Merge pull request #118 from woowacourse-teams/develop

스프린트2 Merge

Author: tco0427

.gitattributes

@@ -0,0 +1 @@
+frontend/**/*.json linguist-generated

.github/workflows/backend.yml

@@ -4,7 +4,6 @@ on:
   push:
     branches:
       - main
-      - develop
   pull_request:
     branches:
       - main
@@ -31,4 +30,9 @@ jobs:
         run: ./gradlew build --exclude-task test
 
       - name: Test  
-        run: ./gradlew test
+        env: 
+          client-id: ${{ secrets.CLIENT_ID }}
+          client-secret: ${{ secrets.CLIENT_SECRET }}
+          jwt-secret-key: ${{ secrets.JWT_SECRET_KEY }}
+          jwt-expire-length: ${{ secrets.JWT_EXPIRE_LENGTH }}
+        run: ./gradlew test -Doauth2.github.client-id=${{ env.client-id }} -Doauth2.github.client-secret=${{ env.client-secret }} -Dsecurity.jwt.token.secret-key=${{ env.jwt-secret-key }} -Dsecurity.jwt.token.expire-length=${{ env.jwt-expire-length }}

.github/workflows/deploy-backend-dev.yml

@@ -0,0 +1,44 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
+# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle
+
+name: Deploy Backend Dev
+
+on:
+  push:   
+    branches : develop
+
+defaults:
+  run:
+    working-directory: backend                        
+
+jobs:
+  build:
+    runs-on: ubuntu-latest                            
+    steps:                                            
+      - name: Checkout
+        uses: actions/checkout@v3                     
+
+      - name: Set up JDK
+        uses: actions/setup-java@v3                   
+        with:
+          java-version: '11'
+          distribution: 'temurin'
+          
+      - name: Build
+        run: ./gradlew build --exclude-task test
+
+      - name: Test  
+        env: 
+          client-id: ${{ secrets.CLIENT_ID }}
+          client-secret: ${{ secrets.CLIENT_SECRET }}
+          jwt-secret-key: ${{ secrets.JWT_SECRET_KEY }}
+          jwt-expire-length: ${{ secrets.JWT_EXPIRE_LENGTH }}
+        run: ./gradlew test -Doauth2.github.client-id=${{ env.client-id }} -Doauth2.github.client-secret=${{ env.client-secret }} -Dsecurity.jwt.token.secret-key=${{ env.jwt-secret-key }} -Dsecurity.jwt.token.expire-length=${{ env.jwt-expire-length }}
+        
+      - name : Deploy
+        run: |
+          curl ${{ secrets.DEPLOY_REQUEST_URL }}

backend/.gitignore

@@ -35,3 +35,6 @@ out/
 
 ### VS Code ###
 .vscode/
+
+/src/main/resources/application-security.yml
+/src/test/resources/application-security.yml

backend/build.gradle

@@ -1,7 +1,14 @@
+buildscript {
+    ext {
+        queryDslVersion = "5.0.0"
+    }
+}
+
 plugins {
     id 'org.springframework.boot' version '2.6.9'
     id 'io.spring.dependency-management' version '1.0.11.RELEASE'
     id 'java'
+    id "com.ewerk.gradle.plugins.querydsl" version "1.0.10"
 }
 
 group = 'com.woowacourse'
@@ -26,11 +33,41 @@ dependencies {
     compileOnly 'org.projectlombok:lombok'
     annotationProcessor 'org.projectlombok:lombok'
 
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation 'io.rest-assured:rest-assured'
     runtimeOnly 'com.h2database:h2'
+    runtimeOnly 'mysql:mysql-connector-java'
+
+    // querydsl
+    implementation "com.querydsl:querydsl-jpa:${queryDslVersion}"
+    implementation "com.querydsl:querydsl-apt:${queryDslVersion}"
 }
 
 tasks.named('test') {
     useJUnitPlatform()
+    systemProperties = System.getProperties()
+}
+
+// querydsl
+def querydslDir = "$buildDir/generated/querydsl"
+
+querydsl {
+    jpa = true
+    querydslSourcesDir = querydslDir
+}
+sourceSets {
+    main.java.srcDir querydslDir
+}
+compileQuerydsl {
+    options.annotationProcessorPath = configurations.querydsl
+}
+configurations {
+    compileOnly {
+        extendsFrom annotationProcessor
+    }
+    querydsl.extendsFrom compileClasspath
 }

backend/src/main/java/com/woowacourse/moamoa/auth/config/AuthConfig.java

@@ -0,0 +1,41 @@
+package com.woowacourse.moamoa.auth.config;
+
+import com.woowacourse.moamoa.auth.controller.AuthenticationArgumentResolver;
+import com.woowacourse.moamoa.auth.controller.AuthenticationInterceptor;
+import java.util.List;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class AuthConfig implements WebMvcConfigurer {
+
+    private final AuthenticationInterceptor authenticationInterceptor;
+    private final AuthenticationArgumentResolver authenticationArgumentResolver;
+
+    public AuthConfig(
+            final AuthenticationInterceptor authenticationInterceptor,
+            final AuthenticationArgumentResolver authenticationArgumentResolver) {
+        this.authenticationInterceptor = authenticationInterceptor;
+        this.authenticationArgumentResolver = authenticationArgumentResolver;
+    }
+
+    @Override
+    public void addArgumentResolvers(final List<HandlerMethodArgumentResolver> resolvers) {
+        resolvers.add(authenticationArgumentResolver);
+    }
+
+    @Override
+    public void addInterceptors(final InterceptorRegistry registry) {
+        registry.addInterceptor(authenticationInterceptor)
+                .addPathPatterns("/**");
+    }
+
+    @Bean
+    public RestTemplate restTemplate() {
+        return new RestTemplate();
+    }
+}

backend/src/main/java/com/woowacourse/moamoa/auth/config/AuthenticationExtractor.java

@@ -0,0 +1,32 @@
+package com.woowacourse.moamoa.auth.config;
+
+import static org.springframework.http.HttpHeaders.AUTHORIZATION;
+
+import java.util.Enumeration;
+import javax.servlet.http.HttpServletRequest;
+
+public class AuthenticationExtractor {
+
+    private static String BEARER_TYPE = "Bearer";
+    private static String ACCESS_TOKEN_TYPE = AuthenticationExtractor.class.getSimpleName() + ".ACCESS_TOKEN_TYPE";
+
+    public static String extract(HttpServletRequest request) {
+        Enumeration<String> headers = request.getHeaders(AUTHORIZATION);
+
+        while (headers.hasMoreElements()) {
+            String value = headers.nextElement();
+
+            if ((value.toLowerCase().startsWith(BEARER_TYPE.toLowerCase()))) {
+                String authHeaderValue = value.substring(BEARER_TYPE.length()).trim();
+                request.setAttribute(ACCESS_TOKEN_TYPE, value.substring(0, BEARER_TYPE.length()).trim());
+                int commaIndex = authHeaderValue.indexOf(',');
+
+                if (commaIndex > 0) {
+                    authHeaderValue = authHeaderValue.substring(0, commaIndex);
+                }
+                return authHeaderValue;
+            }
+        }
+        return null;
+    }
+}

backend/src/main/java/com/woowacourse/moamoa/auth/config/AuthenticationPrincipal.java

@@ -0,0 +1,11 @@
+package com.woowacourse.moamoa.auth.config;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.PARAMETER)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface AuthenticationPrincipal {
+}

backend/src/main/java/com/woowacourse/moamoa/auth/controller/AuthController.java

@@ -0,0 +1,21 @@
+package com.woowacourse.moamoa.auth.controller;
+
+import com.woowacourse.moamoa.auth.service.AuthService;
+import com.woowacourse.moamoa.auth.service.response.TokenResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequiredArgsConstructor
+public class AuthController {
+
+    private final AuthService authService;
+
+    @PostMapping("/api/login/token")
+    public ResponseEntity<TokenResponse> login(@RequestParam final String code) {
+        return ResponseEntity.ok().body(authService.createToken(code));
+    }
+}

backend/src/main/java/com/woowacourse/moamoa/auth/controller/AuthenticationArgumentResolver.java

@@ -0,0 +1,39 @@
+package com.woowacourse.moamoa.auth.controller;
+
+import com.woowacourse.moamoa.auth.config.AuthenticationExtractor;
+import com.woowacourse.moamoa.auth.config.AuthenticationPrincipal;
+import com.woowacourse.moamoa.auth.infrastructure.TokenProvider;
+import com.woowacourse.moamoa.common.exception.UnauthorizedException;
+import javax.servlet.http.HttpServletRequest;
+import lombok.RequiredArgsConstructor;
+import org.springframework.core.MethodParameter;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+@Component
+@RequiredArgsConstructor
+public class AuthenticationArgumentResolver implements HandlerMethodArgumentResolver {
+
+    private final TokenProvider tokenProvider;
+
+    @Override
+    public boolean supportsParameter(final MethodParameter parameter) {
+        return parameter.hasParameterAnnotation(AuthenticationPrincipal.class);
+    }
+
+    @Override
+    public Object resolveArgument(final MethodParameter parameter, final ModelAndViewContainer mavContainer,
+                                  final NativeWebRequest webRequest, final WebDataBinderFactory binderFactory) {
+        final HttpServletRequest request = webRequest.getNativeRequest(HttpServletRequest.class);
+
+        final String token = AuthenticationExtractor.extract(request);
+        if (token == null) {
+            throw new UnauthorizedException("인증 타입이 올바르지 않습니다.");
+        }
+
+        return Long.valueOf(tokenProvider.getPayload(token));
+    }
+}