A301/a301_server
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: A301:d46ba47c631f1f52970c525baf11b481f6d2296d
Branches Tags
A301:main A301:fix/bossraid-slot-reuse A301:fix/wallet-auto-create
..
compare: A301:fix/bossraid-slot-reuse
Branches Tags
A301:main A301:fix/bossraid-slot-reuse A301:fix/wallet-auto-create

1 Commits
d46ba47c63 ... fix/bossra

Author SHA1 Message Date
tolelom
688d4b34df Fix: CORS AllowHeaders에 X-Requested-With 추가 
웹 클라이언트의 fetch 요청에서 X-Requested-With 헤더가
CORS preflight에서 차단되는 문제 수정.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-19 17:01:06 +09:00
17 changed files with 122 additions and 395 deletions
Expand all files Collapse all files

56
.gitea/workflows/deploy.yml
View File

@@ -10,48 +10,48 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: 코드 체크아웃 - name: 코드 체크아웃
run: | uses: actions/checkout@v4
git config --global --add safe.directory "$(pwd)"
git init
git remote add origin $GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git
git fetch --depth=1 origin $GITHUB_SHA
git checkout $GITHUB_SHA
- name: tolchain 의존성 클론 - name: tolchain 의존성 클론
run: git clone --depth 1 https://github.com/tolelom/tolchain.git ../tolchain run: git clone --depth 1 https://github.com/tolelom/tolchain.git ../tolchain
- name: Go 설치 - name: Go 설치
run: | uses: actions/setup-go@v5
curl -fsSL https://go.dev/dl/go1.25.5.linux-arm64.tar.gz -o /tmp/go.tar.gz with:
rm -rf /usr/local/go && tar -C /usr/local -xzf /tmp/go.tar.gz go-version: '1.25'
export PATH=$PATH:/usr/local/go/bin
go version
- name: go vet 검증 - name: go vet 검증
run: | run: go vet ./...
export PATH=$PATH:/usr/local/go/bin
go vet ./...
- name: 테스트 실행 - name: 테스트 실행
run: | run: go test ./... -count=1
export PATH=$PATH:/usr/local/go/bin
go test ./... -count=1
- name: 빌드 검증 - name: 빌드 검증
run: | run: go build -o /dev/null .
export PATH=$PATH:/usr/local/go/bin
go build -o /dev/null .
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: lint-and-build needs: lint-and-build
steps: steps:
- name: 서버에 배포 - name: 서버에 배포
run: | uses: appleboy/ssh-action@v1
mkdir -p ~/.ssh with:
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/deploy_key host: ${{ secrets.SERVER_HOST }}
chmod 600 ~/.ssh/deploy_key username: ${{ secrets.SERVER_USER }}
ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key \ key: ${{ secrets.SSH_PRIVATE_KEY }}
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} \ port: 22
'set -e && export PATH=$PATH:/usr/local/bin:/opt/homebrew/bin:$HOME/.docker/bin && cd /tmp && rm -rf a301-build && mkdir a301-build && cd a301-build && git clone --quiet https://tolelom:${{ secrets.GIT_TOKEN }}@git.tolelom.xyz/A301/a301_server.git a301_server && git clone --quiet https://github.com/tolelom/tolchain.git tolchain && docker build --no-cache -t a301-server:latest -f a301_server/Dockerfile . && cd ~/server && docker compose up -d --no-deps --force-recreate a301-server && rm -rf /tmp/a301-build' script: |
rm -f ~/.ssh/deploy_key set -e
export PATH=$PATH:/usr/local/bin:/opt/homebrew/bin:$HOME/.docker/bin
cd /tmp
rm -rf a301-build
mkdir a301-build && cd a301-build
# Suppress token from logs
set +x
git clone --quiet https://tolelom:${{ secrets.GIT_TOKEN }}@git.tolelom.xyz/A301/a301_server.git a301_server 2>/dev/null
set -x
git clone --quiet https://github.com/tolelom/tolchain.git tolchain
docker build --no-cache -t a301-server:latest -f a301_server/Dockerfile .
cd ~/server
docker compose up -d --no-deps --force-recreate a301-server
rm -rf /tmp/a301-build

6
Dockerfile
View File

@@ -10,11 +10,9 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o server .
# Stage 2: Run # Stage 2: Run
FROM alpine:latest FROM alpine:latest
RUN apk --no-cache add tzdata ca-certificates curl RUN apk --no-cache add tzdata ca-certificates curl
RUN addgroup -g 1000 app && adduser -D -u 1000 -G app app RUN mkdir -p /data/game
RUN mkdir -p /data/game && chown app:app /data/game
WORKDIR /app WORKDIR /app
COPY --from=builder --chown=app:app /build/a301_server/server . COPY --from=builder /build/a301_server/server .
USER app
EXPOSE 8080 EXPOSE 8080
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD curl -f http://localhost:8080/health || exit 1 CMD curl -f http://localhost:8080/health || exit 1

20
internal/auth/service.go
View File

@@ -426,6 +426,9 @@ func (s *Service) SSAFYLogin(code, state string) (accessToken, refreshToken stri
ssafyID := userInfo.UserID ssafyID := userInfo.UserID
// SSAFY ID에서 영문 소문자+숫자만 추출하여 안전한 username 생성 // SSAFY ID에서 영문 소문자+숫자만 추출하여 안전한 username 생성
// NOTE: Username collision is handled by the DB unique constraint.
// If collision occurs, the transaction will rollback and return a generic error.
// A retry with random suffix could improve UX but is not critical.
safeID := sanitizeForUsername(ssafyID) safeID := sanitizeForUsername(ssafyID)
if safeID == "" { if safeID == "" {
safeID = hex.EncodeToString(randomBytes[:8]) safeID = hex.EncodeToString(randomBytes[:8])
@@ -434,18 +437,7 @@ func (s *Service) SSAFYLogin(code, state string) (accessToken, refreshToken stri
if len(username) > 50 { if len(username) > 50 {
username = username[:50] username = username[:50]
} }
// DB unique constraint 충돌 시 랜덤 suffix로 최대 3회 재시도
maxRetries := 3
baseUsername := username
for attempt := 0; attempt < maxRetries; attempt++ {
if attempt > 0 {
suffix := hex.EncodeToString(randomBytes[attempt*2 : attempt*2+4])
username = baseUsername + "_" + suffix
if len(username) > 50 {
username = username[:50]
}
}
err = s.repo.Transaction(func(txRepo *Repository) error { err = s.repo.Transaction(func(txRepo *Repository) error {
user = &User{ user = &User{
Username: username, Username: username,
@@ -469,12 +461,8 @@ func (s *Service) SSAFYLogin(code, state string) (accessToken, refreshToken stri
} }
return nil return nil
}) })
if err == nil {
break
}
log.Printf("SSAFY user creation attempt %d failed: %v", attempt+1, err)
}
if err != nil { if err != nil {
log.Printf("SSAFY user creation transaction failed: %v", err)
return "", "", nil, fmt.Errorf("계정 생성 실패: %v", err) return "", "", nil, fmt.Errorf("계정 생성 실패: %v", err)
} }
} }

8
internal/bossraid/handler.go
View File

@@ -207,18 +207,10 @@ func (h *Handler) ValidateEntryToken(c *fiber.Ctx) error {
return apperror.Unauthorized(err.Error()) return apperror.Unauthorized(err.Error())
} }
// 방 정보에서 파티 인원 수 조회
expectedPlayers := 0
room, roomErr := h.svc.GetRoom(sessionName)
if roomErr == nil && room != nil {
expectedPlayers = room.MaxPlayers
}
return c.JSON(fiber.Map{ return c.JSON(fiber.Map{
"valid": true, "valid": true,
"username": username, "username": username,
"sessionName": sessionName, "sessionName": sessionName,
"expectedPlayers": expectedPlayers,
}) })
} }

1
internal/bossraid/model.go
View File

@@ -88,6 +88,5 @@ type RewardFailure struct {
Experience int `json:"experience" gorm:"default:0;not null"` Experience int `json:"experience" gorm:"default:0;not null"`
Error string `json:"error" gorm:"type:text"` Error string `json:"error" gorm:"type:text"`
RetryCount int `json:"retryCount" gorm:"default:0;not null"` RetryCount int `json:"retryCount" gorm:"default:0;not null"`
LastTxID string `json:"lastTxId" gorm:"type:varchar(100)"` // 마지막 시도한 블록체인 트랜잭션 ID (이중 지급 방지용)
ResolvedAt *time.Time `json:"resolvedAt" gorm:"index"` ResolvedAt *time.Time `json:"resolvedAt" gorm:"index"`
} }

52
internal/bossraid/repository.go
View File

@@ -64,17 +64,6 @@ func (r *Repository) CountActiveByUsername(username string) (int64, error) {
return count, err return count, err
} }
// FindWaitingRoomsByUsername returns all waiting rooms containing the given username.
func (r *Repository) FindWaitingRoomsByUsername(username string) ([]BossRoom, error) {
escaped := strings.NewReplacer("%", "\\%", "_", "\\_").Replace(username)
search := `"` + escaped + `"`
var rooms []BossRoom
err := r.db.Where("status = ? AND players LIKE ?",
StatusWaiting, "%"+search+"%").
Find(&rooms).Error
return rooms, err
}
// --- DedicatedServer & RoomSlot --- // --- DedicatedServer & RoomSlot ---
// UpsertDedicatedServer creates or updates a server group by name. // UpsertDedicatedServer creates or updates a server group by name.
@@ -224,40 +213,6 @@ func (r *Repository) DeleteRoomBySessionName(sessionName string) error {
return r.db.Unscoped().Where("session_name = ?", sessionName).Delete(&BossRoom{}).Error return r.db.Unscoped().Where("session_name = ?", sessionName).Delete(&BossRoom{}).Error
} }
// CleanupStaleWaitingRooms deletes BossRoom records stuck in "waiting" status
// past the given threshold and resets their associated RoomSlots to idle.
// This handles cases where players disconnect during loading before the Fusion session starts.
func (r *Repository) CleanupStaleWaitingRooms(threshold time.Time) (int64, error) {
// 1. waiting 상태에서 threshold보다 오래된 방 조회
var staleRooms []BossRoom
if err := r.db.Where("status = ? AND created_at < ?", StatusWaiting, threshold).
Find(&staleRooms).Error; err != nil {
return 0, err
}
if len(staleRooms) == 0 {
return 0, nil
}
// 2. 연결된 슬롯을 idle로 리셋
staleSessionNames := make([]string, len(staleRooms))
for i, room := range staleRooms {
staleSessionNames[i] = room.SessionName
}
r.db.Model(&RoomSlot{}).
Where("session_name IN ? AND status = ?", staleSessionNames, SlotWaiting).
Updates(map[string]interface{}{
"status": SlotIdle,
"boss_room_id": nil,
})
// 3. BossRoom 레코드 하드 삭제
result := r.db.Unscoped().
Where("status = ? AND created_at < ?", StatusWaiting, threshold).
Delete(&BossRoom{})
return result.RowsAffected, result.Error
}
// ResetStaleSlots clears instanceID for slots with stale heartbeats // ResetStaleSlots clears instanceID for slots with stale heartbeats
// and resets any active raids on those slots. // and resets any active raids on those slots.
func (r *Repository) ResetStaleSlots(threshold time.Time) (int64, error) { func (r *Repository) ResetStaleSlots(threshold time.Time) (int64, error) {
@@ -374,10 +329,3 @@ func (r *Repository) IncrementRetryCount(id uint, errMsg string) error {
"error": errMsg, "error": errMsg,
}).Error }).Error
} }
// UpdateLastTxID saves the last attempted blockchain transaction ID for idempotency checking.
func (r *Repository) UpdateLastTxID(id uint, txID string) error {
return r.db.Model(&RewardFailure{}).
Where("id = ?", id).
Update("last_tx_id", txID).Error
}

36
internal/bossraid/reward_worker.go
View File

@@ -11,9 +11,8 @@ import (
// RewardWorker periodically retries failed reward grants. // RewardWorker periodically retries failed reward grants.
type RewardWorker struct { type RewardWorker struct {
repo *Repository repo *Repository
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error) rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error
expGrant func(username string, exp int) error expGrant func(username string, exp int) error
txCheck func(txID string) (confirmed bool, err error) // 이중 지급 방지: tx 상태 확인
interval time.Duration interval time.Duration
stopCh chan struct{} stopCh chan struct{}
} }
@@ -21,15 +20,13 @@ type RewardWorker struct {
// NewRewardWorker creates a new RewardWorker. Default interval is 1 minute. // NewRewardWorker creates a new RewardWorker. Default interval is 1 minute.
func NewRewardWorker( func NewRewardWorker(
repo *Repository, repo *Repository,
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error), rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error,
expGrant func(username string, exp int) error, expGrant func(username string, exp int) error,
txCheck func(txID string) (confirmed bool, err error),
) *RewardWorker { ) *RewardWorker {
return &RewardWorker{ return &RewardWorker{
repo: repo, repo: repo,
rewardGrant: rewardGrant, rewardGrant: rewardGrant,
expGrant: expGrant, expGrant: expGrant,
txCheck: txCheck,
interval: 1 * time.Minute, interval: 1 * time.Minute,
stopCh: make(chan struct{}), stopCh: make(chan struct{}),
} }
@@ -74,21 +71,6 @@ func (w *RewardWorker) retryOne(rf RewardFailure) {
// 블록체인 보상 재시도 (토큰 또는 에셋이 있는 경우) // 블록체인 보상 재시도 (토큰 또는 에셋이 있는 경우)
if (rf.TokenAmount > 0 || rf.Assets != "[]") && w.rewardGrant != nil { if (rf.TokenAmount > 0 || rf.Assets != "[]") && w.rewardGrant != nil {
// 이중 지급 방지: 마지막 tx가 이미 성공했는지 확인
if rf.LastTxID != "" && w.txCheck != nil {
confirmed, checkErr := w.txCheck(rf.LastTxID)
if checkErr != nil {
log.Printf("보상 재시도 tx 상태 확인 실패: ID=%d, txID=%s: %v", rf.ID, rf.LastTxID, checkErr)
// 상태 확인 실패 시 안전하게 재시도 건너뜀 (다음 주기에 다시 확인)
return
}
if confirmed {
log.Printf("보상 재시도 건너뜀 (이전 tx 이미 성공): ID=%d, txID=%s, %s", rf.ID, rf.LastTxID, rf.Username)
// 블록체인 보상은 이미 지급됨 → 경험치만 확인
goto expRetry
}
}
var assets []core.MintAssetPayload var assets []core.MintAssetPayload
if rf.Assets != "" && rf.Assets != "[]" { if rf.Assets != "" && rf.Assets != "[]" {
if err := json.Unmarshal([]byte(rf.Assets), &assets); err != nil { if err := json.Unmarshal([]byte(rf.Assets), &assets); err != nil {
@@ -100,18 +82,9 @@ func (w *RewardWorker) retryOne(rf RewardFailure) {
return return
} }
} }
txID, grantErr := w.rewardGrant(rf.Username, rf.TokenAmount, assets) retryErr = w.rewardGrant(rf.Username, rf.TokenAmount, assets)
retryErr = grantErr
// 시도한 txID 저장 (다음 재시도 시 이중 지급 방지용)
if txID != "" {
if err := w.repo.UpdateLastTxID(rf.ID, txID); err != nil {
log.Printf("보상 재시도 txID 저장 실패: ID=%d: %v", rf.ID, err)
}
}
} }
expRetry:
// 경험치 재시도 (블록체인 보상이 없거나 성공한 경우) // 경험치 재시도 (블록체인 보상이 없거나 성공한 경우)
if retryErr == nil && rf.Experience > 0 && w.expGrant != nil { if retryErr == nil && rf.Experience > 0 && w.expGrant != nil {
retryErr = w.expGrant(rf.Username, rf.Experience) retryErr = w.expGrant(rf.Username, rf.Experience)
@@ -132,8 +105,7 @@ expRetry:
} }
newCount := rf.RetryCount + 1 newCount := rf.RetryCount + 1
if newCount >= 10 { if newCount >= 10 {
log.Printf("CRITICAL: 보상 재시도 포기 (최대 횟수 초과) — 수동 복구 필요: ID=%d, session=%s, user=%s, token=%d, exp=%d", log.Printf("보상 재시도 포기 (최대 횟수 초과): ID=%d, %s", rf.ID, rf.Username)
rf.ID, rf.SessionName, rf.Username, rf.TokenAmount, rf.Experience)
} else { } else {
log.Printf("보상 재시도 실패 (%d/10): ID=%d, %s: %v", newCount, rf.ID, rf.Username, retryErr) log.Printf("보상 재시도 실패 (%d/10): ID=%d, %s: %v", newCount, rf.ID, rf.Username, retryErr)
} }

98
internal/bossraid/service.go
View File

@@ -22,9 +22,6 @@ const (
entryTokenPrefix = "bossraid:entry:" entryTokenPrefix = "bossraid:entry:"
// pendingEntryPrefix is the Redis key prefix for username → {sessionName, entryToken}. // pendingEntryPrefix is the Redis key prefix for username → {sessionName, entryToken}.
pendingEntryPrefix = "bossraid:pending:" pendingEntryPrefix = "bossraid:pending:"
// waitingRoomTimeout is the maximum time a room can stay in "waiting" status
// before being considered stale and cleaned up. Covers loading + Fusion connection + retries.
waitingRoomTimeout = 2 * time.Minute
) )
// entryTokenData is stored in Redis for each entry token. // entryTokenData is stored in Redis for each entry token.
@@ -36,7 +33,7 @@ type entryTokenData struct {
type Service struct { type Service struct {
repo *Repository repo *Repository
rdb *redis.Client rdb *redis.Client
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error) rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error
expGrant func(username string, exp int) error expGrant func(username string, exp int) error
} }
@@ -45,8 +42,7 @@ func NewService(repo *Repository, rdb *redis.Client) *Service {
} }
// SetRewardGranter sets the callback for granting rewards via blockchain. // SetRewardGranter sets the callback for granting rewards via blockchain.
// The callback returns the blockchain transaction ID and an error. func (s *Service) SetRewardGranter(fn func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error) {
func (s *Service) SetRewardGranter(fn func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error)) {
s.rewardGrant = fn s.rewardGrant = fn
} }
@@ -59,10 +55,8 @@ func (s *Service) SetExpGranter(fn func(username string, exp int) error) {
// Allocates an idle room slot from a registered dedicated server. // Allocates an idle room slot from a registered dedicated server.
// Returns the room with assigned session name. // Returns the room with assigned session name.
func (s *Service) RequestEntry(usernames []string, bossID int) (*BossRoom, error) { func (s *Service) RequestEntry(usernames []string, bossID int) (*BossRoom, error) {
// 좀비 슬롯 정리 — idle 슬롯 검색 전에 stale 인스턴스와 대기방을 리셋 // 좀비 슬롯 정리 — idle 슬롯 검색 전에 stale 인스턴스 리셋
s.CheckStaleSlots() s.CheckStaleSlots()
// 입장 요청 플레이어들의 stale waiting room 선제 정리
s.cleanupStaleWaitingForUsers(usernames)
if len(usernames) == 0 { if len(usernames) == 0 {
return nil, fmt.Errorf("플레이어 목록이 비어있습니다") return nil, fmt.Errorf("플레이어 목록이 비어있습니다")
@@ -110,7 +104,7 @@ func (s *Service) RequestEntry(usernames []string, bossID int) (*BossRoom, error
SessionName: slot.SessionName, SessionName: slot.SessionName,
BossID: bossID, BossID: bossID,
Status: StatusWaiting, Status: StatusWaiting,
MaxPlayers: len(usernames), MaxPlayers: defaultMaxPlayers,
Players: string(playersJSON), Players: string(playersJSON),
} }
if err := txRepo.Create(room); err != nil { if err := txRepo.Create(room); err != nil {
@@ -221,19 +215,26 @@ func (s *Service) CompleteRaid(sessionName string, rewards []PlayerReward) (*Bos
hasRewardFailure := false hasRewardFailure := false
if s.rewardGrant != nil { if s.rewardGrant != nil {
for _, r := range rewards { for _, r := range rewards {
lastTxID, grantErr := s.grantWithRetry(r.Username, r.TokenAmount, r.Assets) grantErr := s.grantWithRetry(r.Username, r.TokenAmount, r.Assets)
result := RewardResult{Username: r.Username, Success: grantErr == nil} result := RewardResult{Username: r.Username, Success: grantErr == nil}
if grantErr != nil { if grantErr != nil {
result.Error = grantErr.Error() result.Error = grantErr.Error()
log.Printf("보상 지급 실패 (재시도 소진): %s: %v", r.Username, grantErr) log.Printf("보상 지급 실패 (재시도 소진): %s: %v", r.Username, grantErr)
hasRewardFailure = true hasRewardFailure = true
// 실패한 보상을 DB에 기록하여 백그라운드 재시도 가능하게 함 // 실패한 보상을 DB에 기록하여 백그라운드 재시도 가능하게 함
s.saveRewardFailure(sessionName, r, grantErr, lastTxID) s.saveRewardFailure(sessionName, r, grantErr)
} }
resultRewards = append(resultRewards, result) resultRewards = append(resultRewards, result)
} }
} }
// 보상 실패가 있으면 상태를 reward_failed로 업데이트 (completed → reward_failed)
if hasRewardFailure {
if err := s.repo.TransitionRoomStatus(sessionName, StatusCompleted, StatusRewardFailed, nil); err != nil {
log.Printf("보상 실패 상태 업데이트 실패: %s: %v", sessionName, err)
}
}
// Grant experience to players (with retry) // Grant experience to players (with retry)
if s.expGrant != nil { if s.expGrant != nil {
for _, r := range rewards { for _, r := range rewards {
@@ -241,24 +242,16 @@ func (s *Service) CompleteRaid(sessionName string, rewards []PlayerReward) (*Bos
expErr := s.grantExpWithRetry(r.Username, r.Experience) expErr := s.grantExpWithRetry(r.Username, r.Experience)
if expErr != nil { if expErr != nil {
log.Printf("경험치 지급 실패 (재시도 소진): %s: %v", r.Username, expErr) log.Printf("경험치 지급 실패 (재시도 소진): %s: %v", r.Username, expErr)
hasRewardFailure = true
// 경험치 실패도 RewardFailure에 기록 (토큰/에셋 없이 경험치만) // 경험치 실패도 RewardFailure에 기록 (토큰/에셋 없이 경험치만)
s.saveRewardFailure(sessionName, PlayerReward{ s.saveRewardFailure(sessionName, PlayerReward{
Username: r.Username, Username: r.Username,
Experience: r.Experience, Experience: r.Experience,
}, expErr, "") }, expErr)
} }
} }
} }
} }
// 보상 실패(블록체인 또는 경험치)가 있으면 상태를 reward_failed로 업데이트
if hasRewardFailure {
if err := s.repo.TransitionRoomStatus(sessionName, StatusCompleted, StatusRewardFailed, nil); err != nil {
log.Printf("보상 실패 상태 업데이트 실패: %s: %v", sessionName, err)
}
}
// BossRoom 삭제 후 슬롯 리셋 — 다음 파티가 즉시 슬롯 재사용 가능 // BossRoom 삭제 후 슬롯 리셋 — 다음 파티가 즉시 슬롯 재사용 가능
if err := s.repo.DeleteRoomBySessionName(sessionName); err != nil { if err := s.repo.DeleteRoomBySessionName(sessionName); err != nil {
log.Printf("BossRoom 삭제 실패 (complete): %s: %v", sessionName, err) log.Printf("BossRoom 삭제 실패 (complete): %s: %v", sessionName, err)
@@ -413,36 +406,6 @@ func (s *Service) RequestEntryWithTokens(usernames []string, bossID int) (*BossR
return room, tokens, nil return room, tokens, nil
} }
// cleanupStaleWaitingForUsers checks if any of the given users are stuck in
// a waiting room whose entry token has already expired or been consumed.
// If the pending token is gone from Redis, the room is abandoned and safe to remove.
// If the token still exists, the room may have active loading players — leave it alone.
func (s *Service) cleanupStaleWaitingForUsers(usernames []string) {
ctx := context.Background()
for _, username := range usernames {
rooms, err := s.repo.FindWaitingRoomsByUsername(username)
if err != nil || len(rooms) == 0 {
continue
}
// pending entry token이 Redis에 남아있으면 정상 로딩 중일 수 있음 → 보존
pendingKey := pendingEntryPrefix + username
exists, _ := s.rdb.Exists(ctx, pendingKey).Result()
if exists > 0 {
continue
}
// 토큰 만료/소비됨 → 방 abandoned 확정, 정리
for _, room := range rooms {
log.Printf("abandoned 대기방 정리 (토큰 만료): session=%s, player=%s", room.SessionName, username)
if err := s.repo.DeleteRoomBySessionName(room.SessionName); err != nil {
log.Printf("대기방 삭제 실패: %v", err)
}
_ = s.repo.ResetRoomSlot(room.SessionName)
}
}
}
// --- Dedicated Server Management --- // --- Dedicated Server Management ---
const staleTimeout = 30 * time.Second const staleTimeout = 30 * time.Second
@@ -493,8 +456,7 @@ func (s *Service) Heartbeat(instanceID string) error {
return s.repo.UpdateHeartbeat(instanceID) return s.repo.UpdateHeartbeat(instanceID)
} }
// CheckStaleSlots resets slots whose instances have gone silent // CheckStaleSlots resets slots whose instances have gone silent.
// and cleans up waiting rooms that have exceeded the timeout.
func (s *Service) CheckStaleSlots() { func (s *Service) CheckStaleSlots() {
threshold := time.Now().Add(-staleTimeout) threshold := time.Now().Add(-staleTimeout)
count, err := s.repo.ResetStaleSlots(threshold) count, err := s.repo.ResetStaleSlots(threshold)
@@ -505,17 +467,6 @@ func (s *Service) CheckStaleSlots() {
if count > 0 { if count > 0 {
log.Printf("스태일 슬롯 %d개 리셋", count) log.Printf("스태일 슬롯 %d개 리셋", count)
} }
// waiting 상태로 너무 오래 머문 방 정리 (로딩 중 강제 종료 등)
waitingThreshold := time.Now().Add(-waitingRoomTimeout)
cleaned, err := s.repo.CleanupStaleWaitingRooms(waitingThreshold)
if err != nil {
log.Printf("스태일 대기방 정리 실패: %v", err)
return
}
if cleaned > 0 {
log.Printf("스태일 대기방 %d개 정리", cleaned)
}
} }
// ResetRoom resets a room slot back to idle and cleans up any lingering BossRoom records. // ResetRoom resets a room slot back to idle and cleans up any lingering BossRoom records.
@@ -546,26 +497,20 @@ func (s *Service) GetServerStatus(serverName string) (*DedicatedServer, []RoomSl
const immediateRetries = 3 const immediateRetries = 3
// grantWithRetry attempts the reward grant up to 3 times with backoff (1s, 2s). // grantWithRetry attempts the reward grant up to 3 times with backoff (1s, 2s).
// Returns the last attempted transaction ID (may be empty) and the error. func (s *Service) grantWithRetry(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
func (s *Service) grantWithRetry(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
delays := []time.Duration{1 * time.Second, 2 * time.Second} delays := []time.Duration{1 * time.Second, 2 * time.Second}
var lastErr error var lastErr error
var lastTxID string
for attempt := 0; attempt < immediateRetries; attempt++ { for attempt := 0; attempt < immediateRetries; attempt++ {
txID, err := s.rewardGrant(username, tokenAmount, assets) lastErr = s.rewardGrant(username, tokenAmount, assets)
if txID != "" { if lastErr == nil {
lastTxID = txID return nil
} }
if err == nil {
return txID, nil
}
lastErr = err
if attempt < len(delays) { if attempt < len(delays) {
log.Printf("보상 지급 재시도 (%d/%d): %s: %v", attempt+1, immediateRetries, username, lastErr) log.Printf("보상 지급 재시도 (%d/%d): %s: %v", attempt+1, immediateRetries, username, lastErr)
time.Sleep(delays[attempt]) time.Sleep(delays[attempt])
} }
} }
return lastTxID, lastErr return lastErr
} }
// grantExpWithRetry attempts the experience grant up to 3 times with backoff (1s, 2s). // grantExpWithRetry attempts the experience grant up to 3 times with backoff (1s, 2s).
@@ -586,7 +531,7 @@ func (s *Service) grantExpWithRetry(username string, exp int) error {
} }
// saveRewardFailure records a failed reward in the DB for background retry. // saveRewardFailure records a failed reward in the DB for background retry.
func (s *Service) saveRewardFailure(sessionName string, r PlayerReward, grantErr error, lastTxID string) { func (s *Service) saveRewardFailure(sessionName string, r PlayerReward, grantErr error) {
assets := "[]" assets := "[]"
if len(r.Assets) > 0 { if len(r.Assets) > 0 {
if data, err := json.Marshal(r.Assets); err == nil { if data, err := json.Marshal(r.Assets); err == nil {
@@ -600,7 +545,6 @@ func (s *Service) saveRewardFailure(sessionName string, r PlayerReward, grantErr
Assets: assets, Assets: assets,
Experience: r.Experience, Experience: r.Experience,
Error: grantErr.Error(), Error: grantErr.Error(),
LastTxID: lastTxID,
} }
if err := s.repo.SaveRewardFailure(rf); err != nil { if err := s.repo.SaveRewardFailure(rf); err != nil {
log.Printf("보상 실패 기록 저장 실패: %s/%s: %v", sessionName, r.Username, err) log.Printf("보상 실패 기록 저장 실패: %s/%s: %v", sessionName, r.Username, err)

16
internal/bossraid/service_test.go
View File

@@ -226,8 +226,8 @@ func TestNewService_NilParams(t *testing.T) {
func TestSetRewardGranter(t *testing.T) { func TestSetRewardGranter(t *testing.T) {
svc := NewService(nil, nil) svc := NewService(nil, nil)
svc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) { svc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
return "", nil return nil
}) })
if svc.rewardGrant == nil { if svc.rewardGrant == nil {
t.Error("rewardGrant should be set after SetRewardGranter") t.Error("rewardGrant should be set after SetRewardGranter")
@@ -281,7 +281,7 @@ func newMockRepo() *mockRepo {
// This lets us test business rules without external dependencies. // This lets us test business rules without external dependencies.
type testableService struct { type testableService struct {
repo *mockRepo repo *mockRepo
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error
} }
func (s *testableService) requestEntry(usernames []string, bossID int) (*BossRoom, error) { func (s *testableService) requestEntry(usernames []string, bossID int) (*BossRoom, error) {
@@ -351,7 +351,7 @@ func (s *testableService) completeRaid(sessionName string, rewards []PlayerRewar
var results []RewardResult var results []RewardResult
if s.rewardGrant != nil { if s.rewardGrant != nil {
for _, r := range rewards { for _, r := range rewards {
_, grantErr := s.rewardGrant(r.Username, r.TokenAmount, r.Assets) grantErr := s.rewardGrant(r.Username, r.TokenAmount, r.Assets)
res := RewardResult{Username: r.Username, Success: grantErr == nil} res := RewardResult{Username: r.Username, Success: grantErr == nil}
if grantErr != nil { if grantErr != nil {
res.Error = grantErr.Error() res.Error = grantErr.Error()
@@ -453,9 +453,9 @@ func TestMock_CompleteRaid_WithRewardGranter(t *testing.T) {
grantCalls := 0 grantCalls := 0
svc := &testableService{ svc := &testableService{
repo: newMockRepo(), repo: newMockRepo(),
rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) { rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
grantCalls++ grantCalls++
return "", nil return nil
}, },
} }
room, _ := svc.requestEntry([]string{"p1"}, 1) room, _ := svc.requestEntry([]string{"p1"}, 1)
@@ -478,8 +478,8 @@ func TestMock_CompleteRaid_WithRewardGranter(t *testing.T) {
func TestMock_CompleteRaid_RewardFailure(t *testing.T) { func TestMock_CompleteRaid_RewardFailure(t *testing.T) {
svc := &testableService{ svc := &testableService{
repo: newMockRepo(), repo: newMockRepo(),
rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) { rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
return "", fmt.Errorf("chain error") return fmt.Errorf("chain error")
}, },
} }
room, _ := svc.requestEntry([]string{"p1"}, 1) room, _ := svc.requestEntry([]string{"p1"}, 1)

24
internal/chain/handler.go
View File

@@ -49,10 +49,6 @@ func validID(s string) bool {
return s != "" && len(s) <= maxIDLength return s != "" && len(s) <= maxIDLength
} }
func validUsername(s string) bool {
return len(s) >= 3 && len(s) <= 50
}
// chainError classifies chain errors into appropriate HTTP responses. // chainError classifies chain errors into appropriate HTTP responses.
// TxError (on-chain execution failure) maps to 422 with the chain's error detail. // TxError (on-chain execution failure) maps to 422 with the chain's error detail.
// Other errors (network, timeout, build failures) remain 500. // Other errors (network, timeout, build failures) remain 500.
@@ -644,8 +640,8 @@ func (h *Handler) InternalGrantReward(c *fiber.Ctx) error {
if err := c.BodyParser(&req); err != nil { if err := c.BodyParser(&req); err != nil {
return apperror.ErrBadRequest return apperror.ErrBadRequest
} }
if !validUsername(req.Username) { if !validID(req.Username) {
return apperror.BadRequest("username은 3~50자여야 합니다") return apperror.BadRequest("username은 필수입니다")
} }
result, err := h.svc.GrantRewardByUsername(req.Username, req.TokenAmount, req.Assets) result, err := h.svc.GrantRewardByUsername(req.Username, req.TokenAmount, req.Assets)
if err != nil { if err != nil {
@@ -676,8 +672,8 @@ func (h *Handler) InternalMintAsset(c *fiber.Ctx) error {
if err := c.BodyParser(&req); err != nil { if err := c.BodyParser(&req); err != nil {
return apperror.ErrBadRequest return apperror.ErrBadRequest
} }
if !validID(req.TemplateID) || !validUsername(req.Username) { if !validID(req.TemplateID) || !validID(req.Username) {
return apperror.BadRequest("templateId와 username은 필수입니다 (username: 3~50자)") return apperror.BadRequest("templateId와 username은 필수입니다")
} }
result, err := h.svc.MintAssetByUsername(req.TemplateID, req.Username, req.Properties) result, err := h.svc.MintAssetByUsername(req.TemplateID, req.Username, req.Properties)
if err != nil { if err != nil {
@@ -699,8 +695,8 @@ func (h *Handler) InternalMintAsset(c *fiber.Ctx) error {
// @Router /api/internal/chain/balance [get] // @Router /api/internal/chain/balance [get]
func (h *Handler) InternalGetBalance(c *fiber.Ctx) error { func (h *Handler) InternalGetBalance(c *fiber.Ctx) error {
username := c.Query("username") username := c.Query("username")
if !validUsername(username) { if !validID(username) {
return apperror.BadRequest("username은 3~50자여야 합니다") return apperror.BadRequest("username은 필수입니다")
} }
result, err := h.svc.GetBalanceByUsername(username) result, err := h.svc.GetBalanceByUsername(username)
if err != nil { if err != nil {
@@ -724,8 +720,8 @@ func (h *Handler) InternalGetBalance(c *fiber.Ctx) error {
// @Router /api/internal/chain/assets [get] // @Router /api/internal/chain/assets [get]
func (h *Handler) InternalGetAssets(c *fiber.Ctx) error { func (h *Handler) InternalGetAssets(c *fiber.Ctx) error {
username := c.Query("username") username := c.Query("username")
if !validUsername(username) { if !validID(username) {
return apperror.BadRequest("username은 3~50자여야 합니다") return apperror.BadRequest("username은 필수입니다")
} }
offset, limit := parsePagination(c) offset, limit := parsePagination(c)
result, err := h.svc.GetAssetsByUsername(username, offset, limit) result, err := h.svc.GetAssetsByUsername(username, offset, limit)
@@ -749,8 +745,8 @@ func (h *Handler) InternalGetAssets(c *fiber.Ctx) error {
// @Router /api/internal/chain/inventory [get] // @Router /api/internal/chain/inventory [get]
func (h *Handler) InternalGetInventory(c *fiber.Ctx) error { func (h *Handler) InternalGetInventory(c *fiber.Ctx) error {
username := c.Query("username") username := c.Query("username")
if !validUsername(username) { if !validID(username) {
return apperror.BadRequest("username은 3~50자여야 합니다") return apperror.BadRequest("username은 필수입니다")
} }
result, err := h.svc.GetInventoryByUsername(username) result, err := h.svc.GetInventoryByUsername(username)
if err != nil { if err != nil {

40
internal/download/service.go
View File

@@ -11,17 +11,13 @@ import (
"path/filepath" "path/filepath"
"regexp" "regexp"
"strings" "strings"
"sync"
) )
const maxLauncherSize = 500 * 1024 * 1024 // 500MB
var versionRe = regexp.MustCompile(`v\d+\.\d+(\.\d+)?`) var versionRe = regexp.MustCompile(`v\d+\.\d+(\.\d+)?`)
type Service struct { type Service struct {
repo *Repository repo *Repository
gameDir string gameDir string
uploadMu sync.Mutex
} }
func NewService(repo *Repository, gameDir string) *Service { func NewService(repo *Repository, gameDir string) *Service {
@@ -41,9 +37,6 @@ func (s *Service) LauncherFilePath() string {
} }
func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error) { func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error) {
s.uploadMu.Lock()
defer s.uploadMu.Unlock()
if err := os.MkdirAll(s.gameDir, 0755); err != nil { if err := os.MkdirAll(s.gameDir, 0755); err != nil {
return nil, fmt.Errorf("디렉토리 생성 실패: %w", err) return nil, fmt.Errorf("디렉토리 생성 실패: %w", err)
} }
@@ -56,7 +49,9 @@ func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error)
return nil, fmt.Errorf("파일 생성 실패: %w", err) return nil, fmt.Errorf("파일 생성 실패: %w", err)
} }
n, err := io.Copy(f, io.LimitReader(body, maxLauncherSize+1)) // NOTE: Partial uploads (client closes cleanly mid-transfer) are saved.
// The hashGameExeFromZip check mitigates this for game uploads but not for launcher uploads.
n, err := io.Copy(f, body)
if closeErr := f.Close(); closeErr != nil && err == nil { if closeErr := f.Close(); closeErr != nil && err == nil {
err = closeErr err = closeErr
} }
@@ -66,16 +61,6 @@ func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error)
} }
return nil, fmt.Errorf("파일 저장 실패: %w", err) return nil, fmt.Errorf("파일 저장 실패: %w", err)
} }
if n > maxLauncherSize {
os.Remove(tmpPath)
return nil, fmt.Errorf("런처 파일이 너무 큽니다 (최대 %dMB)", maxLauncherSize/1024/1024)
}
// PE 헤더 검증 (MZ magic bytes)
if err := validatePEHeader(tmpPath); err != nil {
os.Remove(tmpPath)
return nil, err
}
if err := os.Rename(tmpPath, finalPath); err != nil { if err := os.Rename(tmpPath, finalPath); err != nil {
if removeErr := os.Remove(tmpPath); removeErr != nil { if removeErr := os.Remove(tmpPath); removeErr != nil {
@@ -103,9 +88,6 @@ func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error)
// Upload streams the body directly to disk, then extracts metadata from the zip. // Upload streams the body directly to disk, then extracts metadata from the zip.
func (s *Service) Upload(filename string, body io.Reader, baseURL string) (*Info, error) { func (s *Service) Upload(filename string, body io.Reader, baseURL string) (*Info, error) {
s.uploadMu.Lock()
defer s.uploadMu.Unlock()
if err := os.MkdirAll(s.gameDir, 0755); err != nil { if err := os.MkdirAll(s.gameDir, 0755); err != nil {
return nil, fmt.Errorf("디렉토리 생성 실패: %w", err) return nil, fmt.Errorf("디렉토리 생성 실패: %w", err)
} }
@@ -171,22 +153,6 @@ func (s *Service) Upload(filename string, body io.Reader, baseURL string) (*Info
return info, s.repo.Save(info) return info, s.repo.Save(info)
} }
func validatePEHeader(path string) error {
f, err := os.Open(path)
if err != nil {
return fmt.Errorf("파일 검증 실패: %w", err)
}
defer f.Close()
header := make([]byte, 2)
if _, err := io.ReadFull(f, header); err != nil {
return fmt.Errorf("유효하지 않은 실행 파일입니다")
}
if header[0] != 'M' || header[1] != 'Z' {
return fmt.Errorf("유효하지 않은 실행 파일입니다")
}
return nil
}
func hashFileToHex(path string) string { func hashFileToHex(path string) string {
f, err := os.Open(path) f, err := os.Open(path)
if err != nil { if err != nil {

22
internal/server/server.go
View File

@@ -5,7 +5,6 @@ import (
"time" "time"
"a301_server/pkg/apperror" "a301_server/pkg/apperror"
"a301_server/pkg/config"
"a301_server/pkg/metrics" "a301_server/pkg/metrics"
"a301_server/pkg/middleware" "a301_server/pkg/middleware"
@@ -13,7 +12,6 @@ import (
"github.com/gofiber/fiber/v2/middleware/cors" "github.com/gofiber/fiber/v2/middleware/cors"
"github.com/gofiber/fiber/v2/middleware/limiter" "github.com/gofiber/fiber/v2/middleware/limiter"
"github.com/gofiber/fiber/v2/middleware/logger" "github.com/gofiber/fiber/v2/middleware/logger"
"github.com/gofiber/fiber/v2/middleware/recover"
"github.com/redis/go-redis/v9" "github.com/redis/go-redis/v9"
"gorm.io/gorm" "gorm.io/gorm"
) )
@@ -25,9 +23,6 @@ func New() *fiber.App {
BodyLimit: 4 * 1024 * 1024 * 1024, // 4GB BodyLimit: 4 * 1024 * 1024 * 1024, // 4GB
ErrorHandler: middleware.ErrorHandler, ErrorHandler: middleware.ErrorHandler,
}) })
app.Use(recover.New(recover.Config{
EnableStackTrace: true,
}))
app.Use(middleware.RequestID) app.Use(middleware.RequestID)
app.Use(middleware.Metrics) app.Use(middleware.Metrics)
app.Get("/metrics", metrics.Handler) app.Get("/metrics", metrics.Handler)
@@ -37,7 +32,7 @@ func New() *fiber.App {
})) }))
app.Use(middleware.SecurityHeaders) app.Use(middleware.SecurityHeaders)
app.Use(cors.New(cors.Config{ app.Use(cors.New(cors.Config{
AllowOrigins: config.C.CORSAllowOrigins, AllowOrigins: "https://a301.tolelom.xyz",
AllowHeaders: "Origin, Content-Type, Authorization, Idempotency-Key, X-API-Key, X-Requested-With", AllowHeaders: "Origin, Content-Type, Authorization, Idempotency-Key, X-API-Key, X-Requested-With",
AllowMethods: "GET, POST, PUT, PATCH, DELETE", AllowMethods: "GET, POST, PUT, PATCH, DELETE",
AllowCredentials: true, AllowCredentials: true,
@@ -73,21 +68,6 @@ func APILimiter() fiber.Handler {
}) })
} }
// RefreshLimiter returns a rate limiter for refresh token endpoint (5 req/min per IP).
// Separate from AuthLimiter to avoid NAT collisions while still preventing abuse.
func RefreshLimiter() fiber.Handler {
return limiter.New(limiter.Config{
Max: 5,
Expiration: 1 * time.Minute,
KeyGenerator: func(c *fiber.Ctx) string {
return "refresh:" + c.IP()
},
LimitReached: func(c *fiber.Ctx) error {
return apperror.ErrRateLimited
},
})
}
// ChainUserLimiter returns a rate limiter for chain transactions (20 req/min per user). // ChainUserLimiter returns a rate limiter for chain transactions (20 req/min per user).
func ChainUserLimiter() fiber.Handler { func ChainUserLimiter() fiber.Handler {
return limiter.New(limiter.Config{ return limiter.New(limiter.Config{

27
main.go
View File

@@ -106,12 +106,9 @@ func main() {
brRepo := bossraid.NewRepository(db) brRepo := bossraid.NewRepository(db)
brSvc := bossraid.NewService(brRepo, rdb) brSvc := bossraid.NewService(brRepo, rdb)
brSvc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) { brSvc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
result, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets) _, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets)
if result != nil { return err
return result.TxID, err
}
return "", err
}) })
brSvc.SetExpGranter(func(username string, exp int) error { brSvc.SetExpGranter(func(username string, exp int) error {
return playerSvc.GrantExperienceByUsername(username, exp) return playerSvc.GrantExperienceByUsername(username, exp)
@@ -140,7 +137,7 @@ func main() {
routes.Register(app, authHandler, annHandler, dlHandler, chainHandler, brHandler, playerHandler, routes.Register(app, authHandler, annHandler, dlHandler, chainHandler, brHandler, playerHandler,
server.AuthLimiter(), server.APILimiter(), server.HealthCheck(), server.ReadyCheck(db, rdb), server.AuthLimiter(), server.APILimiter(), server.HealthCheck(), server.ReadyCheck(db, rdb),
server.ChainUserLimiter(), authMw, serverAuthMw, idempotencyReqMw, server.RefreshLimiter()) server.ChainUserLimiter(), authMw, serverAuthMw, idempotencyReqMw)
// ── 백그라운드 워커 ────────────────────────────────────────────── // ── 백그라운드 워커 ──────────────────────────────────────────────
@@ -154,23 +151,13 @@ func main() {
rewardWorker := bossraid.NewRewardWorker( rewardWorker := bossraid.NewRewardWorker(
brRepo, brRepo,
func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) { func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
result, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets) _, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets)
if result != nil { return err
return result.TxID, err
}
return "", err
}, },
func(username string, exp int) error { func(username string, exp int) error {
return playerSvc.GrantExperienceByUsername(username, exp) return playerSvc.GrantExperienceByUsername(username, exp)
}, },
func(txID string) (bool, error) {
result, err := chainClient.GetTxStatus(txID)
if err != nil {
return false, err
}
return result != nil && result.Success, nil
},
) )
rewardWorker.Start() rewardWorker.Start()

26
pkg/config/config.go
View File

@@ -2,7 +2,6 @@ package config
import ( import (
"log" "log"
"net/url"
"os" "os"
"strconv" "strconv"
"strings" "strings"
@@ -36,9 +35,6 @@ type Config struct {
OperatorKeyHex string OperatorKeyHex string
WalletEncryptionKey string WalletEncryptionKey string
// CORS
CORSAllowOrigins string
// Server-to-server auth // Server-to-server auth
InternalAPIKey string InternalAPIKey string
@@ -76,8 +72,6 @@ func Load() {
OperatorKeyHex: getEnv("OPERATOR_KEY_HEX", ""), OperatorKeyHex: getEnv("OPERATOR_KEY_HEX", ""),
WalletEncryptionKey: getEnv("WALLET_ENCRYPTION_KEY", ""), WalletEncryptionKey: getEnv("WALLET_ENCRYPTION_KEY", ""),
CORSAllowOrigins: getEnv("CORS_ALLOW_ORIGINS", "https://a301.tolelom.xyz"),
InternalAPIKey: getEnv("INTERNAL_API_KEY", ""), InternalAPIKey: getEnv("INTERNAL_API_KEY", ""),
SSAFYClientID: getEnv("SSAFY_CLIENT_ID", ""), SSAFYClientID: getEnv("SSAFY_CLIENT_ID", ""),
@@ -89,9 +83,6 @@ func Load() {
if raw := getEnv("CHAIN_NODE_URLS", ""); raw != "" { if raw := getEnv("CHAIN_NODE_URLS", ""); raw != "" {
for _, u := range strings.Split(raw, ",") { for _, u := range strings.Split(raw, ",") {
if u = strings.TrimSpace(u); u != "" { if u = strings.TrimSpace(u); u != "" {
if parsed, err := url.Parse(u); err != nil || parsed.Scheme == "" || parsed.Host == "" {
log.Fatalf("FATAL: invalid CHAIN_NODE_URL: %q (must be http:// or https://)", u)
}
C.ChainNodeURLs = append(C.ChainNodeURLs, u) C.ChainNodeURLs = append(C.ChainNodeURLs, u)
} }
} }
@@ -123,23 +114,8 @@ func WarnInsecureDefaults() {
log.Println("WARNING: WALLET_ENCRYPTION_KEY is empty — blockchain wallet features will fail") log.Println("WARNING: WALLET_ENCRYPTION_KEY is empty — blockchain wallet features will fail")
} }
if isProd {
if C.DBPassword == "" {
log.Println("FATAL: DB_PASSWORD must be set in production")
insecure = true
}
if C.OperatorKeyHex == "" {
log.Println("FATAL: OPERATOR_KEY_HEX must be set in production")
insecure = true
}
if C.InternalAPIKey == "" {
log.Println("FATAL: INTERNAL_API_KEY must be set in production")
insecure = true
}
}
if isProd && insecure { if isProd && insecure {
log.Fatal("FATAL: insecure defaults detected in production — check warnings above") log.Fatal("FATAL: insecure default secrets detected in production — set JWT_SECRET, REFRESH_SECRET, and ADMIN_PASSWORD")
} }
} }

28
pkg/middleware/error_handler.go
View File

@@ -9,41 +9,23 @@ import (
) )
// ErrorHandler is a Fiber error handler that returns structured JSON for AppError. // ErrorHandler is a Fiber error handler that returns structured JSON for AppError.
// Includes requestID in error responses for log correlation.
func ErrorHandler(c *fiber.Ctx, err error) error { func ErrorHandler(c *fiber.Ctx, err error) error {
requestID, _ := c.Locals("requestID").(string)
var appErr *apperror.AppError var appErr *apperror.AppError
if errors.As(err, &appErr) { if errors.As(err, &appErr) {
resp := fiber.Map{ return c.Status(appErr.Status).JSON(appErr)
"error": appErr.Code,
"message": appErr.Message,
}
if requestID != "" {
resp["requestId"] = requestID
}
return c.Status(appErr.Status).JSON(resp)
} }
// Default Fiber error handling // Default Fiber error handling
var fiberErr *fiber.Error var fiberErr *fiber.Error
if errors.As(err, &fiberErr) { if errors.As(err, &fiberErr) {
resp := fiber.Map{ return c.Status(fiberErr.Code).JSON(fiber.Map{
"error": "server_error", "error": "server_error",
"message": fiberErr.Message, "message": fiberErr.Message,
} })
if requestID != "" {
resp["requestId"] = requestID
}
return c.Status(fiberErr.Code).JSON(resp)
} }
resp := fiber.Map{ return c.Status(500).JSON(fiber.Map{
"error": "internal_error", "error": "internal_error",
"message": "서버 오류가 발생했습니다", "message": "서버 오류가 발생했습니다",
} })
if requestID != "" {
resp["requestId"] = requestID
}
return c.Status(500).JSON(resp)
} }

6
pkg/middleware/idempotency.go
View File

@@ -57,9 +57,9 @@ func Idempotency(rdb *redis.Client) fiber.Handler {
// Atomically claim the key using SET NX (only succeeds if key doesn't exist) // Atomically claim the key using SET NX (only succeeds if key doesn't exist)
set, err := rdb.SetNX(ctx, redisKey, "processing", idempotencyTTL).Result() set, err := rdb.SetNX(ctx, redisKey, "processing", idempotencyTTL).Result()
if err != nil { if err != nil {
// Redis error — reject to prevent duplicate transactions // Redis error — let the request through rather than blocking
log.Printf("ERROR: idempotency SetNX failed (key=%s): %v", key, err) log.Printf("WARNING: idempotency SetNX failed (key=%s): %v", key, err)
return apperror.New("internal_error", "서버 오류가 발생했습니다. 잠시 후 다시 시도해주세요", 503) return c.Next()
} }
if !set { if !set {

3
routes/routes.go
View File

@@ -28,7 +28,6 @@ func Register(
authMw fiber.Handler, authMw fiber.Handler,
serverAuthMw fiber.Handler, serverAuthMw fiber.Handler,
idempotencyReqMw fiber.Handler, idempotencyReqMw fiber.Handler,
refreshLimiter fiber.Handler,
) { ) {
// Swagger UI // Swagger UI
app.Get("/swagger/*", swagger.HandlerDefault) app.Get("/swagger/*", swagger.HandlerDefault)
@@ -81,7 +80,7 @@ func Register(
a := api.Group("/auth") a := api.Group("/auth")
a.Post("/register", authLimiter, authH.Register) a.Post("/register", authLimiter, authH.Register)
a.Post("/login", authLimiter, authH.Login) a.Post("/login", authLimiter, authH.Login)
a.Post("/refresh", refreshLimiter, authH.Refresh) a.Post("/refresh", authLimiter, authH.Refresh)
a.Post("/logout", authMw, authH.Logout) a.Post("/logout", authMw, authH.Logout)
// /verify moved to internal API (ServerAuth) — see internal section below // /verify moved to internal API (ServerAuth) — see internal section below
a.Get("/ssafy/login", authH.SSAFYLoginURL) a.Get("/ssafy/login", authH.SSAFYLoginURL)