refactor: 인증 코드 적용

pickax-developer · Feb 6, 2024 · 6e9afc6 · 6e9afc6
1 parent 46afb8e
commit 6e9afc6
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 6 deletions.
diff --git a/src/main/java/com/pickax/status/page/server/repository/SiteRepositoryCustom.java b/src/main/java/com/pickax/status/page/server/repository/SiteRepositoryCustom.java
@@ -7,7 +7,7 @@
 import java.util.Optional;
 
 public interface SiteRepositoryCustom {
-	Optional<SiteResponseDto> getSiteResponse(long siteId);
+	Optional<SiteResponseDto> getSiteResponse(long siteId, Long userId);
 
 	List<Site> findByUserId(Long userId);
 

diff --git a/src/main/java/com/pickax/status/page/server/repository/SiteRepositoryImpl.java b/src/main/java/com/pickax/status/page/server/repository/SiteRepositoryImpl.java
@@ -19,7 +19,7 @@ public class SiteRepositoryImpl implements SiteRepositoryCustom {
     private final JPAQueryFactory queryFactory;
 
     @Override
-    public Optional<SiteResponseDto> getSiteResponse(long siteId) {
+    public Optional<SiteResponseDto> getSiteResponse(long siteId, Long userId) {
         return Optional.ofNullable(queryFactory
                 .select(new QSiteResponseDto(
                         site.id,
@@ -29,7 +29,9 @@ public Optional<SiteResponseDto> getSiteResponse(long siteId) {
                         site.siteRegistrationStatus
                 ))
                 .from(site)
-                .where(site.id.eq(siteId))
+                .where(
+                        site.id.eq(siteId),
+                        site.user.id.eq(userId))
                 .fetchOne()
         );
     }

diff --git a/src/main/java/com/pickax/status/page/server/security/config/SecurityConfig.java b/src/main/java/com/pickax/status/page/server/security/config/SecurityConfig.java
@@ -77,7 +77,13 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
 			// 허용 설정
 			.authorizeHttpRequests(auth -> auth
-				.requestMatchers("/sites/**", "/components/**", "/health-check/**", "/auth/**").permitAll()
+				.requestMatchers(
+						"/health-check/**",
+						"/auth/email-auth",
+						"/auth/email-auth/verify",
+						"/auth/signup",
+						"/auth/login")
+					.permitAll()
 				.anyRequest().authenticated()
 			)
 

diff --git a/src/main/java/com/pickax/status/page/server/service/SiteService.java b/src/main/java/com/pickax/status/page/server/service/SiteService.java
@@ -80,7 +80,7 @@ private String createSecretKey() {
 
 	@Transactional
 	public void verifySite(long siteId) {
-		Site site = siteRepository.findById(siteId)
+		Site site = siteRepository.findBySiteIdAndUserId(siteId, SecurityUtil.getCurrentUserId())
 			.orElseThrow(() -> new CustomException(NOT_FOUND_SITE));
 
 		if (!site.isUnverified()) {
@@ -173,7 +173,7 @@ public SiteSecretKeyResponseDto getSecretKey(Long siteId) {
 
 	@Transactional(readOnly = true)
 	public SiteResponseDto getSite(long siteId) {
-		return siteRepository.getSiteResponse(siteId)
+		return siteRepository.getSiteResponse(siteId, SecurityUtil.getCurrentUserId())
 			.orElseThrow(() -> new CustomException(NOT_FOUND_SITE));
 	}
 }
diff --git a/src/test/java/com/pickax/status/page/server/controller/ComponentControllerTest.java b/src/test/java/com/pickax/status/page/server/controller/ComponentControllerTest.java
@@ -4,13 +4,17 @@
 import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.*;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 
+import com.pickax.status.page.server.security.dto.AccessTokenResponseDto;
+import com.pickax.status.page.server.security.jwt.TokenProvider;
+import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.jdbc.Sql;
@@ -31,6 +35,26 @@ class ComponentControllerTest {
 	@Autowired
 	public MockMvc mockMvc;
 
+	@Autowired
+	private TokenProvider tokenProvider;
+
+	private AccessTokenResponseDto accessTokenResponseDto;
+
+	private String getAuthorizationBearerToken(AccessTokenResponseDto accessTokenResponseDto) {
+		return "Bearer " + accessTokenResponseDto.getAccessToken();
+	}
+
+	@BeforeAll
+	void setUp() {
+		userSetup();
+	}
+
+	void userSetup() {
+		Long userId = 1L;
+		String email = "[email protected]";
+		accessTokenResponseDto = tokenProvider.createAccessToken(userId);
+	}
+
 	@Test
 	@DisplayName("GET active component 리스트 조회 api - 200 OK")
 	void getActiveComponents() throws Exception {
@@ -42,6 +66,7 @@ void getActiveComponents() throws Exception {
 				MockMvcRequestBuilders
 					.get(url)
 					.contentType(MediaType.APPLICATION_JSON)
+					.header(HttpHeaders.AUTHORIZATION, getAuthorizationBearerToken(accessTokenResponseDto))
 			)
 			.andDo(print())
 
@@ -62,6 +87,7 @@ void getActiveComponentsByNonExistentSiteId() throws Exception {
 				MockMvcRequestBuilders
 					.get(url)
 					.contentType(MediaType.APPLICATION_JSON)
+					.header(HttpHeaders.AUTHORIZATION, getAuthorizationBearerToken(accessTokenResponseDto))
 			)
 			.andDo(print())
 
@@ -81,6 +107,7 @@ void getComponents() throws Exception {
 				MockMvcRequestBuilders
 					.get(url)
 					.contentType(MediaType.APPLICATION_JSON)
+					.header(HttpHeaders.AUTHORIZATION, getAuthorizationBearerToken(accessTokenResponseDto))
 			)
 			.andDo(print())
 
@@ -100,6 +127,7 @@ void getComponentsByNonExistentSiteId() throws Exception {
 				MockMvcRequestBuilders
 					.get(url)
 					.contentType(MediaType.APPLICATION_JSON)
+					.header(HttpHeaders.AUTHORIZATION, getAuthorizationBearerToken(accessTokenResponseDto))
 			)
 			.andDo(print())