controller/

LedgerController.java

package com.example.pkscl.controller;

import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.example.pkscl.data.dto.ReceiptModel;
import com.example.pkscl.service.LedgerService;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Isolation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PatchMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import lombok.extern.slf4j.Slf4j;


@Slf4j
// 문제점 1.  majorNumber랑 API로 수정하고자하는 곳이 다르면 403을 띄워야함.. 근데 이많은걸 다 어떻게?
@RestController
public class LedgerController {

    private final LedgerService ledgerService;

    @Autowired
    public LedgerController(LedgerService ledgerService) {
        this.ledgerService = ledgerService;
    }

    @GetMapping(value = "/major-info")
    public Map<String, Object> getLedger(HttpServletRequest request, HttpServletResponse response) {
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String position = (String) request.getSession(false).getAttribute("position");
        String status = (String) request.getSession(false).getAttribute("status");

        if(!status.equals("approval")) {
            response.setStatus(403);
            return null;
        }

        return ledgerService.getLedgerData(majorNumber, position);
    }

    @GetMapping(value = "/major-info/admin")
    public Map<String, Object> getLedgerAdmin(@RequestParam(value = "major-number", required = true) String majorNumber, HttpServletRequest request, HttpServletResponse response) {
        String position = (String) request.getSession(false).getAttribute("position");

        return ledgerService.getLedgerData(majorNumber, position);
    }

    @GetMapping(value = "/temp-major-info")
    public Map<String, Object> getTempLedger(HttpServletRequest request, HttpServletResponse response){
        return ledgerService.getLedgerData("0", "president");
    }

    @Transactional(isolation = Isolation.SERIALIZABLE)
    @PostMapping(value = "/event")
    public void addLedger(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) {
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String position = (String) request.getSession(false).getAttribute("position");
        String status = (String) request.getSession(false).getAttribute("status");
        String quarter = (String) body.get("quarter");

        // 403 Forbidden
        if(!position.equals("president") || !status.equals("approval")) {
            response.setStatus(403);
            return;
        }

        ledgerService.addEvent(majorNumber, quarter);
    }

    @Transactional(isolation = Isolation.SERIALIZABLE)
    @DeleteMapping(value = "/event")
    public void deleteLedger(@RequestParam(value = "event-number", required = true) String eventNumber, HttpServletRequest request, HttpServletResponse response) {
        String position = (String) request.getSession(false).getAttribute("position");
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String status = (String) request.getSession(false).getAttribute("status");

        // 403 Forbidden
        if(!position.equals("president") || !status.equals("approval") || !ledgerService.checkMajor("event", eventNumber, majorNumber)) {
            response.setStatus(403);
            return;
        }
        

        ledgerService.deleteEvent(eventNumber);
    }

    @GetMapping(value = "/ledger-date")
    public Map<String, Object> getLedgerDate(@RequestParam(value = "major-number", required = false) String adminMajorNumber, HttpServletRequest request, HttpServletResponse response) {
        String position = (String) request.getSession(false).getAttribute("position");
        if(position.equals("admin")) {
            return ledgerService.getLedgerDate(adminMajorNumber);
        }
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");

        return ledgerService.getLedgerDate(majorNumber);
    }

    @Transactional(isolation = Isolation.SERIALIZABLE)
    @PutMapping(value = "/ledger-date")
    public void putLedgerDate(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) {
        String position = (String) request.getSession(false).getAttribute("position");
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String status = (String) request.getSession(false).getAttribute("status");
        String quarter = (String) body.get("quarter");
        String openDate = (String) body.get("openDate");
        String closeDate = (String) body.get("closeDate");

        // 403 Forbidden
        if(!position.equals("president") || !status.equals("approval")) {
            response.setStatus(403);
            return;
        }

        ledgerService.putLedgerDate(majorNumber, quarter, openDate, closeDate);
    }

    @Transactional(isolation = Isolation.SERIALIZABLE)
    @PatchMapping(value = "/event")
    public void patchEvent(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) {
        String position = (String) request.getSession(false).getAttribute("position");
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String status = (String) request.getSession(false).getAttribute("status");
        String eventNumber = (String) body.get("eventNumber");
        String eventTitle = (String) body.get("eventTitle");
        String eventContext = (String) body.get("eventContext");

        if(!position.equals("president")){
            log.info("position error");
        }
        if(!status.equals("approval")) {
            log.info("status error");
        }
        if(!ledgerService.checkMajor("event", eventNumber, majorNumber)) {
            log.info("majorNumber error");
        }
        // 403 Forbidden
        if(!position.equals("president") || !status.equals("approval") || !ledgerService.checkMajor("event", eventNumber, majorNumber)) {
            response.setStatus(403);
            return;
        }

        ledgerService.patchEvent(eventNumber, eventTitle, eventContext);
    }

    @Transactional(isolation = Isolation.SERIALIZABLE)
    @PostMapping(value = "/receipt")
    public void postReceipt(@ModelAttribute ReceiptModel receiptModel, HttpServletRequest request, HttpServletResponse response) {
        
        // receiptModel출력
        System.out.println(receiptModel);
        String position = (String) request.getSession(false).getAttribute("position");
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String status = (String) request.getSession(false).getAttribute("status");

        //403 Forbidden
        if(!position.equals("president") || !status.equals("approval") || !ledgerService.checkMajor("event", receiptModel.getEventNumber(), majorNumber)) {
            response.setStatus(403);
            return;
        }

        ledgerService.postReceipt(receiptModel);
    }

    @Transactional(isolation = Isolation.SERIALIZABLE)
    @PutMapping(value = "/receipt")
    public void putReceipt(@ModelAttribute ReceiptModel receiptModel, HttpServletRequest request, HttpServletResponse response) {

        // receiptModel출력
        System.out.println(receiptModel);
        String position = (String) request.getSession(false).getAttribute("position");
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String status = (String) request.getSession(false).getAttribute("status");

        // 403 Forbidden
        if(!position.equals("president") || !status.equals("approval") || !ledgerService.checkMajor("receipt", receiptModel.getReceiptNumber(), majorNumber)) {
            response.setStatus(403);
            return;
        }

        ledgerService.putReceipt(receiptModel);
    }

    @Transactional(isolation = Isolation.SERIALIZABLE)
    @DeleteMapping(value = "/receipt")
    public void deleteReceipt(@RequestParam(value = "receipt-number", required = true) String receiptNumberList, HttpServletRequest request, HttpServletResponse response) {
        String position = (String) request.getSession(false).getAttribute("position");
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String status = (String) request.getSession(false).getAttribute("status");

        // 403 Forbidden
        if(!position.equals("president") || !status.equals("approval")) {
            response.setStatus(403);
            return;
        }


        ledgerService.deleteReceiptList(receiptNumberList, majorNumber, response);
    }

    @Transactional(isolation = Isolation.SERIALIZABLE)
    @PatchMapping(value = "/event-sequence")
    public void patchEventSequence(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) {
        String position = (String) request.getSession(false).getAttribute("position");
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String status = (String) request.getSession(false).getAttribute("status");
        List<String> eventNumberList = (List<String>) body.get("eventNumberList");

        // 403 Forbidden
        if(!position.equals("president") || !status.equals("approval")) {
            response.setStatus(403);
            return;
        }
        for(String eventNumber : eventNumberList) {
            if(!ledgerService.checkMajor("event", eventNumber, majorNumber)) {
                response.setStatus(403);
                return;
            }
        }

        ledgerService.patchEventSequence(eventNumberList);
    }

    

}

MemberManagementController.java

package com.example.pkscl.controller;

import com.example.pkscl.service.MemberManagementService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PatchMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
import java.util.Map;

@RestController
public class MemberManagementController {

    private final MemberManagementService memberManagementService;

    @Autowired
    public MemberManagementController(MemberManagementService memberManagementService) {
        this.memberManagementService = memberManagementService;
    }
    
    @GetMapping(value = "/student-list")
    public Map<String,Object> studentList(HttpServletRequest request, HttpServletResponse response) {

        // 서비스 파라미터 설정
        String position = (String) request.getSession(false).getAttribute("position");
        String status = (String) request.getSession(false).getAttribute("status");
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");

        // 400 Bad Request
        if(majorNumber == null) {
            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
            return null;
        }

        // 403 Forbidden
        if(!position.equals("president") || !status.equals("approval")) {
            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
            return null;
        }

        // 서비스 호출 및 반환
        return memberManagementService.getStudentData(majorNumber);
    }

    @PatchMapping(value = "/student-list")
    public void patchStudentStatus(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) {

        // 서비스 파라미터 설정
        String position = (String) request.getSession(false).getAttribute("position");
        String status = (String) request.getSession(false).getAttribute("status");
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String patchStatus = (String) body.get("status");
        List<String> emailList = (List<String>) body.get("email");

        // 400 Bad Request
        if(emailList == null || emailList.size() == 0 || patchStatus == null) {
            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
            return;
        }

        // 403 Forbidden
        if(!position.equals("president") || !status.equals("approval")) {
            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
            return;
        }

        // 서비스 호출
        for(String email : emailList) {
            memberManagementService.patchStudentStatus(email, patchStatus, majorNumber);
        }
    }

    @GetMapping(value = "/president-list")
    public Map<String,Object> presidentList(HttpServletRequest request, HttpServletResponse response) {

        // 서비스 파라미터 설정
        String position = (String) request.getSession(false).getAttribute("position");
        
        // 403 Forbidden
        if(!position.equals("admin")) {
            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
            return null;
        }

        // 서비스 호출 및 반환
        return memberManagementService.getPresidentData();
    }

    @PatchMapping(value = "/president-list")
    public void patchPresidentStatus(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) {

        // 서비스 파라미터 설정
        String position = (String) request.getSession(false).getAttribute("position");
        String patchStatus = (String) body.get("status");
        List<String> emailList = (List<String>) body.get("email");

        // 400 Bad Request
        if(emailList == null || emailList.size() == 0 || patchStatus == null) {
            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
            return;
        }

        // 409 Conflict


        // 403 Forbidden
        if(!position.equals("admin")) {
            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
            return;
        }

        // 서비스 호출
        for(String email : emailList) {
            memberManagementService.patchPresidentStatus(email, patchStatus, response);
        }
    }

    @PatchMapping(value = "/major-president")
    public void patchMajorPresident(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) {

        // 서비스 파라미터 설정
        String position = (String) request.getSession(false).getAttribute("position");
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String presidentEmail = (String) request.getSession(false).getAttribute("email");
        String newPresidentEmail = (String) body.get("email");

        // 403 Forbidden
        if(!position.equals("president")) {
            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
            return;
        }

        // 서비스 호출
        memberManagementService.patchMajorPresident(presidentEmail, newPresidentEmail, majorNumber, response);
    }

}

ProfileController.java

package com.example.pkscl.controller;

import com.example.pkscl.data.dto.PresidentProfileModel;
import com.example.pkscl.data.dto.StudentProfileModel;
import com.example.pkscl.service.ProfileService;
import java.util.LinkedHashMap;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


@RestController
public class ProfileController {
    private final ProfileService profileService;
    private final PasswordEncoder passwordEncoder;

    @Autowired
    public ProfileController(ProfileService profileService, PasswordEncoder passwordEncoder) {
        this.profileService = profileService;
        this.passwordEncoder = passwordEncoder;
    }

    // 학생 및 학과회장 정보로드
    @GetMapping(value = "/profile")
    public Map<String,Object> studentProfile(HttpServletRequest request, HttpServletResponse response) {



        // 세션 여부를 판단하기 위한 변수 설정
        String email = (String) request.getSession(false).getAttribute("email");
        String majorNumber = (String) request.getSession(false).getAttribute("majorNumber");
        String position = (String) request.getSession(false).getAttribute("position");



        // 400 Bad Request
        if(majorNumber == null || email==null || position==null) {
            Map<String,Object> errorMsg = new LinkedHashMap<>();
            errorMsg.put("errorMessage", "존재하지 않는 회원입니다.");
            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);

            return errorMsg;
        }

        // 서비스 호출 및 반환
        return profileService.getProfileData(position, email, majorNumber);
    }

    // 학생 정보 변경
    @PutMapping(value = "/profile/student") //president로 나눠야함 form양식이 달라서
    public void patchStudentStatus(@ModelAttribute StudentProfileModel studentProfileModel, MultipartFile certFile,  HttpServletRequest request, HttpServletResponse response) throws Exception{

        // 403
        if(studentProfileModel.getStdID().equals(null) || studentProfileModel.getMajorNumber() == 0 ||
            studentProfileModel.getName().equals(null)) {
            Map<String,Object> errorMsg = new LinkedHashMap<>();
            response.setStatus(403);
            return;
        }

        // 세션서 이메일값을 받아온다.
        String email = (String) request.getSession(false).getAttribute("email");

        String stdID = studentProfileModel.getStdID();
        int major =  studentProfileModel.getMajorNumber();
        String name  = studentProfileModel.getName();

        String fileName = null;

        if(certFile != null) {
            fileName = new java.text.SimpleDateFormat("yyyyMMddHHmmssSSS").format(new java.util.Date());
            fileName = fileName + certFile.getOriginalFilename().substring(certFile.getOriginalFilename().lastIndexOf("."));
            profileService.fileUploadStd(fileName, certFile);

        }

        // 레포에 업데이트
        profileService.putStudentProfileData(email, stdID, major, name, fileName);


    }

    @PutMapping(value = "/profile/president") //president로 나눠야함 form양식이 달라서
    public void patchPresidentStatus(@ModelAttribute PresidentProfileModel presidentProfileModel, MultipartFile majorLogo,  HttpServletRequest request, HttpServletResponse response) throws Exception{

        // 403 Forbidden
        if(presidentProfileModel.getStdID().equals(null) || presidentProfileModel.getPhoneNumber().equals(null) ||
            presidentProfileModel.getName().equals(null)) {
            response.setStatus(403);
            return;
        }

        String email = (String) request.getSession(false).getAttribute("email");

        String stdID = presidentProfileModel.getStdID();
        String name = presidentProfileModel.getName();
        String phoneNumber= presidentProfileModel.getPhoneNumber();
        String majorNumber = presidentProfileModel.getMajorNumber();


        String fileName = null;

        if(majorLogo != null) {
            fileName = new java.text.SimpleDateFormat("yyyyMMddHHmmssSSS").format(new java.util.Date());
            fileName = fileName + majorLogo.getOriginalFilename().substring(majorLogo.getOriginalFilename().lastIndexOf("."));
            profileService.fileUploadLogo(fileName, majorLogo);

        }
        profileService.putPresidentProfileData(email, stdID, name, phoneNumber, fileName, majorNumber);
    }

    @PatchMapping(value = "/password")
    public void patchPassword(@RequestBody Map<String, Object> body,  HttpServletRequest request, HttpServletResponse response){

        String email =(String) request.getSession(false).getAttribute("email");
        String position = (String) request.getSession(false).getAttribute("position");
        
        String inputPassword = (String) body.get("inputPassword");
        String inputNewPassword = (String) body.get("inputNewPassword");
        String inputCheckNewPassword = (String) body.get("inputCheckNewPassword");

        // 403 Forbidden
        if(inputPassword.equals(null) || inputNewPassword .equals(null)||  !inputNewPassword.equals(inputCheckNewPassword)) {
            response.setStatus(403); return;
        }

        else if(position.equals("student")){
        // 학생 기존 비번이랑 같은지 체크
            if (!passwordEncoder.matches(inputPassword, profileService.getStudentPassword(email))) {
                response.setStatus(401); return;
            }
            else profileService.patchStudentPassword(email, inputNewPassword);
        }

        else if(position.equals("president")){
        // 학생 기존 비번이랑 같은지 체크
            if(!passwordEncoder.matches(inputPassword, profileService.getPresidentPassword(email))) {
                response.setStatus(401); return;
            }
            else profileService.patchPresidentPassword(email, inputNewPassword);
        }

 }
}

SignInController.java

package com.example.pkscl.controller;

import java.io.IOException;
import java.util.LinkedHashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.example.pkscl.service.SignInService;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class SignInController {

    private final SignInService signInService;
    
    @Autowired  
    public SignInController(SignInService signInService) {
        this.signInService = signInService;
    }

    @PostMapping(value = "/login/student")
    public void studentSignIn(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) {
        
        // 서비스 파라미터 설정
        String email = (String) body.get("email");
        String password = (String) body.get("password");

        // 400 Bad Request
        if(email == null || password == null) {
            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
            return;
        }

        // 401 Unauthorized
        boolean match = signInService.studentMatch(password, email);
        if(!match) {
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }
        
        // 세션 설정
        String majorNumber = signInService.getStudentMajor(email)+"";
        String status = signInService.getStudentStatus(email);
        HttpSession session = request.getSession();
        session.setAttribute("position", "student");
        session.setAttribute("email", email);
        session.setAttribute("majorNumber", majorNumber);
        session.setAttribute("status", status);
        
    }

    @PostMapping(value = "/login/president")
    public void presidentSignIn(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) {
    
        // 서비스 파라미터 설정
        String email = (String) body.get("email");
        String password = (String) body.get("password");

        // 400 Bad Request
        if (email == null || password == null) {
            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
            return;
        }

        // 401 Unauthorized
        boolean match = signInService.presidentMatch(password, email);
        if(!match) {
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }

        // 세션 생성
        String majorNumber = signInService.getPresidentMajor(email)+"";
        String status = signInService.getPresidentStatus(email);
        HttpSession session = request.getSession();
        session.setAttribute("position", "president");
        session.setAttribute("email", email);
        session.setAttribute("majorNumber", majorNumber);
        session.setAttribute("status", status);
            
    }

    @PostMapping(value = "/login/admin")
    public void adminSignIn(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) {
        
        // 서비스 파라미터 설정
        String id = (String) body.get("email");
        String password = (String) body.get("password");

        // 400 bad request
        if (id == null || password == null) {
            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
            return;
        }

        // 401 unauthorized
        boolean match = signInService.adminMatch(password, id);
        if(!match){
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }

        // 세션 생성
        HttpSession session = request.getSession();
        session.setAttribute("position", "admin");
        session.setAttribute("id", id);

    }

    @PostMapping("/logout") 
    public void logout(HttpServletRequest request, HttpServletResponse response) throws IOException
    { 
        HttpSession session = request.getSession(false);
        session.invalidate();
        response.setStatus(HttpServletResponse.SC_OK);
    }

    @PostMapping("/withdrawal")
    public void secession(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) throws IOException
    {
        // 서비스 파라미터 설정
        HttpSession session = request.getSession(false);
        String position = (String) session.getAttribute("position");
        String email = (String) session.getAttribute("email");
        String checkemail = (String) body.get("inputEmail");
        String password = (String) body.get("inputPassword");

        // 400 bad request
        if (checkemail == null || password == null) {

            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
            return;

        }

        if(position.equals("student")) {

            // 401 unauthorized
            // 이메일, 비밀번호 일치 여부 확인
            if(!checkemail.equals(email) || !signInService.studentMatch(password, email)) {
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                return;
            }

            // 탈퇴 
            signInService.withdrawalStudent(email);

        } else if(position.equals("president")) {

            // 401 unauthorized
            // 이메일, 비밀번호 일치 여부 확인
            if(!checkemail.equals(email) || !signInService.presidentMatch(password, email)) {
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                return;
            }

            // 탈퇴
            signInService.withdrawalPresident(email);

        }

        // 세션 삭제
        session.invalidate();
        response.setStatus(HttpServletResponse.SC_OK);

    }

    @GetMapping("/status")
    public Map<String, Object> getStatus(HttpServletRequest request, HttpServletResponse response) throws IOException
    {
        HttpSession session = request.getSession(false);
        String status = (String) session.getAttribute("status");

        LinkedHashMap<String, Object> result = new LinkedHashMap<>();
        result.put("status", status);

        return result;
    }

    @GetMapping("/position")
    public Map<String, Object> getPosition(HttpServletRequest request, HttpServletResponse response) throws IOException
    {
        HttpSession session = request.getSession(false);
        String position = (String) session.getAttribute("position");

        LinkedHashMap<String, Object> result = new LinkedHashMap<>();
        result.put("position", position);

        return result;
    }

}

SignUpController.java

package com.example.pkscl.controller;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;

import java.util.Map;

import javax.servlet.http.HttpServletResponse;

import com.example.pkscl.data.entity.member.President;
import com.example.pkscl.data.dto.PresidentModel;
import com.example.pkscl.data.entity.member.Student;
import com.example.pkscl.data.dto.StudentModel;
import com.example.pkscl.service.SignUpService;

@RestController
public class SignUpController {

    private final SignUpService signUpService;
    
    @Autowired
    public SignUpController(SignUpService signUpService) {
        this.signUpService = signUpService;
    }

    @PostMapping(value = "/signup/student")
    public void signUpStudent(@ModelAttribute StudentModel studentModel, MultipartFile certFile, HttpServletResponse response) throws Exception {

        Student student = new Student();
        student.setEmail(studentModel.getEmail());
        String password = studentModel.getPassword();

        // 401 Unauthorized
        if(!password.equals(studentModel.getCheckPassword())) {
            response.setStatus(401);
            return;
        }
        student.setPassword(password);
        student.setMajornumber(studentModel.getMajor());
        student.setStudentid(studentModel.getStdID());
        student.setName(studentModel.getName());
        
        // file_name을 현재시간을 기준으로 yyyyMMddHHmmssSSS.jpg 형태로 설정
        String dir = "./static/studentCertFile/";
        String filename = new java.text.SimpleDateFormat("yyyyMMddHHmmssSSS").format(new java.util.Date());
        String ext = certFile.getOriginalFilename().substring(certFile.getOriginalFilename().lastIndexOf("."));
        student.setCertfilepath(dir + filename + ext);

        //중복확인후 400반환
        if(!signUpService.studentCheckEmail(student.getEmail())) {
            response.setStatus(409);
            return;
        }

        signUpService.fileUpload(filename+ext, certFile);
        if(!signUpService.signUpStudent(student)) {
            response.setStatus(403);
        }
        
    }

    @PostMapping(value = "/signup/president")
    public void signUpPresident(@ModelAttribute PresidentModel presidentModel, MultipartFile certFile, HttpServletResponse response) throws Exception {

        President president = new President();
        president.setEmail(presidentModel.getEmail());
        String password = presidentModel.getPassword();

        // 401 Unauthorized
        if(!password.equals(presidentModel.getCheckPassword())) {
            response.setStatus(401);
            return;
        }
        president.setPassword(password);
        president.setName(presidentModel.getName());
        president.setMajornumber(presidentModel.getMajor());
        president.setStudentid(presidentModel.getStdID());
        president.setPhonenumber(presidentModel.getPhoneNumber());
        
        //중복확인후 400반환
        if(!signUpService.presidentCheckEmail(president.getEmail())) {
            response.setStatus(409);
            return;
        }

        if(!signUpService.signUpPresident(president)) {
            response.setStatus(403);
        }
    }

    @GetMapping(value = "/major-list")
    public Map<String,Object> getMajorList() {
        return signUpService.getMajorList();
    }

}

SMTPController.java

package com.example.pkscl.controller;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;

import javax.servlet.http.HttpServletResponse;

import com.example.pkscl.service.SMTPService;
import com.example.pkscl.service.SignUpService;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class SMTPController {
    
    private static final String VERIFY_SUCCESS_MESSAGE = "<script>alert('이메일 인증이 완료되었습니다. 회원가입을 계속 진행해주세요.'); </script>";
    private static final String VERIFY_FAIL_MESSAGE = "<script>alert('인증에 실패하였습니다.');</script>";
    private final SMTPService smtpService;
    private final SignUpService signUpService;

    @Autowired
    public SMTPController(SMTPService smtpService, SignUpService signUpService) {
        this.smtpService = smtpService;
        this.signUpService = signUpService;
    }

    @PostMapping(value = "/email/{position}")
    public void sendEmail(@RequestBody Map<String, Object> body, @PathVariable String position, HttpServletResponse response) {

        String email = (String) body.get("email");

        // 이메일 형식 확인
        if (!smtpService.checkEmailForm(email)) {
            response.setStatus(HttpStatus.BAD_REQUEST.value());
            return;
        }

        // 중복확인
        if(position.equals("student")){
            if(!signUpService.studentCheckEmail(email)) {
                response.setStatus(HttpStatus.CONFLICT.value());
                return;
            }
        }else if(position.equals("president")){
            if(!signUpService.presidentCheckEmail(email)) {
                response.setStatus(HttpStatus.CONFLICT.value());
                return;
            }
        }else{
            response.setStatus(HttpStatus.BAD_REQUEST.value());
            return;
        }

        smtpService.sendEmailAuth(email, position);
    }

    @GetMapping(value = "/verify/token/{position}")
    public void verifyToken(@RequestParam String token, @PathVariable String position, HttpServletResponse response) throws IOException {
        if(position.equals("student")){
            if(!smtpService.studentVerifyToken(token)){
                response.setContentType("text/html; charset=euc-kr");
                PrintWriter out = response.getWriter();
                // alert 창 확인시 창 닫기
                out.println(VERIFY_FAIL_MESSAGE);
                out.flush();
                return;
            }
        }else if(position.equals("president")){
            if(!smtpService.presidentVerifyToken(token)){
                response.setContentType("text/html; charset=euc-kr");
                PrintWriter out = response.getWriter();
                // alert 창 확인시 창 닫기
                out.println(VERIFY_FAIL_MESSAGE);
                out.flush();
                return;
            }
        }else{
            response.setContentType("text/html; charset=euc-kr");
            PrintWriter out = response.getWriter();
            // alert 창 확인시 창 닫기
            out.println(VERIFY_FAIL_MESSAGE);
            out.flush();
            return;
        }

        response.setContentType("text/html; charset=euc-kr");
        PrintWriter out = response.getWriter();
        // alert 창 확인시 창 닫기
        out.println(VERIFY_SUCCESS_MESSAGE);
        out.flush();
    }
    
    // 임시 비밀번호 발급
    @PostMapping(value = "/newpwd/{position}")
    public void newPassword(@RequestBody Map<String, Object> param, @PathVariable String position, HttpServletResponse response) {
        String email = (String) param.get("email");
        String name = (String) param.get("name");
        String studentId = (String) param.get("stdID");
        if(position.equals("student")){
            if(smtpService.studentTempPassword(email, name, studentId) < 0) response.setStatus(HttpStatus.BAD_REQUEST.value());
        }else if(position.equals("president")){
            if(smtpService.presidentTempPassword(email, name, studentId) < 0) response.setStatus(HttpStatus.BAD_REQUEST.value());
        }else{
            response.setStatus(HttpStatus.BAD_REQUEST.value());
        }
    }
    
}

TestController.java

package com.example.pkscl.controller;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class TestController {
    
    @GetMapping("/whoami")
    // 세션으로부터 email, position 정보를 가져온다.
    public String whoami(HttpServletRequest request) {
        HttpSession session = request.getSession(false);
        String email = (String) session.getAttribute("email");
        String position = (String) session.getAttribute("position");
        String majorNumber = (String) session.getAttribute("majorNumber");
        String status = (String) session.getAttribute("status");
        return "email: " + email + ", position: " + position + ", majorNumber: " + majorNumber + ", status: " + status;
    }
}

WebController.java

package com.example.pkscl.controller;

import org.springframework.boot.web.servlet.error.ErrorController;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

@Controller
public class WebController implements ErrorController {
    
        @GetMapping("/error")
        public String error() {
            return "/index.html";
        }
    
}

Previousconfig/Nextdata/

Last updated 1 year ago

package com.example.pkscl.controller; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.example.pkscl.data.dto.ReceiptModel; import com.example.pkscl.service.LedgerService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.transaction.annotation.Isolation; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.PatchMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.PutMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import lombok.extern.slf4j.Slf4j; @Slf4j // 문제점 1. majorNumber랑 API로 수정하고자하는 곳이 다르면 403을 띄워야함.. 근데 이많은걸 다 어떻게? @RestController public class LedgerController { private final LedgerService ledgerService; @Autowired public LedgerController(LedgerService ledgerService) { this.ledgerService = ledgerService; } @GetMapping(value = "/major-info") public Map<String, Object> getLedger(HttpServletRequest request, HttpServletResponse response) { String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String position = (String) request.getSession(false).getAttribute("position"); String status = (String) request.getSession(false).getAttribute("status"); if(!status.equals("approval")) { response.setStatus(403); return null; } return ledgerService.getLedgerData(majorNumber, position); } @GetMapping(value = "/major-info/admin") public Map<String, Object> getLedgerAdmin(@RequestParam(value = "major-number", required = true) String majorNumber, HttpServletRequest request, HttpServletResponse response) { String position = (String) request.getSession(false).getAttribute("position"); return ledgerService.getLedgerData(majorNumber, position); } @GetMapping(value = "/temp-major-info") public Map<String, Object> getTempLedger(HttpServletRequest request, HttpServletResponse response){ return ledgerService.getLedgerData("0", "president"); } @Transactional(isolation = Isolation.SERIALIZABLE) @PostMapping(value = "/event") public void addLedger(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) { String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String position = (String) request.getSession(false).getAttribute("position"); String status = (String) request.getSession(false).getAttribute("status"); String quarter = (String) body.get("quarter"); // 403 Forbidden if(!position.equals("president") || !status.equals("approval")) { response.setStatus(403); return; } ledgerService.addEvent(majorNumber, quarter); } @Transactional(isolation = Isolation.SERIALIZABLE) @DeleteMapping(value = "/event") public void deleteLedger(@RequestParam(value = "event-number", required = true) String eventNumber, HttpServletRequest request, HttpServletResponse response) { String position = (String) request.getSession(false).getAttribute("position"); String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String status = (String) request.getSession(false).getAttribute("status"); // 403 Forbidden if(!position.equals("president") || !status.equals("approval") || !ledgerService.checkMajor("event", eventNumber, majorNumber)) { response.setStatus(403); return; } ledgerService.deleteEvent(eventNumber); } @GetMapping(value = "/ledger-date") public Map<String, Object> getLedgerDate(@RequestParam(value = "major-number", required = false) String adminMajorNumber, HttpServletRequest request, HttpServletResponse response) { String position = (String) request.getSession(false).getAttribute("position"); if(position.equals("admin")) { return ledgerService.getLedgerDate(adminMajorNumber); } String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); return ledgerService.getLedgerDate(majorNumber); } @Transactional(isolation = Isolation.SERIALIZABLE) @PutMapping(value = "/ledger-date") public void putLedgerDate(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) { String position = (String) request.getSession(false).getAttribute("position"); String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String status = (String) request.getSession(false).getAttribute("status"); String quarter = (String) body.get("quarter"); String openDate = (String) body.get("openDate"); String closeDate = (String) body.get("closeDate"); // 403 Forbidden if(!position.equals("president") || !status.equals("approval")) { response.setStatus(403); return; } ledgerService.putLedgerDate(majorNumber, quarter, openDate, closeDate); } @Transactional(isolation = Isolation.SERIALIZABLE) @PatchMapping(value = "/event") public void patchEvent(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) { String position = (String) request.getSession(false).getAttribute("position"); String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String status = (String) request.getSession(false).getAttribute("status"); String eventNumber = (String) body.get("eventNumber"); String eventTitle = (String) body.get("eventTitle"); String eventContext = (String) body.get("eventContext"); if(!position.equals("president")){ log.info("position error"); } if(!status.equals("approval")) { log.info("status error"); } if(!ledgerService.checkMajor("event", eventNumber, majorNumber)) { log.info("majorNumber error"); } // 403 Forbidden if(!position.equals("president") || !status.equals("approval") || !ledgerService.checkMajor("event", eventNumber, majorNumber)) { response.setStatus(403); return; } ledgerService.patchEvent(eventNumber, eventTitle, eventContext); } @Transactional(isolation = Isolation.SERIALIZABLE) @PostMapping(value = "/receipt") public void postReceipt(@ModelAttribute ReceiptModel receiptModel, HttpServletRequest request, HttpServletResponse response) { // receiptModel출력 System.out.println(receiptModel); String position = (String) request.getSession(false).getAttribute("position"); String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String status = (String) request.getSession(false).getAttribute("status"); //403 Forbidden if(!position.equals("president") || !status.equals("approval") || !ledgerService.checkMajor("event", receiptModel.getEventNumber(), majorNumber)) { response.setStatus(403); return; } ledgerService.postReceipt(receiptModel); } @Transactional(isolation = Isolation.SERIALIZABLE) @PutMapping(value = "/receipt") public void putReceipt(@ModelAttribute ReceiptModel receiptModel, HttpServletRequest request, HttpServletResponse response) { // receiptModel출력 System.out.println(receiptModel); String position = (String) request.getSession(false).getAttribute("position"); String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String status = (String) request.getSession(false).getAttribute("status"); // 403 Forbidden if(!position.equals("president") || !status.equals("approval") || !ledgerService.checkMajor("receipt", receiptModel.getReceiptNumber(), majorNumber)) { response.setStatus(403); return; } ledgerService.putReceipt(receiptModel); } @Transactional(isolation = Isolation.SERIALIZABLE) @DeleteMapping(value = "/receipt") public void deleteReceipt(@RequestParam(value = "receipt-number", required = true) String receiptNumberList, HttpServletRequest request, HttpServletResponse response) { String position = (String) request.getSession(false).getAttribute("position"); String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String status = (String) request.getSession(false).getAttribute("status"); // 403 Forbidden if(!position.equals("president") || !status.equals("approval")) { response.setStatus(403); return; } ledgerService.deleteReceiptList(receiptNumberList, majorNumber, response); } @Transactional(isolation = Isolation.SERIALIZABLE) @PatchMapping(value = "/event-sequence") public void patchEventSequence(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) { String position = (String) request.getSession(false).getAttribute("position"); String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String status = (String) request.getSession(false).getAttribute("status"); List<String> eventNumberList = (List<String>) body.get("eventNumberList"); // 403 Forbidden if(!position.equals("president") || !status.equals("approval")) { response.setStatus(403); return; } for(String eventNumber : eventNumberList) { if(!ledgerService.checkMajor("event", eventNumber, majorNumber)) { response.setStatus(403); return; } } ledgerService.patchEventSequence(eventNumberList); } }

package com.example.pkscl.controller; import com.example.pkscl.service.MemberManagementService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PatchMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.List; import java.util.Map; @RestController public class MemberManagementController { private final MemberManagementService memberManagementService; @Autowired public MemberManagementController(MemberManagementService memberManagementService) { this.memberManagementService = memberManagementService; } @GetMapping(value = "/student-list") public Map<String,Object> studentList(HttpServletRequest request, HttpServletResponse response) { // 서비스 파라미터 설정 String position = (String) request.getSession(false).getAttribute("position"); String status = (String) request.getSession(false).getAttribute("status"); String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); // 400 Bad Request if(majorNumber == null) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); return null; } // 403 Forbidden if(!position.equals("president") || !status.equals("approval")) { response.setStatus(HttpServletResponse.SC_FORBIDDEN); return null; } // 서비스 호출 및 반환 return memberManagementService.getStudentData(majorNumber); } @PatchMapping(value = "/student-list") public void patchStudentStatus(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) { // 서비스 파라미터 설정 String position = (String) request.getSession(false).getAttribute("position"); String status = (String) request.getSession(false).getAttribute("status"); String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String patchStatus = (String) body.get("status"); List<String> emailList = (List<String>) body.get("email"); // 400 Bad Request if(emailList == null || emailList.size() == 0 || patchStatus == null) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); return; } // 403 Forbidden if(!position.equals("president") || !status.equals("approval")) { response.setStatus(HttpServletResponse.SC_FORBIDDEN); return; } // 서비스 호출 for(String email : emailList) { memberManagementService.patchStudentStatus(email, patchStatus, majorNumber); } } @GetMapping(value = "/president-list") public Map<String,Object> presidentList(HttpServletRequest request, HttpServletResponse response) { // 서비스 파라미터 설정 String position = (String) request.getSession(false).getAttribute("position"); // 403 Forbidden if(!position.equals("admin")) { response.setStatus(HttpServletResponse.SC_FORBIDDEN); return null; } // 서비스 호출 및 반환 return memberManagementService.getPresidentData(); } @PatchMapping(value = "/president-list") public void patchPresidentStatus(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) { // 서비스 파라미터 설정 String position = (String) request.getSession(false).getAttribute("position"); String patchStatus = (String) body.get("status"); List<String> emailList = (List<String>) body.get("email"); // 400 Bad Request if(emailList == null || emailList.size() == 0 || patchStatus == null) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); return; } // 409 Conflict // 403 Forbidden if(!position.equals("admin")) { response.setStatus(HttpServletResponse.SC_FORBIDDEN); return; } // 서비스 호출 for(String email : emailList) { memberManagementService.patchPresidentStatus(email, patchStatus, response); } } @PatchMapping(value = "/major-president") public void patchMajorPresident(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) { // 서비스 파라미터 설정 String position = (String) request.getSession(false).getAttribute("position"); String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String presidentEmail = (String) request.getSession(false).getAttribute("email"); String newPresidentEmail = (String) body.get("email"); // 403 Forbidden if(!position.equals("president")) { response.setStatus(HttpServletResponse.SC_FORBIDDEN); return; } // 서비스 호출 memberManagementService.patchMajorPresident(presidentEmail, newPresidentEmail, majorNumber, response); } }

package com.example.pkscl.controller; import com.example.pkscl.data.dto.PresidentProfileModel; import com.example.pkscl.data.dto.StudentProfileModel; import com.example.pkscl.service.ProfileService; import java.util.LinkedHashMap; import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @RestController public class ProfileController { private final ProfileService profileService; private final PasswordEncoder passwordEncoder; @Autowired public ProfileController(ProfileService profileService, PasswordEncoder passwordEncoder) { this.profileService = profileService; this.passwordEncoder = passwordEncoder; } // 학생 및 학과회장 정보로드 @GetMapping(value = "/profile") public Map<String,Object> studentProfile(HttpServletRequest request, HttpServletResponse response) { // 세션 여부를 판단하기 위한 변수 설정 String email = (String) request.getSession(false).getAttribute("email"); String majorNumber = (String) request.getSession(false).getAttribute("majorNumber"); String position = (String) request.getSession(false).getAttribute("position"); // 400 Bad Request if(majorNumber == null || email==null || position==null) { Map<String,Object> errorMsg = new LinkedHashMap<>(); errorMsg.put("errorMessage", "존재하지 않는 회원입니다."); response.setStatus(HttpServletResponse.SC_BAD_REQUEST); return errorMsg; } // 서비스 호출 및 반환 return profileService.getProfileData(position, email, majorNumber); } // 학생 정보 변경 @PutMapping(value = "/profile/student") //president로 나눠야함 form양식이 달라서 public void patchStudentStatus(@ModelAttribute StudentProfileModel studentProfileModel, MultipartFile certFile, HttpServletRequest request, HttpServletResponse response) throws Exception{ // 403 if(studentProfileModel.getStdID().equals(null) || studentProfileModel.getMajorNumber() == 0 || studentProfileModel.getName().equals(null)) { Map<String,Object> errorMsg = new LinkedHashMap<>(); response.setStatus(403); return; } // 세션서 이메일값을 받아온다. String email = (String) request.getSession(false).getAttribute("email"); String stdID = studentProfileModel.getStdID(); int major = studentProfileModel.getMajorNumber(); String name = studentProfileModel.getName(); String fileName = null; if(certFile != null) { fileName = new java.text.SimpleDateFormat("yyyyMMddHHmmssSSS").format(new java.util.Date()); fileName = fileName + certFile.getOriginalFilename().substring(certFile.getOriginalFilename().lastIndexOf(".")); profileService.fileUploadStd(fileName, certFile); } // 레포에 업데이트 profileService.putStudentProfileData(email, stdID, major, name, fileName); } @PutMapping(value = "/profile/president") //president로 나눠야함 form양식이 달라서 public void patchPresidentStatus(@ModelAttribute PresidentProfileModel presidentProfileModel, MultipartFile majorLogo, HttpServletRequest request, HttpServletResponse response) throws Exception{ // 403 Forbidden if(presidentProfileModel.getStdID().equals(null) || presidentProfileModel.getPhoneNumber().equals(null) || presidentProfileModel.getName().equals(null)) { response.setStatus(403); return; } String email = (String) request.getSession(false).getAttribute("email"); String stdID = presidentProfileModel.getStdID(); String name = presidentProfileModel.getName(); String phoneNumber= presidentProfileModel.getPhoneNumber(); String majorNumber = presidentProfileModel.getMajorNumber(); String fileName = null; if(majorLogo != null) { fileName = new java.text.SimpleDateFormat("yyyyMMddHHmmssSSS").format(new java.util.Date()); fileName = fileName + majorLogo.getOriginalFilename().substring(majorLogo.getOriginalFilename().lastIndexOf(".")); profileService.fileUploadLogo(fileName, majorLogo); } profileService.putPresidentProfileData(email, stdID, name, phoneNumber, fileName, majorNumber); } @PatchMapping(value = "/password") public void patchPassword(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response){ String email =(String) request.getSession(false).getAttribute("email"); String position = (String) request.getSession(false).getAttribute("position"); String inputPassword = (String) body.get("inputPassword"); String inputNewPassword = (String) body.get("inputNewPassword"); String inputCheckNewPassword = (String) body.get("inputCheckNewPassword"); // 403 Forbidden if(inputPassword.equals(null) || inputNewPassword .equals(null)|| !inputNewPassword.equals(inputCheckNewPassword)) { response.setStatus(403); return; } else if(position.equals("student")){ // 학생 기존 비번이랑 같은지 체크 if (!passwordEncoder.matches(inputPassword, profileService.getStudentPassword(email))) { response.setStatus(401); return; } else profileService.patchStudentPassword(email, inputNewPassword); } else if(position.equals("president")){ // 학생 기존 비번이랑 같은지 체크 if(!passwordEncoder.matches(inputPassword, profileService.getPresidentPassword(email))) { response.setStatus(401); return; } else profileService.patchPresidentPassword(email, inputNewPassword); } } }

package com.example.pkscl.controller; import java.io.IOException; import java.util.LinkedHashMap; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import com.example.pkscl.service.SignInService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; @RestController public class SignInController { private final SignInService signInService; @Autowired public SignInController(SignInService signInService) { this.signInService = signInService; } @PostMapping(value = "/login/student") public void studentSignIn(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) { // 서비스 파라미터 설정 String email = (String) body.get("email"); String password = (String) body.get("password"); // 400 Bad Request if(email == null || password == null) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); return; } // 401 Unauthorized boolean match = signInService.studentMatch(password, email); if(!match) { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return; } // 세션 설정 String majorNumber = signInService.getStudentMajor(email)+""; String status = signInService.getStudentStatus(email); HttpSession session = request.getSession(); session.setAttribute("position", "student"); session.setAttribute("email", email); session.setAttribute("majorNumber", majorNumber); session.setAttribute("status", status); } @PostMapping(value = "/login/president") public void presidentSignIn(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) { // 서비스 파라미터 설정 String email = (String) body.get("email"); String password = (String) body.get("password"); // 400 Bad Request if (email == null || password == null) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); return; } // 401 Unauthorized boolean match = signInService.presidentMatch(password, email); if(!match) { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return; } // 세션 생성 String majorNumber = signInService.getPresidentMajor(email)+""; String status = signInService.getPresidentStatus(email); HttpSession session = request.getSession(); session.setAttribute("position", "president"); session.setAttribute("email", email); session.setAttribute("majorNumber", majorNumber); session.setAttribute("status", status); } @PostMapping(value = "/login/admin") public void adminSignIn(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) { // 서비스 파라미터 설정 String id = (String) body.get("email"); String password = (String) body.get("password"); // 400 bad request if (id == null || password == null) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); return; } // 401 unauthorized boolean match = signInService.adminMatch(password, id); if(!match){ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return; } // 세션 생성 HttpSession session = request.getSession(); session.setAttribute("position", "admin"); session.setAttribute("id", id); } @PostMapping("/logout") public void logout(HttpServletRequest request, HttpServletResponse response) throws IOException { HttpSession session = request.getSession(false); session.invalidate(); response.setStatus(HttpServletResponse.SC_OK); } @PostMapping("/withdrawal") public void secession(@RequestBody Map<String, Object> body, HttpServletRequest request, HttpServletResponse response) throws IOException { // 서비스 파라미터 설정 HttpSession session = request.getSession(false); String position = (String) session.getAttribute("position"); String email = (String) session.getAttribute("email"); String checkemail = (String) body.get("inputEmail"); String password = (String) body.get("inputPassword"); // 400 bad request if (checkemail == null || password == null) { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); return; } if(position.equals("student")) { // 401 unauthorized // 이메일, 비밀번호 일치 여부 확인 if(!checkemail.equals(email) || !signInService.studentMatch(password, email)) { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return; } // 탈퇴 signInService.withdrawalStudent(email); } else if(position.equals("president")) { // 401 unauthorized // 이메일, 비밀번호 일치 여부 확인 if(!checkemail.equals(email) || !signInService.presidentMatch(password, email)) { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return; } // 탈퇴 signInService.withdrawalPresident(email); } // 세션 삭제 session.invalidate(); response.setStatus(HttpServletResponse.SC_OK); } @GetMapping("/status") public Map<String, Object> getStatus(HttpServletRequest request, HttpServletResponse response) throws IOException { HttpSession session = request.getSession(false); String status = (String) session.getAttribute("status"); LinkedHashMap<String, Object> result = new LinkedHashMap<>(); result.put("status", status); return result; } @GetMapping("/position") public Map<String, Object> getPosition(HttpServletRequest request, HttpServletResponse response) throws IOException { HttpSession session = request.getSession(false); String position = (String) session.getAttribute("position"); LinkedHashMap<String, Object> result = new LinkedHashMap<>(); result.put("position", position); return result; } }

package com.example.pkscl.controller; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.multipart.MultipartFile; import java.util.Map; import javax.servlet.http.HttpServletResponse; import com.example.pkscl.data.entity.member.President; import com.example.pkscl.data.dto.PresidentModel; import com.example.pkscl.data.entity.member.Student; import com.example.pkscl.data.dto.StudentModel; import com.example.pkscl.service.SignUpService; @RestController public class SignUpController { private final SignUpService signUpService; @Autowired public SignUpController(SignUpService signUpService) { this.signUpService = signUpService; } @PostMapping(value = "/signup/student") public void signUpStudent(@ModelAttribute StudentModel studentModel, MultipartFile certFile, HttpServletResponse response) throws Exception { Student student = new Student(); student.setEmail(studentModel.getEmail()); String password = studentModel.getPassword(); // 401 Unauthorized if(!password.equals(studentModel.getCheckPassword())) { response.setStatus(401); return; } student.setPassword(password); student.setMajornumber(studentModel.getMajor()); student.setStudentid(studentModel.getStdID()); student.setName(studentModel.getName()); // file_name을 현재시간을 기준으로 yyyyMMddHHmmssSSS.jpg 형태로 설정 String dir = "./static/studentCertFile/"; String filename = new java.text.SimpleDateFormat("yyyyMMddHHmmssSSS").format(new java.util.Date()); String ext = certFile.getOriginalFilename().substring(certFile.getOriginalFilename().lastIndexOf(".")); student.setCertfilepath(dir + filename + ext); //중복확인후 400반환 if(!signUpService.studentCheckEmail(student.getEmail())) { response.setStatus(409); return; } signUpService.fileUpload(filename+ext, certFile); if(!signUpService.signUpStudent(student)) { response.setStatus(403); } } @PostMapping(value = "/signup/president") public void signUpPresident(@ModelAttribute PresidentModel presidentModel, MultipartFile certFile, HttpServletResponse response) throws Exception { President president = new President(); president.setEmail(presidentModel.getEmail()); String password = presidentModel.getPassword(); // 401 Unauthorized if(!password.equals(presidentModel.getCheckPassword())) { response.setStatus(401); return; } president.setPassword(password); president.setName(presidentModel.getName()); president.setMajornumber(presidentModel.getMajor()); president.setStudentid(presidentModel.getStdID()); president.setPhonenumber(presidentModel.getPhoneNumber()); //중복확인후 400반환 if(!signUpService.presidentCheckEmail(president.getEmail())) { response.setStatus(409); return; } if(!signUpService.signUpPresident(president)) { response.setStatus(403); } } @GetMapping(value = "/major-list") public Map<String,Object> getMajorList() { return signUpService.getMajorList(); } }

package com.example.pkscl.controller; import java.io.IOException; import java.io.PrintWriter; import java.util.Map; import javax.servlet.http.HttpServletResponse; import com.example.pkscl.service.SMTPService; import com.example.pkscl.service.SignUpService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; @RestController public class SMTPController { private static final String VERIFY_SUCCESS_MESSAGE = "<script>alert('이메일 인증이 완료되었습니다. 회원가입을 계속 진행해주세요.'); </script>"; private static final String VERIFY_FAIL_MESSAGE = "<script>alert('인증에 실패하였습니다.');</script>"; private final SMTPService smtpService; private final SignUpService signUpService; @Autowired public SMTPController(SMTPService smtpService, SignUpService signUpService) { this.smtpService = smtpService; this.signUpService = signUpService; } @PostMapping(value = "/email/{position}") public void sendEmail(@RequestBody Map<String, Object> body, @PathVariable String position, HttpServletResponse response) { String email = (String) body.get("email"); // 이메일 형식 확인 if (!smtpService.checkEmailForm(email)) { response.setStatus(HttpStatus.BAD_REQUEST.value()); return; } // 중복확인 if(position.equals("student")){ if(!signUpService.studentCheckEmail(email)) { response.setStatus(HttpStatus.CONFLICT.value()); return; } }else if(position.equals("president")){ if(!signUpService.presidentCheckEmail(email)) { response.setStatus(HttpStatus.CONFLICT.value()); return; } }else{ response.setStatus(HttpStatus.BAD_REQUEST.value()); return; } smtpService.sendEmailAuth(email, position); } @GetMapping(value = "/verify/token/{position}") public void verifyToken(@RequestParam String token, @PathVariable String position, HttpServletResponse response) throws IOException { if(position.equals("student")){ if(!smtpService.studentVerifyToken(token)){ response.setContentType("text/html; charset=euc-kr"); PrintWriter out = response.getWriter(); // alert 창 확인시 창 닫기 out.println(VERIFY_FAIL_MESSAGE); out.flush(); return; } }else if(position.equals("president")){ if(!smtpService.presidentVerifyToken(token)){ response.setContentType("text/html; charset=euc-kr"); PrintWriter out = response.getWriter(); // alert 창 확인시 창 닫기 out.println(VERIFY_FAIL_MESSAGE); out.flush(); return; } }else{ response.setContentType("text/html; charset=euc-kr"); PrintWriter out = response.getWriter(); // alert 창 확인시 창 닫기 out.println(VERIFY_FAIL_MESSAGE); out.flush(); return; } response.setContentType("text/html; charset=euc-kr"); PrintWriter out = response.getWriter(); // alert 창 확인시 창 닫기 out.println(VERIFY_SUCCESS_MESSAGE); out.flush(); } // 임시 비밀번호 발급 @PostMapping(value = "/newpwd/{position}") public void newPassword(@RequestBody Map<String, Object> param, @PathVariable String position, HttpServletResponse response) { String email = (String) param.get("email"); String name = (String) param.get("name"); String studentId = (String) param.get("stdID"); if(position.equals("student")){ if(smtpService.studentTempPassword(email, name, studentId) < 0) response.setStatus(HttpStatus.BAD_REQUEST.value()); }else if(position.equals("president")){ if(smtpService.presidentTempPassword(email, name, studentId) < 0) response.setStatus(HttpStatus.BAD_REQUEST.value()); }else{ response.setStatus(HttpStatus.BAD_REQUEST.value()); } } }

package com.example.pkscl.controller; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; @RestController public class TestController { @GetMapping("/whoami") // 세션으로부터 email, position 정보를 가져온다. public String whoami(HttpServletRequest request) { HttpSession session = request.getSession(false); String email = (String) session.getAttribute("email"); String position = (String) session.getAttribute("position"); String majorNumber = (String) session.getAttribute("majorNumber"); String status = (String) session.getAttribute("status"); return "email: " + email + ", position: " + position + ", majorNumber: " + majorNumber + ", status: " + status; } }

package com.example.pkscl.controller; import org.springframework.boot.web.servlet.error.ErrorController; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; @Controller public class WebController implements ErrorController { @GetMapping("/error") public String error() { return "/index.html"; } }