Merge branch 'dev' of https://git.jetbrains.space/nalpari/q-cast-iii/qcast-api.git into feature/qcast-api-001

pom.xml

@@ -98,6 +98,13 @@
             <version>2.6.0</version>
         </dependency>
 
+        <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.16.0</version>
+        </dependency>
+
     </dependencies>
 
     <build>

src/main/java/com/interplug/qcast/biz/module/ModuleController.java

@@ -3,22 +3,19 @@ package com.interplug.qcast.biz.module;
 import com.interplug.qcast.biz.module.dto.ModuleResponse;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
-import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
 @RequestMapping("/api/module")
 @RequiredArgsConstructor
-@CrossOrigin
 public class ModuleController {
   private final ModuleService moduleService;
 
   // 모듈 조회
   @GetMapping("/v1.0/modules/{roofMaterialId}/{trestleId}")
-  public ResponseEntity<List<ModuleResponse>> getModulesByRoofMaterialIdAndTrestleId(
+  public List<ModuleResponse> getModulesByRoofMaterialIdAndTrestleId(
       @PathVariable("roofMaterialId") Integer roofMaterialId,
       @PathVariable("trestleId") Integer trestleId) {
-    return ResponseEntity.ok(
+    return moduleService.getModulesByRoofMaterialIdAndTrestleId(roofMaterialId, trestleId);
-        moduleService.getModulesByRoofMaterialIdAndTrestleId(roofMaterialId, trestleId));
   }
 }

src/main/java/com/interplug/qcast/biz/roofmaterial/RoofMaterialController.java

@@ -3,21 +3,18 @@ package com.interplug.qcast.biz.roofmaterial;
 import com.interplug.qcast.biz.roofmaterial.dto.RoofMaterialResponse;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
-import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
 @RequiredArgsConstructor
-@CrossOrigin
 @RequestMapping("/api/roof-material")
 public class RoofMaterialController {
   private final RoofMaterialService roofService;
 
   @GetMapping("/v1.0/roof-materials")
-  public ResponseEntity<List<RoofMaterialResponse>> getRoofs() {
+  public List<RoofMaterialResponse> getRoofs() {
-    return ResponseEntity.ok(roofService.getRoofMaterials());
+    return roofService.getRoofMaterials();
   }
 }

src/main/java/com/interplug/qcast/biz/trestle/TrestleController.java

@@ -3,19 +3,16 @@ package com.interplug.qcast.biz.trestle;
 import com.interplug.qcast.biz.trestle.dto.TrestleResponse;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
-import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
 @RequiredArgsConstructor
 @RequestMapping("/api/trestle")
-@CrossOrigin
 public class TrestleController {
   private final TrestleService trestleService;
 
   @GetMapping("/v1.0/trestles/{roofMaterialId}")
-  public ResponseEntity<List<TrestleResponse>> getTrestlesByRoofMaterialId(
+  public List<TrestleResponse> getTrestlesByRoofMaterialId(@PathVariable Integer roofMaterialId) {
-      @PathVariable Integer roofMaterialId) {
+    return trestleService.getTrestlesByRoofMaterialId(roofMaterialId);
-    return ResponseEntity.ok(trestleService.getTrestlesByRoofMaterialId(roofMaterialId));
   }
 }

src/main/java/com/interplug/qcast/config/json/HtmlCharacterEscapes.java

@@ -0,0 +1,59 @@
+package com.interplug.qcast.config.json;
+
+import com.fasterxml.jackson.core.SerializableString;
+import com.fasterxml.jackson.core.io.CharacterEscapes;
+import com.fasterxml.jackson.core.io.SerializedString;
+import org.apache.commons.lang3.StringEscapeUtils;
+
+/**
+ * <pre>
+ * xss 방어
+ *
+ * </pre>
+ *
+ * @author KimYoungHyun (youngh.kim@kt.com)
+ */
+public class HtmlCharacterEscapes extends CharacterEscapes {
+
+	private static final long serialVersionUID = 2432838078852295950L;
+	private final int[] asciiEscapes;
+
+	/**
+	 * xss 방지를 위해 escape 처리
+	 */
+	public HtmlCharacterEscapes() {
+		asciiEscapes = CharacterEscapes.standardAsciiEscapesForJSON();
+		asciiEscapes['<'] = CharacterEscapes.ESCAPE_CUSTOM;
+		asciiEscapes['>'] = CharacterEscapes.ESCAPE_CUSTOM;
+		asciiEscapes['&'] = CharacterEscapes.ESCAPE_CUSTOM;
+		asciiEscapes['\''] = CharacterEscapes.ESCAPE_CUSTOM;
+		asciiEscapes['\"'] = CharacterEscapes.ESCAPE_CUSTOM;
+		asciiEscapes['('] = CharacterEscapes.ESCAPE_CUSTOM;
+		asciiEscapes[')'] = CharacterEscapes.ESCAPE_CUSTOM;
+		asciiEscapes['#'] = CharacterEscapes.ESCAPE_CUSTOM;
+	}
+
+	@Override
+	public int[] getEscapeCodesForAscii() {
+		return asciiEscapes;
+	}
+
+	@Override
+	public SerializableString getEscapeSequence(int ch) {
+		SerializedString serializedString = null;
+		char charAt = (char) ch;
+
+		// emoji(Emoticons) character
+		if (Character.isHighSurrogate(charAt) || Character.isLowSurrogate(charAt)) {
+			StringBuilder sb = new StringBuilder();
+			sb.append("\\u");
+			sb.append(String.format("%04x", ch));
+			serializedString = new SerializedString(sb.toString());
+		} else {
+			serializedString = new SerializedString(StringEscapeUtils.escapeHtml4(Character.toString(charAt)));
+		}
+
+		return serializedString;
+	}
+
+}

src/main/java/com/interplug/qcast/config/security/WebConfig.java

@@ -0,0 +1,46 @@
+package com.interplug.qcast.config.security;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.interplug.qcast.config.json.HtmlCharacterEscapes;
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * <pre>
+ * Web Config
+ * </pre>
+ *
+ * @author jaeyoung_lee (kkang090@gmail.com)
+ */
+@Configuration
+@RequiredArgsConstructor
+public class WebConfig implements WebMvcConfigurer {
+
+	private final ObjectMapper objectMapper;
+
+	@Override
+	public void addCorsMappings(CorsRegistry registry) {
+		registry.addMapping("/**").allowedOriginPatterns("*").allowCredentials(true).exposedHeaders("Authorization")
+				.allowedMethods("GET", "PUT", "POST", "PATCH", "DELETE", "OPTIONS");
+	}
+
+	/**
+	 * <pre>
+	 * XSS(Cross Site Scripting) converter
+	 * </pre>
+	 * 
+	 * @author KimYoungHyun (youngh.kim@kt.com)
+	 * @return
+	 */
+	@Bean
+	public MappingJackson2HttpMessageConverter jsonEscapeConverter() {
+		ObjectMapper copy = objectMapper.copy();
+		copy.getFactory().setCharacterEscapes(new HtmlCharacterEscapes());
+		return new MappingJackson2HttpMessageConverter(copy);
+	}
+
+}