feat: 어드민 권한 확인 로직 추가

src/main/java/com/aolda/itda/dto/auth/LoginResponseDTO.java

@@ -13,5 +13,5 @@ import java.util.List;
 @Builder
 public class LoginResponseDTO {
     private Boolean isAdmin;
-    private List<ProjectIdAndNameDTO> lists;
+    private List<ProjectIdAndNameDTO> projects;
 }

src/main/java/com/aolda/itda/service/AuthService.java

@@ -38,15 +38,16 @@ public class AuthService {
 
         String userId = user.get("id");
         String token = user.get("token");
+        String systemToken = getSystemToken(userId, loginRequestDTO.getPassword());
 
         if (userId == null || token == null) {
             throw new CustomException(ErrorCode.INVALID_USER_INFO);
         }
 
-        response.addHeader("X-Subject-Token", token);
+        response.addHeader("X-Subject-Token", systemToken != null ? systemToken : token);
         return LoginResponseDTO.builder()
-                .isAdmin(false)
-                .lists(getProjectsWithUser(user))
+                .isAdmin(systemToken != null)
+                .projects(getProjectsWithUser(user))
                 .build();
     }
 
@@ -88,6 +89,50 @@ public class AuthService {
                     "token", token);
     }
 
+    private String getSystemToken(String id, String password) {
+
+        String url = keystone + "/auth/tokens";
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_JSON);
+
+        String requestBody = "{\n" +
+                "    \"auth\": {\n" +
+                "        \"identity\": {\n" +
+                "            \"methods\": [\n" +
+                "                \"password\"\n" +
+                "            ],\n" +
+                "            \"password\": {\n" +
+                "                \"user\": {\n" +
+                "                    \"id\": \"" + id + "\",\n" +
+                "                    \"password\": \"" + password + "\"\n" +
+                "                }\n" +
+                "            }\n" +
+                "        },\n" +
+                "        \"scope\": {\n" +
+                "            \"system\": {\n" +
+                "                \"all\": true\n" +
+                "            }\n" +
+                "        }\n" +
+                "    }\n" +
+                "}";
+
+        HttpEntity<String> requestEntity;
+        ResponseEntity<Map> res;
+        try {
+            requestEntity = new HttpEntity<>(requestBody, headers);
+            res = restTemplate.postForEntity(url, requestEntity, Map.class);
+        } catch (RuntimeException e) {
+            return null;
+        }
+
+        Map<String, Object> resToken = (Map<String, Object>) res.getBody().get("token");
+        Map<String, Object> resUser = (Map<String, Object>) resToken.get("user");
+        String userId = (String) resUser.get("id");
+        String token = res.getHeaders().getFirst("X-Subject-Token");
+
+        return token;
+    }
+
     // 특정 사용자의 특정 프로젝트 내 최고 권한 반환
     public Map<String, String> getBestRoleWithinProject(String token, String projectId) throws JsonProcessingException {
         return getBestRoleWithinProject(Map.of(
@@ -107,7 +152,7 @@ public class AuthService {
         String url = keystone + "/role_assignments?user.id=" + userId + "&effective&include_names=true&scope.project.id=" + projectId;
 
         HttpHeaders headers = new HttpHeaders();
-        headers.set("X-Auth-Token", getAdminToken());
+        headers.set("X-Auth-Token", token);
 
         HttpEntity<String> requestEntity = new HttpEntity<>(headers);
         ResponseEntity<String> res = restTemplate.exchange(url, HttpMethod.GET, requestEntity, String.class);
@@ -151,7 +196,7 @@ public class AuthService {
         String url = keystone + "/users/" + userId + "/projects";
 
         HttpHeaders headers = new HttpHeaders();
-        headers.set("X-Auth-Token", getAdminToken());
+        headers.set("X-Auth-Token", token);
 
         HttpEntity<String> requestEntity = new HttpEntity<>(headers);
         ResponseEntity<String> res = restTemplate.exchange(url, HttpMethod.GET, requestEntity, String.class);
@@ -172,7 +217,7 @@ public class AuthService {
     private String validateTokenAndGetUserId(String token) throws JsonProcessingException {
         String url = keystone + "/auth/tokens";
         HttpHeaders headers = new HttpHeaders();
-        headers.set("X-Auth-Token", getAdminToken());
+        headers.set("X-Auth-Token", token);
         headers.set("X-Subject-Token", token);
         HttpEntity<String> requestEntity = new HttpEntity<>(headers);
         ResponseEntity<String> res;
@@ -184,4 +229,30 @@ public class AuthService {
         return objectMapper.readTree(res.getBody()).path("token").path("user").path("id").asText();
 
     }
+
+    private Boolean isAdmin(Map<String, String> user) throws JsonProcessingException {
+        String url = keystone + "/role_assignments?user.id=" + user.get("id") + "&scope.system&include_names";
+        HttpHeaders headers = new HttpHeaders();
+        headers.set("X-Auth-Token", user.get("token"));
+        HttpEntity<String> requestEntity = new HttpEntity<>(headers);
+        ResponseEntity<String> res;
+        try {
+            res = restTemplate.exchange(url, HttpMethod.GET, requestEntity, String.class);
+        } catch (RuntimeException e) {
+            e.printStackTrace();
+            System.out.println("runtime");
+            return false;
+        }
+        JsonNode node = objectMapper.readTree(res.getBody()).path("role_assignments");
+        String system_all = node.path("scope").path("system").path("all").asText();
+        String role = node.path("role").path("name").asText();
+        System.out.println("role: " + role);
+        if (system_all.equals("true") && role.equals("admin")) {
+            System.out.println(system_all);
+            return true;
+        }
+        System.out.println("hi");
+        return false;
+
+    }
 }