package kr.co.vividnext.sodalive.configs import com.fasterxml.jackson.databind.ObjectMapper import kr.co.vividnext.sodalive.common.ExceptionHandlerFilter import kr.co.vividnext.sodalive.jwt.JwtAccessDeniedHandler import kr.co.vividnext.sodalive.jwt.JwtAuthenticationEntryPoint import kr.co.vividnext.sodalive.jwt.JwtFilter import kr.co.vividnext.sodalive.jwt.TokenProvider import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.http.HttpMethod import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.builders.WebSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer import org.springframework.security.config.http.SessionCreationPolicy import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder import org.springframework.security.crypto.password.PasswordEncoder import org.springframework.security.web.SecurityFilterChain import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) class SecurityConfig( private val objectMapper: ObjectMapper, private val tokenProvider: TokenProvider, private val accessDeniedHandler: JwtAccessDeniedHandler, private val authenticationEntryPoint: JwtAuthenticationEntryPoint ) { @Bean fun passwordEncoder(): PasswordEncoder { return BCryptPasswordEncoder() } @Bean fun webSecurityCustomizer(): WebSecurityCustomizer { return WebSecurityCustomizer { web: WebSecurity -> web .ignoring() .antMatchers("/h2-console/**", "/favicon.ico", "/error") } } @Bean fun filterChain(http: HttpSecurity): SecurityFilterChain { val jwtFilter = JwtFilter(tokenProvider) return http .cors() .and() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(authenticationEntryPoint) .accessDeniedHandler(accessDeniedHandler) .and() .headers() .frameOptions() .sameOrigin() .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter::class.java) .addFilterBefore(ExceptionHandlerFilter(objectMapper), JwtFilter::class.java) .authorizeRequests() .antMatchers("/member/check/email").permitAll() .antMatchers("/member/check/nickname").permitAll() .antMatchers("/member/signup").permitAll() .antMatchers("/member/signup/v2").permitAll() .antMatchers("/member/login").permitAll() .antMatchers("/member/login/google").permitAll() .antMatchers("/member/login/kakao").permitAll() .antMatchers("/creator-admin/member/login").permitAll() .antMatchers("/member/forgot-password").permitAll() .antMatchers("/stplat/terms_of_service").permitAll() .antMatchers("/stplat/privacy_policy").permitAll() .antMatchers("/charge/ads").permitAll() .antMatchers("/v2/audio-content/main/home").permitAll() .antMatchers("/v2/audio-content/main/home/popular-content-by-creator").permitAll() .antMatchers("/v2/audio-content/main/home/content/ranking").permitAll() .antMatchers("/api/home").permitAll() .antMatchers("/api/home/latest-content").permitAll() .antMatchers("/api/home/day-of-week-series").permitAll() .antMatchers(HttpMethod.GET, "/api/live").permitAll() .antMatchers(HttpMethod.GET, "/faq").permitAll() .antMatchers(HttpMethod.GET, "/faq/category").permitAll() .antMatchers("/audition").permitAll() .antMatchers("/live/recommend/channel").permitAll() .antMatchers(HttpMethod.GET, "/live/room").permitAll() .antMatchers(HttpMethod.GET, "/event").permitAll() .antMatchers(HttpMethod.GET, "/live/recommend").permitAll() .antMatchers("/ad-tracking/app-launch").permitAll() .antMatchers(HttpMethod.GET, "/notice/latest").permitAll() .antMatchers(HttpMethod.GET, "/api/chat/character/main").permitAll() .antMatchers(HttpMethod.GET, "/api/chat/room/list").permitAll() .anyRequest().authenticated() .and() .build() } }