[#28] security 적용 (SecurityConfig.kt) , api mock 생성

Author: youngvly

build.gradle.kts

@@ -62,6 +62,8 @@ project(":user-api") {
         implementation("io.springfox:springfox-boot-starter:3.0.0")
         implementation("org.springframework.boot:spring-boot-starter-security")
         implementation("org.springframework.security:spring-security-test")
+        implementation("org.springframework.boot:spring-boot-starter-mail")
+        implementation("org.springframework.boot:spring-boot-starter-security")
         runtimeOnly("com.h2database:h2")
         runtimeOnly("mysql:mysql-connector-java")
     }

user-api/src/main/kotlin/com/sns/user/core/config/SecurityConfig.kt

@@ -0,0 +1,44 @@
+package com.sns.user.core.config
+
+import com.sns.user.core.supports.securities.authentications.LoginUserService
+import com.sns.user.core.supports.securities.authentications.Role
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.builders.WebSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.security.crypto.password.PasswordEncoder
+
+@Configuration
+@EnableWebSecurity
+class SecurityConfig(
+    private val loginUserService: LoginUserService
+) : WebSecurityConfigurerAdapter() {
+    override fun configure(auth: AuthenticationManagerBuilder?) {
+        auth?.userDetailsService(loginUserService)
+            ?.passwordEncoder(passwordEncoder())
+    }
+
+    override fun configure(http: HttpSecurity?) {
+        if (http == null) return
+        http.httpBasic().and().authorizeRequests()
+            .antMatchers("/").permitAll()
+            .antMatchers("/admin-api").hasRole(Role.ADMIN.name)
+            .anyRequest().authenticated()
+            .and().logout().logoutSuccessUrl("/").invalidateHttpSession(true).permitAll()
+            .and().formLogin().loginPage("/sign-in")
+            .and().csrf().disable()
+    }
+
+    override fun configure(web: WebSecurity?) {
+        super.configure(web)
+    }
+
+    @Bean
+    fun passwordEncoder(): PasswordEncoder? {
+        return BCryptPasswordEncoder()
+    }
+}

user-api/src/main/kotlin/com/sns/user/core/supports/securities/authentications/IsLoginUser.kt

@@ -0,0 +1,9 @@
+package com.sns.user.core.supports.securities.authentications
+
+import org.springframework.security.access.annotation.Secured
+
+// Role.USER.role
+@Secured("ROLE_USER")
+@Target(AnnotationTarget.FUNCTION)
+@Retention(AnnotationRetention.RUNTIME)
+annotation class IsLoginUser()

user-api/src/main/kotlin/com/sns/user/core/supports/securities/authentications/LoginUser.kt

@@ -0,0 +1,30 @@
+package com.sns.user.core.supports.securities.authentications
+
+import com.sns.user.component.user.domains.User
+import org.springframework.security.core.GrantedAuthority
+import org.springframework.security.core.userdetails.UserDetails
+
+class LoginUser(val user: User) : UserDetails {
+    override fun getAuthorities(): MutableCollection<out GrantedAuthority> = mutableListOf<GrantedAuthority>(Role.USER.createSimpleGrantedAuthority())
+    override fun getUsername(): String = user.name
+    override fun getPassword(): String = user.password
+    override fun isAccountNonExpired(): Boolean = true
+    override fun isAccountNonLocked(): Boolean = true
+    override fun isCredentialsNonExpired(): Boolean = true
+    override fun isEnabled(): Boolean = true
+
+    companion object {
+        fun create(user: User?): UserDetails =
+            if (user == null) InvalidUser() else LoginUser(user)
+    }
+}
+
+class InvalidUser : UserDetails {
+    override fun getAuthorities(): MutableCollection<out GrantedAuthority> = mutableListOf()
+    override fun getUsername(): String = ""
+    override fun getPassword(): String = ""
+    override fun isAccountNonExpired(): Boolean = false
+    override fun isAccountNonLocked(): Boolean = false
+    override fun isCredentialsNonExpired(): Boolean = false
+    override fun isEnabled(): Boolean = false
+}

user-api/src/main/kotlin/com/sns/user/core/supports/securities/authentications/LoginUserService.kt

@@ -0,0 +1,16 @@
+package com.sns.user.core.supports.securities.authentications
+
+import com.sns.user.component.user.repositories.UserCrudRepository
+import org.springframework.security.core.userdetails.UserDetails
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.stereotype.Service
+
+@Service
+class LoginUserService(
+    private val userCrudRepository: UserCrudRepository
+) : UserDetailsService {
+    override fun loadUserByUsername(username: String?): UserDetails {
+        if (username.isNullOrEmpty()) return InvalidUser()
+        return LoginUser.create(userCrudRepository.findById(username).orElse(null))
+    }
+}

user-api/src/main/kotlin/com/sns/user/core/supports/securities/authentications/Role.kt

@@ -0,0 +1,10 @@
+package com.sns.user.core.supports.securities.authentications
+
+import org.springframework.security.core.authority.SimpleGrantedAuthority
+
+enum class Role(val role: String) {
+    USER("ROLE_USER"),
+    ADMIN("ROLE_ADMIN");
+
+    fun createSimpleGrantedAuthority(): SimpleGrantedAuthority = SimpleGrantedAuthority(this.role)
+}

user-api/src/main/kotlin/com/sns/user/endpoints/user/SignInController.kt

@@ -0,0 +1,12 @@
+package com.sns.user.endpoints.user
+
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+@RequestMapping("/api")
+class SignInController {
+
+    fun signIn() {
+    }
+}

user-api/src/main/kotlin/com/sns/user/endpoints/user/SignOutController.kt

@@ -0,0 +1,15 @@
+package com.sns.user.endpoints.user
+
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+@RequestMapping("/api")
+class SignOutController {
+
+    @PostMapping("/v1/sign-out")
+    fun signOut() {
+        // TODO 탈퇴
+    }
+}

user-api/src/main/kotlin/com/sns/user/endpoints/user/SignUpController.kt

@@ -0,0 +1,46 @@
+package com.sns.user.endpoints.user
+
+import com.sns.user.endpoints.user.requests.SignUpRequest
+import com.sns.user.endpoints.user.responses.IdExistsCheckResponse
+import javax.validation.constraints.Email
+import org.springframework.http.HttpStatus
+import org.springframework.validation.annotation.Validated
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.PutMapping
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.ResponseStatus
+import org.springframework.web.bind.annotation.RestController
+
+@Validated
+@RestController
+@RequestMapping("/api")
+class SignUpController {
+
+    @ResponseStatus(HttpStatus.CREATED)
+    @PostMapping("/v1/sign-up")
+    fun signUp(@RequestBody request: SignUpRequest) {
+        // TODO 패스워드 유효성 검증
+    }
+
+    @ResponseStatus(HttpStatus.OK)
+    @GetMapping("/v1/sign-up/verifications/emails/{email}")
+    fun verifyEmail(@Email @PathVariable email: String): IdExistsCheckResponse {
+        // TODO email 중복 검사
+        return IdExistsCheckResponse(false)
+    }
+
+    @ResponseStatus(HttpStatus.CREATED)
+    @PutMapping("/v1/sign-up/verifications/ids/{userId}/auth-code")
+    fun createAuthenticationCode(@PathVariable userId: String) {
+        // TODO 인증번호 재발송
+    }
+
+    @ResponseStatus(HttpStatus.OK)
+    @PostMapping("/v1/sign-up/verifications/ids/{userId}/auth-code")
+    fun verifyAuthenticationCode(@PathVariable userId: String, @RequestBody code: String) {
+        // TODO 인증번호 검사
+    }
+}

user-api/src/main/kotlin/com/sns/user/endpoints/user/requests/SignUpRequest.kt

@@ -0,0 +1,18 @@
+package com.sns.user.endpoints.user.requests
+
+import javax.validation.constraints.Email
+import javax.validation.constraints.NotEmpty
+import org.hibernate.validator.constraints.Length
+
+data class SignUpRequest(
+    @NotEmpty
+    @Length(max = 15)
+    val name: String,
+    @NotEmpty
+    @Length(min = 8, max = 30)
+    val password: String,
+    @NotEmpty
+    @Email
+    val email: String,
+) {
+}

user-api/src/main/kotlin/com/sns/user/endpoints/user/responses/IdExistsCheckResponse.kt

@@ -0,0 +1,6 @@
+package com.sns.user.endpoints.user.responses
+
+data class IdExistsCheckResponse(
+    val exist: Boolean
+) {
+}

user-api/src/test/resources/db/users/schema.sql

@@ -1,9 +1,19 @@
 CREATE TABLE IF NOT EXISTS `user`
 (
     id                 VARCHAR(50)  NOT NULL PRIMARY KEY COMMENT '아이디 (이메일)',
+    email_address      VARCHAR(50)  NOT NULL COMMENT '이메일 주소',
     password           VARCHAR(100) NOT NULL COMMENT '비밀번호',
     `name`             VARCHAR(50)  NOT NULL COMMENT '이름',
     info_email_address VARCHAR(50)  NOT NULL COMMENT '서비스 정보 수신 이메일주소',
+    authenticated_at   DATETIME     NULL COMMENT '이메일 인증 시각',
     created_at         DATETIME     NOT NULL COMMENT '생성 시간',
     updated_at         DATETIME     NOT NULL COMMENT '마지막 수정 시간'
 );
+
+
+CREATE TABLE IF NOT EXISTS `sign_up_auth_code`
+(
+    id         VARCHAR(50) NOT NULL PRIMARY KEY COMMENT 'user.id',
+    auth_code  VARCHAR(50) NOT NULL COMMENT '인증 코드',
+    created_at DATETIME    NOT NULL COMMENT '생성 시각'
+);