fix: permit Get posts, emojis without jwt token

snuhcs-course · Dec 3, 2023 · 89520a8 · 89520a8
1 parent 25fc0ca
commit 89520a8
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 11 deletions.
diff --git a/springboot/src/main/kotlin/com/goliath/emojihub/springboot/global/auth/JwtFilter.kt b/springboot/src/main/kotlin/com/goliath/emojihub/springboot/global/auth/JwtFilter.kt
@@ -10,7 +10,6 @@ import org.springframework.web.filter.OncePerRequestFilter
 
 class JwtFilter(private val jwtTokenProvider: JwtTokenProvider) : OncePerRequestFilter() {
 
-    private val EXCLUDE_URLS: List<String> = listOf("/api/user/signup", "/api/user/login")
 
     @Throws(IOException::class, ServletException::class)
     override fun doFilterInternal(
@@ -19,21 +18,15 @@ class JwtFilter(private val jwtTokenProvider: JwtTokenProvider) : OncePerRequest
         filterChain: FilterChain
     ) {
         try {
-            if (!shouldExclude(request)) {
-                val authToken: String = jwtTokenProvider.resolveToken(request)
-                if (jwtTokenProvider.validateToken(authToken)) {
-                    val authentication = jwtTokenProvider.getAuthentication(authToken)
-                    SecurityContextHolder.getContext().authentication = authentication
-                }
+            val authToken: String = jwtTokenProvider.resolveToken(request)
+            if (jwtTokenProvider.validateToken(authToken)) {
+                val authentication = jwtTokenProvider.getAuthentication(authToken)
+                SecurityContextHolder.getContext().authentication = authentication
             }
         } catch (e: Exception) {
             request.setAttribute("exception", e)
             throw e
         }
         filterChain.doFilter(request, response)
     }
-
-    private fun shouldExclude(request: HttpServletRequest): Boolean {
-        return EXCLUDE_URLS.stream().anyMatch { url -> request.requestURI.contains(url) }
-    }
 }
diff --git a/springboot/src/main/kotlin/com/goliath/emojihub/springboot/global/config/SecurityConfig.kt b/springboot/src/main/kotlin/com/goliath/emojihub/springboot/global/config/SecurityConfig.kt
@@ -22,11 +22,13 @@ class SecurityConfig(
     private val jwtTokenProvider: JwtTokenProvider,
 ) {
     private val POST_WHITELIST = arrayOf("/api/user/signup", "/api/user/login")
+    private val GET_WHITELIST = arrayOf("/api/emoji", "/api/post")
 
     @Bean
     fun ignoringCustomizer(): WebSecurityCustomizer {
         return WebSecurityCustomizer { web: WebSecurity ->
             web.ignoring().requestMatchers(HttpMethod.POST, *POST_WHITELIST)
+            web.ignoring().requestMatchers(HttpMethod.GET, *GET_WHITELIST)
         }
     }