From 4b0dedef7aa7f9ae2c47cf0bfb76e52349e5ad3a Mon Sep 17 00:00:00 2001
From: HyeonJongKim <ujiko2003@bpsoft.co.kr>
Date: Mon, 26 Aug 2024 14:08:38 +0900
Subject: [PATCH] =?UTF-8?q?admin=20:=20=ED=83=AD=20=EC=83=9D=EC=84=B1?=
 =?UTF-8?q?=EC=8B=9C=20CSRF=ED=86=A0=ED=81=B0=20=EB=8F=99=EA=B8=B0?=
 =?UTF-8?q?=ED=99=94=20=EB=AC=B8=EC=A0=9C=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 poc/.idea/.gitignore                          | 10 ++++
 poc/.idea/compiler.xml                        | 31 +++++++++++++
 poc/.idea/dataSources.xml                     | 12 +++++
 poc/.idea/gradle.xml                          | 16 +++++++
 .../inspectionProfiles/Project_Default.xml    | 15 ++++++
 poc/.idea/jarRepositories.xml                 | 20 ++++++++
 poc/.idea/jsLibraryMappings.xml               |  7 +++
 poc/.idea/misc.xml                            |  9 ++++
 poc/.idea/modules.xml                         |  8 ++++
 poc/.idea/poc.iml                             | 11 +++++
 poc/.idea/vcs.xml                             |  6 +++
 poc/admin/database/init.sql                   |  4 ++
 .../poc/admin/security/SecurityConfig.java    |  3 +-
 .../admin/security/jwt/JwtTokenConstants.java |  4 +-
 .../web/main/admin/tab/TabRestController.java |  3 +-
 .../src/main/resources/static/js/reqhelper.js |  6 ++-
 .../resources/templates/layout/common.html    | 46 +++++++++++++------
 17 files changed, 188 insertions(+), 23 deletions(-)
 create mode 100644 poc/.idea/.gitignore
 create mode 100644 poc/.idea/compiler.xml
 create mode 100644 poc/.idea/dataSources.xml
 create mode 100644 poc/.idea/gradle.xml
 create mode 100644 poc/.idea/inspectionProfiles/Project_Default.xml
 create mode 100644 poc/.idea/jarRepositories.xml
 create mode 100644 poc/.idea/jsLibraryMappings.xml
 create mode 100644 poc/.idea/misc.xml
 create mode 100644 poc/.idea/modules.xml
 create mode 100644 poc/.idea/poc.iml
 create mode 100644 poc/.idea/vcs.xml
 create mode 100644 poc/admin/database/init.sql

diff --git a/poc/.idea/.gitignore b/poc/.idea/.gitignore
new file mode 100644
index 0000000..a9d7db9
--- /dev/null
+++ b/poc/.idea/.gitignore
@@ -0,0 +1,10 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
+# GitHub Copilot persisted chat sessions
+/copilot/chatSessions
diff --git a/poc/.idea/compiler.xml b/poc/.idea/compiler.xml
new file mode 100644
index 0000000..6c087ce
--- /dev/null
+++ b/poc/.idea/compiler.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="CompilerConfiguration">
+    <annotationProcessing>
+      <profile name="Gradle Imported" enabled="true">
+        <outputRelativeToContentRoot value="true" />
+        <processorPath useClasspath="false">
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/com.querydsl/querydsl-apt/5.0.0/d48657412f2b96d787bbe5ae393e33815c94b4d0/querydsl-apt-5.0.0-jakarta.jar" />
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/jakarta.persistence/jakarta.persistence-api/3.1.0/66901fa1c373c6aff65c13791cc11da72060a8d6/jakarta.persistence-api-3.1.0.jar" />
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/jakarta.annotation/jakarta.annotation-api/2.1.1/48b9bda22b091b1f48b13af03fe36db3be6e1ae3/jakarta.annotation-api-2.1.1.jar" />
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.projectlombok/lombok/1.18.32/17d46b3e205515e1e8efd3ee4d57ce8018914163/lombok-1.18.32.jar" />
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/com.querydsl/querydsl-codegen/5.0.0/d690e92300f528e4161307b286f76aeaf348e2fb/querydsl-codegen-5.0.0.jar" />
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/com.querydsl/querydsl-core/5.0.0/7a469f78b7a89bae429f17766fb92687d0ab9e5b/querydsl-core-5.0.0.jar" />
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/com.querydsl/codegen-utils/5.0.0/ff8a2ebbc3a317715de0ce2856c2024534d18a1a/codegen-utils-5.0.0.jar" />
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/javax.inject/javax.inject/1/6975da39a7040257bd51d21a231b76c915872d38/javax.inject-1.jar" />
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/io.github.classgraph/classgraph/4.8.108/1c175d4ce7a1fa67463bad731f37f1a284dab790/classgraph-4.8.108.jar" />
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/com.mysema.commons/mysema-commons-lang/0.2.4/d09c8489d54251a6c22fbce804bdd4a070557317/mysema-commons-lang-0.2.4.jar" />
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.eclipse.jdt/ecj/3.26.0/4837be609a3368a0f7e7cf0dc1bdbc7fe94993de/ecj-3.26.0.jar" />
+        </processorPath>
+        <module name="admin.main" />
+      </profile>
+      <profile name="Gradle Imported" enabled="true">
+        <outputRelativeToContentRoot value="true" />
+        <processorPath useClasspath="false">
+          <entry name="$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.projectlombok/lombok/1.18.32/17d46b3e205515e1e8efd3ee4d57ce8018914163/lombok-1.18.32.jar" />
+        </processorPath>
+        <module name="admin.test" />
+      </profile>
+    </annotationProcessing>
+  </component>
+</project>
\ No newline at end of file
diff --git a/poc/.idea/dataSources.xml b/poc/.idea/dataSources.xml
new file mode 100644
index 0000000..0560e41
--- /dev/null
+++ b/poc/.idea/dataSources.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="DataSourceManagerImpl" format="xml" multifile-model="true">
+    <data-source source="LOCAL" name="admin-system@localhost" uuid="b50bc72b-d061-414d-9e85-7088ff3b1e99">
+      <driver-ref>mariadb</driver-ref>
+      <synchronize>true</synchronize>
+      <jdbc-driver>org.mariadb.jdbc.Driver</jdbc-driver>
+      <jdbc-url>jdbc:mariadb://localhost:3307/admin-system</jdbc-url>
+      <working-dir>$ProjectFileDir$</working-dir>
+    </data-source>
+  </component>
+</project>
\ No newline at end of file
diff --git a/poc/.idea/gradle.xml b/poc/.idea/gradle.xml
new file mode 100644
index 0000000..c89c001
--- /dev/null
+++ b/poc/.idea/gradle.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="GradleMigrationSettings" migrationVersion="1" />
+  <component name="GradleSettings">
+    <option name="linkedExternalProjectsSettings">
+      <GradleProjectSettings>
+        <option name="externalProjectPath" value="$PROJECT_DIR$/admin" />
+        <option name="modules">
+          <set>
+            <option value="$PROJECT_DIR$/admin" />
+          </set>
+        </option>
+      </GradleProjectSettings>
+    </option>
+  </component>
+</project>
\ No newline at end of file
diff --git a/poc/.idea/inspectionProfiles/Project_Default.xml b/poc/.idea/inspectionProfiles/Project_Default.xml
new file mode 100644
index 0000000..cb96b93
--- /dev/null
+++ b/poc/.idea/inspectionProfiles/Project_Default.xml
@@ -0,0 +1,15 @@
+<component name="InspectionProjectProfileManager">
+  <profile version="1.0">
+    <option name="myName" value="Project Default" />
+    <inspection_tool class="HtmlUnknownAttribute" enabled="true" level="WARNING" enabled_by_default="true">
+      <option name="myValues">
+        <value>
+          <list size="1">
+            <item index="0" class="java.lang.String" itemvalue="sec:authorize" />
+          </list>
+        </value>
+      </option>
+      <option name="myCustomValuesEnabled" value="true" />
+    </inspection_tool>
+  </profile>
+</component>
\ No newline at end of file
diff --git a/poc/.idea/jarRepositories.xml b/poc/.idea/jarRepositories.xml
new file mode 100644
index 0000000..fdc392f
--- /dev/null
+++ b/poc/.idea/jarRepositories.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="RemoteRepositoriesConfiguration">
+    <remote-repository>
+      <option name="id" value="central" />
+      <option name="name" value="Maven Central repository" />
+      <option name="url" value="https://repo1.maven.org/maven2" />
+    </remote-repository>
+    <remote-repository>
+      <option name="id" value="jboss.community" />
+      <option name="name" value="JBoss Community repository" />
+      <option name="url" value="https://repository.jboss.org/nexus/content/repositories/public/" />
+    </remote-repository>
+    <remote-repository>
+      <option name="id" value="MavenRepo" />
+      <option name="name" value="MavenRepo" />
+      <option name="url" value="https://repo.maven.apache.org/maven2/" />
+    </remote-repository>
+  </component>
+</project>
\ No newline at end of file
diff --git a/poc/.idea/jsLibraryMappings.xml b/poc/.idea/jsLibraryMappings.xml
new file mode 100644
index 0000000..17f0d7e
--- /dev/null
+++ b/poc/.idea/jsLibraryMappings.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="JavaScriptLibraryMappings">
+    <file url="file://$PROJECT_DIR$/admin/build/generated/sources/annotationProcessor/java/main" libraries="{jquery-latest, jquery-ui}" />
+    <file url="file://$PROJECT_DIR$/admin/src/main" libraries="{jquery-latest, jquery-ui}" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/poc/.idea/misc.xml b/poc/.idea/misc.xml
new file mode 100644
index 0000000..6408547
--- /dev/null
+++ b/poc/.idea/misc.xml
@@ -0,0 +1,9 @@
+<project version="4">
+  <component name="ExternalStorageConfigurationManager" enabled="true" />
+  <component name="FrameworkDetectionExcludesConfiguration">
+    <file type="web" url="file://$PROJECT_DIR$/admin" />
+  </component>
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_21" project-jdk-name="21" project-jdk-type="JavaSDK">
+    <output url="file://$PROJECT_DIR$/out" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/poc/.idea/modules.xml b/poc/.idea/modules.xml
new file mode 100644
index 0000000..4312957
--- /dev/null
+++ b/poc/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/poc.iml" filepath="$PROJECT_DIR$/.idea/poc.iml" />
+    </modules>
+  </component>
+</project>
\ No newline at end of file
diff --git a/poc/.idea/poc.iml b/poc/.idea/poc.iml
new file mode 100644
index 0000000..dc88000
--- /dev/null
+++ b/poc/.idea/poc.iml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/.idea/copilot/chatSessions" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/poc/.idea/vcs.xml b/poc/.idea/vcs.xml
new file mode 100644
index 0000000..6c0b863
--- /dev/null
+++ b/poc/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$/.." vcs="Git" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/poc/admin/database/init.sql b/poc/admin/database/init.sql
new file mode 100644
index 0000000..8452399
--- /dev/null
+++ b/poc/admin/database/init.sql
@@ -0,0 +1,4 @@
+CREATE DATABASE IF NOT EXISTS `admin-system`;
+CREATE USER IF NOT EXISTS 'admin'@'%' IDENTIFIED BY '1234';
+GRANT ALL PRIVILEGES ON `admin-system`.* TO 'admin'@'%';
+FLUSH PRIVILEGES;
\ No newline at end of file
diff --git a/poc/admin/src/main/java/com/bpgroup/poc/admin/security/SecurityConfig.java b/poc/admin/src/main/java/com/bpgroup/poc/admin/security/SecurityConfig.java
index cff7688..012b18f 100644
--- a/poc/admin/src/main/java/com/bpgroup/poc/admin/security/SecurityConfig.java
+++ b/poc/admin/src/main/java/com/bpgroup/poc/admin/security/SecurityConfig.java
@@ -18,8 +18,6 @@ import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
@@ -75,6 +73,7 @@ public class SecurityConfig {
                 .anyRequest()
                 .access(new CustomAuthorizationManager(authorizationAppService))
         );
+
     }
 
     private void configureFormLogin(HttpSecurity http) throws Exception {
diff --git a/poc/admin/src/main/java/com/bpgroup/poc/admin/security/jwt/JwtTokenConstants.java b/poc/admin/src/main/java/com/bpgroup/poc/admin/security/jwt/JwtTokenConstants.java
index 199ec4c..35abb22 100644
--- a/poc/admin/src/main/java/com/bpgroup/poc/admin/security/jwt/JwtTokenConstants.java
+++ b/poc/admin/src/main/java/com/bpgroup/poc/admin/security/jwt/JwtTokenConstants.java
@@ -11,6 +11,6 @@ public class JwtTokenConstants {
     public static final String KEY = "8530b13adb4e420d9694b27570635b47";
     public static final String ACCESS_TOKEN_NAME = "AT";
     public static final String REFRESH_TOKEN_NAME = "RT";
-    public static final long AT_EXPIRATION_TIME = 30 * 1000;
-    public static final long RT_EXPIRATION_TIME = 60 * 1000;
+    public static final long AT_EXPIRATION_TIME = 30 * 30 * 1000;
+    public static final long RT_EXPIRATION_TIME = 30* 60 * 1000;
 }
diff --git a/poc/admin/src/main/java/com/bpgroup/poc/admin/web/main/admin/tab/TabRestController.java b/poc/admin/src/main/java/com/bpgroup/poc/admin/web/main/admin/tab/TabRestController.java
index 2f3e8a9..e121add 100644
--- a/poc/admin/src/main/java/com/bpgroup/poc/admin/web/main/admin/tab/TabRestController.java
+++ b/poc/admin/src/main/java/com/bpgroup/poc/admin/web/main/admin/tab/TabRestController.java
@@ -27,8 +27,7 @@ public class TabRestController {
 
     @PostMapping("/tab/add")
     public ResponseEntity<?> addTab(
-            @RequestBody @Valid TabCreate.Request request ,
-            BindingResult bindingResult
+            @RequestBody @Valid TabCreate.Request request
     ) {
         TabCreate.Response response = tabAppService.addTab(request);
         return ResponseEntity.ok(response);
diff --git a/poc/admin/src/main/resources/static/js/reqhelper.js b/poc/admin/src/main/resources/static/js/reqhelper.js
index 0a005e0..032b9e7 100644
--- a/poc/admin/src/main/resources/static/js/reqhelper.js
+++ b/poc/admin/src/main/resources/static/js/reqhelper.js
@@ -34,6 +34,7 @@ const Reqhelper = {
                 }
             })
             .finally(() => {
+                refreshCsrf();
                 if (fFunc) {
                     fFunc();
                 }
@@ -66,6 +67,7 @@ const Reqhelper = {
                 }
             })
             .catch((error) => {
+                refreshCsrf();
                 if (eFunc) {
                     eFunc(error);
                 }
@@ -81,13 +83,13 @@ const Reqhelper = {
 }
 
 function refreshCsrf() {
-    fetch('/csrf', {
+    return fetch('/csrf', {
         method: 'GET',
         headers: {
             'Content-Type': 'application/json'
         }
     }).then(response => {
-        response.json().then(data => {
+        return response.json().then(data => {
             const csrfToken = data.token;
             document.querySelector('meta[name="_csrf"]').setAttribute('content', csrfToken);
         });
diff --git a/poc/admin/src/main/resources/templates/layout/common.html b/poc/admin/src/main/resources/templates/layout/common.html
index 593cdb7..2b76b9e 100644
--- a/poc/admin/src/main/resources/templates/layout/common.html
+++ b/poc/admin/src/main/resources/templates/layout/common.html
@@ -60,18 +60,34 @@
 
         // 탭 생성 및 DB Insert 메서드
         function addTab(tabName, url) {
-            Reqhelper.reqPostJson('/admin/tab/add', {
-                name: tabName,
-                url: url
-            }, function(response) {
-                console.log('Tab created successfully');
-                const tabId = response.id;
-                createTab(tabId, tabName, url);
-                openTab({currentTarget: $(`#${tabId}-tab`)}, tabId);
-                loadTabContent(tabId, url);
-            }, function() {
-                console.log('Failed to create tab');
-            });
+            if (url !== '/main'){
+                refreshCsrf().then(() => {
+                    var csrfToken = $("meta[name='_csrf']").attr("content");
+                    var csrfHeader = $("meta[name='_csrf_header']").attr("content");
+                    $.ajax({
+                        url: '/admin/tab/add',
+                        type: 'POST',
+                        data: JSON.stringify({
+                            name: tabName,
+                            url: url
+                        }),
+                        beforeSend: function(xhr) {
+                            xhr.setRequestHeader(csrfHeader, csrfToken);
+                        },
+                        contentType: 'application/json',
+                        success: function(response) {
+                            const tabId = response.id;
+                            createTab(tabId, tabName, url);
+                            openTab({currentTarget: $(`#${tabId}-tab`)}, tabId);
+                            loadTabContent(tabId, url);
+                            console.log('Tab created successfully');
+                        },
+                        error: function() {
+                            console.log('Failed to create tab');
+                        }
+                    });
+                });
+            }
         }
 
         function loadTabContent(tabId, url) {
@@ -135,12 +151,12 @@
         }
 
         function deleteTab(event, tabId) {
-            $(`#${tabId}`).remove();
-            $(`#${tabId}-tab`).parent().remove();
-            event.stopPropagation();
             Reqhelper.reqPostJson('/admin/tab/delete', {
                 id : tabId
             }, function() {
+                $(`#${tabId}`).remove();
+                $(`#${tabId}-tab`).parent().remove();
+                event.stopPropagation();
                 console.log('Tab deleted successfully');
             }, function() {
                 console.log('Failed to delete tab');