diff --git a/src/main/kotlin/com/wafflestudio/csereal/common/mockauth/DevAuthController.kt b/src/main/kotlin/com/wafflestudio/csereal/common/mockauth/DevAuthController.kt index 19110220..27319abc 100644 --- a/src/main/kotlin/com/wafflestudio/csereal/common/mockauth/DevAuthController.kt +++ b/src/main/kotlin/com/wafflestudio/csereal/common/mockauth/DevAuthController.kt @@ -17,7 +17,7 @@ import org.springframework.web.bind.annotation.RestController //TODO: 정식 릴리즈 후에는 dev 서버에서만 가능하게 @RestController -@RequestMapping("/api") +@RequestMapping("/api/v1") class DevAuthController( private val authenticationManager: AuthenticationManager, private val userRepository: UserRepository, diff --git a/src/main/kotlin/com/wafflestudio/csereal/core/news/api/NewsController.kt b/src/main/kotlin/com/wafflestudio/csereal/core/news/api/NewsController.kt index b0c3f872..193a097a 100644 --- a/src/main/kotlin/com/wafflestudio/csereal/core/news/api/NewsController.kt +++ b/src/main/kotlin/com/wafflestudio/csereal/core/news/api/NewsController.kt @@ -1,6 +1,8 @@ package com.wafflestudio.csereal.core.news.api +import com.wafflestudio.csereal.common.CserealException import com.wafflestudio.csereal.common.aop.AuthenticatedStaff +import com.wafflestudio.csereal.common.mockauth.CustomPrincipal import com.wafflestudio.csereal.core.news.dto.NewsDto import com.wafflestudio.csereal.core.news.dto.NewsSearchResponse import com.wafflestudio.csereal.core.news.service.NewsService @@ -13,7 +15,7 @@ import org.hibernate.validator.constraints.Length import org.springframework.data.domain.PageRequest import org.springframework.http.HttpStatus import org.springframework.http.ResponseEntity -import org.springframework.security.core.annotation.AuthenticationPrincipal +import org.springframework.security.core.Authentication import org.springframework.security.oauth2.core.oidc.user.OidcUser import org.springframework.web.bind.annotation.* import org.springframework.web.multipart.MultipartFile @@ -30,10 +32,16 @@ class NewsController( @RequestParam(required = false) keyword: String?, @RequestParam(required = false) pageNum: Int?, @RequestParam(required = false, defaultValue = "10") pageSize: Int, - @AuthenticationPrincipal oidcUser: OidcUser? + authentication: Authentication? ): ResponseEntity { - val isStaff = oidcUser?.let { - val username = it.idToken.getClaim("username") + val principal = authentication?.principal + + val isStaff = principal?.let { + val username = when (principal) { + is OidcUser -> principal.idToken.getClaim("username") + is CustomPrincipal -> principal.userEntity.username + else -> throw CserealException.Csereal401("Unsupported principal type") + } val user = userRepository.findByUsername(username) user?.role == Role.ROLE_STAFF } ?: false diff --git a/src/main/kotlin/com/wafflestudio/csereal/core/notice/api/NoticeController.kt b/src/main/kotlin/com/wafflestudio/csereal/core/notice/api/NoticeController.kt index 80a0a00b..611d7ba8 100644 --- a/src/main/kotlin/com/wafflestudio/csereal/core/notice/api/NoticeController.kt +++ b/src/main/kotlin/com/wafflestudio/csereal/core/notice/api/NoticeController.kt @@ -1,6 +1,8 @@ package com.wafflestudio.csereal.core.notice.api +import com.wafflestudio.csereal.common.CserealException import com.wafflestudio.csereal.common.aop.AuthenticatedStaff +import com.wafflestudio.csereal.common.mockauth.CustomPrincipal import com.wafflestudio.csereal.core.notice.dto.* import com.wafflestudio.csereal.core.notice.service.NoticeService import com.wafflestudio.csereal.core.user.database.Role @@ -12,7 +14,7 @@ import org.hibernate.validator.constraints.Length import org.springframework.data.domain.PageRequest import org.springframework.http.HttpStatus import org.springframework.http.ResponseEntity -import org.springframework.security.core.annotation.AuthenticationPrincipal +import org.springframework.security.core.Authentication import org.springframework.security.oauth2.core.oidc.user.OidcUser import org.springframework.web.bind.annotation.* import org.springframework.web.multipart.MultipartFile @@ -29,10 +31,16 @@ class NoticeController( @RequestParam(required = false) keyword: String?, @RequestParam(required = false) pageNum: Int?, @RequestParam(required = false, defaultValue = "20") pageSize: Int, - @AuthenticationPrincipal oidcUser: OidcUser? + authentication: Authentication? ): ResponseEntity { - val isStaff = oidcUser?.let { - val username = it.idToken.getClaim("username") + val principal = authentication?.principal + + val isStaff = principal?.let { + val username = when (principal) { + is OidcUser -> principal.idToken.getClaim("username") + is CustomPrincipal -> principal.userEntity.username + else -> throw CserealException.Csereal401("Unsupported principal type") + } val user = userRepository.findByUsername(username) user?.role == Role.ROLE_STAFF } ?: false diff --git a/src/main/kotlin/com/wafflestudio/csereal/core/reservation/api/ReservationController.kt b/src/main/kotlin/com/wafflestudio/csereal/core/reservation/api/ReservationController.kt index c48efc8e..e053955c 100644 --- a/src/main/kotlin/com/wafflestudio/csereal/core/reservation/api/ReservationController.kt +++ b/src/main/kotlin/com/wafflestudio/csereal/core/reservation/api/ReservationController.kt @@ -1,6 +1,8 @@ package com.wafflestudio.csereal.core.reservation.api +import com.wafflestudio.csereal.common.CserealException import com.wafflestudio.csereal.common.aop.AuthenticatedForReservation +import com.wafflestudio.csereal.common.mockauth.CustomPrincipal import com.wafflestudio.csereal.core.reservation.dto.ReservationDto import com.wafflestudio.csereal.core.reservation.dto.ReserveRequest import com.wafflestudio.csereal.core.reservation.dto.SimpleReservationDto @@ -8,7 +10,7 @@ import com.wafflestudio.csereal.core.reservation.service.ReservationService import com.wafflestudio.csereal.core.user.database.Role import com.wafflestudio.csereal.core.user.database.UserRepository import org.springframework.http.ResponseEntity -import org.springframework.security.core.annotation.AuthenticationPrincipal +import org.springframework.security.core.Authentication import org.springframework.security.oauth2.core.oidc.user.OidcUser import org.springframework.web.bind.annotation.DeleteMapping import org.springframework.web.bind.annotation.GetMapping @@ -54,10 +56,16 @@ class ReservationController( @GetMapping("/{reservationId}") fun getReservation( @PathVariable reservationId: Long, - @AuthenticationPrincipal oidcUser: OidcUser? + authentication: Authentication? ): ResponseEntity { - val isStaff = oidcUser?.let { - val username = it.idToken.getClaim("username") + val principal = authentication?.principal + + val isStaff = principal?.let { + val username = when (principal) { + is OidcUser -> principal.idToken.getClaim("username") + is CustomPrincipal -> principal.userEntity.username + else -> throw CserealException.Csereal401("Unsupported principal type") + } val user = userRepository.findByUsername(username) user?.role == Role.ROLE_STAFF } ?: false diff --git a/src/main/kotlin/com/wafflestudio/csereal/core/seminar/api/SeminarController.kt b/src/main/kotlin/com/wafflestudio/csereal/core/seminar/api/SeminarController.kt index d7705a6d..bbf80373 100644 --- a/src/main/kotlin/com/wafflestudio/csereal/core/seminar/api/SeminarController.kt +++ b/src/main/kotlin/com/wafflestudio/csereal/core/seminar/api/SeminarController.kt @@ -1,6 +1,8 @@ package com.wafflestudio.csereal.core.seminar.api +import com.wafflestudio.csereal.common.CserealException import com.wafflestudio.csereal.common.aop.AuthenticatedStaff +import com.wafflestudio.csereal.common.mockauth.CustomPrincipal import com.wafflestudio.csereal.core.seminar.dto.SeminarDto import com.wafflestudio.csereal.core.seminar.dto.SeminarSearchResponse import com.wafflestudio.csereal.core.seminar.service.SeminarService @@ -9,7 +11,7 @@ import com.wafflestudio.csereal.core.user.database.UserRepository import jakarta.validation.Valid import org.springframework.data.domain.PageRequest import org.springframework.http.ResponseEntity -import org.springframework.security.core.annotation.AuthenticationPrincipal +import org.springframework.security.core.Authentication import org.springframework.security.oauth2.core.oidc.user.OidcUser import org.springframework.web.bind.annotation.* import org.springframework.web.multipart.MultipartFile @@ -25,10 +27,16 @@ class SeminarController( @RequestParam(required = false) keyword: String?, @RequestParam(required = false) pageNum: Int?, @RequestParam(required = false, defaultValue = "10") pageSize: Int, - @AuthenticationPrincipal oidcUser: OidcUser? + authentication: Authentication? ): ResponseEntity { - val isStaff = oidcUser?.let { - val username = it.idToken.getClaim("username") + val principal = authentication?.principal + + val isStaff = principal?.let { + val username = when (principal) { + is OidcUser -> principal.idToken.getClaim("username") + is CustomPrincipal -> principal.userEntity.username + else -> throw CserealException.Csereal401("Unsupported principal type") + } val user = userRepository.findByUsername(username) user?.role == Role.ROLE_STAFF } ?: false diff --git a/src/main/kotlin/com/wafflestudio/csereal/core/user/api/UserController.kt b/src/main/kotlin/com/wafflestudio/csereal/core/user/api/UserController.kt index 828bbade..c538d33f 100644 --- a/src/main/kotlin/com/wafflestudio/csereal/core/user/api/UserController.kt +++ b/src/main/kotlin/com/wafflestudio/csereal/core/user/api/UserController.kt @@ -1,10 +1,11 @@ package com.wafflestudio.csereal.core.user.api import com.wafflestudio.csereal.common.CserealException +import com.wafflestudio.csereal.common.mockauth.CustomPrincipal import com.wafflestudio.csereal.core.user.dto.StaffAuthResponse import com.wafflestudio.csereal.core.user.service.UserService import org.springframework.http.ResponseEntity -import org.springframework.security.core.annotation.AuthenticationPrincipal +import org.springframework.security.core.Authentication import org.springframework.security.oauth2.core.oidc.user.OidcUser import org.springframework.web.bind.annotation.GetMapping import org.springframework.web.bind.annotation.RequestMapping @@ -17,15 +18,19 @@ class UserController( ) { @GetMapping("/is-staff") - fun isStaff(@AuthenticationPrincipal oidcUser: OidcUser?): ResponseEntity { - if (oidcUser == null) { - throw CserealException.Csereal401("로그인이 필요합니다.") + fun isStaff(authentication: Authentication?): ResponseEntity { + val principal = authentication?.principal ?: throw CserealException.Csereal401("로그인이 필요합니다.") + + val username = when (principal) { + is OidcUser -> principal.idToken.getClaim("username") + is CustomPrincipal -> principal.userEntity.username + else -> throw CserealException.Csereal401("Unsupported principal type") } - val username = oidcUser.idToken.getClaim("username") - if (userService.checkStaffAuth(username)) { - return ResponseEntity.ok(StaffAuthResponse(true)) + + return if (userService.checkStaffAuth(username)) { + ResponseEntity.ok(StaffAuthResponse(true)) } else { - return ResponseEntity.ok(StaffAuthResponse(false)) + ResponseEntity.ok(StaffAuthResponse(false)) } } }