prod deploy (#299)

* Feat: Internal GET, PUT API 추가 (#288)

* Refactor: Remove unused interface

* Feat: Create Internal Entity, Dto

* Feat: Create Internal Repository, Service.

* Feat: Create Internal Controller

* Test: Add Test for Internal Domain.

* Feat: Main API에서 중요 공지 갯수 optional하게 전달하도록 수정 (#289)

* Feat: Change to get count optional for repositories.

* Feat: Change service method to get important count as optional.

* Feat: Change importCnt query param as optional.

* 인증서 세팅 + migrate api 일부 삭제 (#290)

* delete migrate api

* set new ssl certificate

* style: ktlint

* Feat: 안전한 파일 제거 method 추가 (#291)

* Feat: Create file delete event.

* Feat: Create File Delete Event Listener, only delete file when transaction commit.

* Feat: Add remove entity method which publish file delete event.

* Refactor: change old delete method name to deprecated.

---------

Co-authored-by: Junhyeong Kim <[email protected]>

* Feat: Staff 수정 API 추가 (#292)

* Feat: Add request body for create, modify staff.

* Refactor: Make DTO as representation of entity.

* Refactor: Change language as changable.

* Feat: Change CUD method to properly update file, search index.

* Feat: Change CUD api to use proper request body, remove migrate api.

* Comment: Add comment.

* Test: Fix staff service test.

* fix: 교수회의실 예약 권한 변경 (#293)

* fix: 교수회의실 예약 권한 변경

* fix: 교수회의실 예약 권한 변경

* 로그인 취약점 수정 및 Caddyfile.dev 추가 (#295)

* update deprecated methods and enable csrf

* create Caddyfile.dev

* add swagger reverse proxy

* remove swagger related path

* update api for single html page (#294)

* feat: update guide

* update search entity

* update degree requirements

* save csrf cookie (#297)

* 스프링 세션 설정 변경 (#298)

* fix timeout to 9h and set cookie same-site lax

* disable csrf

* remove unnecessary import

* Feat: Professor 수정 API 추가 (#296)

* Feat: Add Request Body for create, update.

* Feat: Change DTO to use representation layer purely.

* Feat: Change service method to use request body, delete files properly.

* Refactor: Remove unused method.

* Feat: Change request body for create, update. Change update to POST.

* Test: Fix test to use updated request body.

* Comment: Add newImage multipart description for updateProfessor.

* Refactor: Remove unused migrate codes.

* Refactor: change updateProfessor api to PUT

---------

Co-authored-by: 우혁준 (Logan) <[email protected]>

.github/workflows/proxy.yaml

@@ -21,6 +21,8 @@ jobs:
         run: |
           echo "URL=${{secrets.URL}}" > .env
           echo "LOCAL_IP=${{secrets.LOCAL_IP}}" >> .env
+          echo "CERTIFICATE=${{secrets.CERTIFICATE}}" >> .env
+          echo "PRIVATE_KEY=${{secrets.PRIVATE_KEY}}" >> .env
 
       -
         name: SCP Command to Transfer Files

.github/workflows/proxy_dev.yaml

@@ -4,7 +4,7 @@ on:
       - develop
     paths:
       - docker-compose-caddy.yml
-      - caddy/Caddyfile
+      - caddy/Caddyfile.dev
       - .github/workflows/proxy.yaml
 
 jobs:
@@ -29,7 +29,7 @@ jobs:
           host: ${{secrets.SSH_HOST_DEV}}
           username: ${{secrets.SSH_USER}}
           key: ${{secrets.SSH_KEY}}
-          source: "docker-compose-caddy.yml, .env, caddy/Caddyfile"
+          source: "docker-compose-caddy.yml, .env, caddy/Caddyfile.dev"
           target: "~/proxy"
           overwrite: true
 
@@ -42,6 +42,7 @@ jobs:
           key: ${{secrets.SSH_KEY}}
           script: |
             cd ~/proxy
+            mv caddy/Caddyfile.dev caddy/Caddyfile
             source .env
             docker-compose -f docker-compose-caddy.yml down
             docker-compose -f docker-compose-caddy.yml up -d

.gitignore

@@ -288,4 +288,5 @@ db/
 
 # caddy server
 caddy/*
-!caddy/Caddyfile
+!caddy/Caddyfile
+!caddy/Caddyfile.dev

caddy/Caddyfile

@@ -1,9 +1,11 @@
 {$URL} {
+	tls {$CERTIFICATE} {$PRIVATE_KEY}
+
 	# Frontend
 	reverse_proxy host.docker.internal:3000
 
 	@backend_denied {
-		path /swagger-ui/* /api-docs/* /api/v1/search/refresh
+		path /api/v1/search/refresh
 		not remote_ip {$LOCAL_IP}
 	}
 	abort @backend_denied

caddy/Caddyfile.dev

@@ -0,0 +1,17 @@
+{$URL} {
+	# Frontend
+	reverse_proxy host.docker.internal:3000
+
+	# Backend
+	reverse_proxy /api/* host.docker.internal:8080
+
+	# Old file serving
+	reverse_proxy /sites/default/files/* host.docker.internal:8080
+
+    # Login
+    reverse_proxy /oauth2/authorization/idsnucse host.docker.internal:8080
+
+	# Swagger
+	reverse_proxy /swagger-ui/* host.docker.internal:8080 
+	reverse_proxy /api-docs/* host.docker.internal:8080
+}

docker-compose-caddy.yml

@@ -9,9 +9,12 @@ services:
       - ./caddy/Caddyfile:/etc/caddy/Caddyfile
       - ./caddy/data:/data
       - ./caddy/config:/config
+      - ./caddy/certs:/certs
     environment:
       URL: ${URL}
       LOCAL_IP: ${LOCAL_IP}
+      CERTIFICATE: ${CERTIFICATE}
+      PRIVATE_KEY: ${PRIVATE_KEY}
     extra_hosts:
       - host.docker.internal:host-gateway
     restart: always

src/main/kotlin/com/wafflestudio/csereal/common/CserealException.kt

@@ -7,4 +7,5 @@ open class CserealException(msg: String, val status: HttpStatus) : RuntimeExcept
     class Csereal404(msg: String) : CserealException(msg, HttpStatus.NOT_FOUND)
     class Csereal401(msg: String) : CserealException(msg, HttpStatus.UNAUTHORIZED)
     class Csereal409(msg: String) : CserealException(msg, HttpStatus.CONFLICT)
+    class Csereal403(msg: String) : CserealException(msg, HttpStatus.FORBIDDEN)
 }

src/main/kotlin/com/wafflestudio/csereal/common/config/OpenApiConfig.kt

@@ -13,6 +13,7 @@ class OpenApiConfig {
         val info = Info()
             .title("컴퓨터공학부 홈페이지 백엔드 API")
             .description("컴퓨터공학부 홈페이지 백엔드 API 명세서입니다.")
+            .version("1")
 
         return OpenAPI()
             .components(Components())

src/main/kotlin/com/wafflestudio/csereal/common/config/SecurityConfig.kt

@@ -33,23 +33,32 @@ class SecurityConfig(
     @Bean
     fun filterChain(http: HttpSecurity): SecurityFilterChain {
         return http
-            .cors().and()
-            .csrf().disable()
-            .oauth2Login()
-            .loginPage("$loginPage/oauth2/authorization/idsnucse")
-            .redirectionEndpoint()
-            .baseUri("/api/v1/login/oauth2/code/idsnucse").and()
-            .userInfoEndpoint().oidcUserService(customOidcUserService).and()
-            .successHandler(CustomAuthenticationSuccessHandler(endpointProperties.frontend)).and()
-            .logout()
-            .logoutUrl("/api/v1/logout")
-            .logoutSuccessHandler(oidcLogoutSuccessHandler())
-            .invalidateHttpSession(true)
-            .clearAuthentication(true)
-            .deleteCookies("JSESSIONID").and()
-            .authorizeHttpRequests()
-            .requestMatchers("/api/v1/login").authenticated()
-            .anyRequest().permitAll().and()
+            .cors { }
+            .csrf { it.disable() }
+            .oauth2Login { oauth2 ->
+                oauth2
+                    .loginPage("$loginPage/oauth2/authorization/idsnucse")
+                    .redirectionEndpoint { redirect ->
+                        redirect.baseUri("/api/v1/login/oauth2/code/idsnucse")
+                    }
+                    .userInfoEndpoint { userInfo ->
+                        userInfo.oidcUserService(customOidcUserService)
+                    }
+                    .successHandler(CustomAuthenticationSuccessHandler(endpointProperties.frontend))
+            }
+            .logout { logout ->
+                logout
+                    .logoutUrl("/api/v1/logout")
+                    .logoutSuccessHandler(oidcLogoutSuccessHandler())
+                    .invalidateHttpSession(true)
+                    .clearAuthentication(true)
+                    .deleteCookies("JSESSIONID")
+            }
+            .authorizeHttpRequests { auth ->
+                auth
+                    .requestMatchers("/api/v1/login").authenticated()
+                    .anyRequest().permitAll()
+            }
             .build()
     }
 

src/main/kotlin/com/wafflestudio/csereal/common/enums/LanguageType.kt

@@ -5,6 +5,7 @@ import com.wafflestudio.csereal.common.CserealException
 enum class LanguageType {
     KO, EN;
 
+    // TODO: Define custom deserializer, serializer
     companion object {
         fun makeStringToLanguageType(language: String): LanguageType {
             try {

src/main/kotlin/com/wafflestudio/csereal/core/academics/api/AcademicsController.kt

@@ -2,13 +2,13 @@ package com.wafflestudio.csereal.core.academics.api
 
 import com.wafflestudio.csereal.common.aop.AuthenticatedStaff
 import com.wafflestudio.csereal.common.enums.LanguageType
+import com.wafflestudio.csereal.core.academics.api.req.UpdateSingleReq
 import com.wafflestudio.csereal.core.academics.dto.*
 import com.wafflestudio.csereal.core.academics.service.AcademicsService
 import com.wafflestudio.csereal.core.academics.dto.ScholarshipDto
 import com.wafflestudio.csereal.core.academics.service.AcademicsSearchService
 import jakarta.validation.Valid
 import jakarta.validation.constraints.Positive
-import org.springframework.context.annotation.Profile
 import org.springframework.http.ResponseEntity
 import org.springframework.web.bind.annotation.*
 import org.springframework.web.multipart.MultipartFile
@@ -42,6 +42,15 @@ class AcademicsController(
         return ResponseEntity.ok(academicsService.readGuide(language, studentType))
     }
 
+    @AuthenticatedStaff
+    @PutMapping("/{studentType}/guide")
+    fun updateGuide(
+        @RequestParam(required = false, defaultValue = "ko") language: String,
+        @PathVariable studentType: String,
+        @RequestPart request: UpdateSingleReq,
+        @RequestPart newAttachments: List<MultipartFile>?
+    ) = academicsService.updateGuide(language, studentType, request, newAttachments)
+
     @GetMapping("/undergraduate/general-studies-requirements")
     fun readGeneralStudiesRequirements(
         @RequestParam(required = false, defaultValue = "ko") language: String
@@ -96,6 +105,14 @@ class AcademicsController(
         return ResponseEntity.ok(academicsService.readDegreeRequirements(language))
     }
 
+    @AuthenticatedStaff
+    @PutMapping("/undergraduate/degree-requirements")
+    fun updateDegreeRequirements(
+        @RequestParam(required = false, defaultValue = "ko") language: String,
+        @RequestPart request: UpdateSingleReq,
+        @RequestPart newAttachments: List<MultipartFile>?
+    ) = academicsService.updateDegreeRequirements(language, request, newAttachments)
+
     @AuthenticatedStaff
     @PostMapping("/{studentType}/scholarshipDetail")
     fun createScholarshipDetail(
@@ -121,52 +138,6 @@ class AcademicsController(
         return ResponseEntity.ok(academicsService.readScholarship(scholarshipId))
     }
 
-    @Profile("!prod")
-    @PostMapping("/{studentType}/{postType}/migrate")
-    fun migrateAcademicsDetail(
-        @PathVariable studentType: String,
-        @PathVariable postType: String,
-        @RequestBody requestList: List<AcademicsDto>
-    ): ResponseEntity<List<AcademicsDto>> {
-        return ResponseEntity.ok(
-            academicsService.migrateAcademicsDetail(studentType, postType, requestList)
-        )
-    }
-
-    @Profile("!prod")
-    @PostMapping("/course/migrate/{studentType}")
-    fun migrateCourses(
-        @PathVariable studentType: String,
-        @RequestBody requestList: List<CourseDto>
-    ): ResponseEntity<List<CourseDto>> {
-        return ResponseEntity.ok(academicsService.migrateCourses(studentType, requestList))
-    }
-
-    @Profile("!prod")
-    @PostMapping("/{studentType}/scholarshipDetail/migrate")
-    fun migrateScholarshipDetail(
-        @PathVariable studentType: String,
-        @RequestBody requestList: List<ScholarshipDto>
-    ): ResponseEntity<List<ScholarshipDto>> {
-        return ResponseEntity.ok(
-            academicsService.migrateScholarshipDetail(studentType, requestList)
-        )
-    }
-
-    @Profile("!prod")
-    @PatchMapping("/migrateAttachment/{academicsId}")
-    fun migrateAcademicsDetailAttachments(
-        @PathVariable academicsId: Long,
-        @RequestPart("attachments") attachments: List<MultipartFile>?
-    ): ResponseEntity<AcademicsDto> {
-        return ResponseEntity.ok(
-            academicsService.migrateAcademicsDetailAttachments(
-                academicsId,
-                attachments
-            )
-        )
-    }
-
     @GetMapping("/search/top")
     fun searchTop(
         @RequestParam(required = true) keyword: String,

src/main/kotlin/com/wafflestudio/csereal/core/academics/api/req/UpdateSingleReq.kt

@@ -0,0 +1,6 @@
+package com.wafflestudio.csereal.core.academics.api.req
+
+data class UpdateSingleReq(
+    val description: String,
+    val deleteIds: List<Long>
+)