Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: 세션 아이디를 request header로도 보내 인증하도록 추가 #138

Merged
merged 3 commits into from
Mar 12, 2024
Merged

feat: 세션 아이디를 request header로도 보내 인증하도록 추가 #138

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7c4bf6e
feat: Response Header로도 세션 아이디 반환
gitchannn Mar 12, 2024
11da54e
feat: sessionId request header로부터 찾아서 인증하는 로직 추가
gitchannn Mar 12, 2024
013ca3e
Merge branch 'main' into feature/sessionId
gitchannn Mar 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 2 additions & 8 deletions server/src/main/java/sunflower/server/api/MemberApiController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,8 @@ public ResponseEntity<Void> login(@RequestBody LoginRequest request, HttpServlet
final Long id = memberService.login(request.getLoginId(), request.getPassword());
final String sessionId = sessionService.createSessionId(id);

// Cookie cookie = new Cookie("sessionId", sessionId);
// cookie.setHttpOnly(true);
// cookie.setMaxAge(3600);
// cookie.setPath("/");
// cookie.setSecure(true);
// response.addCookie(cookie);

response.setHeader("Set-Cookie", "sessionId=" + sessionId + "; HttpOnly; Max-Age=3600; Path=/; Domain=sunnybraille.com; Secure; SameSite=None");
response.setHeader("Set-Cookie", "sessionId=" + sessionId + "; HttpOnly; Max-Age=3600; Path=/; Secure; SameSite=None"); // 사용중이지 않음
response.setHeader("SessionId", sessionId); // 임시 사용중

return ResponseEntity
.status(HttpStatus.OK.value())
Expand Down
11 changes: 10 additions & 1 deletion server/src/main/java/sunflower/server/application/resolver/MemberAuthArgumentResolver.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ public boolean supportsParameter(final MethodParameter parameter) {
@Override
public Object resolveArgument(final MethodParameter parameter, final ModelAndViewContainer mavContainer, final NativeWebRequest webRequest, final WebDataBinderFactory binderFactory) throws Exception {
HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest();
String encryptedSessionId = extractSessionId(request.getCookies());
String encryptedSessionId = findEncryptedSessionId(request);

if (encryptedSessionId == null) {
throw new AuthException();
Expand All @@ -46,6 +46,15 @@ public Object resolveArgument(final MethodParameter parameter, final ModelAndVie
}
}

private String findEncryptedSessionId(final HttpServletRequest request) {
final String sessionId = request.getHeader("SessionId");
if (sessionId != null) {
return sessionId;
}

return extractSessionId(request.getCookies());
}

private String extractSessionId(final Cookie[] cookies) {
if (cookies == null) {
throw new AuthException();
Expand Down