๐Ÿ’Ž๋ชฉํ‘œ

image.png

โญBackend

https://github.com/devbwoh/w24w15Security

๐Ÿ’กSong Model ์ถ”๊ฐ€

package kr.ac.kumoh.s20240000.w24w15Security.model

import org.springframework.data.annotation.Id
import org.springframework.data.mongodb.core.mapping.Document

@Document(collection = "songs")
data class Song(
    @Id val id: String? = null,
    val title: String,
    val singer: String,
    val rating: Int,
    val lyrics: String
)

๐Ÿ’ก Song Repository ์ถ”๊ฐ€

package kr.ac.kumoh.s20240000.w24w15Security.repository

import kr.ac.kumoh.s20240000.w24w15Security.model.Song
import org.springframework.data.mongodb.repository.MongoRepository

// Song์€ ์‚ฌ์šฉํ•  document, String์€ _id์˜ type
interface SongRepository : MongoRepository<Song,String> {
    // ๊ธฐ๋ณธ์ ์ธ ๋ฉ”์†Œ๋“œ๋Š” ๋ชจ๋‘ ๊ตฌํ˜„ํ•ด ์คŒ

    // ์ด๋ ‡๊ฒŒ ์ถ”๊ฐ€ํ•˜๋ฉด ์•Œ์•„์„œ ๊ตฌํ˜„ํ•ด ์คŒ
    fun findBySinger(singer: String): List<Song>
}

๐Ÿ’กSong Service ์ถ”๊ฐ€

package kr.ac.kumoh.s20240000.w24w15Security.service

import kr.ac.kumoh.s20240000.w24w15Security.model.Song
import kr.ac.kumoh.s20240000.w24w15Security.repository.SongRepository
import org.springframework.stereotype.Service

@Service
class SongService(private val repository: SongRepository) {
    fun addSong(song: Song): Song = repository.save(song)

    fun getAllSongs(): List<Song> = repository.findAll()
    fun getSongById(id: String): Song? = repository.findById(id).orElse(null)
    fun getSongBySinger(title: String): List<Song> = repository.findBySinger(title)

    fun updateSong(id: String, song: Song): Song? {
        val songTarget = repository.findById(id)

        return if (songTarget.isPresent) {
            val oldSong = songTarget.get()
            val updatedSong = oldSong.copy(
                title = song.title,
                singer = song.singer,
                rating = song.rating,
                lyrics = song.lyrics
            )
            repository.save(updatedSong)
        } else {
            null
        }
    }

    fun deleteSong(id: String): Boolean {
        return if (repository.existsById(id)) {
            repository.deleteById(id)
            true
        } else {
            false
        }
    }

}

๐Ÿ’กSong Controller ์ถ”๊ฐ€

package kr.ac.kumoh.s20240000.w24w15Security.controller

import kr.ac.kumoh.s20240000.w24w15Security.model.Song
import kr.ac.kumoh.s20240000.w24w15Security.service.SongService
import org.springframework.web.bind.annotation.*

@RestController
@RequestMapping("/api/songs")
@CrossOrigin(origins = ["<http://localhost:3000>"])
class SongController(private val service: SongService) {
    @PostMapping
    fun addSong(@RequestBody song: Song): Song = service.addSong(song)

    @GetMapping
    fun getAllSongs(): List<Song> = service.getAllSongs()

    @GetMapping("/{id}")
    fun getSongById(@PathVariable id: String): Song? = service.getSongById(id)

    @GetMapping("/singer/{singer}")
    fun getSongBySinger(@PathVariable singer: String): List<Song> = service.getSongBySinger(singer)

    @PutMapping("/{id}")
    fun updateSong(@PathVariable id: String, @RequestBody songDetails: Song): Song? =  service.updateSong(id, songDetails)

    @DeleteMapping("/{id}")
    fun deleteSong(@PathVariable id: String): Map<String, String> {
        return if (service.deleteSong(id))
            mapOf("status" to "deleted")
        else
            mapOf("status" to "not found")
    }
}

๐Ÿ’ก์‹คํ–‰ ํ™•์ธ

image.png

๐Ÿ’กSecurityConfig.kt

package kr.ac.kumoh.s20240000.w24w15Security.config

import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.web.SecurityFilterChain
import org.springframework.web.cors.CorsConfiguration
import org.springframework.web.cors.CorsConfigurationSource
import org.springframework.web.cors.UrlBasedCorsConfigurationSource

@Configuration
class SecurityConfig {

    // CORS ์„ค์ •์„ ์œ„ํ•œ CorsConfigurationSource ์ •์˜
    @Bean
    fun corsConfigurationSource(): CorsConfigurationSource {
        val configuration = CorsConfiguration()
        configuration.apply {
            allowedOrigins = listOf("<http://localhost:3000>") // ํ—ˆ์šฉํ•  ๋„๋ฉ”์ธ
            allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS") // ํ—ˆ์šฉํ•  HTTP ๋ฉ”์„œ๋“œ
            allowedHeaders = listOf("*") // ํ—ˆ์šฉํ•  ํ—ค๋”
            allowCredentials = true // ์ž๊ฒฉ ์ฆ๋ช…(์ฟ ํ‚ค ๋“ฑ)์„ ํ—ˆ์šฉํ• ์ง€ ์—ฌ๋ถ€
        }
        val source = UrlBasedCorsConfigurationSource()
        source.registerCorsConfiguration("/**", configuration) // ๋ชจ๋“  ๊ฒฝ๋กœ์— ์ ์šฉ
        return source
    }

    // SecurityFilterChain์„ ํ†ตํ•œ CORS ์„ค์ •
    @Bean
    fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
        return http
            .cors { it.configurationSource(corsConfigurationSource()) } // CORS ์„ค์ • ์ ์šฉ
            .authorizeHttpRequests { authz ->
                authz
                    .requestMatchers("/api/auth/**").permitAll() // ๋กœ๊ทธ์ธ, ํšŒ์›๊ฐ€์ž… ๊ฒฝ๋กœ๋Š” ํ—ˆ์šฉ
                    // TODO: ์‚ญ์ œํ•  ๊ฒƒ
                    .requestMatchers("/api/songs/**").permitAll()
                    .anyRequest().authenticated()
            }
            .csrf { csrf -> csrf.disable() }
            .build()
    }
}

image.png