전남대 BE_유보민 2주차 과제 (3단계)

README.md

@@ -21,3 +21,12 @@
 ### 프로그래밍 요구 사항
 1. Authorization 헤더가 유효하지 않거나 토큰이 유효하지 않은 경우 401 Unauthorized를 반환한다.
 2. 잘못된 로그인, 비밀번호 찾기, 비밀번호 변경 요청은 403 Forbidden을 반환한다.
+
+# 3단계 위시 리스트
+
+## 요구사항
+### 기능 요구사항
+이전 단계에서 로그인 후 받은 토큰을 사용하여 사용자별 위시 리스트 기능을 구현한다.
+1. 위시 리스트에 등록된 상품 목록을 조회할 수 있다.
+2. 위시 리스트에 상품을 추가할 수 있다.
+3. 위시 리스트에 담긴 상품을 삭제할 수 있다.

build.gradle

@@ -24,13 +24,13 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     implementation 'javax.xml.bind:jaxb-api:2.3.1'
     implementation 'org.springframework.boot:spring-boot-starter-validation'
-    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.6'
-    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.6'
-    implementation 'org.springframework.boot:spring-boot-starter-validation'
+    implementation 'io.jsonwebtoken:jjwt-impl:0.11.2'
+    implementation 'io.jsonwebtoken:jjwt-jackson:0.11.2'
     runtimeOnly 'com.h2database:h2'
-    compileOnly 'io.jsonwebtoken:jjwt-api:0.12.6'
+    compileOnly 'io.jsonwebtoken:jjwt-api:0.11.2'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
+
 }
 
 tasks.named('test') {

src/main/java/gift/Annotation/LoginMemberArgumentResolver.java

@@ -0,0 +1,56 @@
+package gift.Annotation;
+
+import gift.Model.User;
+import gift.Service.UserService;
+import gift.Utils.JwtUtil;
+import io.jsonwebtoken.Claims;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.MethodParameter;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+@Component
+public class LoginMemberArgumentResolver implements HandlerMethodArgumentResolver {
+    private final UserService userService;
+    private final JwtUtil jwtUtil;
+
+    @Autowired
+    public LoginMemberArgumentResolver(UserService userService, JwtUtil jwtUtil) {
+        this.userService = userService;
+        this.jwtUtil = jwtUtil;
+    }
+
+    @Override
+    public boolean supportsParameter(MethodParameter methodParameter) {
+        return methodParameter.getParameterType().equals(User.class);
+    }
+
+    @Override
+    public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) throws Exception {
+        HttpServletRequest request = (HttpServletRequest) nativeWebRequest.getNativeRequest();
+
+        // 쿠키에서 JWT 토큰 추출
+        String token = null;
+        if (request.getCookies() != null) {
+            for (Cookie cookie : request.getCookies()) {
+                if ("token".equals(cookie.getName())) {
+                    token = cookie.getValue();
+                    break;
+                }
+            }
+        }
+
+        if (token == null) {
+            throw new IllegalArgumentException("JWT token not found in cookies");
+        }
+
+        Claims claims = jwtUtil.decodeToken(token); //decode
+        String userEmail = claims.getSubject(); // subject를 email로 설정했기 때문에 userEmail로 사용
+        return userService.findByEmail(userEmail); //null이라면 인증된 것이 아닐 것이고 null이 아니라면 인증된 것
+    }
+}

src/main/java/gift/Annotation/LoginMemberResolver.java

@@ -0,0 +1,11 @@
+package gift.Annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.PARAMETER)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface LoginMemberResolver {
+}

src/main/java/gift/Config/WebConfig.java

@@ -0,0 +1,22 @@
+package gift.Config;
+
+import gift.Annotation.LoginMemberArgumentResolver;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.List;
+
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+
+    @Autowired
+    private LoginMemberArgumentResolver loginMemberResolverHandlerMethodArgumentResolver;
+
+    @Override
+    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
+        resolvers.add(loginMemberResolverHandlerMethodArgumentResolver);
+    }
+
+}

src/main/java/gift/Controller/GlobalExceptionHandler.java

@@ -1,5 +1,10 @@
 package gift.Controller;
 
+import gift.Exception.ForbiddenException;
+import gift.Exception.UnauthorizedException;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.ui.Model;
 import org.springframework.validation.FieldError;
@@ -20,11 +25,21 @@ public String handleMethodArgumentNotValid(MethodArgumentNotValidException ex, M
 
         // 에러가 발생한 URL에 따라 다시 해당 페이지로 돌아가기
         String requestUrl = request.getRequestURI();
-        if (requestUrl.equals("/api/products/create")) {
-            return "product_form"; // product_form 뷰로 포워딩
-        } else if (requestUrl.startsWith("/api/products/update")) {
+        if (requestUrl.equals("/api/products/create") || requestUrl.startsWith("/api/products/update")) {
             return "product_form"; // product_form 뷰로 포워딩
         }
+
         return "redirect:/api/products";
     }
+
+    @ExceptionHandler(UnauthorizedException.class)
+    public ResponseEntity<String> handleUnauthorizedException(UnauthorizedException ex) {
+        return new ResponseEntity<>(ex.getMessage(), HttpStatus.UNAUTHORIZED);
+    }
+
+    @ExceptionHandler(ForbiddenException.class)
+    public ResponseEntity<String> handleForbiddenException(ForbiddenException ex) {
+        return new ResponseEntity<>(ex.getMessage(), HttpStatus.FORBIDDEN);
+    }
+
 }

src/main/java/gift/Controller/ProductController.java

@@ -2,7 +2,9 @@
 
 import gift.Model.Product;
 import gift.Service.ProductService;
+
 import java.util.Optional;
+
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
 import jakarta.servlet.http.HttpServletRequest;
@@ -39,10 +41,10 @@ public String getAllProductsByUser(Model model) {
 
     @RequestMapping(value = "/api/products/create", method = {RequestMethod.GET, RequestMethod.POST})
     public String createProduct(@Valid @ModelAttribute Product product, HttpServletRequest request, Model model) {
-        if("GET".equalsIgnoreCase(request.getMethod())) {
+        if ("GET".equalsIgnoreCase(request.getMethod())) {
             model.addAttribute("product", new Product());
             return "product_form";
-        } else if("POST".equalsIgnoreCase(request.getMethod())) {
+        } else if ("POST".equalsIgnoreCase(request.getMethod())) {
             model.addAttribute("product", product);
             productService.saveProduct(product);
             return "redirect:/api/products";
@@ -52,11 +54,11 @@ public String createProduct(@Valid @ModelAttribute Product product, HttpServletR
 
     @RequestMapping(value = "/api/products/update/{id}", method = {RequestMethod.GET, RequestMethod.POST})
     public String updateProductById(@PathVariable Long id, @Valid @ModelAttribute Product productDetails, HttpServletRequest request, Model model) {
-        if("GET".equalsIgnoreCase(request.getMethod())) {
+        if ("GET".equalsIgnoreCase(request.getMethod())) {
             Optional<Product> optionalProduct = productService.getProductById(id);
             model.addAttribute("product", optionalProduct.get());
             return "product_form";
-        } else if("POST".equalsIgnoreCase(request.getMethod())) {
+        } else if ("POST".equalsIgnoreCase(request.getMethod())) {
             productService.updateProduct(id, productDetails);
             return "redirect:/api/products";
         }
@@ -70,4 +72,5 @@ public String deleteProduct(@PathVariable Long id, Model model) {
         productService.deleteProduct(id);
         return "redirect:/api/products";  // 제품 목록 페이지로 리디렉션
     }
+
 }

src/main/java/gift/Controller/UserController.java

@@ -1,52 +1,57 @@
 package gift.Controller;
 
-import gift.Model.Product;
 import gift.Model.User;
 import gift.Service.UserService;
-import jakarta.servlet.http.HttpServletRequest;
+import gift.Utils.JwtUtil;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import java.util.List;
+import org.springframework.web.bind.annotation.*;
+import jakarta.servlet.http.HttpServletRequest;
 
 @Controller
 public class UserController {
 
-    private UserService userService;
-    private JwtTokenProvider tokenProvider;
+    private final UserService userService;
+    private final JwtUtil jwtUtil;
 
     @Autowired
-    public UserController(UserService userService, JwtTokenProvider tokenProvider) {
+    public UserController(UserService userService, JwtUtil jwtUtil) {
         this.userService = userService;
-        this.tokenProvider = tokenProvider;
+        this.jwtUtil = jwtUtil;
     }
 
-    @RequestMapping(value = "/login", method = {RequestMethod.GET, RequestMethod.POST})
-    public String login(@ModelAttribute User user, Model model, HttpServletRequest request) {
-        if ("GET".equalsIgnoreCase(request.getMethod())) {
-            model.addAttribute("user", new User());
-            return "login";
-        } else if ("POST".equalsIgnoreCase(request.getMethod())) {
-            model.addAttribute("user", user);
-            List<User> users = userService.login(user);
-            if (users.isEmpty()) {
-                model.addAttribute("error", "유효하지 않은 아이디거나 비밀번호입니다.");
-                return "login";
-            }
+    @GetMapping("/login")
+    public String login(Model model) {
+        model.addAttribute("user", new User());
+        return "login";
+    }
+
+    @PostMapping(value = "/login")
+    public String login(@ModelAttribute User user, Model model, HttpServletResponse response) {
+        String email = user.getEmail();
+        String password = user.getPassword();
 
-            String email = user.getEmail();
+        boolean isAuthenticated = userService.authenticate(email, password);
+        if (isAuthenticated) {
             boolean isAdmin = userService.isAdmin(email);
-            String jwt = tokenProvider.generateToken(user, isAdmin);
-            model.addAttribute("token", jwt);
+            User authenticatedUser = userService.findByEmail(email);
+            String token = jwtUtil.generateToken(authenticatedUser, isAdmin);
+            // Set token in HttpOnly cookie
+            Cookie cookie = new Cookie("token", token);
+            cookie.setHttpOnly(true);
+            cookie.setPath("/");
+            response.addCookie(cookie);
+
             if (isAdmin) {
                 return "redirect:/api/products";
             }
             return "redirect:/products";
         }
+
+        model.addAttribute("error", "Authentication failed");
         return "login";
     }
 
@@ -58,6 +63,8 @@ public String register(@ModelAttribute User user, Model model, HttpServletReques
         } else if ("POST".equalsIgnoreCase(request.getMethod())) {
             model.addAttribute("user", user);
             userService.register(user);
+            model.addAttribute("message", "회원가입에 성공했습니다.");
+            return "login";
         }
         return "login";
     }

src/main/java/gift/Controller/WishListController.java

@@ -0,0 +1,50 @@
+package gift.Controller;
+
+import gift.Annotation.LoginMemberResolver;
+import gift.Model.User;
+import gift.Model.WishListItem;
+import gift.Service.WishListService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@Controller
+public class WishListController {
+    private final WishListService wishlistService;
+
+    @Autowired
+    public WishListController(WishListService wishlistService) {
+        this.wishlistService = wishlistService;
+    }
+
+    @GetMapping("/wishlist")
+    public String getWishlist(@LoginMemberResolver User user, Model model) {
+        List<WishListItem> wishlist = wishlistService.getWishlist(user.getId());
+        model.addAttribute("wishlist", wishlist);
+        return "wishlist";
+    }
+
+    @PostMapping("/wishlist/add")
+    public String addWishlistItem(@LoginMemberResolver User user, @RequestBody WishListItem wishListItem) {
+        if(user == null) {
+            return "redirect:/login";
+        }
+        wishListItem.setUserId(user.getId());
+        wishlistService.addWishlistItem(wishListItem);
+        return "redirect:/products";
+    }
+
+    @PostMapping("/wishlist/remove/{productId}")
+    public String removeWishlistItem(@LoginMemberResolver User user, @RequestBody WishListItem wishListItem) {
+        if(user == null) {
+            return "redirect:/login";
+        }
+
+        wishListItem.setUserId(user.getId());
+        wishlistService.removeWishlistItem(wishListItem);
+        return "redirect:/wishlist";
+    }
+}

src/main/java/gift/Exception/ForbiddenException.java

@@ -0,0 +1,11 @@
+package gift.Exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(HttpStatus.FORBIDDEN)
+public class ForbiddenException extends RuntimeException {
+    public ForbiddenException(String message) {
+        super(message);
+    }
+}

src/main/java/gift/Exception/UnauthorizedException.java

@@ -0,0 +1,11 @@
+package gift.Exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(HttpStatus.UNAUTHORIZED)
+public class UnauthorizedException extends RuntimeException {
+    public UnauthorizedException(String message) {
+        super(message);
+    }
+}