Merge pull request #73 from codeit-moving/release

Release -> main 20241226 20:23 쿠키설정 변경

Author: WooHyunTak

.gitignore

@@ -12,4 +12,5 @@ deploy.sh
 
 .http
 
-ERD.md
+ERD.md
+

src/app.ts

@@ -17,10 +17,10 @@ import customerRouter from "./controllers/customerController";
 import userRouter from "./controllers/userController";
 import reviewRouter from "./controllers/reviewController";
 import notificationRouter from "./controllers/notificationController";
-
 import confirmedQuoteRouter from "./controllers/confirmedQuoteController";
 import { scheduleNotification } from "./schedules/notifications";
 import { imageCleanup } from "./schedules/images";
+
 const app = express();
 
 //CORS 설정

src/config/cookie.config.ts

@@ -23,8 +23,8 @@ const clearCookieOption: CookieOptions = {
 
 const sessionOption: CookieOptions = {
   httpOnly: true,
-  secure: false,
-  sameSite: "lax",
+  secure: true,
+  sameSite: "none",
   maxAge: 1000 * 60 * 60, //1시간
 };
 

src/controllers/confirmedQuoteController.ts

@@ -2,12 +2,14 @@ import express from "express";
 import confirmedQuoteService from "../services/confirmedQuoteService";
 import { asyncHandle } from "../utils/asyncHandler";
 import passport from "../middlewares/passport";
+import { isCustomer } from "../middlewares/authMiddleware";
 
 const router = express.Router();
 
 router.post(
   "/:id",
   passport.authenticate("jwt", { session: false }),
+  isCustomer,
   asyncHandle(async (req, res, next) => {
     try {
       const { customerId } = req.user as { customerId: number };

src/controllers/moverController.ts

@@ -3,7 +3,11 @@ import { asyncHandle } from "../utils/asyncHandler";
 import express from "express";
 import checkBoolean from "../utils/checkBoolean";
 import passport from "passport";
-import { optionalJwtAuth } from "../middlewares/authMiddleware";
+import {
+  isCustomer,
+  isMover,
+  optionalJwtAuth,
+} from "../middlewares/authMiddleware";
 import upload from "../utils/multer";
 import { Payload } from "../utils/token.utils";
 
@@ -66,6 +70,7 @@ router.get(
 router.get(
   "/my-profile",
   passport.authenticate("jwt", { session: false }),
+  isMover,
   asyncHandle(async (req, res, next) => {
     try {
       const { moverId } = req.user as { moverId: number };
@@ -82,6 +87,7 @@ router.get(
 router.get(
   "/favorite-list",
   passport.authenticate("jwt", { session: false }),
+  isCustomer,
   asyncHandle(async (req, res, next) => {
     try {
       const { limit = "10", nextCursorId = "0" } = req.query;
@@ -127,6 +133,7 @@ router.get(
 router.post(
   "/:id/favorite",
   passport.authenticate("jwt", { session: false }),
+  isCustomer,
   asyncHandle(async (req, res, next) => {
     try {
       const { customerId } = req.user as { customerId: number };
@@ -146,6 +153,7 @@ router.post(
 router.delete(
   "/:id/favorite",
   passport.authenticate("jwt", { session: false }),
+  isCustomer,
   asyncHandle(async (req, res, next) => {
     try {
       const { customerId } = req.user as { customerId: number };

src/controllers/movingRequestController.ts

@@ -4,13 +4,15 @@ import { asyncHandle } from "../utils/asyncHandler";
 import movingRequest from "../middlewares/validations/movingRequest";
 import checkBoolean from "../utils/checkBoolean";
 import passport from "passport";
+import { isCustomer, isMover } from "../middlewares/authMiddleware";
 
 const router = express.Router();
 
 //이사요청 목록 조회
 router.get(
   "/by-mover",
   passport.authenticate("jwt", { session: false }),
+  isMover,
   asyncHandle(async (req, res, next) => {
     try {
       const { moverId } = req.user as { moverId: number };
@@ -60,6 +62,7 @@ router.get(
 router.get(
   "/by-customer",
   passport.authenticate("jwt", { session: false }),
+  isCustomer,
   asyncHandle(async (req, res, next) => {
     try {
       const { customerId } = req.user as { customerId: number };
@@ -82,6 +85,7 @@ router.get(
 router.get(
   "/:id/quotes",
   passport.authenticate("jwt", { session: false }),
+  isCustomer,
   asyncHandle(async (req, res, next) => {
     try {
       const { customerId } = req.user as { customerId: number };
@@ -104,6 +108,7 @@ router.get(
 router.get(
   "/pending-quotes",
   passport.authenticate("jwt", { session: false }),
+  isCustomer,
   asyncHandle(async (req, res, next) => {
     try {
       const { customerId } = req.user as { customerId: number };
@@ -121,6 +126,7 @@ router.get(
 router.post(
   "/",
   passport.authenticate("jwt", { session: false }),
+  isCustomer,
   movingRequest.createMovingRequestValidation, //유효성 검사
   asyncHandle(async (req, res, next) => {
     try {
@@ -150,6 +156,7 @@ router.post(
 router.post(
   "/:id/designated",
   passport.authenticate("jwt", { session: false }),
+  isCustomer,
   asyncHandle(async (req, res, next) => {
     try {
       const { id: moverId } = req.params;
@@ -172,6 +179,7 @@ router.post(
 router.delete(
   "/:id/designated",
   passport.authenticate("jwt", { session: false }),
+  isCustomer,
   asyncHandle(async (req, res, next) => {
     try {
       const { id: moverId } = req.params;

src/controllers/oauthController.ts

@@ -47,7 +47,7 @@ router.get(
     res.cookie("accessToken", accessToken, cookieConfig.accessTokenOption);
     res.cookie("refreshToken", refreshToken, cookieConfig.refreshTokenOption);
 
-    res.redirect(process.env.FRONTEND_URL || "http://localhost:3000");
+    res.redirect(process.env.FRONTEND_URL || "http://localhost:3001");
   }
 );
 
@@ -87,7 +87,7 @@ router.get(
     res.cookie("accessToken", accessToken, cookieConfig.accessTokenOption);
     res.cookie("refreshToken", refreshToken, cookieConfig.refreshTokenOption);
 
-    res.redirect(process.env.FRONTEND_URL || "http://localhost:3000");
+    res.redirect(process.env.FRONTEND_URL || "http://localhost:3001");
   }
 );
 
@@ -113,14 +113,14 @@ router.get(
     res.cookie("accessToken", accessToken, cookieConfig.accessTokenOption);
     res.cookie("refreshToken", refreshToken, cookieConfig.refreshTokenOption);
 
-    res.redirect(process.env.FRONTEND_URL || "http://localhost:3000");
+    res.redirect(process.env.FRONTEND_URL || "http://localhost:3001");
   }
 );
 
 router.get("/kakao/signout", (req, res) => {
   res.clearCookie("accessToken");
   res.clearCookie("refreshToken");
-  res.redirect(process.env.FRONTEND_URL || "http://localhost:3000");
+  res.redirect(process.env.FRONTEND_URL || "http://localhost:3001");
 });
 
 export default router;

src/controllers/quoteController.ts

@@ -4,13 +4,15 @@ import { asyncHandle } from "../utils/asyncHandler";
 import passport from "passport";
 import customError from "../utils/interfaces/customError";
 import quoteValidation from "../middlewares/validations/quote";
+import { isCustomer } from "../middlewares/authMiddleware";
 
 const router = express.Router();
 
 //견적서 상세 조회
 router.get(
   "/:id",
   passport.authenticate("jwt", { session: false }),
+  isCustomer,
   asyncHandle(async (req, res, next) => {
     try {
       const { customerId } = req.user as { customerId: number };

src/env.ts

@@ -21,4 +21,7 @@ export const KAKAO_CALLBACK_URL = process.env.KAKAO_CALLBACK_URL;
 export const GOOGLE_CLIENT_ID = process.env.GOOGLE_CLIENT_ID;
 export const GOOGLE_CLIENT_SECRET = process.env.GOOGLE_CLIENT_SECRET;
 export const GOOGLE_CALLBACK_URL = process.env.GOOGLE_CALLBACK_URL;
-export const DEFAULT_PROFILE_IMAGE = process.env.DEFAULT_PROFILE_IMAGE;
+export const DEFAULT_PROFILE_IMAGE = process.env
+  .DEFAULT_PROFILE_IMAGE as string;
+
+export const FRONTEND_URL = process.env.FRONTEND_URL || "http://localhost:3000";

src/middlewares/authMiddleware.ts

@@ -3,6 +3,8 @@
 import { Request, Response, NextFunction } from "express";
 import passport from "passport";
 import CustomError from "../utils/interfaces/customError";
+import userRepository from "../repositorys/userRepository";
+import { FRONTEND_URL } from "../env";
 
 interface authUser {
   id: number;
@@ -53,3 +55,72 @@ export const optionalJwtAuth = (
     }
   )(req, res, next);
 };
+
+export const isCustomer = async (
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  const user = req.user as {
+    id: number;
+    customerId?: number;
+    moverId?: number;
+  };
+  const findUser = await userRepository.findById(user.id);
+
+  if (!findUser) {
+    const error: CustomError = new Error("Unauthorized");
+    error.status = 403;
+    error.data = {
+      message: "유효하지 않은 사용자입니다.",
+    };
+    return next(error);
+  }
+
+  if (!user?.customerId) {
+    const error: CustomError = new Error("Unauthorized");
+    error.status = 403;
+    error.data = {
+      message: "고객 프로필을 먼저 등록해주세요",
+      redirectUrl: FRONTEND_URL + "/me/profile",
+      redirect: true,
+    };
+    return next(error);
+  }
+
+  next();
+};
+
+export const isMover = async (
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  const user = req.user as {
+    id: number;
+    customerId?: number;
+    moverId?: number;
+  };
+  const findUser = await userRepository.findById(user.id);
+  if (!findUser) {
+    const error: CustomError = new Error("Unauthorized");
+    error.status = 403;
+    error.data = {
+      message: "유효하지 않은 사용자입니다.",
+    };
+    return next(error);
+  }
+
+  if (!user?.moverId) {
+    const error: CustomError = new Error("Unauthorized");
+    error.status = 403;
+    error.data = {
+      message: "기사 프로필을 먼저 등록해 주세요.",
+      redirectUrl: FRONTEND_URL + "/mover/profile",
+      redirect: true,
+    };
+    return next(error);
+  }
+
+  next();
+};