From 3a20df179ba4fbcfe7450133f8106a0fac252ed5 Mon Sep 17 00:00:00 2001 From: kuhi Date: Sat, 6 Apr 2024 01:54:55 +0900 Subject: [PATCH] init --- .editorconfig | 26 ++ .gitattributes | 7 + .github/workflows/build.yml | 134 ++++++ .github/workflows/develop.yml | 41 ++ .github/workflows/production.yml | 56 +++ .github/workflows/release.yml | 117 +++++ .github/workflows/staging.yml | 37 ++ .gitignore | 56 +++ build.gradle | 225 +++++++++ docker/docker-compose.yaml | 27 ++ docker/init-db.sh | 9 + gradle.properties | 2 + gradle/wrapper/gradle-wrapper.jar | Bin 0 -> 60756 bytes gradle/wrapper/gradle-wrapper.properties | 6 + gradlew | 234 ++++++++++ gradlew.bat | 89 ++++ lint/naver-checkstyle-rules.xml | 439 ++++++++++++++++++ lint/naver-checkstyle-suppressions.xml | 7 + module-api/.gitignore | 0 module-api/build.gradle | 0 .../com/peoplehere/api/ApiApplication.java | 16 + .../CheckEmailVerificationLimit.java | 11 + .../annotation/CheckEmailVerifyLimit.java | 11 + .../api/common/annotation/PrivateNetwork.java | 11 + .../api/common/config/AsyncConfig.java | 9 + .../api/common/config/CustomCorsFilter.java | 88 ++++ .../common/config/ErrorControllerAdvice.java | 117 +++++ .../api/common/config/IpAccessManager.java | 143 ++++++ .../config/PrivateNetworkInterceptor.java | 41 ++ .../api/common/config/WebConfig.java | 23 + .../config/aspect/RequestLimitAspect.java | 15 + .../config/security/AuthorizationFilter.java | 52 +++ .../api/common/config/security/Token.java | 4 + .../config/security/TokenProperties.java | 36 ++ .../common/config/security/TokenProvider.java | 134 ++++++ .../api/common/config/security/TokenType.java | 10 + .../config/security/VerifyCodeProperties.java | 25 + .../config/security/WebSecurityConfig.java | 124 +++++ .../handler/CustomAccessDeniedHandler.java | 32 ++ ...CustomAuthenticationEntryPointHandler.java | 38 ++ .../common/controller/AccountController.java | 182 ++++++++ .../common/controller/ConstantController.java | 33 ++ .../common/controller/StatusController.java | 60 +++ .../request/MailVerificationRequestDto.java | 10 + .../data/request/MailVerifyRequestDto.java | 10 + .../response/MailVerificationResponseDto.java | 4 + .../exception/AccountIdNotFoundException.java | 13 + .../common/exception/ClientBindException.java | 15 + .../common/exception/DuplicateException.java | 11 + .../common/exception/ForbiddenException.java | 11 + .../api/common/service/AccountService.java | 117 +++++ .../service/PrincipalDetailService.java | 26 ++ .../api/common/service/RedisTaskService.java | 92 ++++ .../api/common/service/VerifyService.java | 63 +++ .../api/common/util/MessageUtils.java | 19 + .../api/common/util/RequestUtils.java | 18 + .../main/resources/application-api-dev.yml | 25 + .../main/resources/application-api-prod.yml | 25 + .../main/resources/application-api-stg.yml | 25 + .../main/resources/application-api-test.yml | 1 + module-api/src/main/resources/application.yml | 74 +++ module-api/src/main/resources/github.yml | 27 ++ module-shared/.gitignore | 37 ++ module-shared/build.gradle | 0 .../peoplehere/shared/SharedApplication.java | 13 + .../common/config/ObjectMapperConfig.java | 21 + .../common/config/PersistenceConfig.java | 23 + .../shared/common/config/SharedWebConfig.java | 76 +++ .../common/config/redis/RedisConfig.java | 68 +++ .../config/redis/RedisKeyProperties.java | 15 + .../common/config/redis/RedisProperties.java | 19 + .../data/request/AlarmConsentRequestDto.java | 11 + .../data/request/PasswordRequestDto.java | 21 + .../common/data/request/SignInRequestDto.java | 13 + .../common/data/request/SignUpRequestDto.java | 73 +++ .../common/data/request/TokenRequestDto.java | 9 + .../data/response/AccountResponseDto.java | 7 + .../data/response/ErrorResponseDto.java | 60 +++ .../data/response/RegionResponseDto.java | 7 + .../shared/common/entity/Account.java | 169 +++++++ .../shared/common/entity/BaseTimeEntity.java | 26 ++ .../shared/common/entity/Consent.java | 46 ++ .../shared/common/entity/Language.java | 33 ++ .../shared/common/entity/UserLanguage.java | 37 ++ .../shared/common/enums/AccountAuthority.java | 27 ++ .../shared/common/enums/AccountRole.java | 50 ++ .../shared/common/enums/Gender.java | 22 + .../shared/common/enums/Region.java | 80 ++++ .../common/repository/AccountRepository.java | 18 + .../common/repository/ConsentRepository.java | 14 + .../shared/common/util/PatternUtils.java | 14 + .../shared/common/webhook/AlertWebhook.java | 11 + .../shared/common/webhook/DiscordMessage.java | 117 +++++ .../shared/common/webhook/DiscordWebhook.java | 124 +++++ .../main/resources/application-shared-dev.yml | 43 ++ .../resources/application-shared-prod.yml | 43 ++ .../resources/application-shared-sample.yml | 37 ++ .../main/resources/application-shared-stg.yml | 43 ++ .../resources/application-shared-test.yml | 24 + .../resources/db/migration/V1.1__init.sql | 48 ++ module-shared/src/main/resources/github.yml | 19 + .../peoplehere/shared/common/TestConfig.java | 26 ++ .../shared/common/TestContainerBaseTests.java | 23 + settings.gradle | 3 + 104 files changed, 4883 insertions(+) create mode 100644 .editorconfig create mode 100644 .gitattributes create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/develop.yml create mode 100644 .github/workflows/production.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/staging.yml create mode 100644 .gitignore create mode 100644 build.gradle create mode 100644 docker/docker-compose.yaml create mode 100644 docker/init-db.sh create mode 100644 gradle.properties create mode 100644 gradle/wrapper/gradle-wrapper.jar create mode 100644 gradle/wrapper/gradle-wrapper.properties create mode 100755 gradlew create mode 100644 gradlew.bat create mode 100644 lint/naver-checkstyle-rules.xml create mode 100644 lint/naver-checkstyle-suppressions.xml create mode 100644 module-api/.gitignore create mode 100644 module-api/build.gradle create mode 100644 module-api/src/main/java/com/peoplehere/api/ApiApplication.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/annotation/CheckEmailVerificationLimit.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/annotation/CheckEmailVerifyLimit.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/annotation/PrivateNetwork.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/AsyncConfig.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/CustomCorsFilter.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/ErrorControllerAdvice.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/IpAccessManager.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/PrivateNetworkInterceptor.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/WebConfig.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/aspect/RequestLimitAspect.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/security/AuthorizationFilter.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/security/Token.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/security/TokenProperties.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/security/TokenProvider.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/security/TokenType.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/security/VerifyCodeProperties.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/security/WebSecurityConfig.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/security/handler/CustomAccessDeniedHandler.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/config/security/handler/CustomAuthenticationEntryPointHandler.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/controller/AccountController.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/controller/ConstantController.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/controller/StatusController.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/data/request/MailVerificationRequestDto.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/data/request/MailVerifyRequestDto.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/data/response/MailVerificationResponseDto.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/exception/AccountIdNotFoundException.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/exception/ClientBindException.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/exception/DuplicateException.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/exception/ForbiddenException.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/service/AccountService.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/service/PrincipalDetailService.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/service/RedisTaskService.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/service/VerifyService.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/util/MessageUtils.java create mode 100644 module-api/src/main/java/com/peoplehere/api/common/util/RequestUtils.java create mode 100644 module-api/src/main/resources/application-api-dev.yml create mode 100644 module-api/src/main/resources/application-api-prod.yml create mode 100644 module-api/src/main/resources/application-api-stg.yml create mode 100644 module-api/src/main/resources/application-api-test.yml create mode 100644 module-api/src/main/resources/application.yml create mode 100644 module-api/src/main/resources/github.yml create mode 100644 module-shared/.gitignore create mode 100644 module-shared/build.gradle create mode 100644 module-shared/src/main/java/com/peoplehere/shared/SharedApplication.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/config/ObjectMapperConfig.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/config/PersistenceConfig.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/config/SharedWebConfig.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisConfig.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisKeyProperties.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisProperties.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/data/request/AlarmConsentRequestDto.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/data/request/PasswordRequestDto.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/data/request/SignInRequestDto.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/data/request/SignUpRequestDto.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/data/request/TokenRequestDto.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/data/response/AccountResponseDto.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/data/response/ErrorResponseDto.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/data/response/RegionResponseDto.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/entity/Account.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/entity/BaseTimeEntity.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/entity/Consent.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/entity/Language.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/entity/UserLanguage.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/enums/AccountAuthority.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/enums/AccountRole.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/enums/Gender.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/enums/Region.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/repository/AccountRepository.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/repository/ConsentRepository.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/util/PatternUtils.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/webhook/AlertWebhook.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/webhook/DiscordMessage.java create mode 100644 module-shared/src/main/java/com/peoplehere/shared/common/webhook/DiscordWebhook.java create mode 100644 module-shared/src/main/resources/application-shared-dev.yml create mode 100644 module-shared/src/main/resources/application-shared-prod.yml create mode 100644 module-shared/src/main/resources/application-shared-sample.yml create mode 100644 module-shared/src/main/resources/application-shared-stg.yml create mode 100644 module-shared/src/main/resources/application-shared-test.yml create mode 100644 module-shared/src/main/resources/db/migration/V1.1__init.sql create mode 100644 module-shared/src/main/resources/github.yml create mode 100644 module-shared/src/test/java/com/peoplehere/shared/common/TestConfig.java create mode 100644 module-shared/src/test/java/com/peoplehere/shared/common/TestContainerBaseTests.java create mode 100644 settings.gradle diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..784f24d --- /dev/null +++ b/.editorconfig @@ -0,0 +1,26 @@ +root = true + +[*] +# [encoding-utf8] +charset = utf-8 +end_of_line = lf + +# [newline-eof] +insert_final_newline = true + +[*.bat] +end_of_line = crlf + +[*.java] +# [indentation-tab] +indent_style = tab + +# [4-spaces-tab] +indent_size = 4 +tab_width = 4 + +# [no-trailing-spaces] +trim_trailing_whitespace = true + +[line-length-120] +max_line_length = 120 \ No newline at end of file diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..8bdaa74 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,7 @@ +*.png binary +*.jpg binary +*.jpeg binary +*.gif binary +*.bat text merge=union eol=crlf +* text=auto eol=lf +*.java text eol=lf diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..69c31d8 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,134 @@ +name: 'People Here Dev Build' + +on: + workflow_call: + inputs: + environment: + type: string + required: true + COMMIT_MESSAGE: + type: string + required: true + API_SERVER: + required: true + type: string + STAGE: + required: true + type: string + FORCE_REBUILD: + required: false + type: boolean + outputs: + APP_VERSION: + value: ${{ jobs.build.outputs.APP_VERSION }} + CACHE_KEY: + value: ${{ jobs.build.outputs.CACHE_KEY }} + +env: + STAGE: ${{ inputs.STAGE }} + API_SERVER: ${{ inputs.API_SERVER}} + CACHE_KEY: ${{ github.ref }}-${{ inputs.environment }}-${{ github.sha }} + +jobs: + build: + name: Build & Test + environment: ${{ inputs.environment }} + runs-on: ubuntu-latest + outputs: + APP_VERSION: ${{ steps.app-version.outputs.APP_VERSION }} + CACHE_KEY: ${{ env.CACHE_KEY }} + steps: + - uses: actions/checkout@v4 + + - name: Start + run: | + echo "\ + ___ __ __ __ + /\_ \ /\ \ /\ \ /\ \ + _____ __ ___ _____ \//\ \ __ \ \ \___ __ _ __ __ \ \ \ \ \ \ + /\ '__`\ /'__`\ / __`\ /\ '__`\ \ \ \ /'__`\ \ \ _ `\ /'__`\ /\`'__\ /'__`\ \ \ \ \ \ \ + \ \ \L\ \/\ __/ /\ \L\ \\ \ \L\ \ \_\ \_ /\ __/ \ \ \ \ \ /\ __/ \ \ \/ /\ __/ \ \_\ \ \_\ + \ \ ,__/\ \____\\ \____/ \ \ ,__/ /\____\\ \____\ \ \_\ \_\\ \____\ \ \_\ \ \____\ \/\_\ \/\_\ + \ \ \/ \/____/ \/___/ \ \ \/ \/____/ \/____/ \/_/\/_/ \/____/ \/_/ \/____/ \/_/ \/_/ + \ \_\ \ \_\ + \/_/ \/_/" + shell: bash + + - name: 버전 세팅 + id: app-version + run: | + BUILD_DATE=$(TZ=Asia/Seoul date +'%Y-%m-%d-%H-%M') + + case ${BRANCH_NAME} in + "main"|"staging"|"develop") + APP_VERSION="${STAGE:0:1}-${BUILD_DATE}" + ;; + "feature/"*) + ISSUE_NAME=$(echo "${BRANCH_NAME}" | sed -n 's/.*\(PH-[0-9]*\).*/\1/p') + APP_VERSION="${ISSUE_NAME}-${BUILD_DATE}" + ;; + *) + APP_VERSION="${STAGE}-${{ github.run_id }}" + ;; + esac + + echo "APP_VERSION=${APP_VERSION}" | tee -a $GITHUB_ENV >> $GITHUB_OUTPUT + echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_OUTPUT + shell: bash + env: + BRANCH_NAME: ${{ github.ref_name }} + STAGE: ${{ env.STAGE }} + + - name: 캐시 재사용 체크 + uses: actions/cache/restore@v4 + if: inputs.FORCE_REBUILD != true + id: artifact-cache-restore + with: + path: | + .build/jar/*.jar + key: ${{ env.CACHE_KEY }} + + - name: 버전정보 캐시정보 출력 + run: | + echo "# 앱 버전 APP_VERSION [ ${{ env.APP_VERSION }} ]" + if [ "${{ steps.artifact-cache-restore.outputs.cache-hit }}" == "true" ]; then + echo "### 캐시 ✅ (key: ${{ env.CACHE_KEY }})" >> $GITHUB_STEP_SUMMARY + else + echo "### 캐시 없음 ❎ (key: ${{ env.CACHE_KEY }})" >> $GITHUB_STEP_SUMMARY + fi + echo "" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + + # java 셋업 + - name: Set up JDK 21 + if: steps.artifact-cache-restore.outputs.cache-hit != 'true' + uses: actions/setup-java@v3 + with: + distribution: 'corretto' + java-version: '21' + + # gradle caching + - uses: actions/cache@v4 + name: Setup gradle cache + with: + path: | + ~/.gradle/caches + ~/.gradle/wrapper + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + restore-keys: | + ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + ${{ runner.os }}-gradle- + + - name: API 빌드 - JAR + if: steps.artifact-cache-restore.outputs.cache-hit != 'true' + uses: gradle/gradle-build-action@v2 + with: + arguments: -i :module-api:build + + - uses: actions/cache/save@v3 + if: ${{ steps.artifact-cache-restore.outputs.cache-hit != 'true' && ! endsWith(steps.app-version.outputs.BRANCH_NAME, '/merge') }} + id: artifact-cache + with: + path: | + .build/jar/*.jar + key: ${{ env.CACHE_KEY }} diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml new file mode 100644 index 0000000..c996076 --- /dev/null +++ b/.github/workflows/develop.yml @@ -0,0 +1,41 @@ +name: 3. Develop 🚀 + +on: + workflow_dispatch: + inputs: + deploy-api: + description: Develop API 서버 배포 🎉🤣 + type: boolean + required: false + force-rebuild: + description: 강제 빌드 + type: boolean + required: false + + push: + branches: + - develop + # - 'feature/**' + pull_request: + branches: + - develop + +# https://github.com/gradle/gradle-build-action#caching +permissions: + contents: write + +jobs: + build: + name: 빌드 & 테스트 + concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + uses: ./.github/workflows/build.yml + with: + environment: develop + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + API_SERVER: https://dev.peoplehere.world + STAGE: develop + FORCE_REBUILD: ${{ inputs.force-rebuild == true }} + secrets: inherit + diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml new file mode 100644 index 0000000..2f04316 --- /dev/null +++ b/.github/workflows/production.yml @@ -0,0 +1,56 @@ +name: 1. Production + +on: + workflow_dispatch: + inputs: + deploy-api: + description: Production API 서버 배포 🎉🤣 + type: boolean + required: false + force-rebuild: + description: 강제 빌드 + type: boolean + required: false + version-to-upgrade: + description: 배포 버전 업그레이드 + type: choice + required: true + options: + - major + - minor + - patch + default: patch + + push: + branches: + - main + +# https://github.com/gradle/gradle-build-action#caching +permissions: + contents: write + +jobs: + build: + name: 빌드 & 테스트 + concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + uses: ./.github/workflows/build.yml + with: + environment: production + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + API_SERVER: https://prod.peoplehere.world + STAGE: production + FORCE_REBUILD: ${{ inputs.force-rebuild == true }} + secrets: inherit + + release: + if: ${{ github.event_name == 'workflow_dispatch' }} + name: 릴리즈 + uses: ./.github/workflows/release.yml + with: + environment: production + STAGE: production + CACHE_KEY: ${{ needs.build.outputs.CACHE_KEY }} + VERSION_TO_UPGRADE: ${{ github.event.inputs.version-to-upgrade }} + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..af26451 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,117 @@ +name: 'peoplehere-release' + +on: + workflow_call: + inputs: + environment: + type: string + required: true + STAGE: + type: string + required: true + CACHE_KEY: + type: string + required: true + VERSION_TO_UPGRADE: # major.minor.patch + type: string + required: true + outputs: + APP_VERSION: + value: ${{ jobs.release.outputs.APP_VERSION }} + CACHE_KEY: + value: ${{ jobs.release.outputs.CACHE_KEY }} + +env: + owner: People-Here + repo: people-here-dev + +jobs: + release: + name: Release New Version + environment: ${{ inputs.environment }} + runs-on: ubuntu-latest + outputs: + APP_VERSION: ${{ env.new-version }}-${{ env.release-date }} + CACHE_KEY: ${{ inputs.CACHE_KEY }} + steps: + - uses: actions/checkout@v3 + + - name: 캐시 불러오기 + uses: actions/cache/restore@v3 + id: artifact-cache-restore + with: + path: | + .build/jar/*.jar + key: ${{ inputs.CACHE_KEY }} + + - name: Set Release Date + run: | + echo "release-date=$(TZ=Asia/Seoul date +'%Y-%m-%d')" >> $GITHUB_ENV + + - name: 최신 릴리즈 버전 조회 + id: get-latest-release + env: + GH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }} + run: | + OLD_RELEASE=$(gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/${{ env.owner }}/${{ env.repo }}/releases/latest) + + echo "old-release=${OLD_RELEASE}" >> $GITHUB_ENV + continue-on-error: true + + - name: 릴리즈 버전 조회 실패 시 최초 릴리즈로 간주 + if: ${{ steps.get-latest-release.outcome != 'success' }} + run: | + NEW_VERSION="v1.0.0" + echo "new-version=${NEW_VERSION}" >> $GITHUB_ENV + + - name: 버전업 + if: ${{ steps.get-latest-release.outcome == 'success' }} + run: | + OLD_VERSION=${{ fromJson(env.old-release).tag_name }} + echo "OLD_VERSION: ${OLD_VERSION}" + + MAJOR=$(echo $OLD_VERSION | cut -d. -f1 | sed 's/v//') + MINOR=$(echo $OLD_VERSION | cut -d. -f2) + PATCH=$(echo $OLD_VERSION | cut -d. -f3) + echo "major: $MAJOR, minor: $MINOR, patch: $PATCH" + + INCREMENT_TYPE=${{ inputs.VERSION_TO_UPGRADE }} + if [ "$INCREMENT_TYPE" == "major" ]; then + echo "upgrading major version" + MAJOR=$((++MAJOR)) + MINOR=0 + PATCH=0 + elif [ "$INCREMENT_TYPE" == "minor" ]; then + echo "upgrading minor version" + MINOR=$((++MINOR)) + PATCH=0 + elif [ "$INCREMENT_TYPE" == "patch" ]; then + echo "upgrading patch version" + PATCH=$((++PATCH)) + else + echo "Invalid increment type!" + exit 1 + fi + + echo "NEW_VERSION: v$MAJOR.$MINOR.$PATCH" + NEW_VERSION="v$MAJOR.$MINOR.$PATCH" + echo "new-version=${NEW_VERSION}" >> $GITHUB_ENV + + - name: 버전업 태그 생성 + env: + GH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }} + run: | + NEW_RELEASE=$(gh api \ + --method POST \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/${{ env.owner }}/${{ env.repo }}/releases \ + -f tag_name=${{ env.new-version }} \ + -f target_commitish='main' \ + -f name=${{ env.new-version }} \ + -f body='${{ env.new-version }} release') + + echo "new-release=${NEW_RELEASE}" >> $GITHUB_ENV diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml new file mode 100644 index 0000000..13a4303 --- /dev/null +++ b/.github/workflows/staging.yml @@ -0,0 +1,37 @@ +name: 2. Staging 🚀 + +on: + workflow_dispatch: + inputs: + deploy-api: + description: Staging API 서버 배포 🎉🤣 + type: boolean + required: false + force-rebuild: + description: 강제 빌드 + type: boolean + required: false + + push: + branches: + - staging + +# https://github.com/gradle/gradle-build-action#caching +permissions: + contents: write + +jobs: + build: + name: 빌드 & 테스트 + concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + uses: ./.github/workflows/build.yml + with: + environment: staging + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + API_SERVER: https://stg.peoplehere.world + STAGE: develop + FORCE_REBUILD: ${{ inputs.force-rebuild == true }} + secrets: inherit + diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e993330 --- /dev/null +++ b/.gitignore @@ -0,0 +1,56 @@ +.gradle +build/ +!gradle/wrapper/gradle-wrapper.jar +!**/src/main/**/build/ +!**/src/test/**/build/ + +### IntelliJ IDEA ### +.idea +.idea/modules.xml +.idea/jarRepositories.xml +.idea/compiler.xml +.idea/libraries/ +*.iws +*.iml +*.ipr +out/ +!**/src/main/**/out/ +!**/src/test/**/out/ + +### Eclipse ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache +bin/ +!**/src/main/**/bin/ +!**/src/test/**/bin/ + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ + +### VS Code ### +.vscode/ + +### Mac OS ### +.DS_Store + +.system +.build + +local.properties + +**/src/main/generated +*.pid +*.log +*.http + +module-api/src/main/resources/application-api-local.yml +module-shared/src/main/resources/application-shared-local.yml diff --git a/build.gradle b/build.gradle new file mode 100644 index 0000000..8a788a7 --- /dev/null +++ b/build.gradle @@ -0,0 +1,225 @@ +plugins { + id 'java' + id 'org.springframework.boot' version '3.2.4' + id 'io.spring.dependency-management' version '1.1.4' + + // checkstyle + id 'checkstyle' + + // jacoco + id 'jacoco' +} + +tasks.named('bootJar') { + enabled = false +} + +tasks.named('jar') { + enabled = false +} + +ext["testcontainersVersion"] = "1.19.6" + +subprojects { + group = 'com.peoplehere' + version = '0.0.1-SNAPSHOT' + sourceCompatibility = '21' + + apply plugin: 'java' + apply plugin: 'java-library' + apply plugin: 'org.springframework.boot' + apply plugin: 'io.spring.dependency-management' + apply plugin: 'checkstyle' + apply plugin: 'jacoco' + + configurations { + compileOnly { + extendsFrom annotationProcessor + } + } + + repositories { + mavenCentral() + } + + // IntelliJ 빌드용 + tasks.register('cleanOut', Delete) { + delete "${projectDir}/out" + } + + clean.finalizedBy(cleanOut) + + // 모든 모듈 공통 의존성 + dependencies { + + // Lombok & Mapstruct + compileOnly 'org.projectlombok:lombok' + implementation 'org.mapstruct:mapstruct:1.5.1.Final' + implementation 'org.projectlombok:lombok-mapstruct-binding:0.2.0' + annotationProcessor "org.projectlombok:lombok-mapstruct-binding:0.2.0" + annotationProcessor 'org.projectlombok:lombok' + annotationProcessor 'org.mapstruct:mapstruct-processor:1.5.1.Final' + + // flyway + implementation 'org.flywaydb:flyway-core' + + // https://mvnrepository.com/artifact/com.vladmihalcea/hibernate-types-60 + implementation 'io.hypersistence:hypersistence-utils-hibernate-60:3.5.1' + + // spring boot + implementation 'org.springframework.boot:spring-boot-starter-data-jpa' + implementation 'org.springframework.boot:spring-boot-starter-security' + implementation 'org.springframework.boot:spring-boot-starter-web' + implementation 'org.springframework.boot:spring-boot-starter-actuator' + implementation 'org.springframework.boot:spring-boot-starter-validation' + implementation 'org.springframework.boot:spring-boot-starter-jdbc' + + // jwt + implementation 'io.jsonwebtoken:jjwt-api:0.12.5' + implementation 'io.jsonwebtoken:jjwt-impl:0.12.5' + implementation 'io.jsonwebtoken:jjwt-jackson:0.12.5' + + // redis + implementation 'org.springframework.boot:spring-boot-starter-data-redis' + + // postgresql + runtimeOnly 'org.postgresql:postgresql' + + testImplementation 'org.springframework.boot:spring-boot-starter-test' + testImplementation 'org.springframework.security:spring-security-test' + testImplementation platform('org.junit:junit-bom:5.9.1') + testImplementation "org.testcontainers:junit-jupiter:${testcontainersVersion}" + + // testContainer + testImplementation "org.testcontainers:testcontainers" + testImplementation 'org.testcontainers:postgresql' + testImplementation 'io.rest-assured:rest-assured' + + } + + dependencyManagement { + imports { + mavenBom "org.testcontainers:testcontainers-bom:${testcontainersVersion}" + } + } + + checkstyle { + maxWarnings = 0 + configFile = file("${rootDir}/lint/naver-checkstyle-rules.xml") + configProperties = ["suppressionFile": "${rootDir}/lint/naver-checkstyle-suppressions.xml"] + toolVersion = "10.13.0" + } + + compileJava.options.encoding = 'UTF-8' + compileTestJava.options.encoding = 'UTF-8' + + tasks.named('test') { + useJUnitPlatform() + finalizedBy 'jacocoTestReport' + } + + def QDomains = [] + for (qPattern in '*.QA'..'*.QZ') { // qPattern = '*.QA', '*.QB', ... '*.QZ' + QDomains.add(qPattern + '*') + } + + jacoco { + toolVersion = '0.8.11' // support jdk 21 + // reportsDir = file("$buildDir/customJacocoReportDir") + } + + jacocoTestReport { + + reports { + html.required = true + xml.required = true + csv.required = false + + // 리포트의 저장 경로 설정 + // layout.buildDirectory를 직접 사용하여 보고서 목적지 지정 + html.destination file("${layout.buildDirectory.dir('reports/jacoco').get().asFile}/index.html") + xml.destination file("${layout.buildDirectory.dir('reports/jacoco').get().asFile}/index.xml") + } + + afterEvaluate { + classDirectories.setFrom( + files(classDirectories.files.collect { + fileTree(dir: it, excludes: [ + // 측정 안하고 싶은 패턴 + "**/*Application*", + "**/*Properties*", + "**/*Config*", + "**/entity/**", + "**/enums/**", + "**/resources/**", + "**/test/**" + ] + QDomains) + }) + ) + } + + finalizedBy 'jacocoTestCoverageVerification' + } + + jacocoTestCoverageVerification { + + violationRules { + + rule { +// enabled = true + enabled = false + element = 'CLASS' + + limit { + counter = 'BRANCH' + value = 'COVEREDRATIO' + minimum = 0.80 + } + + limit { + counter = 'LINE' + value = 'COVEREDRATIO' + minimum = 0.80 + } + + excludes = [ + // 측정 안하고 싶은 패턴 + '*.*Application*', + "*.*Properties*", + '*.*Config*', + "**.test.**", + "**.entity.**", + "**.enums.**", + "**.resources.**" + ] + QDomains + } + } + } + +} + +project(':module-shared') { + + bootJar { enabled = false } + jar { enabled = true } + + dependencies { + } +} + +project(':module-api') { + + bootJar { + enabled = true + destinationDirectory = file("$rootDir/$jarDestDir") + archiveFileName = "api.jar" + } + jar { enabled = false } + + dependencies { + implementation project(':module-shared') + + // mail + implementation 'org.springframework.boot:spring-boot-starter-mail' + } +} diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml new file mode 100644 index 0000000..2574760 --- /dev/null +++ b/docker/docker-compose.yaml @@ -0,0 +1,27 @@ +version: "3.8" + +services: + db: + container_name: ph-db + image: postgres:15 + volumes: + - ./.system/docker-data/postgres:/var/lib/postgresql/data + - ./init-db.sh:/docker-entrypoint-initdb.d/init-db.sh + ports: + - "5432:5432" + environment: + - TZ=Asia/Seoul + - POSTGRES_DB=postgres + - POSTGRES_USER=ph + - POSTGRES_PASSWORD=ph + redis: + container_name: ph-redis + image: redis:alpine3.19 + command: redis-server --port 6379 + volumes: + - ./.system/docker-data/redis:/data + labels: + - "name=redis" + - "mode=standalone" + ports: + - 6379:6379 diff --git a/docker/init-db.sh b/docker/init-db.sh new file mode 100644 index 0000000..d6f8f8e --- /dev/null +++ b/docker/init-db.sh @@ -0,0 +1,9 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + create user sonar; + alter user sonar with password 'sonar' superuser; + create database sonar; + grant all privileges on database sonar to sonar; +EOSQL diff --git a/gradle.properties b/gradle.properties new file mode 100644 index 0000000..857e611 --- /dev/null +++ b/gradle.properties @@ -0,0 +1,2 @@ +org.gradle.logging.level=info +jarDestDir=.build/jar/ diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000000000000000000000000000000000000..249e5832f090a2944b7473328c07c9755baa3196 GIT binary patch literal 60756 zcmb5WV{~QRw(p$^Dz@00IL3?^hro$gg*4VI_WAaTyVM5Foj~O|-84 z$;06hMwt*rV;^8iB z1~&0XWpYJmG?Ts^K9PC62H*`G}xom%S%yq|xvG~FIfP=9*f zZoDRJBm*Y0aId=qJ?7dyb)6)JGWGwe)MHeNSzhi)Ko6J<-m@v=a%NsP537lHe0R* z`If4$aaBA#S=w!2z&m>{lpTy^Lm^mg*3?M&7HFv}7K6x*cukLIGX;bQG|QWdn{%_6 zHnwBKr84#B7Z+AnBXa16a?or^R?+>$4`}{*a_>IhbjvyTtWkHw)|ay)ahWUd-qq$~ zMbh6roVsj;_qnC-R{G+Cy6bApVOinSU-;(DxUEl!i2)1EeQ9`hrfqj(nKI7?Z>Xur zoJz-a`PxkYit1HEbv|jy%~DO^13J-ut986EEG=66S}D3!L}Efp;Bez~7tNq{QsUMm zh9~(HYg1pA*=37C0}n4g&bFbQ+?-h-W}onYeE{q;cIy%eZK9wZjSwGvT+&Cgv z?~{9p(;bY_1+k|wkt_|N!@J~aoY@|U_RGoWX<;p{Nu*D*&_phw`8jYkMNpRTWx1H* z>J-Mi_!`M468#5Aix$$u1M@rJEIOc?k^QBc?T(#=n&*5eS#u*Y)?L8Ha$9wRWdH^3D4|Ps)Y?m0q~SiKiSfEkJ!=^`lJ(%W3o|CZ zSrZL-Xxc{OrmsQD&s~zPfNJOpSZUl%V8tdG%ei}lQkM+z@-4etFPR>GOH9+Y_F<3=~SXln9Kb-o~f>2a6Xz@AS3cn^;c_>lUwlK(n>z?A>NbC z`Ud8^aQy>wy=$)w;JZzA)_*Y$Z5hU=KAG&htLw1Uh00yE!|Nu{EZkch zY9O6x7Y??>!7pUNME*d!=R#s)ghr|R#41l!c?~=3CS8&zr6*aA7n9*)*PWBV2w+&I zpW1-9fr3j{VTcls1>ua}F*bbju_Xq%^v;-W~paSqlf zolj*dt`BBjHI)H9{zrkBo=B%>8}4jeBO~kWqO!~Thi!I1H(in=n^fS%nuL=X2+s!p}HfTU#NBGiwEBF^^tKU zbhhv+0dE-sbK$>J#t-J!B$TMgN@Wh5wTtK2BG}4BGfsZOoRUS#G8Cxv|6EI*n&Xxq zt{&OxCC+BNqz$9b0WM7_PyBJEVObHFh%%`~!@MNZlo*oXDCwDcFwT~Rls!aApL<)^ zbBftGKKBRhB!{?fX@l2_y~%ygNFfF(XJzHh#?`WlSL{1lKT*gJM zs>bd^H9NCxqxn(IOky5k-wALFowQr(gw%|`0991u#9jXQh?4l|l>pd6a&rx|v=fPJ z1mutj{YzpJ_gsClbWFk(G}bSlFi-6@mwoQh-XeD*j@~huW4(8ub%^I|azA)h2t#yG z7e_V_<4jlM3D(I+qX}yEtqj)cpzN*oCdYHa!nm%0t^wHm)EmFP*|FMw!tb@&`G-u~ zK)=Sf6z+BiTAI}}i{*_Ac$ffr*Wrv$F7_0gJkjx;@)XjYSh`RjAgrCck`x!zP>Ifu z&%he4P|S)H*(9oB4uvH67^0}I-_ye_!w)u3v2+EY>eD3#8QR24<;7?*hj8k~rS)~7 zSXs5ww)T(0eHSp$hEIBnW|Iun<_i`}VE0Nc$|-R}wlSIs5pV{g_Dar(Zz<4X3`W?K z6&CAIl4U(Qk-tTcK{|zYF6QG5ArrEB!;5s?tW7 zrE3hcFY&k)+)e{+YOJ0X2uDE_hd2{|m_dC}kgEKqiE9Q^A-+>2UonB+L@v3$9?AYw zVQv?X*pK;X4Ovc6Ev5Gbg{{Eu*7{N3#0@9oMI~}KnObQE#Y{&3mM4`w%wN+xrKYgD zB-ay0Q}m{QI;iY`s1Z^NqIkjrTlf`B)B#MajZ#9u41oRBC1oM1vq0i|F59> z#StM@bHt|#`2)cpl_rWB($DNJ3Lap}QM-+A$3pe}NyP(@+i1>o^fe-oxX#Bt`mcQc zb?pD4W%#ep|3%CHAYnr*^M6Czg>~L4?l16H1OozM{P*en298b+`i4$|w$|4AHbzqB zHpYUsHZET$Z0ztC;U+0*+amF!@PI%^oUIZy{`L{%O^i{Xk}X0&nl)n~tVEpcAJSJ} zverw15zP1P-O8h9nd!&hj$zuwjg?DoxYIw{jWM zW5_pj+wFy8Tsa9g<7Qa21WaV&;ejoYflRKcz?#fSH_)@*QVlN2l4(QNk| z4aPnv&mrS&0|6NHq05XQw$J^RR9T{3SOcMKCXIR1iSf+xJ0E_Wv?jEc*I#ZPzyJN2 zUG0UOXHl+PikM*&g$U@g+KbG-RY>uaIl&DEtw_Q=FYq?etc!;hEC_}UX{eyh%dw2V zTTSlap&5>PY{6I#(6`j-9`D&I#|YPP8a;(sOzgeKDWsLa!i-$frD>zr-oid!Hf&yS z!i^cr&7tN}OOGmX2)`8k?Tn!!4=tz~3hCTq_9CdiV!NIblUDxHh(FJ$zs)B2(t5@u z-`^RA1ShrLCkg0)OhfoM;4Z{&oZmAec$qV@ zGQ(7(!CBk<5;Ar%DLJ0p0!ResC#U<+3i<|vib1?{5gCebG7$F7URKZXuX-2WgF>YJ^i zMhHDBsh9PDU8dlZ$yJKtc6JA#y!y$57%sE>4Nt+wF1lfNIWyA`=hF=9Gj%sRwi@vd z%2eVV3y&dvAgyuJ=eNJR+*080dbO_t@BFJO<@&#yqTK&+xc|FRR;p;KVk@J3$S{p` zGaMj6isho#%m)?pOG^G0mzOAw0z?!AEMsv=0T>WWcE>??WS=fII$t$(^PDPMU(P>o z_*0s^W#|x)%tx8jIgZY~A2yG;US0m2ZOQt6yJqW@XNY_>_R7(Nxb8Ged6BdYW6{prd!|zuX$@Q2o6Ona8zzYC1u!+2!Y$Jc9a;wy+pXt}o6~Bu1oF1c zp7Y|SBTNi@=I(K%A60PMjM#sfH$y*c{xUgeSpi#HB`?|`!Tb&-qJ3;vxS!TIzuTZs-&%#bAkAyw9m4PJgvey zM5?up*b}eDEY+#@tKec)-c(#QF0P?MRlD1+7%Yk*jW;)`f;0a-ZJ6CQA?E%>i2Dt7T9?s|9ZF|KP4;CNWvaVKZ+Qeut;Jith_y{v*Ny6Co6!8MZx;Wgo z=qAi%&S;8J{iyD&>3CLCQdTX*$+Rx1AwA*D_J^0>suTgBMBb=*hefV+Ars#mmr+YsI3#!F@Xc1t4F-gB@6aoyT+5O(qMz*zG<9Qq*f0w^V!03rpr*-WLH}; zfM{xSPJeu6D(%8HU%0GEa%waFHE$G?FH^kMS-&I3)ycx|iv{T6Wx}9$$D&6{%1N_8 z_CLw)_9+O4&u94##vI9b-HHm_95m)fa??q07`DniVjAy`t7;)4NpeyAY(aAk(+T_O z1om+b5K2g_B&b2DCTK<>SE$Ode1DopAi)xaJjU>**AJK3hZrnhEQ9E`2=|HHe<^tv z63e(bn#fMWuz>4erc47}!J>U58%<&N<6AOAewyzNTqi7hJc|X{782&cM zHZYclNbBwU6673=!ClmxMfkC$(CykGR@10F!zN1Se83LR&a~$Ht&>~43OX22mt7tcZUpa;9@q}KDX3O&Ugp6< zLZLfIMO5;pTee1vNyVC$FGxzK2f>0Z-6hM82zKg44nWo|n}$Zk6&;5ry3`(JFEX$q zK&KivAe${e^5ZGc3a9hOt|!UOE&OocpVryE$Y4sPcs4rJ>>Kbi2_subQ9($2VN(3o zb~tEzMsHaBmBtaHAyES+d3A(qURgiskSSwUc9CfJ@99&MKp2sooSYZu+-0t0+L*!I zYagjOlPgx|lep9tiU%ts&McF6b0VE57%E0Ho%2oi?=Ks+5%aj#au^OBwNwhec zta6QAeQI^V!dF1C)>RHAmB`HnxyqWx?td@4sd15zPd*Fc9hpDXP23kbBenBxGeD$k z;%0VBQEJ-C)&dTAw_yW@k0u?IUk*NrkJ)(XEeI z9Y>6Vel>#s_v@=@0<{4A{pl=9cQ&Iah0iD0H`q)7NeCIRz8zx;! z^OO;1+IqoQNak&pV`qKW+K0^Hqp!~gSohcyS)?^P`JNZXw@gc6{A3OLZ?@1Uc^I2v z+X!^R*HCm3{7JPq{8*Tn>5;B|X7n4QQ0Bs79uTU%nbqOJh`nX(BVj!#f;#J+WZxx4 z_yM&1Y`2XzhfqkIMO7tB3raJKQS+H5F%o83bM+hxbQ zeeJm=Dvix$2j|b4?mDacb67v-1^lTp${z=jc1=j~QD>7c*@+1?py>%Kj%Ejp7Y-!? z8iYRUlGVrQPandAaxFfks53@2EC#0)%mrnmGRn&>=$H$S8q|kE_iWko4`^vCS2aWg z#!`RHUGyOt*k?bBYu3*j3u0gB#v(3tsije zgIuNNWNtrOkx@Pzs;A9un+2LX!zw+p3_NX^Sh09HZAf>m8l@O*rXy_82aWT$Q>iyy zqO7Of)D=wcSn!0+467&!Hl))eff=$aneB?R!YykdKW@k^_uR!+Q1tR)+IJb`-6=jj zymzA>Sv4>Z&g&WWu#|~GcP7qP&m*w-S$)7Xr;(duqCTe7p8H3k5>Y-n8438+%^9~K z3r^LIT_K{i7DgEJjIocw_6d0!<;wKT`X;&vv+&msmhAAnIe!OTdybPctzcEzBy88_ zWO{6i4YT%e4^WQZB)KHCvA(0tS zHu_Bg+6Ko%a9~$EjRB90`P(2~6uI@SFibxct{H#o&y40MdiXblu@VFXbhz>Nko;7R z70Ntmm-FePqhb%9gL+7U8@(ch|JfH5Fm)5${8|`Lef>LttM_iww6LW2X61ldBmG0z zax3y)njFe>j*T{i0s8D4=L>X^j0)({R5lMGVS#7(2C9@AxL&C-lZQx~czI7Iv+{%1 z2hEG>RzX4S8x3v#9sgGAnPzptM)g&LB}@%E>fy0vGSa(&q0ch|=ncKjNrK z`jA~jObJhrJ^ri|-)J^HUyeZXz~XkBp$VhcTEcTdc#a2EUOGVX?@mYx#Vy*!qO$Jv zQ4rgOJ~M*o-_Wptam=~krnmG*p^j!JAqoQ%+YsDFW7Cc9M%YPiBOrVcD^RY>m9Pd< zu}#9M?K{+;UIO!D9qOpq9yxUquQRmQNMo0pT`@$pVt=rMvyX)ph(-CCJLvUJy71DI zBk7oc7)-%ngdj~s@76Yse3L^gV0 z2==qfp&Q~L(+%RHP0n}+xH#k(hPRx(!AdBM$JCfJ5*C=K3ts>P?@@SZ_+{U2qFZb>4kZ{Go37{# zSQc+-dq*a-Vy4?taS&{Ht|MLRiS)Sn14JOONyXqPNnpq&2y~)6wEG0oNy>qvod$FF z`9o&?&6uZjhZ4_*5qWVrEfu(>_n2Xi2{@Gz9MZ8!YmjYvIMasE9yVQL10NBrTCczq zcTY1q^PF2l!Eraguf{+PtHV3=2A?Cu&NN&a8V(y;q(^_mFc6)%Yfn&X&~Pq zU1?qCj^LF(EQB1F`8NxNjyV%fde}dEa(Hx=r7$~ts2dzDwyi6ByBAIx$NllB4%K=O z$AHz1<2bTUb>(MCVPpK(E9wlLElo(aSd(Os)^Raum`d(g9Vd_+Bf&V;l=@mM=cC>) z)9b0enb)u_7V!!E_bl>u5nf&Rl|2r=2F3rHMdb7y9E}}F82^$Rf+P8%dKnOeKh1vs zhH^P*4Ydr^$)$h@4KVzxrHyy#cKmWEa9P5DJ|- zG;!Qi35Tp7XNj60=$!S6U#!(${6hyh7d4q=pF{`0t|N^|L^d8pD{O9@tF~W;#Je*P z&ah%W!KOIN;SyAEhAeTafJ4uEL`(RtnovM+cb(O#>xQnk?dzAjG^~4$dFn^<@-Na3 z395;wBnS{t*H;Jef2eE!2}u5Ns{AHj>WYZDgQJt8v%x?9{MXqJsGP|l%OiZqQ1aB! z%E=*Ig`(!tHh>}4_z5IMpg{49UvD*Pp9!pxt_gdAW%sIf3k6CTycOT1McPl=_#0?8 zVjz8Hj*Vy9c5-krd-{BQ{6Xy|P$6LJvMuX$* zA+@I_66_ET5l2&gk9n4$1M3LN8(yEViRx&mtd#LD}AqEs?RW=xKC(OCWH;~>(X6h!uDxXIPH06xh z*`F4cVlbDP`A)-fzf>MuScYsmq&1LUMGaQ3bRm6i7OsJ|%uhTDT zlvZA1M}nz*SalJWNT|`dBm1$xlaA>CCiQ zK`xD-RuEn>-`Z?M{1%@wewf#8?F|(@1e0+T4>nmlSRrNK5f)BJ2H*$q(H>zGD0>eL zQ!tl_Wk)k*e6v^m*{~A;@6+JGeWU-q9>?+L_#UNT%G?4&BnOgvm9@o7l?ov~XL+et zbGT)|G7)KAeqb=wHSPk+J1bdg7N3$vp(ekjI1D9V$G5Cj!=R2w=3*4!z*J-r-cyeb zd(i2KmX!|Lhey!snRw z?#$Gu%S^SQEKt&kep)up#j&9}e+3=JJBS(s>MH+|=R(`8xK{mmndWo_r`-w1#SeRD&YtAJ#GiVI*TkQZ}&aq<+bU2+coU3!jCI6E+Ad_xFW*ghnZ$q zAoF*i&3n1j#?B8x;kjSJD${1jdRB;)R*)Ao!9bd|C7{;iqDo|T&>KSh6*hCD!rwv= zyK#F@2+cv3=|S1Kef(E6Niv8kyLVLX&e=U;{0x{$tDfShqkjUME>f8d(5nzSkY6@! z^-0>DM)wa&%m#UF1F?zR`8Y3X#tA!*7Q$P3lZJ%*KNlrk_uaPkxw~ zxZ1qlE;Zo;nb@!SMazSjM>;34ROOoygo%SF);LL>rRonWwR>bmSd1XD^~sGSu$Gg# zFZ`|yKU0%!v07dz^v(tY%;So(e`o{ZYTX`hm;@b0%8|H>VW`*cr8R%3n|ehw2`(9B+V72`>SY}9^8oh$En80mZK9T4abVG*to;E z1_S6bgDOW?!Oy1LwYy=w3q~KKdbNtyH#d24PFjX)KYMY93{3-mPP-H>@M-_>N~DDu zENh~reh?JBAK=TFN-SfDfT^=+{w4ea2KNWXq2Y<;?(gf(FgVp8Zp-oEjKzB%2Iqj;48GmY3h=bcdYJ}~&4tS`Q1sb=^emaW$IC$|R+r-8V- zf0$gGE(CS_n4s>oicVk)MfvVg#I>iDvf~Ov8bk}sSxluG!6#^Z_zhB&U^`eIi1@j( z^CK$z^stBHtaDDHxn+R;3u+>Lil^}fj?7eaGB z&5nl^STqcaBxI@v>%zG|j))G(rVa4aY=B@^2{TFkW~YP!8!9TG#(-nOf^^X-%m9{Z zCC?iC`G-^RcBSCuk=Z`(FaUUe?hf3{0C>>$?Vs z`2Uud9M+T&KB6o4o9kvdi^Q=Bw!asPdxbe#W-Oaa#_NP(qpyF@bVxv5D5))srkU#m zj_KA+#7sqDn*Ipf!F5Byco4HOSd!Ui$l94|IbW%Ny(s1>f4|Mv^#NfB31N~kya9!k zWCGL-$0ZQztBate^fd>R!hXY_N9ZjYp3V~4_V z#eB)Kjr8yW=+oG)BuNdZG?jaZlw+l_ma8aET(s+-x+=F-t#Qoiuu1i`^x8Sj>b^U} zs^z<()YMFP7CmjUC@M=&lA5W7t&cxTlzJAts*%PBDAPuqcV5o7HEnqjif_7xGt)F% zGx2b4w{@!tE)$p=l3&?Bf#`+!-RLOleeRk3 z7#pF|w@6_sBmn1nECqdunmG^}pr5(ZJQVvAt$6p3H(16~;vO>?sTE`Y+mq5YP&PBo zvq!7#W$Gewy`;%6o^!Dtjz~x)T}Bdk*BS#=EY=ODD&B=V6TD2z^hj1m5^d6s)D*wk zu$z~D7QuZ2b?5`p)E8e2_L38v3WE{V`bVk;6fl#o2`) z99JsWhh?$oVRn@$S#)uK&8DL8>An0&S<%V8hnGD7Z^;Y(%6;^9!7kDQ5bjR_V+~wp zfx4m3z6CWmmZ<8gDGUyg3>t8wgJ5NkkiEm^(sedCicP^&3D%}6LtIUq>mXCAt{9eF zNXL$kGcoUTf_Lhm`t;hD-SE)m=iBnxRU(NyL}f6~1uH)`K!hmYZjLI%H}AmEF5RZt z06$wn63GHnApHXZZJ}s^s)j9(BM6e*7IBK6Bq(!)d~zR#rbxK9NVIlgquoMq z=eGZ9NR!SEqP6=9UQg#@!rtbbSBUM#ynF);zKX+|!Zm}*{H z+j=d?aZ2!?@EL7C~%B?6ouCKLnO$uWn;Y6Xz zX8dSwj732u(o*U3F$F=7xwxm>E-B+SVZH;O-4XPuPkLSt_?S0)lb7EEg)Mglk0#eS z9@jl(OnH4juMxY+*r03VDfPx_IM!Lmc(5hOI;`?d37f>jPP$?9jQQIQU@i4vuG6MagEoJrQ=RD7xt@8E;c zeGV*+Pt+t$@pt!|McETOE$9k=_C!70uhwRS9X#b%ZK z%q(TIUXSS^F0`4Cx?Rk07C6wI4!UVPeI~-fxY6`YH$kABdOuiRtl73MqG|~AzZ@iL&^s?24iS;RK_pdlWkhcF z@Wv-Om(Aealfg)D^adlXh9Nvf~Uf@y;g3Y)i(YP zEXDnb1V}1pJT5ZWyw=1i+0fni9yINurD=EqH^ciOwLUGi)C%Da)tyt=zq2P7pV5-G zR7!oq28-Fgn5pW|nlu^b!S1Z#r7!Wtr{5J5PQ>pd+2P7RSD?>(U7-|Y z7ZQ5lhYIl_IF<9?T9^IPK<(Hp;l5bl5tF9>X-zG14_7PfsA>6<$~A338iYRT{a@r_ zuXBaT=`T5x3=s&3=RYx6NgG>No4?5KFBVjE(swfcivcIpPQFx5l+O;fiGsOrl5teR z_Cm+;PW}O0Dwe_(4Z@XZ)O0W-v2X><&L*<~*q3dg;bQW3g7)a#3KiQP>+qj|qo*Hk z?57>f2?f@`=Fj^nkDKeRkN2d$Z@2eNKpHo}ksj-$`QKb6n?*$^*%Fb3_Kbf1(*W9K>{L$mud2WHJ=j0^=g30Xhg8$#g^?36`p1fm;;1@0Lrx+8t`?vN0ZorM zSW?rhjCE8$C|@p^sXdx z|NOHHg+fL;HIlqyLp~SSdIF`TnSHehNCU9t89yr@)FY<~hu+X`tjg(aSVae$wDG*C zq$nY(Y494R)hD!i1|IIyP*&PD_c2FPgeY)&mX1qujB1VHPG9`yFQpLFVQ0>EKS@Bp zAfP5`C(sWGLI?AC{XEjLKR4FVNw(4+9b?kba95ukgR1H?w<8F7)G+6&(zUhIE5Ef% z=fFkL3QKA~M@h{nzjRq!Y_t!%U66#L8!(2-GgFxkD1=JRRqk=n%G(yHKn%^&$dW>; zSjAcjETMz1%205se$iH_)ZCpfg_LwvnsZQAUCS#^FExp8O4CrJb6>JquNV@qPq~3A zZ<6dOU#6|8+fcgiA#~MDmcpIEaUO02L5#T$HV0$EMD94HT_eXLZ2Zi&(! z&5E>%&|FZ`)CN10tM%tLSPD*~r#--K(H-CZqIOb99_;m|D5wdgJ<1iOJz@h2Zkq?} z%8_KXb&hf=2Wza(Wgc;3v3TN*;HTU*q2?#z&tLn_U0Nt!y>Oo>+2T)He6%XuP;fgn z-G!#h$Y2`9>Jtf}hbVrm6D70|ERzLAU>3zoWhJmjWfgM^))T+2u$~5>HF9jQDkrXR z=IzX36)V75PrFjkQ%TO+iqKGCQ-DDXbaE;C#}!-CoWQx&v*vHfyI>$HNRbpvm<`O( zlx9NBWD6_e&J%Ous4yp~s6)Ghni!I6)0W;9(9$y1wWu`$gs<$9Mcf$L*piP zPR0Av*2%ul`W;?-1_-5Zy0~}?`e@Y5A&0H!^ApyVTT}BiOm4GeFo$_oPlDEyeGBbh z1h3q&Dx~GmUS|3@4V36&$2uO8!Yp&^pD7J5&TN{?xphf*-js1fP?B|`>p_K>lh{ij zP(?H%e}AIP?_i^f&Li=FDSQ`2_NWxL+BB=nQr=$ zHojMlXNGauvvwPU>ZLq!`bX-5F4jBJ&So{kE5+ms9UEYD{66!|k~3vsP+mE}x!>%P za98bAU0!h0&ka4EoiDvBM#CP#dRNdXJcb*(%=<(g+M@<)DZ!@v1V>;54En?igcHR2 zhubQMq}VSOK)onqHfczM7YA@s=9*ow;k;8)&?J3@0JiGcP! zP#00KZ1t)GyZeRJ=f0^gc+58lc4Qh*S7RqPIC6GugG1gXe$LIQMRCo8cHf^qXgAa2 z`}t>u2Cq1CbSEpLr~E=c7~=Qkc9-vLE%(v9N*&HF`(d~(0`iukl5aQ9u4rUvc8%m) zr2GwZN4!s;{SB87lJB;veebPmqE}tSpT>+`t?<457Q9iV$th%i__Z1kOMAswFldD6 ztbOvO337S5o#ZZgN2G99_AVqPv!?Gmt3pzgD+Hp3QPQ`9qJ(g=kjvD+fUSS3upJn! zqoG7acIKEFRX~S}3|{EWT$kdz#zrDlJU(rPkxjws_iyLKU8+v|*oS_W*-guAb&Pj1 z35Z`3z<&Jb@2Mwz=KXucNYdY#SNO$tcVFr9KdKm|%^e-TXzs6M`PBper%ajkrIyUe zp$vVxVs9*>Vp4_1NC~Zg)WOCPmOxI1V34QlG4!aSFOH{QqSVq1^1)- z0P!Z?tT&E-ll(pwf0?=F=yOzik=@nh1Clxr9}Vij89z)ePDSCYAqw?lVI?v?+&*zH z)p$CScFI8rrwId~`}9YWPFu0cW1Sf@vRELs&cbntRU6QfPK-SO*mqu|u~}8AJ!Q$z znzu}50O=YbjwKCuSVBs6&CZR#0FTu)3{}qJJYX(>QPr4$RqWiwX3NT~;>cLn*_&1H zaKpIW)JVJ>b{uo2oq>oQt3y=zJjb%fU@wLqM{SyaC6x2snMx-}ivfU<1- znu1Lh;i$3Tf$Kh5Uk))G!D1UhE8pvx&nO~w^fG)BC&L!_hQk%^p`Kp@F{cz>80W&T ziOK=Sq3fdRu*V0=S53rcIfWFazI}Twj63CG(jOB;$*b`*#B9uEnBM`hDk*EwSRdwP8?5T?xGUKs=5N83XsR*)a4|ijz|c{4tIU+4j^A5C<#5 z*$c_d=5ml~%pGxw#?*q9N7aRwPux5EyqHVkdJO=5J>84!X6P>DS8PTTz>7C#FO?k#edkntG+fJk8ZMn?pmJSO@`x-QHq;7^h6GEXLXo1TCNhH z8ZDH{*NLAjo3WM`xeb=X{((uv3H(8&r8fJJg_uSs_%hOH%JDD?hu*2NvWGYD+j)&` zz#_1%O1wF^o5ryt?O0n;`lHbzp0wQ?rcbW(F1+h7_EZZ9{>rePvLAPVZ_R|n@;b$;UchU=0j<6k8G9QuQf@76oiE*4 zXOLQ&n3$NR#p4<5NJMVC*S);5x2)eRbaAM%VxWu9ohlT;pGEk7;002enCbQ>2r-us z3#bpXP9g|mE`65VrN`+3mC)M(eMj~~eOf)do<@l+fMiTR)XO}422*1SL{wyY(%oMpBgJagtiDf zz>O6(m;};>Hi=t8o{DVC@YigqS(Qh+ix3Rwa9aliH}a}IlOCW1@?%h_bRbq-W{KHF z%Vo?-j@{Xi@=~Lz5uZP27==UGE15|g^0gzD|3x)SCEXrx`*MP^FDLl%pOi~~Il;dc z^hrwp9sYeT7iZ)-ajKy@{a`kr0-5*_!XfBpXwEcFGJ;%kV$0Nx;apKrur zJN2J~CAv{Zjj%FolyurtW8RaFmpn&zKJWL>(0;;+q(%(Hx!GMW4AcfP0YJ*Vz!F4g z!ZhMyj$BdXL@MlF%KeInmPCt~9&A!;cRw)W!Hi@0DY(GD_f?jeV{=s=cJ6e}JktJw zQORnxxj3mBxfrH=x{`_^Z1ddDh}L#V7i}$njUFRVwOX?qOTKjfPMBO4y(WiU<)epb zvB9L=%jW#*SL|Nd_G?E*_h1^M-$PG6Pc_&QqF0O-FIOpa4)PAEPsyvB)GKasmBoEt z?_Q2~QCYGH+hW31x-B=@5_AN870vY#KB~3a*&{I=f);3Kv7q4Q7s)0)gVYx2#Iz9g(F2;=+Iy4 z6KI^8GJ6D@%tpS^8boU}zpi=+(5GfIR)35PzrbuXeL1Y1N%JK7PG|^2k3qIqHfX;G zQ}~JZ-UWx|60P5?d1e;AHx!_;#PG%d=^X(AR%i`l0jSpYOpXoKFW~7ip7|xvN;2^? zsYC9fanpO7rO=V7+KXqVc;Q5z%Bj})xHVrgoR04sA2 zl~DAwv=!(()DvH*=lyhIlU^hBkA0$e*7&fJpB0|oB7)rqGK#5##2T`@_I^|O2x4GO z;xh6ROcV<9>?e0)MI(y++$-ksV;G;Xe`lh76T#Htuia+(UrIXrf9?

L(tZ$0BqX1>24?V$S+&kLZ`AodQ4_)P#Q3*4xg8}lMV-FLwC*cN$< zt65Rf%7z41u^i=P*qO8>JqXPrinQFapR7qHAtp~&RZ85$>ob|Js;GS^y;S{XnGiBc zGa4IGvDl?x%gY`vNhv8wgZnP#UYI-w*^4YCZnxkF85@ldepk$&$#3EAhrJY0U)lR{F6sM3SONV^+$;Zx8BD&Eku3K zKNLZyBni3)pGzU0;n(X@1fX8wYGKYMpLmCu{N5-}epPDxClPFK#A@02WM3!myN%bkF z|GJ4GZ}3sL{3{qXemy+#Uk{4>Kf8v11;f8I&c76+B&AQ8udd<8gU7+BeWC`akUU~U zgXoxie>MS@rBoyY8O8Tc&8id!w+_ooxcr!1?#rc$-|SBBtH6S?)1e#P#S?jFZ8u-Bs&k`yLqW|{j+%c#A4AQ>+tj$Y z^CZajspu$F%73E68Lw5q7IVREED9r1Ijsg#@DzH>wKseye>hjsk^{n0g?3+gs@7`i zHx+-!sjLx^fS;fY!ERBU+Q zVJ!e0hJH%P)z!y%1^ZyG0>PN@5W~SV%f>}c?$H8r;Sy-ui>aruVTY=bHe}$e zi&Q4&XK!qT7-XjCrDaufT@>ieQ&4G(SShUob0Q>Gznep9fR783jGuUynAqc6$pYX; z7*O@@JW>O6lKIk0G00xsm|=*UVTQBB`u1f=6wGAj%nHK_;Aqmfa!eAykDmi-@u%6~ z;*c!pS1@V8r@IX9j&rW&d*}wpNs96O2Ute>%yt{yv>k!6zfT6pru{F1M3P z2WN1JDYqoTB#(`kE{H676QOoX`cnqHl1Yaru)>8Ky~VU{)r#{&s86Vz5X)v15ULHA zAZDb{99+s~qI6;-dQ5DBjHJP@GYTwn;Dv&9kE<0R!d z8tf1oq$kO`_sV(NHOSbMwr=To4r^X$`sBW4$gWUov|WY?xccQJN}1DOL|GEaD_!@& z15p?Pj+>7d`@LvNIu9*^hPN)pwcv|akvYYq)ks%`G>!+!pW{-iXPZsRp8 z35LR;DhseQKWYSD`%gO&k$Dj6_6q#vjWA}rZcWtQr=Xn*)kJ9kacA=esi*I<)1>w^ zO_+E>QvjP)qiSZg9M|GNeLtO2D7xT6vsj`88sd!94j^AqxFLi}@w9!Y*?nwWARE0P znuI_7A-saQ+%?MFA$gttMV-NAR^#tjl_e{R$N8t2NbOlX373>e7Ox=l=;y#;M7asp zRCz*CLnrm$esvSb5{T<$6CjY zmZ(i{Rs_<#pWW>(HPaaYj`%YqBra=Ey3R21O7vUbzOkJJO?V`4-D*u4$Me0Bx$K(lYo`JO}gnC zx`V}a7m-hLU9Xvb@K2ymioF)vj12<*^oAqRuG_4u%(ah?+go%$kOpfb`T96P+L$4> zQ#S+sA%VbH&mD1k5Ak7^^dZoC>`1L%i>ZXmooA!%GI)b+$D&ziKrb)a=-ds9xk#~& z7)3iem6I|r5+ZrTRe_W861x8JpD`DDIYZNm{$baw+$)X^Jtjnl0xlBgdnNY}x%5za zkQ8E6T<^$sKBPtL4(1zi_Rd(tVth*3Xs!ulflX+70?gb&jRTnI8l+*Aj9{|d%qLZ+ z>~V9Z;)`8-lds*Zgs~z1?Fg?Po7|FDl(Ce<*c^2=lFQ~ahwh6rqSjtM5+$GT>3WZW zj;u~w9xwAhOc<kF}~`CJ68 z?(S5vNJa;kriPlim33{N5`C{9?NWhzsna_~^|K2k4xz1`xcui*LXL-1#Y}Hi9`Oo!zQ>x-kgAX4LrPz63uZ+?uG*84@PKq-KgQlMNRwz=6Yes) zY}>YN+qP}nwr$(CZQFjUOI=-6J$2^XGvC~EZ+vrqWaOXB$k?%Suf5k=4>AveC1aJ! ziaW4IS%F$_Babi)kA8Y&u4F7E%99OPtm=vzw$$ zEz#9rvn`Iot_z-r3MtV>k)YvErZ<^Oa${`2>MYYODSr6?QZu+be-~MBjwPGdMvGd!b!elsdi4% z`37W*8+OGulab8YM?`KjJ8e+jM(tqLKSS@=jimq3)Ea2EB%88L8CaM+aG7;27b?5` z4zuUWBr)f)k2o&xg{iZ$IQkJ+SK>lpq4GEacu~eOW4yNFLU!Kgc{w4&D$4ecm0f}~ zTTzquRW@`f0}|IILl`!1P+;69g^upiPA6F{)U8)muWHzexRenBU$E^9X-uIY2%&1w z_=#5*(nmxJ9zF%styBwivi)?#KMG96-H@hD-H_&EZiRNsfk7mjBq{L%!E;Sqn!mVX*}kXhwH6eh;b42eD!*~upVG@ z#smUqz$ICm!Y8wY53gJeS|Iuard0=;k5i5Z_hSIs6tr)R4n*r*rE`>38Pw&lkv{_r!jNN=;#?WbMj|l>cU(9trCq; z%nN~r^y7!kH^GPOf3R}?dDhO=v^3BeP5hF|%4GNQYBSwz;x({21i4OQY->1G=KFyu z&6d`f2tT9Yl_Z8YACZaJ#v#-(gcyeqXMhYGXb=t>)M@fFa8tHp2x;ODX=Ap@a5I=U z0G80^$N0G4=U(>W%mrrThl0DjyQ-_I>+1Tdd_AuB3qpYAqY54upwa3}owa|x5iQ^1 zEf|iTZxKNGRpI>34EwkIQ2zHDEZ=(J@lRaOH>F|2Z%V_t56Km$PUYu^xA5#5Uj4I4RGqHD56xT%H{+P8Ag>e_3pN$4m8n>i%OyJFPNWaEnJ4McUZPa1QmOh?t8~n& z&RulPCors8wUaqMHECG=IhB(-tU2XvHP6#NrLVyKG%Ee*mQ5Ps%wW?mcnriTVRc4J`2YVM>$ixSF2Xi+Wn(RUZnV?mJ?GRdw%lhZ+t&3s7g!~g{%m&i<6 z5{ib-<==DYG93I(yhyv4jp*y3#*WNuDUf6`vTM%c&hiayf(%=x@4$kJ!W4MtYcE#1 zHM?3xw63;L%x3drtd?jot!8u3qeqctceX3m;tWetK+>~q7Be$h>n6riK(5@ujLgRS zvOym)k+VAtyV^mF)$29Y`nw&ijdg~jYpkx%*^ z8dz`C*g=I?;clyi5|!27e2AuSa$&%UyR(J3W!A=ZgHF9OuKA34I-1U~pyD!KuRkjA zbkN!?MfQOeN>DUPBxoy5IX}@vw`EEB->q!)8fRl_mqUVuRu|C@KD-;yl=yKc=ZT0% zB$fMwcC|HE*0f8+PVlWHi>M`zfsA(NQFET?LrM^pPcw`cK+Mo0%8*x8@65=CS_^$cG{GZQ#xv($7J z??R$P)nPLodI;P!IC3eEYEHh7TV@opr#*)6A-;EU2XuogHvC;;k1aI8asq7ovoP!* z?x%UoPrZjj<&&aWpsbr>J$Er-7!E(BmOyEv!-mbGQGeJm-U2J>74>o5x`1l;)+P&~ z>}f^=Rx(ZQ2bm+YE0u=ZYrAV@apyt=v1wb?R@`i_g64YyAwcOUl=C!i>=Lzb$`tjv zOO-P#A+)t-JbbotGMT}arNhJmmGl-lyUpMn=2UacVZxmiG!s!6H39@~&uVokS zG=5qWhfW-WOI9g4!R$n7!|ViL!|v3G?GN6HR0Pt_L5*>D#FEj5wM1DScz4Jv@Sxnl zB@MPPmdI{(2D?;*wd>3#tjAirmUnQoZrVv`xM3hARuJksF(Q)wd4P$88fGYOT1p6U z`AHSN!`St}}UMBT9o7i|G`r$ zrB=s$qV3d6$W9@?L!pl0lf%)xs%1ko^=QY$ty-57=55PvP(^6E7cc zGJ*>m2=;fOj?F~yBf@K@9qwX0hA803Xw+b0m}+#a(>RyR8}*Y<4b+kpp|OS+!whP( zH`v{%s>jsQI9rd$*vm)EkwOm#W_-rLTHcZRek)>AtF+~<(did)*oR1|&~1|e36d-d zgtm5cv1O0oqgWC%Et@P4Vhm}Ndl(Y#C^MD03g#PH-TFy+7!Osv1z^UWS9@%JhswEq~6kSr2DITo59+; ze=ZC}i2Q?CJ~Iyu?vn|=9iKV>4j8KbxhE4&!@SQ^dVa-gK@YfS9xT(0kpW*EDjYUkoj! zE49{7H&E}k%5(>sM4uGY)Q*&3>{aitqdNnRJkbOmD5Mp5rv-hxzOn80QsG=HJ_atI-EaP69cacR)Uvh{G5dTpYG7d zbtmRMq@Sexey)||UpnZ?;g_KMZq4IDCy5}@u!5&B^-=6yyY{}e4Hh3ee!ZWtL*s?G zxG(A!<9o!CL+q?u_utltPMk+hn?N2@?}xU0KlYg?Jco{Yf@|mSGC<(Zj^yHCvhmyx z?OxOYoxbptDK()tsJ42VzXdINAMWL$0Gcw?G(g8TMB)Khw_|v9`_ql#pRd2i*?CZl z7k1b!jQB=9-V@h%;Cnl7EKi;Y^&NhU0mWEcj8B|3L30Ku#-9389Q+(Yet0r$F=+3p z6AKOMAIi|OHyzlHZtOm73}|ntKtFaXF2Fy|M!gOh^L4^62kGUoWS1i{9gsds_GWBc zLw|TaLP64z3z9?=R2|T6Xh2W4_F*$cq>MtXMOy&=IPIJ`;!Tw?PqvI2b*U1)25^<2 zU_ZPoxg_V0tngA0J+mm?3;OYw{i2Zb4x}NedZug!>EoN3DC{1i)Z{Z4m*(y{ov2%- zk(w>+scOO}MN!exSc`TN)!B=NUX`zThWO~M*ohqq;J2hx9h9}|s#?@eR!=F{QTrq~ zTcY|>azkCe$|Q0XFUdpFT=lTcyW##i;-e{}ORB4D?t@SfqGo_cS z->?^rh$<&n9DL!CF+h?LMZRi)qju!meugvxX*&jfD!^1XB3?E?HnwHP8$;uX{Rvp# zh|)hM>XDv$ZGg=$1{+_bA~u-vXqlw6NH=nkpyWE0u}LQjF-3NhATL@9rRxMnpO%f7 z)EhZf{PF|mKIMFxnC?*78(}{Y)}iztV12}_OXffJ;ta!fcFIVjdchyHxH=t%ci`Xd zX2AUB?%?poD6Zv*&BA!6c5S#|xn~DK01#XvjT!w!;&`lDXSJT4_j$}!qSPrb37vc{ z9^NfC%QvPu@vlxaZ;mIbn-VHA6miwi8qJ~V;pTZkKqqOii<1Cs}0i?uUIss;hM4dKq^1O35y?Yp=l4i zf{M!@QHH~rJ&X~8uATV><23zZUbs-J^3}$IvV_ANLS08>k`Td7aU_S1sLsfi*C-m1 z-e#S%UGs4E!;CeBT@9}aaI)qR-6NU@kvS#0r`g&UWg?fC7|b^_HyCE!8}nyh^~o@< zpm7PDFs9yxp+byMS(JWm$NeL?DNrMCNE!I^ko-*csB+dsf4GAq{=6sfyf4wb>?v1v zmb`F*bN1KUx-`ra1+TJ37bXNP%`-Fd`vVQFTwWpX@;s(%nDQa#oWhgk#mYlY*!d>( zE&!|ySF!mIyfING+#%RDY3IBH_fW$}6~1%!G`suHub1kP@&DoAd5~7J55;5_noPI6eLf{t;@9Kf<{aO0`1WNKd?<)C-|?C?)3s z>wEq@8=I$Wc~Mt$o;g++5qR+(6wt9GI~pyrDJ%c?gPZe)owvy^J2S=+M^ z&WhIE`g;;J^xQLVeCtf7b%Dg#Z2gq9hp_%g)-%_`y*zb; zn9`f`mUPN-Ts&fFo(aNTsXPA|J!TJ{0hZp0^;MYHLOcD=r_~~^ymS8KLCSeU3;^QzJNqS z5{5rEAv#l(X?bvwxpU;2%pQftF`YFgrD1jt2^~Mt^~G>T*}A$yZc@(k9orlCGv&|1 zWWvVgiJsCAtamuAYT~nzs?TQFt<1LSEx!@e0~@yd6$b5!Zm(FpBl;(Cn>2vF?k zOm#TTjFwd2D-CyA!mqR^?#Uwm{NBemP>(pHmM}9;;8`c&+_o3#E5m)JzfwN?(f-a4 zyd%xZc^oQx3XT?vcCqCX&Qrk~nu;fxs@JUoyVoi5fqpi&bUhQ2y!Ok2pzsFR(M(|U zw3E+kH_zmTRQ9dUMZWRE%Zakiwc+lgv7Z%|YO9YxAy`y28`Aw;WU6HXBgU7fl@dnt z-fFBV)}H-gqP!1;V@Je$WcbYre|dRdp{xt!7sL3Eoa%IA`5CAA%;Wq8PktwPdULo! z8!sB}Qt8#jH9Sh}QiUtEPZ6H0b*7qEKGJ%ITZ|vH)5Q^2m<7o3#Z>AKc%z7_u`rXA zqrCy{-{8;9>dfllLu$^M5L z-hXs))h*qz%~ActwkIA(qOVBZl2v4lwbM>9l70Y`+T*elINFqt#>OaVWoja8RMsep z6Or3f=oBnA3vDbn*+HNZP?8LsH2MY)x%c13@(XfuGR}R?Nu<|07{$+Lc3$Uv^I!MQ z>6qWgd-=aG2Y^24g4{Bw9ueOR)(9h`scImD=86dD+MnSN4$6 z^U*o_mE-6Rk~Dp!ANp#5RE9n*LG(Vg`1)g6!(XtDzsov$Dvz|Gv1WU68J$CkshQhS zCrc|cdkW~UK}5NeaWj^F4MSgFM+@fJd{|LLM)}_O<{rj z+?*Lm?owq?IzC%U%9EBga~h-cJbIu=#C}XuWN>OLrc%M@Gu~kFEYUi4EC6l#PR2JS zQUkGKrrS#6H7}2l0F@S11DP`@pih0WRkRJl#F;u{c&ZC{^$Z+_*lB)r)-bPgRFE;* zl)@hK4`tEP=P=il02x7-C7p%l=B`vkYjw?YhdJU9!P!jcmY$OtC^12w?vy3<<=tlY zUwHJ_0lgWN9vf>1%WACBD{UT)1qHQSE2%z|JHvP{#INr13jM}oYv_5#xsnv9`)UAO zuwgyV4YZ;O)eSc3(mka6=aRohi!HH@I#xq7kng?Acdg7S4vDJb6cI5fw?2z%3yR+| zU5v@Hm}vy;${cBp&@D=HQ9j7NcFaOYL zj-wV=eYF{|XTkFNM2uz&T8uH~;)^Zo!=KP)EVyH6s9l1~4m}N%XzPpduPg|h-&lL` zAXspR0YMOKd2yO)eMFFJ4?sQ&!`dF&!|niH*!^*Ml##o0M(0*uK9&yzekFi$+mP9s z>W9d%Jb)PtVi&-Ha!o~Iyh@KRuKpQ@)I~L*d`{O8!kRObjO7=n+Gp36fe!66neh+7 zW*l^0tTKjLLzr`x4`_8&on?mjW-PzheTNox8Hg7Nt@*SbE-%kP2hWYmHu#Fn@Q^J(SsPUz*|EgOoZ6byg3ew88UGdZ>9B2Tq=jF72ZaR=4u%1A6Vm{O#?@dD!(#tmR;eP(Fu z{$0O%=Vmua7=Gjr8nY%>ul?w=FJ76O2js&17W_iq2*tb!i{pt#`qZB#im9Rl>?t?0c zicIC}et_4d+CpVPx)i4~$u6N-QX3H77ez z?ZdvXifFk|*F8~L(W$OWM~r`pSk5}#F?j_5u$Obu9lDWIknO^AGu+Blk7!9Sb;NjS zncZA?qtASdNtzQ>z7N871IsPAk^CC?iIL}+{K|F@BuG2>qQ;_RUYV#>hHO(HUPpk@ z(bn~4|F_jiZi}Sad;_7`#4}EmD<1EiIxa48QjUuR?rC}^HRocq`OQPM@aHVKP9E#q zy%6bmHygCpIddPjE}q_DPC`VH_2m;Eey&ZH)E6xGeStOK7H)#+9y!%-Hm|QF6w#A( zIC0Yw%9j$s-#odxG~C*^MZ?M<+&WJ+@?B_QPUyTg9DJGtQN#NIC&-XddRsf3n^AL6 zT@P|H;PvN;ZpL0iv$bRb7|J{0o!Hq+S>_NrH4@coZtBJu#g8#CbR7|#?6uxi8d+$g z87apN>EciJZ`%Zv2**_uiET9Vk{pny&My;+WfGDw4EVL#B!Wiw&M|A8f1A@ z(yFQS6jfbH{b8Z-S7D2?Ixl`j0{+ZnpT=;KzVMLW{B$`N?Gw^Fl0H6lT61%T2AU**!sX0u?|I(yoy&Xveg7XBL&+>n6jd1##6d>TxE*Vj=8lWiG$4=u{1UbAa5QD>5_ z;Te^42v7K6Mmu4IWT6Rnm>oxrl~b<~^e3vbj-GCdHLIB_>59}Ya+~OF68NiH=?}2o zP(X7EN=quQn&)fK>M&kqF|<_*H`}c zk=+x)GU>{Af#vx&s?`UKUsz})g^Pc&?Ka@t5$n$bqf6{r1>#mWx6Ep>9|A}VmWRnowVo`OyCr^fHsf# zQjQ3Ttp7y#iQY8l`zEUW)(@gGQdt(~rkxlkefskT(t%@i8=|p1Y9Dc5bc+z#n$s13 zGJk|V0+&Ekh(F};PJzQKKo+FG@KV8a<$gmNSD;7rd_nRdc%?9)p!|B-@P~kxQG}~B zi|{0}@}zKC(rlFUYp*dO1RuvPC^DQOkX4<+EwvBAC{IZQdYxoq1Za!MW7%p7gGr=j zzWnAq%)^O2$eItftC#TTSArUyL$U54-O7e|)4_7%Q^2tZ^0-d&3J1}qCzR4dWX!)4 zzIEKjgnYgMus^>6uw4Jm8ga6>GBtMjpNRJ6CP~W=37~||gMo_p@GA@#-3)+cVYnU> zE5=Y4kzl+EbEh%dhQokB{gqNDqx%5*qBusWV%!iprn$S!;oN_6E3?0+umADVs4ako z?P+t?m?};gev9JXQ#Q&KBpzkHPde_CGu-y z<{}RRAx=xlv#mVi+Ibrgx~ujW$h{?zPfhz)Kp7kmYS&_|97b&H&1;J-mzrBWAvY} zh8-I8hl_RK2+nnf&}!W0P+>5?#?7>npshe<1~&l_xqKd0_>dl_^RMRq@-Myz&|TKZBj1=Q()) zF{dBjv5)h=&Z)Aevx}+i|7=R9rG^Di!sa)sZCl&ctX4&LScQ-kMncgO(9o6W6)yd< z@Rk!vkja*X_N3H=BavGoR0@u0<}m-7|2v!0+2h~S2Q&a=lTH91OJsvms2MT~ zY=c@LO5i`mLpBd(vh|)I&^A3TQLtr>w=zoyzTd=^f@TPu&+*2MtqE$Avf>l>}V|3-8Fp2hzo3y<)hr_|NO(&oSD z!vEjTWBxbKTiShVl-U{n*B3#)3a8$`{~Pk}J@elZ=>Pqp|MQ}jrGv7KrNcjW%TN_< zZz8kG{#}XoeWf7qY?D)L)8?Q-b@Na&>i=)(@uNo zr;cH98T3$Iau8Hn*@vXi{A@YehxDE2zX~o+RY`)6-X{8~hMpc#C`|8y> zU8Mnv5A0dNCf{Ims*|l-^ z(MRp{qoGohB34|ggDI*p!Aw|MFyJ|v+<+E3brfrI)|+l3W~CQLPbnF@G0)P~Ly!1TJLp}xh8uW`Q+RB-v`MRYZ9Gam3cM%{ zb4Cb*f)0deR~wtNb*8w-LlIF>kc7DAv>T0D(a3@l`k4TFnrO+g9XH7;nYOHxjc4lq zMmaW6qpgAgy)MckYMhl?>sq;-1E)-1llUneeA!ya9KM$)DaNGu57Z5aE>=VST$#vb zFo=uRHr$0M{-ha>h(D_boS4zId;3B|Tpqo|?B?Z@I?G(?&Iei+-{9L_A9=h=Qfn-U z1wIUnQe9!z%_j$F_{rf&`ZFSott09gY~qrf@g3O=Y>vzAnXCyL!@(BqWa)Zqt!#_k zfZHuwS52|&&)aK;CHq9V-t9qt0au{$#6c*R#e5n3rje0hic7c7m{kW$p(_`wB=Gw7 z4k`1Hi;Mc@yA7dp@r~?@rfw)TkjAW++|pkfOG}0N|2guek}j8Zen(!+@7?qt_7ndX zB=BG6WJ31#F3#Vk3=aQr8T)3`{=p9nBHlKzE0I@v`{vJ}h8pd6vby&VgFhzH|q;=aonunAXL6G2y(X^CtAhWr*jI zGjpY@raZDQkg*aMq}Ni6cRF z{oWv}5`nhSAv>usX}m^GHt`f(t8@zHc?K|y5Zi=4G*UG1Sza{$Dpj%X8 zzEXaKT5N6F5j4J|w#qlZP!zS7BT)9b+!ZSJdToqJts1c!)fwih4d31vfb{}W)EgcA zH2pZ^8_k$9+WD2n`6q5XbOy8>3pcYH9 z07eUB+p}YD@AH!}p!iKv><2QF-Y^&xx^PAc1F13A{nUeCDg&{hnix#FiO!fe(^&%Qcux!h znu*S!s$&nnkeotYsDthh1dq(iQrE|#f_=xVgfiiL&-5eAcC-> z5L0l|DVEM$#ulf{bj+Y~7iD)j<~O8CYM8GW)dQGq)!mck)FqoL^X zwNdZb3->hFrbHFm?hLvut-*uK?zXn3q1z|UX{RZ;-WiLoOjnle!xs+W0-8D)kjU#R z+S|A^HkRg$Ij%N4v~k`jyHffKaC~=wg=9)V5h=|kLQ@;^W!o2^K+xG&2n`XCd>OY5Ydi= zgHH=lgy++erK8&+YeTl7VNyVm9-GfONlSlVb3)V9NW5tT!cJ8d7X)!b-$fb!s76{t z@d=Vg-5K_sqHA@Zx-L_}wVnc@L@GL9_K~Zl(h5@AR#FAiKad8~KeWCo@mgXIQ#~u{ zgYFwNz}2b6Vu@CP0XoqJ+dm8px(5W5-Jpis97F`+KM)TuP*X8H@zwiVKDKGVp59pI zifNHZr|B+PG|7|Y<*tqap0CvG7tbR1R>jn70t1X`XJixiMVcHf%Ez*=xm1(CrTSDt z0cle!+{8*Ja&EOZ4@$qhBuKQ$U95Q%rc7tg$VRhk?3=pE&n+T3upZg^ZJc9~c2es% zh7>+|mrmA-p&v}|OtxqmHIBgUxL~^0+cpfkSK2mhh+4b=^F1Xgd2)}U*Yp+H?ls#z zrLxWg_hm}AfK2XYWr!rzW4g;+^^&bW%LmbtRai9f3PjU${r@n`JThy-cphbcwn)rq9{A$Ht`lmYKxOacy z6v2R(?gHhD5@&kB-Eg?4!hAoD7~(h>(R!s1c1Hx#s9vGPePUR|of32bS`J5U5w{F) z>0<^ktO2UHg<0{oxkdOQ;}coZDQph8p6ruj*_?uqURCMTac;>T#v+l1Tc~%^k-Vd@ zkc5y35jVNc49vZpZx;gG$h{%yslDI%Lqga1&&;mN{Ush1c7p>7e-(zp}6E7f-XmJb4nhk zb8zS+{IVbL$QVF8pf8}~kQ|dHJAEATmmnrb_wLG}-yHe>W|A&Y|;muy-d^t^<&)g5SJfaTH@P1%euONny=mxo+C z4N&w#biWY41r8k~468tvuYVh&XN&d#%QtIf9;iVXfWY)#j=l`&B~lqDT@28+Y!0E+MkfC}}H*#(WKKdJJq=O$vNYCb(ZG@p{fJgu;h z21oHQ(14?LeT>n5)s;uD@5&ohU!@wX8w*lB6i@GEH0pM>YTG+RAIWZD;4#F1&F%Jp zXZUml2sH0!lYJT?&sA!qwez6cXzJEd(1ZC~kT5kZSp7(@=H2$Azb_*W&6aA|9iwCL zdX7Q=42;@dspHDwYE?miGX#L^3xD&%BI&fN9^;`v4OjQXPBaBmOF1;#C)8XA(WFlH zycro;DS2?(G&6wkr6rqC>rqDv3nfGw3hmN_9Al>TgvmGsL8_hXx09};l9Ow@)F5@y z#VH5WigLDwZE4nh^7&@g{1FV^UZ%_LJ-s<{HN*2R$OPg@R~Z`c-ET*2}XB@9xvAjrK&hS=f|R8Gr9 zr|0TGOsI7RD+4+2{ZiwdVD@2zmg~g@^D--YL;6UYGSM8i$NbQr4!c7T9rg!8;TM0E zT#@?&S=t>GQm)*ua|?TLT2ktj#`|R<_*FAkOu2Pz$wEc%-=Y9V*$&dg+wIei3b*O8 z2|m$!jJG!J!ZGbbIa!(Af~oSyZV+~M1qGvelMzPNE_%5?c2>;MeeG2^N?JDKjFYCy z7SbPWH-$cWF9~fX%9~v99L!G(wi!PFp>rB!9xj7=Cv|F+7CsGNwY0Q_J%FID%C^CBZQfJ9K(HK%k31j~e#&?hQ zNuD6gRkVckU)v+53-fc} z7ZCzYN-5RG4H7;>>Hg?LU9&5_aua?A0)0dpew1#MMlu)LHe(M;OHjHIUl7|%%)YPo z0cBk;AOY00%Fe6heoN*$(b<)Cd#^8Iu;-2v@>cE-OB$icUF9EEoaC&q8z9}jMTT2I z8`9;jT%z0;dy4!8U;GW{i`)3!c6&oWY`J3669C!tM<5nQFFrFRglU8f)5Op$GtR-3 zn!+SPCw|04sv?%YZ(a7#L?vsdr7ss@WKAw&A*}-1S|9~cL%uA+E~>N6QklFE>8W|% zyX-qAUGTY1hQ-+um`2|&ji0cY*(qN!zp{YpDO-r>jPk*yuVSay<)cUt`t@&FPF_&$ zcHwu1(SQ`I-l8~vYyUxm@D1UEdFJ$f5Sw^HPH7b!9 zzYT3gKMF((N(v0#4f_jPfVZ=ApN^jQJe-X$`A?X+vWjLn_%31KXE*}5_}d8 zw_B1+a#6T1?>M{ronLbHIlEsMf93muJ7AH5h%;i99<~JX^;EAgEB1uHralD*!aJ@F zV2ruuFe9i2Q1C?^^kmVy921eb=tLDD43@-AgL^rQ3IO9%+vi_&R2^dpr}x{bCVPej z7G0-0o64uyWNtr*loIvslyo0%)KSDDKjfThe0hcqs)(C-MH1>bNGBDRTW~scy_{w} zp^aq8Qb!h9Lwielq%C1b8=?Z=&U)ST&PHbS)8Xzjh2DF?d{iAv)Eh)wsUnf>UtXN( zL7=$%YrZ#|^c{MYmhn!zV#t*(jdmYdCpwqpZ{v&L8KIuKn`@IIZfp!uo}c;7J57N` zAxyZ-uA4=Gzl~Ovycz%MW9ZL7N+nRo&1cfNn9(1H5eM;V_4Z_qVann7F>5f>%{rf= zPBZFaV@_Sobl?Fy&KXyzFDV*FIdhS5`Uc~S^Gjo)aiTHgn#<0C=9o-a-}@}xDor;D zZyZ|fvf;+=3MZd>SR1F^F`RJEZo+|MdyJYQAEauKu%WDol~ayrGU3zzbHKsnHKZ*z zFiwUkL@DZ>!*x05ql&EBq@_Vqv83&?@~q5?lVmffQZ+V-=qL+!u4Xs2Z2zdCQ3U7B&QR9_Iggy} z(om{Y9eU;IPe`+p1ifLx-XWh?wI)xU9ik+m#g&pGdB5Bi<`PR*?92lE0+TkRuXI)z z5LP!N2+tTc%cB6B1F-!fj#}>S!vnpgVU~3!*U1ej^)vjUH4s-bd^%B=ItQqDCGbrEzNQi(dJ`J}-U=2{7-d zK8k^Rlq2N#0G?9&1?HSle2vlkj^KWSBYTwx`2?9TU_DX#J+f+qLiZCqY1TXHFxXZqYMuD@RU$TgcnCC{_(vwZ-*uX)~go#%PK z@}2Km_5aQ~(<3cXeJN6|F8X_1@L%@xTzs}$_*E|a^_URF_qcF;Pfhoe?FTFwvjm1o z8onf@OY@jC2tVcMaZS;|T!Ks(wOgPpRzRnFS-^RZ4E!9dsnj9sFt609a|jJbb1Dt@ z<=Gal2jDEupxUSwWu6zp<<&RnAA;d&4gKVG0iu6g(DsST(4)z6R)zDpfaQ}v{5ARt zyhwvMtF%b-YazR5XLz+oh=mn;y-Mf2a8>7?2v8qX;19y?b>Z5laGHvzH;Nu9S`B8} zI)qN$GbXIQ1VL3lnof^6TS~rvPVg4V?Dl2Bb*K2z4E{5vy<(@@K_cN@U>R!>aUIRnb zL*)=787*cs#zb31zBC49x$`=fkQbMAef)L2$dR{)6BAz!t5U_B#1zZG`^neKSS22oJ#5B=gl%U=WeqL9REF2g zZnfCb0?quf?Ztj$VXvDSWoK`0L=Zxem2q}!XWLoT-kYMOx)!7fcgT35uC~0pySEme z`{wGWTkGr7>+Kb^n;W?BZH6ZP(9tQX%-7zF>vc2}LuWDI(9kh1G#7B99r4x6;_-V+k&c{nPUrR zAXJGRiMe~aup{0qzmLNjS_BC4cB#sXjckx{%_c&^xy{M61xEb>KW_AG5VFXUOjAG4 z^>Qlm9A#1N{4snY=(AmWzatb!ngqiqPbBZ7>Uhb3)dTkSGcL#&SH>iMO-IJBPua`u zo)LWZ>=NZLr758j{%(|uQuZ)pXq_4c!!>s|aDM9#`~1bzK3J1^^D#<2bNCccH7~-X}Ggi!pIIF>uFx%aPARGQsnC8ZQc8lrQ5o~smqOg>Ti^GNme94*w z)JZy{_{#$jxGQ&`M z!OMvZMHR>8*^>eS%o*6hJwn!l8VOOjZQJvh)@tnHVW&*GYPuxqXw}%M!(f-SQf`=L z5;=5w2;%82VMH6Xi&-K3W)o&K^+vJCepWZ-rW%+Dc6X3(){z$@4zjYxQ|}8UIojeC zYZpQ1dU{fy=oTr<4VX?$q)LP}IUmpiez^O&N3E_qPpchGTi5ZM6-2ScWlQq%V&R2Euz zO|Q0Hx>lY1Q1cW5xHv5!0OGU~PVEqSuy#fD72d#O`N!C;o=m+YioGu-wH2k6!t<~K zSr`E=W9)!g==~x9VV~-8{4ZN9{~-A9zJpRe%NGg$+MDuI-dH|b@BD)~>pPCGUNNzY zMDg||0@XGQgw`YCt5C&A{_+J}mvV9Wg{6V%2n#YSRN{AP#PY?1FF1#|vO_%e+#`|2*~wGAJaeRX6=IzFNeWhz6gJc8+(03Ph4y6ELAm=AkN7TOgMUEw*N{= z_)EIDQx5q22oUR+_b*tazu9+pX|n1c*IB-}{DqIj z-?E|ks{o3AGRNb;+iKcHkZvYJvFsW&83RAPs1Oh@IWy%l#5x2oUP6ZCtv+b|q>jsf zZ_9XO;V!>n`UxH1LvH8)L4?8raIvasEhkpQoJ`%!5rBs!0Tu(s_D{`4opB;57)pkX z4$A^8CsD3U5*!|bHIEqsn~{q+Ddj$ME@Gq4JXtgVz&7l{Ok!@?EA{B3P~NAqb9)4? zkQo30A^EbHfQ@87G5&EQTd`frrwL)&Yw?%-W@uy^Gn23%j?Y!Iea2xw<-f;esq zf%w5WN@E1}zyXtYv}}`U^B>W`>XPmdLj%4{P298|SisrE;7HvXX;A}Ffi8B#3Lr;1 zHt6zVb`8{#+e$*k?w8|O{Uh|&AG}|DG1PFo1i?Y*cQm$ZwtGcVgMwtBUDa{~L1KT-{jET4w60>{KZ27vXrHJ;fW{6| z=|Y4!&UX020wU1>1iRgB@Q#m~1^Z^9CG1LqDhYBrnx%IEdIty z!46iOoKlKs)c}newDG)rWUikD%j`)p z_w9Ph&e40=(2eBy;T!}*1p1f1SAUDP9iWy^u^Ubdj21Kn{46;GR+hwLO=4D11@c~V zI8x&(D({K~Df2E)Nx_yQvYfh4;MbMJ@Z}=Dt3_>iim~QZ*hZIlEs0mEb z_54+&*?wMD`2#vsQRN3KvoT>hWofI_Vf(^C1ff-Ike@h@saEf7g}<9T`W;HAne-Nd z>RR+&SP35w)xKn8^U$7))PsM!jKwYZ*RzEcG-OlTrX3}9a{q%#Un5E5W{{hp>w~;` zGky+3(vJvQyGwBo`tCpmo0mo((?nM8vf9aXrrY1Ve}~TuVkB(zeds^jEfI}xGBCM2 zL1|#tycSaWCurP+0MiActG3LCas@_@tao@(R1ANlwB$4K53egNE_;!&(%@Qo$>h`^1S_!hN6 z)vZtG$8fN!|BXBJ=SI>e(LAU(y(i*PHvgQ2llulxS8>qsimv7yL}0q_E5WiAz7)(f zC(ahFvG8&HN9+6^jGyLHM~$)7auppeWh_^zKk&C_MQ~8;N??OlyH~azgz5fe^>~7F zl3HnPN3z-kN)I$4@`CLCMQx3sG~V8hPS^}XDXZrQA>}mQPw%7&!sd(Pp^P=tgp-s^ zjl}1-KRPNWXgV_K^HkP__SR`S-|OF0bR-N5>I%ODj&1JUeAQ3$9i;B~$S6}*^tK?= z**%aCiH7y?xdY?{LgVP}S0HOh%0%LI$wRx;$T|~Y8R)Vdwa}kGWv8?SJVm^>r6+%I z#lj1aR94{@MP;t-scEYQWc#xFA30^}?|BeX*W#9OL;Q9#WqaaM546j5j29((^_8Nu z4uq}ESLr~r*O7E7$D{!k9W>`!SLoyA53i9QwRB{!pHe8um|aDE`Cg0O*{jmor)^t)3`>V>SWN-2VJcFmj^1?~tT=JrP`fVh*t zXHarp=8HEcR#vFe+1a%XXuK+)oFs`GDD}#Z+TJ}Ri`FvKO@ek2ayn}yaOi%(8p%2$ zpEu)v0Jym@f}U|-;}CbR=9{#<^z28PzkkTNvyKvJDZe+^VS2bES3N@Jq!-*}{oQlz z@8bgC_KnDnT4}d#&Cpr!%Yb?E!brx0!eVOw~;lLwUoz#Np%d$o%9scc3&zPm`%G((Le|6o1 zM(VhOw)!f84zG^)tZ1?Egv)d8cdNi+T${=5kV+j;Wf%2{3g@FHp^Gf*qO0q!u$=m9 zCaY`4mRqJ;FTH5`a$affE5dJrk~k`HTP_7nGTY@B9o9vvnbytaID;^b=Tzp7Q#DmD zC(XEN)Ktn39z5|G!wsVNnHi) z%^q94!lL|hF`IijA^9NR0F$@h7k5R^ljOW(;Td9grRN0Mb)l_l7##{2nPQ@?;VjXv zaLZG}yuf$r$<79rVPpXg?6iiieX|r#&`p#Con2i%S8*8F}(E) zI5E6c3tG*<;m~6>!&H!GJ6zEuhH7mkAzovdhLy;)q z{H2*8I^Pb}xC4s^6Y}6bJvMu=8>g&I)7!N!5QG$xseeU#CC?ZM-TbjsHwHgDGrsD= z{%f;@Sod+Ch66Ko2WF~;Ty)v>&x^aovCbCbD7>qF*!?BXmOV3(s|nxsb*Lx_2lpB7 zokUnzrk;P=T-&kUHO}td+Zdj!3n&NR?K~cRU zAXU!DCp?51{J4w^`cV#ye}(`SQhGQkkMu}O3M*BWt4UsC^jCFUy;wTINYmhD$AT;4 z?Xd{HaJjP`raZ39qAm;%beDbrLpbRf(mkKbANan7XsL>_pE2oo^$TgdidjRP!5-`% zv0d!|iKN$c0(T|L0C~XD0aS8t{*&#LnhE;1Kb<9&=c2B+9JeLvJr*AyyRh%@jHej=AetOMSlz^=!kxX>>B{2B1uIrQyfd8KjJ+DBy!h)~*(!|&L4^Q_07SQ~E zcemVP`{9CwFvPFu7pyVGCLhH?LhEVb2{7U+Z_>o25#+3<|8%1T^5dh}*4(kfJGry} zm%r#hU+__Z;;*4fMrX=Bkc@7|v^*B;HAl0((IBPPii%X9+u3DDF6%bI&6?Eu$8&aWVqHIM7mK6?Uvq$1|(-T|)IV<>e?!(rY zqkmO1MRaLeTR=)io(0GVtQT@s6rN%C6;nS3@eu;P#ry4q;^O@1ZKCJyp_Jo)Ty^QW z+vweTx_DLm{P-XSBj~Sl<%_b^$=}odJ!S2wAcxenmzFGX1t&Qp8Vxz2VT`uQsQYtdn&_0xVivIcxZ_hnrRtwq4cZSj1c-SG9 z7vHBCA=fd0O1<4*=lu$6pn~_pVKyL@ztw1swbZi0B?spLo56ZKu5;7ZeUml1Ws1?u zqMf1p{5myAzeX$lAi{jIUqo1g4!zWLMm9cfWcnw`k6*BR^?$2(&yW?>w;G$EmTA@a z6?y#K$C~ZT8+v{87n5Dm&H6Pb_EQ@V0IWmG9cG=O;(;5aMWWrIPzz4Q`mhK;qQp~a z+BbQrEQ+w{SeiuG-~Po5f=^EvlouB@_|4xQXH@A~KgpFHrwu%dwuCR)=B&C(y6J4J zvoGk9;lLs9%iA-IJGU#RgnZZR+@{5lYl8(e1h6&>Vc_mvg0d@);X zji4T|n#lB!>pfL|8tQYkw?U2bD`W{na&;*|znjmalA&f;*U++_aBYerq;&C8Kw7mI z7tsG*?7*5j&dU)Lje;^{D_h`%(dK|pB*A*1(Jj)w^mZ9HB|vGLkF1GEFhu&rH=r=8 zMxO42e{Si6$m+Zj`_mXb&w5Q(i|Yxyg?juUrY}78uo@~3v84|8dfgbPd0iQJRdMj< zncCNGdMEcsxu#o#B5+XD{tsg*;j-eF8`mp~K8O1J!Z0+>0=7O=4M}E?)H)ENE;P*F z$Ox?ril_^p0g7xhDUf(q652l|562VFlC8^r8?lQv;TMvn+*8I}&+hIQYh2 z1}uQQaag&!-+DZ@|C+C$bN6W;S-Z@)d1|en+XGvjbOxCa-qAF*LA=6s(Jg+g;82f$ z(Vb)8I)AH@cdjGFAR5Rqd0wiNCu!xtqWbcTx&5kslzTb^7A78~Xzw1($UV6S^VWiP zFd{Rimd-0CZC_Bu(WxBFW7+k{cOW7DxBBkJdJ;VsJ4Z@lERQr%3eVv&$%)b%<~ zCl^Y4NgO}js@u{|o~KTgH}>!* z_iDNqX2(As7T0xivMH|3SC1ivm8Q}6Ffcd7owUKN5lHAtzMM4<0v+ykUT!QiowO;`@%JGv+K$bBx@*S7C8GJVqQ_K>12}M`f_Ys=S zKFh}HM9#6Izb$Y{wYzItTy+l5U2oL%boCJn?R3?jP@n$zSIwlmyGq30Cw4QBO|14` zW5c);AN*J3&eMFAk$SR~2k|&+&Bc$e>s%c{`?d~85S-UWjA>DS5+;UKZ}5oVa5O(N zqqc@>)nee)+4MUjH?FGv%hm2{IlIF-QX}ym-7ok4Z9{V+ZHVZQl$A*x!(q%<2~iVv znUa+BX35&lCb#9VE-~Y^W_f;Xhl%vgjwdjzMy$FsSIj&ok}L+X`4>J=9BkN&nu^E*gbhj3(+D>C4E z@Fwq_=N)^bKFSHTzZk?-gNU$@l}r}dwGyh_fNi=9b|n}J>&;G!lzilbWF4B}BBq4f zYIOl?b)PSh#XTPp4IS5ZR_2C!E)Z`zH0OW%4;&~z7UAyA-X|sh9@~>cQW^COA9hV4 zXcA6qUo9P{bW1_2`eo6%hgbN%(G-F1xTvq!sc?4wN6Q4`e9Hku zFwvlAcRY?6h^Fj$R8zCNEDq8`=uZB8D-xn)tA<^bFFy}4$vA}Xq0jAsv1&5!h!yRA zU()KLJya5MQ`q&LKdH#fwq&(bNFS{sKlEh_{N%{XCGO+po#(+WCLmKW6&5iOHny>g z3*VFN?mx!16V5{zyuMWDVP8U*|BGT$(%IO|)?EF|OI*sq&RovH!N%=>i_c?K*A>>k zyg1+~++zY4Q)J;VWN0axhoIKx;l&G$gvj(#go^pZskEVj8^}is3Jw26LzYYVos0HX zRPvmK$dVxM8(Tc?pHFe0Z3uq){{#OK3i-ra#@+;*=ui8)y6hsRv z4Fxx1c1+fr!VI{L3DFMwXKrfl#Q8hfP@ajgEau&QMCxd{g#!T^;ATXW)nUg&$-n25 zruy3V!!;{?OTobo|0GAxe`Acn3GV@W=&n;~&9 zQM>NWW~R@OYORkJAo+eq1!4vzmf9K%plR4(tB@TR&FSbDoRgJ8qVcH#;7lQub*nq&?Z>7WM=oeEVjkaG zT#f)=o!M2DO5hLR+op>t0CixJCIeXH*+z{-XS|%jx)y(j&}Wo|3!l7{o)HU3m7LYyhv*xF&tq z%IN7N;D4raue&&hm0xM=`qv`+TK@;_xAcGKuK(2|75~ar2Yw)geNLSmVxV@x89bQu zpViVKKnlkwjS&&c|-X6`~xdnh}Ps)Hs z4VbUL^{XNLf7_|Oi>tA%?SG5zax}esF*FH3d(JH^Gvr7Rp*n=t7frH!U;!y1gJB^i zY_M$KL_}mW&XKaDEi9K-wZR|q*L32&m+2n_8lq$xRznJ7p8}V>w+d@?uB!eS3#u<} zIaqi!b!w}a2;_BfUUhGMy#4dPx>)_>yZ`ai?Rk`}d0>~ce-PfY-b?Csd(28yX22L% zI7XI>OjIHYTk_@Xk;Gu^F52^Gn6E1&+?4MxDS2G_#PQ&yXPXP^<-p|2nLTb@AAQEY zI*UQ9Pmm{Kat}wuazpjSyXCdnrD&|C1c5DIb1TnzF}f4KIV6D)CJ!?&l&{T)e4U%3HTSYqsQ zo@zWB1o}ceQSV)<4G<)jM|@@YpL+XHuWsr5AYh^Q{K=wSV99D~4RRU52FufmMBMmd z_H}L#qe(}|I9ZyPRD6kT>Ivj&2Y?qVZq<4bG_co_DP`sE*_Xw8D;+7QR$Uq(rr+u> z8bHUWbV19i#)@@G4bCco@Xb<8u~wVDz9S`#k@ciJtlu@uP1U0X?yov8v9U3VOig2t zL9?n$P3=1U_Emi$#slR>N5wH-=J&T=EdUHA}_Z zZIl3nvMP*AZS9{cDqFanrA~S5BqxtNm9tlu;^`)3X&V4tMAkJ4gEIPl= zoV!Gyx0N{3DpD@)pv^iS*dl2FwANu;1;%EDl}JQ7MbxLMAp>)UwNwe{=V}O-5C*>F zu?Ny+F64jZn<+fKjF01}8h5H_3pey|;%bI;SFg$w8;IC<8l|3#Lz2;mNNik6sVTG3 z+Su^rIE#40C4a-587$U~%KedEEw1%r6wdvoMwpmlXH$xPnNQN#f%Z7|p)nC>WsuO= z4zyqapLS<8(UJ~Qi9d|dQijb_xhA2)v>la)<1md5s^R1N&PiuA$^k|A<+2C?OiHbj z>Bn$~t)>Y(Zb`8hW7q9xQ=s>Rv81V+UiuZJc<23HplI88isqRCId89fb`Kt|CxVIg znWcwprwXnotO>3s&Oypkte^9yJjlUVVxSe%_xlzmje|mYOVPH^vjA=?6xd0vaj0Oz zwJ4OJNiFdnHJX3rw&inskjryukl`*fRQ#SMod5J|KroJRsVXa5_$q7whSQ{gOi*s0 z1LeCy|JBWRsDPn7jCb4s(p|JZiZ8+*ExC@Vj)MF|*Vp{B(ziccSn`G1Br9bV(v!C2 z6#?eqpJBc9o@lJ#^p-`-=`4i&wFe>2)nlPK1p9yPFzJCzBQbpkcR>={YtamIw)3nt z(QEF;+)4`>8^_LU)_Q3 zC5_7lgi_6y>U%m)m@}Ku4C}=l^J=<<7c;99ec3p{aR+v=diuJR7uZi%aQv$oP?dn?@6Yu_+*^>T0ptf(oobdL;6)N-I!TO`zg^Xbv3#L0I~sn@WGk-^SmPh5>W+LB<+1PU}AKa?FCWF|qMNELOgdxR{ zbqE7@jVe+FklzdcD$!(A$&}}H*HQFTJ+AOrJYnhh}Yvta(B zQ_bW4Rr;R~&6PAKwgLWXS{Bnln(vUI+~g#kl{r+_zbngT`Y3`^Qf=!PxN4IYX#iW4 zucW7@LLJA9Zh3(rj~&SyN_pjO8H&)|(v%!BnMWySBJV=eSkB3YSTCyIeJ{i;(oc%_hk{$_l;v>nWSB)oVeg+blh=HB5JSlG_r7@P z3q;aFoZjD_qS@zygYqCn=;Zxjo!?NK!%J$ z52lOP`8G3feEj+HTp@Tnn9X~nG=;tS+z}u{mQX_J0kxtr)O30YD%oo)L@wy`jpQYM z@M>Me=95k1p*FW~rHiV1CIfVc{K8r|#Kt(ApkXKsDG$_>76UGNhHExFCw#Ky9*B-z zNq2ga*xax!HMf_|Vp-86r{;~YgQKqu7%szk8$hpvi_2I`OVbG1doP(`gn}=W<8%Gn z%81#&WjkH4GV;4u43EtSW>K_Ta3Zj!XF?;SO3V#q=<=>Tc^@?A`i;&`-cYj|;^ zEo#Jl5zSr~_V-4}y8pnufXLa80vZY4z2ko7fj>DR)#z=wWuS1$$W!L?(y}YC+yQ|G z@L&`2upy3f>~*IquAjkVNU>}c10(fq#HdbK$~Q3l6|=@-eBbo>B9(6xV`*)sae58*f zym~RRVx;xoCG3`JV`xo z!lFw)=t2Hy)e!IFs?0~7osWk(d%^wxq&>_XD4+U#y&-VF%4z?XH^i4w`TxpF{`XhZ z%G}iEzf!T(l>g;W9<~K+)$g!{UvhW{E0Lis(S^%I8OF&%kr!gJ&fMOpM=&=Aj@wuL zBX?*6i51Qb$uhkwkFYkaD_UDE+)rh1c;(&Y=B$3)J&iJfQSx!1NGgPtK!$c9OtJuu zX(pV$bfuJpRR|K(dp@^j}i&HeJOh@|7lWo8^$*o~Xqo z5Sb+!EtJ&e@6F+h&+_1ETbg7LfP5GZjvIUIN3ibCOldAv z)>YdO|NH$x7AC8dr=<2ekiY1%fN*r~e5h6Yaw<{XIErujKV~tiyrvV_DV0AzEknC- zR^xKM3i<1UkvqBj3C{wDvytOd+YtDSGu!gEMg+!&|8BQrT*|p)(dwQLEy+ zMtMzij3zo40)CA!BKZF~yWg?#lWhqD3@qR)gh~D{uZaJO;{OWV8XZ_)J@r3=)T|kt zUS1pXr6-`!Z}w2QR7nP%d?ecf90;K_7C3d!UZ`N(TZoWNN^Q~RjVhQG{Y<%E1PpV^4 z-m-K+$A~-+VDABs^Q@U*)YvhY4Znn2^w>732H?NRK(5QSS$V@D7yz2BVX4)f5A04~$WbxGOam22>t&uD)JB8-~yiQW6ik;FGblY_I>SvB_z2?PS z*Qm&qbKI{H1V@YGWzpx`!v)WeLT02};JJo*#f$a*FH?IIad-^(;9XC#YTWN6;Z6+S zm4O1KH=#V@FJw7Pha0!9Vb%ZIM$)a`VRMoiN&C|$YA3~ZC*8ayZRY^fyuP6$n%2IU z$#XceYZeqLTXw(m$_z|33I$B4k~NZO>pP6)H_}R{E$i%USGy{l{-jOE;%CloYPEU+ zRFxOn4;7lIOh!7abb23YKD+_-?O z0FP9otcAh+oSj;=f#$&*ExUHpd&e#bSF%#8*&ItcL2H$Sa)?pt0Xtf+t)z$_u^wZi z44oE}r4kIZGy3!Mc8q$B&6JqtnHZ>Znn!Zh@6rgIu|yU+zG8q`q9%B18|T|oN3zMq z`l&D;U!OL~%>vo&q0>Y==~zLiCZk4v%s_7!9DxQ~id1LLE93gf*gg&2$|hB#j8;?3 z5v4S;oM6rT{Y;I+#FdmNw z){d%tNM<<#GN%n9ox7B=3#;u7unZ~tLB_vRZ52a&2=IM)2VkXm=L+Iqq~uk#Dug|x z>S84e+A7EiOY5lj*!q?6HDkNh~0g;0Jy(al!ZHHDtur9T$y-~)94HelX1NHjXWIM7UAe}$?jiz z9?P4`I0JM=G5K{3_%2jPLC^_Mlw?-kYYgb7`qGa3@dn|^1fRMwiyM@Ch z;CB&o7&&?c5e>h`IM;Wnha0QKnEp=$hA8TJgR-07N~U5(>9vJzeoFsSRBkDq=x(YgEMpb=l4TDD`2 zwVJpWGTA_u7}?ecW7s6%rUs&NXD3+n;jB86`X?8(l3MBo6)PdakI6V6a}22{)8ilT zM~T*mU}__xSy|6XSrJ^%lDAR3Lft%+yxC|ZUvSO_nqMX!_ul3;R#*{~4DA=h$bP)%8Yv9X zyp><|e8=_ttI}ZAwOd#dlnSjck#6%273{E$kJuCGu=I@O)&6ID{nWF5@gLb16sj|&Sb~+du4e4O_%_o`Ix4NRrAsyr1_}MuP94s>de8cH-OUkVPk3+K z&jW)It9QiU-ti~AuJkL`XMca8Oh4$SyJ=`-5WU<{cIh+XVH#e4d&zive_UHC!pN>W z3TB;Mn5i)9Qn)#6@lo4QpI3jFYc0~+jS)4AFz8fVC;lD^+idw^S~Qhq>Tg(!3$yLD zzktzoFrU@6s4wwCMz}edpF5i5Q1IMmEJQHzp(LAt)pgN3&O!&d?3W@6U4)I^2V{;- z6A(?zd93hS*uQmnh4T)nHnE{wVhh(=MMD(h(P4+^p83Om6t<*cUW>l(qJzr%5vp@K zN27ka(L{JX=1~e2^)F^i=TYj&;<7jyUUR2Bek^A8+3Up*&Xwc{)1nRR5CT8vG>ExV zHnF3UqXJOAno_?bnhCX-&kwI~Ti8t4`n0%Up>!U`ZvK^w2+0Cs-b9%w%4`$+To|k= zKtgc&l}P`*8IS>8DOe?EB84^kx4BQp3<7P{Pq}&p%xF_81pg!l2|u=&I{AuUgmF5n zJQCTLv}%}xbFGYtKfbba{CBo)lWW%Z>i(_NvLhoQZ*5-@2l&x>e+I~0Nld3UI9tdL zRzu8}i;X!h8LHVvN?C+|M81e>Jr38%&*9LYQec9Ax>?NN+9(_>XSRv&6hlCYB`>Qm z1&ygi{Y()OU4@D_jd_-7vDILR{>o|7-k)Sjdxkjgvi{@S>6GqiF|o`*Otr;P)kLHN zZkpts;0zw_6;?f(@4S1FN=m!4^mv~W+lJA`&7RH%2$)49z0A+8@0BCHtj|yH--AEL z0tW6G%X-+J+5a{5*WKaM0QDznf;V?L5&uQw+yegDNDP`hA;0XPYc6e0;Xv6|i|^F2WB)Z$LR|HR4 zTQsRAby9(^Z@yATyOgcfQw7cKyr^3Tz7lc7+JEwwzA7)|2x+PtEb>nD(tpxJQm)Kn zW9K_*r!L%~N*vS8<5T=iv|o!zTe9k_2jC_j*7ik^M_ zaf%k{WX{-;0*`t`G!&`eW;gChVXnJ-Rn)To8vW-?>>a%QU1v`ZC=U)f8iA@%JG0mZ zDqH;~mgBnrCP~1II<=V9;EBL)J+xzCoiRBaeH&J6rL!{4zIY8tZka?_FBeQeNO3q6 zyG_alW54Ba&wQf{&F1v-r1R6ID)PTsqjIBc+5MHkcW5Fnvi~{-FjKe)t1bl}Y;z@< z=!%zvpRua>>t_x}^}z0<7MI!H2v6|XAyR9!t50q-A)xk0nflgF4*OQlCGK==4S|wc zRMsSscNhRzHMBU8TdcHN!q^I}x0iXJ%uehac|Zs_B$p@CnF)HeXPpB_Za}F{<@6-4 zl%kml@}kHQ(ypD8FsPJ2=14xXJE|b20RUIgs!2|R3>LUMGF6X*B_I|$`Qg=;zm7C z{mEDy9dTmPbued7mlO@phdmAmJ7p@GR1bjCkMw6*G7#4+`k>fk1czdJUB!e@Q(~6# zwo%@p@V5RL0ABU2LH7Asq^quDUho@H>eTZH9f*no9fY0T zD_-9px3e}A!>>kv5wk91%C9R1J_Nh!*&Kk$J3KNxC}c_@zlgpJZ+5L)Nw|^p=2ue}CJtm;uj*Iqr)K})kA$xtNUEvX;4!Px*^&9T_`IN{D z{6~QY=Nau6EzpvufB^hflc#XIsSq0Y9(nf$d~6ZwK}fal92)fr%T3=q{0mP-EyP_G z)UR5h@IX}3Qll2b0oCAcBF>b*@Etu*aTLPU<%C>KoOrk=x?pN!#f_Og-w+;xbFgjQ zXp`et%lDBBh~OcFnMKMUoox0YwBNy`N0q~bSPh@+enQ=4RUw1) zpovN`QoV>vZ#5LvC;cl|6jPr}O5tu!Ipoyib8iXqy}TeJ;4+_7r<1kV0v5?Kv>fYp zg>9L`;XwXa&W7-jf|9~uP2iyF5`5AJ`Q~p4eBU$MCC00`rcSF>`&0fbd^_eqR+}mK z4n*PMMa&FOcc)vTUR zlDUAn-mh`ahi_`f`=39JYTNVjsTa_Y3b1GOIi)6dY)D}xeshB0T8Eov5%UhWd1)u}kjEQ|LDo{tqKKrYIfVz~@dp!! zMOnah@vp)%_-jDTUG09l+;{CkDCH|Q{NqX*uHa1YxFShy*1+;J`gywKaz|2Q{lG8x zP?KBur`}r`!WLKXY_K;C8$EWG>jY3UIh{+BLv0=2)KH%P}6xE2kg)%(-uA6lC?u8}{K(#P*c zE9C8t*u%j2r_{;Rpe1A{9nNXU;b_N0vNgyK!EZVut~}+R2rcbsHilqsOviYh-pYX= zHw@53nlmwYI5W5KP>&`dBZe0Jn?nAdC^HY1wlR6$u^PbpB#AS&5L6zqrXN&7*N2Q` z+Rae1EwS)H=aVSIkr8Ek^1jy2iS2o7mqm~Mr&g5=jjt7VxwglQ^`h#Mx+x2v|9ZAwE$i_9918MjJxTMr?n!bZ6n$}y11u8I9COTU`Z$Fi z!AeAQLMw^gp_{+0QTEJrhL424pVDp%wpku~XRlD3iv{vQ!lAf!_jyqd_h}+Tr1XG| z`*FT*NbPqvHCUsYAkFnM`@l4u_QH&bszpUK#M~XLJt{%?00GXY?u_{gj3Hvs!=N(I z(=AuWPijyoU!r?aFTsa8pLB&cx}$*%;K$e*XqF{~*rA-qn)h^!(-;e}O#B$|S~c+U zN4vyOK0vmtx$5K!?g*+J@G1NmlEI=pyZXZ69tAv=@`t%ag_Hk{LP~OH9iE)I= zaJ69b4kuCkV0V zo(M0#>phpQ_)@j;h%m{-a*LGi(72TP)ws2w*@4|C-3+;=5DmC4s7Lp95%n%@Ko zfdr3-a7m*dys9iIci$A=4NPJ`HfJ;hujLgU)ZRuJI`n;Pw|yksu!#LQnJ#dJysgNb z@@qwR^wrk(jbq4H?d!lNyy72~Dnn87KxsgQ!)|*m(DRM+eC$wh7KnS-mho3|KE)7h zK3k;qZ;K1Lj6uEXLYUYi)1FN}F@-xJ z@@3Hb84sl|j{4$3J}aTY@cbX@pzB_qM~APljrjju6P0tY{C@ zpUCOz_NFmALMv1*blCcwUD3?U6tYs+N%cmJ98D%3)%)Xu^uvzF zS5O!sc#X6?EwsYkvPo6A%O8&y8sCCQH<%f2togVwW&{M;PR!a(ZT_A+jVAbf{@5kL zB@Z(hb$3U{T_}SKA_CoQVU-;j>2J=L#lZ~aQCFg-d<9rzs$_gO&d5N6eFSc z1ml8)P*FSi+k@!^M9nDWR5e@ATD8oxtDu=36Iv2!;dZzidIS(PCtEuXAtlBb1;H%Z zwnC^Ek*D)EX4#Q>R$$WA2sxC_t(!!6Tr?C#@{3}n{<^o;9id1RA&-Pig1e-2B1XpG zliNjgmd3c&%A}s>qf{_j#!Z`fu0xIwm4L0)OF=u(OEmp;bLCIaZX$&J_^Z%4Sq4GZ zPn6sV_#+6pJmDN_lx@1;Zw6Md_p0w9h6mHtzpuIEwNn>OnuRSC2=>fP^Hqgc)xu^4 z<3!s`cORHJh#?!nKI`Et7{3C27+EuH)Gw1f)aoP|B3y?fuVfvpYYmmukx0ya-)TQX zR{ggy5cNf4X|g)nl#jC9p>7|09_S7>1D2GTRBUTW zAkQ=JMRogZqG#v;^=11O6@rPPwvJkr{bW-Qg8`q8GoD#K`&Y+S#%&B>SGRL>;ZunM@49!}Uy zN|bBCJ%sO;@3wl0>0gbl3L@1^O60ONObz8ZI7nder>(udj-jt`;yj^nTQ$L9`OU9W zX4alF#$|GiR47%x@s&LV>2Sz2R6?;2R~5k6V>)nz!o_*1Y!$p>BC5&?hJg_MiE6UBy>RkVZj`9UWbRkN-Hk!S`=BS3t3uyX6)7SF#)71*}`~Ogz z1rap5H6~dhBJ83;q-Y<5V35C2&F^JI-it(=5D#v!fAi9p#UwV~2tZQI+W(Dv?1t9? zfh*xpxxO{-(VGB>!Q&0%^YW_F!@aZS#ucP|YaD#>wd1Fv&Z*SR&mc;asi}1G) z_H>`!akh-Zxq9#io(7%;a$)w+{QH)Y$?UK1Dt^4)up!Szcxnu}kn$0afcfJL#IL+S z5gF_Y30j;{lNrG6m~$Ay?)*V9fZuU@3=kd40=LhazjFrau>(Y>SJNtOz>8x_X-BlA zIpl{i>OarVGj1v(4?^1`R}aQB&WCRQzS~;7R{tDZG=HhgrW@B`W|#cdyj%YBky)P= zpxuOZkW>S6%q7U{VsB#G(^FMsH5QuGXhb(sY+!-R8Bmv6Sx3WzSW<1MPPN1!&PurYky(@`bP9tz z52}LH9Q?+FF5jR6-;|+GVdRA!qtd;}*-h&iIw3Tq3qF9sDIb1FFxGbo&fbG5n8$3F zyY&PWL{ys^dTO}oZ#@sIX^BKW*bon=;te9j5k+T%wJ zNJtoN1~YVj4~YRrlZl)b&kJqp+Z`DqT!la$x&&IxgOQw#yZd-nBP3!7FijBXD|IsU8Zl^ zc6?MKpJQ+7ka|tZQLfchD$PD|;K(9FiLE|eUZX#EZxhG!S-63C$jWX1Yd!6-Yxi-u zjULIr|0-Q%D9jz}IF~S%>0(jOqZ(Ln<$9PxiySr&2Oic7vb<8q=46)Ln%Z|<*z5&> z3f~Zw@m;vR(bESB<=Jqkxn(=#hQw42l(7)h`vMQQTttz9XW6^|^8EK7qhju4r_c*b zJIi`)MB$w@9epwdIfnEBR+?~);yd6C(LeMC& zn&&N*?-g&BBJcV;8&UoZi4Lmxcj16ojlxR~zMrf=O_^i1wGb9X-0@6_rpjPYemIin zmJb+;lHe;Yp=8G)Q(L1bzH*}I>}uAqhj4;g)PlvD9_e_ScR{Ipq|$8NvAvLD8MYr}xl=bU~)f%B3E>r3Bu9_t|ThF3C5~BdOve zEbk^r&r#PT&?^V1cb{72yEWH}TXEE}w>t!cY~rA+hNOTK8FAtIEoszp!qqptS&;r$ zaYV-NX96-h$6aR@1xz6_E0^N49mU)-v#bwtGJm)ibygzJ8!7|WIrcb`$XH~^!a#s& z{Db-0IOTFq#9!^j!n_F}#Z_nX{YzBK8XLPVmc&X`fT7!@$U-@2KM9soGbmOSAmqV z{nr$L^MBo_u^Joyf0E^=eo{Rt0{{e$IFA(#*kP@SQd6lWT2-#>` zP1)7_@IO!9lk>Zt?#CU?cuhiLF&)+XEM9B)cS(gvQT!X3`wL*{fArTS;Ak`J<84du zALKPz4}3nlG8Fo^MH0L|oK2-4xIY!~Oux~1sw!+It)&D3p;+N8AgqKI`ld6v71wy8I!eP0o~=RVcFQR2Gr(eP_JbSytoQ$Yt}l*4r@A8Me94y z8cTDWhqlq^qoAhbOzGBXv^Wa4vUz$(7B!mX`T=x_ueKRRDfg&Uc-e1+z4x$jyW_Pm zp?U;-R#xt^Z8Ev~`m`iL4*c#65Nn)q#=Y0l1AuD&+{|8-Gsij3LUZXpM0Bx0u7WWm zH|%yE@-#XEph2}-$-thl+S;__ciBxSSzHveP%~v}5I%u!z_l_KoW{KRx2=eB33umE zIYFtu^5=wGU`Jab8#}cnYry@9p5UE#U|VVvx_4l49JQ;jQdp(uw=$^A$EA$LM%vmE zvdEOaIcp5qX8wX{mYf0;#51~imYYPn4=k&#DsKTxo{_Mg*;S495?OBY?#gv=edYC* z^O@-sd-qa+U24xvcbL0@C7_6o!$`)sVr-jSJE4XQUQ$?L7}2(}Eixqv;L8AdJAVqc zq}RPgpnDb@E_;?6K58r3h4-!4rT4Ab#rLHLX?eMOfluJk=3i1@Gt1i#iA=O`M0@x! z(HtJP9BMHXEzuD93m|B&woj0g6T?f#^)>J>|I4C5?Gam>n9!8CT%~aT;=oco5d6U8 zMXl(=W;$ND_8+DD*?|5bJ!;8ebESXMUKBAf7YBwNVJibGaJ*(2G`F%wx)grqVPjudiaq^Kl&g$8A2 zWMxMr@_$c}d+;_B`#kUX-t|4VKH&_f^^EP0&=DPLW)H)UzBG%%Tra*5 z%$kyZe3I&S#gfie^z5)!twG={3Cuh)FdeA!Kj<-9** zvT*5%Tb`|QbE!iW-XcOuy39>D3oe6x{>&<#E$o8Ac|j)wq#kQzz|ATd=Z0K!p2$QE zPu?jL8Lb^y3_CQE{*}sTDe!2!dtlFjq&YLY@2#4>XS`}v#PLrpvc4*@q^O{mmnr5D zmyJq~t?8>FWU5vZdE(%4cuZuao0GNjp3~Dt*SLaxI#g_u>hu@k&9Ho*#CZP~lFJHj z(e!SYlLigyc?&5-YxlE{uuk$9b&l6d`uIlpg_z15dPo*iU&|Khx2*A5Fp;8iK_bdP z?T6|^7@lcx2j0T@x>X7|kuuBSB7<^zeY~R~4McconTxA2flHC0_jFxmSTv-~?zVT| zG_|yDqa9lkF*B6_{j=T>=M8r<0s;@z#h)3BQ4NLl@`Xr__o7;~M&dL3J8fP&zLfDfy z);ckcTev{@OUlZ`bCo(-3? z1u1xD`PKgSg?RqeVVsF<1SLF;XYA@Bsa&cY!I48ZJn1V<3d!?s=St?TLo zC0cNr`qD*M#s6f~X>SCNVkva^9A2ZP>CoJ9bvgXe_c}WdX-)pHM5m7O zrHt#g$F0AO+nGA;7dSJ?)|Mo~cf{z2L)Rz!`fpi73Zv)H=a5K)*$5sf_IZypi($P5 zsPwUc4~P-J1@^3C6-r9{V-u0Z&Sl7vNfmuMY4yy*cL>_)BmQF!8Om9Dej%cHxbIzA zhtV0d{=%cr?;bpBPjt@4w=#<>k5ee=TiWAXM2~tUGfm z$s&!Dm0R^V$}fOR*B^kGaipi~rx~A2cS0;t&khV1a4u38*XRUP~f za!rZMtay8bsLt6yFYl@>-y^31(*P!L^^s@mslZy(SMsv9bVoX`O#yBgEcjCmGpyc* zeH$Dw6vB5P*;jor+JOX@;6K#+xc)Z9B8M=x2a@Wx-{snPGpRmOC$zpsqW*JCh@M2Y z#K+M(>=#d^>Of9C`))h<=Bsy)6zaMJ&x-t%&+UcpLjV`jo4R2025 zXaG8EA!0lQa)|dx-@{O)qP6`$rhCkoQqZ`^SW8g-kOwrwsK8 z3ms*AIcyj}-1x&A&vSq{r=QMyp3CHdWH35!sad#!Sm>^|-|afB+Q;|Iq@LFgqIp#Z zD1%H+3I?6RGnk&IFo|u+E0dCxXz4yI^1i!QTu7uvIEH>i3rR{srcST`LIRwdV1P;W z+%AN1NIf@xxvVLiSX`8ILA8MzNqE&7>%jMzGt9wm78bo9<;h*W84i29^w!>V>{N+S zd`5Zmz^G;f=icvoOZfK5#1ctx*~UwD=ab4DGQXehQ!XYnak*dee%YN$_ZPL%KZuz$ zD;$PpT;HM^$KwtQm@7uvT`i6>Hae1CoRVM2)NL<2-k2PiX=eAx+-6j#JI?M}(tuBW zkF%jjLR)O`gI2fcPBxF^HeI|DWwQWHVR!;;{BXXHskxh8F@BMDn`oEi-NHt;CLymW z=KSv5)3dyzec0T5B*`g-MQ<;gz=nIWKUi9ko<|4I(-E0k$QncH>E4l z**1w&#={&zv4Tvhgz#c29`m|;lU-jmaXFMC11 z*dlXDMEOG>VoLMc>!rApwOu2prKSi*!w%`yzGmS+k(zm*CsLK*wv{S_0WX^8A-rKy zbk^Gf_92^7iB_uUF)EE+ET4d|X|>d&mdN?x@vxKAQk`O+r4Qdu>XGy(a(19g;=jU} zFX{O*_NG>!$@jh!U369Lnc+D~qch3uT+_Amyi}*k#LAAwh}k8IPK5a-WZ81ufD>l> z$4cF}GSz>ce`3FAic}6W4Z7m9KGO?(eWqi@L|5Hq0@L|&2flN1PVl}XgQ2q*_n2s3 zt5KtowNkTYB5b;SVuoXA@i5irXO)A&%7?V`1@HGCB&)Wgk+l|^XXChq;u(nyPB}b3 zY>m5jkxpZgi)zfbgv&ec4Zqdvm+D<?Im*mXweS9H+V>)zF#Zp3)bhl$PbISY{5=_z!8&*Jv~NYtI-g!>fDs zmvL5O^U%!^VaKA9gvKw|5?-jk>~%CVGvctKmP$kpnpfN{D8@X*Aazi$txfa%vd-|E z>kYmV66W!lNekJPom29LdZ%(I+ZLZYTXzTg*to~m?7vp%{V<~>H+2}PQ?PPAq`36R z<%wR8v6UkS>Wt#hzGk#44W<%9S=nBfB);6clKwnxY}T*w21Qc3_?IJ@4gYzC7s;WP zVQNI(M=S=JT#xsZy7G`cR(BP9*je0bfeN8JN5~zY(DDs0t{LpHOIbN);?T-69Pf3R zSNe*&p2%AwXHL>__g+xd4Hlc_vu<25H?(`nafS%)3UPP7_4;gk-9ckt8SJRTv5v0M z_Hww`qPudL?ajIR&X*;$y-`<)6dxx1U~5eGS13CB!lX;3w7n&lDDiArbAhSycd}+b zya_3p@A`$kQy;|NJZ~s44Hqo7Hwt}X86NK=(ey>lgWTtGL6k@Gy;PbO!M%1~Wcn2k zUFP|*5d>t-X*RU8g%>|(wwj*~#l4z^Aatf^DWd1Wj#Q*AY0D^V@sC`M zjJc6qXu0I7Y*2;;gGu!plAFzG=J;1%eIOdn zQA>J&e05UN*7I5@yRhK|lbBSfJ+5Uq;!&HV@xfPZrgD}kE*1DSq^=%{o%|LChhl#0 zlMb<^a6ixzpd{kNZr|3jTGeEzuo}-eLT-)Q$#b{!vKx8Tg}swCni>{#%vDY$Ww$84 zew3c9BBovqb}_&BRo#^!G(1Eg((BScRZ}C)Oz?y`T5wOrv);)b^4XR8 zhJo7+<^7)qB>I;46!GySzdneZ>n_E1oWZY;kf94#)s)kWjuJN1c+wbVoNQcmnv}{> zN0pF+Sl3E}UQ$}slSZeLJrwT>Sr}#V(dVaezCQl2|4LN`7L7v&siYR|r7M(*JYfR$ zst3=YaDw$FSc{g}KHO&QiKxuhEzF{f%RJLKe3p*7=oo`WNP)M(9X1zIQPP0XHhY3c znrP{$4#Ol$A0s|4S7Gx2L23dv*Gv2o;h((XVn+9+$qvm}s%zi6nI-_s6?mG! zj{DV;qesJb&owKeEK?=J>UcAlYckA7Sl+I&IN=yasrZOkejir*kE@SN`fk<8Fgx*$ zy&fE6?}G)d_N`){P~U@1jRVA|2*69)KSe_}!~?+`Yb{Y=O~_+@!j<&oVQQMnhoIRU zA0CyF1OFfkK44n*JD~!2!SCPM;PRSk%1XL=0&rz00wxPs&-_eapJy#$h!eqY%nS0{ z!aGg58JIJPF3_ci%n)QSVpa2H`vIe$RD43;#IRfDV&Ibit z+?>HW4{2wOfC6Fw)}4x}i1maDxcE1qi@BS*qcxD2gE@h3#4cgU*D-&3z7D|tVZWt= z-Cy2+*Cm@P4GN_TPUtaVyVesbVDazF@)j8VJ4>XZv!f%}&eO1SvIgr}4`A*3#vat< z_MoByL(qW6L7SFZ#|Gc1fFN)L2PxY+{B8tJp+pxRyz*87)vXR}*=&ahXjBlQKguuf zX6x<<6fQulE^C*KH8~W%ptpaC0l?b=_{~*U4?5Vt;dgM4t_{&UZ1C2j?b>b+5}{IF_CUyvz-@QZPMlJ)r_tS$9kH%RPv#2_nMb zRLj5;chJ72*U`Z@Dqt4$@_+k$%|8m(HqLG!qT4P^DdfvGf&){gKnGCX#H0!;W=AGP zbA&Z`-__a)VTS}kKFjWGk z%|>yE?t*EJ!qeQ%dPk$;xIQ+P0;()PCBDgjJm6Buj{f^awNoVx+9<|lg3%-$G(*f) zll6oOkN|yamn1uyl2*N-lnqRI1cvs_JxLTeahEK=THV$Sz*gQhKNb*p0fNoda#-&F zB-qJgW^g}!TtM|0bS2QZekW7_tKu%GcJ!4?lObt0z_$mZ4rbQ0o=^curCs3bJK6sq z9fu-aW-l#>z~ca(B;4yv;2RZ?tGYAU)^)Kz{L|4oPj zdOf_?de|#yS)p2v8-N||+XL=O*%3+y)oI(HbM)Ds?q8~HPzIP(vs*G`iddbWq}! z(2!VjP&{Z1w+%eUq^ '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit + +APP_NAME="Gradle" +APP_BASE_NAME=${0##*/} + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..107acd3 --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,89 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto execute + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/lint/naver-checkstyle-rules.xml b/lint/naver-checkstyle-rules.xml new file mode 100644 index 0000000..2b16050 --- /dev/null +++ b/lint/naver-checkstyle-rules.xml @@ -0,0 +1,439 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/lint/naver-checkstyle-suppressions.xml b/lint/naver-checkstyle-suppressions.xml new file mode 100644 index 0000000..a7b6fd1 --- /dev/null +++ b/lint/naver-checkstyle-suppressions.xml @@ -0,0 +1,7 @@ + + + + + diff --git a/module-api/.gitignore b/module-api/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/module-api/build.gradle b/module-api/build.gradle new file mode 100644 index 0000000..e69de29 diff --git a/module-api/src/main/java/com/peoplehere/api/ApiApplication.java b/module-api/src/main/java/com/peoplehere/api/ApiApplication.java new file mode 100644 index 0000000..10b0cbd --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/ApiApplication.java @@ -0,0 +1,16 @@ +package com.peoplehere.api; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.context.ApplicationPidFileWriter; + +@SpringBootApplication(scanBasePackages = {"com.peoplehere.api", "com.peoplehere.shared"}) +public class ApiApplication { + + public static void main(String[] args) { + var app = new SpringApplication(ApiApplication.class); + app.addListeners(new ApplicationPidFileWriter()); + app.run(args); + + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/annotation/CheckEmailVerificationLimit.java b/module-api/src/main/java/com/peoplehere/api/common/annotation/CheckEmailVerificationLimit.java new file mode 100644 index 0000000..90907d7 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/annotation/CheckEmailVerificationLimit.java @@ -0,0 +1,11 @@ +package com.peoplehere.api.common.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Target; + +/** + * 이메일 인증 번호 전송에 대한 제한을 체크하는 어노테이션 + */ +@Target({ElementType.METHOD}) +public @interface CheckEmailVerificationLimit { +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/annotation/CheckEmailVerifyLimit.java b/module-api/src/main/java/com/peoplehere/api/common/annotation/CheckEmailVerifyLimit.java new file mode 100644 index 0000000..bbec569 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/annotation/CheckEmailVerifyLimit.java @@ -0,0 +1,11 @@ +package com.peoplehere.api.common.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Target; + +/** + * 이메일 인증 번호 검증에 대한 제한을 체크하는 어노테이션 + */ +@Target({ElementType.METHOD}) +public @interface CheckEmailVerifyLimit { +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/annotation/PrivateNetwork.java b/module-api/src/main/java/com/peoplehere/api/common/annotation/PrivateNetwork.java new file mode 100644 index 0000000..a3ab0d4 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/annotation/PrivateNetwork.java @@ -0,0 +1,11 @@ +package com.peoplehere.api.common.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target({ElementType.METHOD, ElementType.TYPE}) +@Retention(RetentionPolicy.RUNTIME) +public @interface PrivateNetwork { +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/AsyncConfig.java b/module-api/src/main/java/com/peoplehere/api/common/config/AsyncConfig.java new file mode 100644 index 0000000..8faaa93 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/AsyncConfig.java @@ -0,0 +1,9 @@ +package com.peoplehere.api.common.config; + +/* +@EnableAsync(proxyTargetClass = true) +@Configuration +public class AsyncConfig { + +} +*/ diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/CustomCorsFilter.java b/module-api/src/main/java/com/peoplehere/api/common/config/CustomCorsFilter.java new file mode 100644 index 0000000..c554c81 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/CustomCorsFilter.java @@ -0,0 +1,88 @@ +package com.peoplehere.api.common.config; + +import static com.peoplehere.api.common.util.RequestUtils.*; +import static java.lang.Boolean.*; +import static org.springframework.data.mapping.Alias.*; +import static org.springframework.http.HttpHeaders.*; +import static org.springframework.http.HttpMethod.*; + +import java.io.IOException; +import java.util.List; + +import org.springframework.core.Ordered; +import org.springframework.core.annotation.Order; +import org.springframework.http.HttpStatus; +import org.springframework.stereotype.Component; + +import jakarta.servlet.Filter; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.ServletRequest; +import jakarta.servlet.ServletResponse; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Component +@AllArgsConstructor +@Order(Ordered.HIGHEST_PRECEDENCE) +public class CustomCorsFilter implements Filter { + + private final IpAccessManager ipAccessManager; + private static final List ALLOW_ORIGINS = List.of( + ".peoplehere.world", "localhost" + ); + + private static final String ALLOWED_METHODS = "GET, POST, PUT, OPTIONS"; + private static final String ALLOWED_HEADERS = "X-Requested-With,Origin,Content-Type,Accept,Authorization"; + + /** + * 허용된 도메인만 열어주기 + * todo: whitelist(허용된 ip) 도 열어주기 + * @param request + * @param response + * @param chain + * @throws IOException + * @throws ServletException + */ + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws + IOException, + ServletException { + final HttpServletRequest req = (HttpServletRequest)request; + final HttpServletResponse res = (HttpServletResponse)response; + final String origin = ((HttpServletRequest)request).getHeader(ORIGIN); + + if (ofNullable(origin).isPresent()) { + log.debug("헤더확인: {}", getIp(req)); + + if (ipAccessManager.contains(req) || isAllowOrigin(origin)) { + res.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, origin); + res.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, TRUE.toString()); + + if (OPTIONS.matches(req.getMethod())) { + res.addHeader(ACCESS_CONTROL_ALLOW_METHODS, ALLOWED_METHODS); + res.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, ALLOWED_HEADERS); + res.setStatus(HttpStatus.OK.value()); + return; + } + } else { + res.setStatus(HttpStatus.FORBIDDEN.value()); + return; + } + } + chain.doFilter(req, res); + + } + + private static boolean isAllowOrigin(String origin) { + for (String allowOrigin : ALLOW_ORIGINS) { + if (origin.contains(allowOrigin)) { + return true; + } + } + return false; + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/ErrorControllerAdvice.java b/module-api/src/main/java/com/peoplehere/api/common/config/ErrorControllerAdvice.java new file mode 100644 index 0000000..8f77e5a --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/ErrorControllerAdvice.java @@ -0,0 +1,117 @@ +package com.peoplehere.api.common.config; + +import static org.springframework.http.HttpStatus.*; + +import org.springframework.dao.DataIntegrityViolationException; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.validation.BindException; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.ExceptionHandler; + +import com.peoplehere.api.common.exception.AccountIdNotFoundException; +import com.peoplehere.api.common.exception.ClientBindException; +import com.peoplehere.api.common.exception.DuplicateException; +import com.peoplehere.api.common.exception.ForbiddenException; +import com.peoplehere.shared.common.data.response.ErrorResponseDto; +import com.peoplehere.shared.common.webhook.AlertWebhook; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@ControllerAdvice +@RequiredArgsConstructor +public class ErrorControllerAdvice { + private final AlertWebhook alertWebhook; + private static final String FORBIDDEN_403_BODY = "접근할 수 없어요!"; + private static final String ERROR_500_BODY = "잠시 후 다시 확인해주세요!"; + + @ExceptionHandler(value = {ForbiddenException.class, AccessDeniedException.class}) + public ResponseEntity redirect403(Exception exception) { + log.debug("403 분석용", exception); + return ResponseEntity.status(FORBIDDEN).body(FORBIDDEN_403_BODY); + } + + @ExceptionHandler(value = DataIntegrityViolationException.class) + public ResponseEntity handle422(Exception exception) { + log.debug("422 에러분석용", exception); + return ResponseEntity.status(HttpStatus.UNPROCESSABLE_ENTITY).body(ERROR_500_BODY); + } + + /** + * 인증 예외의 핸들링 + * @param exception + * @return + */ + @ExceptionHandler(BadCredentialsException.class) + public ResponseEntity handleAuthenticationException(BadCredentialsException exception) { + log.debug("유효하지 않은 계정정보입니다.", exception); + return ResponseEntity.badRequest().body(new ErrorResponseDto("유효하지않은 계정정보입니다")); + } + + /** + * 클라이언트로부터의 요청 데이터 처리 중 발생한 바인딩 예외의 핸들링 + * 예외 세부 정보를 응답으로 전달하지 않음 + * + * @param exception + * @return + */ + @ExceptionHandler(value = ClientBindException.class) + public ResponseEntity handleClientBindException(ClientBindException exception) { + log.error("바인딩 중 오류 발생", exception); + return ResponseEntity.badRequest().body(new ErrorResponseDto("바인딩 중 오류 발생")); + } + + /** + * 관리자의(백오피스) 내부에서 요청 데이터 처리 중 발생한 바인딩 예외의 핸들링 + * 예외 세부 정보를 응답으로 전달함 + * + * @param exception + * @return + */ + @ExceptionHandler(value = BindException.class) + public ResponseEntity handleBindException(BindException exception) { + log.error("바인딩 중 오류 발생", exception); + ErrorResponseDto response = new ErrorResponseDto("바인딩 중 오류 발생", exception); + return ResponseEntity.badRequest().body(response); + } + + /** + * 중복된 값이 발생했을 때의 핸들링 + * @param exception + * @return + */ + @ExceptionHandler(value = DuplicateException.class) + public ResponseEntity handleDuplicateException(DuplicateException exception) { + log.debug("중복된 값 발생", exception); + ErrorResponseDto response = new ErrorResponseDto(exception); + return ResponseEntity.status(CONFLICT).body(response); + } + + /** + * 계정 아이디를 찾을 수 없을 때의 핸들링(로그인, 이메일 체크 용) + * @param exception + * @return + */ + @ExceptionHandler(value = AccountIdNotFoundException.class) + public ResponseEntity handleAccountIdNotFoundException(AccountIdNotFoundException exception) { + log.debug("계정 아이디를 찾을 수 없음", exception); + ErrorResponseDto response = new ErrorResponseDto(exception); + return ResponseEntity.status(NOT_FOUND).body(response); + } + + /** + * 그 외의 예외의 핸들링 + * @param exception + * @return + */ + @ExceptionHandler(value = Exception.class) + public ResponseEntity handle(Exception exception) { + log.debug("500 에러분석용", exception); + alertWebhook.alertError("500 에러 발생 분석을 하라", exception.getMessage()); + return ResponseEntity.internalServerError().body(ERROR_500_BODY); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/IpAccessManager.java b/module-api/src/main/java/com/peoplehere/api/common/config/IpAccessManager.java new file mode 100644 index 0000000..ef6537b --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/IpAccessManager.java @@ -0,0 +1,143 @@ +package com.peoplehere.api.common.config; + +import static com.peoplehere.api.common.util.RequestUtils.*; + +import java.math.BigInteger; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.util.HashSet; +import java.util.Set; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.security.core.Authentication; +import org.springframework.stereotype.Component; +import org.springframework.util.StringUtils; + +import jakarta.servlet.http.HttpServletRequest; +import lombok.ToString; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Component +public class IpAccessManager { + + private final ListRanges privatelistRanges; + private final ListRanges metricsRanges; + private final ListRanges instanceRanges; + + public IpAccessManager( + @Value("#{'${whitelist.private:}'.replaceAll('\\s+', '').split(',')}") Set privateNetworks, + @Value("#{'${whitelist.metrics:}'.replaceAll('\\s+', '').split(',')}") Set metricsNetworks, + @Value("#{'${whitelist.private-instance:}'.replaceAll('\\s+', '').split(',')}") Set privateInstances) + throws UnknownHostException { + + log.info("\nprivate-networks: {}\n", privateNetworks); + log.info("\nmetrics: {}\n", metricsNetworks); + log.info("\nprivate-instance: {}\n", privateInstances); + + this.privatelistRanges = new ListRanges(privateNetworks); + this.metricsRanges = new ListRanges(metricsNetworks); + this.instanceRanges = new ListRanges(privateInstances); + + log.info("IpAccessManager 초기화. whitelist: {}, metrics: {}", privatelistRanges, metricsRanges); + } + + public boolean contains(HttpServletRequest request) { + String ipStr = getIp(request); + + if (ipStr == null) { + return false; + } + + try { + return privatelistRanges.isAllowed(ipStr); + } catch (UnknownHostException e) { + log.error("ip 체크하다 오류 {}", ipStr, e); + return false; + } + } + + public boolean isPrivateNetwork(Authentication authentication, HttpServletRequest request) { + boolean access = contains(request); + + if (!access) { + log.info("제한구역 접근[{}]: [{}] [{}]", getIp(request), request.getRequestURI(), authentication); + } + + return access; + } + + public boolean isMetricNetwork(HttpServletRequest request) { + try { + return metricsRanges.isAllowed(getIp(request)); + } catch (UnknownHostException e) { + log.error("ip 체크하다 오류", e); + return false; + } + } + + public boolean isPrivateInstance(HttpServletRequest request) { + String ip = getIp(request); + return instanceRanges.ipv4List.stream().anyMatch(s -> s.equals(ip) || s.contains(ip)); + } + + @ToString + private static class ListRanges { + private final Set ranges = new HashSet<>(); + private final Set ipv4List = new HashSet<>(); + + public ListRanges(Set list) { + for (String str : list) { + String[] cidr = str.split("/"); + if (cidr.length == 2) { // cidr + String[] ipAddressInArray = cidr[0].split("\\."); + int prefix = Integer.parseInt(cidr[1]); + + BigInteger ipVal = new BigInteger("0"); + for (int i = 0; i < ipAddressInArray.length; i++) { + int power = 3 - i; + int ipAddress = Integer.parseInt(ipAddressInArray[i]); + ipVal = ipVal.add(BigInteger.valueOf(ipAddress).shiftLeft(power * 8)); + } + + BigInteger mask = BigInteger.ZERO.setBit(32).subtract(BigInteger.ONE).shiftRight(prefix); + BigInteger[] range = new BigInteger[] {ipVal, mask}; + ranges.add(range); + } else { + ipv4List.add(str); + } + } + } + + public boolean isAllowed(String ipAddress) throws UnknownHostException { + if (!StringUtils.hasLength(ipAddress)) { + return false; + } + + for (String ipv4 : ipv4List) { + if (ipv4.startsWith(ipAddress)) { + return true; + } + } + + if (!ranges.isEmpty()) { + BigInteger ip = new BigInteger(1, InetAddress.getByName(ipAddress).getAddress()); + for (BigInteger[] range : ranges) { + BigInteger start = range[0]; + BigInteger end = start.add(range[1]); + + if (ip.compareTo(start) >= 0 && ip.compareTo(end) <= 0) { + return true; + } + } + } + + if (log.isDebugEnabled()) { + log.debug("접근금지. ipAddress: [{}]", ipAddress); + } + + return false; + } + } + +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/PrivateNetworkInterceptor.java b/module-api/src/main/java/com/peoplehere/api/common/config/PrivateNetworkInterceptor.java new file mode 100644 index 0000000..2c9882d --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/PrivateNetworkInterceptor.java @@ -0,0 +1,41 @@ +package com.peoplehere.api.common.config; + +import static com.peoplehere.api.common.util.RequestUtils.*; + +import org.springframework.stereotype.Component; +import org.springframework.web.method.HandlerMethod; +import org.springframework.web.servlet.HandlerInterceptor; + +import com.peoplehere.api.common.annotation.PrivateNetwork; +import com.peoplehere.api.common.exception.ForbiddenException; + +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Component +@AllArgsConstructor +public class PrivateNetworkInterceptor implements HandlerInterceptor { + + private final IpAccessManager ipAccessManager; + + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { + if (!(handler instanceof HandlerMethod)) { + return true; + } + if (isTarget((HandlerMethod)handler) && !ipAccessManager.contains(request)) { + throw new ForbiddenException(getIp(request), request.getRequestURI()); + } + + return true; + } + + private boolean isTarget(HandlerMethod method) { + return method.hasMethodAnnotation(PrivateNetwork.class) || method.getMethod() + .getDeclaringClass() + .isAnnotationPresent(PrivateNetwork.class); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/WebConfig.java b/module-api/src/main/java/com/peoplehere/api/common/config/WebConfig.java new file mode 100644 index 0000000..d0c245e --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/WebConfig.java @@ -0,0 +1,23 @@ +package com.peoplehere.api.common.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.InterceptorRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Configuration +@RequiredArgsConstructor +public class WebConfig implements WebMvcConfigurer { + + private final PrivateNetworkInterceptor privateNetworkInterceptor; + + @Override + public void addInterceptors(InterceptorRegistry registry) { + WebMvcConfigurer.super.addInterceptors(registry); + registry.addInterceptor(privateNetworkInterceptor); + } + +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/aspect/RequestLimitAspect.java b/module-api/src/main/java/com/peoplehere/api/common/config/aspect/RequestLimitAspect.java new file mode 100644 index 0000000..e1507ad --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/aspect/RequestLimitAspect.java @@ -0,0 +1,15 @@ +package com.peoplehere.api.common.config.aspect; + +import org.aspectj.lang.annotation.Aspect; +import org.springframework.stereotype.Component; + +import lombok.RequiredArgsConstructor; + +/** + * 요청 전 제한 값들(인증 번호 발급 제한, 유/무료 사용자의 총 요청 제한)을 체크하고 필요한 값을 설정하는 Aspect + */ +@Component +@Aspect +@RequiredArgsConstructor +public class RequestLimitAspect { +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/security/AuthorizationFilter.java b/module-api/src/main/java/com/peoplehere/api/common/config/security/AuthorizationFilter.java new file mode 100644 index 0000000..dfa09a5 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/security/AuthorizationFilter.java @@ -0,0 +1,52 @@ +package com.peoplehere.api.common.config.security; + +import static com.peoplehere.api.common.util.RequestUtils.*; +import static org.springframework.http.HttpHeaders.*; + +import java.io.IOException; + +import org.springframework.data.redis.core.RedisTemplate; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Component; +import org.springframework.util.StringUtils; +import org.springframework.web.filter.OncePerRequestFilter; + +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Component +@RequiredArgsConstructor +public class AuthorizationFilter extends OncePerRequestFilter { + + private final TokenProvider tokenProvider; + private final RedisTemplate redisTemplate; + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, + FilterChain chain) throws ServletException, IOException { + String token = request.getHeader(AUTHORIZATION); + String ip = getIp(request); + String uri = request.getRequestURI(); + + if (!StringUtils.hasText(token)) { + log.debug("토큰 없음, ip: {}, uri: {}", ip, uri); + chain.doFilter(request, response); + return; + } + try { + Authentication authentication = tokenProvider.getAuthenticationFromAcs(token); + SecurityContextHolder.getContext().setAuthentication(authentication); + log.debug("{}: 인증 정보 security context 저장, uri: {}", authentication.getName(), uri); + + } catch (Exception e) { + log.debug("인가 처리 실패 기록 : ip: {}, uri: {} - {}", ip, uri, e.getMessage()); + } + chain.doFilter(request, response); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/security/Token.java b/module-api/src/main/java/com/peoplehere/api/common/config/security/Token.java new file mode 100644 index 0000000..3788bb9 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/security/Token.java @@ -0,0 +1,4 @@ +package com.peoplehere.api.common.config.security; + +public record Token(String accessToken, String refreshToken) { +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/security/TokenProperties.java b/module-api/src/main/java/com/peoplehere/api/common/config/security/TokenProperties.java new file mode 100644 index 0000000..022dadd --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/security/TokenProperties.java @@ -0,0 +1,36 @@ +package com.peoplehere.api.common.config.security; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +import jakarta.annotation.PostConstruct; +import lombok.Data; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Data +@Component +@ConfigurationProperties(prefix = "token") +public class TokenProperties { + private String accessKey; + + private String refreshKey; + + private long accessTime; + + private long refreshTime; + + @PostConstruct + public void log() { + log.info("access token 만료시간: [{} s]", this.accessTime); + log.info("refresh token 만료시간: [{} s]", this.refreshTime); + } + + public long getExpiredTime(TokenType type) { + if (type == null) { + throw new IllegalArgumentException("Token type must not be null"); + } + return type == TokenType.ACCESS ? this.accessTime : this.refreshTime; + } + +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/security/TokenProvider.java b/module-api/src/main/java/com/peoplehere/api/common/config/security/TokenProvider.java new file mode 100644 index 0000000..dd6239b --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/security/TokenProvider.java @@ -0,0 +1,134 @@ +package com.peoplehere.api.common.config.security; + +import static com.peoplehere.api.common.config.security.TokenType.*; +import static java.util.stream.Collectors.*; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Date; +import java.util.stream.Collectors; + +import javax.crypto.SecretKey; + +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.stereotype.Component; + +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.ExpiredJwtException; +import io.jsonwebtoken.Jws; +import io.jsonwebtoken.Jwts; +import io.jsonwebtoken.MalformedJwtException; +import io.jsonwebtoken.UnsupportedJwtException; +import io.jsonwebtoken.io.Decoders; +import io.jsonwebtoken.security.Keys; +import io.jsonwebtoken.security.SignatureException; +import jakarta.annotation.PostConstruct; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Component +@RequiredArgsConstructor +public class TokenProvider { + + private final TokenProperties tokenProperties; + private SecretKey accessKey; + private SecretKey refreshKey; + + private static final String AUTHORITIES_KEY = "auth"; + + @PostConstruct + public void initialize() { + byte[] accessKeyBytes = Decoders.BASE64.decode(tokenProperties.getAccessKey()); + byte[] secretKeyBytes = Decoders.BASE64.decode(tokenProperties.getRefreshKey()); + this.accessKey = Keys.hmacShaKeyFor(accessKeyBytes); + this.refreshKey = Keys.hmacShaKeyFor(secretKeyBytes); + } + + public Token generateToken(Authentication authentication) { + return new Token(buildJwt(ACCESS, authentication), buildJwt(TokenType.REFRESH, authentication)); + } + + public String buildJwt(TokenType type, Authentication authentication) { + String authorities = authentication.getAuthorities().stream() + .map(GrantedAuthority::getAuthority) + .collect(Collectors.joining(",")); + + SecretKey key = getSecretKeyByType(type); + try { + return Jwts.builder() + .subject(authentication.getName()) + .claim(AUTHORITIES_KEY, authorities) + .expiration(new Date(new Date().getTime() + tokenProperties.getExpiredTime(type))) + .signWith(key) + .compact(); + } catch (Exception e) { + log.error("JWT 토큰 생성 실패 - type: [{}], subject: [{}]", type, authentication.getName(), e); + throw new RuntimeException("JWT 토큰 생성 실패", e); + } + } + + public Authentication getAuthenticationFromAcs(String token) { + return getAuthentication(TokenType.ACCESS, token); + } + + public Authentication getAuthenticationFromRef(String token) { + return getAuthentication(TokenType.REFRESH, token); + } + + private Authentication getAuthentication(TokenType type, String token) { + Claims claims = parseJwt(type, token).getPayload(); + + Collection authorities = Arrays.stream( + claims.get(AUTHORITIES_KEY).toString().split(",")) + .map(SimpleGrantedAuthority::new) + .collect(toList()); + + return new UsernamePasswordAuthenticationToken(claims.getSubject(), token, authorities); + } + + public Jws parseJwt(TokenType type, String token) { + try { + SecretKey key = getSecretKeyByType(type); + return Jwts.parser().verifyWith(key).build().parseSignedClaims(token); + } catch (SignatureException e) { + log.error("유효하지 않은 서명의 토큰입니다"); + } catch (MalformedJwtException e) { + log.error("유효하지 않은 JWT입니다."); + } catch (ExpiredJwtException e) { + log.error("만료된 JWT입니다."); + } catch (UnsupportedJwtException e) { + log.error("지원되지 않는 JWT입니다."); + } catch (IllegalArgumentException e) { + log.error("jwt claim is empty"); + } + throw new IllegalArgumentException(); + } + + public boolean isAccessTokenCanBeReissued(String token) { + try { + // 토큰 파싱. 만료되었거나 문제가 있는 경우, 예외 발생 + Jwts.parser().verifyWith(accessKey).build().parseSignedClaims(token); + // 토큰이 유효한 경우: 재발급이 필요하지 않으므로 false를 반환 + return false; + } catch (ExpiredJwtException e) { + // 토큰이 만료된 경우: 재발급이 가능하므로 true를 반환 + return true; + } catch (Exception e) { + // 기타 모든 예외 처리: 재발급이 불가능하므로 false를 반환 + log.error("토큰 재발급 가능 여부 확인 중 오류 발생", e); + return false; + } + } + + private SecretKey getSecretKeyByType(TokenType type) { + if (ACCESS.equals(type)) { + return accessKey; + } + return refreshKey; + } + +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/security/TokenType.java b/module-api/src/main/java/com/peoplehere/api/common/config/security/TokenType.java new file mode 100644 index 0000000..fdc1843 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/security/TokenType.java @@ -0,0 +1,10 @@ +package com.peoplehere.api.common.config.security; + +import lombok.AllArgsConstructor; +import lombok.Getter; + +@Getter +@AllArgsConstructor +public enum TokenType { + ACCESS, REFRESH +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/security/VerifyCodeProperties.java b/module-api/src/main/java/com/peoplehere/api/common/config/security/VerifyCodeProperties.java new file mode 100644 index 0000000..9ff6f9f --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/security/VerifyCodeProperties.java @@ -0,0 +1,25 @@ +package com.peoplehere.api.common.config.security; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +import jakarta.annotation.PostConstruct; +import lombok.Data; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Data +@Component +@ConfigurationProperties(prefix = "verify") +public class VerifyCodeProperties { + + private int emailTimeout; + + private int phoneTimeout; + + @PostConstruct + public void log() { + log.info("email verify code 만료시간: [{} ms]", this.emailTimeout); + log.info("phone verify code 만료시간: [{} ms]", this.phoneTimeout); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/security/WebSecurityConfig.java b/module-api/src/main/java/com/peoplehere/api/common/config/security/WebSecurityConfig.java new file mode 100644 index 0000000..7be290f --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/security/WebSecurityConfig.java @@ -0,0 +1,124 @@ +package com.peoplehere.api.common.config.security; + +import static com.peoplehere.shared.common.enums.AccountRole.*; + +import java.nio.charset.StandardCharsets; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.authorization.AuthorizationDecision; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.access.AccessDeniedHandler; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.web.csrf.CsrfFilter; +import org.springframework.web.filter.CharacterEncodingFilter; + +import com.peoplehere.api.common.config.IpAccessManager; +import com.peoplehere.api.common.config.security.handler.CustomAccessDeniedHandler; +import com.peoplehere.api.common.config.security.handler.CustomAuthenticationEntryPointHandler; + +import lombok.RequiredArgsConstructor; + +@Configuration +@EnableMethodSecurity(prePostEnabled = true) +@EnableWebSecurity +@RequiredArgsConstructor +public class WebSecurityConfig { + + private final CustomAuthenticationEntryPointHandler customAuthenticationEntryPointHandler; + private final AuthorizationFilter authorizationFilter; + private final IpAccessManager ipAccessManager; + + @Profile("!test") + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + + var filter = new CharacterEncodingFilter(); + filter.setEncoding(StandardCharsets.UTF_8.name()); + filter.setForceEncoding(true); + http + .addFilterBefore(filter, CsrfFilter.class) + .addFilterBefore(authorizationFilter, UsernamePasswordAuthenticationFilter.class); + + // 로그인 방식 설정 + http + .csrf(AbstractHttpConfigurer::disable) + .httpBasic(AbstractHttpConfigurer::disable) + .formLogin(AbstractHttpConfigurer::disable) + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); + + // 경로별 접근 제어 설정 + http + .authorizeHttpRequests((authorizeRequests) -> + authorizeRequests + .requestMatchers("/actuator/**", "/error-test") + .access((authentication, object) -> { + // 관리자면서 허용된 ip의 경우만 접근 가능 + var isAdmin = authentication.get() + .getAuthorities() + .stream() + .anyMatch(it -> it.getAuthority().equals(ADMIN.getValue())); + return new AuthorizationDecision( + isAdmin || ipAccessManager.isMetricNetwork(object.getRequest())); + }) + + .requestMatchers("/api/account/alarm") + .authenticated() + + // 로그인 관련 경로 및 특정 uri의 경우 접근 허용 + .requestMatchers("/api/account/**", "/test") + .permitAll() + + // TODO: method annotation 으로 권한을 관리할 api + // .requestMatchers("") + // .permitAll() + + // health check + .requestMatchers("/api/health") + .permitAll() + + // swagger + .requestMatchers("/swagger-ui.html", "/swagger-ui/**", "/v3/api-docs/**", "/swagger-resources/**") + .permitAll() + + // local api 경로 + .requestMatchers("/api/local", "/api/local/**") + .access((authentication, object) -> { + String ip = object.getRequest().getRemoteAddr(); + boolean isLocalIp = "127.0.0.1".equals(ip) || "0:0:0:0:0:0:0:1".equals(ip); + return new AuthorizationDecision( + isLocalIp || ipAccessManager.isPrivateNetwork(authentication.get(), object.getRequest())); + }) + + // 나머지 경로는 인증된 사용자만 접근 가능 + .anyRequest() + .authenticated()); + + // 예외처리 커스터마이징 + http + .exceptionHandling((exceptionConfig) -> + exceptionConfig.authenticationEntryPoint(customAuthenticationEntryPointHandler) + .accessDeniedHandler(accessDeniedHandler())); + + return http.build(); + } + + @Bean + public AccessDeniedHandler accessDeniedHandler() { + return new CustomAccessDeniedHandler(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/security/handler/CustomAccessDeniedHandler.java b/module-api/src/main/java/com/peoplehere/api/common/config/security/handler/CustomAccessDeniedHandler.java new file mode 100644 index 0000000..3c9e03a --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/security/handler/CustomAccessDeniedHandler.java @@ -0,0 +1,32 @@ +package com.peoplehere.api.common.config.security.handler; + +import static com.peoplehere.api.common.util.RequestUtils.*; + +import java.io.IOException; + +import org.springframework.http.HttpStatus; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.web.access.AccessDeniedHandlerImpl; +import org.springframework.stereotype.Component; + +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Component +public class CustomAccessDeniedHandler extends AccessDeniedHandlerImpl { + + @Override + public void handle(HttpServletRequest request, HttpServletResponse response, + AccessDeniedException accessDeniedException) throws IOException, ServletException { + super.handle(request, response, accessDeniedException); + + if (log.isDebugEnabled()) { + log.debug("[{}] [{}] [{}] {}", getIp(request), HttpStatus.FORBIDDEN, request.getMethod(), + request.getRequestURI()); + } + } +} + diff --git a/module-api/src/main/java/com/peoplehere/api/common/config/security/handler/CustomAuthenticationEntryPointHandler.java b/module-api/src/main/java/com/peoplehere/api/common/config/security/handler/CustomAuthenticationEntryPointHandler.java new file mode 100644 index 0000000..7436d41 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/config/security/handler/CustomAuthenticationEntryPointHandler.java @@ -0,0 +1,38 @@ +package com.peoplehere.api.common.config.security.handler; + +import static com.peoplehere.api.common.util.RequestUtils.*; +import static org.springframework.util.MimeTypeUtils.*; + +import java.io.IOException; +import java.nio.charset.StandardCharsets; + +import org.springframework.http.HttpStatus; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.stereotype.Component; + +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Component +@RequiredArgsConstructor +public class CustomAuthenticationEntryPointHandler implements AuthenticationEntryPoint { + + @Override + public void commence(HttpServletRequest request, HttpServletResponse response, + AuthenticationException authException) throws IOException, ServletException { + if (log.isDebugEnabled()) { + log.debug("[{}] [{}] [{}] {}", getIp(request), HttpStatus.UNAUTHORIZED, request.getMethod(), + request.getRequestURI()); + } + + response.setStatus(HttpStatus.UNAUTHORIZED.value()); + response.setCharacterEncoding(StandardCharsets.UTF_8.name()); + response.setContentType(APPLICATION_JSON_VALUE); + // todo: 추후 response body에 에러 메시지 필요하다면 추가 + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/controller/AccountController.java b/module-api/src/main/java/com/peoplehere/api/common/controller/AccountController.java new file mode 100644 index 0000000..4f5fbc6 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/controller/AccountController.java @@ -0,0 +1,182 @@ +package com.peoplehere.api.common.controller; + +import static com.peoplehere.shared.common.util.PatternUtils.*; + +import java.security.Principal; + +import org.springframework.http.ResponseEntity; +import org.springframework.validation.BindException; +import org.springframework.validation.BindingResult; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.RestController; + +import com.peoplehere.api.common.annotation.CheckEmailVerificationLimit; +import com.peoplehere.api.common.annotation.CheckEmailVerifyLimit; +import com.peoplehere.api.common.data.request.MailVerificationRequestDto; +import com.peoplehere.api.common.data.request.MailVerifyRequestDto; +import com.peoplehere.api.common.data.response.MailVerificationResponseDto; +import com.peoplehere.api.common.exception.ClientBindException; +import com.peoplehere.api.common.service.AccountService; +import com.peoplehere.api.common.service.VerifyService; +import com.peoplehere.shared.common.data.request.AlarmConsentRequestDto; +import com.peoplehere.shared.common.data.request.PasswordRequestDto; +import com.peoplehere.shared.common.data.request.SignInRequestDto; +import com.peoplehere.shared.common.data.request.SignUpRequestDto; +import com.peoplehere.shared.common.data.request.TokenRequestDto; +import com.peoplehere.shared.common.data.response.AccountResponseDto; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@RestController +@RequiredArgsConstructor +@RequestMapping("/api/account") +public class AccountController { + + private final AccountService accountService; + private final VerifyService verifyService; + + /** + * client 회원가입 + * @param requestDto 회원가입 요청 정보 + * @param result 바인딩 결과 + * @return + * @throws ClientBindException client 바인딩 오류 + */ + @PostMapping("/sign-up") + public ResponseEntity signUp(@Validated @RequestBody SignUpRequestDto requestDto, + BindingResult result) throws + ClientBindException { + + if (result.hasErrors()) { + throw new ClientBindException(result); + } + accountService.signUp(requestDto); + log.info("client: {} 회원가입 성공", requestDto.getEmail()); + return ResponseEntity.ok().body("success"); + } + + /** + * client 로그인 + * @param requestDto 로그인 요청 정보 + * @param result 바인딩 결과 + * @return 로그인 성공 시 토큰 반환 + * @throws ClientBindException client 바인딩 오류 + */ + @PostMapping("/sign-in") + public ResponseEntity signIn(@Validated @RequestBody SignInRequestDto requestDto, + BindingResult result) throws + BindException { + + if (result.hasErrors()) { + throw new ClientBindException(result); + } + AccountResponseDto responseDto = accountService.signIn(requestDto); + log.debug("client: {} 로그인 성공", requestDto.getEmail()); + return ResponseEntity.ok().body(responseDto); + } + + /** + * 비밀번호 재설정 + * @param requestDto 비밀번호 재설정 요청 정보 + * @param result 바인딩 결과 + * @return + * @throws ClientBindException client 바인딩 오류 + */ + @PutMapping("/password") + public ResponseEntity modifyPassword(@Validated @RequestBody PasswordRequestDto requestDto, + BindingResult result) throws + ClientBindException { + + if (result.hasErrors()) { + throw new ClientBindException(result); + } + accountService.updatePassword(requestDto); + return ResponseEntity.ok().body("success"); + } + + /** + * 이메일 유효성(중복, 패턴) 체크 + * @param email 이메일 + * @return + */ + @GetMapping("/email/check") + public ResponseEntity checkEmail(@RequestParam String email) { + if (!EMAIL_PATTERN.matcher(email).matches()) { + log.error("이메일 형식 오류: {}", email); + return ResponseEntity.badRequest().build(); + } + accountService.checkEmail(email); + return ResponseEntity.ok().body("success"); + } + + /** + * 알람 동의 여부를 저장함 + * @param requestDto 알람 동의 여부 + * @return + */ + @PostMapping("/alarm") + public ResponseEntity modifyAlarmConsent(Principal principal, + @Validated @RequestBody AlarmConsentRequestDto requestDto, BindingResult result) throws BindException { + if (result.hasErrors()) { + throw new BindException(result); + } + accountService.modifyAlarmConsent(principal.getName(), requestDto.isConsent()); + return ResponseEntity.ok().body("success"); + } + + /** + * 토큰 재발급 + * accessToken의 만료 유무 확인 후 만료시 재발급 + * @param requestDto 토큰 재발급 요청 정보 + * @return + */ + @PostMapping("/token") + public ResponseEntity reissueToken(@Validated @RequestBody TokenRequestDto requestDto, + BindingResult result) throws ClientBindException { + if (result.hasErrors()) { + throw new ClientBindException(result); + } + return ResponseEntity.ok( + accountService.reissueToken(requestDto.getAccessToken(), requestDto.getRefreshToken())); + } + + /** + * 이메일 인증 번호 요청 + * @param requestDto 이메일 + * @param result + * @return 인증번호 만료시간 + * @throws ClientBindException + */ + @CheckEmailVerificationLimit + @PostMapping("/email/verification") + public ResponseEntity sendEmailVerificationCode( + @Validated @RequestBody MailVerificationRequestDto requestDto, + BindingResult result) throws ClientBindException { + if (result.hasErrors()) { + throw new ClientBindException(result); + } + long start = System.currentTimeMillis(); + MailVerificationResponseDto responseDto = verifyService.sendEmailVerificationCode(requestDto.email()); + log.info("이메일 인증번호 전송 성공 - {}ms, email: {}", System.currentTimeMillis() - start, requestDto.email()); + return ResponseEntity.ok().body(responseDto); + } + + /** + * 이메일 인증 번호 검증 + * @param requestDto 이메일, 인증번호 + * @return + */ + @CheckEmailVerifyLimit + @PostMapping("/email/verify") + public ResponseEntity checkEmailVerifyCode(@Validated @RequestBody MailVerifyRequestDto requestDto) { + return ResponseEntity.ok().body(verifyService.checkEmailVerifyCode(requestDto)); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/controller/ConstantController.java b/module-api/src/main/java/com/peoplehere/api/common/controller/ConstantController.java new file mode 100644 index 0000000..1e6268f --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/controller/ConstantController.java @@ -0,0 +1,33 @@ +package com.peoplehere.api.common.controller; + +import static com.peoplehere.shared.common.enums.Region.*; + +import java.util.List; + +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import com.peoplehere.shared.common.data.response.RegionResponseDto; +import com.peoplehere.shared.common.enums.Gender; + +@RestController +@RequestMapping("/api/constants") +public class ConstantController { + + @GetMapping("/genders") + public ResponseEntity getGenderType() { + return ResponseEntity.ok(Gender.VALUES); + } + + /** + * 국가 코드, 영문 이름, 한글 이름, 국제 전화 코드를 반환 + * @return + */ + @GetMapping("/regions") + public ResponseEntity> getRegions() { + return ResponseEntity.ok(REGION_INFO_LIST); + } +} + diff --git a/module-api/src/main/java/com/peoplehere/api/common/controller/StatusController.java b/module-api/src/main/java/com/peoplehere/api/common/controller/StatusController.java new file mode 100644 index 0000000..d30c9a5 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/controller/StatusController.java @@ -0,0 +1,60 @@ +package com.peoplehere.api.common.controller; + +import java.util.ArrayList; +import java.util.List; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@RequiredArgsConstructor +@RestController +public class StatusController { + + @Value("${server.port}") + int port; + + @Value("${app.ip.public:#{null}}") + String publicIp; + + @GetMapping("/api/local/delay") + public ResponseEntity delayGet() throws InterruptedException { + log.info("30초간 작업하는척 "); + + for (int i = 0; i < 30; i++) { + Thread.sleep(1000); + if (i % 5 == 0) { + log.info("{}, {} 초 지남", port, i); + } + } + + return ResponseEntity.ok("success"); + } + + @GetMapping("/api/health") + public ResponseEntity health() { + return ResponseEntity.status(200).body("hello!, im " + publicIp); + } + + /** + * metric 에러로그 수집 테스트 + * @return + */ + @GetMapping("/error-test") + public ResponseEntity errorTest() { + try { + List list = new ArrayList<>(); + list.get(2).toString(); + } catch (Exception e) { + log.error("에러로그 테스트중. 리스트에서 잘못된 접근!", e); + } + + var date = System.currentTimeMillis(); + return ResponseEntity.ok(date); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/data/request/MailVerificationRequestDto.java b/module-api/src/main/java/com/peoplehere/api/common/data/request/MailVerificationRequestDto.java new file mode 100644 index 0000000..76bc92f --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/data/request/MailVerificationRequestDto.java @@ -0,0 +1,10 @@ +package com.peoplehere.api.common.data.request; + +import jakarta.validation.constraints.Email; + +/** + * 이메일 인증 번호 요청 DTO + * @param email + */ +public record MailVerificationRequestDto(@Email String email) { +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/data/request/MailVerifyRequestDto.java b/module-api/src/main/java/com/peoplehere/api/common/data/request/MailVerifyRequestDto.java new file mode 100644 index 0000000..d59b25a --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/data/request/MailVerifyRequestDto.java @@ -0,0 +1,10 @@ +package com.peoplehere.api.common.data.request; + +import jakarta.validation.constraints.Email; +import jakarta.validation.constraints.NotBlank; + +/** + * 메일 인증 코드 검증 요청 DTO + */ +public record MailVerifyRequestDto(@Email String email, @NotBlank String code) { +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/data/response/MailVerificationResponseDto.java b/module-api/src/main/java/com/peoplehere/api/common/data/response/MailVerificationResponseDto.java new file mode 100644 index 0000000..192ce50 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/data/response/MailVerificationResponseDto.java @@ -0,0 +1,4 @@ +package com.peoplehere.api.common.data.response; + +public record MailVerificationResponseDto(int expireSecondTime) { +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/exception/AccountIdNotFoundException.java b/module-api/src/main/java/com/peoplehere/api/common/exception/AccountIdNotFoundException.java new file mode 100644 index 0000000..e45ff9b --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/exception/AccountIdNotFoundException.java @@ -0,0 +1,13 @@ +package com.peoplehere.api.common.exception; + +import org.springframework.http.HttpStatus; +import org.springframework.web.bind.annotation.ResponseStatus; + +import jakarta.persistence.EntityNotFoundException; + +@ResponseStatus(HttpStatus.NOT_FOUND) +public class AccountIdNotFoundException extends EntityNotFoundException { + public AccountIdNotFoundException(String accountId) { + super("계정 ID (%s)에 해당하는 유저를 찾을 수 없습니다.".formatted(accountId)); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/exception/ClientBindException.java b/module-api/src/main/java/com/peoplehere/api/common/exception/ClientBindException.java new file mode 100644 index 0000000..74c2d14 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/exception/ClientBindException.java @@ -0,0 +1,15 @@ +package com.peoplehere.api.common.exception; + +import org.springframework.validation.BindException; +import org.springframework.validation.BindingResult; + +/** + * Bind 예외 중 클라이언트로부터의 요청 처리 중 발생한 예외. + * 클라이언트에게는 예외의 세부 정보를 숨겨야 한다. + * 따라서 별도로 예외처리하기 위해 예외 클래스를 분리 + */ +public class ClientBindException extends BindException { + public ClientBindException(BindingResult bindingResult) { + super(bindingResult); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/exception/DuplicateException.java b/module-api/src/main/java/com/peoplehere/api/common/exception/DuplicateException.java new file mode 100644 index 0000000..ea5b1f3 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/exception/DuplicateException.java @@ -0,0 +1,11 @@ +package com.peoplehere.api.common.exception; + +import org.springframework.http.HttpStatus; +import org.springframework.web.bind.annotation.ResponseStatus; + +@ResponseStatus(HttpStatus.CONFLICT) +public class DuplicateException extends RuntimeException { + public DuplicateException(String value) { + super("중복된 값: (%s)".formatted(value)); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/exception/ForbiddenException.java b/module-api/src/main/java/com/peoplehere/api/common/exception/ForbiddenException.java new file mode 100644 index 0000000..07c348f --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/exception/ForbiddenException.java @@ -0,0 +1,11 @@ +package com.peoplehere.api.common.exception; + +import org.springframework.http.HttpStatus; +import org.springframework.web.bind.annotation.ResponseStatus; + +@ResponseStatus(HttpStatus.FORBIDDEN) +public class ForbiddenException extends RuntimeException { + public ForbiddenException(String address, String path) { + super("제한구역 접근(%s): [%s]".formatted(address, path)); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/service/AccountService.java b/module-api/src/main/java/com/peoplehere/api/common/service/AccountService.java new file mode 100644 index 0000000..5fd4349 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/service/AccountService.java @@ -0,0 +1,117 @@ +package com.peoplehere.api.common.service; + +import static com.peoplehere.shared.common.data.request.SignUpRequestDto.*; + +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.core.Authentication; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import com.peoplehere.api.common.config.security.Token; +import com.peoplehere.api.common.config.security.TokenProvider; +import com.peoplehere.api.common.exception.AccountIdNotFoundException; +import com.peoplehere.api.common.exception.DuplicateException; +import com.peoplehere.shared.common.data.request.PasswordRequestDto; +import com.peoplehere.shared.common.data.request.SignInRequestDto; +import com.peoplehere.shared.common.data.request.SignUpRequestDto; +import com.peoplehere.shared.common.data.response.AccountResponseDto; +import com.peoplehere.shared.common.entity.Account; +import com.peoplehere.shared.common.entity.Consent; +import com.peoplehere.shared.common.repository.AccountRepository; +import com.peoplehere.shared.common.repository.ConsentRepository; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Service +@RequiredArgsConstructor +public class AccountService { + + private final AccountRepository accountRepository; + private final ConsentRepository consentRepository; + private final TokenProvider tokenProvider; + private final PasswordEncoder passwordEncoder; + private final AuthenticationManagerBuilder authenticationManagerBuilder; + private final RedisTaskService redisTaskService; + + @Transactional + public void signUp(SignUpRequestDto requestDto) { + if (accountRepository.existsByEmail(requestDto.getEmail())) { + throw new DuplicateException(requestDto.getEmail()); + } + String encodedPassword = passwordEncoder.encode(requestDto.getPassword()); + Account account = accountRepository.save(toClientAccount(requestDto, encodedPassword)); + consentRepository.save(toConsent(requestDto, account)); + } + + /** + * 사용자 로그인을 시도하고, 토큰을 생성 후 redis에 저장하고 반환 + * TODO: 현재는 자동 로그인으로 구현, 추후에 일반 로그인, 자동 로그인으로 분리될 수 있음 + * @param requestDto + * @return + */ + @Transactional + public AccountResponseDto signIn(SignInRequestDto requestDto) { + Authentication authentication = attemptAuthentication(requestDto); + Token token = tokenProvider.generateToken(authentication); + redisTaskService.setRefreshToken(token, authentication.getName()); + return AccountResponseDto.builder() + .accessToken(token.accessToken()) + .refreshToken(token.refreshToken()) + .build(); + } + + @Transactional + public void updatePassword(PasswordRequestDto requestDto) { + Account account = accountRepository.findByEmail(requestDto.getEmail()) + .orElseThrow(() -> new AccountIdNotFoundException(requestDto.getEmail())); + + account.updatePassword(passwordEncoder.encode(requestDto.getNewPassword())); + } + + @Transactional(readOnly = true) + public void checkEmail(String email) { + if (accountRepository.existsByEmail(email)) { + throw new DuplicateException(email); + } + } + + @Transactional + public void modifyAlarmConsent(String userId, boolean alarmConsent) { + Account account = accountRepository.findByEmail(userId) + .orElseThrow(() -> new AccountIdNotFoundException(userId)); + Consent consent = consentRepository.findByAccountId(account.getId()) + .orElseThrow(() -> new AccountIdNotFoundException(userId)); + consent.setAlarmConsent(alarmConsent); + } + + /** + * accessToken의 만료 여부, refreshToken의 유효성을 검사하고, 새로운 accessToken을 발급 + * @param accessToken + * @param refreshToken + * @return + */ + @Transactional + public String reissueToken(String accessToken, String refreshToken) { + if (!tokenProvider.isAccessTokenCanBeReissued(accessToken)) { + throw new IllegalArgumentException("토큰 재발급에 실패하였습니다."); + } + Authentication authentication = tokenProvider.getAuthenticationFromRef(refreshToken); + return tokenProvider.generateToken(authentication).accessToken(); + } + + /** + * 사용자 인증을 시도하고, 인증된 Authentication 객체를 반환 + * @param requestDto 사용자 로그인 요청 정보 + * @return + */ + private Authentication attemptAuthentication(SignInRequestDto requestDto) { + UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( + requestDto.getEmail(), requestDto.getPassword()); + return authenticationManagerBuilder.getObject().authenticate(authenticationToken); + } + +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/service/PrincipalDetailService.java b/module-api/src/main/java/com/peoplehere/api/common/service/PrincipalDetailService.java new file mode 100644 index 0000000..ed681bc --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/service/PrincipalDetailService.java @@ -0,0 +1,26 @@ +package com.peoplehere.api.common.service; + +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.stereotype.Service; + +import com.peoplehere.shared.common.repository.AccountRepository; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Service +@RequiredArgsConstructor +public class PrincipalDetailService implements UserDetailsService { + + private final AccountRepository accountRepository; + + @Override + public UserDetails loadUserByUsername(String userId) throws UsernameNotFoundException { + log.debug("{}: LOGIN", userId); + return accountRepository.findByUserId(userId) + .orElseThrow(() -> new UsernameNotFoundException("해당 유저[%s]를 찾을 수 없습니다.".formatted(userId))); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/service/RedisTaskService.java b/module-api/src/main/java/com/peoplehere/api/common/service/RedisTaskService.java new file mode 100644 index 0000000..f532d9b --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/service/RedisTaskService.java @@ -0,0 +1,92 @@ +package com.peoplehere.api.common.service; + +import static com.peoplehere.shared.common.config.redis.RedisKeyProperties.*; + +import java.util.Objects; +import java.util.concurrent.TimeUnit; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.data.redis.core.RedisTemplate; +import org.springframework.data.redis.core.ValueOperations; +import org.springframework.stereotype.Service; + +import com.peoplehere.api.common.config.security.Token; +import com.peoplehere.api.common.config.security.TokenProperties; +import com.peoplehere.api.common.config.security.VerifyCodeProperties; +import com.peoplehere.api.common.data.response.MailVerificationResponseDto; +import com.peoplehere.shared.common.webhook.AlertWebhook; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Service +@RequiredArgsConstructor +public class RedisTaskService { + + @Value("${spring.profiles.active:}") + private String stage; + + private final TokenProperties tokenProperties; + private final VerifyCodeProperties verifyCodeProperties; + private final RedisTemplate redisTemplate; + private final AlertWebhook alertWebhook; + + /** + * 사용자의 refresh token을 저장 + * @param token refreshToken + * @param userId 사용자 id + */ + public void setRefreshToken(Token token, String userId) { + String key = generateRefreshTokenKey(stage, userId); + redisTemplate.opsForValue() + .set(key, token.refreshToken(), tokenProperties.getRefreshTime(), TimeUnit.MICROSECONDS); + log.info("refresh token 저장 성공 - userId: {}", userId); + } + + /** + * 이메일 인증 코드 레디스에 저장 + * @param email 이메일 + * @param code 랜덤 인증 코드 + */ + public MailVerificationResponseDto setEmailVerifyCode(String email, String code) { + String key = generateEmailVerifyCodeKey(stage, email); + redisTemplate.opsForValue() + .set(key, code, verifyCodeProperties.getEmailTimeout(), TimeUnit.SECONDS); + log.debug("email verify code 저장 성공 - email: {}", email); + return new MailVerificationResponseDto(verifyCodeProperties.getEmailTimeout()); + } + + /** + * 이메일 인증 코드 레디스에 있는지 확인 + * @param email 이메일 + * @return 인증 코드 + */ + public boolean checkEmailVerifyCode(String email, String code) { + String key = generateEmailVerifyCodeKey(stage, email); + boolean isMatch = checkValueMatch(key, code); + if (isMatch) { + redisTemplate.unlink(key); + log.debug("email verify code 삭제 성공 - email: {}", email); + } + return isMatch; + } + + /** + * key에 해당하는 value가 일치하는지 확인 + * @param key email verify code key + * @param value email verify code + * @return 일치 여부 + */ + private boolean checkValueMatch(String key, String value) { + try { + ValueOperations valueOperations = redisTemplate.opsForValue(); + return Objects.requireNonNull(value).equals(valueOperations.get(key)); + } catch (Exception e) { + log.error("redis에서 값 가져오기 실패 - key: {}", key, e); + alertWebhook.alertError("redis에서 값 가져오기 실패 key - [%s]. 우선은 false 반환 체크 필요".formatted(key), e.getMessage()); + return false; + } + } + +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/service/VerifyService.java b/module-api/src/main/java/com/peoplehere/api/common/service/VerifyService.java new file mode 100644 index 0000000..3cec376 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/service/VerifyService.java @@ -0,0 +1,63 @@ +package com.peoplehere.api.common.service; + +import static com.peoplehere.api.common.util.MessageUtils.*; + +import org.springframework.mail.SimpleMailMessage; +import org.springframework.mail.javamail.JavaMailSender; +import org.springframework.stereotype.Service; + +import com.peoplehere.api.common.data.request.MailVerifyRequestDto; +import com.peoplehere.api.common.data.response.MailVerificationResponseDto; +import com.peoplehere.shared.common.webhook.AlertWebhook; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Service +@RequiredArgsConstructor +public class VerifyService { + private final JavaMailSender sender; + private final RedisTaskService redisTaskService; + private final AlertWebhook alertWebhook; + + /** + * 이메일 인증 코드 생성 및 전송 + * @param email 이메일 + * @return 인증 코드 만료 시간 + */ + public MailVerificationResponseDto sendEmailVerificationCode(String email) { + try { + long start = System.currentTimeMillis(); + // 1. 이메일 인증 코드 생성 및 전송 + SimpleMailMessage message = new SimpleMailMessage(); + message.setTo(email); + message.setSubject("[PEOPLE-HERE] 이메일 인증을 위한 인증 코드 발송"); + message.setText(generateRandomEmailVerifyCode()); + sender.send(message); + + // 2. redis에 인증 코드 만료시간 포함해서 저장 후 만료시간 반환 + MailVerificationResponseDto dto = redisTaskService.setEmailVerifyCode(email, message.getText()); + + // 3. 이메일 인증 코드 전송 성공 알림 + alertWebhook.alertInfo("이메일 인증 코드 전송 성공", + "이메일: [%s], 소요시간: [%d]ms".formatted(email, System.currentTimeMillis() - start)); + return dto; + } catch (Exception e) { + String errorMessage = "이메일 인증 코드 전송 실패 - email: [%s]".formatted(email); + log.error(errorMessage, e); + alertWebhook.alertError(errorMessage, e.getMessage()); + throw new RuntimeException(errorMessage); + } + } + + /** + * 이메일 인증 코드 검증 + * @param requestDto 이메일 인증 코드 검증 요청 정보 + * @return 인증 성공 여부 + */ + public boolean checkEmailVerifyCode(MailVerifyRequestDto requestDto) { + return redisTaskService.checkEmailVerifyCode(requestDto.email(), requestDto.code()); + } + +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/util/MessageUtils.java b/module-api/src/main/java/com/peoplehere/api/common/util/MessageUtils.java new file mode 100644 index 0000000..543c474 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/util/MessageUtils.java @@ -0,0 +1,19 @@ +package com.peoplehere.api.common.util; + +import java.security.SecureRandom; + +import lombok.experimental.UtilityClass; + +@UtilityClass +public class MessageUtils { + private static final SecureRandom random = new SecureRandom(); + + /** + * 메일 인증 번호를 위한 6자리 랜덤 숫자 생성 + * @return + */ + public static String generateRandomEmailVerifyCode() { + int sixDigitNumber = 100_000 + random.nextInt(900_000); + return String.valueOf(sixDigitNumber); + } +} diff --git a/module-api/src/main/java/com/peoplehere/api/common/util/RequestUtils.java b/module-api/src/main/java/com/peoplehere/api/common/util/RequestUtils.java new file mode 100644 index 0000000..234d0d2 --- /dev/null +++ b/module-api/src/main/java/com/peoplehere/api/common/util/RequestUtils.java @@ -0,0 +1,18 @@ +package com.peoplehere.api.common.util; + +import jakarta.servlet.http.HttpServletRequest; +import lombok.experimental.UtilityClass; + +@UtilityClass +public class RequestUtils { + + /** + * @param request + * @return ip 종류 여러개 셋팅되어 올 수 있음 + */ + public static String getIp(HttpServletRequest request) { + return request.getHeader("X-Forwarded-For") != null ? request.getHeader("X-Forwarded-For") : + request.getRemoteAddr(); + } + +} diff --git a/module-api/src/main/resources/application-api-dev.yml b/module-api/src/main/resources/application-api-dev.yml new file mode 100644 index 0000000..0be80a6 --- /dev/null +++ b/module-api/src/main/resources/application-api-dev.yml @@ -0,0 +1,25 @@ +spring.config.activate.on-profile: dev + +spring: + mail: + host: + port: + username: + password: + properties: + mail: + smtp: + auth: + timeout: # read timeout + starttls: + enable: + +token: + access-key: + refresh-key: + access-time: + refresh-time: + +verify: + email-timeout: + phone-timeout: diff --git a/module-api/src/main/resources/application-api-prod.yml b/module-api/src/main/resources/application-api-prod.yml new file mode 100644 index 0000000..40bb3e5 --- /dev/null +++ b/module-api/src/main/resources/application-api-prod.yml @@ -0,0 +1,25 @@ +spring.config.activate.on-profile: prod + +spring: + mail: + host: + port: + username: + password: + properties: + mail: + smtp: + auth: + timeout: # read timeout + starttls: + enable: + +token: + access-key: + refresh-key: + access-time: + refresh-time: + +verify: + email-timeout: + phone-timeout: diff --git a/module-api/src/main/resources/application-api-stg.yml b/module-api/src/main/resources/application-api-stg.yml new file mode 100644 index 0000000..62090ca --- /dev/null +++ b/module-api/src/main/resources/application-api-stg.yml @@ -0,0 +1,25 @@ +spring.config.activate.on-profile: stg + +spring: + mail: + host: + port: + username: + password: + properties: + mail: + smtp: + auth: + timeout: # read timeout + starttls: + enable: + +token: + access-key: + refresh-key: + access-time: + refresh-time: + +verify: + email-timeout: + phone-timeout: diff --git a/module-api/src/main/resources/application-api-test.yml b/module-api/src/main/resources/application-api-test.yml new file mode 100644 index 0000000..41e2191 --- /dev/null +++ b/module-api/src/main/resources/application-api-test.yml @@ -0,0 +1 @@ +spring.config.activate.on-profile: test diff --git a/module-api/src/main/resources/application.yml b/module-api/src/main/resources/application.yml new file mode 100644 index 0000000..cb66c62 --- /dev/null +++ b/module-api/src/main/resources/application.yml @@ -0,0 +1,74 @@ +spring: + profiles: + group: + local: [ "api-local", "shared-local" ] + dev: [ "api-dev", "shared-dev" ] + test: [ "api-test", "shared-test" ] + stg: [ "api-stg", "shared-stg" ] + prod: [ "api-prod", "shared-prod" ] + default: local + + application: + name: api + servlet: + multipart: + file-size-threshold: 2KB # 파일이 디스크에 기록되기 시작하는 임계값 + max-file-size: 10MB # 파일 하나당 최대 사이즈 + max-request-size: 50MB # 요청당 최대 사이즈 + + pid: + file: api.pid + + lifecycle: + timeout-per-shutdown-phase: 35s + + mail: + host: + port: + username: + password: + properties: + mail: + smtp: + auth: + timeout: + starttls: + enable: + +server: + compression: + enabled: true + shutdown: graceful + port: ${API_SERVER_PORT:8080} +app: + version: ${APP_VERSION:} + ip: + public: localhost + local: localhost +management: + endpoint: + health: + show-details: always + endpoints: + web: + exposure: + include: health, info, prometheus, loggers + metrics: + tags: + application: api + app_version: ${app.version} + stage: local + health: + diskspace: + path: / + +whitelist: + metrics: ${API_WHITELIST_METRICS} + private: ${API_WHITELIST_PRIVATE:0:0:0:0:0:0:0:1, localhost, 127.0.0.1} + private-instance: 10.0 + +token: + access-key: + refresh-key: + access-time: + refresh-time: diff --git a/module-api/src/main/resources/github.yml b/module-api/src/main/resources/github.yml new file mode 100644 index 0000000..215760f --- /dev/null +++ b/module-api/src/main/resources/github.yml @@ -0,0 +1,27 @@ +spring: + mail: + host: ${github_mail_host} + port: ${github_mail_port} + username: ${github_mail_username} + password: ${github_mail_password} + properties: + mail: + smtp: + auth: ${github_mail_auth} + timeout: ${github_mail_timeout} # read timeout + starttls: + enable: ${github_mail_starttls} + +whitelist: + metrics: ${API_WHITELIST_METRICS} + private: ${API_WHITELIST_PRIVATE} + +token: + access-key: ${github_access_key} + refresh-key: ${github_refresh_key} + access-time: ${github_access_time} + refresh-time: ${github_refresh_time} + +verify: + email-timeout: ${github_verify_email_timeout} + phone-timeout: ${github_verify_phone_timeout} diff --git a/module-shared/.gitignore b/module-shared/.gitignore new file mode 100644 index 0000000..c2065bc --- /dev/null +++ b/module-shared/.gitignore @@ -0,0 +1,37 @@ +HELP.md +.gradle +build/ +!gradle/wrapper/gradle-wrapper.jar +!**/src/main/**/build/ +!**/src/test/**/build/ + +### STS ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache +bin/ +!**/src/main/**/bin/ +!**/src/test/**/bin/ + +### IntelliJ IDEA ### +.idea +*.iws +*.iml +*.ipr +out/ +!**/src/main/**/out/ +!**/src/test/**/out/ + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ + +### VS Code ### +.vscode/ diff --git a/module-shared/build.gradle b/module-shared/build.gradle new file mode 100644 index 0000000..e69de29 diff --git a/module-shared/src/main/java/com/peoplehere/shared/SharedApplication.java b/module-shared/src/main/java/com/peoplehere/shared/SharedApplication.java new file mode 100644 index 0000000..0caab82 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/SharedApplication.java @@ -0,0 +1,13 @@ +package com.peoplehere.shared; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class SharedApplication { + + // 1. 초기화 + public static void main(String[] args) { + SpringApplication.run(SharedApplication.class, args); + } +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/config/ObjectMapperConfig.java b/module-shared/src/main/java/com/peoplehere/shared/common/config/ObjectMapperConfig.java new file mode 100644 index 0000000..cb603fb --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/config/ObjectMapperConfig.java @@ -0,0 +1,21 @@ +package com.peoplehere.shared.common.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; + +import lombok.AllArgsConstructor; + +@Configuration +@AllArgsConstructor +public class ObjectMapperConfig { + + @Bean + public ObjectMapper objectMapper() { + ObjectMapper objectMapper = new ObjectMapper(); + objectMapper.registerModule(new JavaTimeModule()); + return objectMapper; + } +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/config/PersistenceConfig.java b/module-shared/src/main/java/com/peoplehere/shared/common/config/PersistenceConfig.java new file mode 100644 index 0000000..5946040 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/config/PersistenceConfig.java @@ -0,0 +1,23 @@ +package com.peoplehere.shared.common.config; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Configuration; +import org.springframework.data.jpa.repository.config.EnableJpaAuditing; + +import jakarta.annotation.PostConstruct; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Configuration +@EnableJpaAuditing +public class PersistenceConfig { + + @Value("${spring.datasource.hikari.schema:}") + private String schema; + + @PostConstruct + public void print() { + log.info("활성화된 DB 스키마: {}", schema); + } + +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/config/SharedWebConfig.java b/module-shared/src/main/java/com/peoplehere/shared/common/config/SharedWebConfig.java new file mode 100644 index 0000000..db1769e --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/config/SharedWebConfig.java @@ -0,0 +1,76 @@ +package com.peoplehere.shared.common.config; + +import static org.springframework.http.HttpHeaders.*; +import static org.springframework.http.MediaType.*; + +import javax.sql.DataSource; + +import org.springframework.boot.autoconfigure.flyway.FlywayMigrationStrategy; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.boot.jdbc.DataSourceBuilder; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.http.client.SimpleClientHttpRequestFactory; +import org.springframework.web.client.RestClient; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +import com.zaxxer.hikari.HikariDataSource; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Configuration +@RequiredArgsConstructor +public class SharedWebConfig implements WebMvcConfigurer { + + /** + * hikariCp 설정을 위한 Config + * @return + */ + @Bean(name = "datasource") + @Profile("!test") + @ConfigurationProperties("spring.datasource.hikari") + public DataSource dataSourceProperties() { + return DataSourceBuilder.create() + .type(HikariDataSource.class) + .build(); + } + + @Profile("!test") + @Bean + public FlywayMigrationStrategy cleanMigrateStrategy() { + return flyway -> { + flyway.repair(); + flyway.migrate(); + }; + } + + @Profile("test") + @Bean + public FlywayMigrationStrategy cleanMigrateStrategyForTest() { + return flyway -> { + flyway.clean(); + flyway.repair(); + flyway.migrate(); + }; + } + + /** + * 기본적인 RestClient timeout 설정 + * 추가적인 설정 필요시 해당 클래스에서 설정 + * @return + */ + @Bean + RestClient restClient() { + SimpleClientHttpRequestFactory factory = new SimpleClientHttpRequestFactory(); + factory.setConnectTimeout(10_000); + factory.setReadTimeout(10_000); + return RestClient.builder() + .defaultHeader(CONTENT_TYPE, APPLICATION_JSON_VALUE) + .requestFactory(factory) + .build(); + } + +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisConfig.java b/module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisConfig.java new file mode 100644 index 0000000..3d42bee --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisConfig.java @@ -0,0 +1,68 @@ +package com.peoplehere.shared.common.config.redis; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.data.redis.connection.RedisConnectionFactory; +import org.springframework.data.redis.connection.RedisStandaloneConfiguration; +import org.springframework.data.redis.connection.lettuce.LettuceClientConfiguration; +import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; +import org.springframework.data.redis.core.RedisTemplate; +import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer; +import org.springframework.data.redis.serializer.StringRedisSerializer; + +import com.fasterxml.jackson.databind.ObjectMapper; + +import jakarta.annotation.PostConstruct; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Configuration +@RequiredArgsConstructor +public class RedisConfig { + + private final ObjectMapper objectMapper; + + private final RedisProperties redisProperties; + + @PostConstruct + public void log() { + log.info("레디스 호스트: {}", redisProperties.getHost()); + log.info("레디스 포트: {}", redisProperties.getPort()); + log.info("SSL 사용 여부: {}", redisProperties.isSslEnabled()); + log.info("레디스 데이터베이스: {}", redisProperties.getDatabase()); + } + + @Bean + public RedisConnectionFactory redisConnectionFactory() { + var redisStandaloneConfiguration = new RedisStandaloneConfiguration(redisProperties.getHost(), + redisProperties.getPort()); + + if (redisProperties.getDatabase() > 0) { + redisStandaloneConfiguration.setDatabase(redisProperties.getDatabase()); + } + + var lettuceClientConfigurationBuilder = LettuceClientConfiguration.builder(); + if (redisProperties.isSslEnabled()) { + lettuceClientConfigurationBuilder.useSsl(); + } + LettuceClientConfiguration lettuceClientConfiguration = lettuceClientConfigurationBuilder.build(); + + return new LettuceConnectionFactory(redisStandaloneConfiguration, lettuceClientConfiguration); + } + + @Bean + public RedisTemplate redisTemplate(RedisConnectionFactory connectionFactory) { + var redisTemplate = new RedisTemplate<>(); + redisTemplate.setConnectionFactory(connectionFactory); + + redisTemplate.setKeySerializer(new StringRedisSerializer()); + redisTemplate.setValueSerializer(new GenericJackson2JsonRedisSerializer(objectMapper)); + + redisTemplate.setHashKeySerializer(new StringRedisSerializer()); + redisTemplate.setHashValueSerializer(new GenericJackson2JsonRedisSerializer(objectMapper)); + + return redisTemplate; + } + +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisKeyProperties.java b/module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisKeyProperties.java new file mode 100644 index 0000000..2c3f9e5 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisKeyProperties.java @@ -0,0 +1,15 @@ +package com.peoplehere.shared.common.config.redis; + +import lombok.experimental.UtilityClass; + +@UtilityClass +public class RedisKeyProperties { + + public static String generateRefreshTokenKey(String prefix, String identifier) { + return "%s:spring:refresh:token:%s".formatted(prefix, identifier); + } + + public static String generateEmailVerifyCodeKey(String prefix, String email) { + return "%s:spring:email:verify:code:%s".formatted(prefix, email); + } +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisProperties.java b/module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisProperties.java new file mode 100644 index 0000000..28d9a78 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/config/redis/RedisProperties.java @@ -0,0 +1,19 @@ +package com.peoplehere.shared.common.config.redis; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +import lombok.Data; + +@Data +@Component +@ConfigurationProperties(prefix = "spring.data.redis") +public class RedisProperties { + protected String host; + + protected int port; + + protected boolean sslEnabled; + + protected int database; +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/data/request/AlarmConsentRequestDto.java b/module-shared/src/main/java/com/peoplehere/shared/common/data/request/AlarmConsentRequestDto.java new file mode 100644 index 0000000..5e095f1 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/data/request/AlarmConsentRequestDto.java @@ -0,0 +1,11 @@ +package com.peoplehere.shared.common.data.request; + +import jakarta.validation.constraints.NotNull; +import lombok.Data; + +@Data +public class AlarmConsentRequestDto { + + @NotNull + private boolean consent; +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/data/request/PasswordRequestDto.java b/module-shared/src/main/java/com/peoplehere/shared/common/data/request/PasswordRequestDto.java new file mode 100644 index 0000000..b394623 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/data/request/PasswordRequestDto.java @@ -0,0 +1,21 @@ +package com.peoplehere.shared.common.data.request; + +import static com.peoplehere.shared.common.util.PatternUtils.*; + +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.Pattern; +import lombok.Data; + +// todo: 정규표현식 중복 제거 +@Data +public class PasswordRequestDto { + + @NotBlank + private String email; + + @NotBlank + @Pattern( + regexp = PASSWORD_REGEX, + message = "패스워드 형식을 지켜주세요.") + private String newPassword; +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/data/request/SignInRequestDto.java b/module-shared/src/main/java/com/peoplehere/shared/common/data/request/SignInRequestDto.java new file mode 100644 index 0000000..b1c1a1a --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/data/request/SignInRequestDto.java @@ -0,0 +1,13 @@ +package com.peoplehere.shared.common.data.request; + +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +@Data +public class SignInRequestDto { + + @NotBlank + private String email; + @NotBlank + private String password; +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/data/request/SignUpRequestDto.java b/module-shared/src/main/java/com/peoplehere/shared/common/data/request/SignUpRequestDto.java new file mode 100644 index 0000000..d063344 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/data/request/SignUpRequestDto.java @@ -0,0 +1,73 @@ +package com.peoplehere.shared.common.data.request; + +import static com.peoplehere.shared.common.util.PatternUtils.*; + +import java.time.LocalDate; + +import com.fasterxml.jackson.annotation.JsonFormat; +import com.peoplehere.shared.common.entity.Account; +import com.peoplehere.shared.common.entity.Consent; +import com.peoplehere.shared.common.enums.AccountRole; +import com.peoplehere.shared.common.enums.Gender; +import com.peoplehere.shared.common.enums.Region; + +import jakarta.validation.constraints.Email; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.Pattern; +import lombok.Data; + +@Data +public class SignUpRequestDto { + + @NotBlank + private String firstName; + + @NotBlank + private String lastName; + + @JsonFormat(pattern = "yyyyMMdd") + private LocalDate birthDate; + + private Gender gender; + + @NotBlank + @Email(message = "이메일 형식을 지켜주세요.") + private String email; + + @Pattern( + regexp = PASSWORD_REGEX, + message = "패스워드 형식을 지켜주세요.") + private String password; + + private Region region; + + private String phoneNumber; + + private boolean marketingConsent; + + private boolean privacyConsent; + + public static Account toClientAccount(SignUpRequestDto requestDto, String encodedPassword) { + return Account.builder() + .firstName(requestDto.getFirstName()) + .lastName(requestDto.getLastName()) + .userId(requestDto.getEmail()) + .email(requestDto.getEmail()) + .password(encodedPassword) + .phoneNumber(requestDto.getPhoneNumber()) + .region(requestDto.getRegion()) + .birthDate(requestDto.getBirthDate()) + .gender(requestDto.getGender()) + .role(AccountRole.USER) + .active(true) + .build(); + } + + public static Consent toConsent(SignUpRequestDto requestDto, Account account) { + return Consent.builder() + .accountId(account.getId()) + .privacyConsent(requestDto.isPrivacyConsent()) + .marketingConsent(requestDto.isMarketingConsent()) + .build(); + } +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/data/request/TokenRequestDto.java b/module-shared/src/main/java/com/peoplehere/shared/common/data/request/TokenRequestDto.java new file mode 100644 index 0000000..17db346 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/data/request/TokenRequestDto.java @@ -0,0 +1,9 @@ +package com.peoplehere.shared.common.data.request; + +import lombok.Data; + +@Data +public class TokenRequestDto { + private String accessToken; + private String refreshToken; +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/data/response/AccountResponseDto.java b/module-shared/src/main/java/com/peoplehere/shared/common/data/response/AccountResponseDto.java new file mode 100644 index 0000000..8ac6e7b --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/data/response/AccountResponseDto.java @@ -0,0 +1,7 @@ +package com.peoplehere.shared.common.data.response; + +import lombok.Builder; + +@Builder +public record AccountResponseDto(String accessToken, String refreshToken) { +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/data/response/ErrorResponseDto.java b/module-shared/src/main/java/com/peoplehere/shared/common/data/response/ErrorResponseDto.java new file mode 100644 index 0000000..39ad6cf --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/data/response/ErrorResponseDto.java @@ -0,0 +1,60 @@ +package com.peoplehere.shared.common.data.response; + +import static java.util.stream.Collectors.*; + +import java.util.List; + +import org.springframework.validation.Errors; +import org.springframework.validation.FieldError; + +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +public class ErrorResponseDto { + + private String description; + @JsonInclude(JsonInclude.Include.NON_NULL) + @JsonProperty("bindErrors") + private List bindErrors; + + public ErrorResponseDto(String description) { + this.description = description; + } + + public ErrorResponseDto(String description, Errors errors) { + this(description); + setCustomFieldErrors(errors.getFieldErrors()); + } + + public ErrorResponseDto(Exception exception) { + this.description = exception.getMessage(); + } + + private void setCustomFieldErrors(List fieldErrors) { + this.bindErrors = fieldErrors.stream().map(error -> BindErrorResponseDto.builder() + .field(error.getField()) + .input(error.getRejectedValue()) + .message(error.getDefaultMessage()) + .build()) + .collect(toList()); + } + + /** + * 컨트롤러에서 요청 데이터 처리 중 발생한 바인딩 예외의 핸들링을 위한 DTO + */ + @Data + @Builder + @NoArgsConstructor + @AllArgsConstructor + private static class BindErrorResponseDto { + String field; + Object input; + String message; + } +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/data/response/RegionResponseDto.java b/module-shared/src/main/java/com/peoplehere/shared/common/data/response/RegionResponseDto.java new file mode 100644 index 0000000..969ede9 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/data/response/RegionResponseDto.java @@ -0,0 +1,7 @@ +package com.peoplehere.shared.common.data.response; + +import lombok.Builder; + +@Builder +public record RegionResponseDto(String countryCode, String englishName, String koreanName, int dialCode) { +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/entity/Account.java b/module-shared/src/main/java/com/peoplehere/shared/common/entity/Account.java new file mode 100644 index 0000000..d5ec5e1 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/entity/Account.java @@ -0,0 +1,169 @@ +package com.peoplehere.shared.common.entity; + +import java.io.Serial; +import java.time.LocalDate; +import java.time.LocalDateTime; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; + +import org.hibernate.annotations.Comment; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; + +import com.peoplehere.shared.common.enums.AccountAuthority; +import com.peoplehere.shared.common.enums.AccountRole; +import com.peoplehere.shared.common.enums.Gender; +import com.peoplehere.shared.common.enums.Region; + +import io.hypersistence.utils.hibernate.id.Tsid; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.EnumType; +import jakarta.persistence.Enumerated; +import jakarta.persistence.Id; +import jakarta.persistence.Table; +import jakarta.persistence.Transient; +import jakarta.validation.constraints.NotNull; +import lombok.AccessLevel; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.ToString; + +@Getter +@ToString +@Table(name = "account") +@Entity +@Builder +@NoArgsConstructor(access = AccessLevel.PROTECTED) +@AllArgsConstructor +public class Account extends BaseTimeEntity implements UserDetails { + + @Serial + @Transient + private static final long serialVersionUID = 1L; + + @Id + @Tsid + private Long id; + + @Column(name = "first_name") + @Comment("성") + private String firstName; + + @Column(name = "last_name") + @Comment("이름") + private String lastName; + + @NotNull + @Comment("유저 아이디") + @Column(name = "user_id", nullable = false, unique = true) + private String userId; + + @Column + @Comment("비밀번호") + private String password; + + @NotNull + @Column(nullable = false, unique = true) + @Comment("이메일") + private String email; + + @Column(name = "phone_number") + @Comment("전화번호") + private String phoneNumber; + + @Column + @Comment("국가정보") + @Enumerated(EnumType.STRING) + private Region region; + + @Column(name = "birth_date") + @Comment("생년월일") + private LocalDate birthDate; + + @Column + @Enumerated(EnumType.STRING) + @Comment("성별") + private Gender gender; + + @Column + @Enumerated(EnumType.STRING) + @Comment("유저 권한") + AccountRole role; + + @Column + @Comment("유저 활성화 여부") + private boolean active; + + @Column(name = "deleted_at") + LocalDateTime deletedAt; + + @Override + public Collection getAuthorities() { + if (this.role == null) { + return Collections.emptyList(); + } + + List authorityList = new ArrayList<>(); + + authorityList.add(new SimpleGrantedAuthority(this.role.getValue())); + + Arrays.stream(AccountAuthority.values()) + .filter(accountAuthority -> this.role.hasAuthority(accountAuthority)) + .map(accountAuthority -> new SimpleGrantedAuthority(accountAuthority.getValue())) + .forEach(authorityList::add); + + return authorityList; + } + + @Override + public String getUsername() { + return userId; + } + + /** + * 계정이 만료되지 않았는지 리턴 + * @return + */ + @Override + public boolean isAccountNonExpired() { + return this.active; + } + + /** + * 계정이 잠겨있지 않은지 리턴 + * @return + */ + @Override + public boolean isAccountNonLocked() { + return this.active; + } + + /** + * 비밀번호가 만료되지 않았는지 리턴 + * @return + */ + @Override + public boolean isCredentialsNonExpired() { + return this.active; + } + + /** + * 계정이 활성화(사용가능)인지 리턴 + * @return + */ + @Override + public boolean isEnabled() { + return this.active; + } + + public void updatePassword(String encodedPassword) { + this.password = encodedPassword; + } +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/entity/BaseTimeEntity.java b/module-shared/src/main/java/com/peoplehere/shared/common/entity/BaseTimeEntity.java new file mode 100644 index 0000000..3425064 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/entity/BaseTimeEntity.java @@ -0,0 +1,26 @@ +package com.peoplehere.shared.common.entity; + +import java.time.LocalDateTime; + +import org.springframework.data.annotation.CreatedDate; +import org.springframework.data.annotation.LastModifiedDate; +import org.springframework.data.jpa.domain.support.AuditingEntityListener; + +import jakarta.persistence.Column; +import jakarta.persistence.EntityListeners; +import jakarta.persistence.MappedSuperclass; +import lombok.Getter; + +@Getter +@MappedSuperclass +@EntityListeners(AuditingEntityListener.class) +public abstract class BaseTimeEntity { + + @CreatedDate + @Column(updatable = false, name = "created_at") + private LocalDateTime createdAt; + + @LastModifiedDate + @Column(name = "updated_at") + private LocalDateTime updatedAt; +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/entity/Consent.java b/module-shared/src/main/java/com/peoplehere/shared/common/entity/Consent.java new file mode 100644 index 0000000..d12a938 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/entity/Consent.java @@ -0,0 +1,46 @@ +package com.peoplehere.shared.common.entity; + +import org.hibernate.annotations.Comment; + +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.Table; +import jakarta.validation.constraints.NotNull; +import lombok.AccessLevel; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@Table(name = "consent") +@Entity +@Builder +@NoArgsConstructor(access = AccessLevel.PROTECTED) +@AllArgsConstructor +public class Consent extends BaseTimeEntity { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private long id; + + @NotNull + @Column(name = "account_id", nullable = false) + private long accountId; + + @Comment("개인정보 이용 동의") + @Column(name = "privacy_consent") + private Boolean privacyConsent; + + @Comment("마케팅 정보 수신 동의") + @Column(name = "marketing_consent") + private Boolean marketingConsent; + + @Comment("알람 수신 동의") + @Column(name = "alarm_consent") + private Boolean alarmConsent; + +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/entity/Language.java b/module-shared/src/main/java/com/peoplehere/shared/common/entity/Language.java new file mode 100644 index 0000000..3672822 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/entity/Language.java @@ -0,0 +1,33 @@ +package com.peoplehere.shared.common.entity; + +import org.hibernate.annotations.Comment; + +import jakarta.persistence.Entity; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.Table; +import lombok.AccessLevel; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.ToString; + +@Getter +@ToString +@Table(name = "language") +@Entity +@Builder +@NoArgsConstructor(access = AccessLevel.PROTECTED) +@AllArgsConstructor +public class Language { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private int id; + + @Comment("언어명") + private String name; + +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/entity/UserLanguage.java b/module-shared/src/main/java/com/peoplehere/shared/common/entity/UserLanguage.java new file mode 100644 index 0000000..ccc6b1b --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/entity/UserLanguage.java @@ -0,0 +1,37 @@ +package com.peoplehere.shared.common.entity; + +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.GeneratedValue; +import jakarta.persistence.GenerationType; +import jakarta.persistence.Id; +import jakarta.persistence.Table; +import jakarta.validation.constraints.NotNull; +import lombok.AccessLevel; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.ToString; + +@Getter +@ToString +@Table(name = "user_language") +@Entity +@Builder +@NoArgsConstructor(access = AccessLevel.PROTECTED) +@AllArgsConstructor +public class UserLanguage extends BaseTimeEntity { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private long id; + + @NotNull + @Column(name = "language_id", nullable = false) + private int languageId; + + @NotNull + @Column(name = "account_id", nullable = false) + private long accountId; +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/enums/AccountAuthority.java b/module-shared/src/main/java/com/peoplehere/shared/common/enums/AccountAuthority.java new file mode 100644 index 0000000..2c9e7b1 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/enums/AccountAuthority.java @@ -0,0 +1,27 @@ +package com.peoplehere.shared.common.enums; + +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; + +import lombok.AllArgsConstructor; +import lombok.Getter; + +/** + * 유저가 가질 수 있는 권한을 정의한 Enum 클래스 + */ +@Getter +@AllArgsConstructor +public enum AccountAuthority { + + CHANGE_ROLE, + ACTIVE_USER, + READ_TOUR_POST, + CREATE_TOUR; + + public String getValue() { + return this.name(); + } + + private final GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(this.name()); + +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/enums/AccountRole.java b/module-shared/src/main/java/com/peoplehere/shared/common/enums/AccountRole.java new file mode 100644 index 0000000..2d9ae4a --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/enums/AccountRole.java @@ -0,0 +1,50 @@ +package com.peoplehere.shared.common.enums; + +import java.util.Arrays; +import java.util.List; + +import lombok.AllArgsConstructor; +import lombok.Getter; + +/** + * 유저의 역할을 정의한 Enum 클래스 + */ +@Getter +@AllArgsConstructor +public enum AccountRole { + + ADMIN("ROLE_ADMIN", Arrays.asList( + AccountAuthority.CHANGE_ROLE, + AccountAuthority.ACTIVE_USER, + AccountAuthority.READ_TOUR_POST, + AccountAuthority.CREATE_TOUR + )), + + USER("ROLE_USER", Arrays.asList( + AccountAuthority.READ_TOUR_POST, + AccountAuthority.CREATE_TOUR + )); + + private final String value; + private final List authorities; + + private static final AccountRole[] VALUES = values(); + + public boolean hasAuthority(AccountAuthority authority) { + return authorities.contains(authority); + } + + public boolean match(String value) { + return this.value.equals(value); + } + + public static AccountRole toAccountRole(String roleName) { + for (var role : VALUES) { + if (role.value.equals(roleName)) { + return role; + } + } + throw new IllegalArgumentException("유효하지 않은 ROLE 이름: " + roleName); + } + +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/enums/Gender.java b/module-shared/src/main/java/com/peoplehere/shared/common/enums/Gender.java new file mode 100644 index 0000000..32efae7 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/enums/Gender.java @@ -0,0 +1,22 @@ +package com.peoplehere.shared.common.enums; + +import com.fasterxml.jackson.annotation.JsonValue; + +import lombok.AllArgsConstructor; +import lombok.Getter; + +@Getter +@AllArgsConstructor +public enum Gender { + + MALE, + FEMALE, + OTHER; + + public static final Gender[] VALUES = values(); + + @JsonValue + public String getGender() { + return this.name(); + } +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/enums/Region.java b/module-shared/src/main/java/com/peoplehere/shared/common/enums/Region.java new file mode 100644 index 0000000..d740e8b --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/enums/Region.java @@ -0,0 +1,80 @@ +package com.peoplehere.shared.common.enums; + +import static java.util.stream.Collectors.*; + +import java.util.List; +import java.util.stream.Stream; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonValue; +import com.peoplehere.shared.common.data.response.RegionResponseDto; + +import lombok.Getter; + +@Getter +public enum Region { + // 북미 + CA("Canada", "캐나다", 1), + US("United States of America", "미국", 1), + + // 유럽 + AT("Republic of Austria", "오스트리아", 43), + BE("Kingdom of Belgium", "벨기에", 32), + CZ("Czech Republic", "체코", 420), + DK("Kingdom of Denmark", "덴마크", 45), + FI("Republic of Finland", "핀란드", 358), + FR("French Republic", "프랑스", 33), + DE("Federal Republic of Germany", "독일", 49), + IE("Republic of Ireland", "아일랜드", 353), + IT("Italian Republic", "이탈리아", 39), + NL("Kingdom of the Netherlands", "네덜란드", 31), + NO("Kingdom of Norway", "노르웨이", 47), + PL("Republic of Poland", "폴란드", 48), + PT("Portuguese Republic", "포르투갈", 351), + SK("Slovak Republic", "슬로바키아", 421), + ES("Kingdom of Spain", "스페인", 34), + SE("Kingdom of Sweden", "스웨덴", 46), + CH("Swiss Confederation", "스위스", 41), + GB("United Kingdom of Great Britain and Northern Ireland", "영국", 44), + + // 아시아 태평양 + AU("Commonwealth of Australia", "호주", 61), + JP("Japan", "일본", 81), + KR("Republic of Korea", "대한민국", 82), + RU("Russian Federation", "러시아", 7), + TW("Taiwan", "대만", 886); + + private final String englishName; + private final String koreanName; + private final int dialCode; + + public static final Region[] VALUES = values(); + public static final List REGION_INFO_LIST = Stream.of(VALUES) + .map(region -> RegionResponseDto.builder() + .englishName(region.getEnglishName()) + .koreanName(region.getKoreanName()) + .dialCode(region.getDialCode()) + .build()) + .collect(toList()); + + Region(String englishName, String koreanName, int dialCode) { + this.englishName = englishName; + this.koreanName = koreanName; + this.dialCode = dialCode; + } + + @JsonCreator + public static Region findByCode(String code) { + for (Region region : VALUES) { + if (region.name().equalsIgnoreCase(code)) { + return region; + } + } + throw new IllegalArgumentException("Invalid country code: " + code); + } + + @JsonValue + public String getCountryCode() { + return name(); + } +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/repository/AccountRepository.java b/module-shared/src/main/java/com/peoplehere/shared/common/repository/AccountRepository.java new file mode 100644 index 0000000..b5e7ffa --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/repository/AccountRepository.java @@ -0,0 +1,18 @@ +package com.peoplehere.shared.common.repository; + +import java.util.Optional; + +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; + +import com.peoplehere.shared.common.entity.Account; + +@Repository +public interface AccountRepository extends JpaRepository { + Optional findByEmail(String email); + + Optional findByUserId(String userId); + + Boolean existsByEmail(String email); + +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/repository/ConsentRepository.java b/module-shared/src/main/java/com/peoplehere/shared/common/repository/ConsentRepository.java new file mode 100644 index 0000000..1b18a95 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/repository/ConsentRepository.java @@ -0,0 +1,14 @@ +package com.peoplehere.shared.common.repository; + +import java.util.Optional; + +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; + +import com.peoplehere.shared.common.entity.Consent; + +@Repository +public interface ConsentRepository extends JpaRepository { + + Optional findByAccountId(Long accountId); +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/util/PatternUtils.java b/module-shared/src/main/java/com/peoplehere/shared/common/util/PatternUtils.java new file mode 100644 index 0000000..55b0fab --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/util/PatternUtils.java @@ -0,0 +1,14 @@ +package com.peoplehere.shared.common.util; + +import java.util.regex.Pattern; + +import lombok.experimental.UtilityClass; + +@UtilityClass +public class PatternUtils { + + public static final String PASSWORD_REGEX = "^(?=.*[a-z])(?=.*[\\d!@#~^*&%]).{8,}$"; + public static final Pattern EMAIL_PATTERN = Pattern.compile( + "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,6}$" + ); +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/webhook/AlertWebhook.java b/module-shared/src/main/java/com/peoplehere/shared/common/webhook/AlertWebhook.java new file mode 100644 index 0000000..58df803 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/webhook/AlertWebhook.java @@ -0,0 +1,11 @@ +package com.peoplehere.shared.common.webhook; + +/** + * 서버 알림 전송 서비스 - 추후 다양한 모듈에서 사용 및 discord뿐 아니라 slack 등 다양한 서비스 사용 목적 + */ +public interface AlertWebhook { + + void alertInfo(String title, String infoMessage); + + void alertError(String title, String errorMessage); +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/webhook/DiscordMessage.java b/module-shared/src/main/java/com/peoplehere/shared/common/webhook/DiscordMessage.java new file mode 100644 index 0000000..39ac535 --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/webhook/DiscordMessage.java @@ -0,0 +1,117 @@ +package com.peoplehere.shared.common.webhook; + +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonProperty; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +/** + * Discord Webhook Message + * @see 요청-응답 명세 + */ +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class DiscordMessage { + private String content; + private String username; + @JsonProperty("avatar_url") + private String avatarUrl; + private boolean tts; + @JsonProperty("embeds") + @Builder.Default + private List embedList = new ArrayList<>(); + + public void addEmbed(EmbedObject embed) { + this.embedList.add(embed); + } + + @Data + public static class EmbedObject { + private String title; + private String description; + private String url; + private Integer color; + + private Footer footer; + private Thumbnail thumbnail; + private Image image; + private Author author; + private List fields = new ArrayList<>(); + + public void addField(String name, String value, boolean inline) { + this.fields.add(new Field(name, value, inline)); + } + + @Data + @Builder + @NoArgsConstructor + @AllArgsConstructor + private static class Footer { + private String text; + private String iconUrl; + } + + @Data + @Builder + private static class Thumbnail { + private String url; + } + + @Data + @Builder + private static class Image { + private String url; + } + + @Data + @Builder + @NoArgsConstructor + @AllArgsConstructor + private static class Author { + private String name; + private String url; + @JsonProperty("icon_url") + private String iconUrl; + } + + @Data + @Builder + @NoArgsConstructor + @AllArgsConstructor + public static class Field { + private String name; + private String value; + private boolean inline; + } + } + + static DiscordMessage toMessage(String title, String description, Integer color) { + var message = new DiscordMessage(); + var embedObject = new DiscordMessage.EmbedObject(); + embedObject.setTitle(title); + embedObject.setDescription(description); + embedObject.setColor(color); + message.addEmbed(embedObject); + return message; + } + + static DiscordMessage toMessage(String title, String description, Integer color, List fields) { + var message = new DiscordMessage(); + var embedObject = new DiscordMessage.EmbedObject(); + embedObject.setTitle(title); + embedObject.setDescription(description); + embedObject.setColor(color); + for (var field : fields) { + embedObject.addField(field.name, field.value, field.inline); + } + message.addEmbed(embedObject); + return message; + } +} diff --git a/module-shared/src/main/java/com/peoplehere/shared/common/webhook/DiscordWebhook.java b/module-shared/src/main/java/com/peoplehere/shared/common/webhook/DiscordWebhook.java new file mode 100644 index 0000000..e0684ae --- /dev/null +++ b/module-shared/src/main/java/com/peoplehere/shared/common/webhook/DiscordWebhook.java @@ -0,0 +1,124 @@ +package com.peoplehere.shared.common.webhook; + +import static com.peoplehere.shared.common.webhook.DiscordMessage.*; +import static org.springframework.http.HttpStatus.*; +import static org.springframework.http.MediaType.*; + +import java.lang.management.ManagementFactory; +import java.util.Collections; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.context.event.ApplicationStartedEvent; +import org.springframework.context.event.EventListener; +import org.springframework.stereotype.Component; +import org.springframework.util.StringUtils; +import org.springframework.web.client.RestClient; + +import jakarta.annotation.PostConstruct; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +/** + * 디스코드 웹훅의 rate-limit은 초당 5회로 제한됨. + * @see Rate Limits on Discord's API + */ +@Slf4j +@Component +@RequiredArgsConstructor +public class DiscordWebhook implements AlertWebhook { + + @Value("${webhook.discord.channel.alert:#{null}}") + String alertChannel; + @Value("${webhook.discord.channel.status:#{null}}") + String serverStatusChannel; + @Value("${webhook.discord.active:false}") + boolean webhookActive; + + @Value("${spring.application.name:#{null}}") + String appName; + @Value("${app.ip.public:#{null}}") + String publicIp; + @Value("${app.ip.local:#{null}}") + String localIp; + + private final RestClient restClient; + private static boolean isInit = false; + private static final int COLOR_GREEN = 65280; + private static final int COLOR_RED = 16711680; + + @PostConstruct + void init() { + log.info("discord webhook 초기화됨. 기본 알림채널 {}", alertChannel); + log.info("discord webhook 초기화됨. 서버상태 알림채널 {}", serverStatusChannel); + } + + /** + * spring application 시작시 시간 및 ip 기록 + * @param event + */ + @EventListener(ApplicationStartedEvent.class) + public void onStart(final ApplicationStartedEvent event) { + isInit = StringUtils.hasText(alertChannel) && StringUtils.hasText(serverStatusChannel); + + if (isInit) { + String title = "[%s] 모니터링 슬랙채널 활성화".formatted(appName); + String description = "public: %s | local: %s".formatted(publicIp, localIp); + String fieldContent = "%s초".formatted(((double)ManagementFactory.getRuntimeMXBean().getUptime() / 1000)); + DiscordMessage message = toMessage(title, description, COLOR_GREEN, + Collections.singletonList(new EmbedObject.Field("spring start", fieldContent, true))); + sendMessage(serverStatusChannel, message); + } + } + + @Override + public void alertInfo(String title, String infoMessage) { + + String formattedTitle = ":white_check_mark: %s".formatted(title); + String description = "**[알림]**: %s\n**[%s]** **public**: %s | **local**: %s".formatted(infoMessage, appName, + publicIp, localIp); + DiscordMessage message = toMessage(formattedTitle, description, COLOR_GREEN); + sendMessage(alertChannel, message); + } + + @Override + public void alertError(String title, String errorMessage) { + + String formattedTitle = ":warning: %s".formatted(title); + String description = "**[예외]**: %s\n**[%s]** **public**: %s | **local**: %s".formatted(errorMessage, appName, + publicIp, localIp); + DiscordMessage message = toMessage(formattedTitle, description, COLOR_RED); + sendMessage(alertChannel, message); + + } + + /** + * 디스코드 웹훅 전송 + * Todo: 추후 에러 응답이 자주 발생할 경우 retry 로직 추가 및 read timeout 조정 우선은 30초 + * @param channel + * @param message + */ + private void sendMessage(String channel, DiscordMessage message) { + if (!isInit || !webhookActive) { + log.warn("디스코드 웹훅 초기화 안됨. 스킵"); + return; + } + + try { + restClient.post() + .uri(channel) + .contentType(APPLICATION_JSON) + .body(message) + .exchange((request, response) -> { + if (response.getStatusCode().isSameCodeAs(NO_CONTENT)) { + log.info("디스코드 웹훅 전송 완료"); + } + if (response.getStatusCode().isError()) { + log.error("디스코드 웹훅 전송 실패 - code: {}. 우선은 skip", response.getStatusCode()); + } + return response; + }); + } catch (Exception e) { + log.error("디스코드 웹훅 전송 실패 우선은 skip", e); + } + } +} diff --git a/module-shared/src/main/resources/application-shared-dev.yml b/module-shared/src/main/resources/application-shared-dev.yml new file mode 100644 index 0000000..9c29fa1 --- /dev/null +++ b/module-shared/src/main/resources/application-shared-dev.yml @@ -0,0 +1,43 @@ +spring: + datasource: + hikari: + jdbcUrl: ${JDBC_URL:jdbc:postgresql://localhost:5432/postgres} + maximum-pool-size: 10 + username: + password: + driver-class-name: org.postgresql.Driver + schema: + + jpa: + show-sql: false + hibernate: + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + ddl-auto: validate + generate-ddl: false + properties: + hibernate: + format_sql: true + dialect: org.hibernate.dialect.PostgreSQLDialect + + flyway: + locations: classpath:/db/migration + sql-migration-suffixes: sql + baseline-on-migrate: true + baseline-version: 0 + default-schema: public + enabled: true + + data: + redis: + host: localhost + port: 6379 + database: 0 + ssl-enabled: false + +webhook: + discord: + active: true + channel: + alert: + status: diff --git a/module-shared/src/main/resources/application-shared-prod.yml b/module-shared/src/main/resources/application-shared-prod.yml new file mode 100644 index 0000000..9c29fa1 --- /dev/null +++ b/module-shared/src/main/resources/application-shared-prod.yml @@ -0,0 +1,43 @@ +spring: + datasource: + hikari: + jdbcUrl: ${JDBC_URL:jdbc:postgresql://localhost:5432/postgres} + maximum-pool-size: 10 + username: + password: + driver-class-name: org.postgresql.Driver + schema: + + jpa: + show-sql: false + hibernate: + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + ddl-auto: validate + generate-ddl: false + properties: + hibernate: + format_sql: true + dialect: org.hibernate.dialect.PostgreSQLDialect + + flyway: + locations: classpath:/db/migration + sql-migration-suffixes: sql + baseline-on-migrate: true + baseline-version: 0 + default-schema: public + enabled: true + + data: + redis: + host: localhost + port: 6379 + database: 0 + ssl-enabled: false + +webhook: + discord: + active: true + channel: + alert: + status: diff --git a/module-shared/src/main/resources/application-shared-sample.yml b/module-shared/src/main/resources/application-shared-sample.yml new file mode 100644 index 0000000..a4e90b3 --- /dev/null +++ b/module-shared/src/main/resources/application-shared-sample.yml @@ -0,0 +1,37 @@ +spring: + datasource: + hikari: + jdbcUrl: jdbc:postgresql://localhost:5432/postgres + maximum-pool-size: 10 + username: + password: + driver-class-name: org.postgresql.Driver + schema: public + + jpa: + show-sql: false + hibernate: + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + ddl-auto: validate + generate-ddl: false + properties: + hibernate: + format_sql: true + dialect: org.hibernate.dialect.PostgreSQLDialect + + flyway: + locations: classpath:/db/migration + sql-migration-suffixes: sql + baseline-on-migrate: true + baseline-version: 0 + default-schema: public + enabled: true + + data: + redis: + host: localhost + port: 6379 + database: 0 + ssl: + enabled: false diff --git a/module-shared/src/main/resources/application-shared-stg.yml b/module-shared/src/main/resources/application-shared-stg.yml new file mode 100644 index 0000000..9c29fa1 --- /dev/null +++ b/module-shared/src/main/resources/application-shared-stg.yml @@ -0,0 +1,43 @@ +spring: + datasource: + hikari: + jdbcUrl: ${JDBC_URL:jdbc:postgresql://localhost:5432/postgres} + maximum-pool-size: 10 + username: + password: + driver-class-name: org.postgresql.Driver + schema: + + jpa: + show-sql: false + hibernate: + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + ddl-auto: validate + generate-ddl: false + properties: + hibernate: + format_sql: true + dialect: org.hibernate.dialect.PostgreSQLDialect + + flyway: + locations: classpath:/db/migration + sql-migration-suffixes: sql + baseline-on-migrate: true + baseline-version: 0 + default-schema: public + enabled: true + + data: + redis: + host: localhost + port: 6379 + database: 0 + ssl-enabled: false + +webhook: + discord: + active: true + channel: + alert: + status: diff --git a/module-shared/src/main/resources/application-shared-test.yml b/module-shared/src/main/resources/application-shared-test.yml new file mode 100644 index 0000000..432aaf8 --- /dev/null +++ b/module-shared/src/main/resources/application-shared-test.yml @@ -0,0 +1,24 @@ +spring: + config: + activate: + on-profile: test + flyway: + enabled: false + clean-disabled: false + datasource: + hikari: + jdbc-url: + username: sa + password: + # driver-class-name: org.postgresql.Driver + driver-class-name: org.testcontainers.jdbc.ContainerDatabaseDriver + jpa: + # show-sql: true + properties: + hibernate: + # show-sql: true + # format_sql: true + dialect: org.hibernate.dialect.PostgreSQLDialect + # dialect: org.hibernate.dialect.PostgreSQL95Dialect + hibernate: + ddl-auto: create-drop diff --git a/module-shared/src/main/resources/db/migration/V1.1__init.sql b/module-shared/src/main/resources/db/migration/V1.1__init.sql new file mode 100644 index 0000000..be0ac1e --- /dev/null +++ b/module-shared/src/main/resources/db/migration/V1.1__init.sql @@ -0,0 +1,48 @@ +-- 유저 테이블 생성 +CREATE TABLE account +( + id BIGINT PRIMARY KEY, + first_name VARCHAR, + last_name VARCHAR, + user_id VARCHAR UNIQUE NOT NULL, -- 유저 아이디 + email VARCHAR UNIQUE NOT NULL, -- 이메일 + phone_number VARCHAR, + password VARCHAR, + region VARCHAR, + birth_date DATE, + gender VARCHAR, + role VARCHAR, + active BOOLEAN, + created_at TIMESTAMP NOT NULL default NOW(), + updated_at TIMESTAMP NOT NULL default NOW(), -- 수정일 + deleted_at TIMESTAMP NULL +); + +-- 약관 테이블 생성 +CREATE TABLE consent +( + id BIGINT NOT NULL GENERATED ALWAYS AS IDENTITY, + account_id BIGINT NOT NULL, + privacy_consent BOOLEAN NULL, + marketing_consent BOOLEAN NULL, + alarm_consent BOOLEAN NULL, + created_at TIMESTAMP NOT NULL default NOW(), + updated_at TIMESTAMP NOT NULL default NOW() -- 수정일 +); + +-- 언어 테이블 생성 +CREATE TABLE language +( + id INT NOT NULL GENERATED ALWAYS AS IDENTITY, + name VARCHAR +); + +-- 유저-언어 릴레이션 생성 +CREATE TABLE user_language +( + id BIGINT NOT NULL GENERATED ALWAYS AS IDENTITY, + language_id INT NOT NULL, + account_id BIGINT NOT NULL, + created_at TIMESTAMP NOT NULL default NOW(), + updated_at TIMESTAMP NOT NULL default NOW() -- 수정일 +); diff --git a/module-shared/src/main/resources/github.yml b/module-shared/src/main/resources/github.yml new file mode 100644 index 0000000..de6b3d5 --- /dev/null +++ b/module-shared/src/main/resources/github.yml @@ -0,0 +1,19 @@ +spring: + datasource: + hikari: + jdbcUrl: ${github_datasource_jdbc_url} + username: ${github_datasource_username} + password: ${github_datasource_password} + maximum-pool-size: ${github_datasource_maximum_pool_size} + schema: ${github_datasource_schema} + data: + redis: + host: ${github_redis_host} + ssl-enabled: ${github_redis_ssl} + +webhook: + discord: + active: ${github_webhook_discord_active} + channel: + alert: ${github_webhook_discord_channel_alert} + status: ${github_webhook_discord_channel_status} diff --git a/module-shared/src/test/java/com/peoplehere/shared/common/TestConfig.java b/module-shared/src/test/java/com/peoplehere/shared/common/TestConfig.java new file mode 100644 index 0000000..e62b578 --- /dev/null +++ b/module-shared/src/test/java/com/peoplehere/shared/common/TestConfig.java @@ -0,0 +1,26 @@ +package com.peoplehere.shared.common; + +import javax.sql.DataSource; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.test.context.TestConfiguration; +import org.springframework.context.annotation.Bean; +import org.springframework.jdbc.datasource.DriverManagerDataSource; + +/** + * 테스트 설정중 전역설정으로 포함될 값들을 정의 + */ +@TestConfiguration +public class TestConfig { + @Bean + public DataSource dataSource(@Value("${spring.datasource.hikari.jdbcUrl}") String url, + @Value("${spring.datasource.hikari.username}") String username, + @Value("${spring.datasource.hikari.password}") String password) { + + DriverManagerDataSource dataSource = new DriverManagerDataSource(); + dataSource.setUrl(url); + dataSource.setUsername(username); + dataSource.setPassword(password); + return dataSource; + } +} diff --git a/module-shared/src/test/java/com/peoplehere/shared/common/TestContainerBaseTests.java b/module-shared/src/test/java/com/peoplehere/shared/common/TestContainerBaseTests.java new file mode 100644 index 0000000..26eb6f3 --- /dev/null +++ b/module-shared/src/test/java/com/peoplehere/shared/common/TestContainerBaseTests.java @@ -0,0 +1,23 @@ +package com.peoplehere.shared.common; + +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.Import; +import org.testcontainers.containers.PostgreSQLContainer; +import org.testcontainers.containers.wait.strategy.Wait; +import org.testcontainers.junit.jupiter.Testcontainers; + +@Import({TestConfig.class}) +@EnableConfigurationProperties +@Testcontainers +public class TestContainerBaseTests { + + static final PostgreSQLContainer postgres; + + static { + postgres = new PostgreSQLContainer<>("postgres:15-alpine") + .withExposedPorts(5432) + .waitingFor(Wait.forLogMessage(".*ready to accept connections.*\\n", 1)); + postgres.start(); + } + +} diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 0000000..ab9f5b5 --- /dev/null +++ b/settings.gradle @@ -0,0 +1,3 @@ +rootProject.name = 'peoplehere' +include 'module-api' +include 'module-shared'