[Sping MVC(인증)] 김예진 미션 제출합니다.

src/main/java/roomescape/auth/AdminRoleCheckInterceptor.java

@@ -0,0 +1,27 @@
+package roomescape.auth;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+import roomescape.member.MemberService;
+
+@Component
+public class AdminRoleCheckInterceptor implements HandlerInterceptor {
+
+    private final MemberService memberService;
+
+    public AdminRoleCheckInterceptor(final MemberService memberService) {
+        this.memberService = memberService;
+    }
+
+    @Override
+    public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler) throws Exception {
+        LoginMember member = memberService.parseTokenAndGetMemberInfo(request.getCookies());
+        if (member == null || !member.getRole().equals("ADMIN")) {
+            response.setStatus(401);
+            return false;
+        }
+        return true;
+    }
+}

src/main/java/roomescape/auth/LoginMember.java

@@ -0,0 +1,32 @@
+package roomescape.auth;
+
+public class LoginMember {
+
+    private Long id;
+    private String name;
+    private String email;
+    private String role;
+
+    public LoginMember(final Long id, final String name, final String email, final String role) {
+        this.id = id;
+        this.name = name;
+        this.email = email;
+        this.role = role;
+    }
+
+    public Long getId() {
+        return id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public String getEmail() {
+        return email;
+    }
+
+    public String getRole() {
+        return role;
+    }
+}

src/main/java/roomescape/auth/LoginMemberArgumentResolver.java

@@ -0,0 +1,35 @@
+package roomescape.auth;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.core.MethodParameter;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+import roomescape.member.MemberService;
+
+@Component
+public class LoginMemberArgumentResolver implements HandlerMethodArgumentResolver {
+
+    private final MemberService memberService;
+
+    public LoginMemberArgumentResolver(final MemberService memberService) {
+        this.memberService = memberService;
+    }
+
+    @Override
+    public boolean supportsParameter(final MethodParameter parameter) {
+        return parameter.getParameterType().equals(LoginMember.class);
+    }
+
+    @Override
+    public Object resolveArgument(final MethodParameter parameter, final ModelAndViewContainer mavContainer, final NativeWebRequest webRequest, final WebDataBinderFactory binderFactory) throws Exception {
+        HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest();
+        Cookie[] cookies = request.getCookies();
+        return memberService.parseTokenAndGetMemberInfo(cookies);
+    }
+
+
+}

src/main/java/roomescape/auth/LoginRequest.java

@@ -0,0 +1,14 @@
+package roomescape.auth;
+
+public class LoginRequest {
+    private String email;
+    private String password;
+
+    public String getEmail() {
+        return email;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+}

src/main/java/roomescape/config/WebConfig.java

@@ -0,0 +1,33 @@
+package roomescape.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import roomescape.auth.AdminRoleCheckInterceptor;
+import roomescape.auth.LoginMemberArgumentResolver;
+
+import java.util.List;
+
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+
+    private final LoginMemberArgumentResolver loginMemberArgumentResolver;
+    private final AdminRoleCheckInterceptor adminRoleCheckInterceptor;
+
+    public WebConfig(final LoginMemberArgumentResolver loginMemberArgumentResolver, final AdminRoleCheckInterceptor adminRoleCheckInterceptor) {
+        this.loginMemberArgumentResolver = loginMemberArgumentResolver;
+        this.adminRoleCheckInterceptor = adminRoleCheckInterceptor;
+    }
+
+    @Override
+    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
+        resolvers.add(loginMemberArgumentResolver);
+    }
+
+    @Override
+    public void addInterceptors(final InterceptorRegistry registry) {
+        registry.addInterceptor(adminRoleCheckInterceptor)
+                .addPathPatterns("/admin/**");
+    }
+}

src/main/java/roomescape/member/MemberController.java

@@ -3,11 +3,16 @@
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
+import roomescape.auth.LoginMember;
+import roomescape.auth.LoginRequest;
+import roomescape.token.TokenResponse;
 
 import java.net.URI;
 
@@ -19,6 +24,27 @@ public MemberController(MemberService memberService) {
         this.memberService = memberService;
     }
 
+    @PostMapping("/login")
+    public ResponseEntity<Void> login(@RequestBody LoginRequest loginRequest) {
+        TokenResponse token = memberService.getAccessToken(loginRequest.getEmail(), loginRequest.getPassword());
+        ResponseCookie cookie = ResponseCookie.from("token", token.getAccessToken())
+                .httpOnly(true)
+                .path("/")
+                .build();
+
+        return ResponseEntity.ok()
+                .header(HttpHeaders.SET_COOKIE, cookie.toString())
+                .build();
+    }
+
+    @GetMapping("/login/check")
+    public ResponseEntity<MemberResponse> loingCheck(HttpServletRequest request) {
+        Cookie[] cookies = request.getCookies();
+        LoginMember loginMember = memberService.parseTokenAndGetMemberInfo(cookies);
+        MemberResponse response = new MemberResponse(loginMember.getId(), loginMember.getName(), loginMember.getEmail());
+        return ResponseEntity.ok().body(response);
+    }
+
     @PostMapping("/members")
     public ResponseEntity createMember(@RequestBody MemberRequest memberRequest) {
         MemberResponse member = memberService.createMember(memberRequest);

src/main/java/roomescape/member/MemberService.java

@@ -1,17 +1,51 @@
 package roomescape.member;
 
+import jakarta.servlet.http.Cookie;
 import org.springframework.stereotype.Service;
+import roomescape.auth.LoginMember;
+import roomescape.token.TokenParser;
+import roomescape.token.TokenProvider;
+import roomescape.token.TokenResponse;
 
 @Service
 public class MemberService {
-    private MemberDao memberDao;
+    private final MemberDao memberDao;
+    private final TokenProvider tokenProvider;
+    private final TokenParser tokenParser;
 
-    public MemberService(MemberDao memberDao) {
+    public MemberService(final MemberDao memberDao, final TokenProvider tokenProvider, final TokenParser tokenParser) {
         this.memberDao = memberDao;
+        this.tokenProvider = tokenProvider;
+        this.tokenParser = tokenParser;
     }
 
     public MemberResponse createMember(MemberRequest memberRequest) {
         Member member = memberDao.save(new Member(memberRequest.getName(), memberRequest.getEmail(), memberRequest.getPassword(), "USER"));
         return new MemberResponse(member.getId(), member.getName(), member.getEmail());
     }
+
+    public TokenResponse getAccessToken(String email, String password) {
+        Member member = getMember(email, password);
+        String token = tokenProvider.createAccessToken(member);
+        return new TokenResponse(token);
+    }
+
+    public LoginMember parseTokenAndGetMemberInfo(Cookie[] cookies) {
+
+        String token = "";
+        for (Cookie cookie : cookies) {
+            if (cookie.getName().equals("token"))
+                token = cookie.getValue();
+        }
+
+        if (token.isEmpty()) throw new IllegalArgumentException("로그인하지 않은 사용자입니다.");
+
+        return tokenParser.paseMemberInfo(token);
+    }
+
+    private Member getMember(String email, String password) {
+        Member member = memberDao.findByEmailAndPassword(email, password);
+        if (member == null) throw new IllegalArgumentException("등록되지 않은 사용자입니다.");
+        return member;
+    }
 }

src/main/java/roomescape/reservation/ReservationController.java

@@ -7,6 +7,7 @@
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
+import roomescape.auth.LoginMember;
 
 import java.net.URI;
 import java.util.List;
@@ -26,15 +27,15 @@ public List<ReservationResponse> list() {
     }
 
     @PostMapping("/reservations")
-    public ResponseEntity create(@RequestBody ReservationRequest reservationRequest) {
-        if (reservationRequest.getName() == null
-                || reservationRequest.getDate() == null
+    public ResponseEntity create(@RequestBody ReservationRequest reservationRequest, LoginMember loginMember) {
+
+        if (reservationRequest.getDate() == null
                 || reservationRequest.getTheme() == null
                 || reservationRequest.getTime() == null) {
             return ResponseEntity.badRequest().build();
         }
-        ReservationResponse reservation = reservationService.save(reservationRequest);
 
+        ReservationResponse reservation = reservationService.save(reservationRequest, loginMember);
         return ResponseEntity.created(URI.create("/reservations/" + reservation.getId())).body(reservation);
     }
 

src/main/java/roomescape/reservation/ReservationRequest.java

@@ -6,6 +6,13 @@ public class ReservationRequest {
     private Long theme;
     private Long time;
 
+    public ReservationRequest(final String name, final String date, final Long theme, final Long time) {
+        this.name = name;
+        this.date = date;
+        this.theme = theme;
+        this.time = time;
+    }
+
     public String getName() {
         return name;
     }

src/main/java/roomescape/reservation/ReservationService.java

@@ -1,6 +1,7 @@
 package roomescape.reservation;
 
 import org.springframework.stereotype.Service;
+import roomescape.auth.LoginMember;
 
 import java.util.List;
 
@@ -12,12 +13,19 @@ public ReservationService(ReservationDao reservationDao) {
         this.reservationDao = reservationDao;
     }
 
-    public ReservationResponse save(ReservationRequest reservationRequest) {
+    public ReservationResponse save(ReservationRequest reservationRequest, LoginMember loginMember) {
+        reservationRequest = replaceNameIfEmpty(reservationRequest, loginMember);
         Reservation reservation = reservationDao.save(reservationRequest);
-
         return new ReservationResponse(reservation.getId(), reservationRequest.getName(), reservation.getTheme().getName(), reservation.getDate(), reservation.getTime().getValue());
     }
 
+    private ReservationRequest replaceNameIfEmpty(ReservationRequest request, LoginMember loginMember) {
+        if (request.getName() == null || request.getName().isBlank()) {
+            return new ReservationRequest(loginMember.getName(), request.getDate(), request.getTheme(), request.getTime());
+        }
+        return request;
+    }
+
     public void deleteById(Long id) {
         reservationDao.deleteById(id);
     }

src/main/java/roomescape/token/TokenParser.java

@@ -0,0 +1,35 @@
+package roomescape.token;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+import roomescape.auth.LoginMember;
+
+import java.util.Base64;
+
+@Component
+public class TokenParser {
+
+    @Value("${roomescape.auth.jwt.secret}")
+    private String secretKey;
+
+    public LoginMember paseMemberInfo(String token) {
+        Claims claims = Jwts.parserBuilder()
+                .setSigningKey(Keys.hmacShaKeyFor(Base64.getDecoder().decode(secretKey)))
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+
+        String name = claims.get("name", String.class);
+        String email = claims.get("email", String.class);
+        String role = claims.get("role", String.class);
+        long id = Long.parseLong(claims.getSubject());
+
+        return new LoginMember(id, name, email, role);
+
+
+    }
+
+}

src/main/java/roomescape/token/TokenProvider.java

@@ -0,0 +1,38 @@
+package roomescape.token;
+
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+import roomescape.member.Member;
+
+import java.util.Base64;
+import java.util.Date;
+
+@Component
+public class TokenProvider {
+
+    @Value("${roomescape.auth.jwt.secret}")
+    private String secretKey;
+
+    @Value("${roomescape.auth.jwt.token.expire-length}")
+    private long expire;
+
+    public String createAccessToken(Member member) {
+        Date now = new Date();
+        Date validity = new Date(now.getTime() + expire);
+        return Jwts.builder()
+                .setSubject(Long.toString(member.getId()))
+                .claim("name", member.getName())
+                .claim("role", member.getRole())
+                .claim("email", member.getEmail())
+                .setIssuedAt(now)
+                .setExpiration(validity)
+                .signWith(
+                        Keys.hmacShaKeyFor(Base64.getDecoder().decode(secretKey)),
+                        SignatureAlgorithm.HS256
+                )
+                .compact();
+    }
+}