Merge branch 'kkj' into 'master'

refactor: enhance JWT token-based authentication for user login, post... See merge request !3

Merge branch 'kkj' into 'master'
d557c618 · Gwan Ju · 89154021 · 690a2d21 · d557c618 · d557c618
Commit d557c618 authored 1 year ago by Gwan Ju
--- a/src/main/java/umc/spring/post/controller/PostController.java
+++ b/src/main/java/umc/spring/post/controller/PostController.java
@@ -74,8 +74,14 @@ public class PostController {
    @PostMapping("/post/comments")
    @ResponseStatus(HttpStatus.OK)
    public void addComment(@RequestBody CommentDto commentDto){
+        try{
            postService.addComment(commentDto);
        }
+        catch(Exception e){
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found");
+
+        }
+    }

    @DeleteMapping("/post/comments")
    @ResponseStatus(HttpStatus.OK)

--- a/src/main/java/umc/spring/post/data/dto/CommentDto.java
+++ b/src/main/java/umc/spring/post/data/dto/CommentDto.java
@@ -6,7 +6,6 @@ import lombok.Data;
 public class CommentDto {

    private Long postId;
-    private Long userId;
    private String author;
    private String text;


--- a/src/main/java/umc/spring/post/service/PostServiceImpl.java
+++ b/src/main/java/umc/spring/post/service/PostServiceImpl.java
@@ -2,8 +2,9 @@ package umc.spring.post.service;


 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Service;
-import umc.spring.post.config.security.SecurityUtil;
+import org.springframework.web.server.ResponseStatusException;
 import umc.spring.post.data.dto.CommentDto;
 import umc.spring.post.data.dto.PostDto;
 import umc.spring.post.data.dto.PostResDto;
@@ -39,9 +40,7 @@ public class PostServiceImpl implements PostService{

    @Override
    public void upload(PostDto postDto){
-
        UserInfoDto userInfoDto = getCurrentMemberId();
-
        Post post = new Post();
        setPost(postDto, post);
        post.setAuthor(userInfoDto.getUserName());
@@ -70,7 +69,54 @@ public class PostServiceImpl implements PostService{
        Post post = postRepository.findById(id).orElseThrow(() -> new RuntimeException("id가 존재하지 않습니다."));;
        return PostResDto.toDTO(post);
    }
+    @Override
+    public boolean deletePost(Long id) {
+        // 토큰 받은 유저의 post인지 확인하기..
+        Optional<Post> byId = postRepository.findById(id);
+        if(byId.isPresent()){
+            UserInfoDto userInfoDto;
+            try {
+                userInfoDto = getCurrentMemberId();
+            }
+            catch(Exception e){
+                throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found");
+            }
+            if(Objects.equals(byId.get().getUserId(), userInfoDto.getUserId())){
+                postRepository.deleteById(id);
+                return true;
+            }
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Unauthorized: You do not have permission to delete this post.");
+        }
+        else return false;
+    }
+
+    @Override
+    public boolean editPost(PostDto postDto, Long id) {
+        // 토큰 받은 유저의 post인지
+        Optional<Post> byId = postRepository.findById(id);
+
+        if(byId.isPresent()){
+            UserInfoDto userInfoDto;
+            try {
+                userInfoDto = getCurrentMemberId();
+            }
+            catch(Exception e){
+                throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found");
+            }
+            Post post = byId.get();
+            if(Objects.equals(post.getUserId(), userInfoDto.getUserId())){
+                post.setTitle(postDto.getTitle() != null ? postDto.getTitle() : post.getTitle());
+                post.setBody(postDto.getBody() != null ? postDto.getBody() : post.getBody());
+                post.setImage(postDto.getImage() != null ? postDto.getImage() : post.getImage());
+                post.setModifiedTime(new Date());
+                postRepository.save(post);
+                return true;
+            }
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Unauthorized: You do not have permission to edit this post.");
+        }
+        else return false;

+    }
    @Override
    public void likeCrew(Long id) {
        UserInfoDto userInfoDto = getCurrentMemberId();
@@ -91,28 +137,7 @@ public class PostServiceImpl implements PostService{
        }
    }

-    @Override
-    public boolean deletePost(Long id) {
-        if(postRepository.findById(id).isPresent()){
-            postRepository.deleteById(id);
-            return true;
-        }
-        else return false;
-    }

-    @Override
-    public boolean editPost(PostDto postDto, Long id) {
-        Post post = postRepository.findById(id).orElseThrow(() -> new RuntimeException("id가 존재하지 않습니다."));;
-        if(post!=null){
-            post.setTitle(postDto.getTitle() != null ? postDto.getTitle() : post.getTitle());
-            post.setBody(postDto.getBody() != null ? postDto.getBody() : post.getBody());
-            post.setImage(postDto.getImage() != null ? postDto.getImage() : post.getImage());
-            post.setModifiedTime(new Date());
-            postRepository.save(post);
-            return true;
-        }
-        else return false;
-    }

    @Override
    public List<PostResDto> search(String title) {
@@ -129,7 +154,11 @@ public class PostServiceImpl implements PostService{

    @Override
    public void addComment(CommentDto commentDto){
+        // 토큰 받은 유저가 우리 회원인지
+
+        UserInfoDto userInfoDto = getCurrentMemberId();
        Comment comment = setComment(commentDto);
+        comment.setUserId(userInfoDto.getUserId());
        commentRepository.save(comment);
    }

@@ -137,7 +166,15 @@ public class PostServiceImpl implements PostService{
    public boolean deleteComment(Long id) {
        Optional<Comment> option = commentRepository.findById(id);
        if(option.isPresent()){
+            UserInfoDto userInfoDto;
+            try {
+                 userInfoDto = getCurrentMemberId();
+            }
+            catch(Exception e){
+                throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "token not found");
+            }
            Comment comment = option.get();
+            if(Objects.equals(userInfoDto.getUserId(), comment.getUserId())){
                Post post = comment.getPost();
                if(post!=null){
                    post.getComments().removeIf(data ->
@@ -147,24 +184,23 @@ public class PostServiceImpl implements PostService{
                }
                return true;
            }
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Unauthorized: You do not have permission to delete this comment.");
+        }
        else return false;
    }


    private Comment setComment(CommentDto commentDto) {
+
        Comment comment = new Comment();
        Post post = postRepository.findById(commentDto.getPostId()).orElseThrow(() -> new RuntimeException("id가 존재하지 않습니다."));
-
        post.getComments().add(comment);
-        comment.setPost(post);
-        post.setAuthor(userInfoDto.getUserName());
-
-        comment.setUserId(commentDto.getUserId());
-        comment.setTimestamp(new Date());
-        comment.setText(commentDto.getText());
-        comment.setAuthor(commentDto.getAuthor());
        comment.setPostId(commentDto.getPostId());
+        comment.setAuthor(commentDto.getAuthor());
+        comment.setText(commentDto.getText());
+        comment.setTimestamp(new Date());
        return comment;
+
    }

    private static void setPost(PostDto postDto, Post post) {