[Feat/#85] @authuser 사용하여 API 인증 처리

src/main/java/com/friends/easybud/auth/controller/AuthController.java

@@ -3,6 +3,7 @@
 import com.friends.easybud.auth.dto.IdTokenRequest;
 import com.friends.easybud.auth.dto.RefreshTokenRequest;
 import com.friends.easybud.auth.service.AuthService;
+import com.friends.easybud.global.annotation.AuthUser;
 import com.friends.easybud.global.response.ResponseDto;
 import com.friends.easybud.jwt.JwtDto;
 import com.friends.easybud.jwt.JwtProvider;
@@ -50,7 +51,7 @@ public ResponseDto<Boolean> logout(@RequestBody RefreshTokenRequest request) {
 
     @Operation(summary = "회원 탈퇴", description = "회원 탈퇴를 진행합니다.")
     @PostMapping("/withdrawal")
-    public ResponseDto<Boolean> withdrawal(@RequestBody Member member) {
+    public ResponseDto<Boolean> withdrawal(@AuthUser Member member) {
         return ResponseDto.onSuccess(memberCommandService.withdrawal(member));
     }
 

src/main/java/com/friends/easybud/card/controller/CardController.java

@@ -7,7 +7,9 @@
 import com.friends.easybud.card.dto.CardResponse.CardListDto;
 import com.friends.easybud.card.service.CardCommandService;
 import com.friends.easybud.card.service.CardQueryService;
+import com.friends.easybud.global.annotation.AuthUser;
 import com.friends.easybud.global.response.ResponseDto;
+import com.friends.easybud.member.domain.Member;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.RequiredArgsConstructor;
@@ -31,32 +33,33 @@ public class CardController {
 
     @Operation(summary = "카드 생성", description = "새로운 카드를 생성합니다.")
     @PostMapping
-    public ResponseDto<Long> createCard(@RequestBody CardCreateDto request) {
-        return ResponseDto.onSuccess(cardCommandService.createCard(request));
+    public ResponseDto<Long> createCard(@AuthUser Member member, @RequestBody CardCreateDto request) {
+        return ResponseDto.onSuccess(cardCommandService.createCard(member, request));
     }
 
     @Operation(summary = "카드 삭제", description = "기존의 카드를 삭제합니다.")
     @DeleteMapping("/{cardId}")
-    public ResponseDto<Boolean> deleteCard(@PathVariable Long cardId) {
-        return ResponseDto.onSuccess(cardCommandService.deleteCard(cardId));
+    public ResponseDto<Boolean> deleteCard(@AuthUser Member member, @PathVariable Long cardId) {
+        return ResponseDto.onSuccess(cardCommandService.deleteCard(member, cardId));
     }
 
     @Operation(summary = "카드 수정", description = "기존의 카드를 수정합니다.")
     @PutMapping("/{cardId}")
-    public ResponseDto<Long> updateCard(@PathVariable Long cardId, @RequestBody CardUpdateDto request) {
-        return ResponseDto.onSuccess(cardCommandService.updateCard(cardId, request));
+    public ResponseDto<Long> updateCard(@AuthUser Member member, @PathVariable Long cardId,
+                                        @RequestBody CardUpdateDto request) {
+        return ResponseDto.onSuccess(cardCommandService.updateCard(member, cardId, request));
     }
 
     @Operation(summary = "카드 조회", description = "특정 카드를 조회합니다.")
     @GetMapping("/{cardId}")
-    public ResponseDto<CardDto> getCard(@PathVariable Long cardId) {
-        return ResponseDto.onSuccess(CardConverter.toCardDto(cardQueryService.getCard(cardId)));
+    public ResponseDto<CardDto> getCard(@AuthUser Member member, @PathVariable Long cardId) {
+        return ResponseDto.onSuccess(CardConverter.toCardDto(cardQueryService.getCard(member, cardId)));
     }
 
     @Operation(summary = "카드 목록 조회", description = "특정 회원의 카드 목록을 조회합니다.")
     @GetMapping
-    public ResponseDto<CardListDto> getCards() {
-        return ResponseDto.onSuccess(CardConverter.toCardListDto(cardQueryService.getCards()));
+    public ResponseDto<CardListDto> getCards(@AuthUser Member member) {
+        return ResponseDto.onSuccess(CardConverter.toCardListDto(cardQueryService.getCards(member)));
     }
 
 }

src/main/java/com/friends/easybud/card/service/CardCommandService.java

@@ -2,13 +2,14 @@
 
 import com.friends.easybud.card.dto.CardRequest.CardCreateDto;
 import com.friends.easybud.card.dto.CardRequest.CardUpdateDto;
+import com.friends.easybud.member.domain.Member;
 
 public interface CardCommandService {
 
-    Long createCard(CardCreateDto request);
+    Long createCard(Member member, CardCreateDto request);
 
-    Long updateCard(Long cardId, CardUpdateDto request);
+    Long updateCard(Member member, Long cardId, CardUpdateDto request);
 
-    Boolean deleteCard(Long cardId);
+    Boolean deleteCard(Member member, Long cardId);
 
 }

src/main/java/com/friends/easybud/card/service/CardCommandServiceImpl.java

@@ -8,7 +8,6 @@
 import com.friends.easybud.global.exception.GeneralException;
 import com.friends.easybud.global.response.code.ErrorStatus;
 import com.friends.easybud.member.domain.Member;
-import com.friends.easybud.member.repository.MemberRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -18,13 +17,10 @@
 @Service
 public class CardCommandServiceImpl implements CardCommandService {
 
-    private final MemberRepository memberRepository;    // TODO MemberQueryService 주입
     private final CardRepository cardRepository;
 
     @Override
-    public Long createCard(CardCreateDto request) {
-        Member member = memberRepository.findById(1L).get();    // TODO 로그인 된 사용자 정보 조회
-
+    public Long createCard(Member member, CardCreateDto request) {
         Card card = buildCard(request, member);
         cardRepository.save(card);
 
@@ -42,22 +38,33 @@ private Card buildCard(CardRequest.CardCreateDto request, Member member) {
     }
 
     @Override
-    public Long updateCard(Long cardId, CardUpdateDto request) {
+    public Long updateCard(Member member, Long cardId, CardUpdateDto request) {
         Card card = cardRepository.findById(cardId)
                 .orElseThrow(() -> new GeneralException(ErrorStatus.CARD_NOT_FOUND));
 
+        checkCardOwnership(member, card);
+
         card.update(request);
 
         return card.getId();
     }
 
     @Override
-    public Boolean deleteCard(Long cardId) {
+    public Boolean deleteCard(Member member, Long cardId) {
         Card card = cardRepository.findById(cardId)
                 .orElseThrow(() -> new GeneralException(ErrorStatus.CARD_NOT_FOUND));
+
+        checkCardOwnership(member, card);
+
         // TODO 연관된 Account 처리
         cardRepository.delete(card);
         return Boolean.TRUE;
     }
 
+    private void checkCardOwnership(Member member, Card card) {
+        if (!card.getMember().equals(member)) {
+            throw new GeneralException(ErrorStatus.UNAUTHORIZED_CARD_ACCESS);
+        }
+    }
+
 }

src/main/java/com/friends/easybud/card/service/CardQueryService.java

@@ -1,12 +1,13 @@
 package com.friends.easybud.card.service;
 
 import com.friends.easybud.card.domain.Card;
+import com.friends.easybud.member.domain.Member;
 import java.util.List;
 
 public interface CardQueryService {
 
-    Card getCard(Long cardId);
+    Card getCard(Member member, Long cardId);
 
-    List<Card> getCards();
+    List<Card> getCards(Member member);
 
 }

src/main/java/com/friends/easybud/card/service/CardQueryServiceImpl.java

@@ -5,7 +5,6 @@
 import com.friends.easybud.global.exception.GeneralException;
 import com.friends.easybud.global.response.code.ErrorStatus;
 import com.friends.easybud.member.domain.Member;
-import com.friends.easybud.member.repository.MemberRepository;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
@@ -16,18 +15,16 @@
 @Service
 public class CardQueryServiceImpl implements CardQueryService {
 
-    private final MemberRepository memberRepository;    // TODO MemberQueryService 주입
     private final CardRepository cardRepository;
 
     @Override
-    public Card getCard(Long cardId) {
+    public Card getCard(Member member, Long cardId) {
         return cardRepository.findById(cardId)
                 .orElseThrow(() -> new GeneralException(ErrorStatus.CARD_NOT_FOUND));
     }
 
     @Override
-    public List<Card> getCards() {
-        Member member = memberRepository.findById(1L).get();    // TODO 로그인 된 사용자 정보 조회
+    public List<Card> getCards(Member member) {
         return member.getCards();
     }
 

src/main/java/com/friends/easybud/category/controller/CategoryController.java

@@ -6,7 +6,9 @@
 import com.friends.easybud.category.dto.CategoryRequest.TertiaryCategoryCreateDto;
 import com.friends.easybud.category.service.CategoryCommandService;
 import com.friends.easybud.category.service.CategoryQueryService;
+import com.friends.easybud.global.annotation.AuthUser;
 import com.friends.easybud.global.response.ResponseDto;
+import com.friends.easybud.member.domain.Member;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
@@ -30,22 +32,23 @@ public class CategoryController {
 
     @Operation(summary = "계정 소분류 생성", description = "새로운 소분류를 생성합니다.")
     @PostMapping("/tertiary")
-    public ResponseDto<Long> createTertiaryCategory(@RequestBody TertiaryCategoryCreateDto request) {
-        return ResponseDto.onSuccess(categoryCommandService.createTertiaryCategory(request));
+    public ResponseDto<Long> createTertiaryCategory(@AuthUser Member member,
+                                                    @RequestBody TertiaryCategoryCreateDto request) {
+        return ResponseDto.onSuccess(categoryCommandService.createTertiaryCategory(member, request));
     }
 
     @Operation(summary = "계정 소분류 삭제", description = "기존의 소분류를 삭제합니다.")
     @Parameter(name = "tertiaryCategoryId", description = "삭제할 소분류의 ID")
     @DeleteMapping("/tertiary/{tertiaryCategoryId}")
-    public ResponseDto<Boolean> deleteTertiaryCategory(@PathVariable Long tertiaryCategoryId) {
-        return ResponseDto.onSuccess(categoryCommandService.deleteTertiaryCategory(tertiaryCategoryId));
+    public ResponseDto<Boolean> deleteTertiaryCategory(@AuthUser Member member, @PathVariable Long tertiaryCategoryId) {
+        return ResponseDto.onSuccess(categoryCommandService.deleteTertiaryCategory(member, tertiaryCategoryId));
     }
 
     @Operation(summary = "계정 카테고리 목록 조회", description = "로그인 된 회원의 계정 카테고리 목록을 조회합니다.")
     @GetMapping
-    public ResponseDto<AccountCategoryListDto> getAccountCategories() {
+    public ResponseDto<AccountCategoryListDto> getAccountCategories(@AuthUser Member member) {
         return ResponseDto.onSuccess(
-                CategoryConverter.toAccountCategoryListDto(categoryQueryService.getTertiaryCategories(1L)));
+                CategoryConverter.toAccountCategoryListDto(categoryQueryService.getTertiaryCategories(member)));
     }
 
 }

src/main/java/com/friends/easybud/category/service/CategoryCommandService.java

@@ -2,10 +2,12 @@
 
 import static com.friends.easybud.category.dto.CategoryRequest.TertiaryCategoryCreateDto;
 
+import com.friends.easybud.member.domain.Member;
+
 public interface CategoryCommandService {
 
-    Long createTertiaryCategory(TertiaryCategoryCreateDto request);
+    Long createTertiaryCategory(Member member, TertiaryCategoryCreateDto request);
 
-    Boolean deleteTertiaryCategory(Long accountCategoryId);
+    Boolean deleteTertiaryCategory(Member member, Long accountCategoryId);
 
 }

src/main/java/com/friends/easybud/category/service/CategoryCommandServiceImpl.java

@@ -10,7 +10,6 @@
 import com.friends.easybud.global.exception.GeneralException;
 import com.friends.easybud.global.response.code.ErrorStatus;
 import com.friends.easybud.member.domain.Member;
-import com.friends.easybud.member.repository.MemberRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -23,11 +22,9 @@ public class CategoryCommandServiceImpl implements CategoryCommandService {
     private final SecondaryCategoryRepository secondaryCategoryRepository;
     private final TertiaryCategoryRepository tertiaryCategoryRepository;
     private final TertiaryCategoryCustomRepository tertiaryCategoryCustomRepository;
-    private final MemberRepository memberRepository;    // TODO MemberQueryService 주입
 
     @Override
-    public Long createTertiaryCategory(TertiaryCategoryCreateDto request) {
-        Member member = memberRepository.findById(1L).get();    // TODO 로그인 된 사용자 정보 조회
+    public Long createTertiaryCategory(Member member, TertiaryCategoryCreateDto request) {
         SecondaryCategory secondaryCategory = secondaryCategoryRepository.findByContent(request.getSecondaryCategory())
                 .orElseThrow(() -> new GeneralException(ErrorStatus.SECONDARY_CATEGORY_NOT_FOUND));
 
@@ -61,10 +58,12 @@ private TertiaryCategory buildTertiaryCategory(TertiaryCategoryCreateDto request
     }
 
     @Override
-    public Boolean deleteTertiaryCategory(Long tertiaryCategoryId) {
+    public Boolean deleteTertiaryCategory(Member member, Long tertiaryCategoryId) {
         TertiaryCategory tertiaryCategory = tertiaryCategoryRepository.findById(tertiaryCategoryId)
                 .orElseThrow(() -> new GeneralException(ErrorStatus.TERTIARY_CATEGORY_NOT_FOUND));
 
+        checkTertiaryCategoryOwnership(member, tertiaryCategory);
+
         if (tertiaryCategory.getIsDefault().equals(Boolean.TRUE)) {
             throw new GeneralException(ErrorStatus.CANNOT_DELETE_DEFAULT_CATEGORY);
         }
@@ -73,4 +72,10 @@ public Boolean deleteTertiaryCategory(Long tertiaryCategoryId) {
         return Boolean.TRUE;
     }
 
+    private void checkTertiaryCategoryOwnership(Member member, TertiaryCategory tertiaryCategory) {
+        if (!tertiaryCategory.getMember().equals(member)) {
+            throw new GeneralException(ErrorStatus.UNAUTHORIZED_TERTIARY_CATEGORY_ACCESS);
+        }
+    }
+
 }

src/main/java/com/friends/easybud/category/service/CategoryQueryService.java

@@ -1,10 +1,11 @@
 package com.friends.easybud.category.service;
 
 import com.friends.easybud.category.domain.TertiaryCategory;
+import com.friends.easybud.member.domain.Member;
 import java.util.List;
 
 public interface CategoryQueryService {
 
-    List<TertiaryCategory> getTertiaryCategories(Long memberId);
+    List<TertiaryCategory> getTertiaryCategories(Member member);
 
 }

src/main/java/com/friends/easybud/category/service/CategoryQueryServiceImpl.java

@@ -2,6 +2,7 @@
 
 import com.friends.easybud.category.domain.TertiaryCategory;
 import com.friends.easybud.category.repository.TertiaryCategoryRepository;
+import com.friends.easybud.member.domain.Member;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
@@ -15,8 +16,8 @@ public class CategoryQueryServiceImpl implements CategoryQueryService {
     private final TertiaryCategoryRepository tertiaryCategoryRepository;
 
     @Override
-    public List<TertiaryCategory> getTertiaryCategories(Long memberId) {
-        return tertiaryCategoryRepository.findByMemberIdOrIsDefaultTrue(memberId);
+    public List<TertiaryCategory> getTertiaryCategories(Member member) {
+        return tertiaryCategoryRepository.findByMemberIdOrIsDefaultTrue(member.getId());
     }
 
 }