[Release] 수정 사항 반영 후 운영 서버 릴리즈 #169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

ksg1227 merged 26 commits into main from develop

Jan 20, 2026

src/main/java/com/kuit/findyou/domain/auth/controller/AuthController.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -3,21 +3,22 @@ @@
     import com.kuit.findyou.domain.auth.dto.ReissueTokenRequest;
     import com.kuit.findyou.domain.auth.dto.ReissueTokenResponse;
     import com.kuit.findyou.domain.auth.dto.request.GuestLoginRequest;
+    import com.kuit.findyou.domain.auth.dto.response.AdminLoginResponse;
     import com.kuit.findyou.domain.auth.dto.response.GuestLoginResponse;
     import com.kuit.findyou.domain.auth.dto.request.KakaoLoginRequest;
     import com.kuit.findyou.domain.auth.dto.response.KakaoLoginResponse;
     import com.kuit.findyou.domain.auth.service.AuthServiceFacade;
     import com.kuit.findyou.global.common.annotation.CustomExceptionDescription;
+    import com.kuit.findyou.global.common.exception.CustomException;
     import com.kuit.findyou.global.common.response.BaseResponse;
     import io.swagger.v3.oas.annotations.Operation;
     import io.swagger.v3.oas.annotations.tags.Tag;
     import lombok.RequiredArgsConstructor;
     import lombok.extern.slf4j.Slf4j;
-    import org.springframework.web.bind.annotation.PostMapping;
-    import org.springframework.web.bind.annotation.RequestBody;
-    import org.springframework.web.bind.annotation.RequestMapping;
-    import org.springframework.web.bind.annotation.RestController;
+    import org.springframework.beans.factory.annotation.Value;
+    import org.springframework.web.bind.annotation.*;
+    import static com.kuit.findyou.global.common.response.status.BaseExceptionResponseStatus.UNAUTHORIZED;
     import static com.kuit.findyou.global.common.swagger.SwaggerResponseDescription.*;
     @Tag(name = "Login", description = "로그인 관련 API")
@@ Expand All / @@ -28,6 +29,9 @@ @@
     public class AuthController {
         private final AuthServiceFacade authServiceFacade;
+        @Value("${admin.api.key}")
+        private String adminApiKey;
         @Operation(
                 summary = "카카오 로그인 API",
                 description = "카카오 사용자 식별자를 이용해서 유저 정보와 엑세스 토큰을 얻을 수 있습니다. 가입된 회원인지 여부를 반환합니다."
@@ Expand Down Expand Up @@
         public BaseResponse<ReissueTokenResponse> reissueToken(@RequestBody ReissueTokenRequest request){
             return BaseResponse.ok(authServiceFacade.reissueToken(request));
         }
+        @Operation(
+                summary = "서비스 계정 로그인 API (내부 자동화용)",
+                description = "내부 자동화/관리용 서비스 계정 토큰을 발급합니다. X-ADMIN-KEY 헤더가 필요합니다."
+        )
+        @PostMapping("/login/admin")
+        public BaseResponse<AdminLoginResponse> adminLogin(
+                @RequestHeader(value = "X-ADMIN-KEY", required = false) String adminKey
+        ) {
+            if (adminKey == null || adminKey.isBlank() || !adminApiKey.equals(adminKey)) {
+                throw new CustomException(UNAUTHORIZED);
+            }
+            return BaseResponse.ok(authServiceFacade.adminLogin());
+        }
     }

src/main/java/com/kuit/findyou/domain/auth/dto/response/AdminLoginResponse.java

-Original file line number
+Diff line change
@@ -0,0 +1,12 @@
+    package com.kuit.findyou.domain.auth.dto.response;
+    import io.swagger.v3.oas.annotations.media.Schema;
+    @Schema(description = "관리자 로그인 응답 DTO")
+    public record AdminLoginResponse(
+            @Schema(description = "관리자 유저 식별자")
+            Long userId,
+            @Schema(description = "엑세스 토큰")
+            String accessToken
+    ) {
+    }

src/main/java/com/kuit/findyou/domain/auth/service/AdminLoginService.java

-Original file line number
+Diff line change
@@ -0,0 +1,7 @@
+    package com.kuit.findyou.domain.auth.service;
+    import com.kuit.findyou.domain.auth.dto.response.AdminLoginResponse;
+    public interface AdminLoginService {
+        AdminLoginResponse adminLogin();
+    }

src/main/java/com/kuit/findyou/domain/auth/service/AdminLoginServiceImpl.java

-Original file line number
+Diff line change
@@ -0,0 +1,36 @@
+    package com.kuit.findyou.domain.auth.service;
+    import com.kuit.findyou.domain.auth.dto.response.AdminLoginResponse;
+    import com.kuit.findyou.domain.user.model.Role;
+    import com.kuit.findyou.domain.user.model.User;
+    import com.kuit.findyou.domain.user.repository.UserRepository;
+    import com.kuit.findyou.global.common.exception.CustomException;
+    import com.kuit.findyou.global.jwt.util.JwtUtil;
+    import lombok.RequiredArgsConstructor;
+    import org.springframework.beans.factory.annotation.Value;
+    import org.springframework.stereotype.Service;
+    import static com.kuit.findyou.global.common.response.status.BaseExceptionResponseStatus.USER_NOT_FOUND;
+    @RequiredArgsConstructor
+    @Service
+    public class AdminLoginServiceImpl implements AdminLoginService{
+        private final JwtUtil jwtUtil;
+        private final UserRepository userRepository;
+        @Value("${admin.admin-user-id}")
+        private Long adminUserId;
+        @Value("${admin.access-ttl-ms}")
+        private Long adminAccessTtlMs;
+        @Override
+        public AdminLoginResponse adminLogin() {
+            User user = userRepository.findById(adminUserId)
+                    .orElseThrow(() -> new CustomException(USER_NOT_FOUND));
+            String accessToken = jwtUtil.createAccessJwt(user.getId(), Role.ADMIN, adminAccessTtlMs);
+            return new AdminLoginResponse(user.getId(), accessToken);
+        }
+    }

src/main/java/com/kuit/findyou/domain/auth/service/AuthServiceFacade.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,7 @@ @@
     import com.kuit.findyou.domain.auth.dto.ReissueTokenResponse;
     import com.kuit.findyou.domain.auth.dto.request.GuestLoginRequest;
     import com.kuit.findyou.domain.auth.dto.request.KakaoLoginRequest;
+    import com.kuit.findyou.domain.auth.dto.response.AdminLoginResponse;
     import com.kuit.findyou.domain.auth.dto.response.GuestLoginResponse;
     import com.kuit.findyou.domain.auth.dto.response.KakaoLoginResponse;
     import lombok.RequiredArgsConstructor;
@@ Expand All / @@ -14,6 +15,7 @@ @@
     public class AuthServiceFacade {
         private final LoginService loginService;
         private final ReissueTokenService reissueTokenService;
+        private final AdminLoginService adminLoginService;
         public KakaoLoginResponse kakaoLogin(KakaoLoginRequest request) {
             return loginService.kakaoLogin(request);
@@ Expand All @@
         public ReissueTokenResponse reissueToken(ReissueTokenRequest request) {
             return reissueTokenService.reissueToken(request);
         }
+        public AdminLoginResponse adminLogin() {
+            return adminLoginService.adminLogin();
+        }
     }

src/main/java/com/kuit/findyou/domain/image/controller/ImageController.java

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -29,7 +29,7 @@ public class ImageController {
  
        @Operation(summary = "신고글 이미지 업로드 API", description = "멀티파트 이미지 업로드 후 CDN URL 리스트 반환")

        @CustomExceptionDescription(IMAGE_UPLOAD)

        @PreAuthorize("hasRole('ROLE_USER')")

        @PreAuthorize("hasAnyRole('ROLE_USER','ROLE_ADMIN')")

        @PostMapping(value = "/upload", consumes = MULTIPART_FORM_DATA_VALUE)

        public BaseResponse<ReportImageResponse> uploadImages(@RequestPart(value = "files", required = false) List<MultipartFile> files, @LoginUserId Long userId) {

            List<String> urls = imageUploadService.uploadImages(files);

src/main/java/com/kuit/findyou/domain/report/model/Report.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -28,7 +28,7 @@ public abstract class Report extends BaseEntity { @@
         @Column(name = "id", nullable = false)
         private Long id;
-        @Column(name = "breed", length = 20, nullable = false)
+        @Column(name = "breed", length = 50, nullable = false)
         private String breed;
         @Column(name = "species", length = 100, nullable = false)
@@ Expand Down @@

src/main/java/com/kuit/findyou/domain/user/model/Role.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -5,7 +5,7 @@ @@
     @Getter
     public enum Role {
-        USER("회원"), GUEST("비회원");
+        USER("회원"), GUEST("비회원"), ADMIN("관리자");
         private final String value;
@@ Expand Down @@

src/main/java/com/kuit/findyou/global/config/SecurityConfig.java

-Original file line number
+Diff line change
@@ -1,10 +1,12 @@
     package com.kuit.findyou.global.config;
+    import com.kuit.findyou.global.jwt.filter.AdminAllowlistFilter;
     import com.kuit.findyou.global.jwt.security.CustomAccessDeniedHandler;
     import com.kuit.findyou.global.jwt.security.CustomAuthenticationEntryPoint;
     import com.kuit.findyou.global.jwt.filter.JwtAuthenticationFilter;
     import com.kuit.findyou.global.logging.MDCLoggingFilter;
     import lombok.RequiredArgsConstructor;
+    import org.springframework.boot.web.servlet.FilterRegistrationBean;
     import org.springframework.context.annotation.Bean;
     import org.springframework.context.annotation.Configuration;
     import org.springframework.http.HttpMethod;
@@ Expand All / @@ -13,6 +15,7 @@ @@
     import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
     import org.springframework.security.config.http.SessionCreationPolicy;
     import org.springframework.security.web.SecurityFilterChain;
+    import org.springframework.security.web.access.ExceptionTranslationFilter;
     import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ Expand All / @@ -24,6 +27,7 @@ public class SecurityConfig { @@
         private final JwtAuthenticationFilter jwtAuthenticationFilter;
         private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
         private final CustomAccessDeniedHandler customAccessDeniedHandler;
+        private final AdminAllowlistFilter adminAllowlistFilter;
         // MDCLoggingFilter 명시적 빈 등록
         @Bean
@@ Expand Down Expand Up @@
             http
                     .addFilterBefore(mdcLoggingFilter(), JwtAuthenticationFilter.class);
+            http.addFilterAfter(adminAllowlistFilter, ExceptionTranslationFilter.class);
             // 토큰 검증 예외 처리 추가
             http
                     .exceptionHandling(configurer -> configurer.authenticationEntryPoint(customAuthenticationEntryPoint)
@@ Expand All @@
             return http.build();
         }
+        @Bean
+        public FilterRegistrationBean<AdminAllowlistFilter> adminAllowlistFilterRegistration(AdminAllowlistFilter filter) {
+            FilterRegistrationBean<AdminAllowlistFilter> bean = new FilterRegistrationBean<>(filter);
+            bean.setEnabled(false);
+            return bean;
+        }
     }

src/main/java/com/kuit/findyou/global/jwt/filter/AdminAllowlistFilter.java

-Original file line number
+Diff line change
@@ -0,0 +1,70 @@
+    package com.kuit.findyou.global.jwt.filter;
+    import jakarta.servlet.FilterChain;
+    import jakarta.servlet.ServletException;
+    import jakarta.servlet.http.HttpServletRequest;
+    import jakarta.servlet.http.HttpServletResponse;
+    import lombok.RequiredArgsConstructor;
+    import org.springframework.http.HttpMethod;
+    import org.springframework.security.access.AccessDeniedException;
+    import org.springframework.security.core.Authentication;
+    import org.springframework.security.core.context.SecurityContextHolder;
+    import org.springframework.stereotype.Component;
+    import org.springframework.util.AntPathMatcher;
+    import org.springframework.web.filter.OncePerRequestFilter;
+    import java.io.IOException;
+    import java.util.List;
+    @Component
+    @RequiredArgsConstructor
+    public class AdminAllowlistFilter extends OncePerRequestFilter {
+        private final AntPathMatcher matcher = new AntPathMatcher();
+        // ADMIN에게 허용되는 API
+        private static final List<Allow> ADMIN_ALLOWLIST = List.of(
+                new Allow(HttpMethod.GET.name(), "/api/v2/reports/protecting-reports/random-s3"),
+                new Allow(HttpMethod.GET.name(), "/api/v2/reports/missing-reports/random-s3"),
+                new Allow(HttpMethod.POST.name(), "/api/v2/images/upload")
+        );
+        @Override
+        protected void doFilterInternal(
+                HttpServletRequest request,
+                HttpServletResponse response,
+                FilterChain filterChain
+        ) throws ServletException, IOException {
+            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+            if (auth != null && auth.isAuthenticated()) {
+                boolean isAdmin = auth.getAuthorities().stream()
+                        .anyMatch(a -> a.getAuthority().equals("ROLE_ADMIN"));
+                if (isAdmin) {
+                    String method = request.getMethod();
+                    String path = request.getRequestURI();
+                    boolean allowed = ADMIN_ALLOWLIST.stream()
+                            .anyMatch(a -> a.method.equals(method) && matcher.match(a.pathPattern, path));
+                    if (!allowed) {
+                        throw new AccessDeniedException("ADMIN은 허용된 API만 호출할 수 있습니다.");
+                    }
+                }
+            }
+            filterChain.doFilter(request, response);
+        }
+        private static class Allow {
+            final String method;
+            final String pathPattern;
+            private Allow(String method, String pathPattern) {
+                this.method = method;
+                this.pathPattern = pathPattern;
+            }
+        }
+    }

src/main/java/com/kuit/findyou/global/jwt/security/CustomAccessDeniedHandler.java

-Original file line number
+Diff line change
@@ Expand Up @@
         @Override
         public void handle(HttpServletRequest request, HttpServletResponse response,
                            AccessDeniedException accessDeniedException) throws IOException {
-            BaseErrorResponse body =  new BaseErrorResponse(FORBIDDEN);
+            String message = accessDeniedException.getMessage();
+            BaseErrorResponse body = (message == null || message.isBlank())
+                    ? new BaseErrorResponse(FORBIDDEN)
+                    : new BaseErrorResponse(FORBIDDEN, message);
             String json = objectMapper.writeValueAsString(body);
             response.setStatus(FORBIDDEN.getCode());
@@ Expand Down @@

src/main/java/com/kuit/findyou/global/jwt/util/JwtUtil.java

-Original file line number
+Diff line change
@@ Expand Up / @@ -61,6 +61,17 @@ public String createAccessJwt(Long userId, Role role) { @@
                     .compact();
         }
+        public String createAccessJwt(Long userId, Role role, long expireMs) {
+            return Jwts.builder()
+                    .claim(JwtClaimKey.USER_ID.getKey(), userId)
+                    .claim(JwtClaimKey.ROLE.getKey(), role.name())
+                    .claim(JwtClaimKey.TOKEN_TYPE.getKey(), JwtTokenType.ACCESS_TOKEN)
+                    .issuedAt(new Date(System.currentTimeMillis()))
+                    .expiration(new Date(System.currentTimeMillis() + expireMs))
+                    .signWith(secretKey)
+                    .compact();
+        }
         public String createRefreshJwt(Long userId) {
             return Jwts.builder()
                     .id(UUID.randomUUID().toString())
@@ Expand Down @@

src/main/resources/application.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -193,3 +193,9 @@ management: @@
           exposure:
             include: health, info, prometheus
+    admin:
+      admin-user-id: ${ADMIN_USER_ID}
+      access-ttl-ms: ${ADMIN_ACCESS_TTL_MS}
+      api:
+        key: ${ADMIN_API_KEY}

src/main/resources/db/migration/V9__alter_reports_breed_column.sql

-Original file line number
+Diff line change
@@ -0,0 +1,4 @@
+    -- V9__alter_reports_breed_column.sql
+    -- reports 테이블의 breed 컬럼 길이를 20에서 50으로 변경
+    ALTER TABLE reports MODIFY COLUMN breed VARCHAR(50) NOT NULL;

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Release] 수정 사항 반영 후 운영 서버 릴리즈 #169

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!