[feat] swagger 비밀번호 설정

Api/src/main/java/allchive/server/api/block/service/CreateBlockUseCase.java

@@ -10,12 +10,14 @@
 import allchive.server.domain.domains.block.service.BlockDomainService;
 import allchive.server.domain.domains.block.validator.BlockValidator;
 import allchive.server.domain.domains.user.adaptor.UserAdaptor;
+import allchive.server.domain.domains.user.validator.UserValidator;
 import lombok.RequiredArgsConstructor;
 import org.springframework.transaction.annotation.Transactional;
 
 @UseCase
 @RequiredArgsConstructor
 public class CreateBlockUseCase {
+    private final UserValidator userValidator;
     private final BlockValidator blockValidator;
     private final BlockMapper blockMapper;
     private final BlockDomainService blockDomainService;
@@ -24,10 +26,15 @@ public class CreateBlockUseCase {
     @Transactional
     public BlockResponse execute(BlockRequest request) {
         Long userId = SecurityUtil.getCurrentUserId();
-        blockValidator.validateNotDuplicate(userId, request.getUserId());
-        blockValidator.validateNotMyself(userId, request.getUserId());
+        validateExecution(userId, request);
         Block block = blockMapper.toEntity(userId, request.getUserId());
         blockDomainService.save(block);
         return BlockResponse.from(userAdaptor.findById(request.getUserId()).getNickname());
     }
+
+    private void validateExecution(Long userId, BlockRequest request) {
+        userValidator.validateExist(request.getUserId());
+        blockValidator.validateNotDuplicate(userId, request.getUserId());
+        blockValidator.validateNotMyself(userId, request.getUserId());
+    }
 }

Api/src/main/java/allchive/server/api/block/service/DeleteBlockUseCase.java

@@ -8,21 +8,28 @@
 import allchive.server.domain.domains.block.service.BlockDomainService;
 import allchive.server.domain.domains.block.validator.BlockValidator;
 import allchive.server.domain.domains.user.adaptor.UserAdaptor;
+import allchive.server.domain.domains.user.validator.UserValidator;
 import lombok.RequiredArgsConstructor;
 import org.springframework.transaction.annotation.Transactional;
 
 @UseCase
 @RequiredArgsConstructor
 public class DeleteBlockUseCase {
+    private final UserValidator userValidator;
     private final BlockValidator blockValidator;
     private final BlockDomainService blockDomainService;
     private final UserAdaptor userAdaptor;
 
     @Transactional
     public BlockResponse execute(BlockRequest request) {
         Long userId = SecurityUtil.getCurrentUserId();
-        blockValidator.validateExist(userId, request.getUserId());
+        validateExecution(userId, request);
         blockDomainService.deleteByBlockFromAndBlockUser(userId, request.getUserId());
         return BlockResponse.from(userAdaptor.findById(request.getUserId()).getNickname());
     }
+
+    private void validateExecution(Long userId, BlockRequest request) {
+        userValidator.validateExist(request.getUserId());
+        blockValidator.validateExist(userId, request.getUserId());
+    }
 }

Api/src/main/java/allchive/server/api/config/security/SecurityConfig.java

@@ -2,21 +2,43 @@
 
 import static allchive.server.core.consts.AllchiveConst.SwaggerPatterns;
 
+import allchive.server.core.helper.SpringEnvironmentHelper;
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
 
 @RequiredArgsConstructor
 @EnableWebSecurity()
 public class SecurityConfig {
     private final FilterConfig filterConfig;
+    private final SpringEnvironmentHelper springEnvironmentHelper;
+
+    @Value("${swagger.user}")
+    private String swaggerUser;
+
+    @Value("${swagger.password}")
+    private String swaggerPassword;
+
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user =
+                User.withUsername(swaggerUser)
+                        .password(passwordEncoder().encode(swaggerPassword))
+                        .roles("SWAGGER")
+                        .build();
+        return new InMemoryUserDetailsManager(user);
+    }
 
     @Bean
     public PasswordEncoder passwordEncoder() {
@@ -30,6 +52,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
         http.authorizeRequests().expressionHandler(expressionHandler());
 
+        if (springEnvironmentHelper.isProdAndDevProfile()) {
+            http.authorizeRequests().mvcMatchers(SwaggerPatterns).authenticated().and().httpBasic();
+        }
+
         http.authorizeRequests()
                 .antMatchers(SwaggerPatterns)
                 .permitAll()

Api/src/main/java/allchive/server/api/report/service/CreateReportUseCase.java

@@ -30,20 +30,29 @@ public class CreateReportUseCase {
     @Transactional
     public void execute(CreateReportRequest request, ReportObjectType type) {
         Long userId = SecurityUtil.getCurrentUserId();
-        reportValidator.validateNotDuplicateReport(userId, request.getId(), type);
+        validateExecution(userId, request.getId(), type);
+        Long reportedUserId = getReportedUserId(request.getId(), type);
+        Report report = reportMapper.toEntity(request, type, userId, reportedUserId);
+        reportDomainService.save(report);
+    }
+
+    private void validateExecution(Long userId, Long objId, ReportObjectType type) {
+        reportValidator.validateNotDuplicateReport(userId, objId, type);
+    }
+
+    private Long getReportedUserId(Long objId, ReportObjectType type) {
         Long reportedUserId = 0L;
         switch (type) {
             case CONTENT -> {
-                contentValidator.validateExistById(request.getId());
-                Long archivingId = contentAdaptor.findById(request.getId()).getArchivingId();
+                contentValidator.validateExistById(objId);
+                Long archivingId = contentAdaptor.findById(objId).getArchivingId();
                 reportedUserId = archivingAdaptor.findById(archivingId).getUserId();
             }
             case ARCHIVING -> {
-                archivingValidator.validateExistById(request.getId());
-                reportedUserId = archivingAdaptor.findById(request.getId()).getUserId();
+                archivingValidator.validateExistById(objId);
+                reportedUserId = archivingAdaptor.findById(objId).getUserId();
             }
         }
-        Report report = reportMapper.toEntity(request, type, userId, reportedUserId);
-        reportDomainService.save(report);
+        return reportedUserId;
     }
 }

Api/src/main/resources/application.yml

@@ -19,6 +19,10 @@ springdoc:
   swagger-ui:
     tags-sorter: alpha
 
+swagger:
+  user: ${SWAGGER_USER:user}
+  password: ${SWAGGER_PASSWORD:password}
+
 ---
 spring:
   config:

Core/src/main/java/allchive/server/core/helper/SpringEnvironmentHelper.java

@@ -16,14 +16,22 @@ public class SpringEnvironmentHelper {
     private final Environment environment;
 
     public Boolean isProdProfile() {
-        String[] activeProfiles = environment.getActiveProfiles();
-        List<String> currentProfile = Arrays.stream(activeProfiles).toList();
+        List<String> currentProfile = getCurrentProfile();
         return currentProfile.contains(PROD);
     }
 
     public Boolean isDevProfile() {
-        String[] activeProfiles = environment.getActiveProfiles();
-        List<String> currentProfile = Arrays.stream(activeProfiles).toList();
+        List<String> currentProfile = getCurrentProfile();
         return currentProfile.contains(DEV);
     }
+
+    public Boolean isProdAndDevProfile() {
+        List<String> currentProfile = getCurrentProfile();
+        return currentProfile.contains(PROD) || currentProfile.contains(DEV);
+    }
+
+    private List<String> getCurrentProfile() {
+        String[] activeProfiles = environment.getActiveProfiles();
+        return Arrays.stream(activeProfiles).toList();
+    }
 }

Domain/src/main/java/allchive/server/domain/domains/user/adaptor/UserAdaptor.java

@@ -39,4 +39,8 @@ public Boolean existsByNickname(String nickname) {
     public List<User> findAllByIdIn(List<Long> userIds) {
         return userRepository.findAllByIdIn(userIds);
     }
+
+    public Boolean existsById(Long userId) {
+        return userRepository.existsById(userId);
+    }
 }

Domain/src/main/java/allchive/server/domain/domains/user/validator/UserValidator.java

@@ -7,6 +7,7 @@
 import allchive.server.domain.domains.user.domain.enums.UserState;
 import allchive.server.domain.domains.user.exception.exceptions.AlreadySignUpUserException;
 import allchive.server.domain.domains.user.exception.exceptions.ForbiddenUserException;
+import allchive.server.domain.domains.user.exception.exceptions.UserNotFoundException;
 import lombok.RequiredArgsConstructor;
 
 @Validator
@@ -27,4 +28,10 @@ public void validateUserStatusNormal(Long userId) {
             throw ForbiddenUserException.EXCEPTION;
         }
     }
+
+    public void validateExist(Long userId) {
+        if (!userAdaptor.existsById(userId)) {
+            throw UserNotFoundException.EXCEPTION;
+        }
+    }
 }