[Refactor] 내부 자동화를 위한 관리자용 로그인 API 추가 (장기 refresh 토큰 기반)

src/main/java/com/kuit/findyou/domain/auth/controller/AuthController.java

@@ -3,21 +3,22 @@
 import com.kuit.findyou.domain.auth.dto.ReissueTokenRequest;
 import com.kuit.findyou.domain.auth.dto.ReissueTokenResponse;
 import com.kuit.findyou.domain.auth.dto.request.GuestLoginRequest;
+import com.kuit.findyou.domain.auth.dto.response.AdminLoginResponse;
 import com.kuit.findyou.domain.auth.dto.response.GuestLoginResponse;
 import com.kuit.findyou.domain.auth.dto.request.KakaoLoginRequest;
 import com.kuit.findyou.domain.auth.dto.response.KakaoLoginResponse;
 import com.kuit.findyou.domain.auth.service.AuthServiceFacade;
 import com.kuit.findyou.global.common.annotation.CustomExceptionDescription;
+import com.kuit.findyou.global.common.exception.CustomException;
 import com.kuit.findyou.global.common.response.BaseResponse;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.web.bind.annotation.*;
 
+import static com.kuit.findyou.global.common.response.status.BaseExceptionResponseStatus.UNAUTHORIZED;
 import static com.kuit.findyou.global.common.swagger.SwaggerResponseDescription.*;
 
 @Tag(name = "Login", description = "로그인 관련 API")
@@ -28,6 +29,9 @@
 public class AuthController {
     private final AuthServiceFacade authServiceFacade;
 
+    @Value("${admin.api.key}")
+    private String adminApiKey;
+
     @Operation(
             summary = "카카오 로그인 API",
             description = "카카오 사용자 식별자를 이용해서 유저 정보와 엑세스 토큰을 얻을 수 있습니다. 가입된 회원인지 여부를 반환합니다."
@@ -58,4 +62,18 @@ public BaseResponse<GuestLoginResponse> guestLogin(@RequestBody GuestLoginReques
     public BaseResponse<ReissueTokenResponse> reissueToken(@RequestBody ReissueTokenRequest request){
         return BaseResponse.ok(authServiceFacade.reissueToken(request));
     }
+
+    @Operation(
+            summary = "서비스 계정 로그인 API (내부 자동화용)",
+            description = "내부 자동화/관리용 서비스 계정 토큰을 발급합니다. X-ADMIN-KEY 헤더가 필요합니다."
+    )
+    @PostMapping("/login/admin")
+    public BaseResponse<AdminLoginResponse> adminLogin(
+            @RequestHeader(value = "X-ADMIN-KEY", required = false) String adminKey
+    ) {
+        if (adminKey == null || adminKey.isBlank() || !adminApiKey.equals(adminKey)) {
+            throw new CustomException(UNAUTHORIZED);
+        }
+        return BaseResponse.ok(authServiceFacade.adminLogin());
+    }
 }

src/main/java/com/kuit/findyou/domain/auth/dto/response/AdminLoginResponse.java

@@ -0,0 +1,4 @@
+package com.kuit.findyou.domain.auth.dto.response;
+
+public record AdminLoginResponse(String accessToken, String refreshToken) {
+}

src/main/java/com/kuit/findyou/domain/auth/repository/RedisRefreshTokenRepository.java

@@ -6,4 +6,5 @@ public interface RedisRefreshTokenRepository {
     Optional<String> findByUserId(Long userId);
 
     void save(Long id, String refreshToken);
+    void save(Long id, String refreshToken, long ttlMs);
 }

src/main/java/com/kuit/findyou/domain/auth/repository/RedisRefreshTokenRepositoryImpl.java

@@ -30,4 +30,9 @@ public Optional<String> findByUserId(Long userId) {
     public void save(Long userId, String refreshToken) {
         redisTemplate.opsForValue().set(key(userId), refreshToken, Duration.ofMillis(refreshTokenExpireMs));
     }
+
+    @Override
+    public void save(Long userId, String refreshToken, long ttlMs) {
+        redisTemplate.opsForValue().set(key(userId), refreshToken, Duration.ofMillis(ttlMs));
+    }
 }

src/main/java/com/kuit/findyou/domain/auth/service/AdminLoginService.java

@@ -0,0 +1,7 @@
+package com.kuit.findyou.domain.auth.service;
+
+import com.kuit.findyou.domain.auth.dto.response.AdminLoginResponse;
+
+public interface AdminLoginService {
+    AdminLoginResponse adminLogin();
+}

src/main/java/com/kuit/findyou/domain/auth/service/AdminLoginServiceImpl.java

@@ -0,0 +1,41 @@
+package com.kuit.findyou.domain.auth.service;
+
+import com.kuit.findyou.domain.auth.dto.response.AdminLoginResponse;
+import com.kuit.findyou.domain.auth.repository.RedisRefreshTokenRepository;
+import com.kuit.findyou.domain.user.model.User;
+import com.kuit.findyou.domain.user.repository.UserRepository;
+import com.kuit.findyou.global.common.exception.CustomException;
+import com.kuit.findyou.global.jwt.util.JwtUtil;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import static com.kuit.findyou.global.common.response.status.BaseExceptionResponseStatus.USER_NOT_FOUND;
+
+@RequiredArgsConstructor
+@Service
+public class AdminLoginServiceImpl implements AdminLoginService{
+    private final JwtUtil jwtUtil;
+    private final UserRepository userRepository;
+    private final RedisRefreshTokenRepository redisRefreshTokenRepository;
+
+    @Value("${admin.admin-user-id}")
+    private Long adminUserId;
+
+    @Value("${admin.refresh-ttl-ms}")
+    private Long adminRefreshTtlMs;
+
+    @Override
+    public AdminLoginResponse adminLogin() {
+        User user = userRepository.findById(adminUserId)
+                .orElseThrow(() -> new CustomException(USER_NOT_FOUND));
+
+        String accessToken = jwtUtil.createAccessJwt(user.getId(), user.getRole());
+        String refreshToken = jwtUtil.createRefreshJwt(user.getId(), adminRefreshTtlMs);
+
+        // 관리자 계정만 TTL 1년으로 저장
+        redisRefreshTokenRepository.save(user.getId(), refreshToken, adminRefreshTtlMs);
+
+        return new AdminLoginResponse(accessToken, refreshToken);
+    }
+}

src/main/java/com/kuit/findyou/domain/auth/service/AuthServiceFacade.java

@@ -4,6 +4,7 @@
 import com.kuit.findyou.domain.auth.dto.ReissueTokenResponse;
 import com.kuit.findyou.domain.auth.dto.request.GuestLoginRequest;
 import com.kuit.findyou.domain.auth.dto.request.KakaoLoginRequest;
+import com.kuit.findyou.domain.auth.dto.response.AdminLoginResponse;
 import com.kuit.findyou.domain.auth.dto.response.GuestLoginResponse;
 import com.kuit.findyou.domain.auth.dto.response.KakaoLoginResponse;
 import lombok.RequiredArgsConstructor;
@@ -14,6 +15,7 @@
 public class AuthServiceFacade {
     private final LoginService loginService;
     private final ReissueTokenService reissueTokenService;
+    private final AdminLoginService adminLoginService;
 
     public KakaoLoginResponse kakaoLogin(KakaoLoginRequest request) {
         return loginService.kakaoLogin(request);
@@ -26,4 +28,8 @@ public GuestLoginResponse guestLogin(GuestLoginRequest request) {
     public ReissueTokenResponse reissueToken(ReissueTokenRequest request) {
         return reissueTokenService.reissueToken(request);
     }
+
+    public AdminLoginResponse adminLogin() {
+        return adminLoginService.adminLogin();
+    }
 }

src/main/java/com/kuit/findyou/global/jwt/util/JwtUtil.java

@@ -72,6 +72,17 @@ public String createRefreshJwt(Long userId) {
                 .compact();
     }
 
+    public String createRefreshJwt(Long userId, long expireMs) {
+        return Jwts.builder()
+                .id(UUID.randomUUID().toString())
+                .claim(JwtClaimKey.USER_ID.getKey(), userId)
+                .claim(JwtClaimKey.TOKEN_TYPE.getKey(), JwtTokenType.REFRESH_TOKEN)
+                .issuedAt(new Date(System.currentTimeMillis()))
+                .expiration(new Date(System.currentTimeMillis() + expireMs))
+                .signWith(secretKey)
+                .compact();
+    }
+
     public void validateJwt(String token){
         log.info("validateJwt");
         try{

src/main/resources/application.yml

@@ -193,3 +193,9 @@ management:
       exposure:
         include: health, info, prometheus
 
+
+admin:
+  admin-user-id: ${ADMIN_USER_ID}
+  refresh-ttl-ms: ${ADMIN_REFRESH_TTL_MS}
+  api:
+    key: ${ADMIN_API_KEY}

src/test/java/com/kuit/findyou/domain/auth/controller/AuthControllerTest.java

@@ -3,8 +3,9 @@
 import com.kuit.findyou.domain.auth.dto.ReissueTokenRequest;
 import com.kuit.findyou.domain.auth.dto.ReissueTokenResponse;
 import com.kuit.findyou.domain.auth.dto.request.GuestLoginRequest;
-import com.kuit.findyou.domain.auth.dto.response.GuestLoginResponse;
 import com.kuit.findyou.domain.auth.dto.request.KakaoLoginRequest;
+import com.kuit.findyou.domain.auth.dto.response.AdminLoginResponse;
+import com.kuit.findyou.domain.auth.dto.response.GuestLoginResponse;
 import com.kuit.findyou.domain.auth.dto.response.KakaoLoginResponse;
 import com.kuit.findyou.domain.auth.repository.RedisRefreshTokenRepository;
 import com.kuit.findyou.domain.user.model.Role;
@@ -13,6 +14,7 @@
 import com.kuit.findyou.global.common.response.BaseErrorResponse;
 import com.kuit.findyou.global.common.response.BaseResponse;
 import com.kuit.findyou.global.common.util.DatabaseCleaner;
+import com.kuit.findyou.global.common.util.TestInitializer;
 import com.kuit.findyou.global.config.RedisTestContainersConfig;
 import com.kuit.findyou.global.config.TestDatabaseConfig;
 import com.kuit.findyou.global.jwt.util.JwtClaimKey;
@@ -22,7 +24,10 @@
 import io.restassured.RestAssured;
 import io.restassured.common.mapper.TypeRef;
 import io.restassured.http.ContentType;
-import org.junit.jupiter.api.*;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -60,6 +65,15 @@ class AuthControllerTest {
     @Autowired
     private DatabaseCleaner databaseCleaner;
 
+    @Autowired
+    TestInitializer testInitializer;
+
+    @Value("${admin.api.key}")
+    String adminApiKey;
+
+    @Value("${admin.admin-user-id}")
+    Long adminUserId;
+
     @Value("${findyou.jwt.secret-key}") 
     String secret;
 
@@ -255,4 +269,139 @@ void reissueToken_shouldReturnNotFound_WhenRefreshTokenIsNotMatched(){
         assertThat(response.getCode()).isEqualTo(REFRESH_TOKEN_NOT_FOUND.getCode());
         assertThat(response.getMessage()).isEqualTo(REFRESH_TOKEN_NOT_FOUND.getMessage());
     }
+
+    @DisplayName("관리자 키가 유효하면 관리자 로그인 성공(토큰 반환 + Redis 저장)")
+    @Test
+    void adminLogin_shouldReturnTokens_WhenValidAdminKey() {
+        // given
+        testInitializer.insertAdminUserWithFixedId(adminUserId, Role.USER);
+
+        // when
+        BaseResponse<AdminLoginResponse> response = given()
+                .contentType(ContentType.JSON)
+                .accept(ContentType.JSON)
+                .header("X-ADMIN-KEY", adminApiKey)
+                .body("{}")
+                .when()
+                .post("/api/v2/auth/login/admin")
+                .then()
+                .statusCode(200)
+                .extract()
+                .as(new TypeRef<BaseResponse<AdminLoginResponse>>() {});
+
+        // then
+        String access = response.getData().accessToken();
+        String refresh = response.getData().refreshToken();
+
+        assertThat(access).isNotBlank();
+        assertThat(refresh).isNotBlank();
+
+        // access 토큰 검증
+        assertThat(jwtUtil.getUserId(access)).isEqualTo(adminUserId);
+        assertThat(jwtUtil.getTokenType(access)).isEqualTo(JwtTokenType.ACCESS_TOKEN);
+
+        // refresh 토큰 검증
+        assertThat(jwtUtil.getUserId(refresh)).isEqualTo(adminUserId);
+        assertThat(jwtUtil.getTokenType(refresh)).isEqualTo(JwtTokenType.REFRESH_TOKEN);
+
+        // Redis에 저장됐는지 확인 (현재 저장값 == 발급 refresh)
+        String saved = redisRefreshTokenRepository.findByUserId(adminUserId).orElse(null);
+        assertThat(saved).isEqualTo(refresh);
+    }
+
+    @DisplayName("관리자 키가 틀리면 401을 반환한다")
+    @Test
+    void adminLogin_shouldReturnUnauthorized_WhenInvalidAdminKey() {
+        // given
+        testInitializer.insertAdminUserWithFixedId(adminUserId, Role.USER);
+
+        // when
+        BaseErrorResponse response = given()
+                .contentType(ContentType.JSON)
+                .accept(ContentType.JSON)
+                .header("X-ADMIN-KEY", "wrong-key")
+                .body("{}")
+                .when()
+                .post("/api/v2/auth/login/admin")
+                .then()
+                .extract()
+                .as(new TypeRef<BaseErrorResponse>() {});
+
+        // then
+        assertThat(response.getCode()).isEqualTo(UNAUTHORIZED.getCode());
+        assertThat(response.getMessage()).isEqualTo(UNAUTHORIZED.getMessage());
+        assertThat(response.getSuccess()).isFalse();
+    }
+    @DisplayName("관리자 키 헤더가 없으면 401을 반환한다")
+    @Test
+    void adminLogin_shouldReturnUnauthorized_WhenAdminKeyMissing() {
+        // given
+        testInitializer.insertAdminUserWithFixedId(adminUserId, Role.USER);
+
+        // when
+        BaseErrorResponse response = given()
+                .contentType(ContentType.JSON)
+                .accept(ContentType.JSON)
+                .body("{}")
+                .when()
+                .post("/api/v2/auth/login/admin")
+                .then()
+                .extract()
+                .as(new TypeRef<BaseErrorResponse>() {});
+
+        // then
+        assertThat(response.getCode()).isEqualTo(UNAUTHORIZED.getCode());
+        assertThat(response.getMessage()).isEqualTo(UNAUTHORIZED.getMessage());
+        assertThat(response.getSuccess()).isFalse();
+    }
+
+    @DisplayName("관리자 키가 빈 문자열이면 401을 반환한다")
+    @Test
+    void adminLogin_shouldReturnUnauthorized_WhenAdminKeyIsBlank() {
+        // given
+        testInitializer.insertAdminUserWithFixedId(adminUserId, Role.USER);
+
+        // when
+        BaseErrorResponse response = given()
+                .contentType(ContentType.JSON)
+                .accept(ContentType.JSON)
+                .header("X-ADMIN-KEY", "")
+                .body("{}")
+                .when()
+                .post("/api/v2/auth/login/admin")
+                .then()
+                .extract()
+                .as(new TypeRef<BaseErrorResponse>() {});
+
+        // then
+        assertThat(response.getCode()).isEqualTo(UNAUTHORIZED.getCode());
+        assertThat(response.getMessage()).isEqualTo(UNAUTHORIZED.getMessage());
+        assertThat(response.getSuccess()).isFalse();
+    }
+
+
+    @DisplayName("관리자 유저가 존재하지 않으면 404(USER_NOT_FOUND)를 반환한다")
+    @Test
+    void adminLogin_shouldReturnNotFound_WhenAdminUserDoesNotExist() {
+        // given: insertAdminUserWithFixedId 호출 안 함
+
+        // when
+        BaseErrorResponse response = given()
+                .contentType(ContentType.JSON)
+                .accept(ContentType.JSON)
+                .header("X-ADMIN-KEY", adminApiKey)
+                .body("{}")
+                .when()
+                .post("/api/v2/auth/login/admin")
+                .then()
+                .extract()
+                .as(new TypeRef<BaseErrorResponse>() {});
+
+        // then
+        assertThat(response.getCode()).isEqualTo(USER_NOT_FOUND.getCode());
+        assertThat(response.getMessage()).isEqualTo(USER_NOT_FOUND.getMessage());
+        assertThat(response.getSuccess()).isFalse();
+    }
+
+
 }