Merge pull request #27 from DMU-DebugVisual/feat/s3-integration

feat: S3를 이용한 파일 업로드 기능 구현(#26)

Author: 1anminJ

.gitignore

@@ -36,3 +36,6 @@ out/
 
 ### VS Code ###
 .vscode/
+
+# Secret properties file
+application-secret.properties

build.gradle

@@ -40,7 +40,7 @@ dependencies {
     runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
     runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
 
-//    implementation 'software.amazon.awssdk:s3'
+    implementation 'io.awspring.cloud:spring-cloud-aws-starter-s3:3.1.1'
 }
 
 tasks.named('test') {

src/main/java/com/dmu/debug_visual/config/S3Config.java

@@ -0,0 +1,32 @@
+package com.dmu.debug_visual.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.s3.S3Client;
+
+@Configuration
+public class S3Config {
+
+    @Value("${spring.cloud.aws.credentials.access-key}")
+    private String accessKey;
+
+    @Value("${spring.cloud.aws.credentials.secret-key}")
+    private String secretKey;
+
+    @Value("${spring.cloud.aws.region.static}")
+    private String region;
+
+    @Bean
+    public S3Client s3Client() {
+        AwsBasicCredentials credentials = AwsBasicCredentials.create(accessKey, secretKey);
+
+        return S3Client.builder()
+                .region(Region.of(region))
+                .credentialsProvider(StaticCredentialsProvider.create(credentials))
+                .build();
+    }
+}

src/main/java/com/dmu/debug_visual/config/SecurityConfig.java

@@ -6,12 +6,13 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
-import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
@@ -35,85 +36,81 @@ public class SecurityConfig {
     @Value("${compiler.python.url}")
     private String compilerPythonUrl;
 
-    // 1. JWT 인증이 필요한 API를 위한 필터 체인 (우선순위 1)
+    /**
+     * "dev" 프로파일 (개발 환경)을 위한 보안 설정
+     * ADMIN 권한 체크를 제외하여 USER 권한으로도 ADMIN API 테스트가 가능합니다.
+     */
     @Bean
-    @Order(1)
-    @Profile("!dev")
-    public SecurityFilterChain jwtFilterChain(HttpSecurity http) throws Exception {
+    @Profile("dev")
+    public SecurityFilterChain devSecurityFilterChain(HttpSecurity http) throws Exception {
         http
-                .securityMatcher("/api/posts/**", "/api/notifications/**", "/api/admin/**", "/api/report/**", "/api/comments/**") // 이 경로들에 대해서만 이 필터 체인을 적용
                 .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                 .csrf(AbstractHttpConfigurer::disable)
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .formLogin(AbstractHttpConfigurer::disable)
+                .httpBasic(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
+                        // 1. 누구나 접근 가능한 경로
+                        .requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
+                        .requestMatchers("/api/users/login", "/api/users/signup").permitAll()
+                        .requestMatchers("/api/code/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/api/posts/**", "/api/comments/**").permitAll()
-                        .requestMatchers("/api/admin/**").hasRole("ADMIN")
-                        .requestMatchers("/api/posts/**").hasAnyRole("USER", "ADMIN")
-                        .requestMatchers("/api/notifications/**").hasAnyRole("USER", "ADMIN")
-                        .requestMatchers("/api/report/**").hasAnyRole("USER", "ADMIN")
-                        .requestMatchers("/api/comments/**").hasAnyRole("USER", "ADMIN")
+
+                        // 2. USER 권한이 필요한 경로
+                        .requestMatchers("/api/posts/**").hasRole("USER")
+                        .requestMatchers("/api/notifications/**").hasRole("USER")
+                        .requestMatchers("/api/report/**").hasRole("USER")
+                        .requestMatchers("/api/comments/**").hasRole("USER")
+                        .requestMatchers("/api/files/upload").hasRole("USER")
+
+                        // 3. 나머지 모든 요청은 인증된 사용자만 접근 가능 (ADMIN 경로 포함)
                         .anyRequest().authenticated()
                 )
                 .addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider, userRepository),
-                        UsernamePasswordAuthenticationFilter.class)
-                .formLogin(AbstractHttpConfigurer::disable)
-                .httpBasic(AbstractHttpConfigurer::disable);
-
+                        UsernamePasswordAuthenticationFilter.class);
         return http.build();
     }
 
-    // 2. JWT 인증이 필요 없는 API 및 기타 경로를 위한 필터 체인 (우선순위 2)
+    /**
+     * "prod", "default" 등 운영 환경을 위한 보안 설정
+     * ADMIN 경로는 ADMIN 권한이 있는 사용자만 접근 가능합니다.
+     */
     @Bean
-    @Order(2)
     @Profile("!dev")
-    public SecurityFilterChain publicFilterChain(HttpSecurity http) throws Exception {
+    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
         http
-                // securityMatcher를 지정하지 않으면 나머지 모든 요청을 처리합니다.
                 .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                 .csrf(AbstractHttpConfigurer::disable)
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .formLogin(AbstractHttpConfigurer::disable)
+                .httpBasic(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
-                        // 로그인, 회원가입, Swagger 등 인증이 필요 없는 경로는 여기서 permitAll() 처리
-                        .requestMatchers(
-                                "/api/users/login",
-                                "/api/users/signup",
-                                "/swagger-ui/**",
-                                "/v3/api-docs/**",
-                                "/api/code/**"
-                        ).permitAll()
+                        // 1. 누구나 접근 가능한 경로
+                        .requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
+                        .requestMatchers("/api/users/login", "/api/users/signup").permitAll()
+                        .requestMatchers("/api/code/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/api/posts/**", "/api/comments/**").permitAll()
-                        .anyRequest().permitAll()
-                );
 
-        return http.build();
-    }
+                        // 2. ADMIN 권한이 필요한 경로
+                        .requestMatchers("/api/admin/**").hasRole("ADMIN")
 
-    // "dev" 프로파일에서 사용할 보안 설정
-    @Bean
-    @Profile("dev")
-    public SecurityFilterChain devSecurityFilterChain(HttpSecurity http) throws Exception {
-        http
-                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
-                .csrf(AbstractHttpConfigurer::disable)
-                .authorizeHttpRequests(auth -> auth
-                        .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() // CORS preflight 허용
-                        // dev 환경에서 인증 없이 접근을 허용할 경로
-                        .requestMatchers(
-                                "/api/admin/**",
-                                "/api/users/login",
-                                "/api/users/signup",
-                                "/swagger-ui/**",
-                                "/v3/api-docs/**",
-                                "/api/code/**"
-                        ).permitAll()
-                        // 그 외 모든 요청은 인증을 요구하도록 설정 (!dev 환경과 유사하게)
+                        // 3. USER 권한이 필요한 경로
+                        .requestMatchers("/api/posts/**").hasRole("USER")
+                        .requestMatchers("/api/notifications/**").hasRole("USER")
+                        .requestMatchers("/api/report/**").hasRole("USER")
+                        .requestMatchers("/api/comments/**").hasRole("USER")
+                        .requestMatchers("/api/files/upload").hasRole("USER")
+
+
+                        // 4. 나머지 모든 요청은 인증된 사용자만 접근 가능
                         .anyRequest().authenticated()
                 )
                 .addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider, userRepository),
-                        UsernamePasswordAuthenticationFilter.class)
-                .formLogin(AbstractHttpConfigurer::disable)
-                .httpBasic(AbstractHttpConfigurer::disable);
+                        UsernamePasswordAuthenticationFilter.class);
         return http.build();
     }
 
+    // --- 공통 Bean 설정 ---
     @Bean
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
@@ -139,4 +136,4 @@ public CorsConfigurationSource corsConfigurationSource() {
         source.registerCorsConfiguration("/**", config);
         return source;
     }
-}
+}

src/main/java/com/dmu/debug_visual/file_upload/FileController.java

@@ -0,0 +1,42 @@
+package com.dmu.debug_visual.file_upload;
+
+import com.dmu.debug_visual.security.CustomUserDetails;
+import io.swagger.v3.oas.annotations.Operation;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.multipart.MultipartFile;
+
+import java.io.IOException;
+
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/api/files") // 공통되는 URL 경로 설정
+public class FileController {
+
+    private final S3Uploader s3Uploader;
+
+    @Operation(summary = "파일 업로드", description = "form-data 형식으로 파일을 업로드합니다.")
+    @PostMapping(value = "/upload", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
+    public ResponseEntity<String> uploadFile(
+            @RequestParam("file") MultipartFile file,
+            @AuthenticationPrincipal CustomUserDetails userDetails) { // <-- String 대신 CustomUserDetails로 변경
+
+        // userDetails 객체에서 userId를 직접 꺼내서 사용합니다.
+        String userId = userDetails.getUsername(); // 또는 userDetails.getUser().getUserId()
+
+        try {
+            String fileUrl = s3Uploader.upload(file, userId + "-codes");
+            return ResponseEntity.ok(fileUrl);
+        } catch (IOException e) {
+            e.printStackTrace();
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("파일 업로드에 실패했습니다.");
+        }
+    }
+}

src/main/java/com/dmu/debug_visual/file_upload/S3Uploader.java

@@ -0,0 +1,42 @@
+package com.dmu.debug_visual.file_upload;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+import org.springframework.web.multipart.MultipartFile;
+import software.amazon.awssdk.core.sync.RequestBody;
+import software.amazon.awssdk.services.s3.S3Client;
+import software.amazon.awssdk.services.s3.model.PutObjectRequest;
+
+import java.io.IOException;
+import java.util.UUID;
+
+@Service
+@RequiredArgsConstructor
+public class S3Uploader {
+
+    private final S3Client s3Client;
+
+    @Value("${spring.cloud.aws.s3.bucket}")
+    private String bucket;
+
+    public String upload(MultipartFile file, String dirName) throws IOException {
+        // 1. 고유한 파일 이름 생성
+        String originalFilename = file.getOriginalFilename();
+        String uniqueFileName = dirName + "/" + UUID.randomUUID().toString() + "_" + originalFilename;
+
+        // 2. S3에 업로드할 요청 객체 생성
+        PutObjectRequest putObjectRequest = PutObjectRequest.builder()
+                .bucket(bucket)
+                .key(uniqueFileName)
+                .contentType(file.getContentType())
+                .contentLength(file.getSize())
+                .build();
+
+        // 3. 파일의 InputStream을 RequestBody로 만들어 S3에 업로드
+        s3Client.putObject(putObjectRequest, RequestBody.fromInputStream(file.getInputStream(), file.getSize()));
+
+        // 4. 업로드된 파일의 URL 반환
+        return s3Client.utilities().getUrl(builder -> builder.bucket(bucket).key(uniqueFileName)).toString();
+    }
+}

src/main/resources/application.properties

@@ -35,3 +35,10 @@ jwt.secret=bnTweUtRuSmcelFon7OFd2Px/ZaVWgEhMpAzyl/+LnEQLG8bKe+F5nA4UJTWwT0iM627y
 jwt.expiration=300000
 
 compiler.python.url=http://flask-server:5050/run
+
+# AWS S3-related Properties
+spring.cloud.aws.region.static=ap-northeast-2
+spring.cloud.aws.s3.bucket=zivorp-storage
+
+# Include secret properties
+spring.profiles.include=secret