Merge pull request #56 from moonwonki/url_바꿔서_접근_주문_버그

Url 바꿔서 접근 주문 버그
kookmin-sw · May 13, 2024 · fd5f31d · fd5f31d
2 parents 5f8c306 + e5c4aa6
commit fd5f31d
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 7 deletions.
diff --git a/src/main/java/com/example/WebOrder/controller/GuestController.java b/src/main/java/com/example/WebOrder/controller/GuestController.java
@@ -1,6 +1,7 @@
 package com.example.WebOrder.controller;
 
 import com.example.WebOrder.service.OrderPasswordService;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@@ -34,9 +35,10 @@ public String getCheckEntranceCode(@PathVariable Long userId, @PathVariable Long
 
     // 인증번호 비교 페이지
     @PostMapping("/guest/{userId}/{seatId}/checkEntrance")
-    public String checkEntranceCode(@PathVariable Long userId, @PathVariable Long seatId, String entranceCode){
+    public String checkEntranceCode(HttpServletResponse response, @PathVariable Long userId, @PathVariable Long seatId, String entranceCode){
         log.info("인증번호 입력 : " + entranceCode);
          if (orderPasswordService.authenticateByEntranceCode(userId, entranceCode)){
+             response.addCookie(orderPasswordService.getCookieAfterEntranceCode(userId));
              return "redirect:/order/" + userId + "/" + seatId;
          }
          else

diff --git a/src/main/java/com/example/WebOrder/controller/OrderController.java b/src/main/java/com/example/WebOrder/controller/OrderController.java
@@ -17,21 +17,23 @@ public class OrderController {
     private final OrderService orderService;
     private final CategoryService categoryService;
     private final ReviewService reviewService;
+    private final OrderPasswordService orderPasswordService;
     private final ProfileService profileService;
-
-    public OrderController(ItemService itemService, OrderService orderService, CategoryService categoryService, ReviewService reviewService, ProfileService profileService) {
+    public OrderController(ItemService itemService, OrderService orderService, CategoryService categoryService, ReviewService reviewService, OrderPasswordService orderPasswordService, OrderPasswordService orderPasswordService1, ProfileService profileService) {
         this.itemService = itemService;
         this.orderService = orderService;
         this.categoryService = categoryService;
         this.reviewService = reviewService;
+        this.orderPasswordService = orderPasswordService1;
         this.profileService = profileService;
     }
 
 
     // 인증을 성공했을 시 접근가능한 page
     @GetMapping("/order/{userId}/{seatId}")
-    public String getShopPageByGuest(@PathVariable Long userId, @PathVariable Long seatId, Model model){
-        // 인증 과정 했다 치고
+    public String getShopPageByGuest(HttpServletRequest request, @PathVariable Long userId, @PathVariable Long seatId, Model model){
+        // 인증 과정
+        if (!orderPasswordService.isAuthenticatedByRequest(userId,request)) throw new RuntimeException("인증 안됨");
         model.addAttribute("categories", categoryService.getAllCategory(userId));
         model.addAttribute("items",itemService.getAllItemsOfUser(userId));
         model.addAttribute("profile", profileService.getUserProfileById(userId));
@@ -42,8 +44,8 @@ public String getShopPageByGuest(@PathVariable Long userId, @PathVariable Long s
     @ResponseBody
     @PostMapping("/order/{userId}/{seatId}")
     public Boolean order(@PathVariable Long userId, @PathVariable Long seatId, @RequestBody String json, HttpServletRequest request, HttpServletResponse response) throws JsonProcessingException {
+        if (!orderPasswordService.isAuthenticatedByRequest(userId,request)) throw new RuntimeException("인증 안됨");
         Long orderId = orderService.order(seatId, json);
-        log.info("주문 성공");
         response.addCookie(reviewService.getCookieOfOrderInfo(request, orderId));
         return true;
     }

diff --git a/src/main/java/com/example/WebOrder/service/OrderPasswordService.java b/src/main/java/com/example/WebOrder/service/OrderPasswordService.java
@@ -7,13 +7,16 @@
 import com.google.zxing.client.j2se.MatrixToImageWriter;
 import com.google.zxing.common.BitMatrix;
 import com.google.zxing.qrcode.QRCodeWriter;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Value;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.messaging.simp.SimpMessagingTemplate;
 import org.springframework.stereotype.Service;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.Base64;
 import java.util.Optional;
 import java.util.Random;
@@ -96,5 +99,37 @@ public Boolean authenticateByEntranceCode(Long userId, String entranceCode){
         if (!result) updateEntranceCode(user.getId());
         return result;
     }
+
+    // url만 바꿔서 다른 user의 주문 페이지에 접근하는 것을 막기 위한 메소드 2개
+    // 쿠키 발급
+    public Cookie getCookieAfterEntranceCode(Long userId){
+        Optional<User> optionalUser = userRepository.findById(userId);
+        if (optionalUser.isEmpty()) throw new RuntimeException("엔티티없음");
+        User user = optionalUser.get();
+
+        Cookie cookie = new Cookie("entrancetoken", user.getEntranceCode());
+        cookie.setPath("/");
+        cookie.setMaxAge(300); //5분 지속.
+        return cookie;
+    }
+    // 쿠키 검사
+    // Cookie에 담긴 "entrancetoken"을 확인하여 현재 인증번호와 일치하면 true, 아니라면 false.
+    public Boolean isAuthenticatedByRequest(Long userId, HttpServletRequest request){
+        String entranceToken = null;
+        if (request.getCookies() == null) return false;
+        for (Cookie cookie : request.getCookies()){
+            if (cookie.getName().equals("entrancetoken"))
+                entranceToken = cookie.getValue();
+        }
+
+        if (entranceToken == null) return false;
+
+        Optional<User> optionalUser = userRepository.findById(userId);
+        if (optionalUser.isEmpty()) throw new RuntimeException("엔티티 없음");
+        User user = optionalUser.get();
+
+        if (!user.getEntranceCode().equals(entranceToken)) return false;
+        return true;
+    }
 }
 
diff --git a/src/main/java/com/example/WebOrder/service/ReviewService.java b/src/main/java/com/example/WebOrder/service/ReviewService.java
@@ -78,7 +78,6 @@ public Cookie getCookieOfOrderInfo(HttpServletRequest request, Long orderId){
         for (Cookie requestCookie : request.getCookies()){
             if (requestCookie.getName().equals("orderItemIds")){
                 cookie.setValue(requestCookie.getValue());
-                log.info("현재 가져온 쿠키 value : " + requestCookie.getName() + "/" +  requestCookie.getValue());
             }
         }