[Feature] spring security

giftrio/build.gradle

@@ -23,12 +23,14 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'junit:junit:4.13.1'
 	implementation 'mysql:mysql-connector-java'
+	implementation 'org.springframework.boot:spring-boot-starter-security'
 	compileOnly 'org.projectlombok:lombok'
 	runtimeOnly 'mysql:mysql-connector-java'
 	annotationProcessor 'org.projectlombok:lombok'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
+	testImplementation 'org.springframework.security:spring-security-test:5.7.5'
 }
 
 tasks.named('test') {
 	useJUnitPlatform()
-}
+}

giftrio/src/main/java/com/fluffytrio/giftrio/advent/Advent.java

@@ -2,7 +2,7 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fluffytrio.giftrio.calendar.Calendar;
-import com.fluffytrio.giftrio.user.User;
+import com.fluffytrio.giftrio.user.entity.User;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Getter;

giftrio/src/main/java/com/fluffytrio/giftrio/advent/dto/AdventRequestDto.java

@@ -2,7 +2,7 @@
 
 import com.fluffytrio.giftrio.advent.Advent;
 import com.fluffytrio.giftrio.calendar.Calendar;
-import com.fluffytrio.giftrio.user.User;
+import com.fluffytrio.giftrio.user.entity.User;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Getter;

giftrio/src/main/java/com/fluffytrio/giftrio/auth/dto/LoginDto.java

@@ -0,0 +1,14 @@
+package com.fluffytrio.giftrio.auth.dto;
+
+import lombok.*;
+
+@Builder
+@Getter
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+@ToString
+public class LoginDto {
+    private String email;
+    private String password;
+}

giftrio/src/main/java/com/fluffytrio/giftrio/calendar/Calendar.java

@@ -3,7 +3,7 @@
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fluffytrio.giftrio.advent.Advent;
 import com.fluffytrio.giftrio.settings.Setting;
-import com.fluffytrio.giftrio.user.User;
+import com.fluffytrio.giftrio.user.entity.User;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Getter;

giftrio/src/main/java/com/fluffytrio/giftrio/calendar/dto/CalendarRequestDto.java

@@ -3,7 +3,7 @@
 import com.fluffytrio.giftrio.advent.Advent;
 import com.fluffytrio.giftrio.calendar.Calendar;
 import com.fluffytrio.giftrio.settings.Setting;
-import com.fluffytrio.giftrio.user.User;
+import com.fluffytrio.giftrio.user.entity.User;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Getter;

giftrio/src/main/java/com/fluffytrio/giftrio/security/config/SecurityConfiguration.java

@@ -0,0 +1,78 @@
+package com.fluffytrio.giftrio.security.config;
+
+import com.fluffytrio.giftrio.security.filter.EmailPasswordAuthenticationFilter;
+import com.fluffytrio.giftrio.security.handler.AuthSuccessHandler;
+import com.fluffytrio.giftrio.security.service.EmailPasswordUserDetailsService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import java.util.Arrays;
+
+@Configuration
+@EnableWebSecurity(debug = true)
+public class SecurityConfiguration {
+    @Autowired
+    EmailPasswordUserDetailsService emailPasswordUserDetailsService;
+
+    @Autowired
+    AuthSuccessHandler authSuccessHandler;
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.csrf().disable()
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .httpBasic().disable()
+                .authorizeRequests()
+                .antMatchers("/api/v1/users").permitAll()
+                //.antMatchers(HttpMethod.DELETE).hasRole("ADMIN")
+                .antMatchers("/admin/**")
+                .hasRole("ADMIN")
+                .antMatchers("/api/v1/login").permitAll()
+                .antMatchers("/api/v1/logout").authenticated()
+                .and()
+                .addFilterAt(getEmailPasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
+
+    @Bean
+    public EmailPasswordAuthenticationFilter getEmailPasswordAuthenticationFilter() {
+        EmailPasswordAuthenticationFilter emailPasswordAuthenticationFilter = new EmailPasswordAuthenticationFilter(getLoginPath(), getAuthManager());
+        emailPasswordAuthenticationFilter.setAuthenticationSuccessHandler(authSuccessHandler);
+        return emailPasswordAuthenticationFilter;
+    }
+
+    @Bean
+    public AntPathRequestMatcher getLoginPath() {
+        return new AntPathRequestMatcher("/api/v1/login", "POST");
+    }
+
+    @Bean
+    public PasswordEncoder getPasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public AuthenticationManager getAuthManager() {
+        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
+        daoAuthenticationProvider.setUserDetailsService(emailPasswordUserDetailsService);
+        daoAuthenticationProvider.setPasswordEncoder(getPasswordEncoder());
+
+        return new ProviderManager(Arrays.asList(new AuthenticationProvider[] {daoAuthenticationProvider}));
+    }
+}

giftrio/src/main/java/com/fluffytrio/giftrio/security/filter/EmailPasswordAuthenticationFilter.java

@@ -0,0 +1,44 @@
+package com.fluffytrio.giftrio.security.filter;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fluffytrio.giftrio.auth.dto.LoginDto;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class EmailPasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
+    private final ObjectMapper objectMapper = new ObjectMapper();
+
+
+    public EmailPasswordAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher,
+                                             AuthenticationManager authenticationManager) {
+        super(requiresAuthenticationRequestMatcher);
+        this.setAuthenticationManager(authenticationManager);
+    }
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
+        if (!request.getMethod().equals("POST")) {
+            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
+        }
+
+        LoginDto loginDto = objectMapper.readValue(request.getInputStream(), LoginDto.class);
+
+        String email = loginDto.getEmail();
+        String password = loginDto.getPassword();
+        System.out.println("check: "+email+" "+password);
+
+        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(email, password);
+
+        return super.getAuthenticationManager().authenticate(authRequest);
+    }
+}

giftrio/src/main/java/com/fluffytrio/giftrio/security/handler/AuthFailureHandler.java

@@ -0,0 +1,34 @@
+package com.fluffytrio.giftrio.security.handler;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.CredentialsExpiredException;
+import org.springframework.security.authentication.DisabledException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@RequiredArgsConstructor
+@Component
+public class AuthFailureHandler extends SimpleUrlAuthenticationFailureHandler {
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException, ServletException {
+        String msg = "로그인 실패";
+
+        if (authenticationException instanceof DisabledException) {
+            msg += " - 비활성화된 계정입니다.";
+        } else if (authenticationException instanceof CredentialsExpiredException) {
+            msg += " - 만료된 로그인 정보입니다.";
+        } else if (authenticationException instanceof BadCredentialsException) {
+            msg += " - 로그인 정보가 유효하지 않습니다.";
+        }
+
+        setDefaultFailureUrl("/login?error=true&exception="+msg);
+        super.onAuthenticationFailure(request, response, authenticationException);
+    }
+}

giftrio/src/main/java/com/fluffytrio/giftrio/security/handler/AuthSuccessHandler.java

@@ -0,0 +1,27 @@
+package com.fluffytrio.giftrio.security.handler;
+
+import com.fluffytrio.giftrio.user.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.time.LocalDateTime;
+
+@RequiredArgsConstructor
+@Component
+public class AuthSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
+    private final UserRepository userRepository;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        userRepository.updateUserLastLogin(authentication.getName(), LocalDateTime.now());
+        setDefaultTargetUrl("/api/v1/calendars");
+
+        super.onAuthenticationSuccess(request, response, authentication);
+    }
+}

giftrio/src/main/java/com/fluffytrio/giftrio/security/service/EmailPasswordUserDetailsService.java

@@ -0,0 +1,28 @@
+package com.fluffytrio.giftrio.security.service;
+
+import com.fluffytrio.giftrio.user.UserRepository;
+import com.fluffytrio.giftrio.user.entity.User;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import java.util.Optional;
+
+@RequiredArgsConstructor
+@Service
+public class EmailPasswordUserDetailsService implements UserDetailsService {
+    @Autowired
+    private final UserRepository userRepository;
+
+    @Override
+    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
+        Optional<User> user = userRepository.getUserByEmail(email);
+        if (user.isEmpty()) {
+            throw new UsernameNotFoundException("로그인 정보와 일치하는 계정이 없습니다.");
+        }
+        return user.get();
+    }
+}

giftrio/src/main/java/com/fluffytrio/giftrio/user/UserController.java

@@ -1,11 +1,11 @@
 package com.fluffytrio.giftrio.user;
 
 import com.fluffytrio.giftrio.user.dto.UserRequestDto;
+import com.fluffytrio.giftrio.user.dto.UserResponseDto;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
-import java.util.Optional;
 
 @RequiredArgsConstructor
 @RestController
@@ -14,27 +14,28 @@ public class UserController {
     private final UserService userService;
 
     @PostMapping()
-    public User addUser(@RequestBody UserRequestDto userRequestDto) {
+    public UserResponseDto addUser(@RequestBody UserRequestDto userRequestDto) {
         return userService.addUser(userRequestDto);
     }
 
     @GetMapping("/{userId}")
-    public Optional<User> getUser(@PathVariable Long userId) {
+    public UserResponseDto getUser(@PathVariable Long userId) {
         return userService.getUser(userId);
     }
 
     @GetMapping()
-    public List<User> getUsers() {
+    public List<UserResponseDto> getUsers() {
         return userService.getUsers();
     }
 
     @PutMapping("/{userId}")
-    public User updateUser(@PathVariable Long userId, @RequestBody User newUserInfo) {
+    public UserResponseDto updateUser(@PathVariable Long userId, @RequestBody UserRequestDto newUserInfo) {
         return userService.updateUser(userId, newUserInfo);
     }
 
     @DeleteMapping("/{userId}")
     public boolean deleteUser(@PathVariable Long userId) {
+        System.out.println(userId);
         return userService.deleteUser(userId);
     }
 }