Merge pull request #28 from milk-stone/nextwork

Nextwork: 이메일 형식을 확인하는 로직 추가

backend/.gitignore

@@ -39,4 +39,5 @@ out/
 ### Ignore DB Password
 src/main/resources/application-secret.yml
 dev.env
-ec2.dev
+ec2.dev
+src/main/resources/keystore.p12

backend/src/main/java/com/itec0401/backend/config/SecurityConfig.java

@@ -9,6 +9,7 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import java.util.Collections;
 
@@ -17,15 +18,17 @@
 public class SecurityConfig {
 
     // Security 단에서 Cors 설정하는 익명 클래스
+    @Bean
     CorsConfigurationSource corsConfigurationSource() {
-        return request -> {
-            CorsConfiguration config = new CorsConfiguration();
-            config.setAllowedHeaders(Collections.singletonList("*"));
-            config.setAllowedMethods(Collections.singletonList("*"));
-            config.setAllowedOriginPatterns(Collections.singletonList("http://localhost:5173")); // 허용할 origin
-            config.setAllowCredentials(true);
-            return config;
-        };
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOriginPatterns(Collections.singletonList("https://www.look-4-me.com")); // 허용할 origin
+        config.setAllowedHeaders(Collections.singletonList("*"));
+        config.setAllowedMethods(Collections.singletonList("*"));
+        config.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config); // 모든 경로에 대해 CORS 설정 적용
+        return source;
     }
 
     @Bean
@@ -35,6 +38,12 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                 .cors(corsConfigurer -> corsConfigurer.configurationSource(corsConfigurationSource()))
                 .csrf((csrf) -> csrf.disable())
                 .headers((headers) -> headers.disable());
+//                .authorizeRequests(authorizeRequests -> authorizeRequests
+//                        .anyRequest().authenticated() // 모든 요청은 인증 필요
+//                )
+//                .requiresChannel(channel -> channel
+//                        .anyRequest().requiresSecure() // 모든 요청을 HTTPS로 요구
+//                );
         return http.build();
     }
 

backend/src/main/java/com/itec0401/backend/domain/user/emailvalidator/EmailValidator.java

@@ -0,0 +1,15 @@
+package com.itec0401.backend.domain.user.emailvalidator;
+
+import java.util.regex.Pattern;
+
+public class EmailValidator {
+    private static final String EMAIL_REGEX = "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
+    private static final Pattern EMAIL_PATTERN = Pattern.compile(EMAIL_REGEX);
+
+    public static boolean isValidEmail(String email) {
+        if (email == null) {
+            return false;
+        }
+        return EMAIL_PATTERN.matcher(email).matches();
+    }
+}

backend/src/main/java/com/itec0401/backend/domain/user/service/UserServiceImpl.java

@@ -5,11 +5,13 @@
 import com.itec0401.backend.domain.style.entity.Style;
 import com.itec0401.backend.domain.style.service.StyleService;
 import com.itec0401.backend.domain.user.dto.*;
+import com.itec0401.backend.domain.user.emailvalidator.EmailValidator;
 import com.itec0401.backend.domain.user.entity.User;
 import com.itec0401.backend.domain.user.jwt.JwtTokenProvider;
 import com.itec0401.backend.domain.user.repository.UserRepository;
 import com.itec0401.backend.domain.usercolor.service.UserColorService;
 import com.itec0401.backend.domain.userstyle.service.UserStyleService;
+import com.itec0401.backend.global.exception.EmailValidationException;
 import jakarta.transaction.Transactional;
 import lombok.RequiredArgsConstructor;
 import org.slf4j.Logger;
@@ -85,6 +87,11 @@ public ResponseEntity<String> signIn(MemberDTO memberDTO) {
 
     @Override
     public ResponseEntity<Boolean> isEmailEmpty(String email) {
+        // 이메일이 적합한지 판단
+        if (!EmailValidator.isValidEmail(email)){
+//            throw new EmailValidationException("Invalid email format");
+            return new ResponseEntity<>(false, HttpStatus.OK);
+        }
         return new ResponseEntity<>(userRepository.findByEmail(email).isEmpty(), HttpStatus.OK);
     }
 

backend/src/main/java/com/itec0401/backend/global/exception/EmailValidationException.java

@@ -0,0 +1,5 @@
+package com.itec0401.backend.global.exception;
+
+public class EmailValidationException extends RuntimeException {
+    public EmailValidationException(String message) { super(message); }
+}

backend/src/main/java/com/itec0401/backend/global/exception/ExceptionControllerAdvice.java

@@ -38,4 +38,10 @@ public ResponseEntity<ErrorResult> CoordinationNotFoundException(CoordinationNot
         log.info("CoordinationNotFoundException: {}", e.getMessage());
         return new ResponseEntity<>(ErrorResult.builder().code("400").message("CoordinationNotFound-EX").build(), HttpStatus.BAD_REQUEST);
     }
+
+    @ExceptionHandler(EmailValidationException.class)
+    public ResponseEntity<ErrorResult> EmailValidationException(EmailValidationException e) {
+        log.info("EmailValidationException: {}", e.getMessage());
+        return new ResponseEntity<>(ErrorResult.builder().code("400").message("EmailValidation-EX").build(), HttpStatus.BAD_REQUEST);
+    }
 }

backend/src/main/resources/application.yml

@@ -44,5 +44,12 @@ server:
       force: true
   tomcat:
     max-http-form-post-size: 15MB
+  # Set https
+#  port: 8080
+#  ssl:
+#    key-store: classpath:keystore.p12
+#    key-store-password: ${HTTPS_KEY_STORE_PASSWORD}
+#    keyStoreType: ${HTTPS_KEY_STORE_TYPE}
+#    key-alias: ${HTTPS_KEY_ALIAS}
 JWT:
   SECRET-KEY: ${JWT_KEY}