fix: 게임 업데이트 감지를 game.zip 전체 해시로 변경

A301.exe만 해시하면 Mono 빌드에서 exe가 변경되지 않아
Data 폴더의 스크립트/에셋 변경을 감지하지 못하는 문제 수정.
hashGameExeFromZip → hashFileToHex(game.zip 전체)로 변경.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

internal/announcement/handler.go

@@ -66,10 +66,10 @@ func (h *Handler) Create(c *fiber.Ctx) error {
 	if err := c.BodyParser(&body); err != nil || body.Title == "" || body.Content == "" {
 		return apperror.BadRequest("제목과 내용을 입력해주세요")
 	}
-	if len(body.Title) > 256 {
+	if len([]rune(body.Title)) > 256 {
 		return apperror.BadRequest("제목은 256자 이하여야 합니다")
 	}
-	if len(body.Content) > 10000 {
+	if len([]rune(body.Content)) > 10000 {
 		return apperror.BadRequest("내용은 10000자 이하여야 합니다")
 	}
 	a, err := h.svc.Create(body.Title, body.Content)
@@ -110,10 +110,10 @@ func (h *Handler) Update(c *fiber.Ctx) error {
 	if body.Title == "" && body.Content == "" {
 		return apperror.BadRequest("수정할 내용을 입력해주세요")
 	}
-	if len(body.Title) > 256 {
+	if len([]rune(body.Title)) > 256 {
 		return apperror.BadRequest("제목은 256자 이하여야 합니다")
 	}
-	if len(body.Content) > 10000 {
+	if len([]rune(body.Content)) > 10000 {
 		return apperror.BadRequest("내용은 10000자 이하여야 합니다")
 	}
 	a, err := h.svc.Update(uint(id), body.Title, body.Content)

internal/auth/handler.go

@@ -1,6 +1,7 @@
 package auth
 
 import (
+	"errors"
 	"log"
 	"regexp"
 	"strconv"
@@ -56,8 +57,8 @@ func (h *Handler) Register(c *fiber.Ctx) error {
 		return apperror.BadRequest("비밀번호는 72자 이하여야 합니다")
 	}
 	if err := h.svc.Register(req.Username, req.Password); err != nil {
-		if strings.Contains(err.Error(), "이미 사용 중") {
-			return apperror.Conflict(err.Error())
+		if errors.Is(err, apperror.ErrDuplicateUsername) {
+			return apperror.Conflict("이미 사용 중인 아이디입니다")
 		}
 		return apperror.Internal("회원가입에 실패했습니다")
 	}
@@ -110,9 +111,10 @@ func (h *Handler) Login(c *fiber.Ctx) error {
 		MaxAge:   7 * 24 * 60 * 60, // 7 days
 	})
 	return c.JSON(fiber.Map{
-		"token":    accessToken,
-		"username": user.Username,
-		"role":     user.Role,
+		"token":        accessToken,
+		"refreshToken": refreshToken,
+		"username":     user.Username,
+		"role":         user.Role,
 	})
 }
 
@@ -158,7 +160,8 @@ func (h *Handler) Refresh(c *fiber.Ctx) error {
 		MaxAge:   7 * 24 * 60 * 60, // 7 days
 	})
 	return c.JSON(fiber.Map{
-		"token": newAccessToken,
+		"token":        newAccessToken,
+		"refreshToken": newRefreshToken,
 	})
 }
 
@@ -249,6 +252,11 @@ func (h *Handler) UpdateRole(c *fiber.Ctx) error {
 		return apperror.BadRequest("role은 admin 또는 user여야 합니다")
 	}
 	uid := uint(id)
+	// 자기 자신의 admin 권한 강등 방지
+	callerID, _ := c.Locals("userID").(uint)
+	if uid == callerID && body.Role != "admin" {
+		return apperror.BadRequest("자신의 관리자 권한을 제거할 수 없습니다")
+	}
 	if err := h.svc.UpdateRole(uid, Role(body.Role)); err != nil {
 		return apperror.Internal("권한 변경에 실패했습니다")
 	}
@@ -342,9 +350,10 @@ func (h *Handler) SSAFYCallback(c *fiber.Ctx) error {
 		MaxAge:   7 * 24 * 60 * 60, // 7 days
 	})
 	return c.JSON(fiber.Map{
-		"token":    accessToken,
-		"username": user.Username,
-		"role":     user.Role,
+		"token":        accessToken,
+		"refreshToken": refreshToken,
+		"username":     user.Username,
+		"role":         user.Role,
 	})
 }
 

internal/auth/service.go

@@ -15,6 +15,7 @@ import (
 
 	"gorm.io/gorm"
 
+	"a301_server/pkg/apperror"
 	"a301_server/pkg/config"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/redis/go-redis/v9"
@@ -263,9 +264,6 @@ func (s *Service) RedeemLaunchTicket(ticket string) (string, error) {
 }
 
 func (s *Service) Register(username, password string) error {
-	if _, err := s.repo.FindByUsername(username); err == nil {
-		return fmt.Errorf("이미 사용 중인 아이디입니다")
-	}
 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
 		return fmt.Errorf("비밀번호 처리에 실패했습니다")
@@ -274,6 +272,9 @@ func (s *Service) Register(username, password string) error {
 	return s.repo.Transaction(func(txRepo *Repository) error {
 		user := &User{Username: username, PasswordHash: string(hash), Role: RoleUser}
 		if err := txRepo.Create(user); err != nil {
+			if apperror.IsDuplicateEntry(err) {
+				return apperror.ErrDuplicateUsername
+			}
 			return err
 		}
 		if s.walletCreator != nil {
@@ -535,6 +536,18 @@ func sanitizeForUsername(s string) string {
 // If these fail, the admin user exists without a wallet/profile.
 // This is acceptable because EnsureAdmin runs once at startup and failures
 // are logged as warnings. A restart will skip user creation (already exists).
+// VerifyPassword checks if the password matches the user's stored hash.
+func (s *Service) VerifyPassword(userID uint, password string) error {
+	user, err := s.repo.FindByID(userID)
+	if err != nil {
+		return fmt.Errorf("user not found")
+	}
+	if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil {
+		return fmt.Errorf("invalid password")
+	}
+	return nil
+}
+
 func (s *Service) EnsureAdmin(username, password string) error {
 	if _, err := s.repo.FindByUsername(username); err == nil {
 		return nil

internal/bossraid/handler.go

@@ -2,6 +2,7 @@ package bossraid
 
 import (
 	"log"
+	"strings"
 
 	"a301_server/pkg/apperror"
 
@@ -61,7 +62,11 @@ func (h *Handler) RequestEntry(c *fiber.Ctx) error {
 
 	room, tokens, err := h.svc.RequestEntryWithTokens(req.Usernames, req.BossID)
 	if err != nil {
-		return bossError(fiber.StatusConflict, "보스 레이드 입장에 실패했습니다", err)
+		status := fiber.StatusConflict
+		if strings.Contains(err.Error(), "이용 가능한") {
+			status = fiber.StatusServiceUnavailable
+		}
+		return bossError(status, "보스 레이드 입장에 실패했습니다", err)
 	}
 
 	return c.Status(fiber.StatusCreated).JSON(fiber.Map{

internal/bossraid/model.go

@@ -26,8 +26,9 @@ type BossRoom struct {
 	CreatedAt   time.Time      `json:"createdAt"   gorm:"index"`
 	UpdatedAt   time.Time      `json:"updatedAt"`
 	DeletedAt   gorm.DeletedAt `json:"-"           gorm:"index"`
-	SessionName string         `json:"sessionName" gorm:"type:varchar(100);uniqueIndex;not null"`
-	BossID      int            `json:"bossId"      gorm:"index;not null"`
+	SessionName     string         `json:"sessionName"     gorm:"type:varchar(100);uniqueIndex;not null"`
+	SlotSessionName string         `json:"slotSessionName" gorm:"type:varchar(100);index;not null"`
+	BossID          int            `json:"bossId"          gorm:"index;not null"`
 	Status      RoomStatus     `json:"status"      gorm:"type:varchar(20);index;default:waiting;not null"`
 	MaxPlayers  int            `json:"maxPlayers"  gorm:"default:3;not null"`
 	// Players is stored as a JSON text column for simplicity.

internal/bossraid/repository.go

@@ -224,6 +224,12 @@ func (r *Repository) DeleteRoomBySessionName(sessionName string) error {
 	return r.db.Unscoped().Where("session_name = ?", sessionName).Delete(&BossRoom{}).Error
 }
 
+// DeleteRoomBySlotSessionName removes BossRoom records matching the original slot session name.
+// Used when dedicated server calls ResetRoom with the slot name (not the unique per-entry name).
+func (r *Repository) DeleteRoomBySlotSessionName(slotSessionName string) error {
+	return r.db.Unscoped().Where("slot_session_name = ?", slotSessionName).Delete(&BossRoom{}).Error
+}
+
 // CleanupStaleWaitingRooms deletes BossRoom records stuck in "waiting" status
 // past the given threshold and resets their associated RoomSlots to idle.
 // This handles cases where players disconnect during loading before the Fusion session starts.

internal/bossraid/service.go

@@ -107,11 +107,12 @@ func (s *Service) RequestEntry(usernames []string, bossID int) (*BossRoom, error
 		}
 
 		room = &BossRoom{
-			SessionName: slot.SessionName,
-			BossID:      bossID,
-			Status:      StatusWaiting,
-			MaxPlayers:  len(usernames),
-			Players:     string(playersJSON),
+			SessionName:     slot.SessionName,
+			SlotSessionName: slot.SessionName,
+			BossID:          bossID,
+			Status:          StatusWaiting,
+			MaxPlayers:      len(usernames),
+			Players:         string(playersJSON),
 		}
 		if err := txRepo.Create(room); err != nil {
 			return fmt.Errorf("방 생성 실패: %w", err)
@@ -221,28 +222,27 @@ func (s *Service) CompleteRaid(sessionName string, rewards []PlayerReward) (*Bos
 	hasRewardFailure := false
 	if s.rewardGrant != nil {
 		for _, r := range rewards {
-			lastTxID, grantErr := s.grantWithRetry(r.Username, r.TokenAmount, r.Assets)
+			// 1회만 시도 — 실패 시 즉시 RewardFailure에 저장하여 백그라운드 워커가 재시도
+			txID, grantErr := s.rewardGrant(r.Username, r.TokenAmount, r.Assets)
 			result := RewardResult{Username: r.Username, Success: grantErr == nil}
 			if grantErr != nil {
 				result.Error = grantErr.Error()
-				log.Printf("보상 지급 실패 (재시도 소진): %s: %v", r.Username, grantErr)
+				log.Printf("보상 지급 실패: %s: %v (백그라운드 재시도 예정)", r.Username, grantErr)
 				hasRewardFailure = true
-				// 실패한 보상을 DB에 기록하여 백그라운드 재시도 가능하게 함
-				s.saveRewardFailure(sessionName, r, grantErr, lastTxID)
+				s.saveRewardFailure(sessionName, r, grantErr, txID)
 			}
 			resultRewards = append(resultRewards, result)
 		}
 	}
 
-	// Grant experience to players (with retry)
+	// Grant experience to players (1회 시도, 실패 시 백그라운드 재시도)
 	if s.expGrant != nil {
 		for _, r := range rewards {
 			if r.Experience > 0 {
-				expErr := s.grantExpWithRetry(r.Username, r.Experience)
+				expErr := s.expGrant(r.Username, r.Experience)
 				if expErr != nil {
-					log.Printf("경험치 지급 실패 (재시도 소진): %s: %v", r.Username, expErr)
+					log.Printf("경험치 지급 실패: %s: %v (백그라운드 재시도 예정)", r.Username, expErr)
 					hasRewardFailure = true
-					// 경험치 실패도 RewardFailure에 기록 (토큰/에셋 없이 경험치만)
 					s.saveRewardFailure(sessionName, PlayerReward{
 						Username:   r.Username,
 						Experience: r.Experience,
@@ -263,8 +263,13 @@ func (s *Service) CompleteRaid(sessionName string, rewards []PlayerReward) (*Bos
 	if err := s.repo.DeleteRoomBySessionName(sessionName); err != nil {
 		log.Printf("BossRoom 삭제 실패 (complete): %s: %v", sessionName, err)
 	}
-	if err := s.repo.ResetRoomSlot(sessionName); err != nil {
-		log.Printf("슬롯 리셋 실패 (complete): %s: %v", sessionName, err)
+	// SlotSessionName으로 슬롯 리셋 (고유 세션명이 아닌 원래 슬롯명)
+	slotName := resultRoom.SlotSessionName
+	if slotName == "" {
+		slotName = sessionName // 하위 호환
+	}
+	if err := s.repo.ResetRoomSlot(slotName); err != nil {
+		log.Printf("슬롯 리셋 실패 (complete): %s: %v", slotName, err)
 	}
 
 	return resultRoom, resultRewards, nil
@@ -296,8 +301,12 @@ func (s *Service) FailRaid(sessionName string) (*BossRoom, error) {
 	if err := s.repo.DeleteRoomBySessionName(sessionName); err != nil {
 		log.Printf("BossRoom 삭제 실패 (fail): %s: %v", sessionName, err)
 	}
-	if err := s.repo.ResetRoomSlot(sessionName); err != nil {
-		log.Printf("슬롯 리셋 실패 (fail): %s: %v", sessionName, err)
+	slotName := room.SlotSessionName
+	if slotName == "" {
+		slotName = sessionName
+	}
+	if err := s.repo.ResetRoomSlot(slotName); err != nil {
+		log.Printf("슬롯 리셋 실패 (fail): %s: %v", slotName, err)
 	}
 
 	return room, nil
@@ -407,6 +416,18 @@ func (s *Service) RequestEntryWithTokens(usernames []string, bossID int) (*BossR
 
 	tokens, err := s.GenerateEntryTokens(room.SessionName, usernames)
 	if err != nil {
+		// 토큰 생성 실패 시 방/슬롯 롤백
+		log.Printf("입장 토큰 생성 실패, 방/슬롯 롤백: session=%s: %v", room.SessionName, err)
+		if delErr := s.repo.DeleteRoomBySessionName(room.SessionName); delErr != nil {
+			log.Printf("롤백 중 방 삭제 실패: %v", delErr)
+		}
+		rollbackSlot := room.SlotSessionName
+		if rollbackSlot == "" {
+			rollbackSlot = room.SessionName
+		}
+		if resetErr := s.repo.ResetRoomSlot(rollbackSlot); resetErr != nil {
+			log.Printf("롤백 중 슬롯 리셋 실패: %v", resetErr)
+		}
 		return nil, nil, fmt.Errorf("입장 토큰 생성 실패: %w", err)
 	}
 
@@ -438,7 +459,11 @@ func (s *Service) cleanupStaleWaitingForUsers(usernames []string) {
 			if err := s.repo.DeleteRoomBySessionName(room.SessionName); err != nil {
 				log.Printf("대기방 삭제 실패: %v", err)
 			}
-			_ = s.repo.ResetRoomSlot(room.SessionName)
+			cleanupSlot := room.SlotSessionName
+			if cleanupSlot == "" {
+				cleanupSlot = room.SessionName
+			}
+			_ = s.repo.ResetRoomSlot(cleanupSlot)
 		}
 	}
 }
@@ -520,10 +545,15 @@ func (s *Service) CheckStaleSlots() {
 
 // ResetRoom resets a room slot back to idle and cleans up any lingering BossRoom records.
 // Called by the dedicated server after a raid ends and the runner is recycled.
+// sessionName here is the slot's original session name (not the unique per-entry name).
 func (s *Service) ResetRoom(sessionName string) error {
-	// 완료/실패되지 않은 BossRoom 레코드 정리 (waiting/in_progress 상태)
+	// 고유 세션명 BossRoom도 정리 (slot_session_name으로 검색)
+	if err := s.repo.DeleteRoomBySlotSessionName(sessionName); err != nil {
+		log.Printf("BossRoom 레코드 정리 실패 (by slot): %s: %v", sessionName, err)
+	}
+	// 하위 호환: 원래 세션명으로도 시도
 	if err := s.repo.DeleteRoomBySessionName(sessionName); err != nil {
-		log.Printf("BossRoom 레코드 정리 실패: %s: %v", sessionName, err)
+		// 이미 삭제되었을 수 있으므로 무시
 	}
 	return s.repo.ResetRoomSlot(sessionName)
 }
@@ -541,49 +571,7 @@ func (s *Service) GetServerStatus(serverName string) (*DedicatedServer, []RoomSl
 	return server, slots, nil
 }
 
-// --- Reward retry helpers ---
-
-const immediateRetries = 3
-
-// grantWithRetry attempts the reward grant up to 3 times with backoff (1s, 2s).
-// Returns the last attempted transaction ID (may be empty) and the error.
-func (s *Service) grantWithRetry(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
-	delays := []time.Duration{1 * time.Second, 2 * time.Second}
-	var lastErr error
-	var lastTxID string
-	for attempt := 0; attempt < immediateRetries; attempt++ {
-		txID, err := s.rewardGrant(username, tokenAmount, assets)
-		if txID != "" {
-			lastTxID = txID
-		}
-		if err == nil {
-			return txID, nil
-		}
-		lastErr = err
-		if attempt < len(delays) {
-			log.Printf("보상 지급 재시도 (%d/%d): %s: %v", attempt+1, immediateRetries, username, lastErr)
-			time.Sleep(delays[attempt])
-		}
-	}
-	return lastTxID, lastErr
-}
-
-// grantExpWithRetry attempts the experience grant up to 3 times with backoff (1s, 2s).
-func (s *Service) grantExpWithRetry(username string, exp int) error {
-	delays := []time.Duration{1 * time.Second, 2 * time.Second}
-	var lastErr error
-	for attempt := 0; attempt < immediateRetries; attempt++ {
-		lastErr = s.expGrant(username, exp)
-		if lastErr == nil {
-			return nil
-		}
-		if attempt < len(delays) {
-			log.Printf("경험치 지급 재시도 (%d/%d): %s: %v", attempt+1, immediateRetries, username, lastErr)
-			time.Sleep(delays[attempt])
-		}
-	}
-	return lastErr
-}
+// --- Reward helpers ---
 
 // saveRewardFailure records a failed reward in the DB for background retry.
 func (s *Service) saveRewardFailure(sessionName string, r PlayerReward, grantErr error, lastTxID string) {

internal/chain/handler.go

@@ -3,6 +3,7 @@ package chain
 import (
 	"errors"
 	"log"
+	"log/slog"
 	"strconv"
 	"strings"
 
@@ -10,6 +11,7 @@ import (
 
 	"github.com/gofiber/fiber/v2"
 	"github.com/tolelom/tolchain/core"
+	"gorm.io/gorm"
 )
 
 const maxLimit = 200
@@ -115,7 +117,10 @@ func (h *Handler) GetWalletInfo(c *fiber.Ctx) error {
 	}
 	w, err := h.svc.GetWallet(userID)
 	if err != nil {
-		return apperror.NotFound("지갑을 찾을 수 없습니다")
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return apperror.NotFound("지갑을 찾을 수 없습니다")
+		}
+		return apperror.Internal("지갑 조회에 실패했습니다")
 	}
 	return c.JSON(fiber.Map{
 		"address":   w.Address,
@@ -578,6 +583,9 @@ func (h *Handler) GrantReward(c *fiber.Ctx) error {
 	if !validID(req.RecipientPubKey) {
 		return apperror.BadRequest("recipientPubKey는 필수입니다")
 	}
+	if req.TokenAmount == 0 && len(req.Assets) == 0 {
+		return apperror.BadRequest("tokenAmount 또는 assets가 필요합니다")
+	}
 	result, err := h.svc.GrantReward(req.RecipientPubKey, req.TokenAmount, req.Assets)
 	if err != nil {
 		return chainError("보상 지급에 실패했습니다", err)
@@ -620,6 +628,39 @@ func (h *Handler) RegisterTemplate(c *fiber.Ctx) error {
 	return c.Status(fiber.StatusCreated).JSON(result)
 }
 
+// ExportWallet godoc
+// @Summary      개인키 내보내기
+// @Description  비밀번호 확인 후 현재 유저의 지갑 개인키를 반환합니다
+// @Tags         Chain
+// @Accept       json
+// @Produce      json
+// @Security     BearerAuth
+// @Param        body  body  exportRequest  true  "비밀번호"
+// @Success      200  {object}  map[string]string
+// @Failure      400  {object}  docs.ErrorResponse
+// @Failure      401  {object}  docs.ErrorResponse
+// @Router       /api/chain/wallet/export [post]
+type exportRequest struct {
+	Password string `json:"password"`
+}
+
+func (h *Handler) ExportWallet(c *fiber.Ctx) error {
+	userID, err := getUserID(c)
+	if err != nil {
+		return err
+	}
+	var req exportRequest
+	if err := c.BodyParser(&req); err != nil || req.Password == "" {
+		return apperror.BadRequest("password는 필수입니다")
+	}
+	slog.Warn("wallet export requested", "userID", userID, "ip", c.IP())
+	privKeyHex, err := h.svc.ExportPrivKey(userID, req.Password)
+	if err != nil {
+		return apperror.Unauthorized("비밀번호가 올바르지 않습니다")
+	}
+	return c.JSON(fiber.Map{"privateKey": privKeyHex})
+}
+
 // ---- Internal Handlers (game server, username-based) ----
 
 // InternalGrantReward godoc

internal/chain/model.go

@@ -17,4 +17,6 @@ type UserWallet struct {
 	Address          string         `json:"address"   gorm:"type:varchar(40);uniqueIndex;not null"`
 	EncryptedPrivKey string         `json:"-"         gorm:"type:varchar(512);not null"`
 	EncNonce         string         `json:"-"         gorm:"type:varchar(48);not null"`
+	KeyVersion       int            `json:"-"         gorm:"type:tinyint;default:1;not null"`
+	HKDFSalt         string         `json:"-"         gorm:"type:varchar(32)"` // 16 bytes hex, nullable for v1
 }

internal/chain/repository.go

@@ -29,3 +29,22 @@ func (r *Repository) FindByPubKeyHex(pubKeyHex string) (*UserWallet, error) {
 	}
 	return &w, nil
 }
+
+// FindAllByKeyVersion returns all wallets with the given key version.
+func (r *Repository) FindAllByKeyVersion(version int) ([]UserWallet, error) {
+	var wallets []UserWallet
+	if err := r.db.Where("key_version = ?", version).Find(&wallets).Error; err != nil {
+		return nil, err
+	}
+	return wallets, nil
+}
+
+// UpdateEncryption updates the encryption fields of a wallet.
+func (r *Repository) UpdateEncryption(id uint, encPrivKey, encNonce, hkdfSalt string, keyVersion int) error {
+	return r.db.Model(&UserWallet{}).Where("id = ?", id).Updates(map[string]any{
+		"encrypted_priv_key": encPrivKey,
+		"enc_nonce":          encNonce,
+		"hkdf_salt":          hkdfSalt,
+		"key_version":        keyVersion,
+	}).Error
+}

internal/chain/service.go

@@ -4,28 +4,34 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
+	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
+	"strconv"
 	"sync"
 	"time"
 
+	"a301_server/pkg/apperror"
+
 	"github.com/tolelom/tolchain/core"
 	tocrypto "github.com/tolelom/tolchain/crypto"
 	"github.com/tolelom/tolchain/wallet"
+	"golang.org/x/crypto/hkdf"
 )
 
 type Service struct {
-	repo           *Repository
-	client         *Client
-	chainID        string
-	operatorWallet *wallet.Wallet
-	encKeyBytes    []byte // 32-byte AES-256 key
-	userResolver   func(username string) (uint, error)
-	operatorMu     sync.Mutex // serialises operator-nonce transactions
-	userMu         sync.Map   // per-user mutex (keyed by userID uint)
+	repo             *Repository
+	client           *Client
+	chainID          string
+	operatorWallet   *wallet.Wallet
+	encKeyBytes      []byte // 32-byte AES-256 key
+	userResolver     func(username string) (uint, error)
+	passwordVerifier func(userID uint, password string) error
+	operatorMu       sync.Mutex // serialises operator-nonce transactions
+	userMu           sync.Map   // per-user mutex (keyed by userID uint)
 }
 
 // SetUserResolver sets the callback that resolves username → userID.
@@ -33,6 +39,24 @@ func (s *Service) SetUserResolver(fn func(username string) (uint, error)) {
 	s.userResolver = fn
 }
 
+func (s *Service) SetPasswordVerifier(fn func(userID uint, password string) error) {
+	s.passwordVerifier = fn
+}
+
+func (s *Service) ExportPrivKey(userID uint, password string) (string, error) {
+	if s.passwordVerifier == nil {
+		return "", fmt.Errorf("password verifier not configured")
+	}
+	if err := s.passwordVerifier(userID, password); err != nil {
+		return "", err
+	}
+	w, _, err := s.loadUserWallet(userID)
+	if err != nil {
+		return "", err
+	}
+	return w.PrivKey().Hex(), nil
+}
+
 // resolveUsername converts a username to the user's on-chain pubKeyHex.
 // If the user exists but has no wallet (e.g. legacy user or failed creation),
 // a wallet is auto-created on the fly.
@@ -47,12 +71,17 @@ func (s *Service) resolveUsername(username string) (string, error) {
 	uw, err := s.repo.FindByUserID(userID)
 	if err != nil {
 		// 지갑이 없으면 자동 생성 시도
-		uw, err = s.CreateWallet(userID)
-		if err != nil {
-			// unique constraint 위반 — 다른 고루틴이 먼저 생성 완료
-			uw, err = s.repo.FindByUserID(userID)
-			if err != nil {
-				return "", fmt.Errorf("wallet auto-creation failed: %w", err)
+		var createErr error
+		uw, createErr = s.CreateWallet(userID)
+		if createErr != nil {
+			if apperror.IsDuplicateEntry(createErr) {
+				// unique constraint 위반 — 다른 고루틴이 먼저 생성 완료
+				uw, err = s.repo.FindByUserID(userID)
+				if err != nil {
+					return "", fmt.Errorf("wallet auto-creation failed: %w", err)
+				}
+			} else {
+				return "", fmt.Errorf("wallet auto-creation failed: %w", createErr)
 			}
 		} else {
 			log.Printf("INFO: auto-created wallet for userID=%d (username=%s)", userID, username)
@@ -93,6 +122,16 @@ func NewService(
 
 // ---- Wallet Encryption (AES-256-GCM) ----
 
+func (s *Service) derivePerWalletKey(salt []byte, userID uint) ([]byte, error) {
+	info := []byte("wallet:" + strconv.FormatUint(uint64(userID), 10))
+	r := hkdf.New(sha256.New, s.encKeyBytes, salt, info)
+	key := make([]byte, 32)
+	if _, err := io.ReadFull(r, key); err != nil {
+		return nil, fmt.Errorf("HKDF key derivation failed: %w", err)
+	}
+	return key, nil
+}
+
 func (s *Service) encryptPrivKey(privKey tocrypto.PrivateKey) (cipherHex, nonceHex string, err error) {
 	block, err := aes.NewCipher(s.encKeyBytes)
 	if err != nil {
@@ -134,6 +173,101 @@ func (s *Service) decryptPrivKey(cipherHex, nonceHex string) (tocrypto.PrivateKe
 	return tocrypto.PrivateKey(plaintext), nil
 }
 
+func (s *Service) encryptPrivKeyV2(privKey tocrypto.PrivateKey, userID uint) (cipherHex, nonceHex, saltHex string, err error) {
+	salt := make([]byte, 16)
+	if _, err := io.ReadFull(rand.Reader, salt); err != nil {
+		return "", "", "", err
+	}
+	key, err := s.derivePerWalletKey(salt, userID)
+	if err != nil {
+		return "", "", "", err
+	}
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", "", "", err
+	}
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return "", "", "", err
+	}
+	nonce := make([]byte, gcm.NonceSize())
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		return "", "", "", err
+	}
+	cipherText := gcm.Seal(nil, nonce, []byte(privKey), nil)
+	return hex.EncodeToString(cipherText), hex.EncodeToString(nonce), hex.EncodeToString(salt), nil
+}
+
+func (s *Service) decryptPrivKeyV2(cipherHex, nonceHex, saltHex string, userID uint) (tocrypto.PrivateKey, error) {
+	cipherText, err := hex.DecodeString(cipherHex)
+	if err != nil {
+		return nil, err
+	}
+	nonce, err := hex.DecodeString(nonceHex)
+	if err != nil {
+		return nil, err
+	}
+	salt, err := hex.DecodeString(saltHex)
+	if err != nil {
+		return nil, err
+	}
+	key, err := s.derivePerWalletKey(salt, userID)
+	if err != nil {
+		return nil, err
+	}
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+	plaintext, err := gcm.Open(nil, nonce, cipherText, nil)
+	if err != nil {
+		return nil, fmt.Errorf("wallet decryption failed: %w", err)
+	}
+	return tocrypto.PrivateKey(plaintext), nil
+}
+
+// ---- Wallet Migration ----
+
+// MigrateWalletKeys re-encrypts all v1 wallets using HKDF per-wallet keys.
+// Each wallet is migrated individually; failures are logged and skipped.
+func (s *Service) MigrateWalletKeys() error {
+	wallets, err := s.repo.FindAllByKeyVersion(1)
+	if err != nil {
+		return fmt.Errorf("query v1 wallets: %w", err)
+	}
+	if len(wallets) == 0 {
+		return nil
+	}
+	log.Printf("INFO: migrating %d v1 wallets to v2 (HKDF)", len(wallets))
+	var migrated, failed int
+	for _, uw := range wallets {
+		privKey, err := s.decryptPrivKey(uw.EncryptedPrivKey, uw.EncNonce)
+		if err != nil {
+			log.Printf("ERROR: v1 decrypt failed for walletID=%d userID=%d: %v", uw.ID, uw.UserID, err)
+			failed++
+			continue
+		}
+		cipherHex, nonceHex, saltHex, err := s.encryptPrivKeyV2(privKey, uw.UserID)
+		if err != nil {
+			log.Printf("ERROR: v2 encrypt failed for walletID=%d userID=%d: %v", uw.ID, uw.UserID, err)
+			failed++
+			continue
+		}
+		if err := s.repo.UpdateEncryption(uw.ID, cipherHex, nonceHex, saltHex, 2); err != nil {
+			log.Printf("ERROR: DB update failed for walletID=%d userID=%d: %v", uw.ID, uw.UserID, err)
+			failed++
+			continue
+		}
+		migrated++
+	}
+	log.Printf("INFO: wallet migration complete: %d migrated, %d failed", migrated, failed)
+	return nil
+}
+
 // ---- Wallet Management ----
 
 // CreateWallet generates a new keypair, encrypts it, and stores in DB.
@@ -142,18 +276,18 @@ func (s *Service) CreateWallet(userID uint) (*UserWallet, error) {
 	if err != nil {
 		return nil, fmt.Errorf("key generation failed: %w", err)
 	}
-
-	cipherHex, nonceHex, err := s.encryptPrivKey(w.PrivKey())
+	cipherHex, nonceHex, saltHex, err := s.encryptPrivKeyV2(w.PrivKey(), userID)
 	if err != nil {
 		return nil, fmt.Errorf("key encryption failed: %w", err)
 	}
-
 	uw := &UserWallet{
 		UserID:           userID,
 		PubKeyHex:        w.PubKey(),
 		Address:          w.Address(),
 		EncryptedPrivKey: cipherHex,
 		EncNonce:         nonceHex,
+		KeyVersion:       2,
+		HKDFSalt:         saltHex,
 	}
 	if err := s.repo.Create(uw); err != nil {
 		return nil, fmt.Errorf("wallet save failed: %w", err)
@@ -171,7 +305,12 @@ func (s *Service) loadUserWallet(userID uint) (*wallet.Wallet, string, error) {
 	if err != nil {
 		return nil, "", fmt.Errorf("wallet not found: %w", err)
 	}
-	privKey, err := s.decryptPrivKey(uw.EncryptedPrivKey, uw.EncNonce)
+	var privKey tocrypto.PrivateKey
+	if uw.KeyVersion >= 2 {
+		privKey, err = s.decryptPrivKeyV2(uw.EncryptedPrivKey, uw.EncNonce, uw.HKDFSalt, uw.UserID)
+	} else {
+		privKey, err = s.decryptPrivKey(uw.EncryptedPrivKey, uw.EncNonce)
+	}
 	if err != nil {
 		log.Printf("WARNING: wallet decryption failed for userID=%d: %v", userID, err)
 		return nil, "", fmt.Errorf("wallet decryption failed")

internal/chain/service_encryption_test.go

@@ -0,0 +1,46 @@
+package chain
+
+import (
+	"testing"
+
+	tocrypto "github.com/tolelom/tolchain/crypto"
+)
+
+func TestEncryptDecryptV2_Roundtrip(t *testing.T) {
+	s := newTestService()
+	priv, _, err := tocrypto.GenerateKeyPair()
+	if err != nil {
+		t.Fatal(err)
+	}
+	cipherHex, nonceHex, saltHex, err := s.encryptPrivKeyV2(priv, 42)
+	if err != nil {
+		t.Fatal(err)
+	}
+	got, err := s.decryptPrivKeyV2(cipherHex, nonceHex, saltHex, 42)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if got.Hex() != priv.Hex() {
+		t.Errorf("roundtrip mismatch: got %s, want %s", got.Hex(), priv.Hex())
+	}
+}
+
+func TestDecryptV2_WrongUserID_Fails(t *testing.T) {
+	s := newTestService()
+	priv, _, _ := tocrypto.GenerateKeyPair()
+	cipherHex, nonceHex, saltHex, _ := s.encryptPrivKeyV2(priv, 42)
+	_, err := s.decryptPrivKeyV2(cipherHex, nonceHex, saltHex, 99)
+	if err == nil {
+		t.Error("expected error for wrong userID")
+	}
+}
+
+func TestV1V2_DifferentCiphertext(t *testing.T) {
+	s := newTestService()
+	priv, _, _ := tocrypto.GenerateKeyPair()
+	v1cipher, _, _ := s.encryptPrivKey(priv)
+	v2cipher, _, _, _ := s.encryptPrivKeyV2(priv, 1)
+	if v1cipher == v2cipher {
+		t.Error("v1 and v2 should produce different ciphertext")
+	}
+}

internal/download/service.go

@@ -151,12 +151,12 @@ func (s *Service) Upload(filename string, body io.Reader, baseURL string) (*Info
 		}
 	}
 
-	fileHash := hashGameExeFromZip(finalPath)
+	// game.zip 전체의 해시를 사용하여 업데이트 감지.
+	// A301.exe만 해시하면 Mono 빌드에서 exe가 안 바뀌어도
+	// Data 폴더의 스크립트/에셋 변경을 감지하지 못함.
+	fileHash := hashFileToHex(finalPath)
 	if fileHash == "" {
-		if removeErr := os.Remove(finalPath); removeErr != nil {
-			log.Printf("WARNING: failed to remove file %s: %v", finalPath, removeErr)
-		}
-		return nil, fmt.Errorf("zip 파일에 %s이(가) 포함되어 있지 않습니다", "A301.exe")
+		return nil, fmt.Errorf("파일 해시 계산에 실패했습니다")
 	}
 
 	info, err := s.repo.GetLatest()
@@ -215,12 +215,17 @@ func hashGameExeFromZip(zipPath string) string {
 			if err != nil {
 				return ""
 			}
+			lr := io.LimitReader(rc, maxExeSize+1)
 			h := sha256.New()
-			_, err = io.Copy(h, io.LimitReader(rc, maxExeSize))
+			n, err := io.Copy(h, lr)
 			rc.Close()
 			if err != nil {
 				return ""
 			}
+			if n > maxExeSize {
+				log.Printf("WARNING: A301.exe exceeds %dMB, hash may be inaccurate", maxExeSize/1024/1024)
+				return ""
+			}
 			return hex.EncodeToString(h.Sum(nil))
 		}
 	}

internal/player/service.go

@@ -8,8 +8,8 @@ import (
 
 // validateGameData checks that game data fields are within acceptable ranges.
 func validateGameData(data *GameDataRequest) error {
-	if data.Level != nil && (*data.Level < 1 || *data.Level > 999) {
-		return fmt.Errorf("레벨은 1~999 범위여야 합니다")
+	if data.Level != nil && (*data.Level < 1 || *data.Level > MaxLevel) {
+		return fmt.Errorf("레벨은 1~%d 범위여야 합니다", MaxLevel)
 	}
 	if data.Experience != nil && *data.Experience < 0 {
 		return fmt.Errorf("경험치는 0 이상이어야 합니다")

internal/server/server.go

@@ -40,6 +40,7 @@ func New() *fiber.App {
 		AllowOrigins:     config.C.CORSAllowOrigins,
 		AllowHeaders:     "Origin, Content-Type, Authorization, Idempotency-Key, X-API-Key, X-Requested-With",
 		AllowMethods:     "GET, POST, PUT, PATCH, DELETE",
+		ExposeHeaders:    "X-Request-ID, X-Idempotent-Replay",
 		AllowCredentials: true,
 	}))
 	return app
@@ -59,10 +60,10 @@ func AuthLimiter() fiber.Handler {
 	})
 }
 
-// APILimiter returns a rate limiter for general API endpoints (60 req/min per IP).
+// APILimiter returns a rate limiter for general API endpoints (120 req/min per IP).
 func APILimiter() fiber.Handler {
 	return limiter.New(limiter.Config{
-		Max:        60,
+		Max:        120,
 		Expiration: 1 * time.Minute,
 		KeyGenerator: func(c *fiber.Ctx) string {
 			return c.IP()

main.go

@@ -75,6 +75,11 @@ func main() {
 	}
 	chainHandler := chain.NewHandler(chainSvc)
 
+	// Migrate v1 wallets to v2 (HKDF per-wallet keys)
+	if err := chainSvc.MigrateWalletKeys(); err != nil {
+		log.Fatalf("wallet key migration failed: %v", err)
+	}
+
 	userResolver := func(username string) (uint, error) {
 		user, err := authRepo.FindByUsername(username)
 		if err != nil {
@@ -88,6 +93,7 @@ func main() {
 		_, err := chainSvc.CreateWallet(userID)
 		return err
 	})
+	chainSvc.SetPasswordVerifier(authSvc.VerifyPassword)
 
 	playerRepo := player.NewRepository(db)
 	playerSvc := player.NewService(playerRepo)
@@ -177,29 +183,36 @@ func main() {
 	// ── Graceful shutdown ────────────────────────────────────────────
 
 	go func() {
-		sigCh := make(chan os.Signal, 1)
-		signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
-		sig := <-sigCh
-		log.Printf("수신된 시그널: %v — 서버 종료 중...", sig)
-		rewardWorker.Stop()
-		if err := app.ShutdownWithTimeout(10 * time.Second); err != nil {
-			log.Printf("서버 종료 실패: %v", err)
-		}
-		if rdb != nil {
-			if err := rdb.Close(); err != nil {
-				log.Printf("Redis 종료 실패: %v", err)
-			} else {
-				log.Println("Redis 연결 종료 완료")
-			}
-		}
-		if sqlDB, err := db.DB(); err == nil {
-			if err := sqlDB.Close(); err != nil {
-				log.Printf("MySQL 종료 실패: %v", err)
-			} else {
-				log.Println("MySQL 연결 종료 완료")
-			}
+		if err := app.Listen(":" + config.C.AppPort); err != nil {
+			log.Printf("서버 Listen 종료: %v", err)
 		}
 	}()
 
-	log.Fatal(app.Listen(":" + config.C.AppPort))
+	sigCh := make(chan os.Signal, 1)
+	signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
+	sig := <-sigCh
+	log.Printf("수신된 시그널: %v — 서버 종료 중...", sig)
+
+	rewardWorker.Stop()
+
+	if err := app.ShutdownWithTimeout(10 * time.Second); err != nil {
+		log.Printf("서버 종료 실패: %v", err)
+	}
+
+	if rdb != nil {
+		if err := rdb.Close(); err != nil {
+			log.Printf("Redis 종료 실패: %v", err)
+		} else {
+			log.Println("Redis 연결 종료 완료")
+		}
+	}
+	if sqlDB, err := db.DB(); err == nil {
+		if err := sqlDB.Close(); err != nil {
+			log.Printf("MySQL 종료 실패: %v", err)
+		} else {
+			log.Println("MySQL 연결 종료 완료")
+		}
+	}
+
+	log.Println("서버 종료 완료")
 }

pkg/apperror/apperror.go

@@ -1,6 +1,12 @@
 package apperror
 
-import "fmt"
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/go-sql-driver/mysql"
+)
 
 // AppError is a structured application error with an HTTP status code.
 // JSON response format: {"error": "<code>", "message": "<human-readable message>"}
@@ -57,3 +63,15 @@ func Conflict(message string) *AppError {
 func Internal(message string) *AppError {
 	return &AppError{Code: "internal_error", Message: message, Status: 500}
 }
+
+// ErrDuplicateUsername is returned when a username already exists.
+var ErrDuplicateUsername = fmt.Errorf("이미 사용 중인 아이디입니다")
+
+// IsDuplicateEntry checks if a GORM error is a MySQL duplicate key violation (error 1062).
+func IsDuplicateEntry(err error) bool {
+	var mysqlErr *mysql.MySQLError
+	if errors.As(err, &mysqlErr) {
+		return mysqlErr.Number == 1062
+	}
+	return strings.Contains(err.Error(), "Duplicate entry") || strings.Contains(err.Error(), "UNIQUE constraint")
+}

pkg/database/mysql.go

@@ -11,7 +11,7 @@ import (
 
 func ConnectMySQL() (*gorm.DB, error) {
 	c := config.C
-	dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=utf8mb4&parseTime=True&loc=Local",
+	dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=utf8mb4&parseTime=True&loc=UTC",
 		c.DBUser, c.DBPassword, c.DBHost, c.DBPort, c.DBName,
 	)
 	db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{})

pkg/middleware/idempotency.go

@@ -49,7 +49,7 @@ func Idempotency(rdb *redis.Client) fiber.Handler {
 		if uid, ok := c.Locals("userID").(uint); ok {
 			redisKey += fmt.Sprintf("u%d:", uid)
 		}
-		redisKey += key
+		redisKey += c.Method() + ":" + c.Route().Path + ":" + key
 
 		ctx, cancel := context.WithTimeout(context.Background(), redisTimeout)
 		defer cancel()

routes/routes.go

@@ -113,6 +113,7 @@ func Register(
 	// Chain - Queries (authenticated)
 	ch := api.Group("/chain", authMw)
 	ch.Get("/wallet", chainH.GetWalletInfo)
+	ch.Post("/wallet/export", chainH.ExportWallet)
 	ch.Get("/balance", chainH.GetBalance)
 	ch.Get("/assets", chainH.GetAssets)
 	ch.Get("/asset/:id", chainH.GetAsset)