Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,7 @@ out/

### environment files ###
.env
.env.prod
.env.prod

### docker test ###
docker-compose.override.yml
40 changes: 40 additions & 0 deletions src/main/java/ceos/ipx/domain/user/controller/UserController.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package ceos.ipx.domain.user.controller;

import ceos.ipx.domain.user.dto.MyInfoResponse;
import ceos.ipx.domain.user.service.UserService;
import ceos.ipx.global.response.ApiResponse;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.RequiredArgsConstructor;
import org.springframework.http.HttpHeaders;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@Tag(name = "User API", description = "사용자 관련 API")
@RestController
@RequiredArgsConstructor
@RequestMapping("/api/users")
public class UserController {

private final UserService userService;

@Operation(summary = "내 정보 조회", description = "AccessToken을 기반으로 현재 로그인한 사용자의 정보를 조회합니다.")
@ApiResponses({
@io.swagger.v3.oas.annotations.responses.ApiResponse(responseCode = "200", description = "내 정보 조회 성공"),
@io.swagger.v3.oas.annotations.responses.ApiResponse(responseCode = "401", description = "AccessToken 없음 또는 유효하지 않음"),
@io.swagger.v3.oas.annotations.responses.ApiResponse(responseCode = "404", description = "사용자를 찾을 수 없음"),
@io.swagger.v3.oas.annotations.responses.ApiResponse(responseCode = "500", description = "서버 내부 오류")
})
@GetMapping("/me")
public ResponseEntity<ApiResponse<MyInfoResponse>> getMyInfo(
@RequestHeader(value = HttpHeaders.AUTHORIZATION, required = false) String authorizationHeader
) {
MyInfoResponse response = userService.getMyInfo(authorizationHeader);

return ResponseEntity.ok(ApiResponse.ok(response));
}
}
28 changes: 28 additions & 0 deletions src/main/java/ceos/ipx/domain/user/dto/MyInfoResponse.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package ceos.ipx.domain.user.dto;

import ceos.ipx.domain.user.entity.User;

public record MyInfoResponse(
Long userId,
String email,
String name,
String company,
String provider,
boolean profileCompleted
) {
public static MyInfoResponse from(User user) {
return new MyInfoResponse(
user.getId(),
user.getEmail(),
user.getName(),
user.getCompany(),
user.getProvider().name(),
isProfileCompleted(user)
);
}

private static boolean isProfileCompleted(User user) {
return user.getName() != null && !user.getName().isBlank()
&& user.getCompany() != null && !user.getCompany().isBlank();
}
}
55 changes: 55 additions & 0 deletions src/main/java/ceos/ipx/domain/user/service/UserService.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
package ceos.ipx.domain.user.service;

import ceos.ipx.domain.user.dto.MyInfoResponse;
import ceos.ipx.domain.user.entity.User;
import ceos.ipx.domain.user.repository.UserRepository;
import ceos.ipx.global.exception.BusinessException;
import ceos.ipx.global.exception.ErrorCode;
import ceos.ipx.global.security.jwt.JwtTokenProvider;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
@RequiredArgsConstructor
@Transactional(readOnly = true)
public class UserService {

private static final String BEARER_PREFIX = "Bearer ";

private final UserRepository userRepository;
private final JwtTokenProvider jwtTokenProvider;

public MyInfoResponse getMyInfo(String authorizationHeader) {
String accessToken = extractAccessToken(authorizationHeader);

if (!jwtTokenProvider.validateToken(accessToken)) {
throw new BusinessException(ErrorCode.UNAUTHORIZED_USER);
}

Long userId = jwtTokenProvider.getUserIdFromToken(accessToken);

User user = userRepository.findById(userId)
.orElseThrow(() -> new BusinessException(ErrorCode.USER_NOT_FOUND));

return MyInfoResponse.from(user);
}

private String extractAccessToken(String authorizationHeader) {
if (authorizationHeader == null || authorizationHeader.isBlank()) {
throw new BusinessException(ErrorCode.UNAUTHORIZED_USER);
}

if (!authorizationHeader.startsWith(BEARER_PREFIX)) {
throw new BusinessException(ErrorCode.UNAUTHORIZED_USER);
}

String accessToken = authorizationHeader.substring(BEARER_PREFIX.length());

if (accessToken.isBlank()) {
throw new BusinessException(ErrorCode.UNAUTHORIZED_USER);
}

return accessToken;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,12 @@
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
// import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import ceos.ipx.global.security.jwt.JwtAuthenticationFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import java.util.List;

@Configuration
Expand All @@ -26,7 +27,7 @@
public class SecurityConfig {
private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
private final CustomAccessDeniedHandler customAccessDeniedHandler;
// private final JwtAuthenticationFilter jwtAuthenticationFilter; // JWT 필터 구현 후 주입
private final JwtAuthenticationFilter jwtAuthenticationFilter; // JWT 필터 구현 후 주입

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
Expand Down Expand Up @@ -70,6 +71,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
// ===== JWT 필터 추가 =====
// .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
package ceos.ipx.global.security.jwt;

import ceos.ipx.domain.user.entity.User;
import ceos.ipx.domain.user.repository.UserRepository;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.springframework.http.HttpHeaders;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

import java.io.IOException;
import java.util.Collections;

@Component
@RequiredArgsConstructor
public class JwtAuthenticationFilter extends OncePerRequestFilter {

private static final String BEARER_PREFIX = "Bearer ";

private final JwtTokenProvider jwtTokenProvider;
private final UserRepository userRepository;

@Override
protected void doFilterInternal(
HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain
) throws ServletException, IOException {
String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);

if (authorizationHeader != null && authorizationHeader.startsWith(BEARER_PREFIX)) {
String accessToken = authorizationHeader.substring(BEARER_PREFIX.length());

if (jwtTokenProvider.validateToken(accessToken)) {
Long userId = jwtTokenProvider.getUserIdFromToken(accessToken);

userRepository.findById(userId)
.filter(User::isActive)
.ifPresent(user -> {
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(
user.getId(),
null,
Collections.emptyList()
);

SecurityContextHolder.getContext().setAuthentication(authentication);
});
}
}

filterChain.doFilter(request, response);
}
}
Loading