v1.5.2 (#258)

GDSC-Hongik · Mar 5, 2024 · 96234ad · 96234ad
2 parents 3e11a37 + 8fa2740
commit 96234ad
Show file tree

Hide file tree

Showing 12 changed files with 31 additions and 105 deletions.
diff --git a/build.gradle b/build.gradle
@@ -73,6 +73,9 @@ dependencies {
 
     // Excel
     implementation 'org.apache.poi:poi:5.2.5'
+
+    // Monitoring
+    implementation 'io.micrometer:micrometer-registry-prometheus'
 }
 
 tasks.named('test') {

diff --git a/src/main/java/com/gdschongik/gdsc/domain/auth/api/AuthController.java b/src/main/java/com/gdschongik/gdsc/domain/auth/api/AuthController.java
diff --git a/src/main/java/com/gdschongik/gdsc/domain/auth/application/AuthService.java b/src/main/java/com/gdschongik/gdsc/domain/auth/application/AuthService.java
diff --git a/src/main/java/com/gdschongik/gdsc/domain/auth/dto/request/LoginRequest.java b/src/main/java/com/gdschongik/gdsc/domain/auth/dto/request/LoginRequest.java
diff --git a/src/main/java/com/gdschongik/gdsc/domain/auth/dto/response/LoginResponse.java b/src/main/java/com/gdschongik/gdsc/domain/auth/dto/response/LoginResponse.java
diff --git a/src/main/java/com/gdschongik/gdsc/global/config/PropertyConfig.java b/src/main/java/com/gdschongik/gdsc/global/config/PropertyConfig.java
@@ -1,17 +1,17 @@
 package com.gdschongik.gdsc.global.config;
 
+import com.gdschongik.gdsc.global.property.BasicAuthProperty;
 import com.gdschongik.gdsc.global.property.DiscordProperty;
 import com.gdschongik.gdsc.global.property.JwtProperty;
 import com.gdschongik.gdsc.global.property.RedisProperty;
-import com.gdschongik.gdsc.global.property.SwaggerProperty;
 import com.gdschongik.gdsc.global.property.email.EmailProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 
 @EnableConfigurationProperties({
     JwtProperty.class,
     RedisProperty.class,
-    SwaggerProperty.class,
+    BasicAuthProperty.class,
     DiscordProperty.class,
     EmailProperty.class
 })

diff --git a/src/main/java/com/gdschongik/gdsc/global/config/WebSecurityConfig.java b/src/main/java/com/gdschongik/gdsc/global/config/WebSecurityConfig.java
@@ -10,7 +10,7 @@
 import com.gdschongik.gdsc.domain.auth.application.JwtService;
 import com.gdschongik.gdsc.domain.member.dao.MemberRepository;
 import com.gdschongik.gdsc.global.annotation.ConditionalOnProfile;
-import com.gdschongik.gdsc.global.property.SwaggerProperty;
+import com.gdschongik.gdsc.global.property.BasicAuthProperty;
 import com.gdschongik.gdsc.global.security.CustomSuccessHandler;
 import com.gdschongik.gdsc.global.security.CustomUserService;
 import com.gdschongik.gdsc.global.security.JwtExceptionFilter;
@@ -46,7 +46,7 @@ public class WebSecurityConfig {
     private final CookieUtil cookieUtil;
     private final ObjectMapper objectMapper;
     private final EnvironmentUtil environmentUtil;
-    private final SwaggerProperty swaggerProperty;
+    private final BasicAuthProperty basicAuthProperty;
 
     private void defaultFilterChain(HttpSecurity http) throws Exception {
         http.httpBasic(AbstractHttpConfigurer::disable)
@@ -75,6 +75,19 @@ public SecurityFilterChain swaggerFilterChain(HttpSecurity http) throws Exceptio
         return http.build();
     }
 
+    @Bean
+    @Order(2)
+    @ConditionalOnProfile(PROD)
+    public SecurityFilterChain prometheusFilterChain(HttpSecurity http) throws Exception {
+        defaultFilterChain(http);
+
+        http.securityMatcher("/gdsc-actuator/prometheus").httpBasic(withDefaults());
+
+        http.authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated());
+
+        return http.build();
+    }
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         defaultFilterChain(http);
@@ -93,8 +106,6 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.authorizeHttpRequests(authorize -> authorize
                 .requestMatchers("/oauth2/**")
                 .permitAll()
-                .requestMatchers("/auth/**")
-                .permitAll()
                 .requestMatchers("/gdsc-actuator/**")
                 .permitAll()
                 .requestMatchers("/onboarding/verify-email")
@@ -111,8 +122,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
     @Bean
     public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
-        UserDetails user = User.withUsername(swaggerProperty.getUsername())
-                .password(passwordEncoder().encode(swaggerProperty.getPassword()))
+        UserDetails user = User.withUsername(basicAuthProperty.getUsername())
+                .password(passwordEncoder().encode(basicAuthProperty.getPassword()))
                 .roles("SWAGGER")
                 .build();
         return new InMemoryUserDetailsManager(user);

diff --git a/...gdsc/global/property/SwaggerProperty.java → ...sc/global/property/BasicAuthProperty.java b/...gdsc/global/property/SwaggerProperty.java → ...sc/global/property/BasicAuthProperty.java
@@ -6,8 +6,8 @@
 
 @Getter
 @AllArgsConstructor
-@ConfigurationProperties(prefix = "swagger")
-public class SwaggerProperty {
+@ConfigurationProperties(prefix = "auth")
+public class BasicAuthProperty {
 
     private final String username;
     private final String password;

diff --git a/src/main/resources/application-actuator.yml b/src/main/resources/application-actuator.yml
@@ -2,7 +2,7 @@ management:
   endpoints:
     web:
       exposure:
-        include: health
+        include: health, prometheus
       base-path: /gdsc-actuator
     jmx:
       exposure:
@@ -11,3 +11,5 @@ management:
   endpoint:
     health:
       enabled: true
+    prometheus:
+      enabled: true
diff --git a/src/main/resources/application-security.yml b/src/main/resources/application-security.yml
@@ -21,3 +21,7 @@ jwt:
       secret: ${JWT_REFRESH_TOKEN_SECRET:}
       expiration-time: ${JWT_REFRESH_TOKEN_EXPIRATION_TIME:604800}
   issuer: ${JWT_ISSUER:}
+
+auth:
+  username: ${SWAGGER_USER:default}
+  password: ${SWAGGER_PASSWORD:default}
diff --git a/src/main/resources/application-swagger.yml b/src/main/resources/application-swagger.yml
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -8,7 +8,6 @@ spring:
     include:
       - redis
       - security
-      - swagger
       - actuator
       - discord
       - email