Fix: 로그인/갱신 응답에 refreshToken body 포함

- Login, SSAFYLogin, Refresh 응답 JSON에 refreshToken 추가
- 기존: 쿠키로만 전송 → Unity 클라이언트가 못 받아서 토큰 갱신 실패
- 수정: body + 쿠키 모두 전송 (웹/게임 클라이언트 호환)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/deploy.yml

@@ -10,48 +10,48 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 코드 체크아웃
-        uses: actions/checkout@v4
+        run: |
+          git config --global --add safe.directory "$(pwd)"
+          git init
+          git remote add origin $GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git
+          git fetch --depth=1 origin $GITHUB_SHA
+          git checkout $GITHUB_SHA
 
       - name: tolchain 의존성 클론
         run: git clone --depth 1 https://github.com/tolelom/tolchain.git ../tolchain
 
       - name: Go 설치
-        uses: actions/setup-go@v5
-        with:
-          go-version: '1.25'
+        run: |
+          curl -fsSL https://go.dev/dl/go1.25.5.linux-arm64.tar.gz -o /tmp/go.tar.gz
+          rm -rf /usr/local/go && tar -C /usr/local -xzf /tmp/go.tar.gz
+          export PATH=$PATH:/usr/local/go/bin
+          go version
 
       - name: go vet 검증
-        run: go vet ./...
+        run: |
+          export PATH=$PATH:/usr/local/go/bin
+          go vet ./...
 
       - name: 테스트 실행
-        run: go test ./... -count=1
+        run: |
+          export PATH=$PATH:/usr/local/go/bin
+          go test ./... -count=1
 
       - name: 빌드 검증
-        run: go build -o /dev/null .
+        run: |
+          export PATH=$PATH:/usr/local/go/bin
+          go build -o /dev/null .
 
   deploy:
     runs-on: ubuntu-latest
     needs: lint-and-build
     steps:
       - name: 서버에 배포
-        uses: appleboy/ssh-action@v1
-        with:
-          host: ${{ secrets.SERVER_HOST }}
-          username: ${{ secrets.SERVER_USER }}
-          key: ${{ secrets.SSH_PRIVATE_KEY }}
-          port: 22
-          script: |
-            set -e
-            export PATH=$PATH:/usr/local/bin:/opt/homebrew/bin:$HOME/.docker/bin
-            cd /tmp
-            rm -rf a301-build
-            mkdir a301-build && cd a301-build
-            # Suppress token from logs
-            set +x
-            git clone --quiet https://tolelom:${{ secrets.GIT_TOKEN }}@git.tolelom.xyz/A301/a301_server.git a301_server 2>/dev/null
-            set -x
-            git clone --quiet https://github.com/tolelom/tolchain.git tolchain
-            docker build --no-cache -t a301-server:latest -f a301_server/Dockerfile .
-            cd ~/server
-            docker compose up -d --no-deps --force-recreate a301-server
-            rm -rf /tmp/a301-build
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/deploy_key
+          chmod 600 ~/.ssh/deploy_key
+          ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key \
+            ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} \
+            'set -e && export PATH=$PATH:/usr/local/bin:/opt/homebrew/bin:$HOME/.docker/bin && cd /tmp && rm -rf a301-build && mkdir a301-build && cd a301-build && git clone --quiet https://tolelom:${{ secrets.GIT_TOKEN }}@git.tolelom.xyz/A301/a301_server.git a301_server && git clone --quiet https://github.com/tolelom/tolchain.git tolchain && docker build --no-cache -t a301-server:latest -f a301_server/Dockerfile . && cd ~/server && docker compose up -d --no-deps --force-recreate a301-server && rm -rf /tmp/a301-build'
+          rm -f ~/.ssh/deploy_key

Dockerfile

@@ -10,9 +10,11 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o server .
 # Stage 2: Run
 FROM alpine:latest
 RUN apk --no-cache add tzdata ca-certificates curl
-RUN mkdir -p /data/game
+RUN addgroup -g 1000 app && adduser -D -u 1000 -G app app
+RUN mkdir -p /data/game && chown app:app /data/game
 WORKDIR /app
-COPY --from=builder /build/a301_server/server .
+COPY --from=builder --chown=app:app /build/a301_server/server .
+USER app
 EXPOSE 8080
 HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
   CMD curl -f http://localhost:8080/health || exit 1

internal/announcement/handler.go

@@ -66,10 +66,10 @@ func (h *Handler) Create(c *fiber.Ctx) error {
 	if err := c.BodyParser(&body); err != nil || body.Title == "" || body.Content == "" {
 		return apperror.BadRequest("제목과 내용을 입력해주세요")
 	}
-	if len(body.Title) > 256 {
+	if len([]rune(body.Title)) > 256 {
 		return apperror.BadRequest("제목은 256자 이하여야 합니다")
 	}
-	if len(body.Content) > 10000 {
+	if len([]rune(body.Content)) > 10000 {
 		return apperror.BadRequest("내용은 10000자 이하여야 합니다")
 	}
 	a, err := h.svc.Create(body.Title, body.Content)
@@ -110,10 +110,10 @@ func (h *Handler) Update(c *fiber.Ctx) error {
 	if body.Title == "" && body.Content == "" {
 		return apperror.BadRequest("수정할 내용을 입력해주세요")
 	}
-	if len(body.Title) > 256 {
+	if len([]rune(body.Title)) > 256 {
 		return apperror.BadRequest("제목은 256자 이하여야 합니다")
 	}
-	if len(body.Content) > 10000 {
+	if len([]rune(body.Content)) > 10000 {
 		return apperror.BadRequest("내용은 10000자 이하여야 합니다")
 	}
 	a, err := h.svc.Update(uint(id), body.Title, body.Content)

internal/auth/handler.go

@@ -1,6 +1,7 @@
 package auth
 
 import (
+	"errors"
 	"log"
 	"regexp"
 	"strconv"
@@ -56,8 +57,8 @@ func (h *Handler) Register(c *fiber.Ctx) error {
 		return apperror.BadRequest("비밀번호는 72자 이하여야 합니다")
 	}
 	if err := h.svc.Register(req.Username, req.Password); err != nil {
-		if strings.Contains(err.Error(), "이미 사용 중") {
-			return apperror.Conflict(err.Error())
+		if errors.Is(err, apperror.ErrDuplicateUsername) {
+			return apperror.Conflict("이미 사용 중인 아이디입니다")
 		}
 		return apperror.Internal("회원가입에 실패했습니다")
 	}
@@ -110,9 +111,10 @@ func (h *Handler) Login(c *fiber.Ctx) error {
 		MaxAge:   7 * 24 * 60 * 60, // 7 days
 	})
 	return c.JSON(fiber.Map{
-		"token":    accessToken,
-		"username": user.Username,
-		"role":     user.Role,
+		"token":        accessToken,
+		"refreshToken": refreshToken,
+		"username":     user.Username,
+		"role":         user.Role,
 	})
 }
 
@@ -158,7 +160,8 @@ func (h *Handler) Refresh(c *fiber.Ctx) error {
 		MaxAge:   7 * 24 * 60 * 60, // 7 days
 	})
 	return c.JSON(fiber.Map{
-		"token": newAccessToken,
+		"token":        newAccessToken,
+		"refreshToken": newRefreshToken,
 	})
 }
 
@@ -249,6 +252,11 @@ func (h *Handler) UpdateRole(c *fiber.Ctx) error {
 		return apperror.BadRequest("role은 admin 또는 user여야 합니다")
 	}
 	uid := uint(id)
+	// 자기 자신의 admin 권한 강등 방지
+	callerID, _ := c.Locals("userID").(uint)
+	if uid == callerID && body.Role != "admin" {
+		return apperror.BadRequest("자신의 관리자 권한을 제거할 수 없습니다")
+	}
 	if err := h.svc.UpdateRole(uid, Role(body.Role)); err != nil {
 		return apperror.Internal("권한 변경에 실패했습니다")
 	}
@@ -342,9 +350,10 @@ func (h *Handler) SSAFYCallback(c *fiber.Ctx) error {
 		MaxAge:   7 * 24 * 60 * 60, // 7 days
 	})
 	return c.JSON(fiber.Map{
-		"token":    accessToken,
-		"username": user.Username,
-		"role":     user.Role,
+		"token":        accessToken,
+		"refreshToken": refreshToken,
+		"username":     user.Username,
+		"role":         user.Role,
 	})
 }
 

internal/auth/service.go

@@ -15,6 +15,7 @@ import (
 
 	"gorm.io/gorm"
 
+	"a301_server/pkg/apperror"
 	"a301_server/pkg/config"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/redis/go-redis/v9"
@@ -263,9 +264,6 @@ func (s *Service) RedeemLaunchTicket(ticket string) (string, error) {
 }
 
 func (s *Service) Register(username, password string) error {
-	if _, err := s.repo.FindByUsername(username); err == nil {
-		return fmt.Errorf("이미 사용 중인 아이디입니다")
-	}
 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
 		return fmt.Errorf("비밀번호 처리에 실패했습니다")
@@ -274,6 +272,9 @@ func (s *Service) Register(username, password string) error {
 	return s.repo.Transaction(func(txRepo *Repository) error {
 		user := &User{Username: username, PasswordHash: string(hash), Role: RoleUser}
 		if err := txRepo.Create(user); err != nil {
+			if apperror.IsDuplicateEntry(err) {
+				return apperror.ErrDuplicateUsername
+			}
 			return err
 		}
 		if s.walletCreator != nil {
@@ -426,9 +427,6 @@ func (s *Service) SSAFYLogin(code, state string) (accessToken, refreshToken stri
 
 		ssafyID := userInfo.UserID
 		// SSAFY ID에서 영문 소문자+숫자만 추출하여 안전한 username 생성
-		// NOTE: Username collision is handled by the DB unique constraint.
-		// If collision occurs, the transaction will rollback and return a generic error.
-		// A retry with random suffix could improve UX but is not critical.
 		safeID := sanitizeForUsername(ssafyID)
 		if safeID == "" {
 			safeID = hex.EncodeToString(randomBytes[:8])
@@ -437,32 +435,47 @@ func (s *Service) SSAFYLogin(code, state string) (accessToken, refreshToken stri
 		if len(username) > 50 {
 			username = username[:50]
 		}
+		// DB unique constraint 충돌 시 랜덤 suffix로 최대 3회 재시도
+		maxRetries := 3
+		baseUsername := username
 
-		err = s.repo.Transaction(func(txRepo *Repository) error {
-			user = &User{
-				Username:     username,
-				PasswordHash: string(hash),
-				Role:         RoleUser,
-				SsafyID:      &ssafyID,
-			}
-			if err := txRepo.Create(user); err != nil {
-				return err
-			}
-
-			if s.walletCreator != nil {
-				if err := s.walletCreator(user.ID); err != nil {
-					return fmt.Errorf("wallet creation failed: %w", err)
+		for attempt := 0; attempt < maxRetries; attempt++ {
+			if attempt > 0 {
+				suffix := hex.EncodeToString(randomBytes[attempt*2 : attempt*2+4])
+				username = baseUsername + "_" + suffix
+				if len(username) > 50 {
+					username = username[:50]
 				}
 			}
-			if s.profileCreator != nil {
-				if err := s.profileCreator(user.ID); err != nil {
-					return fmt.Errorf("profile creation failed: %w", err)
+			err = s.repo.Transaction(func(txRepo *Repository) error {
+				user = &User{
+					Username:     username,
+					PasswordHash: string(hash),
+					Role:         RoleUser,
+					SsafyID:      &ssafyID,
 				}
+				if err := txRepo.Create(user); err != nil {
+					return err
+				}
+
+				if s.walletCreator != nil {
+					if err := s.walletCreator(user.ID); err != nil {
+						return fmt.Errorf("wallet creation failed: %w", err)
+					}
+				}
+				if s.profileCreator != nil {
+					if err := s.profileCreator(user.ID); err != nil {
+						return fmt.Errorf("profile creation failed: %w", err)
+					}
+				}
+				return nil
+			})
+			if err == nil {
+				break
 			}
-			return nil
-		})
+			log.Printf("SSAFY user creation attempt %d failed: %v", attempt+1, err)
+		}
 		if err != nil {
-			log.Printf("SSAFY user creation transaction failed: %v", err)
 			return "", "", nil, fmt.Errorf("계정 생성 실패: %v", err)
 		}
 	}
@@ -523,6 +536,18 @@ func sanitizeForUsername(s string) string {
 // If these fail, the admin user exists without a wallet/profile.
 // This is acceptable because EnsureAdmin runs once at startup and failures
 // are logged as warnings. A restart will skip user creation (already exists).
+// VerifyPassword checks if the password matches the user's stored hash.
+func (s *Service) VerifyPassword(userID uint, password string) error {
+	user, err := s.repo.FindByID(userID)
+	if err != nil {
+		return fmt.Errorf("user not found")
+	}
+	if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil {
+		return fmt.Errorf("invalid password")
+	}
+	return nil
+}
+
 func (s *Service) EnsureAdmin(username, password string) error {
 	if _, err := s.repo.FindByUsername(username); err == nil {
 		return nil

internal/bossraid/handler.go

@@ -2,6 +2,7 @@ package bossraid
 
 import (
 	"log"
+	"strings"
 
 	"a301_server/pkg/apperror"
 
@@ -61,7 +62,11 @@ func (h *Handler) RequestEntry(c *fiber.Ctx) error {
 
 	room, tokens, err := h.svc.RequestEntryWithTokens(req.Usernames, req.BossID)
 	if err != nil {
-		return bossError(fiber.StatusConflict, "보스 레이드 입장에 실패했습니다", err)
+		status := fiber.StatusConflict
+		if strings.Contains(err.Error(), "이용 가능한") {
+			status = fiber.StatusServiceUnavailable
+		}
+		return bossError(status, "보스 레이드 입장에 실패했습니다", err)
 	}
 
 	return c.Status(fiber.StatusCreated).JSON(fiber.Map{
@@ -207,10 +212,18 @@ func (h *Handler) ValidateEntryToken(c *fiber.Ctx) error {
 		return apperror.Unauthorized(err.Error())
 	}
 
+	// 방 정보에서 파티 인원 수 조회
+	expectedPlayers := 0
+	room, roomErr := h.svc.GetRoom(sessionName)
+	if roomErr == nil && room != nil {
+		expectedPlayers = room.MaxPlayers
+	}
+
 	return c.JSON(fiber.Map{
-		"valid":       true,
-		"username":    username,
-		"sessionName": sessionName,
+		"valid":           true,
+		"username":        username,
+		"sessionName":     sessionName,
+		"expectedPlayers": expectedPlayers,
 	})
 }
 

internal/bossraid/model.go

@@ -26,8 +26,9 @@ type BossRoom struct {
 	CreatedAt   time.Time      `json:"createdAt"   gorm:"index"`
 	UpdatedAt   time.Time      `json:"updatedAt"`
 	DeletedAt   gorm.DeletedAt `json:"-"           gorm:"index"`
-	SessionName string         `json:"sessionName" gorm:"type:varchar(100);uniqueIndex;not null"`
-	BossID      int            `json:"bossId"      gorm:"index;not null"`
+	SessionName     string         `json:"sessionName"     gorm:"type:varchar(100);uniqueIndex;not null"`
+	SlotSessionName string         `json:"slotSessionName" gorm:"type:varchar(100);index;not null"`
+	BossID          int            `json:"bossId"          gorm:"index;not null"`
 	Status      RoomStatus     `json:"status"      gorm:"type:varchar(20);index;default:waiting;not null"`
 	MaxPlayers  int            `json:"maxPlayers"  gorm:"default:3;not null"`
 	// Players is stored as a JSON text column for simplicity.
@@ -88,5 +89,6 @@ type RewardFailure struct {
 	Experience  int        `json:"experience"  gorm:"default:0;not null"`
 	Error       string     `json:"error"       gorm:"type:text"`
 	RetryCount  int        `json:"retryCount"  gorm:"default:0;not null"`
+	LastTxID    string     `json:"lastTxId"    gorm:"type:varchar(100)"` // 마지막 시도한 블록체인 트랜잭션 ID (이중 지급 방지용)
 	ResolvedAt  *time.Time `json:"resolvedAt"  gorm:"index"`
 }

internal/bossraid/repository.go

@@ -64,6 +64,17 @@ func (r *Repository) CountActiveByUsername(username string) (int64, error) {
 	return count, err
 }
 
+// FindWaitingRoomsByUsername returns all waiting rooms containing the given username.
+func (r *Repository) FindWaitingRoomsByUsername(username string) ([]BossRoom, error) {
+	escaped := strings.NewReplacer("%", "\\%", "_", "\\_").Replace(username)
+	search := `"` + escaped + `"`
+	var rooms []BossRoom
+	err := r.db.Where("status = ? AND players LIKE ?",
+		StatusWaiting, "%"+search+"%").
+		Find(&rooms).Error
+	return rooms, err
+}
+
 // --- DedicatedServer & RoomSlot ---
 
 // UpsertDedicatedServer creates or updates a server group by name.
@@ -213,6 +224,46 @@ func (r *Repository) DeleteRoomBySessionName(sessionName string) error {
 	return r.db.Unscoped().Where("session_name = ?", sessionName).Delete(&BossRoom{}).Error
 }
 
+// DeleteRoomBySlotSessionName removes BossRoom records matching the original slot session name.
+// Used when dedicated server calls ResetRoom with the slot name (not the unique per-entry name).
+func (r *Repository) DeleteRoomBySlotSessionName(slotSessionName string) error {
+	return r.db.Unscoped().Where("slot_session_name = ?", slotSessionName).Delete(&BossRoom{}).Error
+}
+
+// CleanupStaleWaitingRooms deletes BossRoom records stuck in "waiting" status
+// past the given threshold and resets their associated RoomSlots to idle.
+// This handles cases where players disconnect during loading before the Fusion session starts.
+func (r *Repository) CleanupStaleWaitingRooms(threshold time.Time) (int64, error) {
+	// 1. waiting 상태에서 threshold보다 오래된 방 조회
+	var staleRooms []BossRoom
+	if err := r.db.Where("status = ? AND created_at < ?", StatusWaiting, threshold).
+		Find(&staleRooms).Error; err != nil {
+		return 0, err
+	}
+	if len(staleRooms) == 0 {
+		return 0, nil
+	}
+
+	// 2. 연결된 슬롯을 idle로 리셋
+	staleSessionNames := make([]string, len(staleRooms))
+	for i, room := range staleRooms {
+		staleSessionNames[i] = room.SessionName
+	}
+	r.db.Model(&RoomSlot{}).
+		Where("session_name IN ? AND status = ?", staleSessionNames, SlotWaiting).
+		Updates(map[string]interface{}{
+			"status":       SlotIdle,
+			"boss_room_id": nil,
+		})
+
+	// 3. BossRoom 레코드 하드 삭제
+	result := r.db.Unscoped().
+		Where("status = ? AND created_at < ?", StatusWaiting, threshold).
+		Delete(&BossRoom{})
+
+	return result.RowsAffected, result.Error
+}
+
 // ResetStaleSlots clears instanceID for slots with stale heartbeats
 // and resets any active raids on those slots.
 func (r *Repository) ResetStaleSlots(threshold time.Time) (int64, error) {
@@ -329,3 +380,10 @@ func (r *Repository) IncrementRetryCount(id uint, errMsg string) error {
 			"error":       errMsg,
 		}).Error
 }
+
+// UpdateLastTxID saves the last attempted blockchain transaction ID for idempotency checking.
+func (r *Repository) UpdateLastTxID(id uint, txID string) error {
+	return r.db.Model(&RewardFailure{}).
+		Where("id = ?", id).
+		Update("last_tx_id", txID).Error
+}

internal/bossraid/reward_worker.go

@@ -11,8 +11,9 @@ import (
 // RewardWorker periodically retries failed reward grants.
 type RewardWorker struct {
 	repo        *Repository
-	rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error
+	rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error)
 	expGrant    func(username string, exp int) error
+	txCheck     func(txID string) (confirmed bool, err error) // 이중 지급 방지: tx 상태 확인
 	interval    time.Duration
 	stopCh      chan struct{}
 }
@@ -20,13 +21,15 @@ type RewardWorker struct {
 // NewRewardWorker creates a new RewardWorker. Default interval is 1 minute.
 func NewRewardWorker(
 	repo *Repository,
-	rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error,
+	rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error),
 	expGrant func(username string, exp int) error,
+	txCheck func(txID string) (confirmed bool, err error),
 ) *RewardWorker {
 	return &RewardWorker{
 		repo:        repo,
 		rewardGrant: rewardGrant,
 		expGrant:    expGrant,
+		txCheck:     txCheck,
 		interval:    1 * time.Minute,
 		stopCh:      make(chan struct{}),
 	}
@@ -71,6 +74,21 @@ func (w *RewardWorker) retryOne(rf RewardFailure) {
 
 	// 블록체인 보상 재시도 (토큰 또는 에셋이 있는 경우)
 	if (rf.TokenAmount > 0 || rf.Assets != "[]") && w.rewardGrant != nil {
+		// 이중 지급 방지: 마지막 tx가 이미 성공했는지 확인
+		if rf.LastTxID != "" && w.txCheck != nil {
+			confirmed, checkErr := w.txCheck(rf.LastTxID)
+			if checkErr != nil {
+				log.Printf("보상 재시도 tx 상태 확인 실패: ID=%d, txID=%s: %v", rf.ID, rf.LastTxID, checkErr)
+				// 상태 확인 실패 시 안전하게 재시도 건너뜀 (다음 주기에 다시 확인)
+				return
+			}
+			if confirmed {
+				log.Printf("보상 재시도 건너뜀 (이전 tx 이미 성공): ID=%d, txID=%s, %s", rf.ID, rf.LastTxID, rf.Username)
+				// 블록체인 보상은 이미 지급됨 → 경험치만 확인
+				goto expRetry
+			}
+		}
+
 		var assets []core.MintAssetPayload
 		if rf.Assets != "" && rf.Assets != "[]" {
 			if err := json.Unmarshal([]byte(rf.Assets), &assets); err != nil {
@@ -82,9 +100,18 @@ func (w *RewardWorker) retryOne(rf RewardFailure) {
 				return
 			}
 		}
-		retryErr = w.rewardGrant(rf.Username, rf.TokenAmount, assets)
+		txID, grantErr := w.rewardGrant(rf.Username, rf.TokenAmount, assets)
+		retryErr = grantErr
+
+		// 시도한 txID 저장 (다음 재시도 시 이중 지급 방지용)
+		if txID != "" {
+			if err := w.repo.UpdateLastTxID(rf.ID, txID); err != nil {
+				log.Printf("보상 재시도 txID 저장 실패: ID=%d: %v", rf.ID, err)
+			}
+		}
 	}
 
+expRetry:
 	// 경험치 재시도 (블록체인 보상이 없거나 성공한 경우)
 	if retryErr == nil && rf.Experience > 0 && w.expGrant != nil {
 		retryErr = w.expGrant(rf.Username, rf.Experience)
@@ -105,7 +132,8 @@ func (w *RewardWorker) retryOne(rf RewardFailure) {
 	}
 	newCount := rf.RetryCount + 1
 	if newCount >= 10 {
-		log.Printf("보상 재시도 포기 (최대 횟수 초과): ID=%d, %s", rf.ID, rf.Username)
+		log.Printf("CRITICAL: 보상 재시도 포기 (최대 횟수 초과) — 수동 복구 필요: ID=%d, session=%s, user=%s, token=%d, exp=%d",
+			rf.ID, rf.SessionName, rf.Username, rf.TokenAmount, rf.Experience)
 	} else {
 		log.Printf("보상 재시도 실패 (%d/10): ID=%d, %s: %v", newCount, rf.ID, rf.Username, retryErr)
 	}

internal/bossraid/service.go

@@ -22,6 +22,9 @@ const (
 	entryTokenPrefix = "bossraid:entry:"
 	// pendingEntryPrefix is the Redis key prefix for username → {sessionName, entryToken}.
 	pendingEntryPrefix = "bossraid:pending:"
+	// waitingRoomTimeout is the maximum time a room can stay in "waiting" status
+	// before being considered stale and cleaned up. Covers loading + Fusion connection + retries.
+	waitingRoomTimeout = 2 * time.Minute
 )
 
 // entryTokenData is stored in Redis for each entry token.
@@ -33,7 +36,7 @@ type entryTokenData struct {
 type Service struct {
 	repo        *Repository
 	rdb         *redis.Client
-	rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error
+	rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error)
 	expGrant    func(username string, exp int) error
 }
 
@@ -42,7 +45,8 @@ func NewService(repo *Repository, rdb *redis.Client) *Service {
 }
 
 // SetRewardGranter sets the callback for granting rewards via blockchain.
-func (s *Service) SetRewardGranter(fn func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error) {
+// The callback returns the blockchain transaction ID and an error.
+func (s *Service) SetRewardGranter(fn func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error)) {
 	s.rewardGrant = fn
 }
 
@@ -55,8 +59,10 @@ func (s *Service) SetExpGranter(fn func(username string, exp int) error) {
 // Allocates an idle room slot from a registered dedicated server.
 // Returns the room with assigned session name.
 func (s *Service) RequestEntry(usernames []string, bossID int) (*BossRoom, error) {
-	// 좀비 슬롯 정리 — idle 슬롯 검색 전에 stale 인스턴스를 리셋
+	// 좀비 슬롯 정리 — idle 슬롯 검색 전에 stale 인스턴스와 대기방을 리셋
 	s.CheckStaleSlots()
+	// 입장 요청 플레이어들의 stale waiting room 선제 정리
+	s.cleanupStaleWaitingForUsers(usernames)
 
 	if len(usernames) == 0 {
 		return nil, fmt.Errorf("플레이어 목록이 비어있습니다")
@@ -100,12 +106,17 @@ func (s *Service) RequestEntry(usernames []string, bossID int) (*BossRoom, error
 			}
 		}
 
+		// 세션명에 타임스탬프를 붙여 매 입장마다 고유하게 만듦
+		// (이전 Fusion 세션이 아직 살아있어도 충돌하지 않음)
+		uniqueSession := fmt.Sprintf("%s_%d", slot.SessionName, time.Now().UnixNano())
+
 		room = &BossRoom{
-			SessionName: slot.SessionName,
-			BossID:      bossID,
-			Status:      StatusWaiting,
-			MaxPlayers:  defaultMaxPlayers,
-			Players:     string(playersJSON),
+			SessionName:     uniqueSession,
+			SlotSessionName: slot.SessionName, // 슬롯 리셋용 원래 이름 보존
+			BossID:          bossID,
+			Status:          StatusWaiting,
+			MaxPlayers:      len(usernames),
+			Players:         string(playersJSON),
 		}
 		if err := txRepo.Create(room); err != nil {
 			return fmt.Errorf("방 생성 실패: %w", err)
@@ -215,49 +226,54 @@ func (s *Service) CompleteRaid(sessionName string, rewards []PlayerReward) (*Bos
 	hasRewardFailure := false
 	if s.rewardGrant != nil {
 		for _, r := range rewards {
-			grantErr := s.grantWithRetry(r.Username, r.TokenAmount, r.Assets)
+			// 1회만 시도 — 실패 시 즉시 RewardFailure에 저장하여 백그라운드 워커가 재시도
+			txID, grantErr := s.rewardGrant(r.Username, r.TokenAmount, r.Assets)
 			result := RewardResult{Username: r.Username, Success: grantErr == nil}
 			if grantErr != nil {
 				result.Error = grantErr.Error()
-				log.Printf("보상 지급 실패 (재시도 소진): %s: %v", r.Username, grantErr)
+				log.Printf("보상 지급 실패: %s: %v (백그라운드 재시도 예정)", r.Username, grantErr)
 				hasRewardFailure = true
-				// 실패한 보상을 DB에 기록하여 백그라운드 재시도 가능하게 함
-				s.saveRewardFailure(sessionName, r, grantErr)
+				s.saveRewardFailure(sessionName, r, grantErr, txID)
 			}
 			resultRewards = append(resultRewards, result)
 		}
 	}
 
-	// 보상 실패가 있으면 상태를 reward_failed로 업데이트 (completed → reward_failed)
-	if hasRewardFailure {
-		if err := s.repo.TransitionRoomStatus(sessionName, StatusCompleted, StatusRewardFailed, nil); err != nil {
-			log.Printf("보상 실패 상태 업데이트 실패: %s: %v", sessionName, err)
-		}
-	}
-
-	// Grant experience to players (with retry)
+	// Grant experience to players (1회 시도, 실패 시 백그라운드 재시도)
 	if s.expGrant != nil {
 		for _, r := range rewards {
 			if r.Experience > 0 {
-				expErr := s.grantExpWithRetry(r.Username, r.Experience)
+				expErr := s.expGrant(r.Username, r.Experience)
 				if expErr != nil {
-					log.Printf("경험치 지급 실패 (재시도 소진): %s: %v", r.Username, expErr)
-					// 경험치 실패도 RewardFailure에 기록 (토큰/에셋 없이 경험치만)
+					log.Printf("경험치 지급 실패: %s: %v (백그라운드 재시도 예정)", r.Username, expErr)
+					hasRewardFailure = true
 					s.saveRewardFailure(sessionName, PlayerReward{
 						Username:   r.Username,
 						Experience: r.Experience,
-					}, expErr)
+					}, expErr, "")
 				}
 			}
 		}
 	}
 
+	// 보상 실패(블록체인 또는 경험치)가 있으면 상태를 reward_failed로 업데이트
+	if hasRewardFailure {
+		if err := s.repo.TransitionRoomStatus(sessionName, StatusCompleted, StatusRewardFailed, nil); err != nil {
+			log.Printf("보상 실패 상태 업데이트 실패: %s: %v", sessionName, err)
+		}
+	}
+
 	// BossRoom 삭제 후 슬롯 리셋 — 다음 파티가 즉시 슬롯 재사용 가능
 	if err := s.repo.DeleteRoomBySessionName(sessionName); err != nil {
 		log.Printf("BossRoom 삭제 실패 (complete): %s: %v", sessionName, err)
 	}
-	if err := s.repo.ResetRoomSlot(sessionName); err != nil {
-		log.Printf("슬롯 리셋 실패 (complete): %s: %v", sessionName, err)
+	// SlotSessionName으로 슬롯 리셋 (고유 세션명이 아닌 원래 슬롯명)
+	slotName := resultRoom.SlotSessionName
+	if slotName == "" {
+		slotName = sessionName // 하위 호환
+	}
+	if err := s.repo.ResetRoomSlot(slotName); err != nil {
+		log.Printf("슬롯 리셋 실패 (complete): %s: %v", slotName, err)
 	}
 
 	return resultRoom, resultRewards, nil
@@ -289,8 +305,12 @@ func (s *Service) FailRaid(sessionName string) (*BossRoom, error) {
 	if err := s.repo.DeleteRoomBySessionName(sessionName); err != nil {
 		log.Printf("BossRoom 삭제 실패 (fail): %s: %v", sessionName, err)
 	}
-	if err := s.repo.ResetRoomSlot(sessionName); err != nil {
-		log.Printf("슬롯 리셋 실패 (fail): %s: %v", sessionName, err)
+	slotName := room.SlotSessionName
+	if slotName == "" {
+		slotName = sessionName
+	}
+	if err := s.repo.ResetRoomSlot(slotName); err != nil {
+		log.Printf("슬롯 리셋 실패 (fail): %s: %v", slotName, err)
 	}
 
 	return room, nil
@@ -400,12 +420,58 @@ func (s *Service) RequestEntryWithTokens(usernames []string, bossID int) (*BossR
 
 	tokens, err := s.GenerateEntryTokens(room.SessionName, usernames)
 	if err != nil {
+		// 토큰 생성 실패 시 방/슬롯 롤백
+		log.Printf("입장 토큰 생성 실패, 방/슬롯 롤백: session=%s: %v", room.SessionName, err)
+		if delErr := s.repo.DeleteRoomBySessionName(room.SessionName); delErr != nil {
+			log.Printf("롤백 중 방 삭제 실패: %v", delErr)
+		}
+		rollbackSlot := room.SlotSessionName
+		if rollbackSlot == "" {
+			rollbackSlot = room.SessionName
+		}
+		if resetErr := s.repo.ResetRoomSlot(rollbackSlot); resetErr != nil {
+			log.Printf("롤백 중 슬롯 리셋 실패: %v", resetErr)
+		}
 		return nil, nil, fmt.Errorf("입장 토큰 생성 실패: %w", err)
 	}
 
 	return room, tokens, nil
 }
 
+// cleanupStaleWaitingForUsers checks if any of the given users are stuck in
+// a waiting room whose entry token has already expired or been consumed.
+// If the pending token is gone from Redis, the room is abandoned and safe to remove.
+// If the token still exists, the room may have active loading players — leave it alone.
+func (s *Service) cleanupStaleWaitingForUsers(usernames []string) {
+	ctx := context.Background()
+	for _, username := range usernames {
+		rooms, err := s.repo.FindWaitingRoomsByUsername(username)
+		if err != nil || len(rooms) == 0 {
+			continue
+		}
+
+		// pending entry token이 Redis에 남아있으면 정상 로딩 중일 수 있음 → 보존
+		pendingKey := pendingEntryPrefix + username
+		exists, _ := s.rdb.Exists(ctx, pendingKey).Result()
+		if exists > 0 {
+			continue
+		}
+
+		// 토큰 만료/소비됨 → 방 abandoned 확정, 정리
+		for _, room := range rooms {
+			log.Printf("abandoned 대기방 정리 (토큰 만료): session=%s, player=%s", room.SessionName, username)
+			if err := s.repo.DeleteRoomBySessionName(room.SessionName); err != nil {
+				log.Printf("대기방 삭제 실패: %v", err)
+			}
+			cleanupSlot := room.SlotSessionName
+			if cleanupSlot == "" {
+				cleanupSlot = room.SessionName
+			}
+			_ = s.repo.ResetRoomSlot(cleanupSlot)
+		}
+	}
+}
+
 // --- Dedicated Server Management ---
 
 const staleTimeout = 30 * time.Second
@@ -456,7 +522,8 @@ func (s *Service) Heartbeat(instanceID string) error {
 	return s.repo.UpdateHeartbeat(instanceID)
 }
 
-// CheckStaleSlots resets slots whose instances have gone silent.
+// CheckStaleSlots resets slots whose instances have gone silent
+// and cleans up waiting rooms that have exceeded the timeout.
 func (s *Service) CheckStaleSlots() {
 	threshold := time.Now().Add(-staleTimeout)
 	count, err := s.repo.ResetStaleSlots(threshold)
@@ -467,14 +534,30 @@ func (s *Service) CheckStaleSlots() {
 	if count > 0 {
 		log.Printf("스태일 슬롯 %d개 리셋", count)
 	}
+
+	// waiting 상태로 너무 오래 머문 방 정리 (로딩 중 강제 종료 등)
+	waitingThreshold := time.Now().Add(-waitingRoomTimeout)
+	cleaned, err := s.repo.CleanupStaleWaitingRooms(waitingThreshold)
+	if err != nil {
+		log.Printf("스태일 대기방 정리 실패: %v", err)
+		return
+	}
+	if cleaned > 0 {
+		log.Printf("스태일 대기방 %d개 정리", cleaned)
+	}
 }
 
 // ResetRoom resets a room slot back to idle and cleans up any lingering BossRoom records.
 // Called by the dedicated server after a raid ends and the runner is recycled.
+// sessionName here is the slot's original session name (not the unique per-entry name).
 func (s *Service) ResetRoom(sessionName string) error {
-	// 완료/실패되지 않은 BossRoom 레코드 정리 (waiting/in_progress 상태)
+	// 고유 세션명 BossRoom도 정리 (slot_session_name으로 검색)
+	if err := s.repo.DeleteRoomBySlotSessionName(sessionName); err != nil {
+		log.Printf("BossRoom 레코드 정리 실패 (by slot): %s: %v", sessionName, err)
+	}
+	// 하위 호환: 원래 세션명으로도 시도
 	if err := s.repo.DeleteRoomBySessionName(sessionName); err != nil {
-		log.Printf("BossRoom 레코드 정리 실패: %s: %v", sessionName, err)
+		// 이미 삭제되었을 수 있으므로 무시
 	}
 	return s.repo.ResetRoomSlot(sessionName)
 }
@@ -492,46 +575,10 @@ func (s *Service) GetServerStatus(serverName string) (*DedicatedServer, []RoomSl
 	return server, slots, nil
 }
 
-// --- Reward retry helpers ---
-
-const immediateRetries = 3
-
-// grantWithRetry attempts the reward grant up to 3 times with backoff (1s, 2s).
-func (s *Service) grantWithRetry(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
-	delays := []time.Duration{1 * time.Second, 2 * time.Second}
-	var lastErr error
-	for attempt := 0; attempt < immediateRetries; attempt++ {
-		lastErr = s.rewardGrant(username, tokenAmount, assets)
-		if lastErr == nil {
-			return nil
-		}
-		if attempt < len(delays) {
-			log.Printf("보상 지급 재시도 (%d/%d): %s: %v", attempt+1, immediateRetries, username, lastErr)
-			time.Sleep(delays[attempt])
-		}
-	}
-	return lastErr
-}
-
-// grantExpWithRetry attempts the experience grant up to 3 times with backoff (1s, 2s).
-func (s *Service) grantExpWithRetry(username string, exp int) error {
-	delays := []time.Duration{1 * time.Second, 2 * time.Second}
-	var lastErr error
-	for attempt := 0; attempt < immediateRetries; attempt++ {
-		lastErr = s.expGrant(username, exp)
-		if lastErr == nil {
-			return nil
-		}
-		if attempt < len(delays) {
-			log.Printf("경험치 지급 재시도 (%d/%d): %s: %v", attempt+1, immediateRetries, username, lastErr)
-			time.Sleep(delays[attempt])
-		}
-	}
-	return lastErr
-}
+// --- Reward helpers ---
 
 // saveRewardFailure records a failed reward in the DB for background retry.
-func (s *Service) saveRewardFailure(sessionName string, r PlayerReward, grantErr error) {
+func (s *Service) saveRewardFailure(sessionName string, r PlayerReward, grantErr error, lastTxID string) {
 	assets := "[]"
 	if len(r.Assets) > 0 {
 		if data, err := json.Marshal(r.Assets); err == nil {
@@ -545,6 +592,7 @@ func (s *Service) saveRewardFailure(sessionName string, r PlayerReward, grantErr
 		Assets:      assets,
 		Experience:  r.Experience,
 		Error:       grantErr.Error(),
+		LastTxID:    lastTxID,
 	}
 	if err := s.repo.SaveRewardFailure(rf); err != nil {
 		log.Printf("보상 실패 기록 저장 실패: %s/%s: %v", sessionName, r.Username, err)

internal/bossraid/service_test.go

@@ -226,8 +226,8 @@ func TestNewService_NilParams(t *testing.T) {
 
 func TestSetRewardGranter(t *testing.T) {
 	svc := NewService(nil, nil)
-	svc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
-		return nil
+	svc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
+		return "", nil
 	})
 	if svc.rewardGrant == nil {
 		t.Error("rewardGrant should be set after SetRewardGranter")
@@ -281,7 +281,7 @@ func newMockRepo() *mockRepo {
 // This lets us test business rules without external dependencies.
 type testableService struct {
 	repo        *mockRepo
-	rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error
+	rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error)
 }
 
 func (s *testableService) requestEntry(usernames []string, bossID int) (*BossRoom, error) {
@@ -351,7 +351,7 @@ func (s *testableService) completeRaid(sessionName string, rewards []PlayerRewar
 	var results []RewardResult
 	if s.rewardGrant != nil {
 		for _, r := range rewards {
-			grantErr := s.rewardGrant(r.Username, r.TokenAmount, r.Assets)
+			_, grantErr := s.rewardGrant(r.Username, r.TokenAmount, r.Assets)
 			res := RewardResult{Username: r.Username, Success: grantErr == nil}
 			if grantErr != nil {
 				res.Error = grantErr.Error()
@@ -453,9 +453,9 @@ func TestMock_CompleteRaid_WithRewardGranter(t *testing.T) {
 	grantCalls := 0
 	svc := &testableService{
 		repo: newMockRepo(),
-		rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
+		rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
 			grantCalls++
-			return nil
+			return "", nil
 		},
 	}
 	room, _ := svc.requestEntry([]string{"p1"}, 1)
@@ -478,8 +478,8 @@ func TestMock_CompleteRaid_WithRewardGranter(t *testing.T) {
 func TestMock_CompleteRaid_RewardFailure(t *testing.T) {
 	svc := &testableService{
 		repo: newMockRepo(),
-		rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
-			return fmt.Errorf("chain error")
+		rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
+			return "", fmt.Errorf("chain error")
 		},
 	}
 	room, _ := svc.requestEntry([]string{"p1"}, 1)

internal/chain/handler.go

@@ -3,6 +3,7 @@ package chain
 import (
 	"errors"
 	"log"
+	"log/slog"
 	"strconv"
 	"strings"
 
@@ -10,6 +11,7 @@ import (
 
 	"github.com/gofiber/fiber/v2"
 	"github.com/tolelom/tolchain/core"
+	"gorm.io/gorm"
 )
 
 const maxLimit = 200
@@ -49,6 +51,10 @@ func validID(s string) bool {
 	return s != "" && len(s) <= maxIDLength
 }
 
+func validUsername(s string) bool {
+	return len(s) >= 3 && len(s) <= 50
+}
+
 // chainError classifies chain errors into appropriate HTTP responses.
 // TxError (on-chain execution failure) maps to 422 with the chain's error detail.
 // Other errors (network, timeout, build failures) remain 500.
@@ -111,7 +117,10 @@ func (h *Handler) GetWalletInfo(c *fiber.Ctx) error {
 	}
 	w, err := h.svc.GetWallet(userID)
 	if err != nil {
-		return apperror.NotFound("지갑을 찾을 수 없습니다")
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return apperror.NotFound("지갑을 찾을 수 없습니다")
+		}
+		return apperror.Internal("지갑 조회에 실패했습니다")
 	}
 	return c.JSON(fiber.Map{
 		"address":   w.Address,
@@ -574,6 +583,9 @@ func (h *Handler) GrantReward(c *fiber.Ctx) error {
 	if !validID(req.RecipientPubKey) {
 		return apperror.BadRequest("recipientPubKey는 필수입니다")
 	}
+	if req.TokenAmount == 0 && len(req.Assets) == 0 {
+		return apperror.BadRequest("tokenAmount 또는 assets가 필요합니다")
+	}
 	result, err := h.svc.GrantReward(req.RecipientPubKey, req.TokenAmount, req.Assets)
 	if err != nil {
 		return chainError("보상 지급에 실패했습니다", err)
@@ -616,6 +628,39 @@ func (h *Handler) RegisterTemplate(c *fiber.Ctx) error {
 	return c.Status(fiber.StatusCreated).JSON(result)
 }
 
+// ExportWallet godoc
+// @Summary      개인키 내보내기
+// @Description  비밀번호 확인 후 현재 유저의 지갑 개인키를 반환합니다
+// @Tags         Chain
+// @Accept       json
+// @Produce      json
+// @Security     BearerAuth
+// @Param        body  body  exportRequest  true  "비밀번호"
+// @Success      200  {object}  map[string]string
+// @Failure      400  {object}  docs.ErrorResponse
+// @Failure      401  {object}  docs.ErrorResponse
+// @Router       /api/chain/wallet/export [post]
+type exportRequest struct {
+	Password string `json:"password"`
+}
+
+func (h *Handler) ExportWallet(c *fiber.Ctx) error {
+	userID, err := getUserID(c)
+	if err != nil {
+		return err
+	}
+	var req exportRequest
+	if err := c.BodyParser(&req); err != nil || req.Password == "" {
+		return apperror.BadRequest("password는 필수입니다")
+	}
+	slog.Warn("wallet export requested", "userID", userID, "ip", c.IP())
+	privKeyHex, err := h.svc.ExportPrivKey(userID, req.Password)
+	if err != nil {
+		return apperror.Unauthorized("비밀번호가 올바르지 않습니다")
+	}
+	return c.JSON(fiber.Map{"privateKey": privKeyHex})
+}
+
 // ---- Internal Handlers (game server, username-based) ----
 
 // InternalGrantReward godoc
@@ -640,8 +685,8 @@ func (h *Handler) InternalGrantReward(c *fiber.Ctx) error {
 	if err := c.BodyParser(&req); err != nil {
 		return apperror.ErrBadRequest
 	}
-	if !validID(req.Username) {
-		return apperror.BadRequest("username은 필수입니다")
+	if !validUsername(req.Username) {
+		return apperror.BadRequest("username은 3~50자여야 합니다")
 	}
 	result, err := h.svc.GrantRewardByUsername(req.Username, req.TokenAmount, req.Assets)
 	if err != nil {
@@ -672,8 +717,8 @@ func (h *Handler) InternalMintAsset(c *fiber.Ctx) error {
 	if err := c.BodyParser(&req); err != nil {
 		return apperror.ErrBadRequest
 	}
-	if !validID(req.TemplateID) || !validID(req.Username) {
-		return apperror.BadRequest("templateId와 username은 필수입니다")
+	if !validID(req.TemplateID) || !validUsername(req.Username) {
+		return apperror.BadRequest("templateId와 username은 필수입니다 (username: 3~50자)")
 	}
 	result, err := h.svc.MintAssetByUsername(req.TemplateID, req.Username, req.Properties)
 	if err != nil {
@@ -695,8 +740,8 @@ func (h *Handler) InternalMintAsset(c *fiber.Ctx) error {
 // @Router       /api/internal/chain/balance [get]
 func (h *Handler) InternalGetBalance(c *fiber.Ctx) error {
 	username := c.Query("username")
-	if !validID(username) {
-		return apperror.BadRequest("username은 필수입니다")
+	if !validUsername(username) {
+		return apperror.BadRequest("username은 3~50자여야 합니다")
 	}
 	result, err := h.svc.GetBalanceByUsername(username)
 	if err != nil {
@@ -720,8 +765,8 @@ func (h *Handler) InternalGetBalance(c *fiber.Ctx) error {
 // @Router       /api/internal/chain/assets [get]
 func (h *Handler) InternalGetAssets(c *fiber.Ctx) error {
 	username := c.Query("username")
-	if !validID(username) {
-		return apperror.BadRequest("username은 필수입니다")
+	if !validUsername(username) {
+		return apperror.BadRequest("username은 3~50자여야 합니다")
 	}
 	offset, limit := parsePagination(c)
 	result, err := h.svc.GetAssetsByUsername(username, offset, limit)
@@ -745,8 +790,8 @@ func (h *Handler) InternalGetAssets(c *fiber.Ctx) error {
 // @Router       /api/internal/chain/inventory [get]
 func (h *Handler) InternalGetInventory(c *fiber.Ctx) error {
 	username := c.Query("username")
-	if !validID(username) {
-		return apperror.BadRequest("username은 필수입니다")
+	if !validUsername(username) {
+		return apperror.BadRequest("username은 3~50자여야 합니다")
 	}
 	result, err := h.svc.GetInventoryByUsername(username)
 	if err != nil {

internal/chain/model.go

@@ -17,4 +17,6 @@ type UserWallet struct {
 	Address          string         `json:"address"   gorm:"type:varchar(40);uniqueIndex;not null"`
 	EncryptedPrivKey string         `json:"-"         gorm:"type:varchar(512);not null"`
 	EncNonce         string         `json:"-"         gorm:"type:varchar(48);not null"`
+	KeyVersion       int            `json:"-"         gorm:"type:tinyint;default:1;not null"`
+	HKDFSalt         string         `json:"-"         gorm:"type:varchar(32)"` // 16 bytes hex, nullable for v1
 }

internal/chain/repository.go

@@ -29,3 +29,22 @@ func (r *Repository) FindByPubKeyHex(pubKeyHex string) (*UserWallet, error) {
 	}
 	return &w, nil
 }
+
+// FindAllByKeyVersion returns all wallets with the given key version.
+func (r *Repository) FindAllByKeyVersion(version int) ([]UserWallet, error) {
+	var wallets []UserWallet
+	if err := r.db.Where("key_version = ?", version).Find(&wallets).Error; err != nil {
+		return nil, err
+	}
+	return wallets, nil
+}
+
+// UpdateEncryption updates the encryption fields of a wallet.
+func (r *Repository) UpdateEncryption(id uint, encPrivKey, encNonce, hkdfSalt string, keyVersion int) error {
+	return r.db.Model(&UserWallet{}).Where("id = ?", id).Updates(map[string]any{
+		"encrypted_priv_key": encPrivKey,
+		"enc_nonce":          encNonce,
+		"hkdf_salt":          hkdfSalt,
+		"key_version":        keyVersion,
+	}).Error
+}

internal/chain/service.go

@@ -4,28 +4,34 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
+	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
+	"strconv"
 	"sync"
 	"time"
 
+	"a301_server/pkg/apperror"
+
 	"github.com/tolelom/tolchain/core"
 	tocrypto "github.com/tolelom/tolchain/crypto"
 	"github.com/tolelom/tolchain/wallet"
+	"golang.org/x/crypto/hkdf"
 )
 
 type Service struct {
-	repo           *Repository
-	client         *Client
-	chainID        string
-	operatorWallet *wallet.Wallet
-	encKeyBytes    []byte // 32-byte AES-256 key
-	userResolver   func(username string) (uint, error)
-	operatorMu     sync.Mutex // serialises operator-nonce transactions
-	userMu         sync.Map   // per-user mutex (keyed by userID uint)
+	repo             *Repository
+	client           *Client
+	chainID          string
+	operatorWallet   *wallet.Wallet
+	encKeyBytes      []byte // 32-byte AES-256 key
+	userResolver     func(username string) (uint, error)
+	passwordVerifier func(userID uint, password string) error
+	operatorMu       sync.Mutex // serialises operator-nonce transactions
+	userMu           sync.Map   // per-user mutex (keyed by userID uint)
 }
 
 // SetUserResolver sets the callback that resolves username → userID.
@@ -33,6 +39,24 @@ func (s *Service) SetUserResolver(fn func(username string) (uint, error)) {
 	s.userResolver = fn
 }
 
+func (s *Service) SetPasswordVerifier(fn func(userID uint, password string) error) {
+	s.passwordVerifier = fn
+}
+
+func (s *Service) ExportPrivKey(userID uint, password string) (string, error) {
+	if s.passwordVerifier == nil {
+		return "", fmt.Errorf("password verifier not configured")
+	}
+	if err := s.passwordVerifier(userID, password); err != nil {
+		return "", err
+	}
+	w, _, err := s.loadUserWallet(userID)
+	if err != nil {
+		return "", err
+	}
+	return w.PrivKey().Hex(), nil
+}
+
 // resolveUsername converts a username to the user's on-chain pubKeyHex.
 // If the user exists but has no wallet (e.g. legacy user or failed creation),
 // a wallet is auto-created on the fly.
@@ -47,12 +71,17 @@ func (s *Service) resolveUsername(username string) (string, error) {
 	uw, err := s.repo.FindByUserID(userID)
 	if err != nil {
 		// 지갑이 없으면 자동 생성 시도
-		uw, err = s.CreateWallet(userID)
-		if err != nil {
-			// unique constraint 위반 — 다른 고루틴이 먼저 생성 완료
-			uw, err = s.repo.FindByUserID(userID)
-			if err != nil {
-				return "", fmt.Errorf("wallet auto-creation failed: %w", err)
+		var createErr error
+		uw, createErr = s.CreateWallet(userID)
+		if createErr != nil {
+			if apperror.IsDuplicateEntry(createErr) {
+				// unique constraint 위반 — 다른 고루틴이 먼저 생성 완료
+				uw, err = s.repo.FindByUserID(userID)
+				if err != nil {
+					return "", fmt.Errorf("wallet auto-creation failed: %w", err)
+				}
+			} else {
+				return "", fmt.Errorf("wallet auto-creation failed: %w", createErr)
 			}
 		} else {
 			log.Printf("INFO: auto-created wallet for userID=%d (username=%s)", userID, username)
@@ -93,6 +122,16 @@ func NewService(
 
 // ---- Wallet Encryption (AES-256-GCM) ----
 
+func (s *Service) derivePerWalletKey(salt []byte, userID uint) ([]byte, error) {
+	info := []byte("wallet:" + strconv.FormatUint(uint64(userID), 10))
+	r := hkdf.New(sha256.New, s.encKeyBytes, salt, info)
+	key := make([]byte, 32)
+	if _, err := io.ReadFull(r, key); err != nil {
+		return nil, fmt.Errorf("HKDF key derivation failed: %w", err)
+	}
+	return key, nil
+}
+
 func (s *Service) encryptPrivKey(privKey tocrypto.PrivateKey) (cipherHex, nonceHex string, err error) {
 	block, err := aes.NewCipher(s.encKeyBytes)
 	if err != nil {
@@ -134,6 +173,101 @@ func (s *Service) decryptPrivKey(cipherHex, nonceHex string) (tocrypto.PrivateKe
 	return tocrypto.PrivateKey(plaintext), nil
 }
 
+func (s *Service) encryptPrivKeyV2(privKey tocrypto.PrivateKey, userID uint) (cipherHex, nonceHex, saltHex string, err error) {
+	salt := make([]byte, 16)
+	if _, err := io.ReadFull(rand.Reader, salt); err != nil {
+		return "", "", "", err
+	}
+	key, err := s.derivePerWalletKey(salt, userID)
+	if err != nil {
+		return "", "", "", err
+	}
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", "", "", err
+	}
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return "", "", "", err
+	}
+	nonce := make([]byte, gcm.NonceSize())
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		return "", "", "", err
+	}
+	cipherText := gcm.Seal(nil, nonce, []byte(privKey), nil)
+	return hex.EncodeToString(cipherText), hex.EncodeToString(nonce), hex.EncodeToString(salt), nil
+}
+
+func (s *Service) decryptPrivKeyV2(cipherHex, nonceHex, saltHex string, userID uint) (tocrypto.PrivateKey, error) {
+	cipherText, err := hex.DecodeString(cipherHex)
+	if err != nil {
+		return nil, err
+	}
+	nonce, err := hex.DecodeString(nonceHex)
+	if err != nil {
+		return nil, err
+	}
+	salt, err := hex.DecodeString(saltHex)
+	if err != nil {
+		return nil, err
+	}
+	key, err := s.derivePerWalletKey(salt, userID)
+	if err != nil {
+		return nil, err
+	}
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+	plaintext, err := gcm.Open(nil, nonce, cipherText, nil)
+	if err != nil {
+		return nil, fmt.Errorf("wallet decryption failed: %w", err)
+	}
+	return tocrypto.PrivateKey(plaintext), nil
+}
+
+// ---- Wallet Migration ----
+
+// MigrateWalletKeys re-encrypts all v1 wallets using HKDF per-wallet keys.
+// Each wallet is migrated individually; failures are logged and skipped.
+func (s *Service) MigrateWalletKeys() error {
+	wallets, err := s.repo.FindAllByKeyVersion(1)
+	if err != nil {
+		return fmt.Errorf("query v1 wallets: %w", err)
+	}
+	if len(wallets) == 0 {
+		return nil
+	}
+	log.Printf("INFO: migrating %d v1 wallets to v2 (HKDF)", len(wallets))
+	var migrated, failed int
+	for _, uw := range wallets {
+		privKey, err := s.decryptPrivKey(uw.EncryptedPrivKey, uw.EncNonce)
+		if err != nil {
+			log.Printf("ERROR: v1 decrypt failed for walletID=%d userID=%d: %v", uw.ID, uw.UserID, err)
+			failed++
+			continue
+		}
+		cipherHex, nonceHex, saltHex, err := s.encryptPrivKeyV2(privKey, uw.UserID)
+		if err != nil {
+			log.Printf("ERROR: v2 encrypt failed for walletID=%d userID=%d: %v", uw.ID, uw.UserID, err)
+			failed++
+			continue
+		}
+		if err := s.repo.UpdateEncryption(uw.ID, cipherHex, nonceHex, saltHex, 2); err != nil {
+			log.Printf("ERROR: DB update failed for walletID=%d userID=%d: %v", uw.ID, uw.UserID, err)
+			failed++
+			continue
+		}
+		migrated++
+	}
+	log.Printf("INFO: wallet migration complete: %d migrated, %d failed", migrated, failed)
+	return nil
+}
+
 // ---- Wallet Management ----
 
 // CreateWallet generates a new keypair, encrypts it, and stores in DB.
@@ -142,18 +276,18 @@ func (s *Service) CreateWallet(userID uint) (*UserWallet, error) {
 	if err != nil {
 		return nil, fmt.Errorf("key generation failed: %w", err)
 	}
-
-	cipherHex, nonceHex, err := s.encryptPrivKey(w.PrivKey())
+	cipherHex, nonceHex, saltHex, err := s.encryptPrivKeyV2(w.PrivKey(), userID)
 	if err != nil {
 		return nil, fmt.Errorf("key encryption failed: %w", err)
 	}
-
 	uw := &UserWallet{
 		UserID:           userID,
 		PubKeyHex:        w.PubKey(),
 		Address:          w.Address(),
 		EncryptedPrivKey: cipherHex,
 		EncNonce:         nonceHex,
+		KeyVersion:       2,
+		HKDFSalt:         saltHex,
 	}
 	if err := s.repo.Create(uw); err != nil {
 		return nil, fmt.Errorf("wallet save failed: %w", err)
@@ -171,7 +305,12 @@ func (s *Service) loadUserWallet(userID uint) (*wallet.Wallet, string, error) {
 	if err != nil {
 		return nil, "", fmt.Errorf("wallet not found: %w", err)
 	}
-	privKey, err := s.decryptPrivKey(uw.EncryptedPrivKey, uw.EncNonce)
+	var privKey tocrypto.PrivateKey
+	if uw.KeyVersion >= 2 {
+		privKey, err = s.decryptPrivKeyV2(uw.EncryptedPrivKey, uw.EncNonce, uw.HKDFSalt, uw.UserID)
+	} else {
+		privKey, err = s.decryptPrivKey(uw.EncryptedPrivKey, uw.EncNonce)
+	}
 	if err != nil {
 		log.Printf("WARNING: wallet decryption failed for userID=%d: %v", userID, err)
 		return nil, "", fmt.Errorf("wallet decryption failed")

internal/chain/service_encryption_test.go

@@ -0,0 +1,46 @@
+package chain
+
+import (
+	"testing"
+
+	tocrypto "github.com/tolelom/tolchain/crypto"
+)
+
+func TestEncryptDecryptV2_Roundtrip(t *testing.T) {
+	s := newTestService()
+	priv, _, err := tocrypto.GenerateKeyPair()
+	if err != nil {
+		t.Fatal(err)
+	}
+	cipherHex, nonceHex, saltHex, err := s.encryptPrivKeyV2(priv, 42)
+	if err != nil {
+		t.Fatal(err)
+	}
+	got, err := s.decryptPrivKeyV2(cipherHex, nonceHex, saltHex, 42)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if got.Hex() != priv.Hex() {
+		t.Errorf("roundtrip mismatch: got %s, want %s", got.Hex(), priv.Hex())
+	}
+}
+
+func TestDecryptV2_WrongUserID_Fails(t *testing.T) {
+	s := newTestService()
+	priv, _, _ := tocrypto.GenerateKeyPair()
+	cipherHex, nonceHex, saltHex, _ := s.encryptPrivKeyV2(priv, 42)
+	_, err := s.decryptPrivKeyV2(cipherHex, nonceHex, saltHex, 99)
+	if err == nil {
+		t.Error("expected error for wrong userID")
+	}
+}
+
+func TestV1V2_DifferentCiphertext(t *testing.T) {
+	s := newTestService()
+	priv, _, _ := tocrypto.GenerateKeyPair()
+	v1cipher, _, _ := s.encryptPrivKey(priv)
+	v2cipher, _, _, _ := s.encryptPrivKeyV2(priv, 1)
+	if v1cipher == v2cipher {
+		t.Error("v1 and v2 should produce different ciphertext")
+	}
+}

internal/download/service.go

@@ -11,13 +11,17 @@ import (
 	"path/filepath"
 	"regexp"
 	"strings"
+	"sync"
 )
 
+const maxLauncherSize = 500 * 1024 * 1024 // 500MB
+
 var versionRe = regexp.MustCompile(`v\d+\.\d+(\.\d+)?`)
 
 type Service struct {
-	repo    *Repository
-	gameDir string
+	repo     *Repository
+	gameDir  string
+	uploadMu sync.Mutex
 }
 
 func NewService(repo *Repository, gameDir string) *Service {
@@ -37,6 +41,9 @@ func (s *Service) LauncherFilePath() string {
 }
 
 func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error) {
+	s.uploadMu.Lock()
+	defer s.uploadMu.Unlock()
+
 	if err := os.MkdirAll(s.gameDir, 0755); err != nil {
 		return nil, fmt.Errorf("디렉토리 생성 실패: %w", err)
 	}
@@ -49,9 +56,7 @@ func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error)
 		return nil, fmt.Errorf("파일 생성 실패: %w", err)
 	}
 
-	// NOTE: Partial uploads (client closes cleanly mid-transfer) are saved.
-	// The hashGameExeFromZip check mitigates this for game uploads but not for launcher uploads.
-	n, err := io.Copy(f, body)
+	n, err := io.Copy(f, io.LimitReader(body, maxLauncherSize+1))
 	if closeErr := f.Close(); closeErr != nil && err == nil {
 		err = closeErr
 	}
@@ -61,6 +66,16 @@ func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error)
 		}
 		return nil, fmt.Errorf("파일 저장 실패: %w", err)
 	}
+	if n > maxLauncherSize {
+		os.Remove(tmpPath)
+		return nil, fmt.Errorf("런처 파일이 너무 큽니다 (최대 %dMB)", maxLauncherSize/1024/1024)
+	}
+
+	// PE 헤더 검증 (MZ magic bytes)
+	if err := validatePEHeader(tmpPath); err != nil {
+		os.Remove(tmpPath)
+		return nil, err
+	}
 
 	if err := os.Rename(tmpPath, finalPath); err != nil {
 		if removeErr := os.Remove(tmpPath); removeErr != nil {
@@ -88,6 +103,9 @@ func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error)
 
 // Upload streams the body directly to disk, then extracts metadata from the zip.
 func (s *Service) Upload(filename string, body io.Reader, baseURL string) (*Info, error) {
+	s.uploadMu.Lock()
+	defer s.uploadMu.Unlock()
+
 	if err := os.MkdirAll(s.gameDir, 0755); err != nil {
 		return nil, fmt.Errorf("디렉토리 생성 실패: %w", err)
 	}
@@ -153,6 +171,22 @@ func (s *Service) Upload(filename string, body io.Reader, baseURL string) (*Info
 	return info, s.repo.Save(info)
 }
 
+func validatePEHeader(path string) error {
+	f, err := os.Open(path)
+	if err != nil {
+		return fmt.Errorf("파일 검증 실패: %w", err)
+	}
+	defer f.Close()
+	header := make([]byte, 2)
+	if _, err := io.ReadFull(f, header); err != nil {
+		return fmt.Errorf("유효하지 않은 실행 파일입니다")
+	}
+	if header[0] != 'M' || header[1] != 'Z' {
+		return fmt.Errorf("유효하지 않은 실행 파일입니다")
+	}
+	return nil
+}
+
 func hashFileToHex(path string) string {
 	f, err := os.Open(path)
 	if err != nil {
@@ -181,12 +215,17 @@ func hashGameExeFromZip(zipPath string) string {
 			if err != nil {
 				return ""
 			}
+			lr := io.LimitReader(rc, maxExeSize+1)
 			h := sha256.New()
-			_, err = io.Copy(h, io.LimitReader(rc, maxExeSize))
+			n, err := io.Copy(h, lr)
 			rc.Close()
 			if err != nil {
 				return ""
 			}
+			if n > maxExeSize {
+				log.Printf("WARNING: A301.exe exceeds %dMB, hash may be inaccurate", maxExeSize/1024/1024)
+				return ""
+			}
 			return hex.EncodeToString(h.Sum(nil))
 		}
 	}

internal/player/service.go

@@ -8,8 +8,8 @@ import (
 
 // validateGameData checks that game data fields are within acceptable ranges.
 func validateGameData(data *GameDataRequest) error {
-	if data.Level != nil && (*data.Level < 1 || *data.Level > 999) {
-		return fmt.Errorf("레벨은 1~999 범위여야 합니다")
+	if data.Level != nil && (*data.Level < 1 || *data.Level > MaxLevel) {
+		return fmt.Errorf("레벨은 1~%d 범위여야 합니다", MaxLevel)
 	}
 	if data.Experience != nil && *data.Experience < 0 {
 		return fmt.Errorf("경험치는 0 이상이어야 합니다")

internal/server/server.go

@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"a301_server/pkg/apperror"
+	"a301_server/pkg/config"
 	"a301_server/pkg/metrics"
 	"a301_server/pkg/middleware"
 
@@ -12,6 +13,7 @@ import (
 	"github.com/gofiber/fiber/v2/middleware/cors"
 	"github.com/gofiber/fiber/v2/middleware/limiter"
 	"github.com/gofiber/fiber/v2/middleware/logger"
+	"github.com/gofiber/fiber/v2/middleware/recover"
 	"github.com/redis/go-redis/v9"
 	"gorm.io/gorm"
 )
@@ -23,6 +25,9 @@ func New() *fiber.App {
 		BodyLimit:         4 * 1024 * 1024 * 1024, // 4GB
 		ErrorHandler:      middleware.ErrorHandler,
 	})
+	app.Use(recover.New(recover.Config{
+		EnableStackTrace: true,
+	}))
 	app.Use(middleware.RequestID)
 	app.Use(middleware.Metrics)
 	app.Get("/metrics", metrics.Handler)
@@ -32,9 +37,10 @@ func New() *fiber.App {
 	}))
 	app.Use(middleware.SecurityHeaders)
 	app.Use(cors.New(cors.Config{
-		AllowOrigins:     "https://a301.tolelom.xyz",
-		AllowHeaders:     "Origin, Content-Type, Authorization, Idempotency-Key, X-API-Key",
+		AllowOrigins:     config.C.CORSAllowOrigins,
+		AllowHeaders:     "Origin, Content-Type, Authorization, Idempotency-Key, X-API-Key, X-Requested-With",
 		AllowMethods:     "GET, POST, PUT, PATCH, DELETE",
+		ExposeHeaders:    "X-Request-ID, X-Idempotent-Replay",
 		AllowCredentials: true,
 	}))
 	return app
@@ -54,10 +60,10 @@ func AuthLimiter() fiber.Handler {
 	})
 }
 
-// APILimiter returns a rate limiter for general API endpoints (60 req/min per IP).
+// APILimiter returns a rate limiter for general API endpoints (120 req/min per IP).
 func APILimiter() fiber.Handler {
 	return limiter.New(limiter.Config{
-		Max:        60,
+		Max:        120,
 		Expiration: 1 * time.Minute,
 		KeyGenerator: func(c *fiber.Ctx) string {
 			return c.IP()
@@ -68,6 +74,21 @@ func APILimiter() fiber.Handler {
 	})
 }
 
+// RefreshLimiter returns a rate limiter for refresh token endpoint (5 req/min per IP).
+// Separate from AuthLimiter to avoid NAT collisions while still preventing abuse.
+func RefreshLimiter() fiber.Handler {
+	return limiter.New(limiter.Config{
+		Max:        5,
+		Expiration: 1 * time.Minute,
+		KeyGenerator: func(c *fiber.Ctx) string {
+			return "refresh:" + c.IP()
+		},
+		LimitReached: func(c *fiber.Ctx) error {
+			return apperror.ErrRateLimited
+		},
+	})
+}
+
 // ChainUserLimiter returns a rate limiter for chain transactions (20 req/min per user).
 func ChainUserLimiter() fiber.Handler {
 	return limiter.New(limiter.Config{

main.go

@@ -75,6 +75,11 @@ func main() {
 	}
 	chainHandler := chain.NewHandler(chainSvc)
 
+	// Migrate v1 wallets to v2 (HKDF per-wallet keys)
+	if err := chainSvc.MigrateWalletKeys(); err != nil {
+		log.Fatalf("wallet key migration failed: %v", err)
+	}
+
 	userResolver := func(username string) (uint, error) {
 		user, err := authRepo.FindByUsername(username)
 		if err != nil {
@@ -88,6 +93,7 @@ func main() {
 		_, err := chainSvc.CreateWallet(userID)
 		return err
 	})
+	chainSvc.SetPasswordVerifier(authSvc.VerifyPassword)
 
 	playerRepo := player.NewRepository(db)
 	playerSvc := player.NewService(playerRepo)
@@ -106,9 +112,12 @@ func main() {
 
 	brRepo := bossraid.NewRepository(db)
 	brSvc := bossraid.NewService(brRepo, rdb)
-	brSvc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
-		_, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets)
-		return err
+	brSvc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
+		result, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets)
+		if result != nil {
+			return result.TxID, err
+		}
+		return "", err
 	})
 	brSvc.SetExpGranter(func(username string, exp int) error {
 		return playerSvc.GrantExperienceByUsername(username, exp)
@@ -137,7 +146,7 @@ func main() {
 
 	routes.Register(app, authHandler, annHandler, dlHandler, chainHandler, brHandler, playerHandler,
 		server.AuthLimiter(), server.APILimiter(), server.HealthCheck(), server.ReadyCheck(db, rdb),
-		server.ChainUserLimiter(), authMw, serverAuthMw, idempotencyReqMw)
+		server.ChainUserLimiter(), authMw, serverAuthMw, idempotencyReqMw, server.RefreshLimiter())
 
 	// ── 백그라운드 워커 ──────────────────────────────────────────────
 
@@ -151,42 +160,59 @@ func main() {
 
 	rewardWorker := bossraid.NewRewardWorker(
 		brRepo,
-		func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
-			_, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets)
-			return err
+		func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
+			result, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets)
+			if result != nil {
+				return result.TxID, err
+			}
+			return "", err
 		},
 		func(username string, exp int) error {
 			return playerSvc.GrantExperienceByUsername(username, exp)
 		},
+		func(txID string) (bool, error) {
+			result, err := chainClient.GetTxStatus(txID)
+			if err != nil {
+				return false, err
+			}
+			return result != nil && result.Success, nil
+		},
 	)
 	rewardWorker.Start()
 
 	// ── Graceful shutdown ────────────────────────────────────────────
 
 	go func() {
-		sigCh := make(chan os.Signal, 1)
-		signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
-		sig := <-sigCh
-		log.Printf("수신된 시그널: %v — 서버 종료 중...", sig)
-		rewardWorker.Stop()
-		if err := app.ShutdownWithTimeout(10 * time.Second); err != nil {
-			log.Printf("서버 종료 실패: %v", err)
-		}
-		if rdb != nil {
-			if err := rdb.Close(); err != nil {
-				log.Printf("Redis 종료 실패: %v", err)
-			} else {
-				log.Println("Redis 연결 종료 완료")
-			}
-		}
-		if sqlDB, err := db.DB(); err == nil {
-			if err := sqlDB.Close(); err != nil {
-				log.Printf("MySQL 종료 실패: %v", err)
-			} else {
-				log.Println("MySQL 연결 종료 완료")
-			}
+		if err := app.Listen(":" + config.C.AppPort); err != nil {
+			log.Printf("서버 Listen 종료: %v", err)
 		}
 	}()
 
-	log.Fatal(app.Listen(":" + config.C.AppPort))
+	sigCh := make(chan os.Signal, 1)
+	signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
+	sig := <-sigCh
+	log.Printf("수신된 시그널: %v — 서버 종료 중...", sig)
+
+	rewardWorker.Stop()
+
+	if err := app.ShutdownWithTimeout(10 * time.Second); err != nil {
+		log.Printf("서버 종료 실패: %v", err)
+	}
+
+	if rdb != nil {
+		if err := rdb.Close(); err != nil {
+			log.Printf("Redis 종료 실패: %v", err)
+		} else {
+			log.Println("Redis 연결 종료 완료")
+		}
+	}
+	if sqlDB, err := db.DB(); err == nil {
+		if err := sqlDB.Close(); err != nil {
+			log.Printf("MySQL 종료 실패: %v", err)
+		} else {
+			log.Println("MySQL 연결 종료 완료")
+		}
+	}
+
+	log.Println("서버 종료 완료")
 }

pkg/apperror/apperror.go

@@ -1,6 +1,12 @@
 package apperror
 
-import "fmt"
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/go-sql-driver/mysql"
+)
 
 // AppError is a structured application error with an HTTP status code.
 // JSON response format: {"error": "<code>", "message": "<human-readable message>"}
@@ -57,3 +63,15 @@ func Conflict(message string) *AppError {
 func Internal(message string) *AppError {
 	return &AppError{Code: "internal_error", Message: message, Status: 500}
 }
+
+// ErrDuplicateUsername is returned when a username already exists.
+var ErrDuplicateUsername = fmt.Errorf("이미 사용 중인 아이디입니다")
+
+// IsDuplicateEntry checks if a GORM error is a MySQL duplicate key violation (error 1062).
+func IsDuplicateEntry(err error) bool {
+	var mysqlErr *mysql.MySQLError
+	if errors.As(err, &mysqlErr) {
+		return mysqlErr.Number == 1062
+	}
+	return strings.Contains(err.Error(), "Duplicate entry") || strings.Contains(err.Error(), "UNIQUE constraint")
+}

pkg/config/config.go

@@ -2,6 +2,7 @@ package config
 
 import (
 	"log"
+	"net/url"
 	"os"
 	"strconv"
 	"strings"
@@ -35,6 +36,9 @@ type Config struct {
 	OperatorKeyHex      string
 	WalletEncryptionKey string
 
+	// CORS
+	CORSAllowOrigins string
+
 	// Server-to-server auth
 	InternalAPIKey string
 
@@ -72,6 +76,8 @@ func Load() {
 		OperatorKeyHex:      getEnv("OPERATOR_KEY_HEX", ""),
 		WalletEncryptionKey: getEnv("WALLET_ENCRYPTION_KEY", ""),
 
+		CORSAllowOrigins: getEnv("CORS_ALLOW_ORIGINS", "https://a301.tolelom.xyz"),
+
 		InternalAPIKey: getEnv("INTERNAL_API_KEY", ""),
 
 		SSAFYClientID:     getEnv("SSAFY_CLIENT_ID", ""),
@@ -83,6 +89,9 @@ func Load() {
 	if raw := getEnv("CHAIN_NODE_URLS", ""); raw != "" {
 		for _, u := range strings.Split(raw, ",") {
 			if u = strings.TrimSpace(u); u != "" {
+				if parsed, err := url.Parse(u); err != nil || parsed.Scheme == "" || parsed.Host == "" {
+					log.Fatalf("FATAL: invalid CHAIN_NODE_URL: %q (must be http:// or https://)", u)
+				}
 				C.ChainNodeURLs = append(C.ChainNodeURLs, u)
 			}
 		}
@@ -114,8 +123,23 @@ func WarnInsecureDefaults() {
 		log.Println("WARNING: WALLET_ENCRYPTION_KEY is empty — blockchain wallet features will fail")
 	}
 
+	if isProd {
+		if C.DBPassword == "" {
+			log.Println("FATAL: DB_PASSWORD must be set in production")
+			insecure = true
+		}
+		if C.OperatorKeyHex == "" {
+			log.Println("FATAL: OPERATOR_KEY_HEX must be set in production")
+			insecure = true
+		}
+		if C.InternalAPIKey == "" {
+			log.Println("FATAL: INTERNAL_API_KEY must be set in production")
+			insecure = true
+		}
+	}
+
 	if isProd && insecure {
-		log.Fatal("FATAL: insecure default secrets detected in production — set JWT_SECRET, REFRESH_SECRET, and ADMIN_PASSWORD")
+		log.Fatal("FATAL: insecure defaults detected in production — check warnings above")
 	}
 }
 

pkg/database/mysql.go

@@ -11,7 +11,7 @@ import (
 
 func ConnectMySQL() (*gorm.DB, error) {
 	c := config.C
-	dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=utf8mb4&parseTime=True&loc=Local",
+	dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?charset=utf8mb4&parseTime=True&loc=UTC",
 		c.DBUser, c.DBPassword, c.DBHost, c.DBPort, c.DBName,
 	)
 	db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{})

pkg/middleware/error_handler.go

@@ -9,23 +9,41 @@ import (
 )
 
 // ErrorHandler is a Fiber error handler that returns structured JSON for AppError.
+// Includes requestID in error responses for log correlation.
 func ErrorHandler(c *fiber.Ctx, err error) error {
+	requestID, _ := c.Locals("requestID").(string)
+
 	var appErr *apperror.AppError
 	if errors.As(err, &appErr) {
-		return c.Status(appErr.Status).JSON(appErr)
+		resp := fiber.Map{
+			"error":   appErr.Code,
+			"message": appErr.Message,
+		}
+		if requestID != "" {
+			resp["requestId"] = requestID
+		}
+		return c.Status(appErr.Status).JSON(resp)
 	}
 
 	// Default Fiber error handling
 	var fiberErr *fiber.Error
 	if errors.As(err, &fiberErr) {
-		return c.Status(fiberErr.Code).JSON(fiber.Map{
+		resp := fiber.Map{
 			"error":   "server_error",
 			"message": fiberErr.Message,
-		})
+		}
+		if requestID != "" {
+			resp["requestId"] = requestID
+		}
+		return c.Status(fiberErr.Code).JSON(resp)
 	}
 
-	return c.Status(500).JSON(fiber.Map{
+	resp := fiber.Map{
 		"error":   "internal_error",
 		"message": "서버 오류가 발생했습니다",
-	})
+	}
+	if requestID != "" {
+		resp["requestId"] = requestID
+	}
+	return c.Status(500).JSON(resp)
 }

pkg/middleware/idempotency.go

@@ -49,7 +49,7 @@ func Idempotency(rdb *redis.Client) fiber.Handler {
 		if uid, ok := c.Locals("userID").(uint); ok {
 			redisKey += fmt.Sprintf("u%d:", uid)
 		}
-		redisKey += key
+		redisKey += c.Method() + ":" + c.Route().Path + ":" + key
 
 		ctx, cancel := context.WithTimeout(context.Background(), redisTimeout)
 		defer cancel()
@@ -57,9 +57,9 @@ func Idempotency(rdb *redis.Client) fiber.Handler {
 		// Atomically claim the key using SET NX (only succeeds if key doesn't exist)
 		set, err := rdb.SetNX(ctx, redisKey, "processing", idempotencyTTL).Result()
 		if err != nil {
-			// Redis error — let the request through rather than blocking
-			log.Printf("WARNING: idempotency SetNX failed (key=%s): %v", key, err)
-			return c.Next()
+			// Redis error — reject to prevent duplicate transactions
+			log.Printf("ERROR: idempotency SetNX failed (key=%s): %v", key, err)
+			return apperror.New("internal_error", "서버 오류가 발생했습니다. 잠시 후 다시 시도해주세요", 503)
 		}
 
 		if !set {

routes/routes.go

@@ -28,6 +28,7 @@ func Register(
 	authMw fiber.Handler,
 	serverAuthMw fiber.Handler,
 	idempotencyReqMw fiber.Handler,
+	refreshLimiter fiber.Handler,
 ) {
 	// Swagger UI
 	app.Get("/swagger/*", swagger.HandlerDefault)
@@ -80,7 +81,7 @@ func Register(
 	a := api.Group("/auth")
 	a.Post("/register", authLimiter, authH.Register)
 	a.Post("/login", authLimiter, authH.Login)
-	a.Post("/refresh", authLimiter, authH.Refresh)
+	a.Post("/refresh", refreshLimiter, authH.Refresh)
 	a.Post("/logout", authMw, authH.Logout)
 	// /verify moved to internal API (ServerAuth) — see internal section below
 	a.Get("/ssafy/login", authH.SSAFYLoginURL)
@@ -112,6 +113,7 @@ func Register(
 	// Chain - Queries (authenticated)
 	ch := api.Group("/chain", authMw)
 	ch.Get("/wallet", chainH.GetWalletInfo)
+	ch.Post("/wallet/export", chainH.ExportWallet)
 	ch.Get("/balance", chainH.GetBalance)
 	ch.Get("/assets", chainH.GetAssets)
 	ch.Get("/asset/:id", chainH.GetAsset)