Merge pull request #47 from Nexus-TruthAI/fix/#46

apg0001 · web-flow · commit 7ff605caf5cf · 2025-08-23T22:04:52.000+09:00
[fix] jwt 토큰 및 보안 설정 관련 롤백
diff --git a/src/main/java/jpabasic/truthaiserver/config/SecurityConfig.java b/src/main/java/jpabasic/truthaiserver/config/SecurityConfig.java
@@ -1,3 +1,49 @@
+//package jpabasic.truthaiserver.config;
+//
+//import jpabasic.truthaiserver.jwt.JwtFilter;
+//import lombok.extern.slf4j.Slf4j;
+//import org.springframework.beans.factory.annotation.Autowired;
+//import org.springframework.beans.factory.annotation.Configurable;
+//import org.springframework.context.annotation.Bean;
+//import org.springframework.context.annotation.Configuration;
+//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+//import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+//import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+//import org.springframework.security.web.SecurityFilterChain;
+//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+//
+//@EnableWebSecurity
+//@Configuration
+//@Slf4j
+//public class SecurityConfig {
+//    @Autowired
+//    private JwtFilter jwtFilter;
+//
+//    @Bean
+//    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+//        return http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
+//                .authorizeHttpRequests(auth -> auth
+//                        // 공개 엔드포인트 (인증 불필요)
+//                        .requestMatchers(
+//                                "/auth/login",
+//                                "/auth/token/refresh",
+//                                "/swagger-ui/**",
+//                                "/v3/api-docs/**",
+//                                "/error"
+//                        ).permitAll()
+//                        // 나머지 모든 요청은 인증 필요
+//                        .anyRequest().authenticated()
+//                )
+//                .csrf(AbstractHttpConfigurer::disable)
+//                .headers((headers -> headers
+//                        .frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
+//                )
+//                .build();
+//    }
+//}
+
+
 package jpabasic.truthaiserver.config;
 
 import jpabasic.truthaiserver.jwt.JwtFilter;
@@ -24,21 +70,17 @@ public class SecurityConfig {
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         return http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
                 .authorizeHttpRequests(auth -> auth
-                        // 공개 엔드포인트 (인증 불필요)
-                        .requestMatchers(
-                                "/auth/login",
-                                "/auth/token/refresh",
-                                "/swagger-ui/**",
-                                "/v3/api-docs/**",
-                                "/error"
-                        ).permitAll()
-                        // 나머지 모든 요청은 인증 필요
-                        .anyRequest().authenticated()
+                                // api 테스트 위해서 모든 권한 열어둠
+                                .anyRequest().permitAll()
+                        // 실제 배포 시 swagger랑 로그인만 열어둠
+//                        .requestMatchers("/api/auth", "/swagger-ui/**").permitAll()
+//                        .anyRequest().authenticated()
                 )
+
                 .csrf(AbstractHttpConfigurer::disable)
                 .headers((headers -> headers
                         .frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
                 )
                 .build();
     }
-}
+}
diff --git a/src/main/java/jpabasic/truthaiserver/jwt/JwtFilter.java b/src/main/java/jpabasic/truthaiserver/jwt/JwtFilter.java
@@ -1,3 +1,103 @@
+//package jpabasic.truthaiserver.jwt;
+//
+//import jakarta.servlet.FilterChain;
+//import jakarta.servlet.ServletException;
+//import jakarta.servlet.http.HttpServletRequest;
+//import jakarta.servlet.http.HttpServletResponse;
+//import jpabasic.truthaiserver.domain.User;
+//import jpabasic.truthaiserver.repository.UserRepository;
+//import jpabasic.truthaiserver.security.CustomUserDetails;
+//import jpabasic.truthaiserver.service.JwtService;
+//import lombok.RequiredArgsConstructor;
+//import lombok.extern.slf4j.Slf4j;
+//import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+//import org.springframework.security.core.context.SecurityContextHolder;
+//import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+//import org.springframework.stereotype.Component;
+//import org.springframework.web.filter.OncePerRequestFilter;
+//
+//import java.io.IOException;
+//import java.util.Optional;
+//
+//@Slf4j
+//@RequiredArgsConstructor
+//@Component
+//public class JwtFilter extends OncePerRequestFilter {
+//
+//    private final JwtService jwtService;
+//    private final UserRepository userRepository;
+//
+//    @Override
+//    protected void doFilterInternal(
+//            HttpServletRequest request,
+//            HttpServletResponse response,
+//            FilterChain filterChain
+//    ) throws ServletException, IOException {
+//
+//        // 이미 인증되어 있으면 패스
+//        if (SecurityContextHolder.getContext().getAuthentication() == null) {
+//            String token = jwtService.extractToken(request);
+//
+//            if (token != null) {
+//                try {
+//                    if (jwtService.validateAccessToken(token)) {
+//                        // 토큰이 유효한 경우
+//                        authenticateUser(token, request);
+//                    } else {
+//                        // 토큰이 만료되었거나 유효하지 않은 경우
+//                        log.debug("JWT 토큰이 유효하지 않음");
+//                        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+//                        response.getWriter().write("{\"error\":\"토큰이 만료되었거나 유효하지 않습니다.\",\"code\":\"TOKEN_EXPIRED\"}");
+//                        return;
+//                    }
+//                } catch (Exception e) {
+//                    // 토큰 파싱 실패 등 예외 발생 시
+//                    log.debug("JWT 토큰 검증 실패: {}", e.getMessage());
+//                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+//                    response.getWriter().write("{\"error\":\"토큰 형식이 올바르지 않습니다.\",\"code\":\"INVALID_TOKEN\"}");
+//                    return;
+//                }
+//            } else {
+//                // 토큰이 없는 경우
+//                log.debug("JWT 토큰이 요청에 포함되지 않음");
+//                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+//                response.getWriter().write("{\"error\":\"인증 토큰이 필요합니다.\",\"code\":\"TOKEN_REQUIRED\"}");
+//                return;
+//            }
+//        }
+//
+//        filterChain.doFilter(request, response);
+//    }
+//
+//    private void authenticateUser(String token, HttpServletRequest request) {
+//        try {
+//            Long userId = jwtService.getUserIdByParseToken(token);
+//            Optional<User> userOpt = userRepository.findById(userId);
+//
+//            if (userOpt.isPresent()) {
+//                User user = userOpt.get();
+//                CustomUserDetails principal = new CustomUserDetails(user);
+//
+//                UsernamePasswordAuthenticationToken authentication =
+//                        new UsernamePasswordAuthenticationToken(
+//                                principal,
+//                                null,
+//                                principal.getAuthorities()
+//                        );
+//                authentication.setDetails(
+//                        new WebAuthenticationDetailsSource().buildDetails(request)
+//                );
+//
+//                SecurityContextHolder.getContext().setAuthentication(authentication);
+//                log.debug("사용자 인증 성공 - userId: {}", userId);
+//            }
+//        } catch (Exception e) {
+//            log.error("사용자 인증 처리 중 오류 발생: {}", e.getMessage());
+//        }
+//    }
+//}
+
+
 package jpabasic.truthaiserver.jwt;
 
 import jakarta.servlet.FilterChain;
@@ -9,7 +109,6 @@
 import jpabasic.truthaiserver.security.CustomUserDetails;
 import jpabasic.truthaiserver.service.JwtService;
 import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
@@ -19,13 +118,38 @@
 import java.io.IOException;
 import java.util.Optional;
 
-@Slf4j
+//@RequiredArgsConstructor
+//@Component
+//public class JwtFilter extends OncePerRequestFilter {
+//
+//    private final JwtService jwtService;
+//
+//    @Override
+//    protected void doFilterInternal(HttpServletRequest request,
+//                                    HttpServletResponse response,
+//                                    FilterChain filterChain) throws ServletException, IOException {
+//        String token = jwtService.extractToken(request);
+//        if (token != null && jwtService.validateAccessToken(token)) {
+//            var userDetails = jwtService.getUserDetailsFromToken(token);
+//
+//            var authentication = new UsernamePasswordAuthenticationToken(
+//                    userDetails, null, userDetails.getAuthorities()
+//            );
+//            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+//
+//            SecurityContextHolder.getContext().setAuthentication(authentication);
+//        }
+//
+//        filterChain.doFilter(request, response);
+//    }
+//}
+
 @RequiredArgsConstructor
 @Component
 public class JwtFilter extends OncePerRequestFilter {
 
     private final JwtService jwtService;
-    private final UserRepository userRepository;
+    private final UserRepository userRepository; // ✅ User 조회 위해 주입
 
     @Override
     protected void doFilterInternal(
@@ -38,61 +162,31 @@ protected void doFilterInternal(
         if (SecurityContextHolder.getContext().getAuthentication() == null) {
             String token = jwtService.extractToken(request);
 
-            if (token != null) {
-                try {
-                    if (jwtService.validateAccessToken(token)) {
-                        // 토큰이 유효한 경우
-                        authenticateUser(token, request);
-                    } else {
-                        // 토큰이 만료되었거나 유효하지 않은 경우
-                        log.debug("JWT 토큰이 유효하지 않음");
-                        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-                        response.getWriter().write("{\"error\":\"토큰이 만료되었거나 유효하지 않습니다.\",\"code\":\"TOKEN_EXPIRED\"}");
-                        return;
-                    }
-                } catch (Exception e) {
-                    // 토큰 파싱 실패 등 예외 발생 시
-                    log.debug("JWT 토큰 검증 실패: {}", e.getMessage());
-                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-                    response.getWriter().write("{\"error\":\"토큰 형식이 올바르지 않습니다.\",\"code\":\"INVALID_TOKEN\"}");
-                    return;
-                }
-            } else {
-                // 토큰이 없는 경우
-                log.debug("JWT 토큰이 요청에 포함되지 않음");
-                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-                response.getWriter().write("{\"error\":\"인증 토큰이 필요합니다.\",\"code\":\"TOKEN_REQUIRED\"}");
-                return;
-            }
-        }
+            if (token != null && jwtService.validateAccessToken(token)) {
+                Long userId = jwtService.getUserIdByParseToken(token);
 
-        filterChain.doFilter(request, response);
-    }
+                Optional<User> userOpt = userRepository.findById(userId);
+                if (userOpt.isPresent()) {
+                    User user = userOpt.get();
 
-    private void authenticateUser(String token, HttpServletRequest request) {
-        try {
-            Long userId = jwtService.getUserIdByParseToken(token);
-            Optional<User> userOpt = userRepository.findById(userId);
-            
-            if (userOpt.isPresent()) {
-                User user = userOpt.get();
-                CustomUserDetails principal = new CustomUserDetails(user);
+                    // ✅ 엔티티 포함한 UserDetails
+                    CustomUserDetails principal = new CustomUserDetails(user);
 
-                UsernamePasswordAuthenticationToken authentication =
-                        new UsernamePasswordAuthenticationToken(
-                                principal,
-                                null,
-                                principal.getAuthorities()
-                        );
-                authentication.setDetails(
-                        new WebAuthenticationDetailsSource().buildDetails(request)
-                );
+                    UsernamePasswordAuthenticationToken authentication =
+                            new UsernamePasswordAuthenticationToken(
+                                    principal,
+                                    null,
+                                    principal.getAuthorities()
+                            );
+                    authentication.setDetails(
+                            new WebAuthenticationDetailsSource().buildDetails(request)
+                    );
 
-                SecurityContextHolder.getContext().setAuthentication(authentication);
-                log.debug("사용자 인증 성공 - userId: {}", userId);
+                    SecurityContextHolder.getContext().setAuthentication(authentication);
+                }
             }
-        } catch (Exception e) {
-            log.error("사용자 인증 처리 중 오류 발생: {}", e.getMessage());
         }
+
+        filterChain.doFilter(request, response);
     }
 }
