Skip to content

[REFACTOR] 보안 취약점 리팩토링 #212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
catomat0 merged 6 commits into from
Apr 8, 2026
Merged

[REFACTOR] 보안 취약점 리팩토링 #212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a211edf
feat: email 로그 마스킹
Apr 8, 2026
7cfa81f
fix: logout 인증 접근 수정 (기존 : 미로그인이어도 접근 가능)
Apr 8, 2026
a444f5a
fix: 필터 내부 예외 처리 추가
Apr 8, 2026
fffa4a6
chore: 배포단계 - 스웨거 접근제한
Apr 8, 2026
b4fbdd1
Merge remote-tracking branch 'origin/develop' into refactor/#208-auth…
Apr 8, 2026
50e8b2e
fix: 마스킹 로그 누락 부분 해결
Apr 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 13 additions & 3 deletions src/main/java/com/deare/backend/api/auth/service/AuthService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ public OAuthCallbackResult handleOAuthCallback(String provider, String code) {
);

log.info("신규 회원 - Signup Token 발급 및 Redis 저장 - Provider: {}, ProviderId: {}, Email: {}",
provider, oauthInfo.providerUserId(), oauthInfo.email());
provider, oauthInfo.providerUserId(), maskEmail(oauthInfo.email()));

return new OAuthCallbackResult(
false,
Expand All @@ -120,7 +120,7 @@ private OAuthCallbackResult issueJwtAndReturn(User user, String logMessage) {

jwtService.saveRefreshToken(user.getId(), refreshToken);

log.info("{} - User ID: {}, Email: {}", logMessage, user.getId(), user.getEmail());
log.info("{} - User ID: {}, Email: {}", logMessage, user.getId(), maskEmail(user.getEmail()));

return new OAuthCallbackResult(
true,
Expand Down Expand Up @@ -235,7 +235,7 @@ public SignupResult signup(String signupToken, SignupRequestDTO request) {
userRepository.save(newUser);

log.info("회원가입 완료 - User ID: {}, Provider: {}, Email: {}",
newUser.getId(), provider, email);
newUser.getId(), provider, maskEmail(email));

// 약관 동의 처리
userTermService.createUserTerms(newUser, request.termIds());
Expand All @@ -261,4 +261,14 @@ public void logout(Long userId) {
jwtService.deleteRefreshToken(userId);
log.info("로그아웃 - User ID: {}", userId);
}

private String maskEmail(String email) {
if (email == null || !email.contains("@")) return "***";
String[] parts = email.split("@");
String local = parts[0];
String masked = local.length() <= 2
? "***"
: local.substring(0, 2) + "***";
return masked + "@" + parts[1];
}
}
7 changes: 4 additions & 3 deletions src/main/java/com/deare/backend/global/config/SecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,15 +44,16 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
authorizeHttpRequests(auth -> auth

.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers("/api/v1/auth/logout").authenticated()
.requestMatchers(

// 헬스체크
"/actuator/health",
"/actuator/health/**",

// 스웨거
"/swagger-ui/**",
"/v3/api-docs/**",
// 스웨거 (비활성화)
// "/swagger-ui/**",
// "/v3/api-docs/**",

// 테스트 API
"/api/v1/test/**",
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/deare/backend/global/config/SwaggerConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
// @Configuration
public class SwaggerConfig {

@Bean
Expand Down
Loading