🔀 :: Security 및 Jwt 세팅

src/main/kotlin/andreas311/miso/domain/auth/application/port/output/PasswordEncodePort.kt

@@ -0,0 +1,7 @@
+package andreas311.miso.domain.auth.application.port.output
+
+interface PasswordEncodePort {
+    fun passwordEncode(password: String): String
+
+    fun isPasswordMatch(password: String, passwordCheck: String): Boolean
+}

src/main/kotlin/andreas311/miso/domain/auth/application/port/output/TokenGeneratePort.kt

@@ -0,0 +1,8 @@
+package andreas311.miso.domain.auth.application.port.output
+
+import andreas311.miso.domain.auth.application.port.output.dto.TokenDto
+import andreas311.miso.domain.user.domain.Role
+
+interface TokenGeneratePort {
+    fun generateToken(email: String, role: Role): TokenDto
+}

src/main/kotlin/andreas311/miso/domain/auth/application/port/output/TokenParsePort.kt

@@ -0,0 +1,12 @@
+package andreas311.miso.domain.auth.application.port.output
+
+import org.springframework.security.core.Authentication
+import javax.servlet.http.HttpServletRequest
+
+interface TokenParsePort {
+    fun parseAccessToken(request: HttpServletRequest): String?
+
+    fun parseRefreshTokenToken(refreshToken: String): String?
+
+    fun authentication(token: String): Authentication
+}

src/main/kotlin/andreas311/miso/domain/auth/application/port/output/UserSecurityPort.kt

@@ -0,0 +1,7 @@
+package andreas311.miso.domain.auth.application.port.output
+
+import andreas311.miso.domain.user.domain.User
+
+interface UserSecurityPort {
+    fun currentUser(): User
+}

src/main/kotlin/andreas311/miso/domain/auth/application/port/output/dto/TokenDto.kt

@@ -0,0 +1,20 @@
+package andreas311.miso.domain.auth.application.port.output.dto
+
+import java.time.LocalDateTime
+import java.time.format.DateTimeFormatter
+
+data class TokenDto(
+    val accessToken: String,
+    val refreshToken: String,
+    val accessExp: Long,
+    val refreshExp: Long
+) {
+    override fun toString(): String {
+        val formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss")
+        return "{" +
+            "\"accessToken\":" + "\"" + this.accessToken + "\"," +
+            "\"refreshToken\":" + "\"" + this.refreshToken + "\"," +
+            "\"accessTokenExpiredAt\":" + "\"" + LocalDateTime.now().plusSeconds(this.accessExp).format(formatter) + "\"," +
+            "\"refreshTokenExpiredAt\":" + "\"" + LocalDateTime.now().plusSeconds(this.refreshExp).format(formatter) + "\"}"
+    }
+}

src/main/kotlin/andreas311/miso/domain/user/adapter/output/persistence/QueryUserPersistenceAdapter.kt

@@ -0,0 +1,18 @@
+package andreas311.miso.domain.user.adapter.output.persistence
+
+import andreas311.miso.domain.user.adapter.output.persistence.mapper.UserMapper
+import andreas311.miso.domain.user.adapter.output.persistence.repository.UserRepository
+import andreas311.miso.domain.user.application.port.output.QueryUserPort
+import andreas311.miso.domain.user.domain.User
+import org.springframework.stereotype.Component
+
+@Component
+class QueryUserPersistenceAdapter(
+    private val userRepository: UserRepository,
+    private val userMapper: UserMapper
+): QueryUserPort {
+    override fun findByEmailOrNull(email: String): User? {
+        val userEntity = userRepository.findByEmail(email)
+        return userMapper.toDomain(userEntity)
+    }
+}

src/main/kotlin/andreas311/miso/domain/user/adapter/output/persistence/entity/UserEntity.kt

@@ -0,0 +1,30 @@
+package andreas311.miso.domain.user.adapter.output.persistence.entity
+
+import andreas311.miso.domain.user.domain.Role
+import org.hibernate.annotations.GenericGenerator
+import java.util.*
+import javax.persistence.*
+
+@Entity
+@Table(name = "user")
+class UserEntity(
+    @Id
+    @GeneratedValue(generator = "uuid2")
+    @GenericGenerator(name = "uuid2", strategy = "uuid2")
+    @Column(columnDefinition = "BINARY(16)")
+    var id: UUID,
+
+    @Column(name = "email", nullable = false)
+    val email: String,
+
+    @Column(name = "password", nullable = false)
+    val password: String,
+
+    @Column(name = "point", nullable = false)
+    var point: Int = 0,
+
+    @Enumerated(EnumType.STRING)
+    @ElementCollection(fetch = FetchType.EAGER)
+    @CollectionTable(name = "Role", joinColumns = [JoinColumn(name = "user_id")])
+    val role: MutableList<Role>
+)

src/main/kotlin/andreas311/miso/domain/user/adapter/output/persistence/mapper/UserMapper.kt

@@ -0,0 +1,19 @@
+package andreas311.miso.domain.user.adapter.output.persistence.mapper
+
+import andreas311.miso.domain.user.adapter.output.persistence.entity.UserEntity
+import andreas311.miso.domain.user.domain.User
+import org.springframework.stereotype.Component
+
+@Component
+class UserMapper {
+    fun toDomain(entity: UserEntity?): User? =
+        entity?.let {
+            User(
+                id = entity.id,
+                email = entity.email,
+                password = entity.password,
+                point = entity.point,
+                role = entity.role
+            )
+        }
+}

src/main/kotlin/andreas311/miso/domain/user/adapter/output/persistence/repository/UserRepository.kt

@@ -0,0 +1,9 @@
+package andreas311.miso.domain.user.adapter.output.persistence.repository
+
+import andreas311.miso.domain.user.adapter.output.persistence.entity.UserEntity
+import org.springframework.data.repository.CrudRepository
+import java.util.UUID
+
+interface UserRepository: CrudRepository<UserEntity, UUID> {
+    fun findByEmail(email: String): UserEntity?
+}

src/main/kotlin/andreas311/miso/domain/user/application/exception/UserNotFoundException.kt

@@ -0,0 +1,6 @@
+package andreas311.miso.domain.user.application.exception
+
+import andreas311.miso.global.error.ErrorCode
+import andreas311.miso.global.error.exception.MisoException
+
+class UserNotFoundException: MisoException(ErrorCode.USER_NOT_FOUND)

src/main/kotlin/andreas311/miso/domain/user/application/port/output/QueryUserPort.kt

@@ -0,0 +1,7 @@
+package andreas311.miso.domain.user.application.port.output
+
+import andreas311.miso.domain.user.domain.User
+
+interface QueryUserPort {
+    fun findByEmailOrNull(email: String): User?
+}

src/main/kotlin/andreas311/miso/domain/user/domain/Role.kt

@@ -0,0 +1,9 @@
+package andreas311.miso.domain.user.domain
+
+import org.springframework.security.core.GrantedAuthority
+
+enum class Role : GrantedAuthority {
+    ROLE_USER, ROLE_ADMIN;
+
+    override fun getAuthority(): String = name
+}

src/main/kotlin/andreas311/miso/domain/user/domain/User.kt

@@ -0,0 +1,25 @@
+package andreas311.miso.domain.user.domain
+
+import java.util.*
+
+data class User(
+    var id: UUID,
+    val email: String,
+    val password: String,
+    var point: Int,
+    val role: MutableList<Role>
+) {
+    fun addPoint(point: Int): User {
+        synchronized(this) {
+            this.point += point
+        }
+        return this
+    }
+
+    fun removePoint(point: Int): User {
+        synchronized(this) {
+            this.point -= point
+        }
+        return this
+    }
+}

src/main/kotlin/andreas311/miso/global/config/PropertiesScanConfig.kt

@@ -1,13 +1,17 @@
 package andreas311.miso.global.config
 
 import andreas311.miso.global.redis.properties.RedisProperties
+import andreas311.miso.global.security.jwt.common.properties.JwtProperties
+import andreas311.miso.global.security.jwt.common.properties.JwtTimeProperties
 import org.springframework.boot.context.properties.ConfigurationPropertiesScan
 import org.springframework.context.annotation.Configuration
 
 @Configuration
 @ConfigurationPropertiesScan(
     basePackageClasses = [
-        RedisProperties::class
+        RedisProperties::class,
+        JwtProperties::class,
+        JwtTimeProperties::class
     ]
 )
 class PropertiesScanConfig

src/main/kotlin/andreas311/miso/global/error/ErrorCode.kt

@@ -18,6 +18,7 @@ enum class ErrorCode(
     // TOKEN
     TOKEN_IS_EXPIRED(401, "토큰이 만료 되었습니다."),
     TOKEN_NOT_VALID(401, "토큰이 유효 하지 않습니다."),
+    TOKEN_TYPE_NOT_VALID(401, "토큰 타입이 유효하지 않습니다"),
 
     // USER
     EMAIL_KEY_IS_INVALID(401, "이메일 인증번호가 일치하지 않습니다."),

src/main/kotlin/andreas311/miso/global/security/adapter/PasswordEncodeAdapter.kt

@@ -0,0 +1,17 @@
+package andreas311.miso.global.security.adapter
+
+import andreas311.miso.domain.auth.application.port.output.PasswordEncodePort
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.stereotype.Component
+
+@Component
+class PasswordEncodeAdapter(
+    private val passwordEncoder: PasswordEncoder
+): PasswordEncodePort {
+    override fun passwordEncode(password: String): String =
+        passwordEncoder.encode(password)
+
+    override fun isPasswordMatch(rawPassword: String, encodedPassword: String): Boolean =
+        passwordEncoder.matches(rawPassword, encodedPassword)
+
+}

src/main/kotlin/andreas311/miso/global/security/adapter/UserSecurityAdapter.kt

@@ -0,0 +1,36 @@
+package andreas311.miso.global.security.adapter
+
+import andreas311.miso.domain.auth.application.port.output.UserSecurityPort
+import andreas311.miso.domain.user.application.exception.UserNotFoundException
+import andreas311.miso.domain.user.application.port.output.QueryUserPort
+import andreas311.miso.domain.user.domain.User
+import andreas311.miso.global.security.principal.AdminDetail
+import andreas311.miso.global.security.principal.UserDetail
+import org.springframework.security.core.context.SecurityContextHolder
+import org.springframework.security.core.userdetails.UserDetails
+import org.springframework.stereotype.Component
+
+@Component
+class UserSecurityAdapter(
+    private val queryUserPort: QueryUserPort
+): UserSecurityPort {
+    override fun currentUser(): User {
+        val email = fetchUserEmail()
+        return fetchUserByEmail(email)
+    }
+
+    private fun fetchUserByEmail(email: String): User =
+        queryUserPort.findByEmailOrNull(email) ?: throw UserNotFoundException()
+
+    private fun fetchUserEmail(): String =
+        when(val principal = SecurityContextHolder.getContext().authentication.principal) {
+            is UserDetails -> {
+                when (principal) {
+                    is UserDetail -> principal.username
+                    is AdminDetail -> principal.username
+                    else -> throw IllegalArgumentException()
+                }
+            }
+                else -> principal.toString()
+        }
+}

src/main/kotlin/andreas311/miso/global/security/config/SecurityConfig.kt

@@ -0,0 +1,95 @@
+package andreas311.miso.global.security.config
+
+import andreas311.miso.global.security.filter.JwtExceptionFilter
+import andreas311.miso.global.security.filter.JwtRequestFilter
+import andreas311.miso.global.security.handler.CustomAccessDeniedHandler
+import andreas311.miso.global.security.handler.CustomAuthenticationEntryPointHandler
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.http.HttpMethod
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+import org.springframework.security.web.util.matcher.RequestMatcher
+import org.springframework.web.cors.CorsUtils
+
+@Configuration
+@EnableWebSecurity
+class SecurityConfig(
+    private val jwtRequestFilter: JwtRequestFilter,
+    private val jwtExceptionFilter: JwtExceptionFilter
+) {
+    @Bean
+    fun filterChain(http: HttpSecurity) : SecurityFilterChain {
+        return http
+            .cors().and()
+            .csrf().disable()
+            .formLogin().disable()
+            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+            .and()
+
+            .authorizeRequests()
+            .requestMatchers(RequestMatcher { request ->
+                CorsUtils.isPreFlightRequest(request)
+            }).permitAll()
+
+            .antMatchers(HttpMethod.POST, "/auth").permitAll()
+            .antMatchers(HttpMethod.POST, "/auth/signIn").permitAll()
+            .antMatchers(HttpMethod.DELETE, "/auth").permitAll()
+            .antMatchers(HttpMethod.PATCH, "/auth").permitAll()
+
+            .antMatchers(HttpMethod.POST, "/email").permitAll()
+
+            .antMatchers(HttpMethod.GET, "/item").authenticated()
+            .antMatchers(HttpMethod.GET, "/item/{id}").authenticated()
+
+            .antMatchers(HttpMethod.GET, "/user").authenticated()
+            .antMatchers(HttpMethod.GET, "/user/point").authenticated()
+            .antMatchers(HttpMethod.POST, "/user/give").authenticated()
+
+            .antMatchers(HttpMethod.GET, "/purchase").authenticated()
+            .antMatchers(HttpMethod.POST, "/purchase/{id}").authenticated()
+
+            .antMatchers(HttpMethod.POST, "/inquiry").authenticated()
+            .antMatchers(HttpMethod.GET, "/inquiry").authenticated()
+            .antMatchers(HttpMethod.GET, "/inquiry/list").authenticated()
+            .antMatchers(HttpMethod.GET, "/inquiry/all").hasAuthority("ROLE_ADMIN")
+            .antMatchers(HttpMethod.GET, "/inquiry/filter/{state}").authenticated()
+            .antMatchers(HttpMethod.GET, "/inquiry/{id}").authenticated()
+            .antMatchers(HttpMethod.PATCH, "/inquiry/respond/{id}").hasAuthority("ROLE_ADMIN")
+
+            .antMatchers(HttpMethod.GET, "/recyclables").authenticated()
+            .antMatchers(HttpMethod.GET, "/recyclables/search").authenticated()
+            .antMatchers(HttpMethod.GET, "/recyclables/all").authenticated()
+            .antMatchers(HttpMethod.POST, "/recyclables/process").authenticated()
+
+            .antMatchers(HttpMethod.POST, "/notification/save/{deviceToken}").authenticated()
+            .antMatchers(HttpMethod.GET, "/notification/{id}").authenticated()
+
+            .antMatchers(HttpMethod.GET, "/environment").authenticated()
+
+            .anyRequest().denyAll()
+            .and()
+            .exceptionHandling()
+            .accessDeniedHandler(CustomAccessDeniedHandler())
+            .authenticationEntryPoint(CustomAuthenticationEntryPointHandler())
+
+            .and()
+            .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter::class.java)
+            .addFilterBefore(jwtExceptionFilter, JwtRequestFilter::class.java)
+
+            // 추가 예정
+//            .addFilterBefore(logRequestFilter, JwtExceptionFilter::class.java)
+
+            .build()
+    }
+
+    @Bean
+    fun passwordEncoder(): PasswordEncoder {
+        return BCryptPasswordEncoder(12)
+    }
+}