feat(#42): review Entity 추가

build.gradle

@@ -1,8 +1,17 @@
+//querydsl 추가
+buildscript {
+	ext {
+		queryDslVersion = "5.0.0"
+	}
+}
 
 plugins {
 	id 'org.springframework.boot' version '2.7.1'
 	id 'io.spring.dependency-management' version '1.0.11.RELEASE'
 	id 'java'
+
+	//querydsl 추가
+	id 'com.ewerk.gradle.plugins.querydsl' version '1.0.10'
 }
 
 group = 'proceed'
@@ -46,6 +55,9 @@ dependencies {
 
 	implementation group: 'org.apache.poi', name: 'poi', version: '4.1.2' // 엑셀시트 만들기
 
+	//querydsl 추가
+	implementation "com.querydsl:querydsl-jpa:${queryDslVersion}"
+	implementation "com.querydsl:querydsl-apt:${queryDslVersion}"
 }
 
 tasks.named('test') {
@@ -54,4 +66,24 @@ tasks.named('test') {
 
 bootJar {
 	mainClass = 'com.proceed.swhackathon.SwhackathonApplication'
+}
+
+//querydsl 추가
+def querydslDir = "$buildDir/generated/querydsl"
+
+querydsl {
+	jpa = true
+	querydslSourcesDir = querydslDir
+}
+sourceSets {
+	main.java.srcDir querydslDir
+}
+compileQuerydsl {
+	options.annotationProcessorPath = configurations.querydsl
+}
+configurations {
+	compileOnly {
+		extendsFrom annotationProcessor
+	}
+	querydsl.extendsFrom compileClasspath
 }

src/main/java/com/proceed/swhackathon/SwhackathonApplication.java

@@ -2,6 +2,7 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
 import org.springframework.scheduling.annotation.EnableScheduling;
 
 import javax.annotation.PostConstruct;

src/main/java/com/proceed/swhackathon/config/security/WebSecurityConfigure.java

@@ -40,11 +40,7 @@ protected void configure(HttpSecurity http) throws Exception {
                     .antMatchers("/**").permitAll()
                     .anyRequest() // "/" , "/auth/**" 이외의 모든 경로는 인증 해야함
                     .authenticated();
-//                .and()
-//                    .oauth2Login()
-//                    .loginPage("/naver") //구글로그인 완료후 후처리가 필요함 엑세스토큰 + 사용자프로필정보
-//                    .userInfoEndpoint()
-//                    .userService(principalOauth2UserService);
+
         // filter 등록
         // 매 요청마다
         // CorsFilter 실행한 후에

src/main/java/com/proceed/swhackathon/config/security/auditing/SpringSecurityAuditorAware.java

@@ -0,0 +1,29 @@
+package com.proceed.swhackathon.config.security.auditing;
+
+import com.proceed.swhackathon.model.User;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.domain.AuditorAware;
+import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import java.util.Collection;
+import java.util.Optional;
+
+@Configuration
+@EnableJpaAuditing
+public class SpringSecurityAuditorAware implements AuditorAware<String> {
+    @Override
+    public Optional<String> getCurrentAuditor() {
+        return Optional.ofNullable(SecurityContextHolder.getContext())
+                .map(SecurityContext::getAuthentication)
+                .map(authentication -> {
+                    Collection<? extends GrantedAuthority> auth = authentication.getAuthorities();
+                    boolean isUser = auth.contains(new SimpleGrantedAuthority("USER"));
+                    if (isUser) return (String) authentication.getPrincipal();
+                    return null;
+                });
+    }
+}

src/main/java/com/proceed/swhackathon/config/security/jwt/JwtAuthenticationFilter.java

@@ -1,13 +1,9 @@
 package com.proceed.swhackathon.config.security.jwt;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.nimbusds.oauth2.sdk.ErrorObject;
-import com.proceed.swhackathon.dto.ExceptionDTO;
 import com.proceed.swhackathon.dto.ResponseDTO;
 import com.proceed.swhackathon.exception.Message;
-import com.proceed.swhackathon.exception.SwhackathonException;
-import com.proceed.swhackathon.exception.user.UserNotFoundException;
-import com.proceed.swhackathon.exception.user.UserTokenExpiredException;
+import com.proceed.swhackathon.model.Role;
 import io.jsonwebtoken.*;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -18,6 +14,7 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
@@ -27,10 +24,7 @@
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
 import java.io.IOException;
-import java.time.Instant;
-import java.time.LocalDateTime;
 import java.util.Date;
 
 @Slf4j
@@ -52,6 +46,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                 // userId 가져오기. 위조된 경우 예외 처리된다.
                 Claims claims = tokenProvider.validateAndGetUserId(token);
                 String userId = claims.getSubject();
+                String userRole = (String)claims.get("ROLE");
                 Date expiration = claims.getExpiration();
                 log.info("Authenticated user ID : "+userId);
                 log.info("Authenticated expiration : "+expiration);
@@ -60,7 +55,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                 AbstractAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
                         userId, // 인증된 사용자의 정보. 문자열이 아니어도 아무것이나 넣을 수 있다. 보통 UserDetails 오브젝트를 넣음
                         null,
-                        AuthorityUtils.NO_AUTHORITIES);
+                        AuthorityUtils.createAuthorityList(userRole));
                 authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                 // 비어있는 SecurityContext 생성
                 SecurityContext securityContext = SecurityContextHolder.createEmptyContext();

src/main/java/com/proceed/swhackathon/config/security/jwt/TokenProvider.java

@@ -3,6 +3,7 @@
 import com.proceed.swhackathon.exception.SwhackathonException;
 import com.proceed.swhackathon.exception.user.UserNotFoundException;
 import com.proceed.swhackathon.exception.user.UserTokenExpiredException;
+import com.proceed.swhackathon.model.Role;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
@@ -47,7 +48,8 @@ public String create(User user){
                 .signWith(SignatureAlgorithm.HS256,SECRET_KEY)
                 // payload에 들어갈 내용
                 .setSubject(user.getId()) // sub
-                .setIssuer("demo app") // iss
+                .claim("ROLE", user.getRole().name())
+                .setIssuer("eat-da") // iss
                 .setIssuedAt(new Date()) // iat
                 .setExpiration(expiryDate) // exp
                 .compact();

src/main/java/com/proceed/swhackathon/controller/ExcelDownloadController.java

@@ -1,2 +1,20 @@
-package com.proceed.swhackathon.controller;public class ExcelDownloadController {
-}
+//package com.proceed.swhackathon.controller;
+//
+//import org.springframework.security.core.annotation.AuthenticationPrincipal;
+//import org.springframework.web.bind.annotation.GetMapping;
+//import org.springframework.web.bind.annotation.RequestMapping;
+//import org.springframework.web.bind.annotation.RestController;
+//
+//import javax.servlet.http.HttpServletResponse;
+//import java.io.IOException;
+//
+//@RestController
+//@RequestMapping("/exceldownload")
+//public class ExcelDownloadController {
+//
+//    @GetMapping("/")
+//    public void excelDownload(@AuthenticationPrincipal String userId, HttpServletResponse response) throws IOException {
+//
+//
+//    }
+//}

src/main/java/com/proceed/swhackathon/controller/OrderController.java

@@ -87,4 +87,6 @@ public ResponseDTO<?> selectAll(@PageableDefault(sort = "currentAmount",directio
         return new ResponseDTO<>(HttpStatus.OK.value(),
                 orderService.selectAllOrderByOrderStatus(pageable, orderStatus.getOrderStatus()));
     }
+
+//    @GetMapping("/admin/")
 }