Merge pull request #72 from wafflestudio/feat/security

모든 닉네임 endpoint에 대하여 URL Decoding 적용

src/main/kotlin/com/toyProject7/karrot/SecurityConfig.kt

@@ -35,7 +35,6 @@ class SecurityConfig(
                 registry
                     .requestMatchers(
                         *SecurityConstants.PUBLIC_PATHS,
-                        "/ws/**",
                     ).permitAll()
                     .anyRequest().authenticated()
             }

src/main/kotlin/com/toyProject7/karrot/manner/controller/MannerController.kt

@@ -5,6 +5,7 @@ import org.springframework.http.ResponseEntity
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.PutMapping
 import org.springframework.web.bind.annotation.RestController
+import java.net.URLDecoder
 
 @RestController
 class MannerController(
@@ -15,7 +16,10 @@ class MannerController(
         @PathVariable nickname: String,
         @PathVariable mannerType: MannerType,
     ): ResponseEntity<String> {
-        mannerService.increaseMannerCount(nickname, mannerType)
+        // Decode the nickname
+        val decodedNickname = URLDecoder.decode(nickname, "UTF-8")
+
+        mannerService.increaseMannerCount(decodedNickname, mannerType)
         return ResponseEntity.noContent().build()
     }
 }

src/main/kotlin/com/toyProject7/karrot/profile/controller/ProfileController.kt

@@ -13,6 +13,7 @@ import org.springframework.web.bind.annotation.PutMapping
 import org.springframework.web.bind.annotation.RequestBody
 import org.springframework.web.bind.annotation.RequestParam
 import org.springframework.web.bind.annotation.RestController
+import java.net.URLDecoder
 
 @RestController
 class ProfileController(
@@ -37,7 +38,10 @@ class ProfileController(
     fun getProfile(
         @PathVariable nickname: String,
     ): ResponseEntity<ProfileResponse> {
-        val profile = profileService.getProfile(nickname)
+        // Decode nickname
+        val decodedNickname = URLDecoder.decode(nickname, "UTF-8")
+
+        val profile = profileService.getProfile(decodedNickname)
         return ResponseEntity.ok(profile)
     }
 
@@ -46,7 +50,10 @@ class ProfileController(
         @PathVariable nickname: String,
         @RequestParam articleId: Long,
     ): ResponseEntity<List<Item>> {
-        val itemList: List<Item> = profileService.getProfileSells(nickname, articleId)
+        // Decode nickname
+        val decodedNickname = URLDecoder.decode(nickname, "UTF-8")
+
+        val itemList: List<Item> = profileService.getProfileSells(decodedNickname, articleId)
         return ResponseEntity.ok(itemList)
     }
 
@@ -63,7 +70,10 @@ class ProfileController(
     fun getManners(
         @PathVariable nickname: String,
     ): ResponseEntity<MannersResponse> {
-        val manners = profileService.getManner(nickname)
+        // Decode nickname
+        val decodedNickname = URLDecoder.decode(nickname, "UTF-8")
+
+        val manners = profileService.getManner(decodedNickname)
         return ResponseEntity.ok(manners)
     }
 
@@ -72,7 +82,10 @@ class ProfileController(
         @PathVariable nickname: String,
         @RequestParam("reviewId") reviewId: Long,
     ): ResponseEntity<ReviewsResponse> {
-        val reviews = profileService.getPreviousReviews(nickname, reviewId)
+        // Decode nickname
+        val decodedNickname = URLDecoder.decode(nickname, "UTF-8")
+
+        val reviews = profileService.getPreviousReviews(decodedNickname, reviewId)
         return ResponseEntity.ok(reviews)
     }
 }

src/main/kotlin/com/toyProject7/karrot/security/SecurityConstants.kt

@@ -8,5 +8,6 @@ object SecurityConstants {
             "/auth/**",
             "/login/oauth2/**",
             "/api/test",
+            "/ws/**",
         )
 }