CLAP-109 Feat: 로그인 실패를 관리하고 계정 잠금 상태를 확인하는 LoginAttemptFilter 구현

<footer>
- 관련: #59

Author: joowojr

src/main/java/clap/server/adapter/inbound/security/LoginAttemptFilter.java

@@ -0,0 +1,51 @@
+package clap.server.adapter.inbound.security;
+
+import clap.server.application.service.auth.LoginAttemptService;
+import clap.server.exception.AuthException;
+import clap.server.exception.code.CommonErrorCode;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.ArrayList;
+
+import static clap.server.common.constants.AuthConstants.SESSION_ID;
+
+
+@RequiredArgsConstructor
+@Slf4j
+public class LoginAttemptFilter extends OncePerRequestFilter {
+
+    private static final String LOGIN_ENDPOINT = "/api/auths/login";
+    private final LoginAttemptService loginAttemptService;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        String sessionId = request.getHeader(SESSION_ID.getValue().toLowerCase());
+
+        if (request.getRequestURI().equals(LOGIN_ENDPOINT)) {
+            if (sessionId == null) {
+                throw new AuthException(CommonErrorCode.BAD_REQUEST);
+            }
+            loginAttemptService.checkAccountIsLocked(sessionId);
+        }
+
+        UsernamePasswordAuthenticationToken authenticationToken =
+                new UsernamePasswordAuthenticationToken("user", null, new ArrayList<>());
+        authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+
+        filterChain.doFilter(request, response);
+    }
+
+}

src/main/java/clap/server/adapter/inbound/security/SecurityUserDetails.java

@@ -52,7 +52,7 @@ public static UserDetails from(MemberEntity member) {
                 .userId(member.getMemberId())
                 .username(member.getName())
                 .authorities(List.of(new CustomGrantedAuthority(member.getRole().name())))
-                .accountNonLocked(member.getStatus().equals(MemberStatus.INACTIVE))
+                .accountNonLocked(member.getStatus().equals(MemberStatus.ACTIVE))
                 .build();
     }
 

src/main/java/clap/server/common/constants/AuthConstants.java

@@ -4,7 +4,7 @@
 
 @Getter
 public enum AuthConstants {
-    AUTHORIZATION("Authorization"), TOKEN_PREFIX("Bearer ");
+    AUTHORIZATION("Authorization"), TOKEN_PREFIX("Bearer "), SESSION_ID("sessionId");
 
     private final String value;
 

src/main/java/clap/server/exception/code/AuthErrorCode.java

@@ -21,7 +21,10 @@ public enum AuthErrorCode implements BaseErrorCode {
     FORBIDDEN_ACCESS_TOKEN(HttpStatus.FORBIDDEN, "AUTH_012","해당 토큰에는 엑세스 권한이 없습니다."),
     INVALID_TOKEN(HttpStatus.UNAUTHORIZED,"AUTH_013", "유효하지 않은 토큰입니다."),
     REFRESH_TOKEN_NOT_FOUND(HttpStatus.UNAUTHORIZED, "AUTH_014", "리프레시 토큰을 찾을 수 없습니다."),
-    REFRESH_TOKEN_MISMATCHED(HttpStatus.UNAUTHORIZED, "AUTH_014", "리프레시 토큰이 일치하지 않습니다");
+    REFRESH_TOKEN_MISMATCHED(HttpStatus.UNAUTHORIZED, "AUTH_014", "리프레시 토큰이 일치하지 않습니다"),
+    ACCOUNT_IS_LOCKED(HttpStatus.UNAUTHORIZED, "AUTH_015", "접근할 수 없는 계정입니다."),
+    LOGIN_REQUEST_FAILED(HttpStatus.UNAUTHORIZED, "AUTH_016", "로그인에 실패하였습니다.")
+    ;
 
     private final HttpStatus httpStatus;
     private final String customCode;