diff --git a/src/main/kotlin/roomescape/auth/web/support/interceptors/UserInterceptor.kt b/src/main/kotlin/roomescape/auth/web/support/interceptors/UserInterceptor.kt index 8c9ebc81..ce02d644 100644 --- a/src/main/kotlin/roomescape/auth/web/support/interceptors/UserInterceptor.kt +++ b/src/main/kotlin/roomescape/auth/web/support/interceptors/UserInterceptor.kt @@ -8,6 +8,7 @@ import org.slf4j.MDC import org.springframework.stereotype.Component import org.springframework.web.method.HandlerMethod import org.springframework.web.servlet.HandlerInterceptor +import roomescape.auth.business.CLAIM_ADMIN_TYPE_KEY import roomescape.auth.exception.AuthErrorCode import roomescape.auth.exception.AuthException import roomescape.auth.infrastructure.jwt.JwtUtils @@ -33,14 +34,26 @@ class UserInterceptor( val token: String? = request.accessToken() try { - jwtUtils.extractSubject(token).also { - MDC.put(MDC_PRINCIPAL_ID_KEY, it) - log.info { "[UserInterceptor] 인증 완료. userId=$it" } + val id: String = jwtUtils.extractSubject(token).also { MDC.put(MDC_PRINCIPAL_ID_KEY, it) } + + /** + * CLAIM_ADMIN_TYPE_KEY 가 존재하면 관리자 토큰임 + */ + jwtUtils.extractClaim(token, key = CLAIM_ADMIN_TYPE_KEY)?.also { + log.warn { "[UserInterceptor] 관리자 토큰으로 접근 시도. userId=$id, adminType=$it" } + throw AuthException(AuthErrorCode.ACCESS_DENIED) } + + log.info { "[UserInterceptor] 인증 완료. userId=$id" } return true } catch (e: Exception) { - log.warn { "[UserInterceptor] 예상치 못한 예외: message=${e.message}" } - throw AuthException(AuthErrorCode.TEMPORARY_AUTH_ERROR) + when (e) { + is AuthException -> { throw e } + else -> { + log.warn { "[UserInterceptor] 예상치 못한 예외: message=${e.message}" } + throw AuthException(AuthErrorCode.TEMPORARY_AUTH_ERROR) + } + } } } }