refactor: PathMatcherInterceptor 생성 및 로그인 인터셉터 개선 (#307)

backend/src/main/java/com/woowacourse/moamoa/auth/config/AuthConfig.java

@@ -3,15 +3,20 @@
 import com.woowacourse.moamoa.auth.controller.AuthenticatedMemberResolver;
 import com.woowacourse.moamoa.auth.controller.AuthenticatedRefreshArgumentResolver;
 import com.woowacourse.moamoa.auth.controller.AuthenticationArgumentResolver;
-import com.woowacourse.moamoa.auth.controller.AuthenticationInterceptor;
+import com.woowacourse.moamoa.auth.controller.interceptor.AuthenticationInterceptor;
 
+import com.woowacourse.moamoa.auth.controller.interceptor.PathMatcherContainer;
+import com.woowacourse.moamoa.auth.controller.interceptor.PathMatcherInterceptor;
+import com.woowacourse.moamoa.auth.infrastructure.TokenProvider;
 import java.util.List;
 
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
@@ -20,10 +25,12 @@
 public class AuthConfig implements WebMvcConfigurer {
 
     private final AuthenticatedRefreshArgumentResolver authenticatedRefreshArgumentResolver;
-    private final AuthenticationInterceptor authenticationInterceptor;
     private final AuthenticationArgumentResolver authenticationArgumentResolver;
     private final AuthenticatedMemberResolver authenticatedMemberResolver;
 
+    private final PathMatcherContainer pathMatcherContainer;
+    private final TokenProvider jwtTokenProvider;
+
     @Override
     public void addArgumentResolvers(final List<HandlerMethodArgumentResolver> resolvers) {
         resolvers.add(authenticationArgumentResolver);
@@ -33,10 +40,24 @@ public void addArgumentResolvers(final List<HandlerMethodArgumentResolver> resol
 
     @Override
     public void addInterceptors(final InterceptorRegistry registry) {
-        registry.addInterceptor(authenticationInterceptor)
+        registry.addInterceptor(loginInterceptor())
                 .addPathPatterns("/**");
     }
 
+    private HandlerInterceptor loginInterceptor() {
+        return new PathMatcherInterceptor(new AuthenticationInterceptor(jwtTokenProvider), pathMatcherContainer)
+                .excludePathPattern("/**", HttpMethod.OPTIONS)
+                .includePathPattern("/api/studies/**", HttpMethod.POST)
+                .includePathPattern("/api/studies/**", HttpMethod.PUT)
+                .includePathPattern("/api/study/\\d+", HttpMethod.PUT)
+                .includePathPattern("/api/studies/**", HttpMethod.DELETE)
+                .includePathPattern("/api/members/me/**", HttpMethod.GET)
+                .includePathPattern("/api/auth/refresh", HttpMethod.GET)
+                .includePathPattern("/api/my/studies", HttpMethod.GET)
+                .includePathPattern("/api/studies/\\w+/community/articles/**", HttpMethod.GET)
+                .includePathPattern("/api/studies/\\d+/reference-room/links", HttpMethod.GET);
+    }
+
     @Bean
     public RestTemplate restTemplate() {
         return new RestTemplate();

backend/src/main/java/com/woowacourse/moamoa/auth/controller/AuthenticationInterceptor.java → backend/src/main/java/com/woowacourse/moamoa/auth/controller/interceptor/AuthenticationInterceptor.java

@@ -1,15 +1,13 @@
-package com.woowacourse.moamoa.auth.controller;
+package com.woowacourse.moamoa.auth.controller.interceptor;
 
 import com.woowacourse.moamoa.auth.config.AuthenticationExtractor;
-import com.woowacourse.moamoa.auth.controller.matcher.AuthenticationRequestMatcher;
 import com.woowacourse.moamoa.auth.infrastructure.TokenProvider;
 import com.woowacourse.moamoa.common.exception.UnauthorizedException;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import lombok.AllArgsConstructor;
-import org.springframework.http.HttpMethod;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;
 
@@ -18,30 +16,17 @@
 public class AuthenticationInterceptor implements HandlerInterceptor {
 
     private final TokenProvider tokenProvider;
-    private final AuthenticationRequestMatcher authenticationRequestMatcher;
 
     @Override
     public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler) {
-
-        if (isPreflight(request)) {
-            return true;
-        }
-
-        if (authenticationRequestMatcher.isRequiredAuth(request)) {
-            final String token = AuthenticationExtractor.extract(request);
-            validateToken(token, request.getRequestURI());
-
-            request.setAttribute("payload", token);
-        }
+        final String token = AuthenticationExtractor.extract(request);
+        validateToken(token, request.getRequestURI());
 
+        request.setAttribute("payload", token);
         return true;
     }
 
-    private boolean isPreflight(HttpServletRequest request) {
-        return HttpMethod.OPTIONS.matches(request.getMethod());
-    }
-
-    private void validateToken(String token, String requestURI) {
+    private void validateToken(final String token, final String requestURI) {
         if (requestURI.equals("/api/auth/refresh") && token != null) {
             return;
         }

backend/src/main/java/com/woowacourse/moamoa/auth/controller/interceptor/PathMatcherContainer.java

@@ -0,0 +1,40 @@
+package com.woowacourse.moamoa.auth.controller.interceptor;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.springframework.http.HttpMethod;
+import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.PathMatcher;
+
+@Component
+public class PathMatcherContainer {
+
+    private final PathMatcher pathMatcher;
+    private final List<PathRequestMatcher> includePathPatterns;
+    private final List<PathRequestMatcher> excludePathPatterns;
+
+    public PathMatcherContainer() {
+        this.pathMatcher = new AntPathMatcher();
+        this.includePathPatterns = new ArrayList<>();
+        this.excludePathPatterns = new ArrayList<>();
+    }
+
+    public boolean isNotIncludePath(final String targetPath, final String pathMethod) {
+        final boolean excludePattern = excludePathPatterns.stream()
+                .anyMatch(requestPath -> requestPath.match(pathMatcher, targetPath, pathMethod));
+
+        final boolean isNotIncludePattern = includePathPatterns.stream()
+                .noneMatch(requestPath -> requestPath.match(pathMatcher, targetPath, pathMethod));
+
+        return excludePattern || isNotIncludePattern;
+    }
+
+    public void includePathPattern(final String path, final HttpMethod method) {
+        this.includePathPatterns.add(new PathRequestMatcher(path, method));
+    }
+
+    public void excludePathPattern(final String path, final HttpMethod method) {
+        this.excludePathPatterns.add(new PathRequestMatcher(path, method));
+    }
+}

backend/src/main/java/com/woowacourse/moamoa/auth/controller/interceptor/PathMatcherInterceptor.java

@@ -0,0 +1,38 @@
+package com.woowacourse.moamoa.auth.controller.interceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import lombok.AllArgsConstructor;
+import org.springframework.http.HttpMethod;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+@Component
+@AllArgsConstructor
+public class PathMatcherInterceptor implements HandlerInterceptor {
+
+    private final HandlerInterceptor handlerInterceptor;
+    private final PathMatcherContainer pathMatcherContainer;
+
+    @Override
+    public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler)
+            throws Exception {
+
+        if (pathMatcherContainer.isNotIncludePath(request.getRequestURI(), request.getMethod())) {
+            return true;
+        }
+
+        return this.handlerInterceptor.preHandle(request, response, handler);
+    }
+
+    public PathMatcherInterceptor includePathPattern(final String pathPattern, final HttpMethod method) {
+        this.pathMatcherContainer.includePathPattern(pathPattern, method);
+        return this;
+    }
+
+    public PathMatcherInterceptor excludePathPattern(final String pathPattern, final HttpMethod method) {
+        this.pathMatcherContainer.excludePathPattern(pathPattern, method);
+        return this;
+    }
+}

backend/src/main/java/com/woowacourse/moamoa/auth/controller/interceptor/PathRequestMatcher.java

@@ -0,0 +1,18 @@
+package com.woowacourse.moamoa.auth.controller.interceptor;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import org.springframework.http.HttpMethod;
+import org.springframework.util.PathMatcher;
+
+@AllArgsConstructor
+@Getter
+public class PathRequestMatcher {
+
+    private final String path;
+    private final HttpMethod method;
+
+    public boolean match(final PathMatcher pathMatcher, final String targetPath, final String pathMethod) {
+        return pathMatcher.match(path, targetPath) && this.method.matches(pathMethod);
+    }
+}

backend/src/test/java/com/woowacourse/moamoa/WebMVCTest.java

@@ -4,8 +4,8 @@
 import static org.mockito.Mockito.when;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.woowacourse.moamoa.auth.config.AuthRequestMatchConfig;
-import com.woowacourse.moamoa.auth.controller.AuthenticationInterceptor;
+import com.woowacourse.moamoa.auth.controller.interceptor.PathMatcherContainer;
+import com.woowacourse.moamoa.auth.controller.interceptor.PathMatcherInterceptor;
 import com.woowacourse.moamoa.auth.infrastructure.JwtTokenProvider;
 import com.woowacourse.moamoa.auth.infrastructure.TokenProvider;
 import com.woowacourse.moamoa.common.MockedServiceObjectsBeanRegister;
@@ -28,7 +28,7 @@
 import org.springframework.web.context.request.NativeWebRequest;
 
 @WebMvcTest(includeFilters = @Filter(type = FilterType.ANNOTATION, classes = RestController.class))
-@Import({JwtTokenProvider.class, AuthRequestMatchConfig.class, MockedServiceObjectsBeanRegister.class})
+@Import({JwtTokenProvider.class, PathMatcherContainer.class, MockedServiceObjectsBeanRegister.class})
 public abstract class WebMVCTest {
 
     @Autowired
@@ -38,10 +38,7 @@ public abstract class WebMVCTest {
     protected TokenProvider tokenProvider;
 
     @Autowired
-    protected AuthRequestMatchConfig authRequestMatchConfig;
-
-    @Autowired
-    protected AuthenticationInterceptor authenticationInterceptor;
+    protected PathMatcherInterceptor pathMatcherInterceptor;
 
     @Autowired
     protected ObjectMapper objectMapper;