Test for deploying to Production Server

.github/PULL_REQUEST_TEMPLATE.md

@@ -9,7 +9,7 @@
 - [ ] sre: 시스템 관리 및 IT 인프라 자동화 작업
 
 ### 🪾 반영 브랜치
-<!-- 예) feat/login -> main -->
+<!-- 예) feat/login -> dev -->
 
 ### ✨ 변경 사항
 <!-- 예) 로그인 시, 구글 소셜 로그인 기능을 추가했습니다.-->

.github/workflows/deployment-to-dev.yml → .github/workflows/deploy-to-dev.yml

@@ -1,8 +1,8 @@
-name: Deployment to Development Server
+name: Deploy to Development Server
 
 on:
   push:
-    branches: [develop]
+    branches: [dev]
 
 env:
   AWS_IAM_ROLE_TO_ASSUME: ${{ secrets.DEV_AWS_IAM_ROLE_TO_ASSUME }}
@@ -168,7 +168,7 @@ jobs:
               {
                 "author": { "name": "${{ github.actor }}" },
                 "title": "Deployment Succeeded",
-                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
+                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: [View on GitHub](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})",
                 "color": 10478271,
                 "fields": [
                   { "name": "Service", "value": "`${{ steps.extract-name.outputs.service_name }}`", "inline": true },
@@ -189,7 +189,7 @@ jobs:
               {
                 "author": { "name": "${{ github.actor }}" },
                 "title": "Deployment Failed",
-                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n**Action**: App Runner will automatically attempt to roll back to the last known good configuration.",
+                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: [View on GitHub](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})\n\n**Action**: App Runner will automatically attempt to roll back to the last known good configuration.",
                 "color": 13458524,
                 "fields": [
                   { "name": "Service", "value": "`${{ steps.extract-name.outputs.service_name }}`", "inline": true },

.github/workflows/deployment-to-prod.yml → .github/workflows/deploy-to-prod.yml

@@ -1,4 +1,4 @@
-name: Deployment to Production Server
+name: Deploy to Production Server
 
 on:
   push:
@@ -145,7 +145,7 @@ jobs:
               {
                 "author": { "name": "${{ github.actor }}" },
                 "title": "Deployment Succeeded",
-                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
+                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: [View on GitHub](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})",
                 "color": 10478271,
                 "fields": [
                   { "name": "Cluster", "value": "`${{ env.ECS_CLUSTER }}`", "inline": true },
@@ -188,7 +188,7 @@ jobs:
               {
                 "author": { "name": "${{ github.actor }}" },
                 "title": "Deployment Failed",
-                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n**Action**: Attempted to roll back to the previous stable task definition.",
+                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: [View on GitHub](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})\n\n**Action**: Attempted to roll back to the previous stable task definition.",
                 "color": 13458524,
                 "fields": [
                   { "name": "Service", "value": "`${{ env.ECS_SERVICE }}`", "inline": true },

.github/workflows/deployemnt-to-stg.yml → .github/workflows/deploy-to-stg.yml

@@ -1,4 +1,4 @@
-name: Deployment to Staging Server
+name: Deploy to Staging Server
 
 on:
   push:
@@ -145,7 +145,7 @@ jobs:
               {
                 "author": { "name": "${{ github.actor }}" },
                 "title": "Deployment Succeeded",
-                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
+                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: [View on GitHub](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})",
                 "color": 10478271,
                 "fields": [
                   { "name": "Cluster", "value": "`${{ env.ECS_CLUSTER }}`", "inline": true },
@@ -188,7 +188,7 @@ jobs:
               {
                 "author": { "name": "${{ github.actor }}" },
                 "title": "Deployment Failed",
-                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n**Action**: Attempted to roll back to the previous stable task definition.",
+                "description": "Branch: `${{ github.ref_name }}`\nWorkflow: [View on GitHub](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})\n\n**Action**: Attempted to roll back to the previous stable task definition.",
                 "color": 13458524,
                 "fields": [
                   { "name": "Service", "value": "`${{ env.ECS_SERVICE }}`", "inline": true },

.github/workflows/notify-assigned-issue.yml

@@ -25,7 +25,7 @@ jobs:
               {
                 "title": "${{ github.event.issue.title }}",
                 "color": 10478271,
-                "description": "${{ github.event.issue.html_url }}",
+                "description": "[View on GitHub](${{ github.event.issue.html_url }})",
                 "fields": [
                   {
                     "name": "Issue Number",

.github/workflows/notify-on-comment.yml

@@ -0,0 +1,67 @@
+name: Notify on Comment
+
+on:
+  issue_comment:
+    types: [created]
+
+env:
+  DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
+
+permissions:
+  contents: read
+
+jobs:
+  notify-on-comment:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send PR Comment Notification
+        if: github.event.issue.pull_request
+        uses: Ilshidur/action-discord@0.3.2
+        with:
+          args: "A new comment has been added to the pull request 💬"
+        env:
+          DISCORD_WEBHOOK: ${{ env.DISCORD_WEBHOOK }}
+          DISCORD_EMBEDS: |
+            [
+              {
+                "author": {
+                  "name": "${{ github.event.comment.user.login }}"
+                },
+                "title": "Comment on PR #${{ github.event.issue.number }}: ${{ github.event.issue.title }}",
+                "color": 10478271,
+                "description": "${{ github.event.comment.body }}\n\n[View Comment](${{ github.event.comment.html_url }})",
+                "fields": [
+                  {
+                    "name": "Pull Request",
+                    "value": "[Link](${{ github.event.issue.html_url }})",
+                    "inline": true
+                  }
+                ]
+              }
+            ]
+
+      - name: Send Issue Comment Notification
+        if: ${{ !github.event.issue.pull_request }}
+        uses: Ilshidur/action-discord@0.3.2
+        with:
+          args: "A new comment has been added to the issue 💬"
+        env:
+          DISCORD_WEBHOOK: ${{ env.DISCORD_WEBHOOK }}
+          DISCORD_EMBEDS: |
+            [
+              {
+                "author": {
+                  "name": "${{ github.event.comment.user.login }}"
+                },
+                "title": "Comment on Issue #${{ github.event.issue.number }}: ${{ github.event.issue.title }}",
+                "color": 10478271,
+                "description": "${{ github.event.comment.body }}\n\n[View Comment](${{ github.event.comment.html_url }})",
+                "fields": [
+                  {
+                    "name": "Issue",
+                    "value": "[Link](${{ github.event.issue.html_url }})",
+                    "inline": true
+                  }
+                ]
+              }
+            ]

.github/workflows/validate-pr.yml

@@ -27,7 +27,8 @@ jobs:
           --health-retries 5
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
 
@@ -71,7 +72,7 @@ jobs:
                 },
                 "title": "#${{ github.event.pull_request.number }}: ${{ github.event.pull_request.title }}",
                 "color": 10478271,
-                "description": "${{ github.event.pull_request.html_url }}",
+                "description": "[View on GitHub](${{ github.event.pull_request.html_url }})",
                 "fields": [
                   {
                     "name": "Base Branch",
@@ -102,7 +103,7 @@ jobs:
                 },
                 "title": "#${{ github.event.pull_request.number }}: ${{ github.event.pull_request.title }}",
                 "color": 13458524,
-                "description": "${{ github.event.pull_request.html_url }}",
+                "description": "[View on GitHub](${{ github.event.pull_request.html_url }})",
                 "fields": [
                   {
                     "name": "Base Branch",

build.gradle

@@ -54,6 +54,7 @@ repositories {
 
 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-security'
+	testImplementation 'org.springframework.security:spring-security-test'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.springframework.boot:spring-boot-starter-log4j2'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
@@ -137,7 +138,8 @@ jacocoTestCoverageVerification {
 		classDirectories.setFrom(files(classDirectories.files.collect {
 			fileTree(dir: it, excludes: [
 							'**/*Application.class',
-							'**/config/*Config.class'
+							'**/config/*Config.class',
+							'**/GlobalExceptionHandler.class'
 					])
 		}))
 	}

checkstyle/naver-checkstyle-rules.xml

@@ -426,7 +426,7 @@ The following rules in the Naver coding convention cannot be checked by this con
 
 	<!--- Exclude module-info.java -->
 	<module name="BeforeExecutionExclusionFileFilter">
-		<property name="fileNamePattern" value="module\-info\.java$"/>
-	</module>
+        <property name="fileNamePattern" value="module\-info\.java$|.*ApiDocs\.java$"/>
+    </module>
 
 </module>

src/main/java/com/und/server/ServerApplication.java

@@ -4,9 +4,11 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
 import org.springframework.cloud.openfeign.EnableFeignClients;
+import org.springframework.scheduling.annotation.EnableScheduling;
 
 @SpringBootApplication
 @EnableFeignClients
+@EnableScheduling
 @ConfigurationPropertiesScan
 public class ServerApplication {
 

src/main/java/com/und/server/config/ObservabilityUserConfig.java → src/main/java/com/und/server/auth/config/ObservabilityUserConfig.java

@@ -1,4 +1,4 @@
-package com.und.server.config;
+package com.und.server.auth.config;
 
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
@@ -10,14 +10,19 @@
 @Configuration
 public class ObservabilityUserConfig {
 
-	@Value("${observability.prometheus.username}")
-	private String prometheusUsername;
+	private final String prometheusUsername;
+	private final String prometheusPassword;
 
-	@Value("${observability.prometheus.password}")
-	private String prometheusPassword;
+	public ObservabilityUserConfig(
+		@Value("${observability.prometheus.username}") final String prometheusUsername,
+		@Value("${observability.prometheus.password}") final String prometheusPassword
+	) {
+		this.prometheusUsername = prometheusUsername;
+		this.prometheusPassword = prometheusPassword;
+	}
 
 	@Bean
-	public InMemoryUserDetailsManager prometheusUserDetails(PasswordEncoder passwordEncoder) {
+	public InMemoryUserDetailsManager prometheusUserDetails(final PasswordEncoder passwordEncoder) {
 		return new InMemoryUserDetailsManager(User.builder()
 			.username(prometheusUsername)
 			.password(passwordEncoder.encode(prometheusPassword))

src/main/java/com/und/server/config/SecurityConfig.java → src/main/java/com/und/server/auth/config/SecurityConfig.java

@@ -1,4 +1,4 @@
-package com.und.server.config;
+package com.und.server.auth.config;
 
 import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
 import org.springframework.context.annotation.Bean;
@@ -15,8 +15,9 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
-import com.und.server.security.CustomAuthenticationEntryPoint;
-import com.und.server.security.JwtAuthenticationFilter;
+import com.und.server.auth.filter.CustomAuthenticationEntryPoint;
+import com.und.server.auth.filter.JwtAuthenticationFilter;
+import com.und.server.common.util.ProfileManager;
 
 import lombok.RequiredArgsConstructor;
 
@@ -27,6 +28,7 @@ public class SecurityConfig {
 
 	private final JwtAuthenticationFilter jwtAuthenticationFilter;
 	private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
+	private final ProfileManager profileManager;
 
 	@Bean
 	public PasswordEncoder passwordEncoder() {
@@ -35,7 +37,7 @@ public PasswordEncoder passwordEncoder() {
 
 	@Bean
 	@Order(1)
-	public SecurityFilterChain actuatorSecurityFilterChain(HttpSecurity http) throws Exception {
+	public SecurityFilterChain actuatorSecurityFilterChain(final HttpSecurity http) throws Exception {
 		return http
 			.securityMatcher(EndpointRequest.toAnyEndpoint())
 			.authorizeHttpRequests(authorize -> authorize
@@ -51,21 +53,27 @@ public SecurityFilterChain actuatorSecurityFilterChain(HttpSecurity http) throws
 
 	@Bean
 	@Order(2)
-	public SecurityFilterChain apiSecurityFilterChain(HttpSecurity http) throws Exception {
+	public SecurityFilterChain apiSecurityFilterChain(final HttpSecurity http) throws Exception {
 		return http
+			.authorizeHttpRequests(authorize -> {
+				authorize
+					.requestMatchers(HttpMethod.POST, "/v*/auth/**").permitAll()
+					.requestMatchers("/error").permitAll();
+
+				if (!profileManager.isProdOrStgProfile()) {
+					authorize
+						.requestMatchers(HttpMethod.POST, "/v*/test/access").permitAll()
+						.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll();
+				}
+
+				authorize.anyRequest().authenticated();
+			})
+			.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
+			.exceptionHandling(handler -> handler.authenticationEntryPoint(customAuthenticationEntryPoint))
+			.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
 			.csrf(AbstractHttpConfigurer::disable)
 			.formLogin(AbstractHttpConfigurer::disable)
 			.httpBasic(AbstractHttpConfigurer::disable)
-			.sessionManagement(sessionManagement -> sessionManagement
-				.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-			.authorizeHttpRequests(authorize -> authorize
-				// FIXME: Remove "/v*/test/access" when deleting TestController
-				.requestMatchers(HttpMethod.POST, "/v*/auth/**", "/v*/test/access").permitAll()
-				.requestMatchers("/error").permitAll()
-				.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
-				.anyRequest().authenticated())
-			.exceptionHandling(handler -> handler.authenticationEntryPoint(customAuthenticationEntryPoint))
-			.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
 			.build();
 	}
 

src/main/java/com/und/server/auth/controller/AuthController.java

@@ -0,0 +1,63 @@
+package com.und.server.auth.controller;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.und.server.auth.dto.request.AuthRequest;
+import com.und.server.auth.dto.request.NonceRequest;
+import com.und.server.auth.dto.request.RefreshTokenRequest;
+import com.und.server.auth.dto.response.AuthResponse;
+import com.und.server.auth.dto.response.NonceResponse;
+import com.und.server.auth.filter.AuthMember;
+import com.und.server.auth.service.AuthService;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/v1/auth")
+public class AuthController {
+
+	private final AuthService authService;
+
+	@PostMapping("/nonce")
+	@ApiResponse(responseCode = "201", description = "Nonce created")
+	public ResponseEntity<NonceResponse> generateNonce(@RequestBody @Valid final NonceRequest nonceRequest) {
+		final NonceResponse nonceResponse = authService.generateNonce(nonceRequest);
+
+		return ResponseEntity.status(HttpStatus.CREATED).body(nonceResponse);
+	}
+
+	@PostMapping("/login")
+	public ResponseEntity<AuthResponse> login(@RequestBody @Valid final AuthRequest authRequest) {
+		final AuthResponse authResponse = authService.login(authRequest);
+
+		return ResponseEntity.status(HttpStatus.OK).body(authResponse);
+	}
+
+	@PostMapping("/tokens")
+	@ApiResponse(responseCode = "201", description = "Tokens reissued")
+	public ResponseEntity<AuthResponse> reissueTokens(
+		@RequestBody @Valid final RefreshTokenRequest refreshTokenRequest
+	) {
+		final AuthResponse authResponse = authService.reissueTokens(refreshTokenRequest);
+
+		return ResponseEntity.status(HttpStatus.CREATED).body(authResponse);
+	}
+
+	@DeleteMapping("/logout")
+	@ApiResponse(responseCode = "204", description = "Logout successful")
+	public ResponseEntity<Void> logout(@Parameter(hidden = true) @AuthMember final Long memberId) {
+		authService.logout(memberId);
+		return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
+	}
+
+}