next-step · SANGHEEJEONG · Dec 24, 2024 · Dec 25, 2024 · Dec 26, 2024 · Dec 26, 2024
diff --git a/README.md b/README.md
@@ -0,0 +1,79 @@
+# 🌀 Spring MVC (인증)
+
+# 1단계
+___
+## 로그인 페이지
+   + 이메일, 비밀번호 입력
+## 로그인 요청
+   + 이메일, 비밀번호 -> 멤버 조회
+   + 조회한 멤버로 토큰 발급
+   + Cookie를 만들어 응답
+## 인증 정보 조회
+   + Cookie -> 토큰 정보 추출
+   + 멤버를 찾아서 응답
+## API
++ GET/login : 로그인 페이지 호출
++ POST/login : 로그인 요청
++ GET/login/check : 인증 정보 조회
+
+# 2단계
+___
+## 로그인 리팩터링
+#### HandlerMethodArgumentResolver
++ 컨트롤러 메서드 파라미터로 자동 주입
+
+## 예약 생성 기능 변경
++ 예약 : ReservationRequest(요청 DTO)
+    -> name이 있으면 name으로 Member 찾기
+    -> name이 없으면 Cookie에 담긴 정보 활용
+
+# 3단계
+___
+## 관리자 기능
++ admin 페이지 진입 (HandlerInterceptor 이용)
+    -> 관리자 : 진입 가능
+    -> 관리자 X : 401 코드 응답
+
+# 🌀 Spring JPA (인증)
+
+# 4단계
+___
+## JPA 전환
++ 엔티티 & 연관 관계 매핑
++ DAO -> JpaRepository를 상속받는 Repository로 대체
+
+# 5단계
+___
+## 내 예약 목록 조회
++ 응답 DTO -> 예약 아이디, 테마, 날짜, 시간, 상태를 포함
+## 예약 테이블 수정
++ 관리자 예약 (어드민 화면) : name을 string으로 전달
++ 사용자 예약 (예약 화면) : 로그인 정보를 이용해 Member ID 저장
+## API
++ GET/reservation-mine : reservation-mine 페이지 응답
++ GET/reservations-mine : 내 예약 목록 조회
+
+# 6단계
+___
+## 예약 대기
++ 요청 
++ 취소
++ 조회 : N번 째 예약 대기인지 표시
+## API
++ POST/waitings : 예약 대기 생성
++ DELETE/waitings/{id} : 예약 삭제 
+
+# 7단계
+___
+## @Configuration
++ JWT 관련 로직 auth 패키지(roomescape 외부 패키지)로 분리
+
+# 8단계
+___
+## Profile과 Resource
+### 1. schema.sql 대신 데이터베이스 초기화 클래스 만들기
+#### < DataLoader >
++ DataLoader : 사용자 정보 초기화 
++ TestDataLoader : 테스트에 필요한 사전 값 초기화
+
+### 2. secret key 값을 properties 파일로 이동
diff --git a/build.gradle b/build.gradle
@@ -15,14 +15,20 @@ repositories {
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
-    implementation 'org.springframework.boot:spring-boot-starter-jdbc'
+    // implementation 'org.springframework.boot:spring-boot-starter-jdbc'
+    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 
     implementation 'dev.akkinoc.spring.boot:logback-access-spring-boot-starter:4.0.0'
 
     implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
     implementation 'io.jsonwebtoken:jjwt-impl:0.11.2'
     implementation 'io.jsonwebtoken:jjwt-gson:0.11.2'
 
+    compileOnly 'org.projectlombok:lombok'
+    annotationProcessor 'org.projectlombok:lombok'
+    testCompileOnly 'org.projectlombok:lombok'
+    testAnnotationProcessor 'org.projectlombok:lombok'
+
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation 'io.rest-assured:rest-assured:5.3.1'
 

diff --git a/src/main/java/auth/AuthClaims.java b/src/main/java/auth/AuthClaims.java
@@ -0,0 +1,8 @@
+package auth;
+
+public record AuthClaims(
+        Long id,
+        String name,
+        String role
+) {
+}
diff --git a/src/main/java/auth/AuthClaimsArgumentResolver.java b/src/main/java/auth/AuthClaimsArgumentResolver.java
@@ -0,0 +1,32 @@
+package auth;
+
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.RequiredArgsConstructor;
+import org.springframework.core.MethodParameter;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.context.request.ServletWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+// @Component
+@RequiredArgsConstructor
+public class AuthClaimsArgumentResolver implements HandlerMethodArgumentResolver {
+
+    private final JWTUtils jwtUtils;
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.hasParameterAnnotation(AuthCustomAnnotation.class) &&
+                parameter.getParameterType().equals(AuthClaims.class);
+    }
+
+    @Override
+    public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
+        HttpServletRequest request = ((ServletWebRequest) webRequest).getRequest();
+        String token = jwtUtils.extractToken(request).token();
+
+        return jwtUtils.getClaimsFromToken(token);
+    }
+}
+
diff --git a/src/main/java/auth/AuthConfig.java b/src/main/java/auth/AuthConfig.java
@@ -0,0 +1,23 @@
+package auth;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class AuthConfig {
+
+    @Bean
+    public JWTUtils jwtUtils() {
+        return new JWTUtils();
+    }
+
+    @Bean
+    public AuthClaimsArgumentResolver authClaimsArgumentResolver(JWTUtils jwtUtils) {
+        return new AuthClaimsArgumentResolver(jwtUtils);
+    }
+
+    @Bean
+    public AuthRoleInterceptor authRoleInterceptor(JWTUtils jwtUtils) {
+        return new AuthRoleInterceptor(jwtUtils);
+    }
+}
diff --git a/src/main/java/auth/AuthCustomAnnotation.java b/src/main/java/auth/AuthCustomAnnotation.java
@@ -0,0 +1,13 @@
+package auth;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.PARAMETER)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface AuthCustomAnnotation {
+}
diff --git a/src/main/java/auth/AuthRoleInterceptor.java b/src/main/java/auth/AuthRoleInterceptor.java
@@ -0,0 +1,25 @@
+package auth;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+// @Component
+@RequiredArgsConstructor
+public class AuthRoleInterceptor implements HandlerInterceptor {
+
+    private final JWTUtils jwtUtils;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        String token = jwtUtils.extractToken(request).token();
+
+        if (!jwtUtils.getClaimsFromToken(token).role().equals("ADMIN")) {
+            response.setStatus(401);
+            return false;
+        }
+
+        return true;
+    }
+}
diff --git a/src/main/java/auth/AuthToken.java b/src/main/java/auth/AuthToken.java
@@ -0,0 +1,6 @@
+package auth;
+
+public record AuthToken(
+        String token
+) {
+}
diff --git a/src/main/java/auth/AuthWebConfig.java b/src/main/java/auth/AuthWebConfig.java
@@ -0,0 +1,27 @@
+package auth;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.List;
+
+@Configuration
+@RequiredArgsConstructor
+public class AuthWebConfig implements WebMvcConfigurer {
+
+    private final AuthClaimsArgumentResolver authClaimsArgumentResolver;
+    private final AuthRoleInterceptor authRoleInterceptor;
+
+    @Override
+    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
+        resolvers.add(authClaimsArgumentResolver);
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(authRoleInterceptor).addPathPatterns("/admin/**");
+    }
+}
diff --git a/src/main/java/auth/JWTUtils.java b/src/main/java/auth/JWTUtils.java
@@ -0,0 +1,69 @@
+package auth;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.JwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.beans.factory.annotation.Value;
+import roomescape.exception.InvalidTokenException;
+import roomescape.exception.MissingTokenException;
+import roomescape.member.Member;
+
+import java.util.Arrays;
+
+// @Component
+public class JWTUtils {
+
+    @Value("${roomescape.auth.jwt.secret}")
+    private String secretKey;
+
+    public AuthToken createToken(Member member) {
+        String accessToken = Jwts.builder()
+                .setSubject(member.getId().toString())
+                .claim("name", member.getName())
+                .claim("role", member.getRole())
+                .signWith(Keys.hmacShaKeyFor(secretKey.getBytes()))
+                .compact();
+
+        return new AuthToken(accessToken);
+    }
+
+    public AuthToken extractToken(HttpServletRequest request){
+        String token = Arrays.stream(request.getCookies())
+                .filter(cookie -> "token".equals(cookie.getName()))
+                .findFirst()
+                .map(Cookie::getValue)
+                .orElseThrow(() -> new MissingTokenException("토큰을 찾을 수 없습니다."));
+
+        return new AuthToken(token);
+    }
+
+    public AuthClaims getClaimsFromToken(String token) {
+        if (token == null || token.isBlank()) {
+            throw new MissingTokenException("토큰이 비어있습니다.");
+        }
+
+        try {
+            Claims claims = Jwts.parserBuilder()
+                    .setSigningKey(Keys.hmacShaKeyFor(secretKey.getBytes()))
+                    .build()
+                    .parseClaimsJws(token)
+                    .getBody();
+
+            Long id = Long.parseLong(claims.getSubject());
+            String name = claims.get("name", String.class);
+            String role = claims.get("role", String.class);
+
+            if (id == null || name == null || role == null) {
+                throw new InvalidTokenException("필수 클레임이 누락되었습니다.");
+            }
+
+            return new AuthClaims(id, name, role);
+
+        } catch (JwtException e) {
+            throw new InvalidTokenException("유효하지 않은 토큰입니다.");
+        }
+    }
+}
diff --git a/src/main/java/roomescape/DataLoader.java b/src/main/java/roomescape/DataLoader.java
@@ -0,0 +1,22 @@
+package roomescape;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+import roomescape.member.Member;
+import roomescape.member.MemberRepository;
+
+@Profile("prod")
+@Component
+@RequiredArgsConstructor
+public class DataLoader implements CommandLineRunner {
+
+    private final MemberRepository memberRepository;
+
+    @Override
+    public void run(String... args) throws Exception {
+        memberRepository.save(new Member("어드민", "[email protected]", "password", "ADMIN"));
+        memberRepository.save(new Member("브라운", "[email protected]", "password", "USER"));
+    }
+}
diff --git a/src/main/java/roomescape/ExceptionController.java b/src/main/java/roomescape/ExceptionController.java
diff --git a/src/main/java/roomescape/RoomescapeApplication.java b/src/main/java/roomescape/RoomescapeApplication.java
@@ -2,8 +2,10 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.ComponentScan;
 
 @SpringBootApplication
+@ComponentScan(basePackages = {"auth","roomescape"})
 public class RoomescapeApplication {
     public static void main(String[] args) {
         SpringApplication.run(RoomescapeApplication.class, args);