[#78] feat: 보호된 포스트에 대한 비밀번호를 클라이언트에서 쿠키를 통해 받아오도록 수정

src/main/java/com/mallang/comment/presentation/CommentController.java

@@ -1,5 +1,7 @@
 package com.mallang.comment.presentation;
 
+import static com.mallang.post.presentation.support.PostPresentationConstant.POST_PASSWORD_COOKIE;
+
 import com.mallang.auth.presentation.support.Auth;
 import com.mallang.auth.presentation.support.OptionalAuth;
 import com.mallang.comment.application.AuthenticatedCommentService;
@@ -12,12 +14,12 @@
 import com.mallang.comment.presentation.request.WriteAuthenticatedCommentRequest;
 import com.mallang.comment.query.CommentQueryService;
 import com.mallang.comment.query.data.CommentData;
-import com.mallang.post.presentation.support.OptionalPostPassword;
 import jakarta.annotation.Nullable;
 import java.net.URI;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -40,7 +42,7 @@ public class CommentController {
     @PostMapping
     public ResponseEntity<Void> write(
             @Auth Long memberId,
-            @OptionalPostPassword String postPassword,
+            @CookieValue(name = POST_PASSWORD_COOKIE, required = false) String postPassword,
             @RequestBody WriteAuthenticatedCommentRequest request
     ) {
         Long id = authenticatedCommentService.write(request.toCommand(memberId, postPassword));
@@ -49,7 +51,7 @@ public ResponseEntity<Void> write(
 
     @PostMapping(params = "unauthenticated=true")
     public ResponseEntity<Void> unAuthenticatedWrite(
-            @OptionalPostPassword String postPassword,
+            @CookieValue(name = POST_PASSWORD_COOKIE, required = false) String postPassword,
             @RequestBody WriteAnonymousCommentRequest request
     ) {
         Long id = unAuthenticatedCommentService.write(request.toCommand(postPassword));
@@ -58,9 +60,9 @@ public ResponseEntity<Void> unAuthenticatedWrite(
 
     @PutMapping("/{id}")
     public ResponseEntity<Void> update(
-            @OptionalPostPassword String postPassword,
             @PathVariable("id") Long commentId,
             @Auth Long memberId,
+            @CookieValue(name = POST_PASSWORD_COOKIE, required = false) String postPassword,
             @RequestBody UpdateAuthenticatedCommentRequest request
     ) {
         authenticatedCommentService.update(request.toCommand(commentId, memberId, postPassword));
@@ -69,8 +71,8 @@ public ResponseEntity<Void> update(
 
     @PutMapping(value = "/{id}", params = "unauthenticated=true")
     public ResponseEntity<Void> update(
-            @OptionalPostPassword String postPassword,
             @PathVariable("id") Long commentId,
+            @CookieValue(name = POST_PASSWORD_COOKIE, required = false) String postPassword,
             @RequestBody UpdateUnAuthenticatedCommentRequest request
     ) {
         unAuthenticatedCommentService.update(request.toCommand(commentId, postPassword));
@@ -79,9 +81,9 @@ public ResponseEntity<Void> update(
 
     @DeleteMapping("/{id}")
     public ResponseEntity<Void> delete(
-            @OptionalPostPassword String postPassword,
             @PathVariable("id") Long commentId,
-            @Auth Long memberId
+            @Auth Long memberId,
+            @CookieValue(name = POST_PASSWORD_COOKIE, required = false) String postPassword
     ) {
         DeleteAuthenticatedCommentCommand command = DeleteAuthenticatedCommentCommand.builder()
                 .postPassword(postPassword)
@@ -94,9 +96,9 @@ public ResponseEntity<Void> delete(
 
     @DeleteMapping(value = "/{id}", params = "unauthenticated=true")
     public ResponseEntity<Void> delete(
-            @OptionalPostPassword String postPassword,
-            @OptionalAuth Long memberId,
             @PathVariable("id") Long commentId,
+            @OptionalAuth Long memberId,
+            @CookieValue(name = POST_PASSWORD_COOKIE, required = false) String postPassword,
             @RequestBody DeleteUnAuthenticatedCommentRequest request
     ) {
         unAuthenticatedCommentService.delete(request.toCommand(memberId, commentId, postPassword));
@@ -105,7 +107,7 @@ public ResponseEntity<Void> delete(
 
     @GetMapping
     public ResponseEntity<List<CommentData>> findAll(
-            @OptionalPostPassword String postPassword,
+            @CookieValue(name = POST_PASSWORD_COOKIE, required = false) String postPassword,
             @Nullable @OptionalAuth Long memberId,
             @RequestParam(value = "postId", required = true) Long postId
     ) {

src/main/java/com/mallang/post/presentation/PostController.java

@@ -1,7 +1,6 @@
 package com.mallang.post.presentation;
 
-import static com.mallang.post.presentation.support.PostPresentationConstant.PROTECTED_PASSWORD_HEADER;
-import static com.mallang.post.presentation.support.PostPresentationConstant.PROTECTED_PASSWORD_SESSION;
+import static com.mallang.post.presentation.support.PostPresentationConstant.POST_PASSWORD_COOKIE;
 
 import com.mallang.auth.presentation.support.Auth;
 import com.mallang.auth.presentation.support.OptionalAuth;
@@ -13,20 +12,18 @@
 import com.mallang.post.query.data.PostDetailData;
 import com.mallang.post.query.data.PostSearchCond;
 import com.mallang.post.query.data.PostSimpleData;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpSession;
 import java.net.URI;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -69,23 +66,10 @@ public ResponseEntity<Void> delete(
     @GetMapping("/{id}")
     public ResponseEntity<PostDetailData> getById(
             @OptionalAuth Long memberId,
+            @CookieValue(name = POST_PASSWORD_COOKIE, required = false) String postPassword,
             @PathVariable(name = "id") Long id
     ) {
-        return ResponseEntity.ok(postQueryService.getById(memberId, id));
-    }
-
-    @GetMapping(path = "/{id}", headers = {PROTECTED_PASSWORD_HEADER})
-    public ResponseEntity<PostDetailData> getProtectedById(
-            @RequestHeader(name = PROTECTED_PASSWORD_HEADER) String password,
-            @OptionalAuth Long memberId,
-            @PathVariable(name = "id") Long id,
-            HttpServletRequest request
-    ) {
-        PostDetailData data = postQueryService.getProtectedById(memberId, id, password);
-        HttpSession session = request.getSession(true);
-        session.setAttribute(PROTECTED_PASSWORD_SESSION, password);
-        session.setMaxInactiveInterval(86400);
-        return ResponseEntity.ok(data);
+        return ResponseEntity.ok(postQueryService.getById(memberId, postPassword, id));
     }
 
     @GetMapping

src/main/java/com/mallang/post/presentation/PostLikeController.java

@@ -1,14 +1,15 @@
 package com.mallang.post.presentation;
 
+import static com.mallang.post.presentation.support.PostPresentationConstant.POST_PASSWORD_COOKIE;
 import static org.springframework.http.HttpStatus.CREATED;
 
 import com.mallang.auth.presentation.support.Auth;
 import com.mallang.post.application.PostLikeService;
 import com.mallang.post.presentation.request.CancelPostLikeRequest;
 import com.mallang.post.presentation.request.ClickPostLikeRequest;
-import com.mallang.post.presentation.support.OptionalPostPassword;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -25,7 +26,7 @@ public class PostLikeController {
     @PostMapping
     public ResponseEntity<Void> click(
             @Auth Long memberId,
-            @OptionalPostPassword String postPassword,
+            @CookieValue(name = POST_PASSWORD_COOKIE, required = false) String postPassword,
             @RequestBody ClickPostLikeRequest request
     ) {
         postLikeService.click(request.toCommand(memberId, postPassword));
@@ -35,7 +36,7 @@ public ResponseEntity<Void> click(
     @DeleteMapping
     public ResponseEntity<Void> cancel(
             @Auth Long memberId,
-            @OptionalPostPassword String postPassword,
+            @CookieValue(name = POST_PASSWORD_COOKIE, required = false) String postPassword,
             @RequestBody CancelPostLikeRequest request
     ) {
         postLikeService.cancel(request.toCommand(memberId, postPassword));

src/main/java/com/mallang/post/presentation/support/PostPresentationConstant.java

@@ -2,6 +2,5 @@
 
 public class PostPresentationConstant {
 
-    public static final String PROTECTED_PASSWORD_HEADER = "PROTECTED_PASSWORD";
-    public static final String PROTECTED_PASSWORD_SESSION = "PROTECTED_PASSWORD";
+    public static final String POST_PASSWORD_COOKIE = "POST_PASSWORD";
 }

src/main/java/com/mallang/post/query/PostDataProtector.java

@@ -3,19 +3,28 @@
 import com.mallang.post.domain.visibility.PostVisibilityPolicy.Visibility;
 import com.mallang.post.query.data.PostDetailData;
 import com.mallang.post.query.data.PostSimpleData;
+import jakarta.annotation.Nullable;
 import java.util.List;
+import java.util.Objects;
 import org.springframework.stereotype.Component;
 
 @Component
 public class PostDataProtector {
 
-    public PostDetailData protectIfRequired(Long memberId, PostDetailData postDetailData) {
+    public PostDetailData protectIfRequired(
+            @Nullable Long memberId,
+            @Nullable String postPassword,
+            PostDetailData postDetailData
+    ) {
         if (isNotProtected(postDetailData.visibility())) {
             return postDetailData;
         }
         if (postDetailData.writerInfo().writerId().equals(memberId)) {
             return postDetailData;
         }
+        if (postDetailData.password() != null && Objects.equals(postDetailData.password(), postPassword)) {
+            return postDetailData;
+        }
         return new PostDetailData(
                 postDetailData.id(),
                 postDetailData.title(),

src/main/java/com/mallang/post/query/PostDataValidator.java

@@ -1,7 +1,6 @@
 package com.mallang.post.query;
 
 import com.mallang.post.domain.visibility.PostVisibilityPolicy.Visibility;
-import com.mallang.post.exception.IncorrectAccessPostException;
 import com.mallang.post.exception.NoAuthorityAccessPostException;
 import com.mallang.post.query.data.PostDetailData;
 import org.springframework.stereotype.Component;
@@ -17,13 +16,4 @@ public void validateAccessPost(Long memberId, PostDetailData postDetailData) {
             throw new NoAuthorityAccessPostException();
         }
     }
-
-    public void validateAccessProtectedPost(PostDetailData postDetailData, String password) {
-        if (postDetailData.visibility() != Visibility.PROTECTED) {
-            throw new IncorrectAccessPostException();
-        }
-        if (!postDetailData.password().equals(password)) {
-            throw new NoAuthorityAccessPostException();
-        }
-    }
 }

src/main/java/com/mallang/post/query/PostQueryService.java

@@ -21,16 +21,10 @@ public class PostQueryService {
     private final PostDataValidator postDataValidator;
     private final PostDataProtector postDataProtector;
 
-    public PostDetailData getById(@Nullable Long memberId, Long id) {
+    public PostDetailData getById(@Nullable Long memberId, @Nullable String postPassword, Long id) {
         PostDetailData postDetailData = postDetailDataDao.find(memberId, id);
         postDataValidator.validateAccessPost(memberId, postDetailData);
-        return postDataProtector.protectIfRequired(memberId, postDetailData);
-    }
-
-    public PostDetailData getProtectedById(@Nullable Long memberId, Long id, String password) {
-        PostDetailData postDetailData = postDetailDataDao.find(memberId, id);
-        postDataValidator.validateAccessProtectedPost(postDetailData, password);
-        return postDetailData;
+        return postDataProtector.protectIfRequired(memberId, postPassword, postDetailData);
     }
 
     public List<PostSimpleData> search(@Nullable Long memberId, PostSearchCond cond) {