtTokenProvider.getMembershipIdbyToken().toString();
 
         if(memberId != request.getMembershipId().toString())
@@ -172,7 +169,6 @@ ResponseEntity<Membership> PostSendWantFriend(@RequestBody FriendRequest request
 
     @PostMapping("/add")
     ResponseEntity<Membership> PostSendFriendAgree(@RequestBody FriendRequest request){
-        //Todo 친구 신청을 수락합니다.
 
         String memberId = jwtTokenProvider.getMembershipIdbyToken().toString();
 
@@ -236,7 +232,6 @@ ResponseEntity<Membership> PostSendFriendAgree(@RequestBody FriendRequest reques
 
     @PostMapping("/delete")
     ResponseEntity<Membership> PostDeleteFriend(@RequestBody FriendRequest request){
-        //Todo 친구를 삭제합니다.
 
         String memberId = jwtTokenProvider.getMembershipIdbyToken().toString();
 

diff --git a/...ship-service/src/main/java/com/ns/membership/adapter/in/web/dto/PasswordResetRequest.java b/...ship-service/src/main/java/com/ns/membership/adapter/in/web/dto/PasswordResetRequest.java
@@ -9,7 +9,7 @@
 @NoArgsConstructor
 public class PasswordResetRequest {
     private String membershipId;
-    private String newAddress;
+    private String newPassword;
     private String verify;
 }
 
diff --git a/membership-service/src/main/java/com/ns/membership/adapter/out/JwtTokenProvider.java b/membership-service/src/main/java/com/ns/membership/adapter/out/JwtTokenProvider.java
@@ -40,20 +40,23 @@ public Long getMembershipIdbyToken() {
                 .parseClaimsJws(token)
                 .getBody();
 
+        System.out.println("claims: "+claims);
+
         String membershipIdString = claims.get("sub", String.class);
         Long membershipId = Long.parseLong(membershipIdString);
         return membershipId;
     }
 
     @Override
-    public String generateJwtToken(Membership.MembershipId membershipId) {
+    public String generateJwtToken(Membership.MembershipId membershipId, Membership.MembershipRole membershipRole) {
         Date now = new Date();
         Date expiryDate = new Date(now.getTime() + jwtExpirationInMs);
 
         String token = Jwts.builder()
                 .setSubject(membershipId.getMembershipId())
                 .setHeaderParam("type", "jwt")
                 .claim("id", membershipId.getMembershipId())
+                .claim("role",membershipRole.getMembershipRole())
                 .setIssuedAt(now)
                 .setExpiration(expiryDate)
                 .signWith(SignatureAlgorithm.HS256, jwtSecret)
@@ -78,16 +81,14 @@ public String generateRefreshToken(Membership.MembershipId membershipId) {
 
     public boolean validateJwtToken(String token) {
         try {
-            Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token);
+            Jwts.parserBuilder().setSigningKey(jwtSecret).build().parseClaimsJws(token);
             return true;
-        } catch (MalformedJwtException ex) {
+        } catch (MalformedJwtException | ExpiredJwtException | UnsupportedJwtException | IllegalArgumentException ex) {
             // Invalid JWT token: 유효하지 않은 JWT 토큰일 때 발생하는 예외
-        } catch (ExpiredJwtException ex) {
             // Expired JWT token: 토큰의 유효기간이 만료된 경우 발생하는 예외
-        } catch (UnsupportedJwtException ex) {
             // Unsupported JWT token: 지원하지 않는 JWT 토큰일 때 발생하는 예외
-        } catch (IllegalArgumentException ex) {
             // JWT claims string is empty: JWT 토큰이 비어있을 때 발생하는 예외
+            System.out.println("[ERROR] jwtToken error : "+ex);
         }
         return false;
     }
@@ -96,4 +97,35 @@ public Membership.MembershipId parseMembershipIdFromToken(String token) {
         Claims claims = Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody();
         return new Membership.MembershipId(claims.getSubject());
     }
+
+    public String getMembershipRolebyToken(String token) {
+        if (token == null || token.length() == 0) {
+            throw new RuntimeException("JwtToken is Invalid.");
+        }
+
+        Claims claims = Jwts.parserBuilder()
+                .setSigningKey(jwtSecret)
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+
+        return claims.get("role", String.class);
+    }
+
+    public Long getMembershipIdbyToken(String token) {
+        if(token == null || token.length() == 0){
+            throw new RuntimeException("JwtToken is Invalid.");
+        }
+
+        Claims claims = Jwts.parserBuilder()
+                .setSigningKey(jwtSecret)
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+
+        String membershipIdString = claims.get("sub", String.class);
+        Long membershipId = Long.parseLong(membershipIdString);
+        return membershipId;
+    }
+
 }