Strong-Potato · Dr-KoKo · Jan 27, 2024 · Jan 26, 2024 · Jan 26, 2024 · Jan 27, 2024
diff --git a/app/src/main/java/fc/be/app/domain/notification/controller/NotificationController.java b/app/src/main/java/fc/be/app/domain/notification/controller/NotificationController.java
@@ -6,6 +6,7 @@
 import fc.be.app.domain.notification.application.dto.response.NotificationsResponse;
 import fc.be.app.global.config.security.model.user.UserPrincipal;
 import fc.be.app.global.http.ApiResponse;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.*;
 
@@ -28,13 +29,15 @@ public NotificationController(
     }
 
     @GetMapping
+    @PreAuthorize("isAuthenticated()")
     public ApiResponse<NotificationsResponse> getAllMemberNotifications(
             @AuthenticationPrincipal UserPrincipal userPrincipal
     ) {
         return ApiResponse.ok(notificationQueryService.findAllByMemberId(userPrincipal.id()));
     }
 
     @PostMapping("/subscribe")
+    @PreAuthorize("isAuthenticated()")
     public ApiResponse<Void> subscribe(
             @AuthenticationPrincipal UserPrincipal userPrincipal
     ) {
@@ -43,6 +46,7 @@ public ApiResponse<Void> subscribe(
     }
 
     @PostMapping("/unsubscribe")
+    @PreAuthorize("isAuthenticated()")
     public ApiResponse<Void> unsubscribe(
             @AuthenticationPrincipal UserPrincipal userPrincipal
     ) {
@@ -51,6 +55,7 @@ public ApiResponse<Void> unsubscribe(
     }
 
     @PatchMapping("/{notification-id}/read")
+    @PreAuthorize("isAuthenticated()")
     public ApiResponse<Void> read(
             @AuthenticationPrincipal UserPrincipal userPrincipal,
             @PathVariable("notification-id") final Long notificationId

diff --git a/app/src/main/java/fc/be/app/domain/vote/controller/VoteControllerImpl.java b/app/src/main/java/fc/be/app/domain/vote/controller/VoteControllerImpl.java
@@ -115,6 +115,7 @@ public ApiResponse<Void> deleteVote(
     }
 
     @GetMapping("/notVoted")
+    @PreAuthorize("isAuthenticated()")
     public ApiResponse<VotesResponse> notVotedList(@AuthenticationPrincipal UserPrincipal userPrincipal) {
         return ApiResponse.ok(voteInfoQueryService.findMemberVotes(userPrincipal.id()));
     }

diff --git a/app/src/main/java/fc/be/app/domain/vote/entity/Candidate.java b/app/src/main/java/fc/be/app/domain/vote/entity/Candidate.java
@@ -22,7 +22,7 @@ public class Candidate {
     @Comment("후보지 id")
     private Long id;
 
-    @OneToMany(mappedBy = "candidate")
+    @OneToMany(mappedBy = "candidate", cascade = {CascadeType.ALL})
     @Comment("후보에 투표한 회원 id(FK)")
     private List<VotedMember> votedMember;
 

diff --git a/app/src/main/java/fc/be/app/domain/vote/repository/VoteRepository.java b/app/src/main/java/fc/be/app/domain/vote/repository/VoteRepository.java
@@ -8,6 +8,6 @@
 
 public interface VoteRepository extends JpaRepository<Vote, Long>, VoteRepositoryCustom {
 
-    @Query("select v from Vote v where v.id not in (select vrm.voteId from VoteResultMember vrm where vrm.memberId = :memberId)")
+    @Query("select v from Vote v where v.space in (select jm.space from JoinedMember jm where jm.member.id=:memberId) and v.id not in (select vrm.voteId from VoteResultMember vrm where vrm.memberId = :memberId)")
     List<Vote> findVotesNotVotedByMember(Long memberId);
 }
diff --git a/app/src/main/java/fc/be/app/domain/vote/repository/VoteRepositoryCustomImpl.java b/app/src/main/java/fc/be/app/domain/vote/repository/VoteRepositoryCustomImpl.java
@@ -25,6 +25,7 @@ public List<Vote> search(SearchCondition searchCondition) {
         return jpaQueryFactory
                 .select(vote)
                 .from(vote)
+                .leftJoin(vote.votedMembers)
                 .where(booleanBuilderProvider(searchCondition))
                 .fetch();
     }

diff --git a/app/src/main/java/fc/be/app/domain/vote/repository/VoteResultMemberRepository.java b/app/src/main/java/fc/be/app/domain/vote/repository/VoteResultMemberRepository.java
@@ -2,6 +2,7 @@
 
 import fc.be.app.domain.vote.entity.VoteResultMember;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 
 import java.util.List;
@@ -14,6 +15,7 @@ public interface VoteResultMemberRepository extends JpaRepository<VoteResultMemb
     @Query("select vm from VoteResultMember vm where vm.memberId = :memberId and vm.voteId = :voteId")
     Optional<VoteResultMember> findByMemberIdAndVoteId(Long memberId, Long voteId);
 
+    @Modifying
     @Query("delete from VoteResultMember vm where vm.memberId = :memberId and vm.voteId = :voteId")
     void deleteByMemberIdAndVoteId(Long memberId, Long voteId);
 }
diff --git a/app/src/main/java/fc/be/app/domain/vote/repository/VotedMemberRepository.java b/app/src/main/java/fc/be/app/domain/vote/repository/VotedMemberRepository.java
@@ -2,6 +2,7 @@
 
 import fc.be.app.domain.vote.entity.VotedMember;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 
 import java.util.Optional;
@@ -11,6 +12,7 @@ public interface VotedMemberRepository extends JpaRepository<VotedMember, Long>
     @Query("select vm from VotedMember vm where vm.member.id = :memberId and vm.candidate.id = :candidateId")
     Optional<VotedMember> findByMemberIdAndCandidateId(Long memberId, Long candidateId);
 
+    @Modifying
     @Query("delete from VotedMember vm where vm.vote.id = :voteId")
     void deleteAllByVoteId(Long voteId);
 }
diff --git a/app/src/main/java/fc/be/app/domain/vote/service/service/VoteInfoQueryService.java b/app/src/main/java/fc/be/app/domain/vote/service/service/VoteInfoQueryService.java
@@ -82,6 +82,7 @@ public VotesResponse searchVotes(Long memberId, SearchCondition searchCondition)
                         vote.getVotedMembers()
                                 .stream()
                                 .map(votedMember -> MemberProfile.of(votedMember.getMember()))
+                                .distinct()
                                 .toList(),
                         SpaceInfo.of(vote.getSpace())))
                 .toList(),

diff --git a/app/src/main/java/fc/be/app/global/config/security/SecurityConfig.java b/app/src/main/java/fc/be/app/global/config/security/SecurityConfig.java
@@ -54,7 +54,7 @@ public class SecurityConfig {
 
     private static final String LOGIN_PROC_URL = "/login";
     private static final String FRONT_ROOT_URL = "https://tripvote.site";
-    private static final String[] TOKEN_COOKIE_KEY = {"access-token", "refresh-token"};
+    private static final String[] TOKEN_COOKIE_KEY = {"access-token", "refresh-token", "isLogin"};
 
     @Autowired
     public void authenticationManagerConfigure(AuthenticationManagerBuilder auth) {

diff --git a/...main/java/fc/be/app/global/config/security/handler/LoginAuthenticationSuccessHandler.java b/...main/java/fc/be/app/global/config/security/handler/LoginAuthenticationSuccessHandler.java
@@ -56,6 +56,9 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         CookieUtil.addCookie(response, tokenProperties.getRefreshTokenName(), refreshToken, Integer.parseInt(tokenProperties.getRefreshTokenCookieExpireTime()));
         CookieUtil.addCookieForLocal(response, tokenProperties.getRefreshTokenName(), refreshToken, Integer.parseInt(tokenProperties.getRefreshTokenCookieExpireTime()));
 
+        CookieUtil.addSessionCookie(response, "isLogin", "true");
+        CookieUtil.addSessionCookieForLocal(response, "isLogin", "true");
+
         response.setStatus(HttpStatus.OK.value());
         response.setContentType(MediaType.APPLICATION_JSON_VALUE);
         response.setCharacterEncoding("UTF-8");

diff --git a/...ain/java/fc/be/app/global/config/security/handler/OAuth2AuthenticationSuccessHandler.java b/...ain/java/fc/be/app/global/config/security/handler/OAuth2AuthenticationSuccessHandler.java
@@ -79,6 +79,9 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         CookieUtil.addCookie(response, tokenProperties.getRefreshTokenName(), refreshToken, Integer.parseInt(tokenProperties.getRefreshTokenCookieExpireTime()));
         CookieUtil.addCookieForLocal(response, tokenProperties.getRefreshTokenName(), refreshToken, Integer.parseInt(tokenProperties.getRefreshTokenCookieExpireTime()));
 
+        CookieUtil.addSessionCookie(response, "isLogin", "true");
+        CookieUtil.addSessionCookieForLocal(response, "isLogin", "true");
+
         response.sendRedirect("https://tripvote.site");
     }
 }
diff --git a/app/src/main/java/fc/be/app/global/util/CookieUtil.java b/app/src/main/java/fc/be/app/global/util/CookieUtil.java
@@ -42,6 +42,16 @@ public static void addCookieNotHttpOnly(HttpServletResponse response, String nam
         response.addCookie(cookie);
     }
 
+    public static void addSessionCookie(HttpServletResponse response, String name, String value) {
+        Cookie cookie = new Cookie(name, value);
+        cookie.setPath("/");
+        cookie.setDomain("tripvote.site");
+        cookie.setHttpOnly(false);
+        cookie.setSecure(true);
+        cookie.setAttribute("SameSite", "Lax");
+        response.addCookie(cookie);
+    }
+
     // TODO: Remove before product
     public static void addCookieForLocal(HttpServletResponse response, String name, String value, int maxAge) {
         Cookie cookie = new Cookie(name, value);
@@ -63,6 +73,15 @@ public static void addCookieNotHttpOnlyForLocal(HttpServletResponse response, St
         response.addCookie(cookie);
     }
 
+    public static void addSessionCookieForLocal(HttpServletResponse response, String name, String value) {
+        Cookie cookie = new Cookie(name, value);
+        cookie.setPath("/");
+        cookie.setHttpOnly(false);
+        cookie.setSecure(true);
+        cookie.setAttribute("SameSite", "Lax");
+        response.addCookie(cookie);
+    }
+
     public static void deleteCookie(HttpServletRequest request, HttpServletResponse response, String name) {
         Cookie[] cookies = request.getCookies();
         if (cookies == null) {