시큐리티 설정

유저 API - 로그인, 회원가입, 계정정보 추가
2023-07-23 03:26:17 +09:00
parent 23506e79f1
commit f81f07bd05
36 changed files with 1247 additions and 0 deletions
--- a/src/main/kotlin/kr/co/vividnext/sodalive/configs/AmazonS3Config.kt
+++ b/src/main/kotlin/kr/co/vividnext/sodalive/configs/AmazonS3Config.kt
@@ -0,0 +1,29 @@
+package kr.co.vividnext.sodalive.configs
+
+import com.amazonaws.auth.AWSStaticCredentialsProvider
+import com.amazonaws.auth.BasicAWSCredentials
+import com.amazonaws.services.s3.AmazonS3Client
+import com.amazonaws.services.s3.AmazonS3ClientBuilder
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+
+@Configuration
+class AmazonS3Config(
+    @Value("\${cloud.aws.credentials.access-key}")
+    private val accessKey: String,
+    @Value("\${cloud.aws.credentials.secret-key}")
+    private val secretKey: String,
+    @Value("\${cloud.aws.region.static}")
+    private val region: String
+) {
+
+    @Bean
+    fun amazonS3Client(): AmazonS3Client {
+        val awsCredentials = BasicAWSCredentials(accessKey, secretKey)
+        return AmazonS3ClientBuilder.standard()
+            .withRegion(region)
+            .withCredentials(AWSStaticCredentialsProvider(awsCredentials))
+            .build() as AmazonS3Client
+    }
+}
--- a/src/main/kotlin/kr/co/vividnext/sodalive/configs/QueryDslConfig.kt
+++ b/src/main/kotlin/kr/co/vividnext/sodalive/configs/QueryDslConfig.kt
@@ -0,0 +1,18 @@
+package kr.co.vividnext.sodalive.configs
+
+import com.querydsl.jpa.impl.JPAQueryFactory
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import javax.persistence.EntityManager
+import javax.persistence.PersistenceContext
+
+@Configuration
+class QueryDslConfig(
+    @PersistenceContext
+    private val entityManager: EntityManager
+) {
+    @Bean
+    fun jpaQueryFactory(): JPAQueryFactory {
+        return JPAQueryFactory(entityManager)
+    }
+}
--- a/src/main/kotlin/kr/co/vividnext/sodalive/configs/RedisConfig.kt
+++ b/src/main/kotlin/kr/co/vividnext/sodalive/configs/RedisConfig.kt
@@ -0,0 +1,30 @@
+package kr.co.vividnext.sodalive.configs
+
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.data.redis.connection.RedisConnectionFactory
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory
+import org.springframework.data.redis.core.RedisTemplate
+import org.springframework.data.redis.repository.configuration.EnableRedisRepositories
+
+@Configuration
+@EnableRedisRepositories
+class RedisConfig(
+    @Value("\${spring.redis.host}")
+    private val host: String,
+    @Value("\${spring.redis.port}")
+    private val port: Int
+) {
+    @Bean
+    fun redisConnectionFactory(): RedisConnectionFactory {
+        return LettuceConnectionFactory(host, port)
+    }
+
+    @Bean
+    fun redisTemplate(): RedisTemplate<*, *> {
+        val redisTemplate: RedisTemplate<*, *> = RedisTemplate<Any, Any>()
+        redisTemplate.setConnectionFactory(redisConnectionFactory())
+        return redisTemplate
+    }
+}
--- a/src/main/kotlin/kr/co/vividnext/sodalive/configs/SecurityConfig.kt
+++ b/src/main/kotlin/kr/co/vividnext/sodalive/configs/SecurityConfig.kt
@@ -0,0 +1,74 @@
+package kr.co.vividnext.sodalive.configs
+
+import kr.co.vividnext.sodalive.jwt.JwtAccessDeniedHandler
+import kr.co.vividnext.sodalive.jwt.JwtAuthenticationEntryPoint
+import kr.co.vividnext.sodalive.jwt.JwtFilter
+import kr.co.vividnext.sodalive.jwt.TokenProvider
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.builders.WebSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+class SecurityConfig(
+    private val tokenProvider: TokenProvider,
+    private val accessDeniedHandler: JwtAccessDeniedHandler,
+    private val authenticationEntryPoint: JwtAuthenticationEntryPoint
+) {
+    @Bean
+    fun passwordEncoder(): PasswordEncoder {
+        return BCryptPasswordEncoder()
+    }
+
+    @Bean
+    fun webSecurityCustomizer(): WebSecurityCustomizer {
+        return WebSecurityCustomizer { web: WebSecurity ->
+            web
+                .ignoring()
+                .antMatchers("/h2-console/**", "/favicon.ico", "/error")
+        }
+    }
+
+    @Bean
+    fun filterChain(http: HttpSecurity): SecurityFilterChain {
+        val jwtFilter = JwtFilter(tokenProvider)
+
+        return http
+            .cors()
+            .and()
+            .csrf().disable()
+            .exceptionHandling()
+            .authenticationEntryPoint(authenticationEntryPoint)
+            .accessDeniedHandler(accessDeniedHandler)
+            .and()
+            .headers()
+            .frameOptions()
+            .sameOrigin()
+            .and()
+            .sessionManagement()
+            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+            .and()
+            .authorizeRequests()
+            .antMatchers("/member/check/email").permitAll()
+            .antMatchers("/member/check/nickname").permitAll()
+            .antMatchers("/member/signup").permitAll()
+            .antMatchers("/member/login").permitAll()
+            .antMatchers("/member/forgot-password").permitAll()
+            .antMatchers("/stplat/terms_of_service").permitAll()
+            .antMatchers("/stplat/privacy_policy").permitAll()
+            .anyRequest().authenticated()
+            .and()
+            .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter::class.java)
+            .build()
+    }
+}
--- a/src/main/kotlin/kr/co/vividnext/sodalive/configs/WebConfig.kt
+++ b/src/main/kotlin/kr/co/vividnext/sodalive/configs/WebConfig.kt
@@ -0,0 +1,19 @@
+package kr.co.vividnext.sodalive.configs
+
+import org.springframework.context.annotation.Configuration
+import org.springframework.web.servlet.config.annotation.CorsRegistry
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
+
+@Configuration
+class WebConfig : WebMvcConfigurer {
+    override fun addCorsMappings(registry: CorsRegistry) {
+        registry.addMapping("/**")
+            .allowedOrigins(
+                "http://localhost:8888",
+                "https://test-admin.sodalive.net",
+                "https://admin.sodalive.net"
+            )
+            .allowedMethods("*")
+            .allowCredentials(true)
+    }
+}