[Feat] 예외처리, 팀 리더 아닌경우 팀원 수정 불가

1_16.json

@@ -0,0 +1 @@
+[{"rank": 1, "user_id": 47}, {"rank": 2, "user_id": 43}]

2_2.json

@@ -0,0 +1 @@
+[{"rank": 1, "user_id": 83}]

2_7.json

@@ -0,0 +1 @@
+[{"rank": 1, "user_id": 83}]

2_8.json

@@ -0,0 +1 @@
+[{"rank": 1, "user_id": 83}, {"rank": 2, "user_id": 21}]

3_2.json

@@ -0,0 +1 @@
+[{"rank": 1, "user_id": 84}, {"rank": 2, "user_id": 18}, {"rank": 3, "user_id": 22}, {"rank": 4, "user_id": 49}]

3_7.json

@@ -0,0 +1 @@
+[{"rank": 1, "user_id": 84}, {"rank": 2, "user_id": 18}, {"rank": 3, "user_id": 49}]

4_13.json

@@ -0,0 +1 @@
+[{"rank": 1, "user_id": 19}]

4_8.json

@@ -0,0 +1 @@
+[{"rank": 1, "user_id": 19}]

6_8.json

@@ -0,0 +1 @@
+[{"rank": 1, "user_id": 87}]

build.gradle

@@ -24,14 +24,33 @@ repositories {
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
     compileOnly 'org.projectlombok:lombok'
     runtimeOnly 'com.mysql:mysql-connector-j'
+    implementation 'mysql:mysql-connector-java:8.0.23'
+    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+    testImplementation 'org.springframework.security:spring-security-test'
+
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+    testAnnotationProcessor 'org.projectlombok:lombok'
+    testImplementation 'org.projectlombok:lombok'
+
     annotationProcessor 'org.projectlombok:lombok'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     implementation 'com.googlecode.json-simple:json-simple:1.1.1'
     //웹소켓
     implementation 'org.springframework.boot:spring-boot-starter-websocket'
 
+    implementation 'org.modelmapper:modelmapper:3.1.0'
+
+    //파일 읽기
+    implementation 'org.mybatis.spring.boot:mybatis-spring-boot-starter:2.2.2'
+    implementation 'org.apache.poi:poi-ooxml:5.2.3'
+
+
 }
 
 tasks.named('test') {

src/main/java/com/example/capd/CapDApplication.java

@@ -2,10 +2,11 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.scheduling.annotation.EnableScheduling;
 
 @SpringBootApplication
+@EnableScheduling
 public class CapDApplication {
-
     public static void main(String[] args) {
         SpringApplication.run(CapDApplication.class, args);
     }

src/main/java/com/example/capd/Exception/ReviewSubmissionPeriodNotEndedException.java

@@ -0,0 +1,10 @@
+package com.example.capd.Exception;
+
+public class ReviewSubmissionPeriodNotEndedException extends RuntimeException {
+    public ReviewSubmissionPeriodNotEndedException(){
+        super("심사 기간이 끝나지 않아 리뷰를 작성할 수 없습니다.");
+    }
+    public ReviewSubmissionPeriodNotEndedException(int n){
+        super("접수 기간이 끝나지 않아 리뷰를 작성할 수 없습니다.");
+    }
+}

src/main/java/com/example/capd/Exception/UserWithDesiredStackNotFoundException.java

@@ -4,4 +4,5 @@ public class UserWithDesiredStackNotFoundException extends RuntimeException{
     public UserWithDesiredStackNotFoundException() {
         super("원하는 스택을 가지고 있는 유저가 존재하지 않습니다.");
     }
+
 }

src/main/java/com/example/capd/User/JWT/AuthorizationExtractor.java

@@ -0,0 +1,26 @@
+package com.example.capd.User.JWT;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.apache.logging.log4j.util.Strings;
+import org.springframework.stereotype.Component;
+
+import java.util.Enumeration;
+
+//헤더에서 토큰 추출하기
+@Component
+public class AuthorizationExtractor {
+    public static final String AUTHORIZATION = "AAuthorization";
+    public static final String ACCESS_TOKEN_TYPE = AuthorizationExtractor.class.getSimpleName() + ".ACCESS_TOKEN_TYPE";
+
+    public String extract(HttpServletRequest request, String type) {
+        Enumeration<String> headers = request.getHeaders(AUTHORIZATION);
+        while (headers.hasMoreElements()) {
+            String value = headers.nextElement();
+            if (value.toLowerCase().startsWith(type.toLowerCase())) {
+                return value.substring(type.length()).trim();
+            }
+        }
+
+        return Strings.EMPTY;
+    }
+}

src/main/java/com/example/capd/User/JWT/BearerAuthInterceptor.java

@@ -0,0 +1,36 @@
+//package com.example.capd.User.JWT;
+//
+//import jakarta.servlet.http.HttpServletRequest;
+//import jakarta.servlet.http.HttpServletResponse;
+//import org.springframework.stereotype.Component;
+//import org.springframework.util.StringUtils;
+//import org.springframework.web.servlet.HandlerInterceptor;
+//
+//@Component
+//public class BearerAuthInterceptor implements HandlerInterceptor {
+//    private AuthorizationExtractor authExtractor;
+//    private TokenProvider jwtTokenProvider;
+//
+//    public BearerAuthInterceptor(AuthorizationExtractor authExtractor, TokenProvider jwtTokenProvider) {
+//        this.authExtractor = authExtractor;
+//        this.jwtTokenProvider = jwtTokenProvider;
+//    }
+//
+//    @Override
+//    public boolean preHandle(HttpServletRequest request,
+//                             HttpServletResponse response, Object handler) {
+//        System.out.println(">>> interceptor.preHandle 호출");
+//        String token = authExtractor.extract(request, "Bearer");
+//        if (StringUtils.isEmpty(token)) {
+//            return true;
+//        }
+//
+//        if (!jwtTokenProvider.validateToken(token)) {
+//            throw new IllegalArgumentException("유효하지 않은 토큰");
+//        }
+//
+//        String name = jwtTokenProvider.getUsername(token);
+//        request.setAttribute("name", name);
+//        return true;
+//    }
+//}

src/main/java/com/example/capd/User/JWT/JwtAuthFilter.java

@@ -0,0 +1,52 @@
+package com.example.capd.User.JWT;
+
+import com.example.capd.User.service.CustomUserDetailsService;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@RequiredArgsConstructor
+public class JwtAuthFilter extends OncePerRequestFilter { // OncePerRequestFilter -> 한 번 실행 보장
+
+    private final CustomUserDetailsService customUserDetailsService;
+    private final JwtUtil jwtUtil;
+
+    @Override
+    /**
+     * JWT 토큰 검증 필터 수행
+     */
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        String authorizationHeader = request.getHeader("Authorization");
+
+        //JWT가 헤더에 있는 경우
+        if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
+            String token = authorizationHeader.substring(7);
+            //JWT 유효성 검증
+            if (jwtUtil.validateToken(token)) {
+                Long userId = jwtUtil.getId(token);
+
+                //유저와 토큰 일치 시 userDetails 생성
+                UserDetails userDetails = customUserDetailsService.loadUserByUsername(userId.toString());
+
+                if (userDetails != null) {
+                    //UserDetsils, Password, Role -> 접근권한 인증 Token 생성
+                    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
+                            new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
+
+                    //현재 Request의 Security Context에 접근권한 설정
+                    SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
+                }
+            }
+        }
+
+        filterChain.doFilter(request, response); // 다음 필터로 넘기기
+    }
+}

src/main/java/com/example/capd/User/JWT/JwtUtil.java

@@ -0,0 +1,110 @@
+package com.example.capd.User.JWT;
+
+import com.example.capd.User.dto.CustomUserInfoDto;
+import io.jsonwebtoken.*;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import java.security.Key;
+import java.time.ZonedDateTime;
+import java.util.Date;
+
+@Slf4j
+@Component
+public class JwtUtil {
+    private final Key key;
+    private final long accessTokenExpTime;
+
+    public JwtUtil(
+            @Value("${jwt.secret}") String secretKey,
+            @Value("${jwt.expiration_time}") long accessTokenExpTime
+    ) {
+        byte[] keyBytes = Decoders.BASE64.decode(secretKey);
+        this.key = Keys.hmacShaKeyFor(keyBytes);
+        this.accessTokenExpTime = accessTokenExpTime;
+    }
+
+
+    /**
+     * Access Token 생성
+     * @param user
+     * @return Access Token String
+     */
+    public String createAccessToken(CustomUserInfoDto user) {
+        return createToken(user, accessTokenExpTime);
+    }
+
+
+    /**
+     * JWT 생성
+     * @param user
+     * @param expireTime
+     * @return JWT String
+     */
+    private String createToken(CustomUserInfoDto user, long expireTime) {
+        Claims claims = Jwts.claims();
+        claims.put("Id", user.getId());
+        claims.put("email", user.getUserId());
+        claims.put("role", user.getRoles());
+
+        ZonedDateTime now = ZonedDateTime.now();
+        ZonedDateTime tokenValidity = now.plusSeconds(expireTime);
+
+
+        return Jwts.builder()
+                .setClaims(claims)
+                .setIssuedAt(Date.from(now.toInstant()))
+                .setExpiration(Date.from(tokenValidity.toInstant()))
+                .signWith(key, SignatureAlgorithm.HS256)
+                .compact();
+    }
+
+
+    /**
+     * Token에서 User ID 추출
+     * @param token
+     * @return User ID
+     */
+    public Long getId(String token) {
+        return parseClaims(token).get("Id", Long.class);
+    }
+
+
+    /**
+     * JWT 검증
+     * @param token
+     * @return IsValidate
+     */
+    public boolean validateToken(String token) {
+        try {
+            Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token);
+            return true;
+        } catch (io.jsonwebtoken.security.SecurityException | MalformedJwtException e) {
+            log.info("Invalid JWT Token", e);
+        } catch (ExpiredJwtException e) {
+            log.info("Expired JWT Token", e);
+        } catch (UnsupportedJwtException e) {
+            log.info("Unsupported JWT Token", e);
+        } catch (IllegalArgumentException e) {
+            log.info("JWT claims string is empty.", e);
+        }
+        return false;
+    }
+
+
+    /**
+     * JWT Claims 추출
+     * @param accessToken
+     * @return JWT Claims
+     */
+    public Claims parseClaims(String accessToken) {
+        try {
+            return Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(accessToken).getBody();
+        } catch (ExpiredJwtException e) {
+            return e.getClaims();
+        }
+    }
+}

src/main/java/com/example/capd/User/JWT/TokenAuthenticationFilter.java

@@ -0,0 +1,59 @@
+//package com.example.capd.User.JWT;
+//
+//import jakarta.servlet.*;
+//import jakarta.servlet.http.HttpServletRequest;
+//import jakarta.servlet.http.HttpServletResponse;
+//import lombok.RequiredArgsConstructor;
+//import org.springframework.context.annotation.DependsOn;
+//import org.springframework.security.core.Authentication;
+//import org.springframework.security.core.context.SecurityContextHolder;
+//import org.springframework.stereotype.Component;
+//import org.springframework.util.StringUtils;
+//import org.springframework.web.filter.GenericFilterBean;
+//import org.springframework.web.filter.OncePerRequestFilter;
+//
+//import java.io.IOException;
+//
+//public class TokenAuthenticationFilter extends OncePerRequestFilter {
+//
+//    private final TokenProvider tokenProvider;
+//
+//    public TokenAuthenticationFilter(TokenProvider tokenProvider) {
+//        this.tokenProvider = tokenProvider;
+//    }
+//
+////
+//
+//    @Override
+//    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+//            String token = tokenProvider.resolveToken(request);
+//
+//            if (token != null && tokenProvider.validateToken(token)) {
+//                // check access token
+//                token = token.split(" ")[1].trim();
+//                Authentication auth = tokenProvider.getAuthentication(token);
+//                SecurityContextHolder.getContext().setAuthentication(auth);
+//            }
+//
+//            filterChain.doFilter(request, response);
+//        }
+//
+//}
+//
+////    private String getAccessToken(String authorizationHeader) {
+////        if (authorizationHeader != null && authorizationHeader.startsWith(TOKEN_PREFIX)) {
+////            return authorizationHeader.substring(TOKEN_PREFIX.length());
+////        }
+////        return null;
+////    }
+//
+//// Request Header 에서 토큰 정보를 꺼내오기 위한 메소드
+////    private String resolveToken(HttpServletRequest request) {
+////        String bearerToken = request.getHeader(HEADER_AUTHORIZATION);
+////
+////        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
+////            return bearerToken.substring(7);
+////        }
+////
+////        return null;
+////    }