Merge pull request #32 from Block-Guard/feat/#29/url-fraud-api

chaeyuuu · web-flow · commit a6c0aee2ce96 · 2025-07-29T14:40:30.000+09:00
[Feat] URL 사기분석 API
diff --git a/src/main/java/com/blockguard/server/domain/admin/api/AdminApi.java b/src/main/java/com/blockguard/server/domain/admin/api/AdminApi.java
@@ -0,0 +1,25 @@
+package com.blockguard.server.domain.admin.api;
+
+import com.blockguard.server.global.common.codes.SuccessCode;
+import com.blockguard.server.global.common.response.BaseResponse;
+import com.blockguard.server.infra.importer.FraudUrlImporter;
+import io.swagger.v3.oas.annotations.Operation;
+import lombok.AllArgsConstructor;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@AllArgsConstructor
+@RequestMapping("/api/admin")
+public class AdminApi {
+
+    private final FraudUrlImporter fraudUrlImporter;
+
+    @PostMapping("/update/fraud-url")
+    @Operation(summary = "공공 api 데이터 호출 - 관리자용")
+    public BaseResponse<Void> syncFraudUrls(){
+        fraudUrlImporter.syncFraudUrlsFromOpenApi();
+        return BaseResponse.of(SuccessCode.IMPORT_OPEN_API_SUCCESS);
+    }
+}
diff --git a/src/main/java/com/blockguard/server/domain/analysis/api/FraudAnalysisApi.java b/src/main/java/com/blockguard/server/domain/analysis/api/FraudAnalysisApi.java
@@ -28,17 +28,18 @@ public class FraudAnalysisApi {
 
     @PostMapping(value = "/fraud-analysis", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
     @Operation(summary = "사기 분석")
-    public ResponseEntity<BaseResponse<FraudAnalysisResponse>> analyzeFraud
+    public BaseResponse<FraudAnalysisResponse> analyzeFraud
             (@RequestParam("fraudAnalysisRequest") String jsonStr,
              @RequestParam(value = "imageFiles", required = false) List<MultipartFile> imageFiles
             ) throws JsonProcessingException {
 
+        // TODO: 이미지 파일 개수 픽스 필요
         if (imageFiles != null && imageFiles.size() > 2) {
             throw new BusinessExceptionHandler(ErrorCode.IMAGE_UPLOAD_LIMIT_EXCEEDED);
         }
 
         FraudAnalysisRequest request = objectMapper.readValue(jsonStr, FraudAnalysisRequest.class);
         FraudAnalysisResponse fraudAnalysisResponse = fraudAnalysisService.fraudAnalysis(request, imageFiles);
-        return ResponseEntity.ok(BaseResponse.of(SuccessCode.ANALYZE_FRAUD_SUCCESS, fraudAnalysisResponse));
+        return BaseResponse.of(SuccessCode.ANALYZE_FRAUD_SUCCESS, fraudAnalysisResponse);
     }
 }
diff --git a/src/main/java/com/blockguard/server/domain/analysis/domain/enums/RiskLevel.java b/src/main/java/com/blockguard/server/domain/analysis/domain/enums/RiskLevel.java
@@ -1,14 +1,24 @@
 package com.blockguard.server.domain.analysis.domain.enums;
 
 import lombok.Getter;
-
+import com.fasterxml.jackson.annotation.JsonValue;
+ 
+import lombok.AllArgsConstructor;
+  
+@AllArgsConstructor
 @Getter
 public enum RiskLevel {
     Dangers("위험"),
     Caution("주의"),
     Safety("안전");
 
     private final String name;
+    private final String value;
+  
+    @JsonValue
+    public String getValue(){
+      return value;
+    }
 
     RiskLevel(String name) {
         this.name = name;
@@ -23,5 +33,4 @@ public static RiskLevel fromScore(double score) {
             return Dangers;
         }
     }
-
-}
+  }
diff --git a/src/main/java/com/blockguard/server/domain/fraud/api/FraudApi.java b/src/main/java/com/blockguard/server/domain/fraud/api/FraudApi.java
@@ -0,0 +1,29 @@
+package com.blockguard.server.domain.fraud.api;
+
+import com.blockguard.server.domain.fraud.application.FraudService;
+import com.blockguard.server.domain.fraud.dto.request.FraudUrlRequest;
+import com.blockguard.server.domain.fraud.dto.response.FraudUrlResponse;
+import com.blockguard.server.global.common.codes.SuccessCode;
+import com.blockguard.server.global.common.response.BaseResponse;
+import io.swagger.v3.oas.annotations.Operation;
+import jakarta.validation.Valid;
+import lombok.AllArgsConstructor;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@AllArgsConstructor
+@RequestMapping("/api/fraud")
+public class FraudApi {
+    private final FraudService fraudService;
+
+    @PostMapping("/url")
+    @Operation(summary = "입력된 url 사기 분석")
+    public BaseResponse<FraudUrlResponse> fraudUrl(@Valid @RequestBody FraudUrlRequest fraudUrlRequest){
+        FraudUrlResponse fraudUrlResponse = fraudService.checkFraudUrl(fraudUrlRequest);
+        return BaseResponse.of(SuccessCode.CHECK_URL_FRAUD_SUCCESS, fraudUrlResponse);
+    }
+
+}
diff --git a/src/main/java/com/blockguard/server/domain/fraud/application/FraudService.java b/src/main/java/com/blockguard/server/domain/fraud/application/FraudService.java
@@ -0,0 +1,45 @@
+package com.blockguard.server.domain.fraud.application;
+
+import com.blockguard.server.domain.analysis.domain.enums.RiskLevel;
+import com.blockguard.server.domain.fraud.dao.FraudUrlRepository;
+import com.blockguard.server.domain.fraud.dto.request.FraudUrlRequest;
+import com.blockguard.server.domain.fraud.dto.response.FraudUrlResponse;
+import com.blockguard.server.global.common.codes.ErrorCode;
+import com.blockguard.server.global.exception.BusinessExceptionHandler;
+import com.blockguard.server.infra.google.GoogleSafeBrowsingClient;
+import lombok.AllArgsConstructor;
+import org.springframework.stereotype.Service;
+
+@Service
+@AllArgsConstructor
+public class FraudService {
+    private final FraudUrlRepository fraudUrlRepository;
+    private final GoogleSafeBrowsingClient googleSafeBrowsingService;
+
+    public FraudUrlResponse checkFraudUrl(FraudUrlRequest fraudUrlRequest) {
+        String url = fraudUrlRequest.getUrl();
+
+        if (url == null || url.trim().isEmpty()){
+            throw new BusinessExceptionHandler(ErrorCode.URL_REQUIRED);
+        }
+
+        // 1차: DB 검사
+        if(fraudUrlRepository.existsByUrl(url)){
+            return FraudUrlResponse.builder()
+                    .riskLevel(RiskLevel.Dangers)
+                    .build();
+        }
+
+        // 2차: Google Safe Browsing API 호출
+        boolean isSafe = googleSafeBrowsingService.isUrlSafe(url);
+        if (!isSafe){
+            return FraudUrlResponse.builder()
+                    .riskLevel(RiskLevel.Dangers)
+                    .build();
+        }
+
+        return FraudUrlResponse.builder()
+                .riskLevel(RiskLevel.Safety)
+                .build();
+    }
+}
diff --git a/src/main/java/com/blockguard/server/domain/fraud/dao/FraudUrlRepository.java b/src/main/java/com/blockguard/server/domain/fraud/dao/FraudUrlRepository.java
@@ -0,0 +1,11 @@
+package com.blockguard.server.domain.fraud.dao;
+
+import com.blockguard.server.domain.fraud.domain.FraudUrl;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.Optional;
+
+public interface FraudUrlRepository extends JpaRepository<FraudUrl, Long> {
+    boolean existsByUrl(String url);
+    Optional<FraudUrl> findByUrl(String url);
+}
diff --git a/src/main/java/com/blockguard/server/domain/fraud/domain/FraudUrl.java b/src/main/java/com/blockguard/server/domain/fraud/domain/FraudUrl.java
@@ -4,6 +4,7 @@
 import jakarta.persistence.*;
 import lombok.*;
 
+import java.time.LocalDate;
 import java.time.LocalDateTime;
 
 @Entity
@@ -22,9 +23,8 @@ public class FraudUrl extends BaseEntity {
     @Column(nullable = false, columnDefinition = "TEXT", unique = true)
     private String url;
 
-    // Todo: Open API 제공자 추후 enum type 변경
-    @Column(nullable = false, length = 100)
-    private String provider;
+    @Column(nullable = false)
+    private LocalDate detectedDate;
 
     @Column(name = "last_checked_at", nullable = false)
     private LocalDateTime lastCheckedAt;
diff --git a/src/main/java/com/blockguard/server/domain/fraud/dto/request/FraudUrlRequest.java b/src/main/java/com/blockguard/server/domain/fraud/dto/request/FraudUrlRequest.java
@@ -0,0 +1,12 @@
+package com.blockguard.server.domain.fraud.dto.request;
+
+import jakarta.validation.constraints.NotBlank;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
+public class FraudUrlRequest {
+    @NotBlank
+    private String url;
+}
diff --git a/src/main/java/com/blockguard/server/domain/fraud/dto/response/FraudUrlResponse.java b/src/main/java/com/blockguard/server/domain/fraud/dto/response/FraudUrlResponse.java
@@ -0,0 +1,11 @@
+package com.blockguard.server.domain.fraud.dto.response;
+
+import com.blockguard.server.domain.analysis.domain.enums.RiskLevel;
+import lombok.Builder;
+import lombok.Getter;
+
+@Getter
+@Builder
+public class FraudUrlResponse {
+    private RiskLevel riskLevel;
+}
diff --git a/src/main/java/com/blockguard/server/global/common/codes/ErrorCode.java b/src/main/java/com/blockguard/server/global/common/codes/ErrorCode.java
@@ -27,6 +27,8 @@ public enum ErrorCode {
     DUPLICATE_GUARDIAN_NAME(HttpStatus.BAD_REQUEST, 4024, "이미 등록된 보호자 이름입니다."),
     INVALID_EMAIL_TYPE(HttpStatus.BAD_REQUEST, 4025, "이메일 형식이 올바르지 않습니다."),
     IMAGE_UPLOAD_LIMIT_EXCEEDED(HttpStatus.BAD_REQUEST, 4026, "이미지는 최대 2장까지만 업로드 가능합니다."),
+    FAIL_IMPORT_OPEN_API(HttpStatus.BAD_REQUEST, 4027, "OPEN API 호출에 실패하였습니다."),
+    URL_REQUIRED(HttpStatus.BAD_REQUEST, 4028, "URL은 필수 입력 값입니다."),
 
     // 5000~ : server error
     INTERNAL_SERVER_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, 5000, "서버 오류가 발생했습니다."),
diff --git a/src/main/java/com/blockguard/server/global/common/codes/SuccessCode.java b/src/main/java/com/blockguard/server/global/common/codes/SuccessCode.java
@@ -23,7 +23,10 @@ public enum SuccessCode {
     GUARDIAN_PRIMARY_UPDATED(HttpStatus.OK, 2012, "보호자 정보 수정이 완료되었습니다."),
     GUARDIAN_DELETED(HttpStatus.NO_CONTENT, 2013, "보호자 삭제 처리되었습니다."),
     CHECK_EMAIL_DUPLICATED(HttpStatus.OK, 2014, "이메일 중복 확인이 완료되었습니다."),
-    ANALYZE_FRAUD_SUCCESS(HttpStatus.OK, 2015, "사기 분석이 완료되었습니다."),;
+    ANALYZE_FRAUD_SUCCESS(HttpStatus.OK, 2015, "사기 분석이 완료되었습니다."),
+    CHECK_URL_FRAUD_SUCCESS(HttpStatus.OK, 2016, "URL 사기 조회가 완료되었습니다."),
+    CHECK_PHONE_NUMBER_FRAUD_SUCCESS(HttpStatus.OK, 2017, "전화번호 사기 조회가 완료되었습니다."),
+    IMPORT_OPEN_API_SUCCESS(HttpStatus.OK, 2018, "OPEN API 데이터 호출이 완료되었습니다.");
 
     private final HttpStatus status;
     private final int code;
diff --git a/src/main/java/com/blockguard/server/global/config/SecurityConfig.java b/src/main/java/com/blockguard/server/global/config/SecurityConfig.java
@@ -54,7 +54,7 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
                 .authorizeHttpRequests((registry) ->
                         registry
                                 .requestMatchers("/api/auth/**").permitAll()   // 로그인/회원가입만 허용
-                                .requestMatchers("/api/fraud-analysis").permitAll()
+                                .requestMatchers("/api/admin/update/fraud-url", "/api/fraud/url", "/api/fraud-analysis").permitAll()
                                 .requestMatchers("/actuator/health").permitAll() // 헬스체크 허용
                                 .requestMatchers("/", "/index.html", "/favicon.ico").permitAll()
                                 .requestMatchers("/v3/api-docs/**", "/swagger-ui.html", "/swagger-ui/**", "/swagger-resources/**", "/webjars/**").permitAll()
diff --git a/src/main/java/com/blockguard/server/infra/google/GoogleSafeBrowsingClient.java b/src/main/java/com/blockguard/server/infra/google/GoogleSafeBrowsingClient.java
@@ -0,0 +1,63 @@
+package com.blockguard.server.infra.google;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.*;
+import org.springframework.stereotype.Service;
+import org.springframework.web.client.RestTemplate;
+
+import java.util.List;
+import java.util.Map;
+
+@Service
+@Slf4j
+@RequiredArgsConstructor
+public class GoogleSafeBrowsingClient {
+    private final RestTemplate restTemplate;
+
+    @Value("${google.safe.api-key}")
+    private String apiKey;
+
+    public boolean isUrlSafe(String url){
+        String googleUrl = "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=" + apiKey;
+
+        Map<String, Object> requestBody = Map.of(
+                "client", Map.of(
+                        "clientId", "blockguard-app",
+                        "clientVersion", "1.0"
+                ),
+                "threatInfo", Map.of(
+                        "threatTypes", List.of("MALWARE", "SOCIAL_ENGINEERING", "UNWANTED_SOFTWARE"),
+                        "platformTypes", List.of("ANY_PLATFORM"),
+                        "threatEntryTypes", List.of("URL"),
+                        "threatEntries", List.of(Map.of("url", url))
+                )
+        );
+
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_JSON);
+
+        HttpEntity<Map<String, Object>> entity = new HttpEntity<>(requestBody, headers);
+
+        try {
+            ResponseEntity<Map> response = restTemplate.exchange(
+                    googleUrl,
+                    HttpMethod.POST,
+                    entity,
+                    Map.class
+            );
+
+            Map body = response.getBody();
+            boolean isSafe = (body == null || body.get("matches") == null);
+            log.info("google safe browsing api 호출");
+            log.info("URL 검사 - URL: {}, isSafe: {}", url, isSafe);
+            return isSafe;
+
+        } catch (Exception e) {
+            log.error("Google Safe Browsing API 요청 실패: {}", e.getMessage());
+            return false;
+        }
+
+    }
+}
diff --git a/src/main/java/com/blockguard/server/infra/importer/FraudUrlImporter.java b/src/main/java/com/blockguard/server/infra/importer/FraudUrlImporter.java
@@ -0,0 +1,91 @@
+package com.blockguard.server.infra.importer;
+
+import com.blockguard.server.domain.fraud.dao.FraudUrlRepository;
+import com.blockguard.server.domain.fraud.domain.FraudUrl;
+import com.blockguard.server.global.common.codes.ErrorCode;
+import com.blockguard.server.global.exception.BusinessExceptionHandler;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.client.RestTemplate;
+
+import java.net.URI;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+
+@Service
+@Slf4j
+@RequiredArgsConstructor
+public class FraudUrlImporter {
+    @Value("${open-api.fraud-url.base-url}")
+    private String apiUrl;
+
+    // 2023 version
+    @Value("${open-api.fraud-url.base-url-old}")
+    private String apiUrlOld;
+
+    @Value("${open-api.fraud-url.service-key}")
+    private String serviceKey;
+
+    private final RestTemplate restTemplate;
+    private final FraudUrlRepository fraudUrlRepository;
+
+    @Transactional
+    public void syncFraudUrlsFromOpenApi() {
+        int page = 1;
+        int perPage = 1000;
+        boolean hasNext = true;
+
+        while (hasNext) {
+
+            String encodedKey = URLEncoder.encode(serviceKey, StandardCharsets.UTF_8);
+            String fullUrl = String.format("%s?page=%d&perPage=%d&serviceKey=%s",
+                    apiUrl, page, perPage, encodedKey);
+
+            URI requestUrl = URI.create(fullUrl);
+
+            ResponseEntity<Map> response = restTemplate.getForEntity(requestUrl, Map.class);
+
+            if (response.getStatusCode().is2xxSuccessful()) {
+                Map<String, Object> responseBody = response.getBody();
+                List<Map<String, Object>> data = (List<Map<String, Object>>) responseBody.get("data");
+
+                if (data == null || data.isEmpty()) {
+                    hasNext = false;
+                } else {
+                    for (Map<String, Object> item : data) {
+                        String detectedDateStr = (String) item.get("날짜");
+                        String urlStr = (String) item.get("홈페이지주소");
+
+                        if (urlStr == null || detectedDateStr == null) continue;
+
+                        if (!fraudUrlRepository.existsByUrl(urlStr)) {
+                            LocalDate detectedDate = LocalDate.parse(detectedDateStr);
+                            fraudUrlRepository.save(FraudUrl.builder()
+                                    .url(urlStr)
+                                    .detectedDate(detectedDate)
+                                    .lastCheckedAt(LocalDateTime.now())
+                                    .build());
+                        }
+                    }
+                    page++;
+                }
+
+                log.info("DB 업데이트 완료");
+
+            } else {
+                throw new BusinessExceptionHandler(ErrorCode.FAIL_IMPORT_OPEN_API);
+            }
+        }
+
+    }
+
+
+}

Original file line number	Diff line number	Diff line change
`@@ -28,17 +28,18 @@ public class FraudAnalysisApi {`
`28`	`28`
`29`	`29`	`@PostMapping(value = "/fraud-analysis", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)`
`30`	`30`	`@Operation(summary = "사기 분석")`
`31`		`- public ResponseEntity<BaseResponse<FraudAnalysisResponse>> analyzeFraud`
	`31`	`+ public BaseResponse<FraudAnalysisResponse> analyzeFraud`
`32`	`32`	`(@RequestParam("fraudAnalysisRequest") String jsonStr,`
`33`	`33`	`@RequestParam(value = "imageFiles", required = false) List<MultipartFile> imageFiles`
`34`	`34`	`) throws JsonProcessingException {`
`35`	`35`
	`36`	`+ // TODO: 이미지 파일 개수 픽스 필요`
`36`	`37`	`if (imageFiles != null && imageFiles.size() > 2) {`
`37`	`38`	`throw new BusinessExceptionHandler(ErrorCode.IMAGE_UPLOAD_LIMIT_EXCEEDED);`
`38`	`39`	`}`
`39`	`40`
`40`	`41`	`FraudAnalysisRequest request = objectMapper.readValue(jsonStr, FraudAnalysisRequest.class);`
`41`	`42`	`FraudAnalysisResponse fraudAnalysisResponse = fraudAnalysisService.fraudAnalysis(request, imageFiles);`
`42`		`- return ResponseEntity.ok(BaseResponse.of(SuccessCode.ANALYZE_FRAUD_SUCCESS, fraudAnalysisResponse));`
	`43`	`+ return BaseResponse.of(SuccessCode.ANALYZE_FRAUD_SUCCESS, fraudAnalysisResponse);`
`43`	`44`	`}`
`44`	`45`	`}`