refactor(api): Map→SaveReq DTO 교체 + 입력 검증 + 잔여 Enum 적용 (리뷰 3b)
infra-reviewer가 지적한 입력 검증 누락 5건과 잔여 매직 스트링 정리.
Map<String,String> 입력 제거 — 신규 DTO 4종:
- auth/ChangePasswordReq (@NotBlank oldPassword/newPassword)
- auth/RefreshTokenReq (@NotBlank refreshToken)
- controller/settle/PaymentStatusUpdateReq (@NotBlank status)
- controller/receive/ResolveErrorReq (@NotBlank status, optional note)
검증 보강:
- PaymentController.generateTransferFile — settleMonth @Pattern("\d{6}")
- UploadController.preview — limit @Max(100)
잔여 매직 스트링 → 3a Enum 적용:
- AuthService 4곳 — UserStatus.LOCKED/RETIRED/ACTIVE
- UserService 2곳 — UserStatus.ACTIVE
- LedgerService:71 — ExceptionLedgerStatus.NEW
This commit is contained in:
@@ -8,6 +8,7 @@ import com.ga.common.system.SystemLogMapper;
|
||||
import com.ga.common.util.SecurityUtil;
|
||||
import com.ga.core.mapper.user.UserMapper;
|
||||
import com.ga.core.vo.user.UserResp;
|
||||
import com.ga.core.vo.user.UserStatus;
|
||||
import com.ga.core.vo.user.UserVO;
|
||||
import io.jsonwebtoken.Claims;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
@@ -38,18 +39,18 @@ public class AuthService {
|
||||
saveLoginLog(null, req.getLoginId(), "FAIL", "USER_NOT_FOUND", ipAddress, userAgent);
|
||||
throw new BizException(ErrorCode.LOGIN_FAIL);
|
||||
}
|
||||
if ("LOCKED".equals(user.getStatus())) {
|
||||
if (UserStatus.LOCKED.name().equals(user.getStatus())) {
|
||||
saveLoginLog(user.getUserId(), req.getLoginId(), "FAIL", "ACCOUNT_LOCKED", ipAddress, userAgent);
|
||||
throw new BizException(ErrorCode.ACCOUNT_LOCKED);
|
||||
}
|
||||
if ("RETIRED".equals(user.getStatus())) {
|
||||
if (UserStatus.RETIRED.name().equals(user.getStatus())) {
|
||||
throw new BizException(ErrorCode.ACCOUNT_RETIRED);
|
||||
}
|
||||
if (!passwordEncoder.matches(req.getPassword(), user.getPassword())) {
|
||||
userMapper.incrementFailCount(user.getUserId());
|
||||
int newFail = (user.getFailCount() == null ? 0 : user.getFailCount()) + 1;
|
||||
if (newFail >= failLimit) {
|
||||
userMapper.updateStatus(user.getUserId(), "LOCKED");
|
||||
userMapper.updateStatus(user.getUserId(), UserStatus.LOCKED.name());
|
||||
}
|
||||
saveLoginLog(user.getUserId(), req.getLoginId(), "FAIL", "BAD_PASSWORD", ipAddress, userAgent);
|
||||
throw new BizException(ErrorCode.LOGIN_FAIL);
|
||||
@@ -80,7 +81,7 @@ public class AuthService {
|
||||
}
|
||||
Long userId = claims.get("uid", Long.class);
|
||||
UserVO user = userMapper.selectById(userId);
|
||||
if (user == null || !"ACTIVE".equals(user.getStatus())) {
|
||||
if (user == null || !UserStatus.ACTIVE.name().equals(user.getStatus())) {
|
||||
throw new BizException(ErrorCode.UNAUTHORIZED);
|
||||
}
|
||||
List<String> roles = userMapper.selectRoleCodes(userId);
|
||||
|
||||
Reference in New Issue
Block a user