From 632f07f72a5096bd07d5eff2013e560755390986 Mon Sep 17 00:00:00 2001 From: lunaticbum Date: Fri, 3 Jan 2025 16:57:31 +0900 Subject: [PATCH] ...... --- .../back/lun/configs/BumsInterceptor.kt | 105 +++++++++++------- .../back/lun/configs/GlobalEnvironment.kt | 2 +- .../back/lun/configs/JwtGenerator.kt | 1 + .../back/lun/controllers/BlogController.kt | 15 ++- .../kr/lunaticbum/back/lun/model/TokenData.kt | 3 +- .../lunaticbum/back/lun/service/JwtService.kt | 40 ++++++- src/main/resources/static/css/common.css | 18 +-- src/main/resources/static/js/common.js | 34 +++++- 8 files changed, 159 insertions(+), 59 deletions(-) diff --git a/src/main/kotlin/kr/lunaticbum/back/lun/configs/BumsInterceptor.kt b/src/main/kotlin/kr/lunaticbum/back/lun/configs/BumsInterceptor.kt index 63bafb0..bf3b43e 100644 --- a/src/main/kotlin/kr/lunaticbum/back/lun/configs/BumsInterceptor.kt +++ b/src/main/kotlin/kr/lunaticbum/back/lun/configs/BumsInterceptor.kt @@ -4,6 +4,7 @@ import com.google.gson.Gson import jakarta.servlet.http.Cookie import jakarta.servlet.http.HttpServletRequest import jakarta.servlet.http.HttpServletResponse +import kr.lunaticbum.back.lun.model.UserManager import kr.lunaticbum.back.lun.service.JwtService import org.springframework.beans.factory.annotation.Autowired import org.springframework.lang.Nullable @@ -19,14 +20,19 @@ class BumsInterceptor : HandlerInterceptor { lateinit var jwtService : JwtService @Autowired lateinit var globalEvv : GlobalEnvironment + @Autowired + lateinit var userManager: UserManager val WRITE_PERMISSION_KEY = "PERMISSION" @Throws(Exception::class) override fun preHandle(request: HttpServletRequest, response: HttpServletResponse, handler: Any): Boolean { - println("===============================================") - println("==================== BEGIN ====================") - println("Request URL ===> " + request.requestURL) + var skippResourcesExtension = arrayListOf(".js",".css").filter { request.requestURI.contains(it) }.size > 0 + if (!skippResourcesExtension) { + println("===============================================") + println("==================== BEGIN ====================") + println("Request URL ===> " + request.requestURL) + } return super.preHandle(request, response, handler) } @@ -38,52 +44,75 @@ class BumsInterceptor : HandlerInterceptor { handler: Any, @Nullable modelAndView: ModelAndView? ) { - if (request.requestURI.contains("logout") == false && !request.cookies.isNullOrEmpty() && request.cookies.filter { it.name.equals("access") && it.value.length > 0 }.size > 0) { - var correctUserCheck = -1; - var access : Cookie?= null - var refresh : Cookie?= null - request.cookies.forEach { - if (it.name.equals("access", true) && jwtService.validateAccessToken(it.value)){ - access = it - correctUserCheck += 1 - println("Response access correctUserCheck ===> ${correctUserCheck}") + var skippResourcesExtension = arrayListOf(".js",".css").filter { request.requestURI.contains(it) }.size > 0 + if (!skippResourcesExtension) { + if (request.requestURI.contains("logout") == false && !request.cookies.isNullOrEmpty() && request.cookies.filter { + it.name.equals( + "access" + ) && it.value.length > 0 + }.size > 0) { + var refreshOk = false; + var accessOk = false; + var access: Cookie? = null + var refresh: Cookie? = null + request.cookies.forEach { + if (it.name.equals("access", true) && jwtService.validateAccessToken(it.value)) { + access = it + accessOk = true + println("==================== accessOk ${accessOk} ======================") + } } - } - request.cookies.forEach { - if (it.name.equals("refresh", true) && jwtService.validateRefreshToken(access?.value,it.value)){ - refresh = it - correctUserCheck += 1 - println("Response refresh correctUserCheck ===> ${correctUserCheck}") + request.cookies.forEach { + if (it.name.equals("refresh", true) && jwtService.validateRefreshToken(access?.value, it.value)) { + refresh = it + refreshOk = true + println("==================== refreshOk ${refreshOk} ======================") + } } - } - if (correctUserCheck > 0) { - println("Response correctUserCheck ===> ${correctUserCheck}") - response.addCookie(cookieUpdate(refresh)) - response.addCookie(cookieUpdate(access)) - modelAndView?.modelMap?.put(WRITE_PERMISSION_KEY,"OK") - modelAndView?.modelMap?.put("user_id", jwtService.getUserIdFromToken(access?.value ?: "")) - } else { - println("Response correctUserCheck ===> ${correctUserCheck}") - response.addCookie(Cookie("access","").apply { maxAge = -1 }) - response.addCookie(Cookie("refresh","").apply { maxAge = -1 }) - modelAndView?.modelMap?.put(WRITE_PERMISSION_KEY,"NO") + if (refreshOk || accessOk) { + if (refreshOk) { + if (!accessOk) { + refresh?.let { refresh -> + jwtService.getUserIdFromRefresh(refresh.value)?.let { userId -> + userManager.findById(userId)?.block()?.let { user -> + jwtService.generate(user)?.let { token -> + response.addCookie(cookieUpdate(Cookie("access", token.tokenKey))) + response.addCookie(cookieUpdate(Cookie("refresh", token.refreshToken))) + } + } + } + } + } else { + response.addCookie(cookieUpdate(access)) + } + } else if (accessOk) { + response.addCookie(cookieUpdate(access)) + } + modelAndView?.modelMap?.put(WRITE_PERMISSION_KEY, "OK") + modelAndView?.modelMap?.put("user_id", jwtService.getUserIdFromToken(access?.value ?: "")) + } else { + println("==================== accessOk ${accessOk} && refreshOk ${refreshOk} ======================") + response.addCookie(Cookie("access", "").apply { maxAge = -1 }) + response.addCookie(Cookie("refresh", "").apply { maxAge = -1 }) + modelAndView?.modelMap?.put(WRITE_PERMISSION_KEY, "NO") + modelAndView?.modelMap?.put("user_id", "") + } + println("Response modelMap ===> ${Gson().toJson(modelAndView?.modelMap)}") + } else if (request.requestURI.contains("logout")) { + modelAndView?.modelMap?.put(WRITE_PERMISSION_KEY, "NO") modelAndView?.modelMap?.put("user_id", "") } - println("Response modelMap ===> ${Gson().toJson(modelAndView?.modelMap)}") - } else if (request.requestURI.contains("logout")) { - modelAndView?.modelMap?.put(WRITE_PERMISSION_KEY,"NO") - modelAndView?.modelMap?.put("user_id", "") + + println("==================== END ======================") + println("===============================================") } - - println("==================== END ======================") - println("===============================================") - super.postHandle(request, response, handler, modelAndView) } fun cookieUpdate(cookie: Cookie?) : Cookie? { cookie?.maxAge = (globalEvv.ACCESS_EXPIRATION / 1000).toInt() cookie?.domain = "lunaticbum.kr" cookie?.secure = true + cookie?.path = "/" return cookie } } \ No newline at end of file diff --git a/src/main/kotlin/kr/lunaticbum/back/lun/configs/GlobalEnvironment.kt b/src/main/kotlin/kr/lunaticbum/back/lun/configs/GlobalEnvironment.kt index cde5d9f..a9e445c 100644 --- a/src/main/kotlin/kr/lunaticbum/back/lun/configs/GlobalEnvironment.kt +++ b/src/main/kotlin/kr/lunaticbum/back/lun/configs/GlobalEnvironment.kt @@ -36,7 +36,7 @@ class GlobalEnvironment : EnvironmentAware { // @Value("jwt.access-expiration") var ACCESS_EXPIRATION: Long = 60 * 5 * 1000L // @Value("jwt.refresh-expiration") - var REFRESH_EXPIRATION: Long = 60 * 5 * 1000L + var REFRESH_EXPIRATION: Long = 60 * 30 * 1000L override fun setEnvironment(environment: Environment) { println ("telegramBotKey $telegramBotKey") diff --git a/src/main/kotlin/kr/lunaticbum/back/lun/configs/JwtGenerator.kt b/src/main/kotlin/kr/lunaticbum/back/lun/configs/JwtGenerator.kt index 3d9bab7..e6d8c4d 100644 --- a/src/main/kotlin/kr/lunaticbum/back/lun/configs/JwtGenerator.kt +++ b/src/main/kotlin/kr/lunaticbum/back/lun/configs/JwtGenerator.kt @@ -37,6 +37,7 @@ class JwtGenerator { .compact() } + private fun createHeader(): Map { val header: MutableMap = HashMap() header["typ"] = "JWT" diff --git a/src/main/kotlin/kr/lunaticbum/back/lun/controllers/BlogController.kt b/src/main/kotlin/kr/lunaticbum/back/lun/controllers/BlogController.kt index efd78ab..0b898f4 100644 --- a/src/main/kotlin/kr/lunaticbum/back/lun/controllers/BlogController.kt +++ b/src/main/kotlin/kr/lunaticbum/back/lun/controllers/BlogController.kt @@ -10,6 +10,7 @@ import kr.lunaticbum.back.lun.configs.GlobalEnvironment.Companion.ApiKeyWordKey import kr.lunaticbum.back.lun.configs.GlobalEnvironment.Companion.EncType11 import kr.lunaticbum.back.lun.configs.GlobalEnvironment.Companion.EncTypeKey import kr.lunaticbum.back.lun.model.* +import kr.lunaticbum.back.lun.service.JwtService import kr.lunaticbum.back.lun.utils.LogService import kr.lunaticbum.back.lun.utils.getFileExtension import org.springframework.beans.factory.annotation.Autowired @@ -135,22 +136,20 @@ class BlogController() { return vm } + @Autowired + lateinit var jwtService : JwtService + @GetMapping("modify") - fun modify(httpServletRequest: HttpServletRequest,@RequestParam("token") token : String?) : ResultMV{ + fun modify(httpServletRequest: HttpServletRequest, @RequestParam("token") token : String?) : ResultMV{ logService.log("incoming modify") val vm = ResultMV("content/blog/modify") var s33Key : String? = null - if (!httpServletRequest.cookies.isNullOrEmpty()) { - httpServletRequest.cookies.forEach { if (it.name.equals("S33-DATA")){ - s33Key = it.value - } } - } - if (TEMPTOKEN.equals(token)|| s33Key?.length ?: 0 > 5) { + if(jwtService.hasPerrmission(httpServletRequest)) { postManageg.find20()?.apply { forEach { it.title = URLDecoder.decode(it.title) val content = URLDecoder.decode(it.content) - it.content = if (content.length > 50) content.substring(0,50) else content + it.content = if (content.length > 50) content.substring(0,150) else content } vm.modelMap.put("chunkedPosts", this.chunked(3)) } diff --git a/src/main/kotlin/kr/lunaticbum/back/lun/model/TokenData.kt b/src/main/kotlin/kr/lunaticbum/back/lun/model/TokenData.kt index 9fcc123..ab455cd 100644 --- a/src/main/kotlin/kr/lunaticbum/back/lun/model/TokenData.kt +++ b/src/main/kotlin/kr/lunaticbum/back/lun/model/TokenData.kt @@ -27,10 +27,9 @@ class TokenData { var refreshToken : String? = null constructor(tokenKey: String?, refreshToken: String?) { - this.expireAt = LocalDateTime.now().plusSeconds(300) + this.expireAt = LocalDateTime.now().plusSeconds(500) this.tokenKey = tokenKey this.refreshToken = refreshToken - } } diff --git a/src/main/kotlin/kr/lunaticbum/back/lun/service/JwtService.kt b/src/main/kotlin/kr/lunaticbum/back/lun/service/JwtService.kt index bff5706..c6feaaf 100644 --- a/src/main/kotlin/kr/lunaticbum/back/lun/service/JwtService.kt +++ b/src/main/kotlin/kr/lunaticbum/back/lun/service/JwtService.kt @@ -3,6 +3,7 @@ package kr.lunaticbum.back.lun.service import io.jsonwebtoken.Claims import io.jsonwebtoken.Jws import io.jsonwebtoken.Jwts +import jakarta.servlet.http.Cookie import jakarta.servlet.http.HttpServletRequest import jakarta.servlet.http.HttpServletResponse import kr.lunaticbum.back.lun.configs.GlobalEnvironment @@ -68,7 +69,6 @@ class JwtService { } - private fun setTokenToCookie(tokenPrefix: String, token: String, maxAgeSeconds: Long): ResponseCookie { return ResponseCookie.from(tokenPrefix, token) .path("/") @@ -139,4 +139,42 @@ class JwtService { return null } } + fun getUserIdFromRefresh(token: String?): String? { + try { + return jwtUtil.extractToken(token,jwtUtil.getSigningKey(globalEvv.REFRESH_SECRET_KEY))?.body?.get("Identifier") + .toString() + } catch (e: Exception) { + return null + } + } + + + + fun hasPerrmission(request: HttpServletRequest): Boolean { + var correctUserCheck = -1; + if (request.requestURI.contains("logout") == false && !request.cookies.isNullOrEmpty() && request.cookies.filter { it.name.equals("access") && it.value.length > 0 }.size > 0) { + var access : Cookie?= null + var refresh : Cookie?= null + request.cookies.forEach { + if (it.name.equals("access", true) && validateAccessToken(it.value)){ + access = it + correctUserCheck += 1 + } + } + request.cookies.forEach { + if (it.name.equals("refresh", true) && validateRefreshToken(access?.value,it.value)){ + refresh = it + correctUserCheck += 1 + } + } + if (correctUserCheck > 0) { + println("Response correctUserCheck ===> ${correctUserCheck}") + } else { + println("Response correctUserCheck ===> ${correctUserCheck}") + } + } else if (request.requestURI.contains("logout")) { + + } + return correctUserCheck > 0 + } } \ No newline at end of file diff --git a/src/main/resources/static/css/common.css b/src/main/resources/static/css/common.css index 7c833aa..c8fbced 100644 --- a/src/main/resources/static/css/common.css +++ b/src/main/resources/static/css/common.css @@ -8,8 +8,9 @@ } html { - background-image: url("data:image/svg+xml,"); - margin: 1vh 1vw; + /*background-image: url("data:image/svg+xml,");*/ + /*margin: 1vh 1vw;*/ + background: black; } #where{ @@ -23,9 +24,9 @@ body { user-select: none; -webkit-user-select: none; align-content: center; - background: var(--DEFAULT_LAYER_BACK); - padding: 1vh 1vw; - border-radius: 10px; + /*background: var(--DEFAULT_LAYER_BACK);*/ + /*padding: 1vh 1vw;*/ + /*border-radius: 10px;*/ } body > *{ @@ -52,8 +53,9 @@ body > *{ header { top: 0; /*background: var(--DEFAULT_LAYER_BACK);*/ + background: var(--DEFAULT_LAYER_BACK); border-top: #ec914b8f; - border-radius: 10px 30px; + border-radius: 5px 30px; border-width: 1px; height: 5vh; min-height: 5vh; @@ -159,8 +161,8 @@ footer { display: flex; bottom: 0; border-top: #ec914b8f; - /*background: var(--DEFAULT_LAYER_BACK);*/ - border-radius: 30px 10px; + background: var(--DEFAULT_LAYER_BACK); + border-radius: 5px 30px ; border-width: 1px; height: 5vh; min-height: 5vh; diff --git a/src/main/resources/static/js/common.js b/src/main/resources/static/js/common.js index 45a5e2d..b99f0f3 100644 --- a/src/main/resources/static/js/common.js +++ b/src/main/resources/static/js/common.js @@ -1,6 +1,34 @@ onload = function() { history.replaceState({}, null, location.pathname); + var accToken = get_cookie("access") + var refreshToken = get_cookie("refresh") + console.log("access === " + accToken + " || " + accToken.length); + console.log("refresh === " + refreshToken + " || " + refreshToken.length); + + if (accToken.length < 1) { + document.cookie = "refresh="+ window.sessionStorage.getItem("REFRESH") + ";"; + } + if (refreshToken.length < 1) { + window.sessionStorage.setItem("REFRESH",get_cookie("refresh")) + } +} +onbeforeunload = function () { + var accToken = get_cookie("access") + var refreshToken = get_cookie("refresh") + console.log("access === " + accToken + " || " + accToken.length); + console.log("refresh === " + refreshToken + " || " + refreshToken.length); + + if (accToken.length < 1) { + document.cookie = "refresh="+ window.sessionStorage.getItem("REFRESH") + ";"; + } + if (refreshToken.length < 1) { + window.sessionStorage.setItem("REFRESH",get_cookie("refresh")) + } +} +function get_cookie(name) { + var value = document.cookie.match('(^|;) ?' + name + '=([^;]*)(;|$)'); + return value? value[2] : null; } function divider(key) { @@ -92,6 +120,7 @@ function postLogin(target,type, data, key,callBackResult) { } } + httpRequest.open('POST', target, true); httpRequest.setRequestHeader("Content-Type", "text/plain"); var odd = [] @@ -160,8 +189,11 @@ function onclickLogin(type, keyword) { } postLogin(getMainPath()+"/user/login.ajax",type,JSON.stringify(data),keyword, function (data) { if (data.isOk) { + document.cookie = "access=" + data.token.split(";")[0]+";" - document.cookie = "refresh=" + data.refresh.split(";")[0]+";" + // document.cookie = "refresh=" + data.refresh.split(";")[0]+";" + // window.sessionStorage.setItem("ACCESS",data.refresh.split(";")[0]) + window.sessionStorage.setItem("REFRESH",data.refresh.split(";")[0]) document.location.replace(document.location) } else { if (data.resultCode === 7100) {