Merge pull request #160 from woowacourse-teams/feature/#159

preflight 요청시 interceptor 허용 옵션 추가
woowacourse-teams · Jul 31, 2024 · fcc63f4 · fcc63f4
2 parents b8063f0 + 30fed96
commit fcc63f4
Showing 1 changed file with 26 additions and 1 deletion.
diff --git a/backend/src/main/java/mouda/backend/config/interceptor/AuthenticationCheckInterceptor.java b/backend/src/main/java/mouda/backend/config/interceptor/AuthenticationCheckInterceptor.java
@@ -2,8 +2,10 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import java.util.Objects;
 import lombok.RequiredArgsConstructor;
 import mouda.backend.auth.service.AuthService;
+import org.springframework.http.HttpMethod;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;
 
@@ -17,6 +19,10 @@ public class AuthenticationCheckInterceptor implements HandlerInterceptor {
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        if (isPreflightRequest(request)) {
+            return true;
+        }
+
         String authorizationHeader = request.getHeader("Authorization");
 
         if (authorizationHeader == null || !authorizationHeader.startsWith(AUTHORIZATION_PREFIX)) {
@@ -25,10 +31,29 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
 
         String token = extractToken(authorizationHeader);
         authService.checkAuthentication(token);
-
         return true;
     }
 
+    private boolean isPreflightRequest(HttpServletRequest request) {
+        return isOptions(request) && hasHeaders(request) && hasMethod(request) && hasOrigin(request);
+    }
+
+    private boolean isOptions(HttpServletRequest request) {
+        return request.getMethod().equalsIgnoreCase(HttpMethod.OPTIONS.toString());
+    }
+
+    private boolean hasHeaders(HttpServletRequest request) {
+        return Objects.nonNull(request.getHeader("Access-Control-Request-Headers"));
+    }
+
+    private boolean hasMethod(HttpServletRequest request) {
+        return Objects.nonNull(request.getHeader("Access-Control-Request-Method"));
+    }
+
+    private boolean hasOrigin(HttpServletRequest request) {
+        return Objects.nonNull(request.getHeader("Origin"));
+    }
+
     private String extractToken(String authorizationHeader) {
         return authorizationHeader.substring(7);
     }