[Feature] - 인가 구현

backend/src/main/java/woowacourse/touroot/authentication/infrastructure/JwtTokenProvider.java

@@ -1,12 +1,16 @@
 package woowacourse.touroot.authentication.infrastructure;
 
+import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.security.Keys;
-import java.util.Date;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
+import woowacourse.touroot.global.exception.UnauthorizedException;
 import woowacourse.touroot.member.domain.Member;
 
+import java.nio.charset.StandardCharsets;
+import java.util.Date;
+
 @Component
 public class JwtTokenProvider {
 
@@ -34,4 +38,20 @@ public String createToken(Member member) {
                 .signWith(Keys.hmacShaKeyFor(secretKey.getBytes()))
                 .compact();
     }
+
+    public String decode(String token) {
+        try {
+            return Jwts.parserBuilder()
+                    .setSigningKey(secretKey.getBytes(StandardCharsets.UTF_8))
+                    .build()
+                    .parseClaimsJws(token)
+                    .getBody()
+                    .get(MEMBER_ID_KEY)
+                    .toString();
+        } catch (ExpiredJwtException exception) {
+            throw new UnauthorizedException("이미 만료된 토큰입니다.", exception.getCause());
+        } catch (Exception exception) {
+            throw new UnauthorizedException("유효하지 않은 토큰입니다.", exception.getCause());
+        }
+    }
 }

backend/src/main/java/woowacourse/touroot/global/auth/JwtAuthFilter.java

@@ -0,0 +1,83 @@
+package woowacourse.touroot.global.auth;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.web.filter.OncePerRequestFilter;
+import woowacourse.touroot.authentication.infrastructure.JwtTokenProvider;
+import woowacourse.touroot.global.auth.dto.HttpRequestInfo;
+import woowacourse.touroot.global.exception.dto.ExceptionResponse;
+
+import java.io.IOException;
+import java.util.List;
+
+@RequiredArgsConstructor
+@Slf4j
+@Component
+public class JwtAuthFilter extends OncePerRequestFilter {
+
+    private final ObjectMapper objectMapper;
+    private final JwtTokenProvider tokenProvider;
+
+    private static final List<HttpRequestInfo> WHITE_LIST = List.of(
+            new HttpRequestInfo(HttpMethod.GET, "/ping"),
+            new HttpRequestInfo(HttpMethod.GET, "/h2-console/**"),
+            new HttpRequestInfo(HttpMethod.POST, "/h2-console/**"),
+            new HttpRequestInfo(HttpMethod.GET, "/favicon/**"),
+            new HttpRequestInfo(HttpMethod.GET, "/swagger-ui/**"),
+            new HttpRequestInfo(HttpMethod.GET, "/swagger-resources/**"),
+            new HttpRequestInfo(HttpMethod.GET, "/v3/api-docs/**"),
+            new HttpRequestInfo(HttpMethod.GET, "/api/v1/travelogues/**"),
+            new HttpRequestInfo(HttpMethod.GET, "/api/v1/travel-plans/**"),
+            new HttpRequestInfo(HttpMethod.GET, "/api/v1/login/**")
+    );
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+        String token = request.getHeader(HttpHeaders.AUTHORIZATION);
+        if (token == null) {
+            sendUnauthorizedResponse(response, "로그인을 해주세요.");
+            return;
+        }
+
+        token = token.split("Bearer|bearer")[1];
+        try {
+            String memberId = tokenProvider.decode(token);
+            request.setAttribute("memberId", memberId);
+            filterChain.doFilter(request, response);
+        } catch (Exception e) {
+            sendUnauthorizedResponse(response, e.getMessage());
+        }
+    }
+
+    private void sendUnauthorizedResponse(HttpServletResponse response, String message) throws IOException {
+        ExceptionResponse errorResponse = new ExceptionResponse(message);
+
+        response.setStatus(HttpStatus.UNAUTHORIZED.value());
+        response.setContentType("application/json");
+        response.setCharacterEncoding("UTF-8");
+        response.getWriter()
+                .write(objectMapper.writeValueAsString(errorResponse));
+    }
+
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
+        AntPathMatcher antPathMatcher = new AntPathMatcher();
+
+        String url = request.getRequestURI();
+        String method = request.getMethod();
+
+        return WHITE_LIST.stream()
+                .anyMatch(white -> white.method().matches(method) && antPathMatcher.match(white.urlPattern(), url));
+    }
+}

backend/src/main/java/woowacourse/touroot/global/auth/MemberAuthMethodArgumentResolver.java

@@ -0,0 +1,31 @@
+package woowacourse.touroot.global.auth;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.core.MethodParameter;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+import woowacourse.touroot.global.auth.dto.MemberAuth;
+
+@Component
+public class MemberAuthMethodArgumentResolver implements HandlerMethodArgumentResolver {
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.getParameterType().equals(MemberAuth.class);
+    }
+
+    @Override
+    public Object resolveArgument(
+            MethodParameter parameter,
+            ModelAndViewContainer mavContainer,
+            NativeWebRequest webRequest,
+            WebDataBinderFactory binderFactory
+    ) throws Exception {
+        HttpServletRequest request = webRequest.getNativeRequest(HttpServletRequest.class);
+        String memberId = request.getAttribute("memberId").toString();
+        return new MemberAuth(Long.valueOf(memberId));
+    }
+}

backend/src/main/java/woowacourse/touroot/global/auth/dto/HttpRequestInfo.java

@@ -0,0 +1,6 @@
+package woowacourse.touroot.global.auth.dto;
+
+import org.springframework.http.HttpMethod;
+
+public record HttpRequestInfo(HttpMethod method, String urlPattern) {
+}

backend/src/main/java/woowacourse/touroot/global/auth/dto/MemberAuth.java

@@ -0,0 +1,4 @@
+package woowacourse.touroot.global.auth.dto;
+
+public record MemberAuth(Long memberId) {
+}

backend/src/main/java/woowacourse/touroot/global/config/SwaggerConfig.java

@@ -1,17 +1,23 @@
 package woowacourse.touroot.global.config;
 
+import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.security.SecurityRequirement;
+import io.swagger.v3.oas.models.security.SecurityScheme;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpHeaders;
 
 @Configuration
 public class SwaggerConfig {
 
     @Bean
     public OpenAPI createOpenApi() {
         return new OpenAPI()
-                .info(getInfo());
+                .info(getInfo())
+                .components(new Components().addSecuritySchemes("bearerAuth", getSecurityScheme()))
+                .addSecurityItem(new SecurityRequirement().addList("bearerAuth"));
     }
 
     private Info getInfo() {
@@ -20,4 +26,12 @@ private Info getInfo() {
                 .description("To your route, 투룻 API")
                 .version("0.1");
     }
+
+    private SecurityScheme getSecurityScheme() {
+        return new SecurityScheme().type(SecurityScheme.Type.HTTP)
+                .scheme("bearer")
+                .bearerFormat("JWT")
+                .in(SecurityScheme.In.HEADER)
+                .name(HttpHeaders.AUTHORIZATION);
+    }
 }

backend/src/main/java/woowacourse/touroot/global/config/WebMvcConfig.java

@@ -0,0 +1,21 @@
+package woowacourse.touroot.global.config;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import woowacourse.touroot.global.auth.MemberAuthMethodArgumentResolver;
+
+import java.util.List;
+
+@RequiredArgsConstructor
+@Configuration
+public class WebMvcConfig implements WebMvcConfigurer {
+
+    private final MemberAuthMethodArgumentResolver memberAuthMethodArgumentResolver;
+
+    @Override
+    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
+        resolvers.add(memberAuthMethodArgumentResolver);
+    }
+}

backend/src/main/java/woowacourse/touroot/global/exception/UnauthorizedException.java

@@ -0,0 +1,12 @@
+package woowacourse.touroot.global.exception;
+
+public class UnauthorizedException extends RuntimeException {
+
+    public UnauthorizedException(String message) {
+        super(message);
+    }
+
+    public UnauthorizedException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}

backend/src/test/java/woowacourse/touroot/travelplan/controller/TravelPlanControllerTest.java

@@ -7,7 +7,10 @@
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.web.server.LocalServerPort;
+import org.springframework.http.HttpHeaders;
+import woowacourse.touroot.authentication.infrastructure.JwtTokenProvider;
 import woowacourse.touroot.global.AcceptanceTest;
+import woowacourse.touroot.member.domain.Member;
 import woowacourse.touroot.travelplan.dto.request.PlanDayCreateRequest;
 import woowacourse.touroot.travelplan.dto.request.PlanLocationCreateRequest;
 import woowacourse.touroot.travelplan.dto.request.PlanPlaceCreateRequest;
@@ -28,11 +31,17 @@ class TravelPlanControllerTest {
     private int port;
     private final DatabaseCleaner databaseCleaner;
     private final TestFixture testFixture;
+    private final JwtTokenProvider jwtTokenProvider;
 
     @Autowired
-    public TravelPlanControllerTest(DatabaseCleaner databaseCleaner, TestFixture testFixture) {
+    public TravelPlanControllerTest(
+            DatabaseCleaner databaseCleaner,
+            TestFixture testFixture,
+            JwtTokenProvider jwtTokenProvider
+    ) {
         this.databaseCleaner = databaseCleaner;
         this.testFixture = testFixture;
+        this.jwtTokenProvider = jwtTokenProvider;
     }
 
     @BeforeEach
@@ -58,9 +67,13 @@ void createTravelPlan() {
                 .days(List.of(planDayCreateRequest))
                 .build();
 
+        Member member = testFixture.initMemberTestData();
+        String accessToken = jwtTokenProvider.createToken(member);
+
         // when & then
         RestAssured.given().log().all()
                 .contentType(ContentType.JSON)
+                .header(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken)
                 .body(request)
                 .when().log().all()
                 .post("/api/v1/travel-plans")
@@ -86,9 +99,13 @@ void createTravelPlanWithInvalidStartDate() {
                 .days(List.of(planDayCreateRequest))
                 .build();
 
+        Member member = testFixture.initMemberTestData();
+        String accessToken = jwtTokenProvider.createToken(member);
+
         // when & then
         RestAssured.given().log().all()
                 .contentType(ContentType.JSON)
+                .header(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken)
                 .body(request)
                 .when().log().all()
                 .post("/api/v1/travel-plans")

backend/src/test/java/woowacourse/touroot/utils/TestFixture.java

@@ -2,6 +2,8 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import woowacourse.touroot.member.domain.Member;
+import woowacourse.touroot.member.repository.MemberRepository;
 import woowacourse.touroot.place.domain.Place;
 import woowacourse.touroot.place.repository.PlaceRepository;
 import woowacourse.touroot.travelogue.domain.Travelogue;
@@ -45,7 +47,12 @@ public class TestFixture {
     private TravelPlanDayRepository travelPlanDayRepository;
     @Autowired
     private TravelPlanPlaceRepository travelPlanPlaceRepository;
+    @Autowired
+    private MemberRepository memberRepository;
 
+    public static Member getMember(Long kakaoId, String nickname, String profileImageUri) {
+        return new Member(kakaoId, nickname, profileImageUri);
+    }
 
     public static Travelogue getTravelogue(String name, String thumbnail) {
         return new Travelogue(name, thumbnail);
@@ -105,4 +112,9 @@ public void initTravelPlanTestData() {
         placeRepository.save(place);
         travelPlanPlaceRepository.save(travelPlanPlace);
     }
+
+    public Member initMemberTestData() {
+        Member member = getMember(1L, "tester", "image");
+        return memberRepository.save(member);
+    }
 }