refactor: @AuthAdmin, @AuthMember 어노테이션 값 설정하는 로직 변경 (#72)

eom-tae-in · Aug 27, 2024 · 47bfd1d · 47bfd1d
1 parent be0f871
commit 47bfd1d
Show file tree

Hide file tree

Showing 12 changed files with 99 additions and 27 deletions.
diff --git a/src/main/java/com/atwoz/admin/config/AdminAuthConfig.java b/src/main/java/com/atwoz/admin/config/AdminAuthConfig.java
@@ -1,6 +1,7 @@
 package com.atwoz.admin.config;
 
 import com.atwoz.admin.ui.auth.interceptor.AdminLoginValidCheckerInterceptor;
+import com.atwoz.admin.ui.auth.interceptor.ParseAdminIdFromTokenInterceptor;
 import com.atwoz.admin.ui.auth.support.resolver.AdminAuthArgumentResolver;
 import com.atwoz.admin.ui.auth.support.resolver.AdminRefreshTokenExtractionArgumentResolver;
 import com.atwoz.global.config.interceptor.PathMatcherInterceptor;
@@ -24,18 +25,25 @@ public class AdminAuthConfig implements WebMvcConfigurer {
 
     private final AdminAuthArgumentResolver adminAuthArgumentResolver;
     private final AdminRefreshTokenExtractionArgumentResolver adminRefreshTokenExtractionArgumentResolver;
+    private final ParseAdminIdFromTokenInterceptor parseAdminIdFromTokenInterceptor;
     private final AdminLoginValidCheckerInterceptor adminLoginValidCheckerInterceptor;
 
     @Override
     public void addInterceptors(final InterceptorRegistry registry) {
+        registry.addInterceptor(parseAdminIdFromTokenInterceptor());
         registry.addInterceptor(adminLoginValidCheckerInterceptor());
     }
 
+    private HandlerInterceptor parseAdminIdFromTokenInterceptor() {
+        return new PathMatcherInterceptor(parseAdminIdFromTokenInterceptor)
+                .excludePathPattern("/**", OPTIONS);
+    }
+
     private HandlerInterceptor adminLoginValidCheckerInterceptor() {
         return new PathMatcherInterceptor(adminLoginValidCheckerInterceptor)
                 .excludePathPattern("/**", OPTIONS)
-                .addPathPatterns("/api/members/hobbies", GET, POST, PATCH, DELETE)
-                .addPathPatterns("/api/members/styles", GET, POST, PATCH, DELETE);
+                .addPathPatterns("/api/members/hobbies/**", GET, POST, PATCH, DELETE)
+                .addPathPatterns("/api/members/styles/**", GET, POST, PATCH, DELETE);
     }
 
     @Override

diff --git a/src/main/java/com/atwoz/admin/ui/auth/interceptor/AdminLoginValidCheckerInterceptor.java b/src/main/java/com/atwoz/admin/ui/auth/interceptor/AdminLoginValidCheckerInterceptor.java
@@ -20,14 +20,13 @@ public class AdminLoginValidCheckerInterceptor implements HandlerInterceptor {
     private static final String ADMIN = "admin";
 
     private final AdminAuthenticationContext adminAuthenticationContext;
-    private final AdminAuthenticationExtractor adminAuthenticationExtractor;
     private final AdminTokenExtractor adminTokenExtractor;
 
     @Override
     public boolean preHandle(final HttpServletRequest request,
                              final HttpServletResponse response,
                              final Object handler) throws Exception {
-        String token = adminAuthenticationExtractor.extractFromRequest(request)
+        String token = AdminAuthenticationExtractor.extractFromRequest(request)
                 .orElseThrow(AdminLoginInvalidException::new);
         String extractedRole = adminTokenExtractor.extract(token, ROLE, String.class);
         if (!extractedRole.equals(ADMIN)) {

diff --git a/src/main/java/com/atwoz/admin/ui/auth/interceptor/ParseAdminIdFromTokenInterceptor.java b/src/main/java/com/atwoz/admin/ui/auth/interceptor/ParseAdminIdFromTokenInterceptor.java
@@ -0,0 +1,29 @@
+package com.atwoz.admin.ui.auth.interceptor;
+
+import com.atwoz.admin.ui.auth.support.AdminAuthenticationContext;
+import com.atwoz.admin.ui.auth.support.AdminAuthenticationExtractor;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+@RequiredArgsConstructor
+@Component
+public class ParseAdminIdFromTokenInterceptor implements HandlerInterceptor {
+
+    private final AdminLoginValidCheckerInterceptor loginValidCheckerInterceptor;
+    private final AdminAuthenticationContext adminAuthenticationContext;
+
+    @Override
+    public boolean preHandle(final HttpServletRequest request,
+                             final HttpServletResponse response,
+                             final Object handler) throws Exception {
+        if (AdminAuthenticationExtractor.extractFromRequest(request).isEmpty()) {
+            adminAuthenticationContext.setAnonymous();
+            return true;
+        }
+
+        return loginValidCheckerInterceptor.preHandle(request, response, handler);
+    }
+}
diff --git a/src/main/java/com/atwoz/admin/ui/auth/support/AdminAuthenticationContext.java b/src/main/java/com/atwoz/admin/ui/auth/support/AdminAuthenticationContext.java
@@ -9,17 +9,23 @@
 @Component
 public class AdminAuthenticationContext {
 
-    private Long memberId;
+    private static final Long ANONYMOUS_ADMIN = -1L;
 
-    public void setAuthentication(final Long memberId) {
-        this.memberId = memberId;
+    private Long adminId;
+
+    public void setAuthentication(final Long adminId) {
+        this.adminId = adminId;
     }
 
     public Long getPrincipal() {
-        if (Objects.isNull(this.memberId)) {
+        if (Objects.isNull(this.adminId)) {
             throw new AdminLoginInvalidException();
         }
 
-        return memberId;
+        return adminId;
+    }
+
+    public void setAnonymous() {
+        this.adminId = ANONYMOUS_ADMIN;
     }
 }
diff --git a/src/main/java/com/atwoz/admin/ui/auth/support/AdminAuthenticationExtractor.java b/src/main/java/com/atwoz/admin/ui/auth/support/AdminAuthenticationExtractor.java
@@ -2,10 +2,8 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.Optional;
-import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 
-@Component
 public class AdminAuthenticationExtractor {
 
     private static final String AUTHORIZATION_HEADER = "Authorization";
@@ -15,7 +13,7 @@ public class AdminAuthenticationExtractor {
     private static final int TOKEN_VALUE_INDEX = 1;
     private static final int VALID_HEADER_SPLIT_LENGTH = 2;
 
-    public Optional<String> extractFromRequest(final HttpServletRequest request) {
+    public static Optional<String> extractFromRequest(final HttpServletRequest request) {
         String header = request.getHeader(AUTHORIZATION_HEADER);
 
         if (!StringUtils.hasText(header)) {
@@ -25,7 +23,7 @@ public Optional<String> extractFromRequest(final HttpServletRequest request) {
         return extractFromHeader(header.split(HEADER_SPLIT_DELIMITER));
     }
 
-    private Optional<String> extractFromHeader(final String[] headerParts) {
+    private static Optional<String> extractFromHeader(final String[] headerParts) {
         if (headerParts.length == VALID_HEADER_SPLIT_LENGTH &&
                 headerParts[TOKEN_TYPE_INDEX].equals(BEARER)) {
             return Optional.ofNullable(headerParts[TOKEN_VALUE_INDEX]);

diff --git a/src/main/java/com/atwoz/member/config/MemberAuthConfig.java b/src/main/java/com/atwoz/member/config/MemberAuthConfig.java
@@ -2,6 +2,7 @@
 
 import com.atwoz.global.config.interceptor.PathMatcherInterceptor;
 import com.atwoz.member.ui.auth.interceptor.MemberLoginValidCheckerInterceptor;
+import com.atwoz.member.ui.auth.interceptor.ParseMemberIdFromTokenInterceptor;
 import com.atwoz.member.ui.auth.support.resolver.MemberAuthArgumentResolver;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
@@ -22,13 +23,20 @@
 public class MemberAuthConfig implements WebMvcConfigurer {
 
     private final MemberAuthArgumentResolver memberAuthArgumentResolver;
+    private final ParseMemberIdFromTokenInterceptor parseMemberIdFromTokenInterceptor;
     private final MemberLoginValidCheckerInterceptor memberLoginValidCheckerInterceptor;
 
     @Override
     public void addInterceptors(final InterceptorRegistry registry) {
+        registry.addInterceptor(parseMemberIdFromTokenInterceptor());
         registry.addInterceptor(loginValidCheckerInterceptor());
     }
 
+    private HandlerInterceptor parseMemberIdFromTokenInterceptor() {
+        return new PathMatcherInterceptor(parseMemberIdFromTokenInterceptor)
+                .excludePathPattern("/**", OPTIONS);
+    }
+
     /**
      * @AuthMember를 통해서 인증이 필요한 경우에 해당 메서드에 URI를 추가해주면 된다. 추가를 해야지 인증,인가 가능
      */

diff --git a/src/main/java/com/atwoz/member/ui/auth/interceptor/MemberLoginValidCheckerInterceptor.java b/src/main/java/com/atwoz/member/ui/auth/interceptor/MemberLoginValidCheckerInterceptor.java
@@ -17,14 +17,13 @@ public class MemberLoginValidCheckerInterceptor implements HandlerInterceptor {
     private static final String MEMBER_ID = "id";
 
     private final MemberAuthenticationContext memberAuthenticationContext;
-    private final MemberAuthenticationExtractor memberAuthenticationExtractor;
     private final MemberTokenProvider memberTokenProvider;
 
     @Override
     public boolean preHandle(final HttpServletRequest request,
                              final HttpServletResponse response,
                              final Object handler) throws Exception {
-        String token = memberAuthenticationExtractor.extractFromRequest(request)
+        String token = MemberAuthenticationExtractor.extractFromRequest(request)
                 .orElseThrow(MemberLoginInvalidException::new);
         Long extractedId = memberTokenProvider.extract(token, MEMBER_ID, Long.class);
         memberAuthenticationContext.setAuthentication(extractedId);

diff --git a/src/main/java/com/atwoz/member/ui/auth/interceptor/ParseMemberIdFromTokenInterceptor.java b/src/main/java/com/atwoz/member/ui/auth/interceptor/ParseMemberIdFromTokenInterceptor.java
@@ -0,0 +1,29 @@
+package com.atwoz.member.ui.auth.interceptor;
+
+import com.atwoz.member.ui.auth.support.MemberAuthenticationContext;
+import com.atwoz.member.ui.auth.support.MemberAuthenticationExtractor;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+@RequiredArgsConstructor
+@Component
+public class ParseMemberIdFromTokenInterceptor implements HandlerInterceptor {
+
+    private final MemberLoginValidCheckerInterceptor memberLoginValidCheckerInterceptor;
+    private final MemberAuthenticationContext memberAuthenticationContext;
+
+    @Override
+    public boolean preHandle(final HttpServletRequest request,
+                             final HttpServletResponse response,
+                             final Object handler) throws Exception {
+        if (MemberAuthenticationExtractor.extractFromRequest(request).isEmpty()) {
+            memberAuthenticationContext.setAnonymous();
+            return true;
+        }
+
+        return memberLoginValidCheckerInterceptor.preHandle(request, response, handler);
+    }
+}
diff --git a/src/main/java/com/atwoz/member/ui/auth/support/MemberAuthenticationContext.java b/src/main/java/com/atwoz/member/ui/auth/support/MemberAuthenticationContext.java
@@ -9,6 +9,8 @@
 @Component
 public class MemberAuthenticationContext {
 
+    private static final Long ANONYMOUS_MEMBER = -1L;
+
     private Long memberId;
 
     public void setAuthentication(final Long memberId) {
@@ -22,4 +24,8 @@ public Long getPrincipal() {
 
         return memberId;
     }
+
+    public void setAnonymous() {
+        this.memberId = ANONYMOUS_MEMBER;
+    }
 }
diff --git a/src/main/java/com/atwoz/member/ui/auth/support/MemberAuthenticationExtractor.java b/src/main/java/com/atwoz/member/ui/auth/support/MemberAuthenticationExtractor.java
@@ -2,12 +2,8 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.Optional;
-import lombok.RequiredArgsConstructor;
-import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 
-@RequiredArgsConstructor
-@Component
 public class MemberAuthenticationExtractor {
 
     private static final String AUTHORIZATION_HEADER = "Authorization";
@@ -17,7 +13,7 @@ public class MemberAuthenticationExtractor {
     private static final int TOKEN_VALUE_INDEX = 1;
     private static final int VALID_HEADER_SPLIT_LENGTH = 2;
 
-    public Optional<String> extractFromRequest(final HttpServletRequest request) {
+    public static Optional<String> extractFromRequest(final HttpServletRequest request) {
         String header = request.getHeader(AUTHORIZATION_HEADER);
 
         if (!StringUtils.hasText(header)) {
@@ -27,7 +23,7 @@ public Optional<String> extractFromRequest(final HttpServletRequest request) {
         return extractFromHeader(header.split(HEADER_SPLIT_DELIMITER));
     }
 
-    private Optional<String> extractFromHeader(final String[] headerParts) {
+    private static Optional<String> extractFromHeader(final String[] headerParts) {
         if (headerParts.length == VALID_HEADER_SPLIT_LENGTH &&
                 headerParts[TOKEN_TYPE_INDEX].equals(BEARER)) {
             return Optional.ofNullable(headerParts[TOKEN_VALUE_INDEX]);

diff --git a/src/test/java/com/atwoz/admin/ui/auth/interceptor/AdminLoginValidCheckerInterceptorTest.java b/src/test/java/com/atwoz/admin/ui/auth/interceptor/AdminLoginValidCheckerInterceptorTest.java
@@ -2,7 +2,6 @@
 
 import com.atwoz.admin.exception.exceptions.AdminLoginInvalidException;
 import com.atwoz.admin.ui.auth.support.AdminAuthenticationContext;
-import com.atwoz.admin.ui.auth.support.AdminAuthenticationExtractor;
 import com.atwoz.admin.ui.auth.support.AdminTokenExtractor;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -21,15 +20,13 @@ class AdminLoginValidCheckerInterceptorTest {
     private final HttpServletRequest req = mock(HttpServletRequest.class);
     private final HttpServletResponse res = mock(HttpServletResponse.class);
     private final AdminAuthenticationContext adminAuthenticationContext = mock(AdminAuthenticationContext.class);
-    private final AdminAuthenticationExtractor adminAuthenticationExtractor = mock(AdminAuthenticationExtractor.class);
     private final AdminTokenExtractor adminTokenExtractor = mock(AdminTokenExtractor.class);
 
     @Test
     void token이_없다면_예외를_발생한다() {
         // given
         AdminLoginValidCheckerInterceptor adminLoginValidCheckerInterceptor = new AdminLoginValidCheckerInterceptor(
                 adminAuthenticationContext,
-                adminAuthenticationExtractor,
                 adminTokenExtractor
         );
         when(req.getHeader("any")).thenReturn(null);

diff --git a/...est/java/com/atwoz/member/ui/auth/interceptor/MemberLoginValidCheckerInterceptorTest.java b/...est/java/com/atwoz/member/ui/auth/interceptor/MemberLoginValidCheckerInterceptorTest.java
@@ -3,7 +3,6 @@
 import com.atwoz.member.domain.auth.MemberTokenProvider;
 import com.atwoz.member.exception.exceptions.auth.MemberLoginInvalidException;
 import com.atwoz.member.ui.auth.support.MemberAuthenticationContext;
-import com.atwoz.member.ui.auth.support.MemberAuthenticationExtractor;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.junit.jupiter.api.DisplayNameGeneration;
@@ -21,15 +20,13 @@ class MemberLoginValidCheckerInterceptorTest {
     private final HttpServletRequest req = mock(HttpServletRequest.class);
     private final HttpServletResponse res = mock(HttpServletResponse.class);
     private final MemberAuthenticationContext memberAuthenticationContext = mock(MemberAuthenticationContext.class);
-    private final MemberAuthenticationExtractor memberAuthenticationExtractor = mock(MemberAuthenticationExtractor.class);
     private final MemberTokenProvider memberTokenProvider = mock(MemberTokenProvider.class);
 
     @Test
     void token이_없다면_예외를_발생한다() {
         // given
         MemberLoginValidCheckerInterceptor memberLoginValidCheckerInterceptor = new MemberLoginValidCheckerInterceptor(
                 memberAuthenticationContext,
-                memberAuthenticationExtractor,
                 memberTokenProvider
         );
         when(req.getHeader("any")).thenReturn(null);