fix: security 설정 정보 추가, 프로필 수정 검증 로직 추가

src/main/java/Funssion/Inforum/config/SecurityConfig.java

@@ -66,7 +66,12 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
                                 .requestMatchers(HttpMethod.OPTIONS, "/**/*").permitAll()
                                 //users 포함한 end point 보안 적용 X
                                 .requestMatchers(HttpMethod.GET,"/users/**").permitAll()
-                                .requestMatchers(HttpMethod.GET, "/users/profile/**").permitAll() // 개인 정보 수정은 권한 필요
+                                .requestMatchers("/users/authenticate-email",
+                                        "/users/authenticate-email/find",
+                                        "/users/password",
+                                        "/users/authenticate-code",
+                                        "/users/check-duplication").permitAll()
+                                .requestMatchers(HttpMethod.GET, "/users/profile/**").permitAll()
                                 .requestMatchers(HttpMethod.POST, "/users/login").authenticated() //spring security filter에서 redirect
                                 .requestMatchers(HttpMethod.GET,"/tags/**").permitAll()
                                 .requestMatchers("/oauth2/authorization/**").permitAll()

src/main/java/Funssion/Inforum/domain/member/controller/MemberController.java

@@ -1,25 +1,23 @@
 package Funssion.Inforum.domain.member.controller;
 
 
-import Funssion.Inforum.common.constant.CRUDType;
 import Funssion.Inforum.common.dto.IsSuccessResponseDto;
 import Funssion.Inforum.common.exception.badrequest.BadRequestException;
+import Funssion.Inforum.common.exception.etc.UnAuthorizedException;
 import Funssion.Inforum.common.exception.notfound.NotFoundException;
 import Funssion.Inforum.common.utils.SecurityContextUtils;
 import Funssion.Inforum.domain.member.dto.request.*;
 import Funssion.Inforum.domain.member.dto.response.*;
 import Funssion.Inforum.domain.member.service.MailService;
 import Funssion.Inforum.domain.member.service.MemberService;
 import Funssion.Inforum.domain.post.utils.AuthUtils;
-import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseCookie;
 import org.springframework.security.core.annotation.CurrentSecurityContext;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.web.bind.annotation.*;
@@ -160,6 +158,8 @@ public IsProfileSavedDto updateProfileImage(@PathVariable("id") Long userId,
                                                 @RequestPart(value = "introduce", required = false)String introduce,
                                                 @RequestPart(value = "tags", required = false) String tags){
 
+        if(isNotOwnerOfProfile(userId)) throw new UnAuthorizedException("해당 유저의 프로필 수정 권한이 없습니다.");
+
         List<String> tagList = exceptionHandleOfList(tags);
         MemberInfoDto memberInfoDto;
         try {
@@ -170,6 +170,9 @@ public IsProfileSavedDto updateProfileImage(@PathVariable("id") Long userId,
         return memberService.updateMemberProfile(userId,memberInfoDto);
     }
 
+    private boolean isNotOwnerOfProfile(Long userId) {
+        return !userId.equals(SecurityContextUtils.getAuthorizedUserId());
+    }
 
 
     @GetMapping("/find-email-by")