Merge pull request #18 from Sopo2023/feat/#1

fix: security

.github/workflows/main.yml

@@ -27,13 +27,13 @@ jobs:
       - name: Build with Gradle
         run: ./gradlew bootJar
 
-      - name: Docker build & push to prod
+      - name: Build Docker image and push
         run: |
           docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
           docker build -f Dockerfile -t ${{ secrets.DOCKER_USERNAME }}/sopo_v2 . 
           docker push ${{ secrets.DOCKER_USERNAME }}/sopo_v2
 
-      - name: Deploy to prod
+      - name: Deploy to Production
         uses: appleboy/ssh-action@master
         id: deploy-prod
         with:
@@ -43,16 +43,24 @@ jobs:
           port: ${{ secrets.PORT }} #ssh port (22)
           envs: GITHUB_SHA
           script: |
-            docker stop sopo_v2
-            docker rm sopo_v2
-            docker rmi ${{ secrets.DOCKER_USERNAME }}/sopo_v2
+            docker stop sopo_v2 || true
+            docker rm sopo_v2 || true
+            docker rmi ${{ secrets.DOCKER_USERNAME }}/sopo_v2 || true
             docker pull ${{ secrets.DOCKER_USERNAME }}/sopo_v2
             docker run -d -p 8080:8080 --name sopo_v2 ${{ secrets.DOCKER_USERNAME }}/sopo_v2
-            
-            sudo docker pull redis:latest
-            sudo docker run -d --name redis -p 6379:6379 --network redis-network redis:latest
-            sudo docker rm -f alimo_redis alimo_app
-            docker rmi ${{ secrets.DOCKER_USERNAME }}/alimo:latest
+
+            docker stop redis || true
+            docker rm redis || true
+            docker rmi redis || true
+            docker pull redis:latest
+            docker run -d --name redis -p 6379:6379 redis:latest
+
+            docker stop alimo_redis || true
+            docker rm alimo_redis || true
             docker pull ${{ secrets.DOCKER_USERNAME }}/alimo:latest
-            sudo docker run -d --name alimo_redis_new redis:latest
+            docker run -d --name alimo_redis -p 6379:6379 redis:latest
+
+            docker stop alimo || true
+            docker rm alimo || true
+            docker rmi ${{ secrets.DOCKER_USERNAME }}/alimo:latest || true
             docker run -d -p 80:8080 --name alimo ${{ secrets.DOCKER_USERNAME }}/alimo:latest

src/main/java/kr/hs/dgsw/SOPO_server_v2/domain/auth/dto/res/TokenRes.java

@@ -1,5 +1,8 @@
 package kr.hs.dgsw.SOPO_server_v2.domain.auth.dto.res;
 
+import lombok.Builder;
+
+@Builder
 public record TokenRes(
         String accessToken,
         String refreshToken

src/main/java/kr/hs/dgsw/SOPO_server_v2/domain/auth/service/AuthService.java

@@ -35,7 +35,6 @@
 @Component
 @RequiredArgsConstructor
 public class AuthService {
-    private final AuthenticationManager authenticationManager;
     private final JwtProvider jwtProvider;
     private final AuthEmailService authEmailService;
     private final MemberRepository memberRepository;
@@ -78,13 +77,9 @@ public ResponseData<JsonWebTokenResponse> signIn(SignInReq signInReq){
             throw WrongPasswordException.EXCEPTION;
         }
 
-        Authentication authenticate = authenticationManager.authenticate(
-                new UsernamePasswordAuthenticationToken(signInReq.memberId(), signInReq.memberPassword()));
-
-        MemberEntity member =  ((CustomMemberDetails) authenticate.getPrincipal()).member();
         return ResponseData.of(HttpStatus.OK, "로그인 성공", JsonWebTokenResponse.builder()
-                .accessToken(jwtProvider.generateAccessToken(member.getMemberId(), member.getMemberState()))
-                .refreshToken(jwtProvider.generateRefreshToken(member.getMemberId(), member.getMemberState()))
+                .accessToken(jwtProvider.generateAccessToken(memberEntity.getMemberId(), memberEntity.getMemberState()))
+                .refreshToken(jwtProvider.generateRefreshToken(memberEntity.getMemberId(), memberEntity.getMemberState()))
                 .build());
     }
 

src/main/java/kr/hs/dgsw/SOPO_server_v2/domain/member/enums/MemberState.java

@@ -6,7 +6,7 @@
 @Getter
 @RequiredArgsConstructor
 public enum MemberState {
-    ACTIVE("STATE_ACTIVE"),
-    DELETED("STAVE_DELETED");
+    ACTIVE("ROLE_ACTIVE"),
+    DELETED("ROLE_DELETED");
     private final String key;
 }

src/main/java/kr/hs/dgsw/SOPO_server_v2/global/config/security/SecurityConfig.java

@@ -32,10 +32,8 @@
 @EnableWebSecurity
 @RequiredArgsConstructor
 public class SecurityConfig {
-    private final MemberDetailsService memberDetailsService;
     private final JwtFilter jwtFilter;
     private final JwtExceptionFilter jwtExceptionFilter;
-    private final PasswordEncoder passwordEncoder;
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
@@ -56,16 +54,16 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .requestMatchers("/auth/**").permitAll()
                 .requestMatchers("/email/**").permitAll()
                 .requestMatchers("/re_provide/**").permitAll()
-                .requestMatchers("/file/**").hasRole("ACTIVE")
-                .requestMatchers("/board/**").hasRole("ACTIVE")
-                .requestMatchers("/contest/**").hasRole("ACTIVE")
-                .requestMatchers("/like/**").hasRole("ACTIVE")
+                .requestMatchers("/file/**").hasAuthority("ROLE_ACTIVE")
+                .requestMatchers("/board/**").hasAuthority("ROLE_ACTIVE")
+                .requestMatchers("/contest/**").hasAuthority("ROLE_ACTIVE")
+                .requestMatchers("/like/**").hasAuthority("ROLE_ACTIVE")
                 .anyRequest().authenticated()
                 .and()
                 .formLogin().disable()
                 .exceptionHandling()
                 .accessDeniedHandler((req, res, e) -> jwtExceptionFilter.responseToClient(res, ErrorResponse.of(StatusEnum.INVALID_ROLE, "권한이 없습니다")))
-                .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.NOT_FOUND));
+                .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.FORBIDDEN));
 
         return http.build();
     }
@@ -83,17 +81,4 @@ public CorsConfigurationSource corsConfigurationSource() {
 
         return source;
     }
-
-    @Bean
-    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
-        return configuration.getAuthenticationManager();
-    }
-
-    @Bean
-    public AuthenticationProvider authenticationProvider() {
-        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
-        authenticationProvider.setUserDetailsService(memberDetailsService);
-        authenticationProvider.setPasswordEncoder(passwordEncoder);
-        return authenticationProvider;
-    }
 }

src/main/java/kr/hs/dgsw/SOPO_server_v2/global/infra/security/MemberDetailsService.java

@@ -1,20 +1,21 @@
 package kr.hs.dgsw.SOPO_server_v2.global.infra.security;
 
+import kr.hs.dgsw.SOPO_server_v2.domain.auth.dto.res.TokenRes;
 import kr.hs.dgsw.SOPO_server_v2.domain.member.entity.MemberEntity;
 import kr.hs.dgsw.SOPO_server_v2.domain.member.repository.MemberRepository;
+import kr.hs.dgsw.SOPO_server_v2.global.infra.jwt.JwtProvider;
 import lombok.RequiredArgsConstructor;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.stereotype.Component;
 
 @Component
 @RequiredArgsConstructor
-public class MemberDetailsService implements UserDetailsService {
+public class MemberDetailsService {
 
     private final MemberRepository memberRepository;
+    private final JwtProvider jwtProvider;
 
-    public UserDetails loadUserByUsername(String id) {
+    public TokenRes loadUserByUsername(String id) {
         MemberEntity memberEntity = memberRepository.findByMemberId(id);
-        return CustomMemberDetails.of(memberEntity);
+        return jwtProvider.generateToken(id, memberEntity.getMemberState());
     }
 }