corpi/hushroom-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: auth 보일러 플레이트

Browse Source
This commit is contained in:
corpi
2026-02-03 15:15:38 +09:00
commit 8b2c747466
43 changed files with 1485 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
.idea
gradle
build
.gradle

67
build.gradle Normal file
View File

@@ -0,0 +1,67 @@
plugins {
id 'java'
id 'org.springframework.boot' version '3.5.8'
id 'io.spring.dependency-management' version '1.1.7'
}
group = 'com.boilerplate'
version = '0.0.1'
description = ''
java {
toolchain {
languageVersion = JavaLanguageVersion.of(17)
}
}
configurations {
compileOnly {
extendsFrom annotationProcessor
}
}
repositories {
mavenCentral()
}
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-actuator'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.liquibase:liquibase-core'
compileOnly 'org.projectlombok:lombok'
developmentOnly 'org.springframework.boot:spring-boot-devtools'
implementation 'io.github.openfeign.querydsl:querydsl-jpa:5.6.1:jakarta'
annotationProcessor 'io.github.openfeign.querydsl:querydsl-apt:5.6.1:jakarta'
annotationProcessor 'jakarta.annotation:jakarta.annotation-api'
annotationProcessor 'jakarta.persistence:jakarta.persistence-api'
runtimeOnly 'com.mysql:mysql-connector-j'
runtimeOnly 'io.micrometer:micrometer-registry-prometheus'
annotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.springframework.security:spring-security-test'
testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
// JWT
implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
}
tasks.named('test') {
useJUnitPlatform()
}
def querydslDir = "build/generated/querydsl"
sourceSets {
main.java.srcDir querydslDir
}
tasks.withType(JavaCompile).configureEach {
options.generatedSourceOutputDirectory = file(querydslDir)
}

251
gradlew vendored Executable file
View File

@@ -0,0 +1,251 @@
#!/bin/sh
#
# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
#
##############################################################################
#
# Gradle start up script for POSIX generated by Gradle.
#
# Important for running:
#
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
# noncompliant, but you have some other compliant shell such as ksh or
# bash, then to run this script, type that shell name before the whole
# command line, like:
#
# ksh Gradle
#
# Busybox and similar reduced shells will NOT work, because this script
# requires all of these POSIX shell features:
# * functions;
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
# * compound commands having a testable exit status, especially «case»;
# * various built-in commands including «command», «set», and «ulimit».
#
# Important for patching:
#
# (2) This script targets any POSIX shell, so it avoids extensions provided
# by Bash, Ksh, etc; in particular arrays are avoided.
#
# The "traditional" practice of packing multiple parameters into a
# space-separated string is a well documented source of bugs and security
# problems, so this is (mostly) avoided, by progressively accumulating
# options in "$@", and eventually passing that to Java.
#
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
# see the in-line comments for details.
#
# There are tweaks for specific operating systems such as AIX, CygWin,
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
#
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
app_path=$0
# Need this for daisy-chained symlinks.
while
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
[ -h "$app_path" ]
do
ls=$( ls -ld "$app_path" )
link=${ls#*' -> '}
case $link in #(
/*) app_path=$link ;; #(
*) app_path=$APP_HOME$link ;;
esac
done
# This is normally unused
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
warn () {
echo "$*"
} >&2
die () {
echo
echo "$*"
echo
exit 1
} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "$( uname )" in #(
CYGWIN* ) cygwin=true ;; #(
Darwin* ) darwin=true ;; #(
MSYS* | MINGW* ) msys=true ;; #(
NONSTOP* ) nonstop=true ;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD=$JAVA_HOME/jre/sh/java
else
JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD=java
if ! command -v java >/dev/null 2>&1
then
die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
fi
# Increase the maximum file descriptors if we can.
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC2039,SC3045
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC2039,SC3045
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
fi
# Collect all arguments for the java command, stacking in reverse order:
# * args from the command line
# * the main class name
# * -classpath
# * -D...appname settings
# * --module-path (only if needed)
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# For Cygwin or MSYS, switch paths to Windows format before running java
if "$cygwin" || "$msys" ; then
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
JAVACMD=$( cygpath --unix "$JAVACMD" )
# Now convert the arguments - kludge to limit ourselves to /bin/sh
for arg do
if
case $arg in #(
-*) false ;; # don't mess with options #(
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
[ -e "$t" ] ;; #(
*) false ;;
esac
then
arg=$( cygpath --path --ignore --mixed "$arg" )
fi
# Roll the args list around exactly as many times as the number of
# args, so each arg winds up back in the position where it started, but
# possibly modified.
#
# NB: a `for` loop captures its iteration list before it begins, so
# changing the positional parameters here affects neither the number of
# iterations, nor the values presented in `arg`.
shift # remove old arg
set -- "$@" "$arg" # push replacement arg
done
fi
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Collect all arguments for the java command:
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
# and any embedded shellness will be escaped.
# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
# treated as '${Hostname}' itself on the command line.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
org.gradle.wrapper.GradleWrapperMain \
"$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
#
# In Bash we could simply go:
#
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
# set -- "${ARGS[@]}" "$@"
#
# but POSIX shell has neither arrays nor command substitution, so instead we
# post-process each arg (as a line of input to sed) to backslash-escape any
# character that might be a shell metacharacter, then use eval to reverse
# that process (while maintaining the separation between arguments), and wrap
# the whole thing up as a single "set" statement.
#
# This will of course break if any of these variables contains a newline or
# an unmatched quote.
#
eval "set -- $(
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
xargs -n1 |
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
tr '\n' ' '
)" '"$@"'
exec "$JAVACMD" "$@"

94
gradlew.bat vendored Normal file
View File

@@ -0,0 +1,94 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@rem SPDX-License-Identifier: Apache-2.0
@rem
@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%"=="" set DIRNAME=.
@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if %ERRORLEVEL% equ 0 goto execute
echo. 1>&2
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
echo. 1>&2
echo Please set the JAVA_HOME variable in your environment to match the 1>&2
echo location of your Java installation. 1>&2
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo. 1>&2
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
echo. 1>&2
echo Please set the JAVA_HOME variable in your environment to match the 1>&2
echo location of your Java installation. 1>&2
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
set EXIT_CODE=%ERRORLEVEL%
if %EXIT_CODE% equ 0 set EXIT_CODE=1
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

1
settings.gradle Normal file
View File

@@ -0,0 +1 @@
rootProject.name = 'boilerplate'

13
src/main/java/com/boilerplate/Application.java Normal file
View File

@@ -0,0 +1,13 @@
package com.boilerplate;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}

7
src/main/java/com/boilerplate/common/ApiResponse.java Normal file
View File

@@ -0,0 +1,7 @@
package com.boilerplate.common;
public record ApiResponse<T>(T data) {
public static <T> ApiResponse<T> ok(T data) {
return new ApiResponse<>(data);
}
}

18
src/main/java/com/boilerplate/common/GlobalExceptionResponse.java Normal file
View File

@@ -0,0 +1,18 @@
package com.boilerplate.common;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;
@Builder
@AllArgsConstructor
@NoArgsConstructor
@Getter
public class GlobalExceptionResponse {
private int code;
private String message;
private String status;
private String instance;
}

16
src/main/java/com/boilerplate/common/HealthCheckController.java Normal file
View File

@@ -0,0 +1,16 @@
package com.boilerplate.common;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/health-check")
public class HealthCheckController {
@GetMapping
public ResponseEntity<Boolean> healthCheck() {
return ResponseEntity.ok(true);
}
}

116
src/main/java/com/boilerplate/common/TokenProvider.java Normal file
View File

@@ -0,0 +1,116 @@
package com.boilerplate.common;
import com.boilerplate.core.auth.application.userDetail.User;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.time.Duration;
import java.time.Instant;
import java.util.Date;
import java.util.List;
import javax.crypto.SecretKey;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@RequiredArgsConstructor
public class TokenProvider {
private final String issuer;
private final SecretKey key;
private final JwtParser parser;
private final Duration accessToken;
private final Duration refreshToken;
/** Access Token 생성 */
public String createUserAccessToken(Long accountId) {
Instant now = Instant.now();
Instant exp = now.plus(accessToken);
return Jwts.builder()
.setIssuer(issuer)
.setSubject(accountId.toString())
.setIssuedAt(Date.from(now))
.setExpiration(Date.from(exp))
.claim("typ", "access")
.claim("roles", User.roles)
.signWith(key, SignatureAlgorithm.HS256)
.compact();
}
/** Refresh Token 생성 */
public String createUserRefreshToken(Long accountId) {
Instant now = Instant.now();
Instant exp = now.plus(refreshToken);
return Jwts.builder()
.setIssuer(issuer)
.setSubject(accountId.toString())
.setIssuedAt(Date.from(now))
.setExpiration(Date.from(exp))
.claim("typ", "refresh")
.signWith(key, SignatureAlgorithm.HS256)
.compact();
}
/** 서명/만료/issuer 검증 */
public boolean validate(String token) {
try {
parser.parseClaimsJws(stripBearer(token));
return true;
} catch (JwtException | IllegalArgumentException e) {
return false;
}
}
/** Access 토큰인지(typ=access)까지 확인 */
public boolean validateAccessToken(String token) {
try {
log.info("액세스 토큰 검증");
log.info(token);
Claims claims = getClaims(token);
log.info("sub: {}", claims.getSubject());
log.info("typ: {}", claims.get("typ", String.class));
return "access".equals(claims.get("typ", String.class));
} catch (JwtException | IllegalArgumentException e) {
log.error(e.getMessage());
return false;
}
}
/** Refresh 토큰인지(typ=refresh)까지 확인 */
public boolean validateRefreshToken(String token) {
try {
Claims claims = getClaims(token);
return "refresh".equals(claims.get("typ", String.class));
} catch (JwtException | IllegalArgumentException e) {
return false;
}
}
/** Claims 추출(검증 포함) */
public Claims getClaims(String token) {
return parser.parseClaimsJws(stripBearer(token)).getBody();
}
public String getSubject(String token) {
return getClaims(token).getSubject();
}
public Instant getExpiresAt(String token) {
return getClaims(token).getExpiration().toInstant();
}
public List<String> getRoles(String token) {
return getClaims(token).get("roles", List.class);
}
private String stripBearer(String token) {
if (token == null || !token.startsWith("Bearer ")) return null;
return token.substring(7);
}
}

22
src/main/java/com/boilerplate/config/properties/TokenProperties.java Normal file
View File

@@ -0,0 +1,22 @@
package com.boilerplate.config.properties;
import java.time.Duration;
import lombok.Getter;
import lombok.Setter;
import org.springframework.boot.context.properties.ConfigurationProperties;
@ConfigurationProperties(prefix = "token")
@Getter
@Setter
public class TokenProperties {
private String secret;
private String issuer;
private Lifetime lifetime;
@Getter
@Setter
public static class Lifetime {
private Duration accessToken;
private Duration refreshToken;
}
}

66
src/main/java/com/boilerplate/config/security/JwtAuthenticationFilter.java Normal file
View File

@@ -0,0 +1,66 @@
package com.boilerplate.config.security;
import com.boilerplate.common.TokenProvider;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
@RequiredArgsConstructor
public class JwtAuthenticationFilter extends OncePerRequestFilter {
private final TokenProvider tokenProvider;
private final UserDetailsService userDetailsService;
private final AntPathMatcher pathMatcher = new AntPathMatcher();
private final String[] permitAllPatterns;
@Override
protected boolean shouldNotFilter(HttpServletRequest request) {
String path = request.getRequestURI();
for (String pattern : permitAllPatterns) {
if (pathMatcher.match(pattern, path)) {
return true;
}
}
return false;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
String authHeader = request.getHeader("Authorization");
String token = (authHeader != null && authHeader.startsWith("Bearer ")) ? authHeader.substring(7) : null;
if (token == null || token.isBlank()) {
filterChain.doFilter(request, response);
return;
}
// 토큰이 있는데 유효하지 않으면 401로 즉시 종료
if (!tokenProvider.validateAccessToken(token)) {
SecurityContextHolder.clearContext();
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.getWriter().write("{\"message\":\"유효하지 않은 토큰\"}");
return;
}
// 유효하면 인증 객체 세팅
String accountId = tokenProvider.getSubject(token);
UserDetails user = userDetailsService.loadUserByUsername(accountId);
SecurityContextHolder.getContext()
.setAuthentication(new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities()));
filterChain.doFilter(request, response);
}
}

51
src/main/java/com/boilerplate/config/security/JwtConfig.java Normal file
View File

@@ -0,0 +1,51 @@
package com.boilerplate.config.security;
import com.boilerplate.common.TokenProvider;
import com.boilerplate.config.properties.TokenProperties;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import javax.crypto.SecretKey;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;
@Configuration
@EnableConfigurationProperties(TokenProperties.class)
public class JwtConfig {
@Bean
public SecretKey jwtSecretKey(TokenProperties props) {
byte[] keyBytes = Decoders.BASE64.decode(props.getSecret());
return Keys.hmacShaKeyFor(keyBytes);
}
@Bean
public JwtParser jwtParser(TokenProperties props, SecretKey jwtSecretKey) {
String issuer = effectiveIssuer(props);
return Jwts.parserBuilder()
.setSigningKey(jwtSecretKey)
.requireIssuer(issuer)
.build();
}
@Bean
public TokenProvider tokenProvider(TokenProperties props, SecretKey jwtSecretKey, JwtParser jwtParser) {
String issuer = effectiveIssuer(props);
return new TokenProvider(
issuer,
jwtSecretKey,
jwtParser,
props.getLifetime().getAccessToken(),
props.getLifetime().getRefreshToken()
);
}
private String effectiveIssuer(TokenProperties props) {
return StringUtils.hasText(props.getIssuer()) ? props.getIssuer() : "audio";
}
}

65
src/main/java/com/boilerplate/config/security/SecurityConfig.java Normal file
View File

@@ -0,0 +1,65 @@
package com.boilerplate.config.security;
import com.boilerplate.common.TokenProvider;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.MediaType;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@RequiredArgsConstructor
public class SecurityConfig {
private static final String[] allAuthorizedUrls = {
"/health-check",
"/api/v1/auth/**"
};
@Bean
public JwtAuthenticationFilter jwtAuthenticationFilter(
TokenProvider tokenProvider,
UserDetailsService userDetailsService
) {
return new JwtAuthenticationFilter(tokenProvider, userDetailsService, allAuthorizedUrls);
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http, JwtAuthenticationFilter jwtFilter) throws Exception {
http.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
.requestMatchers(allAuthorizedUrls).permitAll()
.anyRequest().authenticated()
)
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
.exceptionHandling(ex -> ex
// 인증이 아예 없을 때(토큰 없음 등) -> 401
.authenticationEntryPoint((request, response, authException) -> {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.getWriter().write("{\"message\":\"Unauthorized\"}");
})
// 인증은 됐는데 권한이 없을 때 -> 403
.accessDeniedHandler((request, response, accessDeniedException) -> {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.getWriter().write("{\"message\":\"Forbidden\"}");
})
);
return http.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

31
src/main/java/com/boilerplate/config/web/GlobalApiResponseAdvice.java Normal file
View File

@@ -0,0 +1,31 @@
package com.boilerplate.config.web;
import com.boilerplate.common.ApiResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.core.MethodParameter;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
@Slf4j
@ControllerAdvice
public class GlobalApiResponseAdvice implements ResponseBodyAdvice<Object> {
@Override
public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) {
return returnType.getParameterType().equals(ResponseEntity.class);
}
@Override
public Object beforeBodyWrite(
Object body, MethodParameter returnType,
MediaType selectedContentType,
Class<? extends HttpMessageConverter<?>> selectedConverterType,
ServerHttpRequest request, ServerHttpResponse response) {
return ApiResponse.ok(body);
}
}

75
src/main/java/com/boilerplate/config/web/GlobalExceptionHandler.java Normal file
View File

@@ -0,0 +1,75 @@
package com.boilerplate.config.web;
import com.boilerplate.common.GlobalExceptionResponse;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.web.ErrorResponseException;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.context.request.WebRequest;
import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
@RestControllerAdvice
@Slf4j
public class GlobalExceptionHandler extends ResponseEntityExceptionHandler
implements AccessDeniedHandler, AuthenticationEntryPoint {
@Override
protected ResponseEntity<Object> handleErrorResponseException(
ErrorResponseException ex, HttpHeaders headers,
HttpStatusCode status, WebRequest request
) {
HttpStatus httpStatus = HttpStatus.valueOf(ex.getStatusCode().value());
String message = ex.getBody().getDetail() != null
? ex.getBody().getDetail()
: ex.getMessage();
String uri = null;
if (request instanceof ServletWebRequest servletWebRequest) {
HttpServletRequest httpReq = servletWebRequest.getRequest();
String queryString = httpReq.getQueryString();
uri = httpReq.getRequestURI();
if (queryString != null) {
uri += "?" + queryString;
}
}
GlobalExceptionResponse body = GlobalExceptionResponse.builder()
.code(httpStatus.value())
.message(message)
.status(httpStatus.name())
.instance(uri)
.build();
return ResponseEntity.status(httpStatus).body(body);
}
@Override
public void commence(
HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException
) throws IOException, ServletException {
}
@Override
public void handle(
HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException
) throws IOException, ServletException {
}
}

54
src/main/java/com/boilerplate/core/auth/api/controller/AuthController.java Normal file
View File

@@ -0,0 +1,54 @@
package com.boilerplate.core.auth.api.controller;
import com.boilerplate.core.auth.api.dto.req.LoginRequest;
import com.boilerplate.core.auth.api.dto.req.SignUpRequest;
import com.boilerplate.core.auth.api.dto.res.LoginResponse;
import com.boilerplate.core.auth.api.dto.res.SignUpResponse;
import com.boilerplate.core.auth.application.LoginUseCase;
import com.boilerplate.core.auth.application.RegisterUseCase;
import com.boilerplate.core.auth.application.dto.command.RegisterUseCaseCommand;
import com.boilerplate.core.auth.application.dto.result.LoginResult;
import com.boilerplate.core.auth.application.dto.result.RegisterUseCaseResult;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/api/v1/auth")
@RequiredArgsConstructor
public class AuthController {
private final RegisterUseCase registerUseCase;
private final LoginUseCase loginUseCase;
@PostMapping("/register")
public ResponseEntity<SignUpResponse> register(
@RequestBody SignUpRequest request
) {
RegisterUseCaseResult result = registerUseCase.execute(
RegisterUseCaseCommand.builder().loginId(request.getLoginId()).password(request.getPassword()).build());
SignUpResponse response = SignUpResponse.builder()
.accessToken(result.getAccessToken())
.refreshToken(result.getRefreshToken())
.build();
return ResponseEntity.ok(response);
}
@PostMapping("/login")
public ResponseEntity<LoginResponse> login(
@RequestBody LoginRequest request
) {
LoginResult result = loginUseCase.execute(request.getLoginId(), request.getPassword());
LoginResponse response = LoginResponse.builder()
.accessToken(result.getAccessToken())
.refreshToken(result.getRefreshToken())
.build();
return ResponseEntity.ok(response);
}
}

24
src/main/java/com/boilerplate/core/auth/api/controller/TestController.java Normal file
View File

@@ -0,0 +1,24 @@
package com.boilerplate.core.auth.api.controller;
import com.boilerplate.core.auth.application.userDetail.User;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RequiredArgsConstructor
@RestController
@RequestMapping
public class TestController {
@GetMapping("/test")
public ResponseEntity<Boolean> test(
@AuthenticationPrincipal User user
) {
System.out.println(user.getAccountId());
return ResponseEntity.ok(true);
}
}

13
src/main/java/com/boilerplate/core/auth/api/dto/req/LoginRequest.java Normal file
View File

@@ -0,0 +1,13 @@
package com.boilerplate.core.auth.api.dto.req;
import lombok.Getter;
import lombok.Setter;
@Getter
@Setter
public class LoginRequest {
private String loginId;
private String password;
}

16
src/main/java/com/boilerplate/core/auth/api/dto/req/SignUpRequest.java Normal file
View File

@@ -0,0 +1,16 @@
package com.boilerplate.core.auth.api.dto.req;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;
@Builder
@AllArgsConstructor
@NoArgsConstructor
@Getter
public class SignUpRequest {
private String loginId;
private String password;
}

17
src/main/java/com/boilerplate/core/auth/api/dto/res/LoginResponse.java Normal file
View File

@@ -0,0 +1,17 @@
package com.boilerplate.core.auth.api.dto.res;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;
@Builder
@NoArgsConstructor
@AllArgsConstructor
@Getter
public class LoginResponse {
private String accessToken;
private String refreshToken;
}

16
src/main/java/com/boilerplate/core/auth/api/dto/res/SignUpResponse.java Normal file
View File

@@ -0,0 +1,16 @@
package com.boilerplate.core.auth.api.dto.res;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;
@Builder
@Getter
@AllArgsConstructor
@NoArgsConstructor
public class SignUpResponse {
private String accessToken;
private String refreshToken;
}

29
src/main/java/com/boilerplate/core/auth/application/LoginUseCase.java Normal file
View File

@@ -0,0 +1,29 @@
package com.boilerplate.core.auth.application;
import com.boilerplate.common.TokenProvider;
import com.boilerplate.core.auth.application.dto.result.LoginResult;
import com.boilerplate.core.auth.domain.service.AccountService;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
@Component
@RequiredArgsConstructor
@Slf4j
public class LoginUseCase {
private final AccountService accountService;
private final TokenProvider tokenProvider;
public LoginResult execute(String loginId, String password) {
long accountId = accountService.login(loginId, password);
String accessToken = tokenProvider.createUserAccessToken(accountId);
String refreshToken = tokenProvider.createUserRefreshToken(accountId);
return LoginResult.builder()
.accessToken(accessToken)
.refreshToken(refreshToken)
.build();
}
}

40
src/main/java/com/boilerplate/core/auth/application/RegisterUseCase.java Normal file
View File

@@ -0,0 +1,40 @@
package com.boilerplate.core.auth.application;
import com.boilerplate.common.TokenProvider;
import com.boilerplate.core.auth.application.dto.command.RegisterUseCaseCommand;
import com.boilerplate.core.auth.application.dto.result.RegisterUseCaseResult;
import com.boilerplate.core.auth.domain.service.AccountService;
import com.boilerplate.core.exception.auth.ExistLoginIdException;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
@RequiredArgsConstructor
@Component
@Slf4j
public final class RegisterUseCase {
private final AccountService accountService;
private final TokenProvider tokenProvider;
public RegisterUseCaseResult execute(RegisterUseCaseCommand command) {
String loginId = command.getLoginId();
boolean isExistLoginId = accountService.isExistLoginId(loginId);
if (isExistLoginId) {
throw new ExistLoginIdException(loginId);
}
long accountId = accountService.register(loginId, command.getPassword());
String accessToken = tokenProvider.createUserAccessToken(accountId);
String refreshToken = tokenProvider.createUserRefreshToken(accountId);
return RegisterUseCaseResult.builder()
.accessToken(accessToken)
.refreshToken(refreshToken)
.build();
}
}

17
src/main/java/com/boilerplate/core/auth/application/dto/command/RegisterUseCaseCommand.java Normal file
View File

@@ -0,0 +1,17 @@
package com.boilerplate.core.auth.application.dto.command;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;
@Builder
@AllArgsConstructor
@NoArgsConstructor
@Getter
public class RegisterUseCaseCommand {
private String loginId;
private String password;
}

16
src/main/java/com/boilerplate/core/auth/application/dto/result/LoginResult.java Normal file
View File

@@ -0,0 +1,16 @@
package com.boilerplate.core.auth.application.dto.result;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;
@Builder
@AllArgsConstructor
@NoArgsConstructor
@Getter
public class LoginResult {
private String accessToken;
private String refreshToken;
}

17
src/main/java/com/boilerplate/core/auth/application/dto/result/RegisterUseCaseResult.java Normal file
View File

@@ -0,0 +1,17 @@
package com.boilerplate.core.auth.application.dto.result;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;
@Builder
@AllArgsConstructor
@NoArgsConstructor
@Getter
public class RegisterUseCaseResult {
private String accessToken;
private String refreshToken;
}

66
src/main/java/com/boilerplate/core/auth/application/userDetail/User.java Normal file
View File

@@ -0,0 +1,66 @@
package com.boilerplate.core.auth.application.userDetail;
import java.io.Serial;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
public final class User implements UserDetails {
public static final List<String> roles = List.of("USER");
private static final List<SimpleGrantedAuthority> authorities = roles.stream()
.map(SimpleGrantedAuthority::new).collect(Collectors.toList());
@Serial
private static final long serialVersionUID = 0L;
private final Long accountId;
public User(Long accountId) {
this.accountId = accountId;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return null;
}
public Long getAccountId() {
return accountId;
}
@Override
public String getUsername() {
return null;
}
@Override
public boolean equals(Object obj) {
if (obj == this) {
return true;
}
if (obj == null || obj.getClass() != this.getClass()) {
return false;
}
var that = (User) obj;
return Objects.equals(this.accountId, that.accountId);
}
@Override
public int hashCode() {
return Objects.hash(accountId);
}
@Override
public String toString() {
return "User[" + "accountId=" + accountId + ']';
}
}

14
src/main/java/com/boilerplate/core/auth/application/userDetail/UserDetailService.java Normal file
View File

@@ -0,0 +1,14 @@
package com.boilerplate.core.auth.application.userDetail;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
@Service
public class UserDetailService implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String accountId) throws UsernameNotFoundException {
return new User(Long.valueOf(accountId));
}
}

40
src/main/java/com/boilerplate/core/auth/domain/entity/Account.java Normal file
View File

@@ -0,0 +1,40 @@
package com.boilerplate.core.auth.domain.entity;
import jakarta.persistence.Entity;
import jakarta.persistence.GeneratedValue;
import jakarta.persistence.GenerationType;
import jakarta.persistence.Id;
import java.time.LocalDateTime;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.ToString;
import org.springframework.data.annotation.LastModifiedDate;
@Entity
@AllArgsConstructor
@NoArgsConstructor
@Builder
@Getter
@ToString
public class Account {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String loginId;
private String passwordHash;
private String name;
@Builder.Default
private LocalDateTime createdAt = LocalDateTime.now();
@Builder.Default
@LastModifiedDate
private LocalDateTime updatedAt = LocalDateTime.now();
@Builder.Default
private Boolean deleted = false;
}

4
src/main/java/com/boilerplate/core/auth/domain/repository/AccountQueryRepository.java Normal file
View File

@@ -0,0 +1,4 @@
package com.boilerplate.core.auth.domain.repository;
public interface AccountQueryRepository {
}

11
src/main/java/com/boilerplate/core/auth/domain/repository/AccountRepository.java Normal file
View File

@@ -0,0 +1,11 @@
package com.boilerplate.core.auth.domain.repository;
import com.boilerplate.core.auth.domain.entity.Account;
import java.util.Optional;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
@Repository
public interface AccountRepository extends JpaRepository<Account, Long> {
Optional<Account> findByLoginId(String loginId);
}

59
src/main/java/com/boilerplate/core/auth/domain/service/AccountService.java Normal file
View File

@@ -0,0 +1,59 @@
package com.boilerplate.core.auth.domain.service;
import com.boilerplate.core.auth.domain.entity.Account;
import com.boilerplate.core.auth.domain.repository.AccountRepository;
import com.boilerplate.core.exception.auth.InvalidCredentialsException;
import com.boilerplate.core.exception.common.NotExistEntityException;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@Service
@RequiredArgsConstructor
@Slf4j
public class AccountService {
private final AccountRepository accountRepository;
private final PasswordEncoder passwordEncoder;
@Transactional
public long register(String loginId, String password) {
log.info("회원 등록: {}", loginId);
String hashedPassword = passwordEncoder.encode(password);
Account account = Account.builder()
.loginId(loginId)
.name("임시 이름")
.passwordHash(hashedPassword)
.build();
log.info("account: {}", account);
accountRepository.save(account);
return account.getId();
}
public boolean isExistLoginId(String loginId) {
log.info("로그인 아이디 존재 여부 조회");
return accountRepository.findByLoginId(loginId).isPresent();
}
public long login(String loginId, String password) {
log.info("로그인");
Account account = accountRepository.findByLoginId(loginId)
.orElseThrow(() -> new NotExistEntityException(Account.class.getName()));
if (!passwordEncoder.matches(password, account.getPasswordHash())) {
throw new InvalidCredentialsException();
}
return account.getId();
}
}

11
src/main/java/com/boilerplate/core/auth/infra/repository/AccountQueryDslRepository.java Normal file
View File

@@ -0,0 +1,11 @@
package com.boilerplate.core.auth.infra.repository;
import com.boilerplate.core.auth.domain.repository.AccountQueryRepository;
import com.querydsl.jpa.impl.JPAQueryFactory;
import lombok.RequiredArgsConstructor;
@RequiredArgsConstructor
public class AccountQueryDslRepository implements AccountQueryRepository {
private final JPAQueryFactory queryFactory;
}

19
src/main/java/com/boilerplate/core/exception/auth/ExistLoginIdException.java Normal file
View File

@@ -0,0 +1,19 @@
package com.boilerplate.core.exception.auth;
import org.springframework.http.HttpStatus;
import org.springframework.http.ProblemDetail;
import org.springframework.web.ErrorResponseException;
public class ExistLoginIdException extends ErrorResponseException {
public ExistLoginIdException(String loginId) {
super(
HttpStatus.CONFLICT,
ProblemDetail.forStatusAndDetail(
HttpStatus.CONFLICT,
"이미 존재하는 loginId 입니다: " + loginId
),
null
);
}
}

19
src/main/java/com/boilerplate/core/exception/auth/InvalidCredentialsException.java Normal file
View File

@@ -0,0 +1,19 @@
package com.boilerplate.core.exception.auth;
import org.springframework.http.HttpStatus;
import org.springframework.http.ProblemDetail;
import org.springframework.web.ErrorResponseException;
public class InvalidCredentialsException extends ErrorResponseException {
public InvalidCredentialsException() {
super(
HttpStatus.UNAUTHORIZED,
ProblemDetail.forStatusAndDetail(
HttpStatus.UNAUTHORIZED,
"아이디 또는 비밀번호가 올바르지 않습니다."
),
null
);
}
}

19
src/main/java/com/boilerplate/core/exception/common/NotExistEntityException.java Normal file
View File

@@ -0,0 +1,19 @@
package com.boilerplate.core.exception.common;
import org.springframework.http.HttpStatus;
import org.springframework.http.ProblemDetail;
import org.springframework.web.ErrorResponseException;
public class NotExistEntityException extends ErrorResponseException {
public NotExistEntityException(String entityName) {
super(
HttpStatus.NOT_FOUND,
ProblemDetail.forStatusAndDetail(
HttpStatus.NOT_FOUND,
"존재하지 않는 엔티티: " + entityName
),
null
);
}
}

27
src/main/resources/config/application-local.yaml Normal file
View File

@@ -0,0 +1,27 @@
spring:
datasource:
url: jdbc:mysql://localhost:3306/db?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul
username: root
password: root
driver-class-name: com.mysql.cj.jdbc.Driver
logging:
level:
org:
hibernate:
SQL: debug
orm:
jdbc:
bind: trace
token:
secret: randomkeygen=com/randomkeygen=com/randomkeygen=com/randomkeygen=com/randomkeygen=com/
issuer: localhost
lifetime:
access-token: 365d
refresh-token: 365d
storage:
bucket: "audio-dev"
access-key: "corpi"
secret-key: "corpi7589"

21
src/main/resources/config/application.yaml Normal file
View File

@@ -0,0 +1,21 @@
spring:
application:
name: boilerplate
jpa:
hibernate:
ddl-auto: validate
show-sql: false
properties:
hibernate:
format_sql: true
# dialect: org.hibernate.dialect.MySQL8Dialect
liquibase:
change-log: classpath:/db/master.yaml
enabled: true
#logging:
# level:
# org.hibernate.SQL: null
# org.hibernate.type: trace

3
src/main/resources/db/changelog/changelog.yaml Normal file
View File

@@ -0,0 +1,3 @@
databaseChangeLog:
- include:
file: db/sql/account/1_create_account.sql

3
src/main/resources/db/master.yaml Normal file
View File

@@ -0,0 +1,3 @@
databaseChangeLog:
- include:
file: db/changelog/changelog.yaml

0
src/main/resources/db/sql/account/1_create_account.sql Normal file
View File

13
src/test/java/com/boilerplate/ApplicationTests.java Normal file
View File

@@ -0,0 +1,13 @@
package com.boilerplate;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
@SpringBootTest
class ApplicationTests {
@Test
void contextLoads() {
}
}