[BE] 구현사항을 PROD에 배포한다.

backend/bang-ggood/src/main/java/com/bang_ggood/article/controller/ArticleController.java

@@ -4,6 +4,7 @@
 import com.bang_ggood.article.dto.response.ArticleResponse;
 import com.bang_ggood.article.dto.response.ArticlesResponses;
 import com.bang_ggood.article.service.ArticleService;
+import com.bang_ggood.auth.config.AdminPrincipal;
 import com.bang_ggood.auth.config.AuthRequiredPrincipal;
 import com.bang_ggood.user.domain.User;
 import jakarta.validation.Valid;
@@ -26,7 +27,7 @@ public ArticleController(ArticleService articleService) {
     }
 
     @PostMapping("/articles")
-    public ResponseEntity<Void> createArticle(@AuthRequiredPrincipal User user,
+    public ResponseEntity<Void> createArticle(@AdminPrincipal User user,
                                               @Valid @RequestBody ArticleCreateRequest request) {
         Long id = articleService.createArticle(request);
         return ResponseEntity.created(URI.create("/article/" + id)).build();
@@ -43,7 +44,7 @@ public ResponseEntity<ArticlesResponses> readArticles() {
     }
 
     @DeleteMapping("/articles/{id}")
-    public ResponseEntity<ArticleResponse> deleteArticle(@AuthRequiredPrincipal User user,
+    public ResponseEntity<ArticleResponse> deleteArticle(@AdminPrincipal User user,
                                                          @PathVariable("id") Long id) {
         articleService.deleteArticle(id);
         return ResponseEntity.noContent().build();

backend/bang-ggood/src/main/java/com/bang_ggood/article/service/ArticleService.java

@@ -6,14 +6,14 @@
 import com.bang_ggood.article.dto.response.ArticlesResponse;
 import com.bang_ggood.article.dto.response.ArticlesResponses;
 import com.bang_ggood.article.repository.ArticleRepository;
-import com.bang_ggood.global.config.cache.CacheName;
 import lombok.RequiredArgsConstructor;
+import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.cache.annotation.Cacheable;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import java.util.List;
 
-import static com.bang_ggood.global.config.cache.CacheName.*;
+import static com.bang_ggood.global.config.cache.CacheName.ARTICLE;
 
 @RequiredArgsConstructor
 @Service
@@ -35,7 +35,6 @@ public ArticleResponse readArticle(Long id) {
         return ArticleResponse.from(article);
     }
 
-    @Cacheable(cacheNames = ARTICLE, key = "'articles'")
     @Transactional(readOnly = true)
     public ArticlesResponses readArticles() {
         List<ArticlesResponse> articles = articleRepository.findLatestArticles().stream()
@@ -44,6 +43,7 @@ public ArticlesResponses readArticles() {
         return new ArticlesResponses(articles);
     }
 
+    @CacheEvict(cacheNames = ARTICLE, key = "#id")
     @Transactional
     public void deleteArticle(Long id) {
         articleRepository.deleteById(id);

backend/bang-ggood/src/main/java/com/bang_ggood/auth/config/AdminPrincipal.java

@@ -0,0 +1,11 @@
+package com.bang_ggood.auth.config;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.PARAMETER)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface AdminPrincipal {
+}

backend/bang-ggood/src/main/java/com/bang_ggood/auth/config/AdminPrincipalArgumentResolver.java

@@ -0,0 +1,49 @@
+package com.bang_ggood.auth.config;
+
+import com.bang_ggood.auth.controller.cookie.CookieResolver;
+import com.bang_ggood.auth.service.AuthService;
+import com.bang_ggood.global.exception.BangggoodException;
+import com.bang_ggood.global.exception.ExceptionCode;
+import com.bang_ggood.user.domain.User;
+import com.bang_ggood.user.domain.UserType;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.core.MethodParameter;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+@Component
+public class AdminPrincipalArgumentResolver implements HandlerMethodArgumentResolver {
+
+    private final CookieResolver cookieResolver;
+    private final AuthService authService;
+
+    public AdminPrincipalArgumentResolver(CookieResolver cookieResolver, AuthService authService) {
+        this.cookieResolver = cookieResolver;
+        this.authService = authService;
+    }
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return User.class.isAssignableFrom(parameter.getParameterType())
+                && parameter.hasParameterAnnotation(AdminPrincipal.class);
+    }
+
+    @Override
+    public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
+                                  NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
+        HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest();
+
+        cookieResolver.checkLoginRequired(request);
+
+        String token = cookieResolver.extractAccessToken(request);
+
+        User user = authService.getAuthUser(token);
+        if (!user.matchesUserType(UserType.ADMIN)) {
+            throw new BangggoodException(ExceptionCode.UNAUTHORIZED_ACCESS);
+        }
+        return user;
+    }
+}

backend/bang-ggood/src/main/java/com/bang_ggood/auth/repository/PasswordResetCodeRepository.java

@@ -5,8 +5,10 @@
 import com.bang_ggood.global.exception.ExceptionCode;
 import com.bang_ggood.user.domain.Email;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Modifying;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
+import org.springframework.transaction.annotation.Transactional;
 import java.time.LocalDateTime;
 import java.util.Optional;
 
@@ -31,7 +33,11 @@ default PasswordResetCode getByEmailAndCodeAndCreatedAtAfter(@Param("email") Ema
 
     long countByEmail(Email email);
 
+    @Transactional
+    @Modifying(flushAutomatically = true, clearAutomatically = true)
     void deleteByEmailAndCode(Email email, String code);
 
+    @Transactional
+    @Modifying(flushAutomatically = true, clearAutomatically = true)
     void deleteByEmail(Email email);
 }

backend/bang-ggood/src/main/java/com/bang_ggood/checklist/dto/request/ChecklistRequestV1.java

@@ -2,13 +2,11 @@
 
 import com.bang_ggood.question.dto.request.QuestionRequest;
 import com.bang_ggood.room.dto.request.RoomRequest;
-import com.bang_ggood.station.dto.request.ChecklistStationRequest;
 import jakarta.validation.Valid;
 import java.util.List;
 
 public record ChecklistRequestV1(@Valid RoomRequest room, List<Integer> options,
-                                 @Valid List<QuestionRequest> questions,
-                                 ChecklistStationRequest geolocation) {
+                                 @Valid List<QuestionRequest> questions) {
 
     public ChecklistRequest toChecklistRequest() {
         return new ChecklistRequest(room, options, questions);

backend/bang-ggood/src/main/java/com/bang_ggood/checklist/service/ChecklistManageService.java

@@ -30,10 +30,10 @@
 import com.bang_ggood.question.service.ChecklistQuestionService;
 import com.bang_ggood.question.service.QuestionService;
 import com.bang_ggood.room.domain.Room;
+import com.bang_ggood.room.dto.request.RoomRequest;
 import com.bang_ggood.room.dto.response.SelectedRoomResponse;
 import com.bang_ggood.room.service.RoomService;
 import com.bang_ggood.station.domain.ChecklistStation;
-import com.bang_ggood.station.dto.request.ChecklistStationRequest;
 import com.bang_ggood.station.dto.response.SubwayStationResponse;
 import com.bang_ggood.station.dto.response.SubwayStationResponses;
 import com.bang_ggood.station.service.ChecklistStationService;
@@ -78,7 +78,7 @@ public Long createChecklistV1(User user, ChecklistRequestV1 checklistRequestV1)
         createChecklistOptions(checklistRequest, checklist);
         createChecklistQuestions(checklistRequest, checklist);
         createChecklistMaintenances(checklistRequest, checklist);
-        createChecklistStation(checklistRequestV1, checklist);
+        createChecklistStation(checklistRequestV1.room(), checklist);
         return checklist.getId();
     }
 
@@ -108,9 +108,8 @@ private void createChecklistMaintenances(ChecklistRequest checklistRequest, Chec
         checklistMaintenanceService.createMaintenances(checklistMaintenances);
     }
 
-    private void createChecklistStation(ChecklistRequestV1 checklistRequestV1, Checklist checklist) {
-        ChecklistStationRequest geolocation = checklistRequestV1.geolocation();
-        checklistStationService.createChecklistStations(checklist, geolocation.latitude(), geolocation.longitude());
+    private void createChecklistStation(RoomRequest roomRequest, Checklist checklist) {
+        checklistStationService.createChecklistStations(checklist, roomRequest.latitude(), roomRequest.longitude());
     }
 
     @Transactional(readOnly = true)
@@ -318,7 +317,7 @@ public void updateChecklistByIdV1(User user, Long checklistId, ChecklistRequestV
         updateChecklistOptions(checklistRequest, checklist);
         updateChecklistQuestions(checklistRequest, checklist);
         updateChecklistMaintenances(checklistRequest, checklist);
-        updateChecklistStations(checklistRequestV1, checklist);
+        updateChecklistStations(checklistRequestV1.room(), checklist);
     }
 
     private void updateChecklistOptions(ChecklistRequest checklistRequest, Checklist checklist) {
@@ -349,9 +348,9 @@ private void updateChecklistMaintenances(ChecklistRequest checklistRequest, Chec
         checklistMaintenanceService.updateMaintenances(checklist.getId(), checklistMaintenances);
     }
 
-    private void updateChecklistStations(ChecklistRequestV1 checklistRequestV1, Checklist checklist) {
-        double latitude = checklistRequestV1.geolocation().latitude();
-        double longitude = checklistRequestV1.geolocation().longitude();
+    private void updateChecklistStations(RoomRequest roomRequest, Checklist checklist) {
+        double latitude = roomRequest.latitude();
+        double longitude = roomRequest.longitude();
         checklistStationService.updateChecklistStation(checklist, latitude, longitude);
     }
 }

backend/bang-ggood/src/main/java/com/bang_ggood/global/config/WebMvcConfig.java

@@ -1,5 +1,6 @@
 package com.bang_ggood.global.config;
 
+import com.bang_ggood.auth.config.AdminPrincipalArgumentResolver;
 import com.bang_ggood.auth.config.AuthRequiredPrincipalArgumentResolver;
 import com.bang_ggood.auth.config.UserPrincipalArgumentResolver;
 import com.bang_ggood.auth.controller.cookie.CookieResolver;
@@ -24,5 +25,6 @@ public WebMvcConfig(CookieResolver cookieResolver, AuthService authService) {
     public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
         resolvers.add(new AuthRequiredPrincipalArgumentResolver(cookieResolver, authService));
         resolvers.add(new UserPrincipalArgumentResolver(cookieResolver, authService));
+        resolvers.add(new AdminPrincipalArgumentResolver(cookieResolver, authService));
     }
 }

backend/bang-ggood/src/main/java/com/bang_ggood/global/exception/ExceptionCode.java

@@ -96,7 +96,8 @@ public enum ExceptionCode {
             "카카오 서버와 통신하는 과정 중 예상치 못한 예외가 발생했습니다."),
     OAUTH_REDIRECT_URI_MISMATCH(HttpStatus.BAD_REQUEST, ClientExceptionCode.OAUTH_SERVER_ERROR,
             "일치하는 Redirect URI가 존재하지 않습니다."),
-
+    UNAUTHORIZED_ACCESS(HttpStatus.UNAUTHORIZED, ClientExceptionCode.UNAUTH_ERROR,
+            "권한이 없는 사용자입니다. 접근이 제한되었습니다."),
 
     // Article
     ARTICLE_NOT_FOUND(HttpStatus.BAD_REQUEST, ClientExceptionCode.ARTICLE_NOT_FOUND, "해당 아티클이 존재하지 않습니다."),

backend/bang-ggood/src/main/java/com/bang_ggood/user/domain/User.java

@@ -68,6 +68,10 @@ public boolean isDifferent(String targetPassword) {
         return password.isDifferent(targetPassword);
     }
 
+    public boolean matchesUserType(UserType userType) {
+        return this.userType == userType;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -84,4 +88,16 @@ public boolean equals(Object o) {
     public int hashCode() {
         return Objects.hash(id);
     }
+
+    @Override
+    public String toString() {
+        return "User{" +
+                "id=" + id +
+                ", name='" + name + '\'' +
+                ", email=" + email +
+                ", password=" + password +
+                ", userType=" + userType +
+                ", loginType=" + loginType +
+                '}';
+    }
 }

backend/bang-ggood/src/test/java/com/bang_ggood/AcceptanceTest.java

@@ -24,6 +24,7 @@
 public abstract class AcceptanceTest extends IntegrationTestSupport {
 
     protected Headers headers;
+    protected Headers adminHeaders;
     @Autowired
     private JwtTokenProvider jwtTokenProvider;
     @Autowired
@@ -46,12 +47,19 @@ private void setPort() {
 
     private void setResponseCookie() {
         authenticatedUser = userRepository.save(UserFixture.USER1);
-        String accessToken = jwtTokenProvider.createAccessToken(authenticatedUser);
-        String refreshToken = jwtTokenProvider.createRefreshToken(authenticatedUser);
+        headers = createHeaders(authenticatedUser);
+        adminHeaders = createHeaders(UserFixture.ADMIN_USER1());
+    }
+
+    private Headers createHeaders(User user) {
+        User createdUser = userRepository.save(user);
+        String accessToken = jwtTokenProvider.createAccessToken(createdUser);
+        String refreshToken = jwtTokenProvider.createRefreshToken(createdUser);
+
         ResponseCookie accessTokenResponseCookie = cookieProvider.createAccessTokenCookie(accessToken);
         ResponseCookie refreshTokenCookie = cookieProvider.createRefreshTokenCookie(refreshToken);
 
-        headers = new Headers(new Header(HttpHeaders.COOKIE, accessTokenResponseCookie.toString()),
+        return new Headers(new Header(HttpHeaders.COOKIE, accessTokenResponseCookie.toString()),
                 new Header(HttpHeaders.COOKIE, refreshTokenCookie.toString()));
     }
 

backend/bang-ggood/src/test/java/com/bang_ggood/article/controller/ArticleE2ETest.java

@@ -25,7 +25,7 @@ public class ArticleE2ETest extends AcceptanceTest {
     void createArticle() {
         RestAssured.given().log().all()
                 .contentType(ContentType.JSON)
-                .headers(this.headers)
+                .headers(this.adminHeaders)
                 .body(ArticleFixture.ARTICLE_CREATE_REQUEST())
                 .when().post("/articles")
                 .then().log().all()
@@ -54,7 +54,7 @@ void createArticle_titleBlank_exception() {
 
         RestAssured.given().log().all()
                 .contentType(ContentType.JSON)
-                .headers(this.headers)
+                .headers(this.adminHeaders)
                 .body(request)
                 .when().post("/articles")
                 .then().log().all()
@@ -104,7 +104,7 @@ void deleteArticle() {
         Article article = articleRepository.save(ArticleFixture.ARTICLE());
         RestAssured.given().log().all()
                 .contentType(ContentType.JSON)
-                .headers(this.headers)
+                .headers(this.adminHeaders)
                 .when().delete("/articles/" + article.getId())
                 .then().log().all()
                 .statusCode(204);