-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[jade.xyz] 방탈출 인증 관리 step3 과제 제출 #103
Changes from all commits
c715414
b778b0a
4ba08fd
284ed93
3bcb584
3d3bc8c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package nextstep.admin; | ||
|
||
import nextstep.theme.ThemeRequest; | ||
import nextstep.theme.ThemeService; | ||
import org.springframework.http.ResponseEntity; | ||
import org.springframework.web.bind.annotation.*; | ||
|
||
import java.net.URI; | ||
|
||
@RestController | ||
@RequestMapping("/admin/themes") | ||
public class AdminController { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 기존 ThemeController 와 AdminController 를 분리 👍 |
||
|
||
private final ThemeService themeService; | ||
|
||
public AdminController(ThemeService themeService) { | ||
this.themeService = themeService; | ||
} | ||
|
||
@PostMapping | ||
public ResponseEntity<Void> createTheme(@RequestBody ThemeRequest themeRequest) { | ||
Long id = themeService.create(themeRequest); | ||
return ResponseEntity.created(URI.create("/themes/" + id)).build(); | ||
} | ||
|
||
@DeleteMapping("/{id}") | ||
public ResponseEntity<Void> deleteTheme(@PathVariable Long id) { | ||
themeService.delete(id); | ||
|
||
return ResponseEntity.noContent().build(); | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
package nextstep.auth; | ||
|
||
import nextstep.member.Role; | ||
import org.springframework.web.servlet.HandlerInterceptor; | ||
|
||
import javax.servlet.ServletException; | ||
import javax.servlet.http.HttpServletRequest; | ||
import javax.servlet.http.HttpServletResponse; | ||
import java.io.IOException; | ||
|
||
public class AdminInterceptor implements HandlerInterceptor { | ||
|
||
private final JwtTokenProvider jwtTokenProvider; | ||
|
||
public AdminInterceptor(JwtTokenProvider jwtTokenProvider) { | ||
this.jwtTokenProvider = jwtTokenProvider; | ||
} | ||
|
||
@Override | ||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { | ||
String accessToken = request.getHeader("Authorization"); | ||
checkIsValidToken(request, response, accessToken); | ||
return HandlerInterceptor.super.preHandle(request, response, handler); | ||
} | ||
|
||
private void checkIsValidToken(HttpServletRequest request, HttpServletResponse response, String accessToken) throws ServletException, IOException { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. accessToken 만으로 판단해서 예외를 던지는게 어떨까요 ? |
||
if (accessToken == null || | ||
accessToken.length() < "Bearer ".length()) { | ||
request.setAttribute("exception", "AuthenticationException"); | ||
request.getRequestDispatcher("/api/error").forward(request, response); | ||
return; | ||
} | ||
String token = accessToken.substring("Bearer ".length()); | ||
|
||
if (!jwtTokenProvider.validateToken(token) | ||
|| jwtTokenProvider.getRole(token) != Role.ADMIN) { | ||
request.setAttribute("exception", "UnAuthorizationException"); | ||
request.getRequestDispatcher("/api/error").forward(request, response); | ||
} | ||
} | ||
} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
package nextstep.exception; | ||
|
||
import org.springframework.web.bind.annotation.GetMapping; | ||
import org.springframework.web.bind.annotation.RestController; | ||
|
||
import javax.servlet.http.HttpServletRequest; | ||
|
||
@RestController | ||
public class ExceptionController { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 별도 예외 처리를 위한 controller 보다는 |
||
@GetMapping("/api/error") | ||
public void error(HttpServletRequest request) throws AuthenticationException { | ||
String exception = (String) request.getAttribute("exception"); | ||
|
||
if ("AuthenticationException".equals(exception)) { | ||
throw new AuthenticationException(); | ||
} | ||
if ("UnAuthorizationException".equals(exception)) { | ||
throw new UnAuthorizationException(); | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package nextstep.member; | ||
|
||
import java.util.Arrays; | ||
|
||
public enum Role { | ||
USER(0), ADMIN(1); | ||
|
||
private final int roleNumber; | ||
|
||
Role(int roleNumber) { | ||
this.roleNumber = roleNumber; | ||
} | ||
|
||
public int getValue() { | ||
return roleNumber; | ||
} | ||
|
||
|
||
public static Role getRole(int role) { | ||
return Arrays.stream(Role.values()) | ||
.filter(v -> v.getValue() == role) | ||
.findFirst() | ||
.orElseThrow(() -> new IllegalArgumentException("권한이 올바르지 않습니다.")); | ||
} | ||
|
||
public static Role getRole(String role) { | ||
return Arrays.stream(Role.values()) | ||
.filter(v -> v.name().equals(role)) | ||
.findFirst() | ||
.orElseThrow(() -> new IllegalArgumentException("권한이 올바르지 않습니다.")); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
요구사항 정리 👍