⚡ MarkSphere v1.0.10

입력 데이터 검증 로직 개선(dto에서 1차적으로 검증. 이후, DB에서 검증)

Author: son0307

src/main/java/com/sonkim/bookmarking/common/exception/GlobalExceptionHandler.java

@@ -6,14 +6,17 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authorization.AuthorizationDeniedException;
+import org.springframework.validation.BindingResult;
 import org.springframework.web.HttpRequestMethodNotSupportedException;
+import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.servlet.resource.NoResourceFoundException;
 
 import java.time.LocalDateTime;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.stream.Collectors;
 
 @Slf4j
 @Hidden
@@ -63,6 +66,21 @@ public ResponseEntity<?> handleNoResourceFoundException(NoResourceFoundException
         return buildResponse(HttpStatus.NOT_FOUND, e.getMessage());
     }
 
+    // MethodArgumentNotValidException 처리
+    @ExceptionHandler(MethodArgumentNotValidException.class)
+    public ResponseEntity<?> handleMethodArgumentNotValidException(MethodArgumentNotValidException e) {
+        BindingResult bindingResult = e.getBindingResult();
+
+        // 에러 메시지 가공: "필드명: 에러내용, 필드명: 에러내용"
+        String errorMessage = bindingResult.getFieldErrors().stream()
+                .map(fieldError -> fieldError.getField() + ": " + fieldError.getDefaultMessage())
+                .collect(Collectors.joining(", "));
+
+        log.warn("400(BAD_REQUEST) 유효성 검사 실패: {}", errorMessage);
+
+        return buildResponse(HttpStatus.BAD_REQUEST, errorMessage);
+    }
+
     // '좋아요' 중복 에러 처리
     @ExceptionHandler(DuplicateBookmarkLikeException.class)
     public ResponseEntity<?> handleDuplicateBookmarkLikeException(DuplicateBookmarkLikeException e) {

src/main/java/com/sonkim/bookmarking/domain/bookmark/controller/BookmarkController.java

@@ -12,6 +12,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
@@ -52,7 +53,7 @@ public ResponseEntity<BookmarkResponseDto> getBookmark(
     @PatchMapping("/{bookmarkId}")
     public ResponseEntity<String> updateBookmark(@AuthenticationPrincipal UserDetailsImpl userDetails,
                                             @PathVariable("bookmarkId") Long bookmarkId,
-                                            @RequestBody BookmarkRequestDto bookmarkRequestDto) {
+                                            @RequestBody @Valid BookmarkRequestDto bookmarkRequestDto) {
         log.info("userId: {}, bookmarkId: {} 북마크 수정 요청", userDetails.getId(), bookmarkId);
         bookmarkService.updateBookmark(userDetails.getId(), bookmarkId, bookmarkRequestDto);
         return ResponseEntity.ok("bookmarkId: " + bookmarkId + " updated");

src/main/java/com/sonkim/bookmarking/domain/bookmark/controller/TeamBookmarkController.java

@@ -12,6 +12,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
@@ -39,7 +40,7 @@ public class TeamBookmarkController {
     @Idempotent
     public ResponseEntity<BookmarkResponseDto> createBookmark(@AuthenticationPrincipal UserDetailsImpl userDetails,
                                             @PathVariable Long groupId,
-                                            @RequestBody BookmarkRequestDto bookmarkRequestDto) {
+                                            @RequestBody @Valid BookmarkRequestDto bookmarkRequestDto) {
         log.info("userId: {}, url: {} 북마크 생성 요청", userDetails.getId(), bookmarkRequestDto.getUrl());
         BookmarkResponseDto responseDto = bookmarkService.createBookmark(userDetails.getId(), groupId, bookmarkRequestDto);
 

src/main/java/com/sonkim/bookmarking/domain/bookmark/dto/BookmarkRequestDto.java

@@ -1,17 +1,35 @@
 package com.sonkim.bookmarking.domain.bookmark.dto;
 
+import jakarta.validation.constraints.Max;
+import jakarta.validation.constraints.Min;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Size;
 import lombok.Data;
 
 import java.util.List;
 
 @Data
 public class BookmarkRequestDto {
     private Long categoryId;
+
+    @NotBlank(message = "URL은 필수입니다.")
     private String url;
+
+    @Size(max = 100, message = "제목은 100자를 초과할 수 없습니다.")
     private String title;
+
+    @Size(max = 5000)
     private String description;
+
+    @Size(max = 10, message = "태그는 최대 10개까지만 등록할 수 있습니다.")
     private List<String> tagNames;
+
+    @Min(value = -90, message = "위도는 -90 이상이어야 합니다.")
+    @Max(value = 90, message = "위도는 90 이하여야 합니다.")
     private Double latitude;
+
+    @Min(value = -180, message = "경도는 -180 이상이어야 합니다.")
+    @Max(value = 180, message = "경도는 180 이하여야 합니다.")
     private Double longitude;
     private String imageKey;            // S3에 직접 업로드한 경우의 파일 키
     private String originalImageUrl;    // OG 정보의 이미지 URL

src/main/java/com/sonkim/bookmarking/domain/category/controller/CategoryController.java

@@ -7,6 +7,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
@@ -43,7 +44,7 @@ public ResponseEntity<List<CategoryDto.CategoryResponseDto>> getCategories(@Path
     @PostMapping("/groups/{groupId}/categories")
     public ResponseEntity<List<CategoryDto.CategoryResponseDto>> createCategory(@AuthenticationPrincipal UserDetailsImpl userDetails,
                                             @PathVariable("groupId") Long groupId,
-                                            @RequestBody CategoryDto.CategoryRequestDto request) {
+                                            @RequestBody @Valid CategoryDto.CategoryRequestDto request) {
         List<CategoryDto.CategoryResponseDto> updatedCategories = categoryService.createCategory(userDetails.getId(), groupId, request);
         return ResponseEntity.status(HttpStatus.CREATED).body(updatedCategories);
     }
@@ -57,7 +58,7 @@ public ResponseEntity<List<CategoryDto.CategoryResponseDto>> createCategory(@Aut
     @PatchMapping("/categories/{categoryId}")
     public ResponseEntity<List<CategoryDto.CategoryResponseDto>> updateCategory(@AuthenticationPrincipal UserDetailsImpl userDetails,
                                             @PathVariable("categoryId") Long categoryId,
-                                            @RequestBody CategoryDto.CategoryRequestDto request) {
+                                            @RequestBody @Valid CategoryDto.CategoryRequestDto request) {
         List<CategoryDto.CategoryResponseDto> updatedCategories = categoryService.updateCategory(userDetails.getId(), categoryId, request);
         return ResponseEntity.ok(updatedCategories);
     }
@@ -81,9 +82,9 @@ public ResponseEntity<List<CategoryDto.CategoryResponseDto>> deleteCategory(@Aut
     public ResponseEntity<Void> updateCategoryPositions(
             @AuthenticationPrincipal UserDetailsImpl userDetails,
             @PathVariable Long groupId,
-            @RequestBody List<CategoryDto.UpdatePositionRequestDto> requests
+            @RequestBody @Valid CategoryDto.CategoryOrderUpdateRequest requests
     ) {
-        categoryService.updateCategoryPositions(userDetails.getId(), groupId, requests);
+        categoryService.updateCategoryPositions(userDetails.getId(), groupId, requests.getCategories());
         return ResponseEntity.ok().build();
     }
 }

src/main/java/com/sonkim/bookmarking/domain/category/dto/CategoryDto.java

@@ -1,15 +1,24 @@
 package com.sonkim.bookmarking.domain.category.dto;
 
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.Min;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 
+import java.util.List;
+
 public class CategoryDto {
 
     // 카테고리 생성,갱신 요청 DTO
     @Data
     public static class CategoryRequestDto {
+        @NotBlank(message = "카테고리 이름은 필수입니다.")
+        @Size(max = 20, message = "카테고리 이름은 20를 초과할 수 없습니다.")
         private String name;
     }
 
@@ -27,7 +36,19 @@ public static class CategoryResponseDto {
     // 카테고리 순서 업데이트 요청 DTO
     @Data
     public static class UpdatePositionRequestDto {
+        @NotNull(message = "카테고리 ID는 필수입니다.")
         private Long categoryId;
+
+        @NotNull(message = "순서 값은 필수입니다.")
+        @Min(value = 0, message = "순서는 0 이상이어야 합니다.")
         private Integer position;
     }
+
+    @Data
+    public static class CategoryOrderUpdateRequest {
+        @Valid
+        @NotNull(message = "변경할 카테고리 목록은 필수입니다.")
+        @Size(min = 1, message = "최소 1개 이상의 카테고리가 있어야 합니다.")
+        private List<UpdatePositionRequestDto> categories;
+    }
 }

src/main/java/com/sonkim/bookmarking/domain/comment/controller/CommentController.java

@@ -10,6 +10,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
@@ -32,7 +33,7 @@ public class CommentController {
     public ResponseEntity<CommentDto.CreateResponseDto> createComment(
             @AuthenticationPrincipal UserDetailsImpl userDetails,
             @Parameter(description = "댓글/답글을 작성할 북마크 ID") @PathVariable("bookmarkId") Long bookmarkId,
-            @RequestBody CommentDto.CreateRequestDto request) {
+            @RequestBody @Valid CommentDto.CreateRequestDto request) {
         CommentDto.CreateResponseDto newCommentDto = commentService.createComment(userDetails.getId(), bookmarkId, request);
         return ResponseEntity.status(201).body(newCommentDto);
     }

src/main/java/com/sonkim/bookmarking/domain/comment/dto/CommentDto.java

@@ -1,5 +1,7 @@
 package com.sonkim.bookmarking.domain.comment.dto;
 
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Size;
 import lombok.Builder;
 import lombok.Data;
 
@@ -10,7 +12,10 @@ public class CommentDto {
     // 댓글, 답글 등록 DTO
     @Data
     public static class CreateRequestDto {
+        @NotBlank(message = "댓글 내용은 필수입니다.")
+        @Size(max = 100, message = "댓글은 100자를 초과할 수 없습니다.")
         private String content;
+
         private Long parentId;  // 최상위 댓글이면 null, 답글이면 부모 댓글 ID
     }
 

src/main/java/com/sonkim/bookmarking/domain/mypage/controller/MyPageController.java

@@ -15,6 +15,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
@@ -56,7 +57,7 @@ public ResponseEntity<PresignedUrlDto> getProfileImageUploadUrl(
     @ApiResponse(responseCode = "200", description = "프로필 수정 성공")
     @PatchMapping("/profile")
     public ResponseEntity<Void> updateMyProfile(@AuthenticationPrincipal UserDetailsImpl userDetails,
-                                                @RequestBody MyProfileDto.UpdateRequestDto updateDto) {
+                                                @RequestBody @Valid MyProfileDto.UpdateRequestDto updateDto) {
         myPageService.updateProfile(userDetails.getId(), updateDto);
         return ResponseEntity.ok().build();
     }
@@ -68,7 +69,7 @@ public ResponseEntity<Void> updateMyProfile(@AuthenticationPrincipal UserDetails
     })
     @PatchMapping("/password")
     public ResponseEntity<Void> changePassword(@AuthenticationPrincipal UserDetailsImpl userDetails,
-                                               @RequestBody PasswordDto passwordDto) {
+                                               @RequestBody @Valid PasswordDto passwordDto) {
         myPageService.changePassword(userDetails.getId(), passwordDto);
         return ResponseEntity.ok().build();
     }

src/main/java/com/sonkim/bookmarking/domain/mypage/dto/MyProfileDto.java

@@ -1,5 +1,7 @@
 package com.sonkim.bookmarking.domain.mypage.dto;
 
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Size;
 import lombok.Builder;
 import lombok.Data;
 
@@ -14,7 +16,10 @@ public static class MyProfileResponseDto {
 
     @Data
     public static class UpdateRequestDto {
+        @NotBlank(message = "닉네임은 필수입니다.")
+        @Size(max = 20, message = "닉네임은 20자를 초과할 수 없습니다.")
         private String nickname;
+
         private String imageKey;
     }
 }