Merge pull request #106 from Att-ies/feature/105-websocket-jwt-interc…

…eptor Feature/105 websocket jwt interceptor
Att-ies · Jan 19, 2023 · ffb9b45 · ffb9b45
2 parents 5e1b93c + 4381491
commit ffb9b45
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 3 deletions.
diff --git a/src/main/java/com/sptp/backend/common/StompHandler.java b/src/main/java/com/sptp/backend/common/StompHandler.java
@@ -0,0 +1,32 @@
+package com.sptp.backend.common;
+
+import com.sptp.backend.common.exception.CustomException;
+import com.sptp.backend.common.exception.ErrorCode;
+import com.sptp.backend.jwt.web.JwtTokenProvider;
+import lombok.RequiredArgsConstructor;
+import org.springframework.messaging.Message;
+import org.springframework.messaging.MessageChannel;
+import org.springframework.messaging.simp.stomp.StompCommand;
+import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
+import org.springframework.messaging.support.ChannelInterceptor;
+import org.springframework.stereotype.Component;
+
+@RequiredArgsConstructor
+@Component
+public class StompHandler implements ChannelInterceptor {
+    private final JwtTokenProvider jwtTokenProvider;
+
+    @Override
+    public Message<?> preSend(Message<?> message, MessageChannel channel) {
+        StompHeaderAccessor accessor = StompHeaderAccessor.wrap(message);
+
+        // websocket Authorization 헤더 위치는 http와 다르기 때문에 추가 구현
+        if (accessor.getCommand() == StompCommand.CONNECT) {
+            if (!jwtTokenProvider.validateToken(accessor.getFirstNativeHeader("Authorization"))) {
+                throw new CustomException(ErrorCode.TOKEN_INVALID);
+            }
+        }
+
+        return message;
+    }
+}
diff --git a/src/main/java/com/sptp/backend/common/config/WebSecurityConfig.java b/src/main/java/com/sptp/backend/common/config/WebSecurityConfig.java
@@ -50,10 +50,10 @@ protected void configure(HttpSecurity http) throws Exception {
                 .authorizeRequests() // 요청에 대한 사용권한 체크
                 .antMatchers("/members/join", "/members/login", "/oauth2/*", "/members/token",
                         "/artists/join", "/members/id", "/members/new-password", "/members/check-email",
-                        "/members/check-id", "/members/check-nickname").permitAll()
+                        "/members/check-id", "/members/check-nickname", "/ws-connection", "/app/send").permitAll()
                 .antMatchers(HttpMethod.PATCH, "/members").hasRole("USER")
                 .antMatchers(HttpMethod.PATCH, "/artists").hasRole("ARTIST")
-                .antMatchers(HttpMethod.POST, "/art-work").hasRole("ARTIST")
+                .antMatchers(HttpMethod.POST, "/art-works").hasRole("ARTIST")
                 .anyRequest().authenticated(); // 그외 나머지 요청은 인증 필요
 
         http.addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider, redisTemplate), UsernamePasswordAuthenticationFilter.class);

diff --git a/src/main/java/com/sptp/backend/common/config/WebSocketConfig.java b/src/main/java/com/sptp/backend/common/config/WebSocketConfig.java
@@ -1,15 +1,21 @@
 package com.sptp.backend.common.config;
 
+import com.sptp.backend.common.StompHandler;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.messaging.simp.config.ChannelRegistration;
 import org.springframework.messaging.simp.config.MessageBrokerRegistry;
 import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
 
 @Configuration
 @EnableWebSocketMessageBroker
+@RequiredArgsConstructor
 public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
 
+    private final StompHandler stompHandler;
+
     @Override
     public void configureMessageBroker(MessageBrokerRegistry registry) {
         // 전송자가 '/app/**' 경로로 메세지 전송
@@ -26,4 +32,9 @@ public void registerStompEndpoints(StompEndpointRegistry registry) {
                 .setAllowedOrigins("http://localhost:3000", "http://localhost:8080")
                 .withSockJS(); // websocket 미지원 브라우저를 위해 추가
     }
+
+    @Override
+    public void configureClientInboundChannel(ChannelRegistration registration) {
+        registration.interceptors(stompHandler);
+    }
 }
diff --git a/src/main/java/com/sptp/backend/common/exception/ErrorCode.java b/src/main/java/com/sptp/backend/common/exception/ErrorCode.java
@@ -32,7 +32,7 @@ public enum ErrorCode {
 
     //토큰 예외
     TOKEN_EXPIRED(HttpStatus.UNAUTHORIZED, "토큰이 만료되었습니다."),
-    TOKEN_INVALID(HttpStatus.NOT_FOUND, "토큰이 유효하지 않습니다."),
+    TOKEN_INVALID(HttpStatus.UNAUTHORIZED, "토큰이 유효하지 않습니다."),
 
     //채팅 예외
     NOT_FOUND_CHAT_ROOM(HttpStatus.NOT_FOUND, "존재하지 않는 채팅방입니다."),