Merge pull request #13 from iHangbot/refactor/member

chore: 비밀번호 암호화 및 user_id->username 변수명 변경
iHangbot · Aug 2, 2023 · 7d3e226 · 7d3e226
2 parents 0fef678 + e3c5d99
commit 7d3e226
Show file tree

Hide file tree

Showing 11 changed files with 81 additions and 52 deletions.
diff --git a/build.gradle b/build.gradle
@@ -23,4 +23,5 @@ dependencies {
 	implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.0.0'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.json:json:20220924'
+	implementation 'org.springframework.boot:spring-boot-starter-security'
 }
diff --git a/src/main/java/com/mz/ihangbot/IHangbotApplication.java b/src/main/java/com/mz/ihangbot/IHangbotApplication.java
@@ -2,8 +2,9 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 
-@SpringBootApplication
+@SpringBootApplication(exclude = SecurityAutoConfiguration.class)
 public class IHangbotApplication {
 
 	public static void main(String[] args) {

diff --git a/src/main/java/com/mz/ihangbot/common/advice/GlobalExceptionHandler.java b/src/main/java/com/mz/ihangbot/common/advice/GlobalExceptionHandler.java
@@ -47,13 +47,6 @@ protected ResponseEntity<BasicResponse> handleMethodArgumentTypeMismatchExceptio
         return new ResponseEntity<>(response, HttpStatus.BAD_REQUEST);
     }
 
-    @ExceptionHandler(AuthenticationException.class)
-    protected ResponseEntity<BasicResponse> handleAuthenticationException(AuthenticationException e) {
-        log.warn(e.getMessage(), e);
-        BasicResponse response = BasicResponse.of(ErrorCode.AUTH_ERROR);
-        return new ResponseEntity<>(response, HttpStatus.BAD_REQUEST);
-    }
-
     @ExceptionHandler(IllegalStateException.class)
     protected ResponseEntity<BasicResponse> handleIllegalStateException(IllegalStateException e) {
         log.error(e.getMessage(), e);

diff --git a/src/main/java/com/mz/ihangbot/common/exception/ErrorCode.java b/src/main/java/com/mz/ihangbot/common/exception/ErrorCode.java
@@ -14,11 +14,12 @@ public enum ErrorCode {
     MEMBER_NOT_FOUND(400, "ME_001", "사용자를 찾을 수 없습니다."),
     WRONG_PASSWORD(400, "ME_002","비밀번호가 틀립니다."),
 
+    DUPLICATED_USERNAME(400, "AU_001", "이미 존재하는 닉네임입니다."),
     DUPLICATED_EMAIL(400, "AU_002", "이미 존재하는 E-mail입니다."),
     UNAUTHORIZED_REDIRECT_URI(400, "AU_003", "인증되지 않은 REDIRECT_URI입니다."),
     BAD_LOGIN(400, "AU_004", "잘못된 아이디 또는 패스워드입니다."),
+    INVALID_PASSWORD(400, "AU_005", "잘못된 패스워드입니다."),
 
-    AUTH_ERROR(400, "AU_001", "계약서 작성자만 접근할 수 있습니다.")
     ;
 
     private final int status;

diff --git a/src/main/java/com/mz/ihangbot/member/controller/MemberController.java b/src/main/java/com/mz/ihangbot/member/controller/MemberController.java
@@ -27,43 +27,31 @@ public class MemberController {
     @PostMapping("/signUp")
     @Operation(summary = "회원가입", description = "회원가입을 진행합니다. 남자는 true(1), 여자는 false(0)입니다.")
     public ResponseEntity<BasicResponse> addMember(@RequestBody MemberRequestDTO requestDTO) {
-        String child_name = requestDTO.child_name;
-        String user_id = requestDTO.user_id;;
-        String password = requestDTO.password;;
-        String check_password = requestDTO.check_password;;
-        String email = requestDTO.email;
-        int child_age = requestDTO.child_age;
-        boolean child_gender = requestDTO.child_gender;
-
-        if (!password.equals(check_password))
-            return basicResponse.ok(
-                    new InvalidValueException(ErrorCode.WRONG_PASSWORD)
-            );
         return basicResponse.ok(
-                memberService.addMember(child_name, user_id, password, email, child_age, child_gender)
+                memberService.addMember(requestDTO)
         );
     }
 
     @GetMapping("/login")
     @Operation(summary = "로그인", description = "로그인을 진행합니다.")
-    public ResponseEntity<BasicResponse> findMember(@RequestParam String user_id, @RequestParam String password) {
+    public ResponseEntity<BasicResponse> findMember(@RequestParam String username, @RequestParam String password) {
         return basicResponse.ok(
-                memberService.login(user_id, password)
+                memberService.login(username, password)
         );
     }
 
-    @GetMapping("/{memberId}/profile")
+    @GetMapping("/{username}/profile")
     @Operation(summary = "회원 정보 조회", description = "회원 정보를 조회합니다.")
-    public ResponseEntity<BasicResponse> getMember(@PathVariable ("memberId") String memberId) {
+    public ResponseEntity<BasicResponse> getMember(@PathVariable ("username") String username) {
         return basicResponse.ok(
-                memberService.getMember(memberId)
+                memberService.getMember(username)
         );
     }
 
-    @PutMapping("/{memberId}/profile/setting")
+    @PutMapping("/{username}/profile/setting")
     @Operation(summary = "회원 정보 수정", description = "회원 정보를 수정합니다.")
-    public ResponseEntity<BasicResponse> updateMember(@PathVariable("memberId") String memberId, @RequestBody MemberUpdateRequestDTO requestDTO) {
-        MemberResponseDTO memberDTO = memberService.getMember(memberId);
+    public ResponseEntity<BasicResponse> updateMember(@PathVariable("username") String username, @RequestBody MemberUpdateRequestDTO requestDTO) {
+        MemberResponseDTO memberDTO = memberService.getMember(username);
 
         String child_name = requestDTO.child_name;
         int child_age = requestDTO.child_age;
@@ -79,7 +67,7 @@ public ResponseEntity<BasicResponse> updateMember(@PathVariable("memberId") Stri
         if (memberDTO.getEmail().equals(email) || email.equals("string"))
             email = memberDTO.getEmail();
 
-        memberService.updateMember(memberId, child_name, child_age, child_gender, email);
+        memberService.updateMember(username, child_name, child_age, child_gender, email);
         return basicResponse.noContent();
     }
 

diff --git a/src/main/java/com/mz/ihangbot/member/domain/Member.java b/src/main/java/com/mz/ihangbot/member/domain/Member.java
@@ -24,7 +24,7 @@ public class Member extends DateTimeEntity {
     private Long id;
 
     @Column(nullable = false)
-    private String user_id;
+    private String username;
 
     @Column(nullable = false)
     private String email;
@@ -52,8 +52,8 @@ public class Member extends DateTimeEntity {
     private List<Sentiment> sentiments = new ArrayList<>();
 
     @Builder
-    public Member(String user_id, String email, String password, String child_name, int child_age, boolean child_gender, double positive, double negative) {
-        this.user_id = user_id;
+    public Member(String username, String email, String password, String child_name, int child_age, boolean child_gender, double positive, double negative) {
+        this.username = username;
         this.email = email;
         this.password = password;
         this.child_name = child_name;

diff --git a/src/main/java/com/mz/ihangbot/member/dto/MemberRequestDTO.java b/src/main/java/com/mz/ihangbot/member/dto/MemberRequestDTO.java
@@ -9,7 +9,7 @@
 @NoArgsConstructor
 public class MemberRequestDTO {
 
-    public String user_id;
+    public String username;
     public String password;
     public String check_password;
     public String email;

diff --git a/src/main/java/com/mz/ihangbot/member/dto/MemberResponseDTO.java b/src/main/java/com/mz/ihangbot/member/dto/MemberResponseDTO.java
@@ -16,7 +16,7 @@
 public class MemberResponseDTO {
     private final Long id;
     private final String child_name;
-    private final String user_id;
+    private final String username;
     private final String password;
     private final String email;
     private final int child_age;
@@ -38,7 +38,7 @@ public static MemberResponseDTO from (Member member) {
         return MemberResponseDTO.builder()
                 .id(member.getId())
                 .child_name(member.getChild_name())
-                .user_id(member.getUser_id())
+                .username(member.getUsername())
                 .password(member.getPassword())
                 .email(member.getEmail())
                 .createdAt(member.getCreatedAt())

diff --git a/src/main/java/com/mz/ihangbot/member/repository/MemberRepository.java b/src/main/java/com/mz/ihangbot/member/repository/MemberRepository.java
@@ -11,11 +11,10 @@
 public interface MemberRepository extends JpaRepository<Member, Long> {
 
     @Query("select distinct m from Member m " +
-            "where m.user_id = :user_id and " +
-            "m.password = :password")
-    MemberResponseDTO findMemberByIdAndPassword(@Param("user_id")String user_id, @Param("password")String password);
+            "where m.username =:username")
+    MemberResponseDTO findMemberById(@Param("username")String username);
 
     @Query("select distinct m from Member m " +
-            "where m.user_id =:memberId")
-    MemberResponseDTO findMemberById(@Param("memberId")String memberId);
+            "where m.username =:username")
+    Optional<Member> findByUserName(@Param("username")String username);
 }
diff --git a/src/main/java/com/mz/ihangbot/member/service/MemberService.java b/src/main/java/com/mz/ihangbot/member/service/MemberService.java
@@ -1,12 +1,16 @@
 package com.mz.ihangbot.member.service;
 
+import com.mz.ihangbot.common.exception.BusinessException;
 import com.mz.ihangbot.common.exception.EntityNotFoundException;
 import com.mz.ihangbot.common.exception.ErrorCode;
+import com.mz.ihangbot.common.exception.InvalidValueException;
+import com.mz.ihangbot.member.dto.MemberRequestDTO;
 import com.mz.ihangbot.member.repository.MemberRepository;
 import com.mz.ihangbot.member.domain.Member;
 import com.mz.ihangbot.member.dto.MemberResponseDTO;
 import jakarta.transaction.Transactional;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 import java.util.Optional;
@@ -16,13 +20,27 @@
 public class MemberService {
 
     private final MemberRepository memberRepository;
+    private final PasswordEncoder passwordEncoder;
 
     @Transactional
-    public MemberResponseDTO addMember(String child_name, String user_id, String password, String email, int child_age, boolean child_gender) {
+    public MemberResponseDTO addMember(MemberRequestDTO requestDTO) {
+        String child_name = requestDTO.child_name;
+        String username = requestDTO.username;;
+        String password = requestDTO.password;;
+        String check_password = requestDTO.check_password;;
+        String email = requestDTO.email;
+        int child_age = requestDTO.child_age;
+        boolean child_gender = requestDTO.child_gender;
+
+        validateUnique(username);
+
+        if (!password.equals(check_password))
+            throw new InvalidValueException(ErrorCode.WRONG_PASSWORD);
+
         Member member = Member.builder()
                 .child_name(child_name)
-                .user_id(user_id)
-                .password(password)
+                .username(username)
+                .password(passwordEncoder.encode(password))
                 .email(email)
                 .child_age(child_age)
                 .child_gender(child_gender)
@@ -32,14 +50,20 @@ public MemberResponseDTO addMember(String child_name, String user_id, String pas
         return MemberResponseDTO.from(saved);
     }
 
-    public Member findMember(Long id) {
-        return memberRepository.findById(id)
+    public Member findMember(String username) {
+        return memberRepository.findByUserName(username)
                 .orElseThrow(() -> new EntityNotFoundException(ErrorCode.MEMBER_NOT_FOUND));
     }
 
     @Transactional
-    public MemberResponseDTO login(String user_id, String password) {
-        return memberRepository.findMemberByIdAndPassword(user_id, password);
+    public MemberResponseDTO login(String username, String password) {
+        Member member = findMember(username);
+
+        if (!passwordEncoder.matches(password, member.getPassword())) {
+            throw new InvalidValueException(ErrorCode.INVALID_PASSWORD);
+        }
+
+        return MemberResponseDTO.from(member);
     }
 
     @Transactional
@@ -48,10 +72,15 @@ public MemberResponseDTO getMember(String memberId) {
     }
 
     @Transactional
-    public void updateMember(String memberId, String child_name, int child_age, boolean child_gender, String email) {
-        MemberResponseDTO memberDTO = memberRepository.findMemberById(memberId);
-        Member member = findMember(memberDTO.getId());
+    public void updateMember(String username, String child_name, int child_age, boolean child_gender, String email) {
+        Member member = findMember(username);
         member.update(child_name, child_age, child_gender, email);
         memberRepository.save(member);
     }
+
+    private void validateUnique(String username) {
+        if (memberRepository.findByUserName(username).isPresent()) {
+            throw new BusinessException(ErrorCode.DUPLICATED_USERNAME);
+        }
+    }
 }
diff --git a/src/main/java/com/mz/ihangbot/security/config/SecurityConfig.java b/src/main/java/com/mz/ihangbot/security/config/SecurityConfig.java
@@ -0,0 +1,17 @@
+package com.mz.ihangbot.security.config;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@RequiredArgsConstructor
+public class SecurityConfig {
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    }
+}