af3c6b9d51
infra-reviewer가 지적한 입력 검증 누락 5건과 잔여 매직 스트링 정리.
Map<String,String> 입력 제거 — 신규 DTO 4종:
- auth/ChangePasswordReq (@NotBlank oldPassword/newPassword)
- auth/RefreshTokenReq (@NotBlank refreshToken)
- controller/settle/PaymentStatusUpdateReq (@NotBlank status)
- controller/receive/ResolveErrorReq (@NotBlank status, optional note)
검증 보강:
- PaymentController.generateTransferFile — settleMonth @Pattern("\d{6}")
- UploadController.preview — limit @Max(100)
잔여 매직 스트링 → 3a Enum 적용:
- AuthService 4곳 — UserStatus.LOCKED/RETIRED/ACTIVE
- UserService 2곳 — UserStatus.ACTIVE
- LedgerService:71 — ExceptionLedgerStatus.NEW
52 lines
1.6 KiB
Java
52 lines
1.6 KiB
Java
package com.ga.api.auth;
|
|
|
|
import com.ga.common.model.ApiResponse;
|
|
import com.ga.core.vo.user.UserResp;
|
|
import io.swagger.v3.oas.annotations.tags.Tag;
|
|
import jakarta.servlet.http.HttpServletRequest;
|
|
import jakarta.validation.Valid;
|
|
import lombok.RequiredArgsConstructor;
|
|
import org.springframework.web.bind.annotation.*;
|
|
|
|
@Tag(name = "인증")
|
|
@RestController
|
|
@RequestMapping("/api/auth")
|
|
@RequiredArgsConstructor
|
|
public class AuthController {
|
|
|
|
private final AuthService authService;
|
|
|
|
@PostMapping("/login")
|
|
public ApiResponse<LoginResp> login(@Valid @RequestBody LoginReq req, HttpServletRequest http) {
|
|
return ApiResponse.ok(authService.login(req, ipOf(http), http.getHeader("User-Agent")));
|
|
}
|
|
|
|
@PostMapping("/refresh")
|
|
public ApiResponse<LoginResp> refresh(@Valid @RequestBody RefreshTokenReq req) {
|
|
return ApiResponse.ok(authService.refresh(req.getRefreshToken()));
|
|
}
|
|
|
|
@GetMapping("/me")
|
|
public ApiResponse<UserResp> me() {
|
|
return ApiResponse.ok(authService.me());
|
|
}
|
|
|
|
@PostMapping("/password")
|
|
public ApiResponse<Void> changePassword(@Valid @RequestBody ChangePasswordReq req) {
|
|
authService.changePassword(req.getOldPassword(), req.getNewPassword());
|
|
return ApiResponse.ok();
|
|
}
|
|
|
|
@PostMapping("/logout")
|
|
public ApiResponse<Void> logout() {
|
|
authService.logout();
|
|
return ApiResponse.ok();
|
|
}
|
|
|
|
private String ipOf(HttpServletRequest req) {
|
|
String xf = req.getHeader("X-Forwarded-For");
|
|
if (xf != null && !xf.isBlank()) return xf.split(",")[0].trim();
|
|
return req.getRemoteAddr();
|
|
}
|
|
}
|