diff --git a/Api/src/main/java/allchive/server/api/block/service/CreateBlockUseCase.java b/Api/src/main/java/allchive/server/api/block/service/CreateBlockUseCase.java index fed85f8a..d8200001 100644 --- a/Api/src/main/java/allchive/server/api/block/service/CreateBlockUseCase.java +++ b/Api/src/main/java/allchive/server/api/block/service/CreateBlockUseCase.java @@ -10,12 +10,14 @@ import allchive.server.domain.domains.block.service.BlockDomainService; import allchive.server.domain.domains.block.validator.BlockValidator; import allchive.server.domain.domains.user.adaptor.UserAdaptor; +import allchive.server.domain.domains.user.validator.UserValidator; import lombok.RequiredArgsConstructor; import org.springframework.transaction.annotation.Transactional; @UseCase @RequiredArgsConstructor public class CreateBlockUseCase { + private final UserValidator userValidator; private final BlockValidator blockValidator; private final BlockMapper blockMapper; private final BlockDomainService blockDomainService; @@ -24,10 +26,15 @@ public class CreateBlockUseCase { @Transactional public BlockResponse execute(BlockRequest request) { Long userId = SecurityUtil.getCurrentUserId(); - blockValidator.validateNotDuplicate(userId, request.getUserId()); - blockValidator.validateNotMyself(userId, request.getUserId()); + validateExecution(userId, request); Block block = blockMapper.toEntity(userId, request.getUserId()); blockDomainService.save(block); return BlockResponse.from(userAdaptor.findById(request.getUserId()).getNickname()); } + + private void validateExecution(Long userId, BlockRequest request) { + userValidator.validateExist(request.getUserId()); + blockValidator.validateNotDuplicate(userId, request.getUserId()); + blockValidator.validateNotMyself(userId, request.getUserId()); + } } diff --git a/Api/src/main/java/allchive/server/api/block/service/DeleteBlockUseCase.java b/Api/src/main/java/allchive/server/api/block/service/DeleteBlockUseCase.java index 257ad370..f9b93d56 100644 --- a/Api/src/main/java/allchive/server/api/block/service/DeleteBlockUseCase.java +++ b/Api/src/main/java/allchive/server/api/block/service/DeleteBlockUseCase.java @@ -8,12 +8,14 @@ import allchive.server.domain.domains.block.service.BlockDomainService; import allchive.server.domain.domains.block.validator.BlockValidator; import allchive.server.domain.domains.user.adaptor.UserAdaptor; +import allchive.server.domain.domains.user.validator.UserValidator; import lombok.RequiredArgsConstructor; import org.springframework.transaction.annotation.Transactional; @UseCase @RequiredArgsConstructor public class DeleteBlockUseCase { + private final UserValidator userValidator; private final BlockValidator blockValidator; private final BlockDomainService blockDomainService; private final UserAdaptor userAdaptor; @@ -21,8 +23,13 @@ public class DeleteBlockUseCase { @Transactional public BlockResponse execute(BlockRequest request) { Long userId = SecurityUtil.getCurrentUserId(); - blockValidator.validateExist(userId, request.getUserId()); + validateExecution(userId, request); blockDomainService.deleteByBlockFromAndBlockUser(userId, request.getUserId()); return BlockResponse.from(userAdaptor.findById(request.getUserId()).getNickname()); } + + private void validateExecution(Long userId, BlockRequest request) { + userValidator.validateExist(request.getUserId()); + blockValidator.validateExist(userId, request.getUserId()); + } } diff --git a/Api/src/main/java/allchive/server/api/config/security/SecurityConfig.java b/Api/src/main/java/allchive/server/api/config/security/SecurityConfig.java index 236519ea..40746326 100644 --- a/Api/src/main/java/allchive/server/api/config/security/SecurityConfig.java +++ b/Api/src/main/java/allchive/server/api/config/security/SecurityConfig.java @@ -2,14 +2,19 @@ import static allchive.server.core.consts.AllchiveConst.SwaggerPatterns; +import allchive.server.core.helper.SpringEnvironmentHelper; import lombok.RequiredArgsConstructor; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler; @@ -17,6 +22,23 @@ @EnableWebSecurity() public class SecurityConfig { private final FilterConfig filterConfig; + private final SpringEnvironmentHelper springEnvironmentHelper; + + @Value("${swagger.user}") + private String swaggerUser; + + @Value("${swagger.password}") + private String swaggerPassword; + + @Bean + public InMemoryUserDetailsManager userDetailsService() { + UserDetails user = + User.withUsername(swaggerUser) + .password(passwordEncoder().encode(swaggerPassword)) + .roles("SWAGGER") + .build(); + return new InMemoryUserDetailsManager(user); + } @Bean public PasswordEncoder passwordEncoder() { @@ -30,6 +52,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests().expressionHandler(expressionHandler()); + if (springEnvironmentHelper.isProdAndDevProfile()) { + http.authorizeRequests().mvcMatchers(SwaggerPatterns).authenticated().and().httpBasic(); + } + http.authorizeRequests() .antMatchers(SwaggerPatterns) .permitAll() diff --git a/Api/src/main/java/allchive/server/api/report/service/CreateReportUseCase.java b/Api/src/main/java/allchive/server/api/report/service/CreateReportUseCase.java index 07681e8b..4603f830 100644 --- a/Api/src/main/java/allchive/server/api/report/service/CreateReportUseCase.java +++ b/Api/src/main/java/allchive/server/api/report/service/CreateReportUseCase.java @@ -30,20 +30,29 @@ public class CreateReportUseCase { @Transactional public void execute(CreateReportRequest request, ReportObjectType type) { Long userId = SecurityUtil.getCurrentUserId(); - reportValidator.validateNotDuplicateReport(userId, request.getId(), type); + validateExecution(userId, request.getId(), type); + Long reportedUserId = getReportedUserId(request.getId(), type); + Report report = reportMapper.toEntity(request, type, userId, reportedUserId); + reportDomainService.save(report); + } + + private void validateExecution(Long userId, Long objId, ReportObjectType type) { + reportValidator.validateNotDuplicateReport(userId, objId, type); + } + + private Long getReportedUserId(Long objId, ReportObjectType type) { Long reportedUserId = 0L; switch (type) { case CONTENT -> { - contentValidator.validateExistById(request.getId()); - Long archivingId = contentAdaptor.findById(request.getId()).getArchivingId(); + contentValidator.validateExistById(objId); + Long archivingId = contentAdaptor.findById(objId).getArchivingId(); reportedUserId = archivingAdaptor.findById(archivingId).getUserId(); } case ARCHIVING -> { - archivingValidator.validateExistById(request.getId()); - reportedUserId = archivingAdaptor.findById(request.getId()).getUserId(); + archivingValidator.validateExistById(objId); + reportedUserId = archivingAdaptor.findById(objId).getUserId(); } } - Report report = reportMapper.toEntity(request, type, userId, reportedUserId); - reportDomainService.save(report); + return reportedUserId; } } diff --git a/Api/src/main/resources/application.yml b/Api/src/main/resources/application.yml index c4f14e91..33e428bb 100644 --- a/Api/src/main/resources/application.yml +++ b/Api/src/main/resources/application.yml @@ -19,6 +19,10 @@ springdoc: swagger-ui: tags-sorter: alpha +swagger: + user: ${SWAGGER_USER:user} + password: ${SWAGGER_PASSWORD:password} + --- spring: config: diff --git a/Core/src/main/java/allchive/server/core/helper/SpringEnvironmentHelper.java b/Core/src/main/java/allchive/server/core/helper/SpringEnvironmentHelper.java index 9016edfd..a3a92044 100644 --- a/Core/src/main/java/allchive/server/core/helper/SpringEnvironmentHelper.java +++ b/Core/src/main/java/allchive/server/core/helper/SpringEnvironmentHelper.java @@ -16,14 +16,22 @@ public class SpringEnvironmentHelper { private final Environment environment; public Boolean isProdProfile() { - String[] activeProfiles = environment.getActiveProfiles(); - List currentProfile = Arrays.stream(activeProfiles).toList(); + List currentProfile = getCurrentProfile(); return currentProfile.contains(PROD); } public Boolean isDevProfile() { - String[] activeProfiles = environment.getActiveProfiles(); - List currentProfile = Arrays.stream(activeProfiles).toList(); + List currentProfile = getCurrentProfile(); return currentProfile.contains(DEV); } + + public Boolean isProdAndDevProfile() { + List currentProfile = getCurrentProfile(); + return currentProfile.contains(PROD) || currentProfile.contains(DEV); + } + + private List getCurrentProfile() { + String[] activeProfiles = environment.getActiveProfiles(); + return Arrays.stream(activeProfiles).toList(); + } } diff --git a/Domain/src/main/java/allchive/server/domain/domains/user/adaptor/UserAdaptor.java b/Domain/src/main/java/allchive/server/domain/domains/user/adaptor/UserAdaptor.java index b118c6ae..d800f01a 100644 --- a/Domain/src/main/java/allchive/server/domain/domains/user/adaptor/UserAdaptor.java +++ b/Domain/src/main/java/allchive/server/domain/domains/user/adaptor/UserAdaptor.java @@ -39,4 +39,8 @@ public Boolean existsByNickname(String nickname) { public List findAllByIdIn(List userIds) { return userRepository.findAllByIdIn(userIds); } + + public Boolean existsById(Long userId) { + return userRepository.existsById(userId); + } } diff --git a/Domain/src/main/java/allchive/server/domain/domains/user/validator/UserValidator.java b/Domain/src/main/java/allchive/server/domain/domains/user/validator/UserValidator.java index a79f04f3..d5d08514 100644 --- a/Domain/src/main/java/allchive/server/domain/domains/user/validator/UserValidator.java +++ b/Domain/src/main/java/allchive/server/domain/domains/user/validator/UserValidator.java @@ -7,6 +7,7 @@ import allchive.server.domain.domains.user.domain.enums.UserState; import allchive.server.domain.domains.user.exception.exceptions.AlreadySignUpUserException; import allchive.server.domain.domains.user.exception.exceptions.ForbiddenUserException; +import allchive.server.domain.domains.user.exception.exceptions.UserNotFoundException; import lombok.RequiredArgsConstructor; @Validator @@ -27,4 +28,10 @@ public void validateUserStatusNormal(Long userId) { throw ForbiddenUserException.EXCEPTION; } } + + public void validateExist(Long userId) { + if (!userAdaptor.existsById(userId)) { + throw UserNotFoundException.EXCEPTION; + } + } }