Merge pull request #93 from codeit-monew/feature/#86

[feat] 부하테스트 진행

Author: Namsoo315

monew/docker-compose.yml

@@ -18,6 +18,14 @@ services:
       test: ["CMD-SHELL", "pg_isready -U postgres"]
       interval: 5s
       retries: 5
+    deploy:
+      resources:
+        limits:
+          cpus: "4.0"
+          memory: 2g
+        reservations:
+          cpus: "2.0"
+          memory: 1g
 
   redis:
     image: redis:7
@@ -26,6 +34,11 @@ services:
       - "6379:6379"
     networks:
       - monew-net
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 512m
 
   mongo:
     image: mongo:6
@@ -36,6 +49,11 @@ services:
       - "27017:27017"
     networks:
       - monew-net
+    deploy:
+      resources:
+        limits:
+          cpus: "2.0"
+          memory: 1g
 
   app:
     build:
@@ -58,6 +76,8 @@ services:
       SPRING_DATA_REDIS_HOST: redis
       BATCH_TRIGGER_ENABLED: true
       SPRING_BATCH_JDBC_INITIALIZE_SCHEMA: always
+      NAVER_CLIENT_ID: ${NAVER_CLIENT_ID}
+      NAVER_CLIENT_SECRET: ${NAVER_CLIENT_SECRET}
     healthcheck:
       test: ["CMD-SHELL", "curl -f http://localhost:8080/actuator/health || exit 1"]
       interval: 10s

monew/src/main/java/com/spring/monew/auth/config/SecurityConfig.java

@@ -1,6 +1,7 @@
 package com.spring.monew.auth.config;
 
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -14,6 +15,7 @@
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import com.spring.monew.common.filter.RequestIdFilter;
 
+@Slf4j
 @RequiredArgsConstructor
 @Configuration
 @EnableWebSecurity
@@ -22,20 +24,26 @@ public class SecurityConfig {
   private final HeaderAuthFilter headerAuthFilter;
   private final RequestIdFilter requestIdFilter;
 
-  @Value("${monitoring.prometheus.allow-ip}")
-  private String prometheusAllowIp; // yml 속성 주입 (기본값은 localhost)
+  @Value("${monitoring.prometheus.allow-ip:127.0.0.1}")
+  private String prometheusAllowIp;
 
   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     http
-        .csrf(AbstractHttpConfigurer::disable) // CSRF 보안 비활성화 (개발용)
-
+        .csrf(AbstractHttpConfigurer::disable)
         .authorizeHttpRequests(authorize -> authorize
             .requestMatchers("/actuator/prometheus")
             .access((authentication, context) -> {
               String remoteAddr = context.getRequest().getRemoteAddr();
-              boolean equals = remoteAddr.equals(prometheusAllowIp);// Prometheus IP
-              return new AuthorizationDecision(equals);
+              boolean allowed =
+                  remoteAddr.equals("127.0.0.1") ||
+                      remoteAddr.equals("0:0:0:0:0:0:0:1") || // IPv6 localhost
+                      remoteAddr.equals("localhost") ||
+                      remoteAddr.startsWith("172.") || // Docker 내부 네트워크
+                      remoteAddr.startsWith("192.168.") ||
+                      remoteAddr.equals(prometheusAllowIp);
+
+              return new AuthorizationDecision(allowed);
             })
             .requestMatchers("/actuator/health", "/actuator/info",
                 "/actuator/loggers").permitAll() //Actuator 허용 (원래는 이렇게 하면 안됨)
@@ -52,7 +60,6 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     return http.build();
   }
 
-
   @Bean
   public PasswordEncoder passwordEncoder() {
     return new BCryptPasswordEncoder();

monew/src/main/resources/schema.sql

@@ -98,7 +98,7 @@ CREATE TABLE articles
     id            UUID PRIMARY KEY,
     interest_id   UUID             NOT NULL,
     source        VARCHAR(20)      NOT NULL CHECK (source IN ('NAVER', 'HANKYUNG', 'CHOSUN', 'YEONHAP')),
-    source_url    VARCHAR(255)     NOT NULL UNIQUE,
+    source_url    VARCHAR(500)     NOT NULL UNIQUE,
     title         VARCHAR(255)     NOT NULL,
     publish_date  TIMESTAMP WITH TIME ZONE      NOT NULL,
     summary       TEXT             NOT NULL,
@@ -286,3 +286,12 @@ CREATE INDEX IF NOT EXISTS idx_notif_user_confirm_created_desc
 -- 정리 배치(삭제): WHERE confirmed=true AND updated_at < :threshold
 CREATE INDEX IF NOT EXISTS idx_notif_confirmed_updated
     ON notifications (confirmed, updated_at);
+
+-- comments Indexing
+-- (1) createdAt 기반 정렬
+CREATE INDEX IF NOT EXISTS idx_comment_article_created
+    ON comments (article_id, is_deleted, created_at DESC, id);
+
+-- (2) likeCount 정렬 대비
+CREATE INDEX IF NOT EXISTS idx_comment_article_like
+    ON comments (article_id, is_deleted, like_count DESC, created_at DESC, id);