From 4afc19c6115d008c69ead5056d29f44dd6d297e8 Mon Sep 17 00:00:00 2001 From: Jihun Kim Date: Tue, 26 Aug 2025 17:27:09 +0900 Subject: [PATCH 1/5] =?UTF-8?q?refactor:=20=EC=84=B8=EC=85=98=20=EA=B4=80?= =?UTF-8?q?=EB=A0=A8=20=EC=84=A4=EC=A0=95=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../config/security/SecurityConfig.java | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java index 97111041..909fac3c 100644 --- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java +++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java @@ -12,6 +12,7 @@ import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.web.csrf.CookieCsrfTokenRepository; import org.springframework.web.cors.CorsConfigurationSource; import com.nowait.applicationuser.oauth.oauth2.CustomOAuth2UserService; @@ -37,7 +38,12 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http .cors(cors -> cors.configurationSource(corsConfigurationSource)) // CSRF 방어 기능 비활성화 (jwt 토큰을 사용할 것이기에 필요없음) - .csrf(AbstractHttpConfigurer::disable) + .csrf(csrf -> csrf + .ignoringRequestMatchers( + "/api/**", "/login/**", "/oauth2/**", + "/swagger-ui/**", "/v3/api-docs/**", "/orders/**") + .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) + ) // 시큐리티 폼 로그인 비활성화 .formLogin(AbstractHttpConfigurer::disable) // HTTP Basic 인증 비활성화 @@ -50,9 +56,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { userInfoEndpoint.userService(customOAuth2UserService) ).successHandler(oAuth2LoginSuccessHandler) ) - // 세션 사용하지 않음 .sessionManagement(session -> - session.sessionCreationPolicy(SessionCreationPolicy.STATELESS) + session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) ) .authorizeHttpRequests(auth -> auth .requestMatchers( From 78f5aacae7fb6f8298f28581e75bed4938397e02 Mon Sep 17 00:00:00 2001 From: Jihun Kim Date: Tue, 26 Aug 2025 17:27:25 +0900 Subject: [PATCH 2/5] =?UTF-8?q?refactor:=20=EC=A4=84=EB=B0=94=EA=BF=88=20?= =?UTF-8?q?=EA=B3=B5=EB=B0=B1=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../nowait/applicationuser/order/service/OrderService.java | 5 ----- 1 file changed, 5 deletions(-) diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/service/OrderService.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/service/OrderService.java index 254caac4..656f6846 100644 --- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/service/OrderService.java +++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/service/OrderService.java @@ -116,11 +116,6 @@ public List getOrderItemsGroupByOrderId( } - - - - - private static void parameterValidation(Long storeId, Long tableId, OrderCreateRequestDto orderCreateRequestDto) { if (storeId == null || tableId == null || orderCreateRequestDto == null) { throw new OrderParameterEmptyException(); From d53f0fdd6640d24c62890c5b965659a8666015e0 Mon Sep 17 00:00:00 2001 From: Jihun Kim Date: Tue, 26 Aug 2025 17:27:43 +0900 Subject: [PATCH 3/5] =?UTF-8?q?refactor:=20=EC=84=B8=EC=85=98=20=EC=9E=AC?= =?UTF-8?q?=EB=B0=9C=EA=B8=89=20=EB=A1=9C=EC=A7=81=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../applicationuser/order/controller/OrderController.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/controller/OrderController.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/controller/OrderController.java index 8741e075..c814a800 100644 --- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/controller/OrderController.java +++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/controller/OrderController.java @@ -20,6 +20,7 @@ import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpSession; import jakarta.validation.Valid; import lombok.RequiredArgsConstructor; @@ -55,8 +56,13 @@ public ResponseEntity createOrder( public ResponseEntity getOrderItems( @PathVariable Long storeId, @PathVariable Long tableId, - HttpSession session + HttpServletRequest request ) { + HttpSession session = request.getSession(false); + if (session == null) { + // 프론트가 먼저 부트스트랩 안 했거나, 쿠키가 안 붙은 케이스 + return ResponseEntity.status(HttpStatus.OK).body(ApiUtils.success(List.of())); + } String sessionId = session.getId(); List orderItems = orderService.getOrderItemsGroupByOrderId(storeId, tableId, sessionId); return ResponseEntity. From a62e39eb65aa52399a812ab1d1565e55eb2d084d Mon Sep 17 00:00:00 2001 From: Jihun Kim Date: Tue, 26 Aug 2025 17:27:51 +0900 Subject: [PATCH 4/5] =?UTF-8?q?refactor:=20=EB=B3=80=EC=88=98=EB=AA=85=20?= =?UTF-8?q?=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../applicationadmin/menu/controller/MenuImageController.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/menu/controller/MenuImageController.java b/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/menu/controller/MenuImageController.java index 5d6add61..9d096bc3 100644 --- a/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/menu/controller/MenuImageController.java +++ b/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/menu/controller/MenuImageController.java @@ -65,8 +65,8 @@ public ResponseEntity uploadMenuImage( description = "특정 메뉴 이미지 ID에 해당하는 이미지를 삭제합니다." ) @ApiResponse(responseCode = "200", description = "메뉴 이미지 삭제 성공") - public ResponseEntity deleteMenuImage(@PathVariable Long id) { - menuImageService.delete(id); + public ResponseEntity deleteMenuImage(@PathVariable Long menuImageId) { + menuImageService.delete(menuImageId); return ResponseEntity .status( HttpStatus.OK From 57c1e661017223edcf55a989f31008433f205605 Mon Sep 17 00:00:00 2001 From: Jihun Kim Date: Tue, 26 Aug 2025 17:28:00 +0900 Subject: [PATCH 5/5] =?UTF-8?q?refactor:=20=EC=A4=91=EB=B3=B5=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/nowait/applicationuser/config/security/CorsConfig.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/CorsConfig.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/CorsConfig.java index b89e7b7c..cf844f46 100644 --- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/CorsConfig.java +++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/CorsConfig.java @@ -19,10 +19,9 @@ public CorsConfigurationSource corsConfigurationSource() { config.setAllowedMethods(List.of("GET", "POST", "PATCH", "PUT", "DELETE", "OPTIONS")); // 메서드 허용 config.setAllowedHeaders(List.of("*")); //클라이언트가 보낼 수 있는 헤더 config.setExposedHeaders(List.of("Authorization")); //클라이언트(브라우저)가 접근할 수 있는 헤더 지정 - config.setAllowCredentials(true); // 쿠키 포함 허용 UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/**", config); //** 뜻은 모든 URL 경로에 적용한다는 의미 + source.registerCorsConfiguration("/**", config); // 모든 URL 경로에 적용한다는 의미 return source; } }