From 73b2021da028c4e49e16acab892f3d5ac6e5f28a Mon Sep 17 00:00:00 2001
From: seungheonlee <lsh2613@naver.com>
Date: Sun, 24 Aug 2025 20:08:41 +0900
Subject: [PATCH] =?UTF-8?q?refactor:=20=EC=8A=A4=ED=84=B0=EB=94=94=20?=
 =?UTF-8?q?=EC=B1=84=ED=8C=85=20=EB=A9=94=EC=8B=9C=EC=A7=80=20=EC=A1=B0?=
 =?UTF-8?q?=ED=9A=8C=20endpoint=20=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- studyChatRoomId 쿼리 파라미터 제거
- studyChatRoomId 검증을 위한 StudyMemberSecurity 구현
---
 .../common/auth/StudyMemberSecurity.java      | 38 +++++++++++++++++++
 .../application/StudyChatMessageService.java  |  5 +--
 .../api/StudyChatMessageController.java       |  7 ++--
 .../StudyChatMessageServiceTest.java          |  6 +--
 4 files changed, 46 insertions(+), 10 deletions(-)
 create mode 100644 src/main/java/com/mos/backend/common/auth/StudyMemberSecurity.java

diff --git a/src/main/java/com/mos/backend/common/auth/StudyMemberSecurity.java b/src/main/java/com/mos/backend/common/auth/StudyMemberSecurity.java
new file mode 100644
index 00000000..882e8c74
--- /dev/null
+++ b/src/main/java/com/mos/backend/common/auth/StudyMemberSecurity.java
@@ -0,0 +1,38 @@
+package com.mos.backend.common.auth;
+
+import com.mos.backend.common.exception.MosException;
+import com.mos.backend.common.infrastructure.EntityFacade;
+import com.mos.backend.studychatrooms.entity.StudyChatRoom;
+import com.mos.backend.users.entity.User;
+import com.mos.backend.users.entity.exception.UserErrorCode;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+
+@Component("studyMemberSecurity")
+@RequiredArgsConstructor
+public class StudyMemberSecurity {
+    private final EntityFacade entityFacade;
+
+    public boolean isMemberOrAdmin(long studyChatRoomId) {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        isAuthenticated(authentication);
+
+        Long currentUserId = Long.valueOf(authentication.getName());
+        User currentUser = entityFacade.getUser(currentUserId);
+
+        StudyChatRoom studyChatRoom = entityFacade.getStudyChatRoom(studyChatRoomId);
+
+        if (currentUser.isAdmin()) {
+            return true;
+        }
+        return entityFacade.getStudyMember(currentUserId, studyChatRoom.getStudy().getId()) != null;
+    }
+
+    private static void isAuthenticated(Authentication authentication) {
+        if (authentication == null || !authentication.isAuthenticated()) {
+            throw new MosException(UserErrorCode.USER_UNAUTHORIZED);
+        }
+    }
+}
diff --git a/src/main/java/com/mos/backend/studychatmessages/application/StudyChatMessageService.java b/src/main/java/com/mos/backend/studychatmessages/application/StudyChatMessageService.java
index d4167e7a..513b116a 100644
--- a/src/main/java/com/mos/backend/studychatmessages/application/StudyChatMessageService.java
+++ b/src/main/java/com/mos/backend/studychatmessages/application/StudyChatMessageService.java
@@ -8,7 +8,6 @@
 import com.mos.backend.studychatmessages.application.dto.StudyChatMessageDto;
 import com.mos.backend.studychatmessages.application.res.StudyChatMessageRes;
 import com.mos.backend.studychatmessages.entity.StudyChatMessage;
-import com.mos.backend.studychatmessages.entity.exception.StudyChatMessageErrorCode;
 import com.mos.backend.studychatmessages.infrastructure.StudyChatMessageRepository;
 import com.mos.backend.studychatmessages.presentation.req.StudyChatMessagePublishReq;
 import com.mos.backend.studychatrooms.application.dto.StudyChatRoomInfoMessageDto;
@@ -64,9 +63,9 @@ private StudyChatMessage saveStudyChatMessage(StudyChatMessagePublishReq req, Us
         return studyChatMessageRepository.save(studyChatMessage);
     }
 
-    @PreAuthorize("@studySecurity.isMemberOrAdmin(#studyId)")
+    @PreAuthorize("@studyMemberSecurity.isMemberOrAdmin(#studyChatRoomId)")
     @Transactional(readOnly = true)
-    public InfinityScrollRes<StudyChatMessageRes> getStudyChatMessages(Long studyId, Long studyChatRoomId, Long lastStudyChatMessageId, Integer size) {
+    public InfinityScrollRes<StudyChatMessageRes> getStudyChatMessages(Long studyChatRoomId, Long lastStudyChatMessageId, Integer size) {
         StudyChatRoom studyChatRoom = entityFacade.getStudyChatRoom(studyChatRoomId);
 
         List<StudyChatMessage> studyChatMessages = studyChatMessageRepository.findAllByChatRoomIdForInfiniteScroll(
diff --git a/src/main/java/com/mos/backend/studychatmessages/presentation/controller/api/StudyChatMessageController.java b/src/main/java/com/mos/backend/studychatmessages/presentation/controller/api/StudyChatMessageController.java
index 4dad2309..9fbd216b 100644
--- a/src/main/java/com/mos/backend/studychatmessages/presentation/controller/api/StudyChatMessageController.java
+++ b/src/main/java/com/mos/backend/studychatmessages/presentation/controller/api/StudyChatMessageController.java
@@ -30,11 +30,10 @@ public void publishPrivateChatMessage(Message<?> message,
         studyChatMessageService.publish(userId, studyChatRoomId, studyChatMessagePublishReq);
     }
 
-    @GetMapping("/studies/{studyId}/chat-rooms/{studyChatRoomId}/messages")
-    public InfinityScrollRes<StudyChatMessageRes> getStudyChatMessages(@PathVariable Long studyId,
-                                                                       @PathVariable Long studyChatRoomId,
+    @GetMapping("/studies/chat-rooms/{studyChatRoomId}/messages")
+    public InfinityScrollRes<StudyChatMessageRes> getStudyChatMessages(@PathVariable Long studyChatRoomId,
                                                                        @RequestParam(required = false) Long lastStudyChatMessageId,
                                                                        @RequestParam(defaultValue = "10") Integer size) {
-        return studyChatMessageService.getStudyChatMessages(studyId, studyChatRoomId, lastStudyChatMessageId, size);
+        return studyChatMessageService.getStudyChatMessages(studyChatRoomId, lastStudyChatMessageId, size);
     }
 }
diff --git a/src/test/java/com/mos/backend/studychatmessages/application/StudyChatMessageServiceTest.java b/src/test/java/com/mos/backend/studychatmessages/application/StudyChatMessageServiceTest.java
index 4211a7c9..487f2029 100644
--- a/src/test/java/com/mos/backend/studychatmessages/application/StudyChatMessageServiceTest.java
+++ b/src/test/java/com/mos/backend/studychatmessages/application/StudyChatMessageServiceTest.java
@@ -52,10 +52,10 @@ void getStudyChatMessages_Success() {
 
             // When
             InfinityScrollRes<StudyChatMessageRes> result1 = studyChatMessageService.getStudyChatMessages(
-                    study.getId(), studyChatRoom.getId(), lastStudyChatMessageId, size
+                    studyChatRoom.getId(), lastStudyChatMessageId, size
             );
             InfinityScrollRes<StudyChatMessageRes> result2 = studyChatMessageService.getStudyChatMessages(
-                    study.getId(), studyChatRoom.getId(), result1.getLastElementId(), size
+                    studyChatRoom.getId(), result1.getLastElementId(), size
             );
 
             // Then
@@ -78,4 +78,4 @@ private void saveStudyChatMessages(User user, StudyChatRoom studyChatRoom, int s
             }
         }
     }
-}
\ No newline at end of file
+}