[Feat/auth user roles] - security role 추가

[ekgns33]

작업내역

• 유저별 권한을 부여하기위해 UserRole을 추가했습니다.
  • 일반 사용자 USER 와 어드민 ADMIN으로 나뉩니다.
• Jwt 컴포넌트에서 claims에 권한을 추가합니다.

Notice

• 지금은 모든 API가 유저 권한이면 사용가능합니다.
• ADMIN API가 추가되면 어노테이션을 통한 선언 방식으로 필터링하는 것을 구현해봐용

Summary by CodeRabbit

• New Features
  • Introduced user roles (USER, ADMIN) with role-based access control for API endpoints.
  • Added support for storing and managing user roles in user profiles.
• Improvements
  • Enhanced JWT tokens to include user role information for improved authentication and authorization.
  • Updated database schema to support larger numeric values by changing relevant columns from INTEGER to BIGINT.
  • Centralized and simplified JWT token creation in tests using a new utility, improving test maintainability.
• Bug Fixes
  • Corrected static image URLs in test data for consistency.

[coderabbitai]

Walkthrough

This update introduces user roles into the authentication and authorization system. It adds role information to JWT tokens, updates the user entity and database schema to include roles, and enforces role-based access control on specific API endpoints. Related methods and token generation logic are refactored to handle the new role field throughout the application.

Changes

File(s)	Change Summary
src/main/java/org/runimo/runimo/auth/filters/JwtAuthenticationFilter.java	Modified to extract user ID and role from JWT, constructing authentication tokens with role-based authorities.
src/main/java/org/runimo/runimo/auth/jwt/JwtResolver.java	Added getUserDetailFromJwtToken to extract both user ID and role from JWT.
src/main/java/org/runimo/runimo/auth/jwt/JwtTokenFactory.java	Changed generateAccessToken to accept User object and include role in JWT; updated generateTokenPair accordingly.
src/main/java/org/runimo/runimo/auth/jwt/UserDetail.java	Introduced new UserDetail record with userId and role fields.
src/main/java/org/runimo/runimo/auth/service/TokenRefreshService.java	Updated to pass User object instead of user ID string for access token generation.
src/main/java/org/runimo/runimo/config/SecurityConfig.java	Added authorization rule restricting /api/v1/users/** endpoints to users with "USER" or "ADMIN" roles.
src/main/java/org/runimo/runimo/user/domain/User.java	Added role field (type UserRole) with default and constructor updates for role handling.
src/main/java/org/runimo/runimo/user/domain/UserRole.java	Added new enum UserRole with constants USER and ADMIN.
src/main/resources/sql/schema.sql, src/test/resources/sql/schema.sql	Added role column to users table; converted various integer columns to BIGINT; updated static data in test schema.
src/test/java/org/runimo/runimo/TokenUtils.java	Added utility class for creating JWT tokens for tests with role claims and consistent expiration.
Multiple test classes (e.g., AuthAcceptanceTest, HatchControllerTest, RecordAcceptanceTest, RewardAcceptanceTest, RunimoControllerTest, IncubatingEggAcceptanceTest, MainViewAcceptanceTest, MyPageAcceptanceTest, UserItemAcceptanceTest, UserWithdrawAcceptanceTest, MainViewControllerTest, MyPageControllerTest, QueryItemControllerTest, TokenRefreshAcceptanceTest)	Refactored tests to replace inline or direct use of JwtTokenFactory for token generation with centralized TokenUtils usage; tokens generated once per test setup and reused; updated imports and annotations accordingly.
src/test/resources/application.yml	Added explicit setting of active Spring profile to test.
src/test/java/org/runimo/runimo/TestConsts.java	Added class containing test user UUID constant.
src/test/java/org/runimo/runimo/configs/TestConfig.java	Added @Primary annotations to test JWT-related beans and replaced secret string literals with constant.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant JwtAuthenticationFilter
    participant JwtResolver
    participant SecurityContext

    Client->>JwtAuthenticationFilter: Sends request with JWT token
    JwtAuthenticationFilter->>JwtResolver: getUserDetailFromJwtToken(token)
    JwtResolver-->>JwtAuthenticationFilter: Returns UserDetail(userId, role)
    JwtAuthenticationFilter->>SecurityContext: Authenticate with userId and ROLE_{role}
    SecurityContext-->>JwtAuthenticationFilter: Sets authentication context
    JwtAuthenticationFilter-->>Client: Proceeds with authorized request

Loading

sequenceDiagram
    participant Application
    participant JwtTokenFactory
    participant User

    Application->>JwtTokenFactory: generateAccessToken(User)
    JwtTokenFactory->>User: Get publicId and role
    JwtTokenFactory-->>Application: Returns JWT with userId and role claims

Loading

Poem

Hopping through code with a role in my paw,
Now users and admins both earn my awe!
Tokens now smarter, with roles tucked inside,
The schema grows bigger—no detail to hide.
With BIGINTs and enums, our world is anew,
Security tighter—hippity-hooray for the crew! 🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Free

📥 Commits

Reviewing files that changed from the base of the PR and between 3558c50 and b337eaf.

📒 Files selected for processing (19)

• src/test/java/org/runimo/runimo/TestConsts.java (1 hunks)
• src/test/java/org/runimo/runimo/TokenUtils.java (1 hunks)
• src/test/java/org/runimo/runimo/auth/controller/AuthAcceptanceTest.java (1 hunks)
• src/test/java/org/runimo/runimo/auth/controller/AuthControllerTest.java (2 hunks)
• src/test/java/org/runimo/runimo/auth/controller/TokenRefreshAcceptanceTest.java (2 hunks)
• src/test/java/org/runimo/runimo/configs/TestConfig.java (1 hunks)
• src/test/java/org/runimo/runimo/hatch/controller/HatchControllerTest.java (3 hunks)
• src/test/java/org/runimo/runimo/records/api/RecordAcceptanceTest.java (3 hunks)
• src/test/java/org/runimo/runimo/rewards/api/RewardAcceptanceTest.java (14 hunks)
• src/test/java/org/runimo/runimo/runimo/controller/RunimoControllerTest.java (3 hunks)
• src/test/java/org/runimo/runimo/user/api/IncubatingEggAcceptanceTest.java (5 hunks)
• src/test/java/org/runimo/runimo/user/api/MainViewAcceptanceTest.java (3 hunks)
• src/test/java/org/runimo/runimo/user/api/MyPageAcceptanceTest.java (4 hunks)
• src/test/java/org/runimo/runimo/user/api/UserItemAcceptanceTest.java (9 hunks)
• src/test/java/org/runimo/runimo/user/api/UserWithdrawAcceptanceTest.java (2 hunks)
• src/test/java/org/runimo/runimo/user/controller/MainViewControllerTest.java (3 hunks)
• src/test/java/org/runimo/runimo/user/controller/MyPageControllerTest.java (4 hunks)
• src/test/java/org/runimo/runimo/user/controller/QueryItemControllerTest.java (2 hunks)
• src/test/resources/application.yml (1 hunks)

✅ Files skipped from review due to trivial changes (4)

• src/test/java/org/runimo/runimo/auth/controller/AuthControllerTest.java
• src/test/java/org/runimo/runimo/auth/controller/AuthAcceptanceTest.java
• src/test/resources/application.yml
• src/test/java/org/runimo/runimo/TestConsts.java

---

Note

🎁 Summarized by CodeRabbit Free

Your organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://app.coderabbit.ai/login.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[jeeheaG]

role 이 지금 추가되는군요
고생하셨습니다!!