Skip to content

토큰 검사 추가 #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
youngseo22 merged 3 commits into from
Jun 22, 2025
Merged

토큰 검사 추가 #81

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7ae71cc
fix(image) : 이미지 변환에 토큰 검사 추가
youngseo22 Jun 22, 2025
95f8275
Merge branch 'develop' into feat/#60-editPost-ys
youngseo22 Jun 22, 2025
027499b
[FIX] 글 작성하기, 메인페이지
youngseo22 Jun 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions src/main/java/com/example/FixLog/controller/PostController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,16 @@
import com.example.FixLog.dto.Response;
import com.example.FixLog.dto.post.PostResponseDto;
import com.example.FixLog.service.PostService;
import com.example.FixLog.service.S3Service;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;

@RestController
@RequestMapping("/posts")
public class PostController {
private final PostService postService;
private final S3Service s3Service;

public PostController(PostService postService, S3Service s3Service){
public PostController(PostService postService){
this.postService = postService;
this.s3Service = s3Service;
}

@PostMapping
Expand Down
4 changes: 4 additions & 0 deletions src/main/java/com/example/FixLog/service/PostService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@
import com.example.FixLog.repository.post.PostRepository;
import com.example.FixLog.repository.tag.TagRepository;
import jakarta.transaction.Transactional;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
Comment on lines +22 to +23
Copy link
Contributor

@coderabbitai coderabbitai bot Jun 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Import 추가는 적절하지만 토큰 검증 로직이 필요합니다.

Spring Security의 Authentication과 SecurityContextHolder를 import했지만, 실제 토큰 검증 로직이 구현되지 않았습니다.

🤖 Prompt for AI Agents 
In src/main/java/com/example/FixLog/service/PostService.java around lines 22 to
23, although Authentication and SecurityContextHolder are imported, the token
validation logic is missing. Implement token verification by retrieving the
Authentication object from SecurityContextHolder, checking its validity, and
handling unauthorized access appropriately within the service methods that
require authentication.

import org.springframework.stereotype.Service;
import org.springframework.web.multipart.MultipartFile;

Expand Down Expand Up @@ -99,6 +101,8 @@ public void createPost(PostRequestDto postRequestDto){

// 이미지 파일 마크다운으로 변경
public String uploadImage(MultipartFile imageFile){
SecurityContextHolder.getContext().getAuthentication();
Copy link
Contributor

@coderabbitai coderabbitai bot Jun 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

인증 객체를 조회했지만 사용하지 않고 있습니다.

SecurityContextHolder.getContext().getAuthentication()을 호출했지만 반환값을 변수에 할당하지 않아 실제 토큰 검증이 이루어지지 않습니다. PR 제목인 "토큰 검사 추가"에 맞게 인증 검증 로직을 완성해야 합니다.

다음과 같이 수정하여 토큰 검증을 구현하세요:

-        SecurityContextHolder.getContext().getAuthentication();
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication == null || !authentication.isAuthenticated()) {
+            throw new CustomException(ErrorCode.UNAUTHORIZED);
+        }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
SecurityContextHolder.getContext().getAuthentication();
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null || !authentication.isAuthenticated()) {
throw new CustomException(ErrorCode.UNAUTHORIZED);
}
🤖 Prompt for AI Agents 
In src/main/java/com/example/FixLog/service/PostService.java at line 104, the
call to SecurityContextHolder.getContext().getAuthentication() retrieves the
authentication object but does not assign it to a variable or use it, so token
validation is not performed. Fix this by assigning the result to a variable,
checking if the authentication is valid (e.g., not null and authenticated), and
implementing the necessary token verification logic to complete the
authentication process as indicated by the PR title "토큰 검사 추가".


if (imageFile == null || imageFile.isEmpty()){
throw new CustomException(ErrorCode.IMAGE_UPLOAD_FAILED);
}
Expand Down