Merge pull request #398 from woowacourse-teams/develop

v.1.1.0

.github/workflows/deploy-backend-dev.yml

@@ -13,7 +13,7 @@ on:
     paths:
       - 'backend/**'
   workflow_dispatch:
-  
+
 defaults:
   run:
     working-directory: backend                        

.github/workflows/devploy-frontend-prod.yml

@@ -1,10 +1,6 @@
 name: Deploy Frontend Prod
 
 on:
-  push:
-    branches: [ "main" ]
-    paths:
-      - 'frontend/**'
   workflow_dispatch:
 
 defaults:

backend/.gitignore

@@ -39,3 +39,4 @@ out/
 /src/main/resources/application-security.yml
 /src/test/resources/application-security.yml
 /src/main/resources/static/docs/index.html
+/src/docs/asciidoc/index.html

backend/build.gradle

@@ -43,6 +43,9 @@ dependencies {
     testImplementation 'org.springframework.restdocs:spring-restdocs-restassured'
 
     implementation 'org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:3.3'
+
+    implementation 'org.springframework.boot:spring-boot-starter-actuator'
+    implementation 'io.micrometer:micrometer-registry-prometheus'
 }
 
 ext {

backend/src/docs/asciidoc/index.adoc

@@ -12,12 +12,6 @@
 === Github 로그인
 operation::auth/login[snippets='http-request,request-parameters,http-response,response-fields']
 
-=== 리프래시 토큰
-operation::auth/refresh[snippets='http-request,http-response']
-
-=== 로그아웃
-operation::auth/logout[snippets='http-request,http-response']
-
 [[Member]]
 == 회원
 
@@ -75,6 +69,23 @@ operation::article/update[snippets='http-request,request-headers,http-response']
 === 커뮤니티 삭제
 operation::article/delete[snippets='http-request,request-headers,http-response']
 
+[[Notice]]
+== 공지 게시글
+=== 공지 생성
+operation::write/notice[snippets='http-request,request-headers,request-fields,http-response']
+
+=== 공지 단건 조회
+operation::get/notice[snippets='http-request,request-headers,http-response,response-fields']
+
+=== 공지 전체 조회
+operation::get/notices[snippets='http-request,request-headers,http-response,response-fields']
+
+=== 공지 수정
+operation::update/notice[snippets='http-request,request-headers,http-response']
+
+=== 공지 삭제
+operation::delete/notice[snippets='http-request,request-headers,http-response']
+
 [[Reference-Room]]
 == 링크 공유
 

backend/src/main/java/com/woowacourse/moamoa/auth/config/AuthConfig.java

@@ -1,42 +1,55 @@
 package com.woowacourse.moamoa.auth.config;
 
 import com.woowacourse.moamoa.auth.controller.AuthenticatedMemberResolver;
-import com.woowacourse.moamoa.auth.controller.AuthenticatedRefreshArgumentResolver;
-import com.woowacourse.moamoa.auth.controller.AuthenticationArgumentResolver;
-import com.woowacourse.moamoa.auth.controller.AuthenticationInterceptor;
-
+import com.woowacourse.moamoa.auth.controller.interceptor.AuthenticationInterceptor;
+import com.woowacourse.moamoa.auth.controller.interceptor.PathMatcherContainer;
+import com.woowacourse.moamoa.auth.controller.interceptor.PathMatcherInterceptor;
+import com.woowacourse.moamoa.auth.infrastructure.TokenProvider;
 import java.util.List;
-
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
 @RequiredArgsConstructor
 public class AuthConfig implements WebMvcConfigurer {
 
-    private final AuthenticatedRefreshArgumentResolver authenticatedRefreshArgumentResolver;
-    private final AuthenticationInterceptor authenticationInterceptor;
-    private final AuthenticationArgumentResolver authenticationArgumentResolver;
     private final AuthenticatedMemberResolver authenticatedMemberResolver;
 
+    private final PathMatcherContainer pathMatcherContainer;
+    private final TokenProvider jwtTokenProvider;
+
     @Override
     public void addArgumentResolvers(final List<HandlerMethodArgumentResolver> resolvers) {
-        resolvers.add(authenticationArgumentResolver);
         resolvers.add(authenticatedMemberResolver);
-        resolvers.add(authenticatedRefreshArgumentResolver);
     }
 
     @Override
     public void addInterceptors(final InterceptorRegistry registry) {
-        registry.addInterceptor(authenticationInterceptor)
+        registry.addInterceptor(loginInterceptor())
                 .addPathPatterns("/**");
     }
 
+    private HandlerInterceptor loginInterceptor() {
+        return new PathMatcherInterceptor(new AuthenticationInterceptor(jwtTokenProvider), pathMatcherContainer)
+                .excludePathPattern("/**", HttpMethod.OPTIONS)
+                .includePathPattern("/api/studies/**", HttpMethod.POST)
+                .includePathPattern("/api/studies/**", HttpMethod.PUT)
+                .includePathPattern("/api/study/\\d+", HttpMethod.PUT)
+                .includePathPattern("/api/studies/**", HttpMethod.DELETE)
+                .includePathPattern("/api/members/me/**", HttpMethod.GET)
+                .includePathPattern("/api/auth/refresh", HttpMethod.GET)
+                .includePathPattern("/api/my/studies", HttpMethod.GET)
+                .includePathPattern("/api/studies/\\w+/community/articles/**", HttpMethod.GET)
+                .includePathPattern("/api/studies/\\d+/reference-room/links", HttpMethod.GET);
+    }
+
     @Bean
     public RestTemplate restTemplate() {
         return new RestTemplate();

backend/src/main/java/com/woowacourse/moamoa/auth/config/AuthenticatedMember.java → backend/src/main/java/com/woowacourse/moamoa/auth/config/AuthenticatedMemberId.java

@@ -7,5 +7,5 @@
 
 @Target(ElementType.PARAMETER)
 @Retention(RetentionPolicy.RUNTIME)
-public @interface AuthenticatedMember {
+public @interface AuthenticatedMemberId {
 }

backend/src/main/java/com/woowacourse/moamoa/auth/controller/AuthController.java

@@ -1,15 +1,12 @@
 package com.woowacourse.moamoa.auth.controller;
 
-import com.woowacourse.moamoa.auth.config.AuthenticatedRefresh;
-import com.woowacourse.moamoa.auth.config.AuthenticationPrincipal;
+import com.woowacourse.moamoa.auth.config.AuthenticatedMemberId;
 import com.woowacourse.moamoa.auth.service.AuthService;
+import com.woowacourse.moamoa.auth.service.oauthclient.OAuthClient;
+import com.woowacourse.moamoa.auth.service.oauthclient.response.GithubProfileResponse;
 import com.woowacourse.moamoa.auth.service.response.AccessTokenResponse;
-import com.woowacourse.moamoa.auth.service.response.TokensResponse;
 import lombok.RequiredArgsConstructor;
-import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CookieValue;
-import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -19,50 +16,19 @@
 @RequiredArgsConstructor
 public class AuthController {
 
-    private static final String REFRESH_TOKEN = "refreshToken";
-    private static final int REFRESH_TOKEN_EXPIRATION = 7 * 24 * 60 * 60;
-
     private final AuthService authService;
+    private final OAuthClient oAuthClient;
 
     @PostMapping("/api/auth/login")
     public ResponseEntity<AccessTokenResponse> login(@RequestParam final String code) {
-        final TokensResponse tokenResponse = authService.createToken(code);
-
-        final AccessTokenResponse response = new AccessTokenResponse(tokenResponse.getAccessToken(), authService.getExpireTime());
-        final ResponseCookie cookie = putTokenInCookie(tokenResponse);
+        final GithubProfileResponse profile = oAuthClient.getProfile(code);
+        final AccessTokenResponse token = authService.createToken(profile);
 
-        return ResponseEntity.ok().header("Set-Cookie", cookie.toString()).body(response);
+        return ResponseEntity.ok().body(token);
     }
 
     @GetMapping("/api/auth/refresh")
-    public ResponseEntity<AccessTokenResponse> refreshToken(@AuthenticatedRefresh Long githubId, @CookieValue String refreshToken) {
-        return ResponseEntity.ok().body(authService.refreshToken(githubId, refreshToken));
-    }
-
-    @DeleteMapping("/api/auth/logout")
-    public ResponseEntity<Void> logout(@AuthenticationPrincipal Long githubId) {
-        authService.logout(githubId);
-
-        return ResponseEntity.noContent().header("Set-Cookie", removeCookie().toString()).build();
-    }
-
-    private ResponseCookie putTokenInCookie(final TokensResponse tokenResponse) {
-        return ResponseCookie.from(REFRESH_TOKEN, tokenResponse.getRefreshToken())
-                .maxAge(REFRESH_TOKEN_EXPIRATION)
-                .path("/")
-                .sameSite("None")
-                .secure(true)
-                .httpOnly(true)
-                .build();
-    }
-
-    private ResponseCookie removeCookie() {
-        return ResponseCookie.from(REFRESH_TOKEN, null)
-                .maxAge(0)
-                .path("/")
-                .sameSite("None")
-                .secure(true)
-                .httpOnly(true)
-                .build();
+    public ResponseEntity<AccessTokenResponse> refresh(@AuthenticatedMemberId Long memberId) {
+        return ResponseEntity.ok().body(authService.refreshToken(memberId));
     }
 }

backend/src/main/java/com/woowacourse/moamoa/auth/controller/AuthenticatedMemberResolver.java

@@ -1,12 +1,9 @@
 package com.woowacourse.moamoa.auth.controller;
 
-import com.woowacourse.moamoa.auth.config.AuthenticatedMember;
+import com.woowacourse.moamoa.auth.config.AuthenticatedMemberId;
 import com.woowacourse.moamoa.auth.config.AuthenticationExtractor;
 import com.woowacourse.moamoa.auth.infrastructure.TokenProvider;
 import com.woowacourse.moamoa.common.exception.UnauthorizedException;
-import com.woowacourse.moamoa.member.domain.Member;
-import com.woowacourse.moamoa.member.domain.repository.MemberRepository;
-import com.woowacourse.moamoa.member.service.exception.MemberNotFoundException;
 import javax.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.core.MethodParameter;
@@ -20,12 +17,11 @@
 @RequiredArgsConstructor
 public class AuthenticatedMemberResolver implements HandlerMethodArgumentResolver {
 
-    private final MemberRepository memberRepository;
     private final TokenProvider tokenProvider;
 
     @Override
     public boolean supportsParameter(final MethodParameter parameter) {
-        return parameter.hasParameterAnnotation(AuthenticatedMember.class);
+        return parameter.hasParameterAnnotation(AuthenticatedMemberId.class);
     }
 
     @Override
@@ -38,9 +34,6 @@ public Object resolveArgument(final MethodParameter parameter, final ModelAndVie
             throw new UnauthorizedException("인증 타입이 올바르지 않습니다.");
         }
 
-        final Long githubId = Long.valueOf(tokenProvider.getPayload(token));
-
-        final Member member = memberRepository.findByGithubId(githubId).orElseThrow(MemberNotFoundException::new);
-        return member.getId();
+        return Long.valueOf(tokenProvider.getPayload(token));
     }
 }