diff --git a/src/main/kotlin/com/solve/global/config/security/SecurityConfig.kt b/src/main/kotlin/com/solve/global/config/security/SecurityConfig.kt index f454b58..2794df1 100644 --- a/src/main/kotlin/com/solve/global/config/security/SecurityConfig.kt +++ b/src/main/kotlin/com/solve/global/config/security/SecurityConfig.kt @@ -59,12 +59,14 @@ class SecurityConfig( .authorizeHttpRequests { it .requestMatchers(HttpMethod.GET, "/swagger-ui/**", "/v3/api-docs/**", "/api-docs").permitAll() - .requestMatchers(HttpMethod.POST, "/auth/login", "/auth/signup", "/auth/reissue").anonymous() + + .requestMatchers(HttpMethod.POST, "/auth/login", "/auth/signup", "/auth/reissue", "/auth/verify").anonymous() + .requestMatchers(HttpMethod.POST, "/admin/auth/signup").anonymous() .requestMatchers(HttpMethod.GET, "/statistics").permitAll() - .requestMatchers(HttpMethod.GET, "/posts").permitAll() - .requestMatchers(HttpMethod.GET, "/posts/{postId}").permitAll() + .requestMatchers(HttpMethod.GET, "/posts/search").permitAll() + .requestMatchers(HttpMethod.GET, "/posts", "/posts/{postId}").permitAll() .requestMatchers(HttpMethod.POST, "/posts").user() .requestMatchers(HttpMethod.PATCH, "/posts/{postId}").user() .requestMatchers(HttpMethod.DELETE, "/posts/{postId}").user() @@ -79,31 +81,56 @@ class SecurityConfig( .requestMatchers(HttpMethod.PATCH, "/posts/{postId}/comments/{commentId}/replies/{replyId}").user() .requestMatchers(HttpMethod.DELETE, "/posts/{postId}/comments/{commentId}/replies/{replyId}").user() - .requestMatchers(HttpMethod.GET, "/problems", "/problems/{problemId}").permitAll() - .requestMatchers(HttpMethod.GET, "/problems/search").permitAll() - - .requestMatchers(HttpMethod.GET, "/problems/{problemId}/test-cases").permitAll() + .requestMatchers(HttpMethod.POST, "/posts/{postId}/comments/{commentId}/likes").user() + .requestMatchers(HttpMethod.DELETE, "/posts/{postId}/comments/{commentId}/likes").user() + .requestMatchers(HttpMethod.POST, "/posts/{postId}/comments/{commentId}/replies/{replyId}/likes").user() + .requestMatchers(HttpMethod.DELETE, "/posts/{postId}/comments/{commentId}/replies/{replyId}/likes").user() - .requestMatchers(HttpMethod.GET, "/problems/{problemId}/ideas").permitAll() - .requestMatchers(HttpMethod.POST, "/problems/{problemId}/ideas").user() - .requestMatchers(HttpMethod.PATCH, "/problems/{problemId}/ideas").user() - .requestMatchers(HttpMethod.DELETE, "/problems/{problemId}/ideas/{ideaId}").user() + .requestMatchers(HttpMethod.GET, "/problems", "/problems/{problemId}", "/problems/search").permitAll() + .requestMatchers(HttpMethod.GET, "/problems/{problemId}/code").user() + .requestMatchers(HttpMethod.POST, "/problems/{problemId}/code").user() + .requestMatchers(HttpMethod.DELETE, "/problems/{problemId}/code").user() - .requestMatchers(HttpMethod.GET, "/problems/{problemId}/ideas/{ideaId}/comments").permitAll() - .requestMatchers(HttpMethod.POST, "/problems/{problemId}/ideas/{ideaId}/comments").user() - .requestMatchers(HttpMethod.PATCH, "/problems/{problemId}/ideas/{ideaId}/comments/{commentId}").user() - .requestMatchers(HttpMethod.DELETE, "/problems/{problemId}/ideas/{ideaId}/comments/{commentId}").user() + .requestMatchers(HttpMethod.POST, "/submits").user() + .requestMatchers(HttpMethod.GET, "/submits/search").permitAll() + .requestMatchers(HttpMethod.GET, "/submits/my").user() - .requestMatchers(HttpMethod.POST, "/problems/{problemId}/submit").user() + .requestMatchers(HttpMethod.POST, "/runs").user() + .requestMatchers(HttpMethod.GET, "/users/search").permitAll() + .requestMatchers(HttpMethod.GET, "/users/{username}").permitAll() .requestMatchers(HttpMethod.GET, "/users/me").user() .requestMatchers(HttpMethod.PATCH, "/users/me").user() + .requestMatchers(HttpMethod.PATCH, "/users/me/password").user() + .requestMatchers(HttpMethod.PATCH, "/users/me/avatar").user() + .requestMatchers(HttpMethod.GET, "/users/me/solved").user() - .requestMatchers(HttpMethod.GET, "/ws").permitAll() + .requestMatchers(HttpMethod.POST, "/users/me/connections").user() + .requestMatchers(HttpMethod.DELETE, "/users/me/connections/{connectionId}").user() - .requestMatchers(HttpMethod.POST, "/admin/auth/signup").anonymous() - .requestMatchers("/admin/**").admin() + .requestMatchers(HttpMethod.GET, "/workbooks", "/workbooks/{workbookId}", "/workbooks/search").permitAll() + .requestMatchers(HttpMethod.POST, "/workbooks").user() + .requestMatchers(HttpMethod.PATCH, "/workbooks/{workbookId}").user() + .requestMatchers(HttpMethod.DELETE, "/workbooks/{workbookId}").user() + .requestMatchers(HttpMethod.POST, "/workbooks/{workbookId}/problems").user() + .requestMatchers(HttpMethod.DELETE, "/workbooks/{workbookId}/problems/{problemId}").user() + + .requestMatchers(HttpMethod.POST, "/workbooks/{workbookId}/likes").user() + .requestMatchers(HttpMethod.DELETE, "/workbooks/{workbookId}/likes").user() + .requestMatchers(HttpMethod.POST, "/workbooks/{workbookId}/bookmarks").user() + .requestMatchers(HttpMethod.DELETE, "/workbooks/{workbookId}/bookmarks").user() + + .requestMatchers(HttpMethod.GET, "/contests", "/contests/{contestId}", "/contests/search").permitAll() + .requestMatchers(HttpMethod.POST, "/contests/{contestId}/participants").user() + .requestMatchers(HttpMethod.DELETE, "/contests/{contestId}/participants").user() + .requestMatchers(HttpMethod.POST, "/contests/{contestId}/problems").user() + .requestMatchers(HttpMethod.DELETE, "/contests/{contestId}/problems/{problemId}").user() + + .requestMatchers(HttpMethod.GET, "/templates/{language}").permitAll() + .requestMatchers(HttpMethod.GET, "/themes", "/themes/search").permitAll() + + .requestMatchers("/admin/**").admin() .requestMatchers("/uploads/**").permitAll() .requestMatchers("/avatars/**").permitAll()