Merge pull request #29 from SafeNet-2024/feature/add-security

[feat] 메시지 보낼 때 resolve 후 validation 진행
SafeNet-2024 · Jun 12, 2024 · bc63cce · bc63cce
2 parents 42205a9 + 5087be9
commit bc63cce
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/src/main/java/com/SafeNet/Backend/domain/message/controller/MessageController.java b/src/main/java/com/SafeNet/Backend/domain/message/controller/MessageController.java
@@ -44,11 +44,17 @@ public void message(@RequestHeader(name = "ACCESS_TOKEN", required = false) Stri
                         MessageDto messageDto) {
         try {
             // Access Token 검증
-            if (accessToken == null || !jwtTokenProvider.validateToken(accessToken)) { // 메시지 전송 전 유효한 토큰인지 검증
-                throw new AccessDeniedException("Invalid or expired token");
+            if (accessToken != null && accessToken.startsWith("Bearer ")) {
+                String token = accessToken.substring(7);
+                if (jwtTokenProvider.validateToken(token)) {
+                    // 메시지 전송 로직 호출
+                    messageRoomService.handleMessage(messageDto.getRoomId(), messageDto.getSender(), messageDto);
+                } else {
+                    throw new AccessDeniedException("Invalid or expired token");
+                }
+            } else {
+                throw new AccessDeniedException("Missing or invalid ACCESS_TOKEN header");
             }
-            // 메시지 전송 로직 호출
-            messageRoomService.handleMessage(messageDto.getRoomId(), messageDto.getSender(), messageDto);
         } catch (Exception e) {
             log.error("Failed to send message: {}", e.getMessage());
             throw e;