fix: authenciation error

downfa11 · Jul 5, 2024 · 6c44530 · 6c44530
1 parent 27d6bed
commit 6c44530
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 18 deletions.
diff --git a/business-service/src/main/java/com/ns/business/adpater/in/web/UserDataController.java b/business-service/src/main/java/com/ns/business/adpater/in/web/UserDataController.java
@@ -11,6 +11,7 @@
 import com.ns.business.application.port.in.command.RegisterUserDataCommand;
 import com.ns.business.domain.UserData;
 import lombok.RequiredArgsConstructor;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
@@ -28,6 +29,9 @@ public class UserDataController {
     ResponseEntity<UserData> registerUserData(@RequestBody RegisterUserDataRequest request){
         Long memberId = jwtTokenProvider.getMembershipIdbyToken();
 
+        if(memberId != request.getUserId())
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
         RegisterUserDataCommand command = RegisterUserDataCommand.builder()
                 .userId(request.getUserId())
                 .name(request.getName())
@@ -52,20 +56,24 @@ ResponseEntity<UserData> registerUserData(@RequestBody RegisterUserDataRequest r
     ResponseEntity<UserData> modifyUserDataByUserId(@RequestBody ModifyUserDataRequest request){
         Long memberId = jwtTokenProvider.getMembershipIdbyToken();
 
-        ModifyUserDataCommand command = ModifyUserDataCommand.builder()
-                .userId(request.getUserId())
-                .gold(request.getGold())
-                .highscore(request.getHighscore())
-                .energy(request.getEnergy())
-                .scenario(request.getScenario())
-                .head(request.getHead())
-                .body(request.getBody())
-                .arm(request.getArm())
-                .health(request.getHealth())
-                .attack(request.getAttack())
-                .critical(request.getCritical())
-                .durability(request.getDurability())
-                .build();
+        if(memberId != request.getUserId())
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
+            ModifyUserDataCommand command = ModifyUserDataCommand.builder()
+                    .userId(request.getUserId())
+                    .gold(request.getGold())
+                    .highscore(request.getHighscore())
+                    .energy(request.getEnergy())
+                    .scenario(request.getScenario())
+                    .head(request.getHead())
+                    .body(request.getBody())
+                    .arm(request.getArm())
+                    .health(request.getHealth())
+                    .attack(request.getAttack())
+                    .critical(request.getCritical())
+                    .durability(request.getDurability())
+                    .build();
+
 
         UserData userData = modifyUserDataUseCase.modifyUserData(command);
         return ResponseEntity.ok(userData);

diff --git a/membership-service/src/main/java/com/ns/membership/adapter/in/web/FriendController.java b/membership-service/src/main/java/com/ns/membership/adapter/in/web/FriendController.java
@@ -39,6 +39,9 @@ ResponseEntity<userDataCommands> GetFriendList(@PathVariable String membershipId
         //Todo 친구 목록을 표시합니다.
         String memberId = jwtTokenProvider.getMembershipIdbyToken().toString();
 
+        if(memberId != membershipId)
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
         FindMembershipCommand findCmmand = FindMembershipCommand.builder()
                 .membershipId(memberId)
                 .build();
@@ -78,6 +81,9 @@ ResponseEntity<userDataCommands> GetWantedFriendList(@PathVariable String member
         //Todo 친구신청 목록을 표시합니다.
         String memberId = jwtTokenProvider.getMembershipIdbyToken().toString();
 
+        if(memberId != membershipId)
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
         FindMembershipCommand findCmmand = FindMembershipCommand.builder()
                 .membershipId(memberId)
                 .build();
@@ -116,6 +122,9 @@ ResponseEntity<Membership> PostSendWantFriend(@RequestBody FriendRequest request
         //Todo 친구 신청합니다.
         String memberId = jwtTokenProvider.getMembershipIdbyToken().toString();
 
+        if(memberId != request.getMembershipId().toString())
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
         FindMembershipCommand findCmmand = FindMembershipCommand.builder()
                 .membershipId(memberId)
                 .build();
@@ -128,10 +137,10 @@ ResponseEntity<Membership> PostSendWantFriend(@RequestBody FriendRequest request
 
 
         try {
-            String membershipId = request.getMembershipId().toString();
+            String reqMembershipId = request.getMembershipId().toString();
             String targetmembershipId = request.getTargetId().toString();
 
-            Membership membership = findMembership(membershipId);
+            Membership membership = findMembership(reqMembershipId);
             Membership targetMembership = findMembership(targetmembershipId);
 
             if (membership == null)
@@ -178,10 +187,10 @@ ResponseEntity<Membership> PostSendFriendAgree(@RequestBody FriendRequest reques
         }
 
         try {
-            String membershipId = request.getMembershipId().toString();
+            String reqMembershipId = request.getMembershipId().toString();
             String targetmembershipId = request.getTargetId().toString();
 
-            Membership membership = findMembership(membershipId);
+            Membership membership = findMembership(reqMembershipId);
             Membership targetMembership = findMembership(targetmembershipId);
 
             if (membership == null)
@@ -231,6 +240,9 @@ ResponseEntity<Membership> PostDeleteFriend(@RequestBody FriendRequest request){
 
         String memberId = jwtTokenProvider.getMembershipIdbyToken().toString();
 
+        if(memberId != request.getMembershipId().toString())
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
         FindMembershipCommand findCmmand = FindMembershipCommand.builder()
                 .membershipId(memberId)
                 .build();

diff --git a/membership-service/src/main/java/com/ns/membership/adapter/in/web/MembershipController.java b/membership-service/src/main/java/com/ns/membership/adapter/in/web/MembershipController.java
@@ -16,6 +16,7 @@
 import com.ns.membership.domain.userData;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
@@ -57,6 +58,9 @@ Membership registerMembership(@RequestBody RegisterMembershipRequest request){
     ResponseEntity<Membership> modifyMembershipByMemberId(@RequestBody ModifyMembershipRequest request){
         String membershipId = jwtTokenProvider.getMembershipIdbyToken().toString();
 
+        if(membershipId != request.getMembershipId().toString())
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
         FindMembershipCommand findCmmand = FindMembershipCommand.builder()
                 .membershipId(membershipId)
                 .build();
@@ -92,6 +96,9 @@ ResponseEntity<Membership> findMembershipByMemberId(@PathVariable String members
     ResponseEntity<userDataCommands> getUserData(@PathVariable String membershipId){
         String memberId = jwtTokenProvider.getMembershipIdbyToken().toString();
 
+        if(memberId != membershipId)
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+
         FindMembershipCommand findCmmand = FindMembershipCommand.builder()
                 .membershipId(memberId)
                 .build();