🔒️ 행안부 프리셋 보안 점검 1차 점검
This commit is contained in:
kimjaeyeol
@@ -8,6 +8,7 @@ import org.egovframe.cloud.boardservice.domain.board.Board;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.math.BigDecimal;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@@ -193,7 +194,7 @@ public class BoardResponseDto implements Serializable {
|
||||
* @param posts 게시물 목록
|
||||
*/
|
||||
public void setNewestPosts(List<PostsSimpleResponseDto> posts) {
|
||||
this.posts = posts;
|
||||
this.posts = new ArrayList<>(posts);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -8,6 +8,7 @@ import org.egovframe.cloud.boardservice.domain.posts.Posts;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@@ -202,14 +203,14 @@ public class PostsResponseDto implements Serializable {
|
||||
* 이전 게시물
|
||||
*/
|
||||
public void setPrevPosts(List<PostsSimpleResponseDto> prevPosts) {
|
||||
this.prevPosts = prevPosts;
|
||||
this.prevPosts = new ArrayList<>(prevPosts);
|
||||
}
|
||||
|
||||
/**
|
||||
* 다음 게시물
|
||||
*/
|
||||
public void setNextPosts(List<PostsSimpleResponseDto> nextPosts) {
|
||||
this.nextPosts = nextPosts;
|
||||
this.nextPosts = new ArrayList<>(nextPosts);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@ import org.hibernate.annotations.OnDelete;
|
||||
import org.hibernate.annotations.OnDeleteAction;
|
||||
|
||||
import javax.persistence.*;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@@ -137,7 +138,7 @@ public class Posts extends BaseEntity {
|
||||
this.noticeAt = noticeAt;
|
||||
this.deleteAt = deleteAt;
|
||||
this.creator = creator;
|
||||
this.comments = comments;
|
||||
this.comments = new ArrayList<>(comments);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -128,7 +128,7 @@ public class BoardService extends AbstractService {
|
||||
* @param boardNo 게시판 번호
|
||||
* @return Board 게시판 엔티티
|
||||
*/
|
||||
private Board findBoard(Integer boardNo) {
|
||||
private Board findBoard(Integer boardNo) throws EntityNotFoundException {
|
||||
return boardRepository.findById(boardNo)
|
||||
.orElseThrow(() -> new EntityNotFoundException(getMessage("valid.notexists.format", new Object[]{getMessage("board")})));
|
||||
}
|
||||
|
||||
@@ -125,7 +125,7 @@ public class CommentService extends AbstractService {
|
||||
* @param requestDto 댓글 등록 요청 DTO
|
||||
*/
|
||||
@Transactional
|
||||
public CommentResponseDto save(CommentSaveRequestDto requestDto) {
|
||||
public CommentResponseDto save(CommentSaveRequestDto requestDto) throws InvalidValueException {
|
||||
if (requestDto.getBoardNo() == null || requestDto.getPostsNo() == null) {
|
||||
throw new InvalidValueException(getMessage("err.invalid.input.value"));
|
||||
}
|
||||
@@ -225,7 +225,7 @@ public class CommentService extends AbstractService {
|
||||
* @param commentNo 댓글 번호
|
||||
* @return Comment 댓글 엔티티
|
||||
*/
|
||||
private Comment findComment(Integer boardNo, Integer postsNo, Integer commentNo) {
|
||||
private Comment findComment(Integer boardNo, Integer postsNo, Integer commentNo) throws InvalidValueException {
|
||||
if (boardNo == null || postsNo == null || commentNo == null) {
|
||||
throw new InvalidValueException(getMessage("err.invalid.input.value"));
|
||||
}
|
||||
@@ -252,7 +252,7 @@ public class CommentService extends AbstractService {
|
||||
* @param userId 사용자 id
|
||||
* @return Comment 댓글 엔티티
|
||||
*/
|
||||
private Comment findCommentByCreatedBy(Integer boardNo, Integer postsNo, Integer commentNo, String userId) {
|
||||
private Comment findCommentByCreatedBy(Integer boardNo, Integer postsNo, Integer commentNo, String userId) throws BusinessMessageException {
|
||||
if (userId == null) {
|
||||
throw new BusinessMessageException(getMessage("err.required.login")); // 로그인 후 다시 시도해주세요.
|
||||
}
|
||||
@@ -272,7 +272,7 @@ public class CommentService extends AbstractService {
|
||||
*
|
||||
* @param posts 게시물 엔티티
|
||||
*/
|
||||
private void checkEditableComment(Posts posts) {
|
||||
private void checkEditableComment(Posts posts) throws EntityNotFoundException, BusinessMessageException {
|
||||
Board board = posts.getBoard();
|
||||
if (board == null) {
|
||||
throw new EntityNotFoundException(getMessage("valid.notexists.format", new Object[]{getMessage("board")})); // 게시판이(가) 없습니다.
|
||||
|
||||
@@ -86,7 +86,7 @@ public class PostsService extends AbstractService {
|
||||
* @param postsCount 게시물 수
|
||||
* @return Map<Integer, BoardResponseDto> 최근 게시물이 포함된 게시판 상세 응답 DTO Map
|
||||
*/
|
||||
public Map<Integer, BoardResponseDto> findNewest(List<Integer> boardNos, Integer postsCount) {
|
||||
public Map<Integer, BoardResponseDto> findNewest(List<Integer> boardNos, Integer postsCount) throws InvalidValueException {
|
||||
if (boardNos == null || boardNos.isEmpty())
|
||||
throw new InvalidValueException(getMessage("err.invalid.input.value"));
|
||||
|
||||
@@ -133,7 +133,7 @@ public class PostsService extends AbstractService {
|
||||
* @return PostsResponseDto 게시물 응답 DTO
|
||||
*/
|
||||
@Transactional
|
||||
public PostsResponseDto findById(Integer boardNo, Integer postsNo, Integer deleteAt, String userId, String ipAddr, RequestDto requestDto) {
|
||||
public PostsResponseDto findById(Integer boardNo, Integer postsNo, Integer deleteAt, String userId, String ipAddr, RequestDto requestDto) throws EntityNotFoundException, BusinessMessageException {
|
||||
PostsResponseDto dto = postsRepository.findById(boardNo, postsNo, userId, ipAddr);
|
||||
|
||||
if (dto == null) {
|
||||
|
||||
@@ -31,6 +31,9 @@ public class AttachmentImageResponseDto {
|
||||
@Builder
|
||||
public AttachmentImageResponseDto(String mimeType, byte[] data) {
|
||||
this.mimeType = mimeType;
|
||||
this.data = data;
|
||||
this.data = new byte[data.length];
|
||||
for (int i = 0; i < data.length; i++) {
|
||||
this.data[i] = data[i];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -48,6 +48,6 @@ public class MenuDnDRequestDto {
|
||||
this.parentId = parentId;
|
||||
this.level = level;
|
||||
this.icon = icon;
|
||||
this.children = children;
|
||||
this.children = new ArrayList<>(children);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.ToString;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@@ -53,6 +54,6 @@ public class MenuRoleRequestDto {
|
||||
this.sortSeq = sortSeq;
|
||||
this.icon = icon;
|
||||
this.level = level;
|
||||
this.children = children;
|
||||
this.children = new ArrayList<>(children);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -74,7 +74,7 @@ public class MessageSourceFiles {
|
||||
try {
|
||||
Files.createDirectory(Paths.get(fileMessagesDirectory).toAbsolutePath().normalize());
|
||||
} catch (FileAlreadyExistsException e) {
|
||||
log.info("메시지 폴더 경로에 파일이나 디렉토리가 이미 존재, {}", e.getMessage());
|
||||
log.error("메시지 폴더 경로에 파일이나 디렉토리가 이미 존재", e);
|
||||
} catch (IOException e) {
|
||||
log.error("메시지 폴더 생성 오류", e);
|
||||
}
|
||||
@@ -102,7 +102,7 @@ public class MessageSourceFiles {
|
||||
try (FileOutputStream out = new FileOutputStream(propFile)) {
|
||||
prop.store(out, "messages");
|
||||
} catch (IOException e) {
|
||||
log.error("Messages FileOutputStream IOException = {}, {}", e.getMessage(), e.getCause());
|
||||
log.error("Messages FileOutputStream IOException", e);
|
||||
}
|
||||
|
||||
// files
|
||||
|
||||
@@ -113,7 +113,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @param editorRequestDto
|
||||
* @return
|
||||
*/
|
||||
public AttachmentEditorResponseDto uploadEditor(AttachmentBase64RequestDto editorRequestDto) {
|
||||
public AttachmentEditorResponseDto uploadEditor(AttachmentBase64RequestDto editorRequestDto) throws BusinessMessageException {
|
||||
String fileBase64 = editorRequestDto.getFileBase64();
|
||||
|
||||
if (fileBase64 == null || fileBase64.equals("")) {
|
||||
@@ -158,7 +158,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @return
|
||||
*/
|
||||
@Transactional(readOnly = true)
|
||||
public AttachmentImageResponseDto loadImageByUniqueId(String uniqueId) {
|
||||
public AttachmentImageResponseDto loadImageByUniqueId(String uniqueId) throws EntityNotFoundException {
|
||||
Attachment attachment = attachmentRepository.findAllByUniqueId(uniqueId)
|
||||
// 파일을 찾을 수 없습니다.
|
||||
.orElseThrow(() -> new EntityNotFoundException(getMessage("valid.file.not_found") + " ID= " + uniqueId));
|
||||
@@ -172,7 +172,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @param uniqueId
|
||||
* @return
|
||||
*/
|
||||
public AttachmentDownloadResponseDto downloadFile(String uniqueId) {
|
||||
public AttachmentDownloadResponseDto downloadFile(String uniqueId) throws EntityNotFoundException, BusinessMessageException {
|
||||
Attachment attachment = attachmentRepository.findAllByUniqueId(uniqueId)
|
||||
// 파일을 찾을 수 없습니다.
|
||||
.orElseThrow(() -> new EntityNotFoundException(getMessage("valid.file.not_found") + " ID= " + uniqueId));
|
||||
@@ -212,7 +212,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @param uniqueId
|
||||
* @return
|
||||
*/
|
||||
public AttachmentDownloadResponseDto downloadAttachment(String uniqueId) {
|
||||
public AttachmentDownloadResponseDto downloadAttachment(String uniqueId) throws EntityNotFoundException {
|
||||
Attachment attachment = attachmentRepository.findAllByUniqueId(uniqueId)
|
||||
// 파일을 찾을 수 없습니다.
|
||||
.orElseThrow(() -> new EntityNotFoundException(getMessage("valid.file.not_found") + " ID= " + uniqueId));
|
||||
@@ -272,7 +272,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @param saveRequestDtoList
|
||||
* @return
|
||||
*/
|
||||
public String saveByCode(String attachmentCode, List<AttachmentTempSaveRequestDto> saveRequestDtoList) {
|
||||
public String saveByCode(String attachmentCode, List<AttachmentTempSaveRequestDto> saveRequestDtoList) throws EntityNotFoundException {
|
||||
for (AttachmentTempSaveRequestDto saveRequestDto : saveRequestDtoList) {
|
||||
// 사용자 삭제인 경우 삭제여부 Y
|
||||
if (saveRequestDto.isDelete()) {
|
||||
@@ -322,7 +322,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @param isDelete
|
||||
* @return
|
||||
*/
|
||||
public String toggleDelete(String uniqueId, boolean isDelete) {
|
||||
public String toggleDelete(String uniqueId, boolean isDelete) throws EntityNotFoundException {
|
||||
Attachment attachment = attachmentRepository.findAllByUniqueId(uniqueId)
|
||||
// 파일을 찾을 수 없습니다.
|
||||
.orElseThrow(() -> new EntityNotFoundException(getMessage("valid.file.not_found") + " ID= " + uniqueId));
|
||||
@@ -336,7 +336,7 @@ public class AttachmentService extends AbstractService {
|
||||
*
|
||||
* @param uniqueId
|
||||
*/
|
||||
public void delete(String uniqueId) {
|
||||
public void delete(String uniqueId) throws EntityNotFoundException {
|
||||
Attachment attachment = attachmentRepository.findAllByUniqueId(uniqueId)
|
||||
// 파일을 찾을 수 없습니다.
|
||||
.orElseThrow(() -> new EntityNotFoundException(getMessage("valid.file.not_found") + " ID= " + uniqueId));
|
||||
@@ -400,7 +400,7 @@ public class AttachmentService extends AbstractService {
|
||||
public String uploadAndUpdate(List<MultipartFile> files,
|
||||
String attachmentCode,
|
||||
AttachmentUploadRequestDto uploadRequestDto,
|
||||
List<AttachmentUpdateRequestDto> updateRequestDtoList) {
|
||||
List<AttachmentUpdateRequestDto> updateRequestDtoList) throws EntityNotFoundException {
|
||||
String basePath = LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyyMM"));
|
||||
|
||||
// 기존 파일 삭제 처리
|
||||
@@ -466,7 +466,7 @@ public class AttachmentService extends AbstractService {
|
||||
*
|
||||
* @param attachmentCode
|
||||
*/
|
||||
public void deleteAllEmptyEntity(String attachmentCode) {
|
||||
public void deleteAllEmptyEntity(String attachmentCode) throws EntityNotFoundException, BusinessMessageException {
|
||||
List<Attachment> attachmentList = attachmentRepository.findByCode(attachmentCode);
|
||||
|
||||
if (attachmentList == null || attachmentList.size() <= 0) {
|
||||
|
||||
@@ -46,7 +46,7 @@ public class CodeService extends AbstractService {
|
||||
* @param codeId
|
||||
* @return
|
||||
*/
|
||||
public CodeResponseDto findByCodeId(String codeId) {
|
||||
public CodeResponseDto findByCodeId(String codeId) throws EntityNotFoundException {
|
||||
Code code = codeRepository.findByCodeId(codeId)
|
||||
.orElseThrow(() -> new EntityNotFoundException("해당 데이터가 존재하지 않습니다. ID =" + codeId));
|
||||
return new CodeResponseDto(code);
|
||||
@@ -59,7 +59,7 @@ public class CodeService extends AbstractService {
|
||||
* @return
|
||||
*/
|
||||
@Transactional
|
||||
public String save(CodeSaveRequestDto saveRequestDto) {
|
||||
public String save(CodeSaveRequestDto saveRequestDto) throws BusinessException {
|
||||
Optional<Code> byCodeId = codeRepository.findByCodeId(saveRequestDto.getCodeId());
|
||||
if (byCodeId.isPresent()) {
|
||||
throw new BusinessException("코드ID 중복 : " + byCodeId, ErrorCode.DUPLICATE_INPUT_INVALID);
|
||||
@@ -75,7 +75,7 @@ public class CodeService extends AbstractService {
|
||||
* @return
|
||||
*/
|
||||
@Transactional
|
||||
public String update(String codeId, CodeUpdateRequestDto requestDto) {
|
||||
public String update(String codeId, CodeUpdateRequestDto requestDto) throws EntityNotFoundException {
|
||||
Code code = codeRepository.findByCodeId(codeId)
|
||||
.orElseThrow(() -> new EntityNotFoundException("해당 데이터가 존재하지 않습니다. ID =" + codeId));
|
||||
|
||||
@@ -90,7 +90,7 @@ public class CodeService extends AbstractService {
|
||||
* @param codeId
|
||||
*/
|
||||
@Transactional
|
||||
public void delete(String codeId) {
|
||||
public void delete(String codeId) throws BusinessMessageException {
|
||||
Code code = codeRepository.findByCodeId(codeId)
|
||||
.orElseThrow(() -> new EntityNotFoundException("해당 데이터가 존재하지 않습니다. ID =" + codeId));
|
||||
|
||||
@@ -111,7 +111,7 @@ public class CodeService extends AbstractService {
|
||||
* @return
|
||||
*/
|
||||
@Transactional
|
||||
public String updateUseAt(String codeId, boolean useAt) {
|
||||
public String updateUseAt(String codeId, boolean useAt) throws EntityNotFoundException {
|
||||
Code code = codeRepository.findByCodeId(codeId)
|
||||
.orElseThrow(() -> new EntityNotFoundException("해당 데이터가 존재하지 않습니다. ID =" + codeId));
|
||||
|
||||
|
||||
@@ -149,9 +149,9 @@ public class FileStorageUtils implements StorageUtils {
|
||||
Base64.Decoder decoder = Base64.getDecoder();
|
||||
byte[] decodeBytes = decoder.decode(requestDto.getFileBase64().getBytes());
|
||||
|
||||
FileOutputStream outputStream = new FileOutputStream(file);
|
||||
try (FileOutputStream outputStream = new FileOutputStream(file)) {
|
||||
outputStream.write(decodeBytes);
|
||||
outputStream.close();
|
||||
}
|
||||
|
||||
return filename;
|
||||
|
||||
@@ -285,20 +285,20 @@ public class FileStorageUtils implements StorageUtils {
|
||||
public AttachmentImageResponseDto loadImage(String imagename) {
|
||||
try {
|
||||
Path imagePath = this.fileStorageLocation.resolve(imagename).normalize();
|
||||
InputStream is = new FileInputStream(imagePath.toFile());
|
||||
|
||||
try (InputStream is = new FileInputStream(imagePath.toFile())) {
|
||||
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
|
||||
int read;
|
||||
byte[] data = new byte[(int) imagePath.toFile().length()];
|
||||
while ((read = is.read(data, 0, data.length)) != -1) {
|
||||
buffer.write(data, 0, read);
|
||||
}
|
||||
is.close();
|
||||
|
||||
return AttachmentImageResponseDto.builder()
|
||||
.mimeType(getContentType(imagename))
|
||||
.data(data)
|
||||
.build();
|
||||
}
|
||||
|
||||
} catch (FileNotFoundException | NoSuchFileException ex) {
|
||||
// 파일을 찾을 수 없습니다.
|
||||
throw new BusinessMessageException(messageUtil.getMessage("valid.file.not_found"));
|
||||
|
||||
@@ -225,7 +225,7 @@ public class UserApiController {
|
||||
* @return String 사용자 id
|
||||
*/
|
||||
@PutMapping("/api/v1/users/info/{userId}")
|
||||
public String updateInfo(@PathVariable String userId, @RequestBody @Valid UserUpdateInfoRequestDto requestDto) {
|
||||
public String updateInfo(@PathVariable String userId, @RequestBody @Valid UserUpdateInfoRequestDto requestDto) throws BusinessMessageException {
|
||||
final String authUserId = SecurityContextHolder.getContext().getAuthentication().getName();
|
||||
if (!authUserId.equals(userId)) {
|
||||
throw new BusinessMessageException(messageUtil.getMessage("err.access.denied"));
|
||||
|
||||
@@ -5,7 +5,7 @@ public class UserPasswordChangeEmailTemplate {
|
||||
/**
|
||||
* 객체 생성 금지
|
||||
*/
|
||||
private UserPasswordChangeEmailTemplate() {
|
||||
private UserPasswordChangeEmailTemplate() throws IllegalStateException {
|
||||
throw new IllegalStateException("user password change email template class");
|
||||
}
|
||||
|
||||
|
||||
@@ -10,6 +10,7 @@ import org.hibernate.annotations.OnDelete;
|
||||
import org.hibernate.annotations.OnDeleteAction;
|
||||
|
||||
import javax.persistence.*;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@@ -89,7 +90,7 @@ public class Authorization extends BaseEntity {
|
||||
this.urlPatternValue = urlPatternValue;
|
||||
this.httpMethodCode = httpMethodCode;
|
||||
this.sortSeq = sortSeq;
|
||||
this.roleAuthorizations = roleAuthorizations;
|
||||
this.roleAuthorizations = new ArrayList<>(roleAuthorizations);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -596,32 +596,9 @@ public class UserService extends AbstractService implements UserDetailsService {
|
||||
*/
|
||||
@Transactional
|
||||
public UserResponseDto loadUserBySocial(UserLoginRequestDto requestDto) {
|
||||
/*SocialUserResponseDto socialUserDto = getSocialUserInfo(requestDto.getProvider(), requestDto.getToken());
|
||||
|
||||
UserResponseDto userDto = getAndSaveSocialUser(requestDto.getProvider(), socialUserDto);
|
||||
|
||||
if (userDto == null) {
|
||||
throw new BusinessMessageException(getMessage("err.user.join.social"));
|
||||
}
|
||||
if (!UserStateCode.NORMAL.getKey().equals(userDto.getUserStateCode())) {
|
||||
throw new BusinessMessageException(getMessage("err.user.state.cantlogin"));
|
||||
}
|
||||
|
||||
return userDto;*/
|
||||
SocialUserResponseDto socialUserResponseDto = getSocialUserInfo(requestDto.getProvider(), requestDto.getToken());
|
||||
|
||||
User user = findSocialUser(requestDto.getProvider(), socialUserResponseDto.getId());
|
||||
|
||||
/*// 이메일이 없는 사용자가 이메일을 직접입력하고 나중에 원래 이메일을 가지고 있는 사용자가 다른 접근할 경우 문제가 생길 수 있음
|
||||
if (user == null && socialUserResponseDto.getEmail() != null) {
|
||||
user = userRepository.findByEmail(socialUserResponseDto.getEmail()).orElse(null);
|
||||
|
||||
// 공급자 id로 조회되지 않지만 이메일로 조회되는 경우 공급자 id 등록
|
||||
if (user != null) {
|
||||
user.setSocial(requestDto.getProvider(), socialUserResponseDto.getId());
|
||||
}
|
||||
}*/
|
||||
|
||||
if (user == null) {
|
||||
throw new BusinessException(ErrorCode.REQUIRE_USER_JOIN);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user