diff --git a/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/menu/controller/MenuImageController.java b/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/menu/controller/MenuImageController.java index 5d6add61..9d096bc3 100644 --- a/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/menu/controller/MenuImageController.java +++ b/nowait-app-admin-api/src/main/java/com/nowait/applicationadmin/menu/controller/MenuImageController.java @@ -65,8 +65,8 @@ public ResponseEntity uploadMenuImage( description = "특정 메뉴 이미지 ID에 해당하는 이미지를 삭제합니다." ) @ApiResponse(responseCode = "200", description = "메뉴 이미지 삭제 성공") - public ResponseEntity deleteMenuImage(@PathVariable Long id) { - menuImageService.delete(id); + public ResponseEntity deleteMenuImage(@PathVariable Long menuImageId) { + menuImageService.delete(menuImageId); return ResponseEntity .status( HttpStatus.OK diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/CorsConfig.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/CorsConfig.java index b89e7b7c..cf844f46 100644 --- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/CorsConfig.java +++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/CorsConfig.java @@ -19,10 +19,9 @@ public CorsConfigurationSource corsConfigurationSource() { config.setAllowedMethods(List.of("GET", "POST", "PATCH", "PUT", "DELETE", "OPTIONS")); // 메서드 허용 config.setAllowedHeaders(List.of("*")); //클라이언트가 보낼 수 있는 헤더 config.setExposedHeaders(List.of("Authorization")); //클라이언트(브라우저)가 접근할 수 있는 헤더 지정 - config.setAllowCredentials(true); // 쿠키 포함 허용 UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/**", config); //** 뜻은 모든 URL 경로에 적용한다는 의미 + source.registerCorsConfiguration("/**", config); // 모든 URL 경로에 적용한다는 의미 return source; } } diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java index 97111041..909fac3c 100644 --- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java +++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/config/security/SecurityConfig.java @@ -12,6 +12,7 @@ import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.web.csrf.CookieCsrfTokenRepository; import org.springframework.web.cors.CorsConfigurationSource; import com.nowait.applicationuser.oauth.oauth2.CustomOAuth2UserService; @@ -37,7 +38,12 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http .cors(cors -> cors.configurationSource(corsConfigurationSource)) // CSRF 방어 기능 비활성화 (jwt 토큰을 사용할 것이기에 필요없음) - .csrf(AbstractHttpConfigurer::disable) + .csrf(csrf -> csrf + .ignoringRequestMatchers( + "/api/**", "/login/**", "/oauth2/**", + "/swagger-ui/**", "/v3/api-docs/**", "/orders/**") + .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) + ) // 시큐리티 폼 로그인 비활성화 .formLogin(AbstractHttpConfigurer::disable) // HTTP Basic 인증 비활성화 @@ -50,9 +56,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { userInfoEndpoint.userService(customOAuth2UserService) ).successHandler(oAuth2LoginSuccessHandler) ) - // 세션 사용하지 않음 .sessionManagement(session -> - session.sessionCreationPolicy(SessionCreationPolicy.STATELESS) + session.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) ) .authorizeHttpRequests(auth -> auth .requestMatchers( diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/controller/OrderController.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/controller/OrderController.java index 8741e075..c814a800 100644 --- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/controller/OrderController.java +++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/controller/OrderController.java @@ -20,6 +20,7 @@ import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpSession; import jakarta.validation.Valid; import lombok.RequiredArgsConstructor; @@ -55,8 +56,13 @@ public ResponseEntity createOrder( public ResponseEntity getOrderItems( @PathVariable Long storeId, @PathVariable Long tableId, - HttpSession session + HttpServletRequest request ) { + HttpSession session = request.getSession(false); + if (session == null) { + // 프론트가 먼저 부트스트랩 안 했거나, 쿠키가 안 붙은 케이스 + return ResponseEntity.status(HttpStatus.OK).body(ApiUtils.success(List.of())); + } String sessionId = session.getId(); List orderItems = orderService.getOrderItemsGroupByOrderId(storeId, tableId, sessionId); return ResponseEntity. diff --git a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/service/OrderService.java b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/service/OrderService.java index 254caac4..656f6846 100644 --- a/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/service/OrderService.java +++ b/nowait-app-user-api/src/main/java/com/nowait/applicationuser/order/service/OrderService.java @@ -116,11 +116,6 @@ public List getOrderItemsGroupByOrderId( } - - - - - private static void parameterValidation(Long storeId, Long tableId, OrderCreateRequestDto orderCreateRequestDto) { if (storeId == null || tableId == null || orderCreateRequestDto == null) { throw new OrderParameterEmptyException();