Merge pull request #31 from SafeNet-2024/feature/add-security

[feat] 발행, 구독시 토큰 검증 추가
SafeNet-2024 · Jun 12, 2024 · e8c0140 · e8c0140
2 parents 8fd4c6a + 3d65b5e
commit e8c0140
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/src/main/java/com/SafeNet/Backend/global/config/AuthChannelInterceptor.java b/src/main/java/com/SafeNet/Backend/global/config/AuthChannelInterceptor.java
@@ -29,8 +29,14 @@ public AuthChannelInterceptor(JwtTokenProvider jwtTokenProvider) {
     @Override
     public Message<?> preSend(Message<?> message, MessageChannel channel) {
         StompHeaderAccessor accessor = StompHeaderAccessor.wrap(message);
-        if (StompCommand.CONNECT.equals(accessor.getCommand())) {
+
+        if (StompCommand.CONNECT.equals(accessor.getCommand()) ||
+                StompCommand.SUBSCRIBE.equals(accessor.getCommand()) ||
+                StompCommand.SEND.equals(accessor.getCommand())) {
+
             String token = accessor.getFirstNativeHeader("ACCESS_TOKEN");
+            log.debug("Received ACCESS_TOKEN in Interceptor: {}", token);
+
             try {
                 if (token != null && token.startsWith("Bearer ")) {
                     token = token.substring(7);
@@ -48,6 +54,7 @@ public Message<?> preSend(Message<?> message, MessageChannel channel) {
                 throw e;
             }
         }
+
         return message;
     }
-}
+}
diff --git a/src/main/java/com/SafeNet/Backend/global/config/WebSockConfig.java b/src/main/java/com/SafeNet/Backend/global/config/WebSockConfig.java
@@ -32,4 +32,7 @@ public void registerStompEndpoints(StompEndpointRegistry registry) {
         registry.addEndpoint("/ws-stomp").setAllowedOriginPatterns("*") // stomp websocket 연결
                 .withSockJS();
     }
-}
+}
+
+// WebSocket 메시지의 헤더에서 ACCESS_TOKEN을 추출하고 검증
+// 유효한 토큰이 있는 경우 사용자 인증 정보를 설정하고, 유효하지 않은 경우 연결을 차단