Files
ga-commission-system/ga-api/src/main/java/com/ga/api/auth/AuthController.java
T
GA Pro af3c6b9d51 refactor(api): Map→SaveReq DTO 교체 + 입력 검증 + 잔여 Enum 적용 (리뷰 3b)
infra-reviewer가 지적한 입력 검증 누락 5건과 잔여 매직 스트링 정리.

Map<String,String> 입력 제거 — 신규 DTO 4종:
- auth/ChangePasswordReq (@NotBlank oldPassword/newPassword)
- auth/RefreshTokenReq (@NotBlank refreshToken)
- controller/settle/PaymentStatusUpdateReq (@NotBlank status)
- controller/receive/ResolveErrorReq (@NotBlank status, optional note)

검증 보강:
- PaymentController.generateTransferFile — settleMonth @Pattern("\d{6}")
- UploadController.preview — limit @Max(100)

잔여 매직 스트링 → 3a Enum 적용:
- AuthService 4곳 — UserStatus.LOCKED/RETIRED/ACTIVE
- UserService 2곳 — UserStatus.ACTIVE
- LedgerService:71 — ExceptionLedgerStatus.NEW
2026-05-12 23:28:41 +09:00

52 lines
1.6 KiB
Java

package com.ga.api.auth;
import com.ga.common.model.ApiResponse;
import com.ga.core.vo.user.UserResp;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.validation.Valid;
import lombok.RequiredArgsConstructor;
import org.springframework.web.bind.annotation.*;
@Tag(name = "인증")
@RestController
@RequestMapping("/api/auth")
@RequiredArgsConstructor
public class AuthController {
private final AuthService authService;
@PostMapping("/login")
public ApiResponse<LoginResp> login(@Valid @RequestBody LoginReq req, HttpServletRequest http) {
return ApiResponse.ok(authService.login(req, ipOf(http), http.getHeader("User-Agent")));
}
@PostMapping("/refresh")
public ApiResponse<LoginResp> refresh(@Valid @RequestBody RefreshTokenReq req) {
return ApiResponse.ok(authService.refresh(req.getRefreshToken()));
}
@GetMapping("/me")
public ApiResponse<UserResp> me() {
return ApiResponse.ok(authService.me());
}
@PostMapping("/password")
public ApiResponse<Void> changePassword(@Valid @RequestBody ChangePasswordReq req) {
authService.changePassword(req.getOldPassword(), req.getNewPassword());
return ApiResponse.ok();
}
@PostMapping("/logout")
public ApiResponse<Void> logout() {
authService.logout();
return ApiResponse.ok();
}
private String ipOf(HttpServletRequest req) {
String xf = req.getHeader("X-Forwarded-For");
if (xf != null && !xf.isBlank()) return xf.split(",")[0].trim();
return req.getRemoteAddr();
}
}