Lv5/api logging

build.gradle

@@ -32,6 +32,7 @@ dependencies {
     annotationProcessor 'org.projectlombok:lombok'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
 
     // bcrypt
     implementation 'at.favre.lib:bcrypt:0.10.2'

src/main/java/org/example/expert/client/WeatherClient.java

@@ -3,7 +3,6 @@
 import org.example.expert.client.dto.WeatherDto;
 import org.example.expert.domain.common.exception.ServerException;
 import org.springframework.boot.web.client.RestTemplateBuilder;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Component;
 import org.springframework.web.client.RestTemplate;
@@ -26,13 +25,16 @@ public String getTodayWeather() {
         ResponseEntity<WeatherDto[]> responseEntity =
                 restTemplate.getForEntity(buildWeatherApiUri(), WeatherDto[].class);
 
+        if (!responseEntity.getStatusCode().is2xxSuccessful()) {
+            throw new ServerException(
+                    "날씨 데이터를 가져오는데 실패했습니다. 상태 코드: " + responseEntity.getStatusCode()
+            );
+        }
+
         WeatherDto[] weatherArray = responseEntity.getBody();
-        if (!HttpStatus.OK.equals(responseEntity.getStatusCode())) {
-            throw new ServerException("날씨 데이터를 가져오는데 실패했습니다. 상태 코드: " + responseEntity.getStatusCode());
-        } else {
-            if (weatherArray == null || weatherArray.length == 0) {
-                throw new ServerException("날씨 데이터가 없습니다.");
-            }
+
+        if (weatherArray == null || weatherArray.length == 0) {
+            throw new ServerException("날씨 데이터가 없습니다.");
         }
 
         String today = getCurrentDate();

src/main/java/org/example/expert/config/AuthUserArgumentResolver.java

@@ -7,11 +7,13 @@
 import org.example.expert.domain.user.enums.UserRole;
 import org.springframework.core.MethodParameter;
 import org.springframework.lang.Nullable;
+import org.springframework.stereotype.Component;
 import org.springframework.web.bind.support.WebDataBinderFactory;
 import org.springframework.web.context.request.NativeWebRequest;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.method.support.ModelAndViewContainer;
 
+@Component
 public class AuthUserArgumentResolver implements HandlerMethodArgumentResolver {
 
     @Override

src/main/java/org/example/expert/config/SecurityConfig.java

@@ -0,0 +1,20 @@
+package org.example.expert.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
+
+        return http.build();
+    }
+}

src/main/java/org/example/expert/config/WebMvcConfig.java

@@ -0,0 +1,31 @@
+package org.example.expert.config;
+
+import lombok.RequiredArgsConstructor;
+import org.example.expert.domain.common.interceptor.CheckAdminInterceptor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.List;
+
+@Configuration
+@RequiredArgsConstructor
+public class WebMvcConfig implements WebMvcConfigurer {
+
+    private final AuthUserArgumentResolver authUserArgumentResolver;
+    private final CheckAdminInterceptor checkAdminInterceptor;
+
+    @Override
+    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
+        resolvers.add(authUserArgumentResolver);
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(checkAdminInterceptor)
+                .addPathPatterns("/admin/**");
+    }
+
+
+}

src/main/java/org/example/expert/domain/admin/AdminFacade.java

@@ -0,0 +1,24 @@
+package org.example.expert.domain.admin;
+
+import lombok.RequiredArgsConstructor;
+import org.example.expert.domain.admin.service.CommentAdminService;
+import org.example.expert.domain.admin.dto.UserRoleChangeRequest;
+import org.example.expert.domain.admin.service.UserAdminService;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class AdminFacade {
+
+    private final CommentAdminService commentAdminService;
+    private final UserAdminService userAdminService;
+
+    public void deleteComment(long commentId) {
+        commentAdminService.deleteComment(commentId);
+    }
+
+    public void changeUserRole(long userId, UserRoleChangeRequest request) {
+        userAdminService.changeUserRole(userId, request);
+    }
+
+}

src/main/java/org/example/expert/domain/admin/controller/AdminController.java

@@ -0,0 +1,25 @@
+package org.example.expert.domain.admin.controller;
+
+import lombok.RequiredArgsConstructor;
+import org.example.expert.domain.admin.AdminFacade;
+import org.example.expert.domain.admin.dto.UserRoleChangeRequest;
+import org.springframework.web.bind.annotation.*;
+
+@RequestMapping("/admin")
+@RestController
+@RequiredArgsConstructor
+public class AdminController {
+
+    private final AdminFacade adminFacade;
+
+    @DeleteMapping("/comments/{commentId}")
+    public void deleteComment(@PathVariable long commentId) {
+        adminFacade.deleteComment(commentId);
+    }
+
+    @PatchMapping("/users/{userId}")
+    public void changeUserRole(@PathVariable long userId,
+                               @RequestBody UserRoleChangeRequest request) {
+        adminFacade.changeUserRole(userId, request);
+    }
+}

src/main/java/org/example/expert/domain/user/dto/request/UserRoleChangeRequest.java → src/main/java/org/example/expert/domain/admin/dto/UserRoleChangeRequest.java

@@ -1,4 +1,4 @@
-package org.example.expert.domain.user.dto.request;
+package org.example.expert.domain.admin.dto;
 
 import lombok.AllArgsConstructor;
 import lombok.Getter;

src/main/java/org/example/expert/domain/comment/service/CommentAdminService.java → src/main/java/org/example/expert/domain/admin/service/CommentAdminService.java

@@ -1,4 +1,4 @@
-package org.example.expert.domain.comment.service;
+package org.example.expert.domain.admin.service;
 
 import lombok.RequiredArgsConstructor;
 import org.example.expert.domain.comment.repository.CommentRepository;

src/main/java/org/example/expert/domain/user/service/UserAdminService.java → src/main/java/org/example/expert/domain/admin/service/UserAdminService.java

@@ -1,8 +1,8 @@
-package org.example.expert.domain.user.service;
+package org.example.expert.domain.admin.service;
 
 import lombok.RequiredArgsConstructor;
 import org.example.expert.domain.common.exception.InvalidRequestException;
-import org.example.expert.domain.user.dto.request.UserRoleChangeRequest;
+import org.example.expert.domain.admin.dto.UserRoleChangeRequest;
 import org.example.expert.domain.user.entity.User;
 import org.example.expert.domain.user.enums.UserRole;
 import org.example.expert.domain.user.repository.UserRepository;

src/main/java/org/example/expert/domain/auth/service/AuthService.java

@@ -26,13 +26,15 @@ public class AuthService {
     @Transactional
     public SignupResponse signup(SignupRequest signupRequest) {
 
+        if (userRepository.existsByEmail(signupRequest.getEmail())) {
+            throw new InvalidRequestException("이미 존재하는 이메일입니다.");
+        }
+
         String encodedPassword = passwordEncoder.encode(signupRequest.getPassword());
 
         UserRole userRole = UserRole.of(signupRequest.getUserRole());
 
-        if (userRepository.existsByEmail(signupRequest.getEmail())) {
-            throw new InvalidRequestException("이미 존재하는 이메일입니다.");
-        }
+
 
         User newUser = new User(
                 signupRequest.getEmail(),

src/main/java/org/example/expert/domain/common/aspect/LoggingAop.java

@@ -0,0 +1,55 @@
+package org.example.expert.domain.common.aspect;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+@Aspect
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class LoggingAop {
+
+    private final ObjectMapper objectMapper;
+
+    @Around("execution(* org.example.expert.domain.admin.controller.AdminController.*(..))")
+    public Object commentAop(ProceedingJoinPoint joinPoint) throws Throwable {
+        long start = System.currentTimeMillis(); // API 요청 시각
+
+        ServletRequestAttributes attr =
+                (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
+        HttpServletRequest request = attr.getRequest();
+
+        Object[] args = joinPoint.getArgs();
+        String requestBody = objectMapper.writeValueAsString(args); // 요청 본문
+
+
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        String userId = auth.getName();
+
+        Object result = joinPoint.proceed();
+
+        String responseBody = objectMapper.writeValueAsString(result); // 응답 본문
+        log.info(" 유저 아이디 : {}," +
+                        " API 요청 시각 : {}" +
+                        " API 요청 URL : {}" +
+                        " 요청 본문 : {}" +
+                        " 응답 본문 : {}",
+                userId,
+                start,
+                request.getRequestURI(),
+                requestBody,
+                responseBody);
+
+        return result;
+    }
+}

src/main/java/org/example/expert/domain/common/interceptor/CheckAdminInterceptor.java

@@ -0,0 +1,33 @@
+package org.example.expert.domain.common.interceptor;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.example.expert.domain.user.enums.UserRole;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import java.io.IOException;
+import java.time.LocalDateTime;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class CheckAdminInterceptor implements HandlerInterceptor {
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException {
+        UserRole userRole = UserRole.of((String)request.getAttribute("userRole"));
+        LocalDateTime reqTime = LocalDateTime.now();
+
+        if(!(userRole == UserRole.ADMIN)) {
+            log.warn("관리자 아님. 접근 거부");
+            response.sendError(HttpServletResponse.SC_FORBIDDEN, "관리자만 접근할 수 있습니다.");
+            return false;
+        }
+        log.info("관리자 인증 성공, 요청 시각 {}, 요청 URL {}", reqTime, request.getRequestURL());
+
+        return true;
+    }
+}

src/main/java/org/example/expert/domain/manager/service/ManagerService.java

@@ -35,6 +35,10 @@ public ManagerSaveResponse saveManager(AuthUser authUser, long todoId, ManagerSa
         Todo todo = todoRepository.findById(todoId)
                 .orElseThrow(() -> new InvalidRequestException("Todo not found"));
 
+        if(todo.getUser() == null) {
+            throw new InvalidRequestException("일정을 생성한 유저만 담당자를 지정할 수 있습니다.");
+        }
+
         if (!ObjectUtils.nullSafeEquals(user.getId(), todo.getUser().getId())) {
             throw new InvalidRequestException("일정을 생성한 유저만 담당자를 지정할 수 있습니다.");
         }

src/main/java/org/example/expert/domain/todo/repository/TodoRepository.java

@@ -3,9 +3,9 @@
 import org.example.expert.domain.todo.entity.Todo;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
+import org.springframework.data.jpa.repository.EntityGraph;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Query;
-import org.springframework.data.repository.query.Param;
 
 import java.util.Optional;
 
@@ -14,10 +14,6 @@ public interface TodoRepository extends JpaRepository<Todo, Long> {
     @Query("SELECT t FROM Todo t LEFT JOIN FETCH t.user u ORDER BY t.modifiedAt DESC")
     Page<Todo> findAllByOrderByModifiedAtDesc(Pageable pageable);
 
-    @Query("SELECT t FROM Todo t " +
-            "LEFT JOIN FETCH t.user " +
-            "WHERE t.id = :todoId")
-    Optional<Todo> findByIdWithUser(@Param("todoId") Long todoId);
-
-    int countById(Long todoId);
+    @EntityGraph(attributePaths = {"user"})
+    Optional<Todo> findTodoById(Long todoId);
 }

src/main/java/org/example/expert/domain/todo/service/TodoService.java

@@ -66,7 +66,7 @@ public Page<TodoResponse> getTodos(int page, int size) {
 
     @Transactional(readOnly = true)
     public TodoResponse getTodo(long todoId) {
-        Todo todo = todoRepository.findByIdWithUser(todoId)
+        Todo todo = todoRepository.findTodoById(todoId)
                 .orElseThrow(() -> new InvalidRequestException("Todo not found"));
 
         User user = todo.getUser();

src/main/java/org/example/expert/domain/user/controller/UserController.java

@@ -1,5 +1,6 @@
 package org.example.expert.domain.user.controller;
 
+import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.example.expert.domain.common.annotation.Auth;
 import org.example.expert.domain.common.dto.AuthUser;
@@ -21,7 +22,7 @@ public ResponseEntity<UserResponse> getUser(@PathVariable long userId) {
     }
 
     @PutMapping("/users")
-    public void changePassword(@Auth AuthUser authUser, @RequestBody UserChangePasswordRequest userChangePasswordRequest) {
+    public void changePassword(@Auth AuthUser authUser, @Valid @RequestBody UserChangePasswordRequest userChangePasswordRequest) {
         userService.changePassword(authUser.getId(), userChangePasswordRequest);
     }
 }