diff --git a/ga-api/src/main/java/com/ga/api/auth/AuthController.java b/ga-api/src/main/java/com/ga/api/auth/AuthController.java index 69e5fac..83f7a0a 100644 --- a/ga-api/src/main/java/com/ga/api/auth/AuthController.java +++ b/ga-api/src/main/java/com/ga/api/auth/AuthController.java @@ -8,8 +8,6 @@ import jakarta.validation.Valid; import lombok.RequiredArgsConstructor; import org.springframework.web.bind.annotation.*; -import java.util.Map; - @Tag(name = "인증") @RestController @RequestMapping("/api/auth") @@ -24,8 +22,8 @@ public class AuthController { } @PostMapping("/refresh") - public ApiResponse refresh(@RequestBody Map body) { - return ApiResponse.ok(authService.refresh(body.get("refreshToken"))); + public ApiResponse refresh(@Valid @RequestBody RefreshTokenReq req) { + return ApiResponse.ok(authService.refresh(req.getRefreshToken())); } @GetMapping("/me") @@ -34,8 +32,8 @@ public class AuthController { } @PostMapping("/password") - public ApiResponse changePassword(@RequestBody Map body) { - authService.changePassword(body.get("oldPassword"), body.get("newPassword")); + public ApiResponse changePassword(@Valid @RequestBody ChangePasswordReq req) { + authService.changePassword(req.getOldPassword(), req.getNewPassword()); return ApiResponse.ok(); } diff --git a/ga-api/src/main/java/com/ga/api/auth/AuthService.java b/ga-api/src/main/java/com/ga/api/auth/AuthService.java index 890ec1f..5f08aaf 100644 --- a/ga-api/src/main/java/com/ga/api/auth/AuthService.java +++ b/ga-api/src/main/java/com/ga/api/auth/AuthService.java @@ -8,6 +8,7 @@ import com.ga.common.system.SystemLogMapper; import com.ga.common.util.SecurityUtil; import com.ga.core.mapper.user.UserMapper; import com.ga.core.vo.user.UserResp; +import com.ga.core.vo.user.UserStatus; import com.ga.core.vo.user.UserVO; import io.jsonwebtoken.Claims; import lombok.RequiredArgsConstructor; @@ -38,18 +39,18 @@ public class AuthService { saveLoginLog(null, req.getLoginId(), "FAIL", "USER_NOT_FOUND", ipAddress, userAgent); throw new BizException(ErrorCode.LOGIN_FAIL); } - if ("LOCKED".equals(user.getStatus())) { + if (UserStatus.LOCKED.name().equals(user.getStatus())) { saveLoginLog(user.getUserId(), req.getLoginId(), "FAIL", "ACCOUNT_LOCKED", ipAddress, userAgent); throw new BizException(ErrorCode.ACCOUNT_LOCKED); } - if ("RETIRED".equals(user.getStatus())) { + if (UserStatus.RETIRED.name().equals(user.getStatus())) { throw new BizException(ErrorCode.ACCOUNT_RETIRED); } if (!passwordEncoder.matches(req.getPassword(), user.getPassword())) { userMapper.incrementFailCount(user.getUserId()); int newFail = (user.getFailCount() == null ? 0 : user.getFailCount()) + 1; if (newFail >= failLimit) { - userMapper.updateStatus(user.getUserId(), "LOCKED"); + userMapper.updateStatus(user.getUserId(), UserStatus.LOCKED.name()); } saveLoginLog(user.getUserId(), req.getLoginId(), "FAIL", "BAD_PASSWORD", ipAddress, userAgent); throw new BizException(ErrorCode.LOGIN_FAIL); @@ -80,7 +81,7 @@ public class AuthService { } Long userId = claims.get("uid", Long.class); UserVO user = userMapper.selectById(userId); - if (user == null || !"ACTIVE".equals(user.getStatus())) { + if (user == null || !UserStatus.ACTIVE.name().equals(user.getStatus())) { throw new BizException(ErrorCode.UNAUTHORIZED); } List roles = userMapper.selectRoleCodes(userId); diff --git a/ga-api/src/main/java/com/ga/api/auth/ChangePasswordReq.java b/ga-api/src/main/java/com/ga/api/auth/ChangePasswordReq.java new file mode 100644 index 0000000..e21e526 --- /dev/null +++ b/ga-api/src/main/java/com/ga/api/auth/ChangePasswordReq.java @@ -0,0 +1,16 @@ +package com.ga.api.auth; + +import jakarta.validation.constraints.NotBlank; +import lombok.Getter; +import lombok.Setter; + +@Getter +@Setter +public class ChangePasswordReq { + + @NotBlank + private String oldPassword; + + @NotBlank + private String newPassword; +} diff --git a/ga-api/src/main/java/com/ga/api/auth/RefreshTokenReq.java b/ga-api/src/main/java/com/ga/api/auth/RefreshTokenReq.java new file mode 100644 index 0000000..c2f4d21 --- /dev/null +++ b/ga-api/src/main/java/com/ga/api/auth/RefreshTokenReq.java @@ -0,0 +1,13 @@ +package com.ga.api.auth; + +import jakarta.validation.constraints.NotBlank; +import lombok.Getter; +import lombok.Setter; + +@Getter +@Setter +public class RefreshTokenReq { + + @NotBlank + private String refreshToken; +} diff --git a/ga-api/src/main/java/com/ga/api/controller/receive/ReceiveController.java b/ga-api/src/main/java/com/ga/api/controller/receive/ReceiveController.java index ea7df41..cdde4c1 100644 --- a/ga-api/src/main/java/com/ga/api/controller/receive/ReceiveController.java +++ b/ga-api/src/main/java/com/ga/api/controller/receive/ReceiveController.java @@ -6,11 +6,11 @@ import com.ga.common.annotation.RequirePermission; import com.ga.common.model.ApiResponse; import com.ga.core.vo.receive.*; import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.validation.Valid; import lombok.RequiredArgsConstructor; import org.springframework.web.bind.annotation.*; import java.util.List; -import java.util.Map; @Tag(name = "데이터 수신") @RestController @@ -100,10 +100,8 @@ public class ReceiveController { @PutMapping("/errors/{errorId}/resolve") @RequirePermission(menu = "RECEIVE_DATA", perm = "UPDATE") @DataChangeLog(menu = "RECEIVE_DATA", table = "parse_error_log") - public ApiResponse resolveError(@PathVariable Long errorId, @RequestBody Map body) { - receiveService.resolveError(errorId, - body.getOrDefault("status", "RESOLVED"), - body.get("note")); + public ApiResponse resolveError(@PathVariable Long errorId, @Valid @RequestBody ResolveErrorReq req) { + receiveService.resolveError(errorId, req.getStatus(), req.getNote()); return ApiResponse.ok(); } } diff --git a/ga-api/src/main/java/com/ga/api/controller/receive/ResolveErrorReq.java b/ga-api/src/main/java/com/ga/api/controller/receive/ResolveErrorReq.java new file mode 100644 index 0000000..f35c12b --- /dev/null +++ b/ga-api/src/main/java/com/ga/api/controller/receive/ResolveErrorReq.java @@ -0,0 +1,15 @@ +package com.ga.api.controller.receive; + +import jakarta.validation.constraints.NotBlank; +import lombok.Getter; +import lombok.Setter; + +@Getter +@Setter +public class ResolveErrorReq { + + @NotBlank + private String status; + + private String note; +} diff --git a/ga-api/src/main/java/com/ga/api/controller/settle/PaymentController.java b/ga-api/src/main/java/com/ga/api/controller/settle/PaymentController.java index af9ce8f..19874b2 100644 --- a/ga-api/src/main/java/com/ga/api/controller/settle/PaymentController.java +++ b/ga-api/src/main/java/com/ga/api/controller/settle/PaymentController.java @@ -11,12 +11,14 @@ import com.ga.core.vo.settle.SettleSearchParam; import com.ga.core.vo.settle.TransferFileResp; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.validation.Valid; +import jakarta.validation.constraints.Pattern; import lombok.RequiredArgsConstructor; +import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; -import java.util.Map; - @Tag(name = "지급 관리") +@Validated @RestController @RequestMapping("/api/payments") @RequiredArgsConstructor @@ -35,8 +37,8 @@ public class PaymentController { @PutMapping("/{paymentId}/status") @RequirePermission(menu = "PAYMENT", perm = "UPDATE") @DataChangeLog(menu = "PAYMENT", table = "payment") - public ApiResponse updateStatus(@PathVariable Long paymentId, @RequestBody Map body) { - mapper.updateStatus(paymentId, body.get("status"), body.get("failReason")); + public ApiResponse updateStatus(@PathVariable Long paymentId, @Valid @RequestBody PaymentStatusUpdateReq req) { + mapper.updateStatus(paymentId, req.getStatus(), req.getFailReason()); return ApiResponse.ok(); } @@ -45,7 +47,7 @@ public class PaymentController { @RequirePermission(menu = "PAYMENT", perm = "EXPORT") @DataChangeLog(menu = "PAYMENT", table = "payment") public ApiResponse generateTransferFile( - @RequestParam String settleMonth, + @Pattern(regexp = "\\d{6}", message = "settleMonth는 YYYYMM 형식이어야 합니다") @RequestParam String settleMonth, @RequestParam String bankCode) { return ApiResponse.ok(transferFileService.generate(settleMonth, bankCode)); } diff --git a/ga-api/src/main/java/com/ga/api/controller/settle/PaymentStatusUpdateReq.java b/ga-api/src/main/java/com/ga/api/controller/settle/PaymentStatusUpdateReq.java new file mode 100644 index 0000000..d0db4d5 --- /dev/null +++ b/ga-api/src/main/java/com/ga/api/controller/settle/PaymentStatusUpdateReq.java @@ -0,0 +1,15 @@ +package com.ga.api.controller.settle; + +import jakarta.validation.constraints.NotBlank; +import lombok.Getter; +import lombok.Setter; + +@Getter +@Setter +public class PaymentStatusUpdateReq { + + @NotBlank + private String status; + + private String failReason; +} diff --git a/ga-api/src/main/java/com/ga/api/controller/upload/UploadController.java b/ga-api/src/main/java/com/ga/api/controller/upload/UploadController.java index 5d3eb4b..e7f21e3 100644 --- a/ga-api/src/main/java/com/ga/api/controller/upload/UploadController.java +++ b/ga-api/src/main/java/com/ga/api/controller/upload/UploadController.java @@ -9,7 +9,9 @@ import com.ga.common.annotation.RequirePermission; import com.ga.common.model.ApiResponse; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.validation.constraints.Max; import lombok.RequiredArgsConstructor; +import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -17,6 +19,7 @@ import java.util.List; import java.util.Map; @Tag(name = "엑셀 업로드") +@Validated @RestController @RequiredArgsConstructor public class UploadController { @@ -41,7 +44,7 @@ public class UploadController { public ApiResponse>> preview( @PathVariable String templateCode, @RequestParam("file") MultipartFile file, - @RequestParam(value = "limit", defaultValue = "5") int limit) { + @Max(100) @RequestParam(value = "limit", defaultValue = "5") int limit) { List> rows = uploadService.preview(templateCode, file, limit); return ApiResponse.ok(rows); } diff --git a/ga-api/src/main/java/com/ga/api/service/ledger/LedgerService.java b/ga-api/src/main/java/com/ga/api/service/ledger/LedgerService.java index 1e6cb4e..af3857a 100644 --- a/ga-api/src/main/java/com/ga/api/service/ledger/LedgerService.java +++ b/ga-api/src/main/java/com/ga/api/service/ledger/LedgerService.java @@ -9,6 +9,7 @@ import com.ga.core.mapper.ledger.MaintainLedgerMapper; import com.ga.core.mapper.ledger.RecruitLedgerMapper; import com.ga.core.vo.ledger.*; import com.ga.core.vo.ledger.ApproveStatus; +import com.ga.core.vo.ledger.ExceptionLedgerStatus; import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -69,7 +70,7 @@ public class LedgerService { vo.setRecurringMonths(req.getRecurringMonths()); vo.setRecurringLeft(req.getRecurringMonths()); vo.setApproveStatus(ApproveStatus.PENDING.name()); - vo.setStatus("NEW"); // ExceptionLedger 전용 초기 상태 — ApproveStatus에 없음 + vo.setStatus(ExceptionLedgerStatus.NEW.name()); exceptionMapper.insert(vo); return vo.getLedgerId(); } diff --git a/ga-api/src/main/java/com/ga/api/service/system/UserService.java b/ga-api/src/main/java/com/ga/api/service/system/UserService.java index 52e16f3..cbc32d8 100644 --- a/ga-api/src/main/java/com/ga/api/service/system/UserService.java +++ b/ga-api/src/main/java/com/ga/api/service/system/UserService.java @@ -8,6 +8,7 @@ import com.ga.core.mapper.user.UserMapper; import com.ga.core.vo.user.UserResp; import com.ga.core.vo.user.UserSaveReq; import com.ga.core.vo.user.UserSearchParam; +import com.ga.core.vo.user.UserStatus; import com.ga.core.vo.user.UserVO; import lombok.RequiredArgsConstructor; import org.springframework.security.crypto.password.PasswordEncoder; @@ -52,7 +53,7 @@ public class UserService { vo.setEmail(req.getEmail()); vo.setPhone(req.getPhone()); vo.setAgentId(req.getAgentId()); - vo.setStatus(req.getStatus() != null ? req.getStatus() : "ACTIVE"); + vo.setStatus(req.getStatus() != null ? req.getStatus() : UserStatus.ACTIVE.name()); mapper.insert(vo); if (req.getRoleIds() != null) { @@ -91,7 +92,7 @@ public class UserService { @Transactional public void unlock(Long userId) { mapper.resetFailCount(userId); - mapper.updateStatus(userId, "ACTIVE"); + mapper.updateStatus(userId, UserStatus.ACTIVE.name()); } public List roleCodes(Long userId) {