Modify/#66 modify authority (#67)

* add: enum 권한들 추가

* refactor: member 엔티티에 isAuthor, isOperator 필드를 없애고 Authority 필드를 통해 권한 구별하게 변경

* refactor: token 정보로 User 정보 받아오는 것으로 수정 | 기존 URI도 memberId 직접 다루지 않게 수정

* refactor: 작가 관련 메서드 다루는 컨트롤러 통일 및 권한=작가 외에는 접근 금지 설정

* fix: 북토크가 완료되었을 때 작가의 소피스토리도 업데이트 되게끔 변경

* add: 헤더에 있는 access토큰과 refresh토큰을 받아오는 메서드 추가

* modify: 로그아웃시 헤더에서 access토큰만 받아오게 변경

src/main/java/org/sophy/sophy/InitDb.java

@@ -38,8 +38,6 @@ public void dbInit() {
                     .password(passwordEncoder.encode("Iammember10!"))
                     .phoneNum("01012345678")
                     .marketingAgree(true)
-                    .isAuthor(false)
-                    .isOperator(false)
                     .authority(Authority.ROLE_USER)
                     .build();
             em.persist(citizen);
@@ -67,9 +65,7 @@ public void dbInit() {
                     .password(passwordEncoder.encode("sophy123"))
                     .phoneNum("01012345678")
                     .marketingAgree(false)
-                    .isAuthor(true)
-                    .isOperator(false)
-                    .authority(Authority.ROLE_USER)
+                    .authority(Authority.ROLE_AUTHOR)
                     .build();
             author1.setAuthorProperty(memauthor1);
 
@@ -79,9 +75,7 @@ public void dbInit() {
                     .password(passwordEncoder.encode("sophy234"))
                     .phoneNum("01023456789")
                     .marketingAgree(false)
-                    .isAuthor(true)
-                    .isOperator(false)
-                    .authority(Authority.ROLE_USER)
+                    .authority(Authority.ROLE_AUTHOR)
                     .build();
             author2.setAuthorProperty(memauthor2);
 
@@ -91,9 +85,7 @@ public void dbInit() {
                     .password(passwordEncoder.encode("sophy345"))
                     .phoneNum("01098765432")
                     .marketingAgree(false)
-                    .isAuthor(true)
-                    .isOperator(false)
-                    .authority(Authority.ROLE_USER)
+                    .authority(Authority.ROLE_AUTHOR)
                     .build();
             author3.setAuthorProperty(memauthor3);
 
@@ -207,9 +199,7 @@ public void dbInit() {
                     .password(passwordEncoder.encode("Iamoperator10!"))
                     .phoneNum("01056784321")
                     .marketingAgree(true)
-                    .isAuthor(false)
-                    .isOperator(true)
-                    .authority(Authority.ROLE_USER)
+                    .authority(Authority.ROLE_OPERATOR)
                     .build();
             oper.setOperatorProperty(memOper);
             em.persist(oper);

src/main/java/org/sophy/sophy/config/SecurityConfig.java

@@ -68,6 +68,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .antMatchers("/health/**").permitAll()
                 .antMatchers("/home/**").permitAll()
                 .antMatchers("/booktalk/search/**").permitAll()
+                .antMatchers("/author/**").hasRole("AUTHOR")
                 .anyRequest().authenticated() //나머지 API는 전부 인증 필요
 
                 //JwtFilter 를 addFilterBefore 로 등록했던 JwtSecurityConfig 클래스를 적용

src/main/java/org/sophy/sophy/controller/AuthController.java

@@ -9,17 +9,20 @@
 import org.sophy.sophy.controller.dto.response.MemberResponseDto;
 import org.sophy.sophy.controller.dto.response.TokenDto;
 import org.sophy.sophy.exception.SuccessStatus;
+import org.sophy.sophy.jwt.TokenProvider;
 import org.sophy.sophy.service.AuthService;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
 
 @RestController
 @RequestMapping("/auth")
 @RequiredArgsConstructor
 public class AuthController {
     private final AuthService authService;
+    private final TokenProvider tokenProvider;
 
     @PostMapping("/signup") //회원가입
     @ResponseStatus(HttpStatus.CREATED)
@@ -32,13 +35,18 @@ public ApiResponseDto<TokenDto> login(@RequestBody MemberLoginRequestDto memberL
         return ApiResponseDto.success(SuccessStatus.LOGIN_SUCCESS, authService.login(memberLoginRequestDto));
     }
 
-    @PostMapping("/logout") //로그인
-    public ApiResponseDto<String> logout(@RequestBody TokenRequestDto tokenRequestDto) {
-        return ApiResponseDto.success(SuccessStatus.LOGOUT_SUCCESS, authService.logout(tokenRequestDto));
+    @PostMapping("/logout") //로그아웃
+    public ApiResponseDto<String> logout(HttpServletRequest request) {
+        /**
+         * HttpServletRequest나 HttpServletResponse 객체가 Service 계층으로 넘어가는 것은 좋지 않다.
+         * request, response는 컨트롤러 계층에서 사용되는 객체이며, Service 계층이 request와 response를 알 필요가 없다.
+         */
+        String accessToken = tokenProvider.resolveAccessToken(request);
+        return ApiResponseDto.success(SuccessStatus.LOGOUT_SUCCESS, authService.logout(accessToken));
     }
 
     @PostMapping("/reissue") //액세스 토큰 재발행
-    public ApiResponseDto<TokenDto> reissue(@RequestBody TokenRequestDto tokenRequestDto) {
+    public ApiResponseDto<TokenDto> reissue(@RequestBody TokenRequestDto tokenRequestDto) { //추후 토큰 만료시간 설정하고 Refresh 토큰 헤더로 받게 변경 필요
         return ApiResponseDto.success(SuccessStatus.REISSUE_SUCCESS, authService.reissue(tokenRequestDto));
     }
 

src/main/java/org/sophy/sophy/controller/AuthorController.java

@@ -0,0 +1,61 @@
+package org.sophy.sophy.controller;
+
+import lombok.RequiredArgsConstructor;
+import org.sophy.sophy.common.dto.ApiResponseDto;
+import org.sophy.sophy.domain.CompletedBooktalk;
+import org.sophy.sophy.domain.dto.booktalk.BooktalkUpdateDto;
+import org.sophy.sophy.domain.dto.booktalk.request.BooktalkRequestDto;
+import org.sophy.sophy.domain.dto.booktalk.response.BooktalkCreateResponseDto;
+import org.sophy.sophy.domain.dto.booktalk.response.BooktalkDeleteResponseDto;
+import org.sophy.sophy.domain.dto.mypage.MyPageBooktalkDto;
+import org.sophy.sophy.exception.SuccessStatus;
+import org.sophy.sophy.infrastructure.MemberRepository;
+import org.sophy.sophy.service.BooktalkService;
+import org.sophy.sophy.service.MemberService;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+import java.util.List;
+
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/author")
+public class AuthorController {
+    private final MemberRepository memberRepository;
+    private final MemberService memberService;
+    private final BooktalkService booktalkService;
+
+    @GetMapping("/my-booktalks") //개설한 북토크 조회
+    @ResponseStatus(HttpStatus.OK)
+    public ApiResponseDto<List<MyPageBooktalkDto>> getAuthorBooktalks(@AuthenticationPrincipal User user) {
+        Long memberId = memberRepository.getMemberByEmail(user.getUsername()).getId();
+        return ApiResponseDto.success(SuccessStatus.GET_AUTHOR_BOOKTALKS_SUCCESS, memberService.getAuthorBooktalksByMemberId(memberId));
+    }
+
+    @PostMapping("/booktalk") //북토크 생성
+    @ResponseStatus(HttpStatus.CREATED)
+    public ApiResponseDto<BooktalkCreateResponseDto> createBooktalk(@Valid @ModelAttribute BooktalkRequestDto booktalkRequestDto) {
+        return ApiResponseDto.success(SuccessStatus.CREATE_BOOKTALK_SUCCESS, booktalkService.createBooktalk(booktalkRequestDto));
+    }
+
+    @PatchMapping("/booktalk/{booktalkId}") //북토크 수정
+    @ResponseStatus(HttpStatus.OK)
+    public ApiResponseDto<BooktalkUpdateDto> updateBooktalk(@PathVariable("booktalkId") Long booktalkId, @Valid @RequestBody BooktalkUpdateDto booktalkUpdateDto) {
+        return ApiResponseDto.success(SuccessStatus.PATCH_BOOKTALK_SUCCESS, booktalkService.updateBooktalk(booktalkId, booktalkUpdateDto));
+    }
+
+    @DeleteMapping("/booktalk/{booktalkId}") //북토크 삭제
+    @ResponseStatus(HttpStatus.OK)
+    public ApiResponseDto<BooktalkDeleteResponseDto> deleteBooktalk(@PathVariable("booktalkId") Long booktalkId) {
+        return ApiResponseDto.success(SuccessStatus.DELETE_BOOKTALK_SUCCESS, booktalkService.deleteBooktalk(booktalkId));
+    }
+
+    @PostMapping("/booktalk/{booktalkId}") //북토크 완료
+    @ResponseStatus(HttpStatus.OK)
+    public ApiResponseDto<CompletedBooktalk> completeBooktalk(@PathVariable("booktalkId") Long booktalkId) {
+        return ApiResponseDto.success(SuccessStatus.DELETE_BOOKTALK_SUCCESS, booktalkService.completeBooktalk(booktalkId));
+    }
+}

src/main/java/org/sophy/sophy/controller/BooktalkController.java

@@ -2,12 +2,7 @@
 
 import lombok.RequiredArgsConstructor;
 import org.sophy.sophy.common.dto.ApiResponseDto;
-import org.sophy.sophy.domain.CompletedBooktalk;
-import org.sophy.sophy.domain.dto.booktalk.BooktalkUpdateDto;
 import org.sophy.sophy.domain.dto.booktalk.request.BooktalkParticipationRequestDto;
-import org.sophy.sophy.domain.dto.booktalk.request.BooktalkRequestDto;
-import org.sophy.sophy.domain.dto.booktalk.response.BooktalkCreateResponseDto;
-import org.sophy.sophy.domain.dto.booktalk.response.BooktalkDeleteResponseDto;
 import org.sophy.sophy.domain.dto.booktalk.response.BooktalkDetailResponseDto;
 import org.sophy.sophy.domain.dto.booktalk.response.BooktalkResponseDto;
 import org.sophy.sophy.domain.enumerate.City;
@@ -25,24 +20,6 @@
 public class BooktalkController {
     private final BooktalkService booktalkService;
 
-    @PostMapping //북토크 생성
-    @ResponseStatus(HttpStatus.CREATED)
-    public ApiResponseDto<BooktalkCreateResponseDto> createBooktalk(@Valid @ModelAttribute BooktalkRequestDto booktalkRequestDto) {
-        return ApiResponseDto.success(SuccessStatus.CREATE_BOOKTALK_SUCCESS, booktalkService.createBooktalk(booktalkRequestDto));
-    }
-
-    @PatchMapping("/{booktalkId}") //북토크 수정
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponseDto<BooktalkUpdateDto> updateBooktalk(@PathVariable("booktalkId") Long booktalkId, @Valid @RequestBody BooktalkUpdateDto booktalkUpdateDto) {
-        return ApiResponseDto.success(SuccessStatus.PATCH_BOOKTALK_SUCCESS, booktalkService.updateBooktalk(booktalkId, booktalkUpdateDto));
-    }
-
-    @DeleteMapping("/{booktalkId}") //북토크 삭제
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponseDto<BooktalkDeleteResponseDto> deleteBooktalk(@PathVariable("booktalkId") Long booktalkId) {
-        return ApiResponseDto.success(SuccessStatus.DELETE_BOOKTALK_SUCCESS, booktalkService.deleteBooktalk(booktalkId));
-    }
-
     @GetMapping("/search/{booktalkId}/detail") //북토크 상세 조회
     @ResponseStatus(HttpStatus.OK)
     public ApiResponseDto<BooktalkDetailResponseDto> getBooktalkDetail(@PathVariable("booktalkId") Long booktalkId) {
@@ -61,10 +38,4 @@ public ApiResponseDto postBooktalkParticipation(@Valid @RequestBody BooktalkPart
         booktalkService.postBooktalkParticipation(booktalkParticipationRequestDto);
         return ApiResponseDto.success(SuccessStatus.CREATE_BOOKTALK_PARTICIPATION_SUCCESS);
     }
-
-    @PostMapping("/{booktalkId}") //북토크 완료
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponseDto<CompletedBooktalk> completeBooktalk(@PathVariable("booktalkId") Long booktalkId) {
-        return ApiResponseDto.success(SuccessStatus.DELETE_BOOKTALK_SUCCESS, booktalkService.completeBooktalk(booktalkId));
-    }
 }

src/main/java/org/sophy/sophy/controller/HomeController.java

@@ -4,19 +4,23 @@
 import org.sophy.sophy.common.dto.ApiResponseDto;
 import org.sophy.sophy.domain.dto.HomeResponseDto;
 import org.sophy.sophy.exception.SuccessStatus;
+import org.sophy.sophy.infrastructure.MemberRepository;
 import org.sophy.sophy.service.HomeService;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RestController;
 
 
 @RestController
 @RequiredArgsConstructor
 public class HomeController {
     private final HomeService homeService;
+    private final MemberRepository memberRepository;
 
-    @GetMapping("/myhome/{memberId}") //회원 홈 조회 (작가와 주민 구분은 서비스 단 내에서)
-    public ApiResponseDto<HomeResponseDto> getHome(@PathVariable("memberId") Long memberId) {
+    @GetMapping("/myhome") //회원 홈 조회 (작가와 주민 구분은 서비스 단 내에서)
+    public ApiResponseDto<HomeResponseDto> getHome(@AuthenticationPrincipal User user) {
+        Long memberId = memberRepository.getMemberByEmail(user.getUsername()).getId();
         return ApiResponseDto.success(SuccessStatus.GET_HOME_SUCCESS, homeService.getHome(memberId));
     }
 

src/main/java/org/sophy/sophy/controller/MemberController.java

@@ -3,56 +3,59 @@
 import lombok.RequiredArgsConstructor;
 import org.sophy.sophy.common.dto.ApiResponseDto;
 import org.sophy.sophy.controller.dto.request.MemberAdditionalInfoDto;
-import org.sophy.sophy.domain.dto.mypage.MyPageBooktalkDto;
 import org.sophy.sophy.domain.dto.mypage.MyPageDto;
 import org.sophy.sophy.domain.dto.mypage.MyInfoDto;
 import org.sophy.sophy.exception.SuccessStatus;
+import org.sophy.sophy.infrastructure.MemberRepository;
 import org.sophy.sophy.service.MemberService;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
-import java.util.List;
 
 @RestController
 @RequiredArgsConstructor
 @RequestMapping("/member")
 public class MemberController {
     private final MemberService memberService;
+    private final MemberRepository memberRepository;
 
-    @GetMapping("/my-page/{memberId}") // 마이페이지 조회
+    @GetMapping("/my-page") // 마이페이지 조회
     @ResponseStatus(HttpStatus.OK)
-    public ApiResponseDto<MyPageDto> getMyPage(@PathVariable("memberId") Long memberId) {
+    public ApiResponseDto<MyPageDto> getMyPage(@AuthenticationPrincipal User user) {
+        Long memberId = memberRepository.getMemberByEmail(user.getUsername()).getId();
         return ApiResponseDto.success(SuccessStatus.GET_MYPAGE_SUCCESS, memberService.getMyPage(memberId));
     }
 
-    @GetMapping("/my-info/{memberId}") //내 정보 조회
+    @GetMapping("/my-info") //내 정보 조회
     @ResponseStatus(HttpStatus.OK)
-    public ApiResponseDto<MyInfoDto> getInfo(@PathVariable("memberId") Long memberId) {
+    public ApiResponseDto<MyInfoDto> getInfo(@AuthenticationPrincipal User user) {
+        Long memberId = memberRepository.getMemberByEmail(user.getUsername()).getId();
         return ApiResponseDto.success(SuccessStatus.GET_MYPAGE_SUCCESS, memberService.getMyInfo(memberId));
     }
 
-    @PostMapping("/my-info/{memberId}") //추가 정보 입력
+    @PostMapping("/my-info") //추가 정보 입력
     @ResponseStatus(HttpStatus.OK)
-    public ApiResponseDto<MemberAdditionalInfoDto> postAdditionalInfo(@PathVariable("memberId") Long memberId, @RequestBody @Valid MemberAdditionalInfoDto memberAdditionalInfoDto) {
+    public ApiResponseDto<MemberAdditionalInfoDto> postAdditionalInfo(@AuthenticationPrincipal User user, @RequestBody @Valid MemberAdditionalInfoDto memberAdditionalInfoDto) {
+        Long memberId = memberRepository.getMemberByEmail(user.getUsername()).getId();
         return ApiResponseDto.success(SuccessStatus.POST_ADDITIONALINFO_SUCCESS, memberService.postAdditionalInfo(memberId, memberAdditionalInfoDto));
     }
 
-    @PatchMapping("/my-info/{memberId}") //내 정보 업데이트
+    @PatchMapping("/my-info") //내 정보 업데이트
     @ResponseStatus(HttpStatus.OK)
-    public ApiResponseDto<MyInfoDto> patchInfo(@PathVariable("memberId") Long memberId, @RequestBody @Valid MyInfoDto myInfoDto) {
+    public ApiResponseDto<MyInfoDto> patchInfo(@AuthenticationPrincipal User user, @RequestBody @Valid MyInfoDto myInfoDto) {
+        Long memberId = memberRepository.getMemberByEmail(user.getUsername()).getId();
         return ApiResponseDto.success(SuccessStatus.PATCH_MYINFO_SUCCESS, memberService.patchMyInfo(memberId, myInfoDto));
     }
 
-    @GetMapping("/my-booktalks/{memberId}") //예정된 북토크 조회 (신청)
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponseDto<List<MyPageBooktalkDto>> getMyBooktalks(@PathVariable("memberId") Long memberId) {
-        return ApiResponseDto.success(SuccessStatus.GET_MY_BOOKTALKS_SUCCESS, memberService.getBooktalksByMemberId(memberId));
-    }
+//    @GetMapping("/my-booktalks") //예정된 북토크 조회 (신청)
+//    @ResponseStatus(HttpStatus.OK)
+//    public ApiResponseDto<List<MyPageBooktalkDto>> getMyBooktalks(@AuthenticationPrincipal User user) {
+//        Long memberId = memberRepository.getMemberByEmail(user.getUsername()).getId();
+//        return ApiResponseDto.success(SuccessStatus.GET_MY_BOOKTALKS_SUCCESS, memberService.getBooktalksByMemberId(memberId));
+//    }
+
 
-    @GetMapping("/author-booktalks/{memberId}") //개설한 북토크 조회
-    @ResponseStatus(HttpStatus.OK)
-    public ApiResponseDto<List<MyPageBooktalkDto>> getAuthorBooktalks(@PathVariable("memberId") Long memberId) {
-        return ApiResponseDto.success(SuccessStatus.GET_AUTHOR_BOOKTALKS_SUCCESS, memberService.getAuthorBooktalksByMemberId(memberId));
-    }
 }

src/main/java/org/sophy/sophy/controller/OperatorController.java

@@ -2,7 +2,10 @@
 
 import lombok.RequiredArgsConstructor;
 import org.sophy.sophy.domain.Booktalk;
+import org.sophy.sophy.infrastructure.MemberRepository;
 import org.sophy.sophy.service.OperatorService;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -13,9 +16,11 @@
 public class OperatorController {
 
     private final OperatorService operatorService;
+    private final MemberRepository memberRepository;
 
-    @GetMapping("/{memberId}")
-    public List<Booktalk> getWaitingBooktalks(@PathVariable(name = "memberId") Long memberId) { //승인 대기중 북토크 조회
+    @GetMapping
+    public List<Booktalk> getWaitingBooktalks(@AuthenticationPrincipal User user) { //승인 대기중 북토크 조회
+        Long memberId = memberRepository.getMemberByEmail(user.getUsername()).getId();
         return operatorService.getWaitingBooktalks(memberId);
     }
 

src/main/java/org/sophy/sophy/controller/SophyStoryController.java

@@ -5,7 +5,10 @@
 import org.sophy.sophy.domain.dto.SophyStoryDto;
 import org.sophy.sophy.domain.dto.SophyStoryRequestDto;
 import org.sophy.sophy.exception.SuccessStatus;
+import org.sophy.sophy.infrastructure.MemberRepository;
 import org.sophy.sophy.service.SophyStoryService;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.userdetails.User;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -15,14 +18,17 @@
 @RequiredArgsConstructor
 public class SophyStoryController {
     private final SophyStoryService sophyStoryService;
+    private final MemberRepository memberRepository;
 
-    @GetMapping("/{memberId}") //소피스토리 연, 월로 조회
-    public ApiResponseDto<List<SophyStoryDto>> geyMySophyStory(@PathVariable(name = "memberId") Long memberId, @RequestBody SophyStoryRequestDto sophyStoryRequestDto) {
+    @GetMapping //소피스토리 연, 월로 조회
+    public ApiResponseDto<List<SophyStoryDto>> geyMySophyStory(@AuthenticationPrincipal User user, @RequestBody SophyStoryRequestDto sophyStoryRequestDto) {
+        Long memberId = memberRepository.getMemberByEmail(user.getUsername()).getId();
         return ApiResponseDto.success(SuccessStatus.GET_SOPHY_STORY_SUCCESS, sophyStoryService.getMySophyStory(memberId, sophyStoryRequestDto));
     }
 
-    @GetMapping("/{memberId}/all") //소피스토리 모두 조회
-    public ApiResponseDto<List<SophyStoryDto>> geyMySophyStory(@PathVariable(name = "memberId") Long memberId) {
+    @GetMapping("/all") //소피스토리 모두 조회
+    public ApiResponseDto<List<SophyStoryDto>> geyMySophyStory(@AuthenticationPrincipal User user) {
+        Long memberId = memberRepository.getMemberByEmail(user.getUsername()).getId();
         return ApiResponseDto.success(SuccessStatus.GET_SOPHY_STORY_SUCCESS, sophyStoryService.getMySophyStory(memberId));
     }
 }