Merge pull request #24 from tripzzle/security-test

Security test

.github/workflows/gradle.yml

@@ -29,13 +29,6 @@ jobs:
         java-version: '17'
         distribution: 'temurin'
 
-    # (1) 기본 체크아웃
-    - name: Checkout
-      uses: actions/checkout@v3
-      with:
-        token: ${{ secrets.SUBMODULE_TOKEN }}
-        submodules: true
-
     # gradle caching
     - name: Gradle Caching
       uses: actions/cache@v3

README.md

@@ -3,7 +3,7 @@
 ### tools
 
 - Spring Framework 2.7.16
-- Java 17
+- Java 11
 
 - aws ec2 instance : ubuntu
 
@@ -13,14 +13,18 @@
 #### 1. project clone
 
 ```
-$ git clone --recurse-submodules {레포주소}
+$ git clone [repository HTTP or SSH]
 
-#### 서브모듈 업데이트하는 방법
-$ git submodule update --remote --merge
+# submodule 초기화
+$ git submodule init
+
+# submodule update
+$ git submodule update
+```
 
 #### 2. gradle
 ```
-# build.gralde에 아래 내용 없으면 추가
+# build.gralde에 아래 내용 추가
 
 # ./security에서 src/main/resouces로 폴더 copy
 processResources.dependsOn('copySecret')

src/main/java/com/tgd/trip/attraction/controller/AttractionController.java

@@ -4,10 +4,8 @@
 import com.tgd.trip.attraction.dto.AttractionDto;
 import com.tgd.trip.attraction.mapper.AttractionMapper;
 import com.tgd.trip.attraction.service.AttractionService;
-import com.tgd.trip.global.dto.PageResponse;
 import com.tgd.trip.global.util.Coordinate;
 import lombok.RequiredArgsConstructor;
-import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.web.PageableDefault;
 import org.springframework.http.HttpStatus;
@@ -27,22 +25,20 @@ public class AttractionController {
     @GetMapping("/all")
     public ResponseEntity<?> getAllAttractions(Coordinate coordinate,
                                                @RequestParam(name = "height", required = false) Double height,
-                                               @RequestParam(name = "width", required = false) Double width,
-                                               @PageableDefault(page = 1) Pageable pageable) {
-        Page<Attraction> attractions = attractionService.getAttractionsFromCenter(coordinate, height, width, pageable);
-        Page<AttractionDto.Response> responsePage = attractionMapper.entityToPageResponse(attractions);
+                                               @RequestParam(name = "width", required = false) Double width) {
+        System.out.println(coordinate.longitude() + " " + coordinate.latitude());
+        List<Attraction> attractions = attractionService.getAttractionsFromCenter(coordinate, height, width);
         List<AttractionDto.Response> responses = attractionMapper.entityToResponse(attractions);
-        return ResponseEntity.ok(new PageResponse<>(responses, responsePage));
+        return ResponseEntity.ok(responses);
     }
 
-    @GetMapping
-    public ResponseEntity<PageResponse<AttractionDto.Response>> getAttractions(@RequestParam String keyword,
-                                                                               @RequestParam(name = "sidoCode", required = false) Long sidoCode,
-                                                                               @PageableDefault(page = 1) Pageable pageable) {
-        Page<Attraction> attractions = attractionService.getAttractions(keyword, sidoCode, pageable);
-        Page<AttractionDto.Response> responsePage = attractionMapper.entityToPageResponse(attractions);
+    @GetMapping()
+    public ResponseEntity<?> getAttractions(@RequestParam(name = "sido_code", required = false) Long sidoCode,
+                                            @RequestParam(name = "gugun_code", required = false) Long gugunCode,
+                                            @PageableDefault Pageable pageable) {
+        List<Attraction> attractions = attractionService.getAttractions(gugunCode, sidoCode, pageable);
         List<AttractionDto.Response> responses = attractionMapper.entityToResponse(attractions);
-        return ResponseEntity.ok(new PageResponse<>(responses, responsePage));
+        return ResponseEntity.ok(responses);
     }
 
     @PostMapping(value = "{attraction-id}/wish")
@@ -58,18 +54,4 @@ public ResponseEntity<?> deleteAttractionBookmark(@PathVariable("attraction-id")
         attractionService.deleteBookmark(attractionId, userId);
         return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
     }
-
-    @PostMapping(value = "{attraction-id}/like")
-    public ResponseEntity<?> createAttractionLike(@PathVariable("attraction-id") Long attractionId,
-                                                  @RequestParam("userId") Long userId) {
-        attractionService.createLike(attractionId, userId);
-        return ResponseEntity.status(HttpStatus.CREATED).build();
-    }
-
-    @DeleteMapping(value = "{attraction-id}/like")
-    public ResponseEntity<?> deleteAttractionLike(@PathVariable("attraction-id") Long attractionId,
-                                                  @RequestParam("userId") Long userId) {
-        attractionService.deleteLike(attractionId, userId);
-        return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
-    }
 }

src/main/java/com/tgd/trip/attraction/domain/Attraction.java

@@ -5,8 +5,6 @@
 
 import javax.persistence.*;
 import javax.validation.constraints.NotNull;
-import java.util.ArrayList;
-import java.util.List;
 
 @Entity
 @Getter
@@ -43,13 +41,4 @@ public class Attraction extends BaseEntity {
             @JoinColumn(name = "sido_code")
     })
     private Gugun gugun;
-    @OneToMany(mappedBy = "attraction", cascade = CascadeType.PERSIST, fetch = FetchType.LAZY, orphanRemoval = true)
-    private List<AttractionLike> attractionLikes = new ArrayList<>();
-
-    public void addLike(AttractionLike attractionLike) {
-        if (!this.attractionLikes.contains(attractionLike)) {
-            attractionLikes.add(attractionLike);
-        }
-        attractionLike.setAttraction(this);
-    }
 }

src/main/java/com/tgd/trip/attraction/mapper/AttractionMapper.java

@@ -2,23 +2,15 @@
 
 import com.tgd.trip.attraction.domain.Attraction;
 import com.tgd.trip.attraction.dto.AttractionDto;
-import org.springframework.data.domain.Page;
 import org.springframework.stereotype.Component;
 
 import java.util.List;
+import java.util.stream.Collectors;
 
 @Component
 public class AttractionMapper {
 
-    public AttractionDto.Response entityToResponse(Attraction attraction) {
-        return new AttractionDto.Response(attraction);
-    }
-
-    public List<AttractionDto.Response> entityToResponse(Page<Attraction> attractions) {
-        return attractions.map(this::entityToResponse).stream().toList();
-    }
-
-    public Page<AttractionDto.Response> entityToPageResponse(Page<Attraction> attractions) {
-        return attractions.map(this::entityToResponse);
+    public List<AttractionDto.Response> entityToResponse(List<Attraction> attractions) {
+        return attractions.stream().map(AttractionDto.Response::new).collect(Collectors.toList());
     }
 }

src/main/java/com/tgd/trip/attraction/repository/AttractionRepository.java

@@ -1,20 +1,16 @@
 package com.tgd.trip.attraction.repository;
 
 import com.tgd.trip.attraction.domain.Attraction;
-import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.jpa.repository.JpaRepository;
 
 import java.util.List;
 
 public interface AttractionRepository extends JpaRepository<Attraction, Long> {
-    Page<Attraction> findAllByLatitudeBetweenAndLongitudeBetween(Double startLat, Double endLat, Double startLong, Double endLong, Pageable pageable);
+    List<Attraction> findAllByLatitudeBetweenAndLongitudeBetween(Double startLat, Double endLat, Double startLong, Double endLong);
 
     List<Attraction> findAllByGugun_IdGugunCodeAndGugun_IdSidoCode(Long gugunCode, Long sidoCode, Pageable pageable);
 
-    Page<Attraction> findAllByTitleContainingAndSido_SidoCode(String keyword, Long sidoCode, Pageable pageable);
-
     List<Attraction> findAllBySido_SidoCode(Long sidoCode);
-
-    Page<Attraction> findAllByTitleContaining(String title, Pageable pageable);
+    List<Attraction> findAllByTitleContaining(String title);
 }

src/main/java/com/tgd/trip/attraction/service/AttractionService.java

@@ -1,7 +1,9 @@
 package com.tgd.trip.attraction.service;
 
-import com.tgd.trip.attraction.domain.*;
-import com.tgd.trip.attraction.repository.*;
+import com.tgd.trip.attraction.domain.Attraction;
+import com.tgd.trip.attraction.domain.AttractionBookmark;
+import com.tgd.trip.attraction.repository.AttractionBookmarkRepository;
+import com.tgd.trip.attraction.repository.AttractionRepository;
 import com.tgd.trip.global.exception.CustomException;
 import com.tgd.trip.global.exception.ErrorCode;
 import com.tgd.trip.global.util.Coordinate;
@@ -10,10 +12,11 @@
 import com.tgd.trip.user.service.UserService;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.data.domain.*;
+import org.springframework.data.domain.Pageable;
 import org.springframework.stereotype.Service;
 
 import javax.transaction.Transactional;
+import java.util.List;
 
 @Service
 @RequiredArgsConstructor
@@ -22,23 +25,20 @@ public class AttractionService {
 
     private final AttractionRepository attractionRepository;
     private final AttractionBookmarkRepository attractionBookmarkRepository;
-    private final AttractionLikeRepository attractionLikeRepository;
     private final UserService userService;
 
-    public Page<Attraction> getAttractionsFromCenter(Coordinate center, Double height, Double width, Pageable pageable) {
+    public List<Attraction> getAttractionsFromCenter(Coordinate center, Double height, Double width) {
         Pair<Coordinate> squareCoordinate = center.getSquareCoordinate(height, width);
         Coordinate topLeft = squareCoordinate.first();
         Coordinate bottomRight = squareCoordinate.second();
         log.debug("찾고자 하는 상단 좌표 : " + topLeft + ", 하단 좌표" + bottomRight);
-        Page<Attraction> attractions = attractionRepository.findAllByLatitudeBetweenAndLongitudeBetween(topLeft.latitude(), bottomRight.latitude(), topLeft.longitude(), bottomRight.longitude(), pageable);
+        List<Attraction> attractions = attractionRepository.findAllByLatitudeBetweenAndLongitudeBetween(topLeft.latitude(), bottomRight.latitude(), topLeft.longitude(), bottomRight.longitude());
         return attractions;
     }
 
-    public Page<Attraction> getAttractions(String keywowrd, Long sidoCode, Pageable pageable) {
-        if (sidoCode == null) {
-            return attractionRepository.findAllByTitleContaining(keywowrd, pageable);
-        }
-        return attractionRepository.findAllByTitleContainingAndSido_SidoCode(keywowrd, sidoCode, PageRequest.of(pageable.getPageNumber() - 1, pageable.getPageSize()));
+    public List<Attraction> getAttractions(Long gugunCode, Long sidoCode, Pageable pageable) {
+        log.debug("구군 코드 : " + gugunCode + ", 시도 코드 :" + sidoCode);
+        return attractionRepository.findAllByGugun_IdGugunCodeAndGugun_IdSidoCode(gugunCode, sidoCode, pageable.previousOrFirst());
     }
 
     public Attraction getAttraction(Long attractionId) {
@@ -61,26 +61,4 @@ public void deleteBookmark(Long attractionId, Long userId) {
         Attraction findAttraction = getAttraction(attractionId);
         attractionBookmarkRepository.deleteByUserAndAttraction(findUser, findAttraction);
     }
-
-    @Transactional
-    public void createLike(Long attractionId, Long userId) {
-        User findUser = userService.getVerifyUser(userId);
-        Attraction findAttraction = getAttraction(attractionId);
-
-        // 유저가 해당 관광지를 좋아요 했다면 더 이상 좋아요 불가능
-        if (attractionLikeRepository.existsByUserAndAttraction(findUser, findAttraction)) {
-            throw new CustomException(ErrorCode.TOO_MANY_LIKES);
-        }
-
-        AttractionLike attractionLike = new AttractionLike(findUser);
-        findAttraction.addLike(attractionLike);
-        attractionLikeRepository.save(attractionLike);
-    }
-
-    @Transactional
-    public void deleteLike(Long attractionId, Long userId) {
-        User findUser = userService.getVerifyUser(userId);
-        Attraction findAttraction = getAttraction(attractionId);
-        attractionLikeRepository.deleteByUserAndAttraction(findUser, findAttraction);
-    }
 }

src/main/java/com/tgd/trip/global/exception/ErrorCode.java

@@ -9,11 +9,8 @@
 public enum ErrorCode {
     SCHEDULE_NOT_FOUND(HttpStatus.NOT_FOUND, "스케줄이 존재하지 않습니다."),
     DAY_NOT_FOUND(HttpStatus.NOT_FOUND, "일자가 존재하지 않습니다."),
-    ATTRACTION_NOT_FOUND(HttpStatus.NOT_FOUND, "관광지가 존재하지 않습니다."),
-    COMMENT_NOT_FOUND(HttpStatus.NOT_FOUND, "댓글이 존재하지 않습니다."),
-    DIFFERENT_USER(HttpStatus.FORBIDDEN, "같은 사용자가 아닙니다."),
-    TOO_MANY_LIKES(HttpStatus.TOO_MANY_REQUESTS, "이미 좋아요를 했습니다."),
-    USER_NOT_FOUND(HttpStatus.NOT_FOUND, "사용자가 존재하지 않습니다.");
+    ATTRACTION_NOT_FOUND(HttpStatus.NOT_FOUND, "관광지가 존재하지 않습니다.");
+    ;
 
     private final HttpStatus httpStatus;
     private final String message;