From 2c0f0dfe89e20feaef6ac74fb6046a16e44f25d0 Mon Sep 17 00:00:00 2001 From: milk-stone Date: Mon, 9 Dec 2024 00:28:18 +0900 Subject: [PATCH 1/3] =?UTF-8?q?feat:=20https=20=EC=84=A4=EC=A0=95=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/.gitignore | 3 ++- .../backend/config/SecurityConfig.java | 25 +++++++++++++------ backend/src/main/resources/application.yml | 7 ++++++ 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/backend/.gitignore b/backend/.gitignore index bdde09c..4ef3b51 100644 --- a/backend/.gitignore +++ b/backend/.gitignore @@ -39,4 +39,5 @@ out/ ### Ignore DB Password src/main/resources/application-secret.yml dev.env -ec2.dev \ No newline at end of file +ec2.dev +src/main/resources/keystore.p12 \ No newline at end of file diff --git a/backend/src/main/java/com/itec0401/backend/config/SecurityConfig.java b/backend/src/main/java/com/itec0401/backend/config/SecurityConfig.java index e44bf79..7626edf 100644 --- a/backend/src/main/java/com/itec0401/backend/config/SecurityConfig.java +++ b/backend/src/main/java/com/itec0401/backend/config/SecurityConfig.java @@ -9,6 +9,7 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import java.util.Collections; @@ -17,15 +18,17 @@ public class SecurityConfig { // Security 단에서 Cors 설정하는 익명 클래스 + @Bean CorsConfigurationSource corsConfigurationSource() { - return request -> { - CorsConfiguration config = new CorsConfiguration(); - config.setAllowedHeaders(Collections.singletonList("*")); - config.setAllowedMethods(Collections.singletonList("*")); - config.setAllowedOriginPatterns(Collections.singletonList("http://localhost:5173")); // 허용할 origin - config.setAllowCredentials(true); - return config; - }; + CorsConfiguration config = new CorsConfiguration(); + config.setAllowedOriginPatterns(Collections.singletonList("https://www.look-4-me.com")); // 허용할 origin + config.setAllowedHeaders(Collections.singletonList("*")); + config.setAllowedMethods(Collections.singletonList("*")); + config.setAllowCredentials(true); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", config); // 모든 경로에 대해 CORS 설정 적용 + return source; } @Bean @@ -35,6 +38,12 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .cors(corsConfigurer -> corsConfigurer.configurationSource(corsConfigurationSource())) .csrf((csrf) -> csrf.disable()) .headers((headers) -> headers.disable()); +// .authorizeRequests(authorizeRequests -> authorizeRequests +// .anyRequest().authenticated() // 모든 요청은 인증 필요 +// ) +// .requiresChannel(channel -> channel +// .anyRequest().requiresSecure() // 모든 요청을 HTTPS로 요구 +// ); return http.build(); } diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index ce621e6..bc5e0c8 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -44,5 +44,12 @@ server: force: true tomcat: max-http-form-post-size: 15MB + # Set https +# port: 8080 +# ssl: +# key-store: classpath:keystore.p12 +# key-store-password: ${HTTPS_KEY_STORE_PASSWORD} +# keyStoreType: ${HTTPS_KEY_STORE_TYPE} +# key-alias: ${HTTPS_KEY_ALIAS} JWT: SECRET-KEY: ${JWT_KEY} \ No newline at end of file From ff5a7371159cba2479a6abff6e091ee21fcee301 Mon Sep 17 00:00:00 2001 From: milk-stone Date: Mon, 9 Dec 2024 00:45:04 +0900 Subject: [PATCH 2/3] =?UTF-8?q?feat:=20=EC=9D=B4=EB=A9=94=EC=9D=BC=20?= =?UTF-8?q?=ED=98=95=EC=8B=9D=20=ED=99=95=EC=9D=B8=20=EB=A1=9C=EC=A7=81=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../user/emailvalidator/EmailValidator.java | 15 +++++++++++++++ .../domain/user/service/UserServiceImpl.java | 6 ++++++ .../exception/EmailValidationException.java | 5 +++++ .../exception/ExceptionControllerAdvice.java | 6 ++++++ 4 files changed, 32 insertions(+) create mode 100644 backend/src/main/java/com/itec0401/backend/domain/user/emailvalidator/EmailValidator.java create mode 100644 backend/src/main/java/com/itec0401/backend/global/exception/EmailValidationException.java diff --git a/backend/src/main/java/com/itec0401/backend/domain/user/emailvalidator/EmailValidator.java b/backend/src/main/java/com/itec0401/backend/domain/user/emailvalidator/EmailValidator.java new file mode 100644 index 0000000..e5b3708 --- /dev/null +++ b/backend/src/main/java/com/itec0401/backend/domain/user/emailvalidator/EmailValidator.java @@ -0,0 +1,15 @@ +package com.itec0401.backend.domain.user.emailvalidator; + +import java.util.regex.Pattern; + +public class EmailValidator { + private static final String EMAIL_REGEX = "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$"; + private static final Pattern EMAIL_PATTERN = Pattern.compile(EMAIL_REGEX); + + public static boolean isValidEmail(String email) { + if (email == null) { + return false; + } + return EMAIL_PATTERN.matcher(email).matches(); + } +} diff --git a/backend/src/main/java/com/itec0401/backend/domain/user/service/UserServiceImpl.java b/backend/src/main/java/com/itec0401/backend/domain/user/service/UserServiceImpl.java index a34287c..c26c795 100644 --- a/backend/src/main/java/com/itec0401/backend/domain/user/service/UserServiceImpl.java +++ b/backend/src/main/java/com/itec0401/backend/domain/user/service/UserServiceImpl.java @@ -5,11 +5,13 @@ import com.itec0401.backend.domain.style.entity.Style; import com.itec0401.backend.domain.style.service.StyleService; import com.itec0401.backend.domain.user.dto.*; +import com.itec0401.backend.domain.user.emailvalidator.EmailValidator; import com.itec0401.backend.domain.user.entity.User; import com.itec0401.backend.domain.user.jwt.JwtTokenProvider; import com.itec0401.backend.domain.user.repository.UserRepository; import com.itec0401.backend.domain.usercolor.service.UserColorService; import com.itec0401.backend.domain.userstyle.service.UserStyleService; +import com.itec0401.backend.global.exception.EmailValidationException; import jakarta.transaction.Transactional; import lombok.RequiredArgsConstructor; import org.slf4j.Logger; @@ -85,6 +87,10 @@ public ResponseEntity signIn(MemberDTO memberDTO) { @Override public ResponseEntity isEmailEmpty(String email) { + // 이메일이 적합한지 판단 + if (!EmailValidator.isValidEmail(email)){ + throw new EmailValidationException("Invalid email format"); + } return new ResponseEntity<>(userRepository.findByEmail(email).isEmpty(), HttpStatus.OK); } diff --git a/backend/src/main/java/com/itec0401/backend/global/exception/EmailValidationException.java b/backend/src/main/java/com/itec0401/backend/global/exception/EmailValidationException.java new file mode 100644 index 0000000..29500c6 --- /dev/null +++ b/backend/src/main/java/com/itec0401/backend/global/exception/EmailValidationException.java @@ -0,0 +1,5 @@ +package com.itec0401.backend.global.exception; + +public class EmailValidationException extends RuntimeException { + public EmailValidationException(String message) { super(message); } +} diff --git a/backend/src/main/java/com/itec0401/backend/global/exception/ExceptionControllerAdvice.java b/backend/src/main/java/com/itec0401/backend/global/exception/ExceptionControllerAdvice.java index 47ff0bf..43c5ee7 100644 --- a/backend/src/main/java/com/itec0401/backend/global/exception/ExceptionControllerAdvice.java +++ b/backend/src/main/java/com/itec0401/backend/global/exception/ExceptionControllerAdvice.java @@ -38,4 +38,10 @@ public ResponseEntity CoordinationNotFoundException(CoordinationNot log.info("CoordinationNotFoundException: {}", e.getMessage()); return new ResponseEntity<>(ErrorResult.builder().code("400").message("CoordinationNotFound-EX").build(), HttpStatus.BAD_REQUEST); } + + @ExceptionHandler(EmailValidationException.class) + public ResponseEntity EmailValidationException(EmailValidationException e) { + log.info("EmailValidationException: {}", e.getMessage()); + return new ResponseEntity<>(ErrorResult.builder().code("400").message("EmailValidation-EX").build(), HttpStatus.BAD_REQUEST); + } } From 97e43539116d14bae780b8cdf0643d9b2a06c860 Mon Sep 17 00:00:00 2001 From: milk-stone Date: Mon, 9 Dec 2024 01:25:57 +0900 Subject: [PATCH 3/3] =?UTF-8?q?fix:=20=EC=9D=B4=EB=A9=94=EC=9D=BC=20?= =?UTF-8?q?=ED=98=95=EC=8B=9D=EC=9D=B4=20=EC=98=AC=EB=B0=94=EB=A5=B4?= =?UTF-8?q?=EC=A7=80=20=EC=95=8A=EC=9D=84=20=EB=95=8C=EC=9D=98=20=EB=B0=98?= =?UTF-8?q?=ED=99=98=EA=B0=92=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../itec0401/backend/domain/user/service/UserServiceImpl.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/com/itec0401/backend/domain/user/service/UserServiceImpl.java b/backend/src/main/java/com/itec0401/backend/domain/user/service/UserServiceImpl.java index c26c795..db77d5f 100644 --- a/backend/src/main/java/com/itec0401/backend/domain/user/service/UserServiceImpl.java +++ b/backend/src/main/java/com/itec0401/backend/domain/user/service/UserServiceImpl.java @@ -89,7 +89,8 @@ public ResponseEntity signIn(MemberDTO memberDTO) { public ResponseEntity isEmailEmpty(String email) { // 이메일이 적합한지 판단 if (!EmailValidator.isValidEmail(email)){ - throw new EmailValidationException("Invalid email format"); +// throw new EmailValidationException("Invalid email format"); + return new ResponseEntity<>(false, HttpStatus.OK); } return new ResponseEntity<>(userRepository.findByEmail(email).isEmpty(), HttpStatus.OK); }