From 370406e67e3b531d477c150b7a15ddfa7fe310cc Mon Sep 17 00:00:00 2001 From: 2paperstar Date: Fri, 30 Aug 2024 21:47:24 +0900 Subject: [PATCH 1/7] fix: do parse jwt iff token is valid --- .../gistory/newbies_server_24/configurations/JwtFilter.kt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt index 3f1297c..1e3148d 100644 --- a/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt +++ b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt @@ -13,9 +13,10 @@ class JwtFilter(private val tokenProvider: TokenProvider) : GenericFilterBean() val request = req as HttpServletRequest val token = resolveToken(request) token?.let { - tokenProvider.validateToken(it) - tokenProvider.getAuthentication(it).let { authentication -> - SecurityContextHolder.getContext().authentication = authentication + if (tokenProvider.validateToken(it)) { + tokenProvider.getAuthentication(it).let { authentication -> + SecurityContextHolder.getContext().authentication = authentication + } } } chain.doFilter(req, res) From 66804bbb0e25e159b5f0ed0fb52da1aae692bd2a Mon Sep 17 00:00:00 2001 From: 2paperstar Date: Fri, 30 Aug 2024 21:50:32 +0900 Subject: [PATCH 2/7] fix: invoke unauthorized exception when token parse failed --- .../newbies_server_24/configurations/JwtFilter.kt | 12 ++++++------ .../exceptions/UnauthorizedException.kt | 7 +++++++ 2 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 src/main/kotlin/me/gistory/newbies_server_24/exceptions/UnauthorizedException.kt diff --git a/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt index 1e3148d..3e07e38 100644 --- a/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt +++ b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt @@ -4,6 +4,7 @@ import jakarta.servlet.FilterChain import jakarta.servlet.ServletRequest import jakarta.servlet.ServletResponse import jakarta.servlet.http.HttpServletRequest +import me.gistory.newbies_server_24.exceptions.UnauthorizedException import me.gistory.newbies_server_24.providers.TokenProvider import org.springframework.security.core.context.SecurityContextHolder import org.springframework.web.filter.GenericFilterBean @@ -11,12 +12,11 @@ import org.springframework.web.filter.GenericFilterBean class JwtFilter(private val tokenProvider: TokenProvider) : GenericFilterBean() { override fun doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain) { val request = req as HttpServletRequest - val token = resolveToken(request) - token?.let { - if (tokenProvider.validateToken(it)) { - tokenProvider.getAuthentication(it).let { authentication -> - SecurityContextHolder.getContext().authentication = authentication - } + val token = resolveToken(request) ?: throw UnauthorizedException() + token.let { + if (!tokenProvider.validateToken(it)) throw UnauthorizedException() + tokenProvider.getAuthentication(it).let { authentication -> + SecurityContextHolder.getContext().authentication = authentication } } chain.doFilter(req, res) diff --git a/src/main/kotlin/me/gistory/newbies_server_24/exceptions/UnauthorizedException.kt b/src/main/kotlin/me/gistory/newbies_server_24/exceptions/UnauthorizedException.kt new file mode 100644 index 0000000..9ad9d87 --- /dev/null +++ b/src/main/kotlin/me/gistory/newbies_server_24/exceptions/UnauthorizedException.kt @@ -0,0 +1,7 @@ +package me.gistory.newbies_server_24.exceptions + +import org.springframework.http.HttpStatus +import org.springframework.web.bind.annotation.ResponseStatus + +@ResponseStatus(HttpStatus.UNAUTHORIZED) +class UnauthorizedException : RuntimeException() \ No newline at end of file From f26a3becf069209bf6f3ed9e0cdfc69232b4a2a8 Mon Sep 17 00:00:00 2001 From: 2paperstar Date: Fri, 30 Aug 2024 22:02:54 +0900 Subject: [PATCH 3/7] fix: revert --- .../me/gistory/newbies_server_24/configurations/JwtFilter.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt index 3e07e38..fe65c74 100644 --- a/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt +++ b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt @@ -12,8 +12,8 @@ import org.springframework.web.filter.GenericFilterBean class JwtFilter(private val tokenProvider: TokenProvider) : GenericFilterBean() { override fun doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain) { val request = req as HttpServletRequest - val token = resolveToken(request) ?: throw UnauthorizedException() - token.let { + val token = resolveToken(request) + token?.let { if (!tokenProvider.validateToken(it)) throw UnauthorizedException() tokenProvider.getAuthentication(it).let { authentication -> SecurityContextHolder.getContext().authentication = authentication From af047bff9f0588569ca06830a2fe6d14bae50ade Mon Sep 17 00:00:00 2001 From: 2paperstar Date: Sat, 31 Aug 2024 23:37:21 +0900 Subject: [PATCH 4/7] fix: add jwt exception filter --- .../configurations/JwtExceptionFilter.kt | 25 +++++++++++++++++++ .../configurations/JwtFilter.kt | 4 +-- .../configurations/SecurityConfiguration.kt | 3 ++- 3 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtExceptionFilter.kt diff --git a/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtExceptionFilter.kt b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtExceptionFilter.kt new file mode 100644 index 0000000..429f64d --- /dev/null +++ b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtExceptionFilter.kt @@ -0,0 +1,25 @@ +package me.gistory.newbies_server_24.configurations + +import jakarta.servlet.FilterChain +import jakarta.servlet.http.HttpServletRequest +import jakarta.servlet.http.HttpServletResponse +import me.gistory.newbies_server_24.exceptions.UnauthorizedException +import org.springframework.http.HttpStatus +import org.springframework.web.filter.OncePerRequestFilter + +class JwtExceptionFilter : OncePerRequestFilter() { + + override fun doFilterInternal( + request: HttpServletRequest, + response: HttpServletResponse, + filterChain: FilterChain + ) { + try { + filterChain.doFilter(request, response) + } catch (e: UnauthorizedException) { + response.status = HttpStatus.UNAUTHORIZED.value() + response.contentType = "application/json" + response.writer.write("{\"message\": \"Unauthorized\"}") + } + } +} \ No newline at end of file diff --git a/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt index fe65c74..3e07e38 100644 --- a/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt +++ b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt @@ -12,8 +12,8 @@ import org.springframework.web.filter.GenericFilterBean class JwtFilter(private val tokenProvider: TokenProvider) : GenericFilterBean() { override fun doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain) { val request = req as HttpServletRequest - val token = resolveToken(request) - token?.let { + val token = resolveToken(request) ?: throw UnauthorizedException() + token.let { if (!tokenProvider.validateToken(it)) throw UnauthorizedException() tokenProvider.getAuthentication(it).let { authentication -> SecurityContextHolder.getContext().authentication = authentication diff --git a/src/main/kotlin/me/gistory/newbies_server_24/configurations/SecurityConfiguration.kt b/src/main/kotlin/me/gistory/newbies_server_24/configurations/SecurityConfiguration.kt index 6af00d3..63eca90 100644 --- a/src/main/kotlin/me/gistory/newbies_server_24/configurations/SecurityConfiguration.kt +++ b/src/main/kotlin/me/gistory/newbies_server_24/configurations/SecurityConfiguration.kt @@ -33,13 +33,14 @@ class SecurityConfiguration { } .authorizeHttpRequests { req -> req.requestMatchers(HttpMethod.GET).permitAll() - req.requestMatchers("/swagger-ui/**" , "v3/api-docs/**", "/api-docs/**").permitAll() + req.requestMatchers("/swagger-ui/**", "v3/api-docs/**", "/api-docs/**").permitAll() req.requestMatchers("/auth/login", "/auth/register", "auth/refresh").permitAll() req.requestMatchers("/error").permitAll() req.requestMatchers("/").permitAll() req.anyRequest().authenticated() } .addFilterBefore(JwtFilter(tokenProvider), UsernamePasswordAuthenticationFilter::class.java) + .addFilterBefore(JwtExceptionFilter(), JwtFilter::class.java) .build() From 440e164d0f2091bfdbfdf7e83a12e760c07d3383 Mon Sep 17 00:00:00 2001 From: 2paperstar Date: Sat, 31 Aug 2024 23:37:40 +0900 Subject: [PATCH 5/7] refactor: remove unused import --- .../newbies_server_24/configurations/SecurityConfiguration.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/kotlin/me/gistory/newbies_server_24/configurations/SecurityConfiguration.kt b/src/main/kotlin/me/gistory/newbies_server_24/configurations/SecurityConfiguration.kt index 63eca90..d7c9e44 100644 --- a/src/main/kotlin/me/gistory/newbies_server_24/configurations/SecurityConfiguration.kt +++ b/src/main/kotlin/me/gistory/newbies_server_24/configurations/SecurityConfiguration.kt @@ -4,7 +4,6 @@ import me.gistory.newbies_server_24.providers.TokenProvider import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.http.HttpMethod -import org.springframework.security.config.Customizer import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.http.SessionCreationPolicy From 5b388981b8e29747c4388ed373a3605d2f2497af Mon Sep 17 00:00:00 2001 From: 2paperstar Date: Sat, 31 Aug 2024 23:41:18 +0900 Subject: [PATCH 6/7] chore(ci/cd): use sha image tag type first --- .github/workflows/production.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/production.yaml b/.github/workflows/production.yaml index d6a6fd2..b78be9e 100644 --- a/.github/workflows/production.yaml +++ b/.github/workflows/production.yaml @@ -37,11 +37,11 @@ jobs: with: images: ${{ env.REGISTRY }}/${{ env.REPOSITORY }} tags: | + type=sha type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} - type=sha - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 From 80eb6dbec55a963946c902de2ad54c492316fae6 Mon Sep 17 00:00:00 2001 From: 2paperstar Date: Sat, 31 Aug 2024 23:52:25 +0900 Subject: [PATCH 7/7] fix: filter jwt iff token exist --- .../me/gistory/newbies_server_24/configurations/JwtFilter.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt index 3e07e38..fe65c74 100644 --- a/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt +++ b/src/main/kotlin/me/gistory/newbies_server_24/configurations/JwtFilter.kt @@ -12,8 +12,8 @@ import org.springframework.web.filter.GenericFilterBean class JwtFilter(private val tokenProvider: TokenProvider) : GenericFilterBean() { override fun doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain) { val request = req as HttpServletRequest - val token = resolveToken(request) ?: throw UnauthorizedException() - token.let { + val token = resolveToken(request) + token?.let { if (!tokenProvider.validateToken(it)) throw UnauthorizedException() tokenProvider.getAuthentication(it).let { authentication -> SecurityContextHolder.getContext().authentication = authentication