[Feat, Fix] JwtToken added RidingLocation api fix

Author: ywha0929

pom.xml

@@ -58,6 +58,19 @@
 			<artifactId>gson</artifactId>
 			<version>2.10.1</version>
 		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt</artifactId>
+			<version>0.9.1</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-core</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
 	</dependencies>
 
 	<build>

src/main/java/com/sba/recordingserver/config/WebSecurityConfig.java

@@ -0,0 +1,46 @@
+package com.sba.recordingserver.config;
+
+import com.sba.recordingserver.security.JwtAuthenticationFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.web.filter.CorsFilter;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Autowired
+    private JwtAuthenticationFilter jwtAuthenticationFilter;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        // http 시큐리티 빌더
+        http.cors()			// WebMvcConfig에서 이미 설정했으므로 기본 cors 설정
+                .and()
+                .csrf()					// csrf는 현재 사용하지 않으므로 disable
+                .disable()
+                .httpBasic()			// token을 사용하므로 basic 인증 disable
+                .disable()
+                .sessionManagement()	// session 기반이 아님을 선언
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .authorizeRequests()	// /와 /autho/** 경로는 인증 안해도 됨
+                .antMatchers("/", "/member/**").permitAll()
+                .anyRequest()			// /와 /auth/** 이외의 모든 경로는 인증 해야 됨
+                .authenticated();
+
+        // filter 등록
+        // 매 요청마다
+        // CorsFilter 실행한 후에
+        // jwtAuthenticationFilter 실행한다.
+
+        http.addFilterAfter(jwtAuthenticationFilter, CorsFilter.class);
+//        http.addFilterBefore(
+//                jwtAuthenticationFilter,
+//                CorsFilter.class
+//        );
+    }
+}

src/main/java/com/sba/recordingserver/controller/MemberController.java

@@ -8,6 +8,7 @@
 import javax.transaction.Transactional;
 
 @RestController
+@RequestMapping("/member")
 public class MemberController {
     @Autowired
     MemberService memberService;
@@ -28,7 +29,8 @@ public ResponseNoDataDto registerBicycle(@RequestBody BicycleRegisterRequestDto
 
     @PostMapping(value="/login")
     @Transactional
-    public ResponseNoDataDto login(@RequestBody MemberLoginDto loginRequest) {
+    public ResponseDataDto login(@RequestBody MemberLoginDto loginRequest) {
+        System.out.println("login Reqeust");
         return memberService.handleLoginRequest(loginRequest);
     }
 

src/main/java/com/sba/recordingserver/controller/RidingLocationController.java

@@ -1,7 +1,8 @@
 package com.sba.recordingserver.controller;
 
 import com.sba.recordingserver.dto.ResponseDataDto;
-import com.sba.recordingserver.dto.UserLocationDto;
+import com.sba.recordingserver.dto.ResponseNoDataDto;
+import com.sba.recordingserver.dto.UserLocationResultDto;
 import com.sba.recordingserver.service.RidingLocationService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -16,8 +17,12 @@ public class RidingLocationController {
     RidingLocationService ridingLocationService;
 
     @GetMapping(value = "/riding_location/post_and_get")
-    public ResponseDataDto<List<UserLocationDto>> postLocationAndGetNearbyUsers(@RequestParam String memberId, @RequestParam Double longitude, @RequestParam Double latitude)
+    public ResponseDataDto<List<UserLocationResultDto>> postLocationAndGetNearbyUsers(@RequestParam String memberId, @RequestParam Double longitude, @RequestParam Double latitude, @RequestParam Boolean packMode, @RequestParam Double speed)
     {
-        return ridingLocationService.saveLocationAndReturnNearbyUsers(memberId, longitude, latitude);
+        return ridingLocationService.saveLocationAndReturnNearbyUsers(memberId, longitude, latitude, packMode, speed);
+    }
+    @GetMapping(value = "/riding_location/startRiding")
+    public ResponseNoDataDto prepareForStartRiding(@RequestParam String memberId) {
+        return ridingLocationService.checkDirtyMemoryRepository(memberId);
     }
 }

src/main/java/com/sba/recordingserver/dto/MemberLoginResultDto.java

@@ -0,0 +1,16 @@
+package com.sba.recordingserver.dto;
+
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.Setter;
+
+@AllArgsConstructor
+@Getter
+@Setter
+public class MemberLoginResultDto {
+    private String id;
+    private String nickname;
+    private String email;
+    private String token;
+}

src/main/java/com/sba/recordingserver/dto/UserLocationDto.java src/main/java/com/sba/recordingserver/dto/UserLocationResultDto.java

@@ -10,8 +10,8 @@
 @Setter
 @ToString
 @AllArgsConstructor
-public class UserLocationDto {
-    private String id;
+public class UserLocationResultDto {
+    private String nickname;
     private Double longitude;
     private Double latitude;
 }

src/main/java/com/sba/recordingserver/entity/RidingLocation.java

@@ -33,6 +33,7 @@ public class RidingLocation {
     @Column private String id;
     @Column private Double longitude;
     @Column private Double latitude;
+    @Column private Double speed;
 
 
     public RidingLocation() {

src/main/java/com/sba/recordingserver/repository/RidingCoordinateMemoryRepository.java

@@ -4,15 +4,20 @@
 import com.google.gson.Gson;
 
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
 public class RidingCoordinateMemoryRepository {
-    private static final RidingCoordinateMemoryRepository instance = new RidingCoordinateMemoryRepository();
+    private static RidingCoordinateMemoryRepository instance = null;
 
-    Map<String, List<Coordinate>> memoryRepository;
+    Map<String, List<Coordinate>> memoryRepository = new HashMap<>();
 
     public static RidingCoordinateMemoryRepository getInstance() {
+        if (instance == null) {
+            instance = new RidingCoordinateMemoryRepository();
+            System.out.println("created MemoryRepository instance");
+        }
         return instance;
     }
 
@@ -31,6 +36,8 @@ public void remove(String id) {
         memoryRepository.remove(id);
     }
     public String findById(String id) {
+        if(!memoryRepository.containsKey(id))
+            return null;
         List<Coordinate> list = memoryRepository.get(id);
         String json = new Gson().toJson(list);
         memoryRepository.remove(id);

src/main/java/com/sba/recordingserver/repository/RidingLocationRepository.java

@@ -17,8 +17,8 @@
 
 public interface RidingLocationRepository extends JpaRepository<RidingLocation,String> {
 
-    @Query(nativeQuery = true ,value="select l.id,l.longitude,l.latitude from ( select *, ST_Distance_Sphere(point(m.longitude,m.latitude),point(:longitude,:latitude)) as distance from riding_location m ) l where l.distance < 1000 and (l.id != :memberId) order by l.distance")
-    List<RidingLocation> findNearbyUsers(@Param("memberId") String memberId, @Param("longitude") Double longitude, @Param("latitude") Double latitude);
+    @Query(nativeQuery = true ,value="select l.id,l.longitude,l.latitude,l.speed from ( select *, ST_Distance_Sphere(point(m.longitude,m.latitude),point(:longitude,:latitude)) as distance from riding_location m ) l where l.distance < 100000 and (l.id != :memberId) and l.speed = :speed order by l.distance")
+    List<RidingLocation> findNearbyUsers(@Param("memberId") String memberId, @Param("longitude") Double longitude, @Param("latitude") Double latitude, @Param("speed") Double speed);
 
 
 //    @NamedNativeQuery(nativeQuery = true ,value="select * from ( select *, ST_Distance_Sphere(point(m.longitude,m.latitude),point(:longitude,:latitude)) as distance from riding_location m ) l where l.distance < 1000 and (l.id != :memberId) order by l.distance")

src/main/java/com/sba/recordingserver/security/JwtAuthenticationFilter.java

@@ -0,0 +1,54 @@
+package com.sba.recordingserver.security;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Slf4j
+@Component
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+    @Autowired
+    private TokenProvider tokenProvider;
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        try {
+            String token = parseBearerToken(request);
+            System.out.println("parsing");
+            if(token != null && !token.equalsIgnoreCase(null)) {
+                String userId = tokenProvider.validateAndGetUserId(token);
+                System.out.println(userId);
+                AbstractAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userId,null, AuthorityUtils.NO_AUTHORITIES);
+                authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
+                securityContext.setAuthentication(authenticationToken);
+                SecurityContextHolder.setContext(securityContext);
+            }
+        } catch(Exception e) {
+            e.printStackTrace();
+        }
+        filterChain.doFilter(request,response);
+    }
+
+    private String parseBearerToken(HttpServletRequest request) {
+        String bearerToken = request.getHeader("Authorization");
+        if(StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer")) {
+            return bearerToken.substring(7);
+        }
+        else
+            return null;
+    }
+}

src/main/java/com/sba/recordingserver/security/TokenProvider.java

@@ -0,0 +1,37 @@
+package com.sba.recordingserver.security;
+
+import com.sba.recordingserver.entity.Member;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+import javax.crypto.SecretKey;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.Date;
+
+@Slf4j
+@Service
+public class TokenProvider {
+    private static final String SECRET_KEY = "NMA8JPctFuna59f5";
+
+    public String create(Member member) {
+        Date expiryDate = Date.from(Instant.now().plus(1, ChronoUnit.DAYS));
+        return Jwts.builder()
+                .signWith(SignatureAlgorithm.HS512,SECRET_KEY)
+                .setSubject(member.getId())
+                .setIssuer("S-BA")
+                .setIssuedAt(new Date())
+                .setExpiration(expiryDate)
+                .compact();
+    }
+    public String validateAndGetUserId(String token) {
+        Claims claims = Jwts.parser()
+                .setSigningKey(SECRET_KEY)
+                .parseClaimsJws(token)
+                .getBody();
+        return claims.getSubject();
+    }
+}

src/main/java/com/sba/recordingserver/service/MemberService.java

@@ -5,6 +5,7 @@
 import com.sba.recordingserver.entity.Member;
 import com.sba.recordingserver.repository.BicycleRepository;
 import com.sba.recordingserver.repository.MemberRepository;
+import com.sba.recordingserver.security.TokenProvider;
 import com.sba.recordingserver.util.Util;
 import lombok.AllArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -26,6 +27,9 @@ public class MemberService {
     @Autowired
     private final BicycleRepository bicycleRepository;
 
+    @Autowired
+    private TokenProvider tokenProvider;
+
     private JavaMailSender emailSender;
 
 
@@ -47,22 +51,24 @@ public ResponseNoDataDto registerMember(MemberDto member) {
 
 
 
-    public ResponseNoDataDto handleLoginRequest(MemberLoginDto loginRequest) {
+    public ResponseDataDto<MemberLoginResultDto> handleLoginRequest(MemberLoginDto loginRequest) {
         Optional<Member> optionalMember = memberRepository.findById(loginRequest.getId());
+        MemberLoginResultDto memberLoginResultDto = null;
         if(optionalMember.isEmpty())
         {
             System.out.println(loginRequest.getId() + " is not in member db");
-            return new ResponseNoDataDto("no such id",406);
+            return new ResponseDataDto("no such id",406, null);
         }
         else if(!optionalMember.get().getPassword().equals(loginRequest.getPassword()))
         {
             System.out.println("invalid password " + optionalMember.get().getPassword() + " : " + loginRequest.getPassword());
-            return new ResponseNoDataDto("invalid password",406);
+            return new ResponseDataDto("invalid password",406,null);
         }
         else
         {
             System.out.println("login request for "+loginRequest.getId() + " successfully done");
-            return new ResponseNoDataDto("welcome " +optionalMember.get().getNickname(),200);
+            final String token = tokenProvider.create(optionalMember.get());
+            return new ResponseDataDto("OK",200,new MemberLoginResultDto(optionalMember.get().getId(),optionalMember.get().getNickname(), optionalMember.get().getEmail(), token));
         }
     }