Compare commits
18 Commits
fix/wallet
...
0cd0d2a402
| Author | SHA1 | Date | |
|---|---|---|---|
| 0cd0d2a402 | |||
| 10a3f0156b | |||
| 3a75f64d44 | |||
| d79156a1d7 | |||
| 81214d42e5 | |||
| d46ba47c63 | |||
| cc9884bdfe | |||
| e16e1b5e0a | |||
| 4c367e84ad | |||
| 7ece5f3c44 | |||
| 4bbab002ea | |||
| 9883985968 | |||
| dc2bcb1c5d | |||
| f50b629d59 | |||
| eeb9e746b8 | |||
| 4393503245 | |||
| d6c75dcaad | |||
| 7db63d2d92 |
@@ -10,48 +10,48 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 코드 체크아웃
|
||||
uses: actions/checkout@v4
|
||||
run: |
|
||||
git config --global --add safe.directory "$(pwd)"
|
||||
git init
|
||||
git remote add origin $GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git
|
||||
git fetch --depth=1 origin $GITHUB_SHA
|
||||
git checkout $GITHUB_SHA
|
||||
|
||||
- name: tolchain 의존성 클론
|
||||
run: git clone --depth 1 https://github.com/tolelom/tolchain.git ../tolchain
|
||||
|
||||
- name: Go 설치
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: '1.25'
|
||||
run: |
|
||||
curl -fsSL https://go.dev/dl/go1.25.5.linux-arm64.tar.gz -o /tmp/go.tar.gz
|
||||
rm -rf /usr/local/go && tar -C /usr/local -xzf /tmp/go.tar.gz
|
||||
export PATH=$PATH:/usr/local/go/bin
|
||||
go version
|
||||
|
||||
- name: go vet 검증
|
||||
run: go vet ./...
|
||||
run: |
|
||||
export PATH=$PATH:/usr/local/go/bin
|
||||
go vet ./...
|
||||
|
||||
- name: 테스트 실행
|
||||
run: go test ./... -count=1
|
||||
run: |
|
||||
export PATH=$PATH:/usr/local/go/bin
|
||||
go test ./... -count=1
|
||||
|
||||
- name: 빌드 검증
|
||||
run: go build -o /dev/null .
|
||||
run: |
|
||||
export PATH=$PATH:/usr/local/go/bin
|
||||
go build -o /dev/null .
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: lint-and-build
|
||||
steps:
|
||||
- name: 서버에 배포
|
||||
uses: appleboy/ssh-action@v1
|
||||
with:
|
||||
host: ${{ secrets.SERVER_HOST }}
|
||||
username: ${{ secrets.SERVER_USER }}
|
||||
key: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||
port: 22
|
||||
script: |
|
||||
set -e
|
||||
export PATH=$PATH:/usr/local/bin:/opt/homebrew/bin:$HOME/.docker/bin
|
||||
cd /tmp
|
||||
rm -rf a301-build
|
||||
mkdir a301-build && cd a301-build
|
||||
# Suppress token from logs
|
||||
set +x
|
||||
git clone --quiet https://tolelom:${{ secrets.GIT_TOKEN }}@git.tolelom.xyz/A301/a301_server.git a301_server 2>/dev/null
|
||||
set -x
|
||||
git clone --quiet https://github.com/tolelom/tolchain.git tolchain
|
||||
docker build --no-cache -t a301-server:latest -f a301_server/Dockerfile .
|
||||
cd ~/server
|
||||
docker compose up -d --no-deps --force-recreate a301-server
|
||||
rm -rf /tmp/a301-build
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/deploy_key
|
||||
chmod 600 ~/.ssh/deploy_key
|
||||
ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key \
|
||||
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} \
|
||||
'set -e && export PATH=$PATH:/usr/local/bin:/opt/homebrew/bin:$HOME/.docker/bin && cd /tmp && rm -rf a301-build && mkdir a301-build && cd a301-build && git clone --quiet https://tolelom:${{ secrets.GIT_TOKEN }}@git.tolelom.xyz/A301/a301_server.git a301_server && git clone --quiet https://github.com/tolelom/tolchain.git tolchain && docker build --no-cache -t a301-server:latest -f a301_server/Dockerfile . && cd ~/server && docker compose up -d --no-deps --force-recreate a301-server && rm -rf /tmp/a301-build'
|
||||
rm -f ~/.ssh/deploy_key
|
||||
|
||||
@@ -10,9 +10,11 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o server .
|
||||
# Stage 2: Run
|
||||
FROM alpine:latest
|
||||
RUN apk --no-cache add tzdata ca-certificates curl
|
||||
RUN mkdir -p /data/game
|
||||
RUN addgroup -g 1000 app && adduser -D -u 1000 -G app app
|
||||
RUN mkdir -p /data/game && chown app:app /data/game
|
||||
WORKDIR /app
|
||||
COPY --from=builder /build/a301_server/server .
|
||||
COPY --from=builder --chown=app:app /build/a301_server/server .
|
||||
USER app
|
||||
EXPOSE 8080
|
||||
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
||||
CMD curl -f http://localhost:8080/health || exit 1
|
||||
|
||||
@@ -426,9 +426,6 @@ func (s *Service) SSAFYLogin(code, state string) (accessToken, refreshToken stri
|
||||
|
||||
ssafyID := userInfo.UserID
|
||||
// SSAFY ID에서 영문 소문자+숫자만 추출하여 안전한 username 생성
|
||||
// NOTE: Username collision is handled by the DB unique constraint.
|
||||
// If collision occurs, the transaction will rollback and return a generic error.
|
||||
// A retry with random suffix could improve UX but is not critical.
|
||||
safeID := sanitizeForUsername(ssafyID)
|
||||
if safeID == "" {
|
||||
safeID = hex.EncodeToString(randomBytes[:8])
|
||||
@@ -437,32 +434,47 @@ func (s *Service) SSAFYLogin(code, state string) (accessToken, refreshToken stri
|
||||
if len(username) > 50 {
|
||||
username = username[:50]
|
||||
}
|
||||
// DB unique constraint 충돌 시 랜덤 suffix로 최대 3회 재시도
|
||||
maxRetries := 3
|
||||
baseUsername := username
|
||||
|
||||
err = s.repo.Transaction(func(txRepo *Repository) error {
|
||||
user = &User{
|
||||
Username: username,
|
||||
PasswordHash: string(hash),
|
||||
Role: RoleUser,
|
||||
SsafyID: &ssafyID,
|
||||
}
|
||||
if err := txRepo.Create(user); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if s.walletCreator != nil {
|
||||
if err := s.walletCreator(user.ID); err != nil {
|
||||
return fmt.Errorf("wallet creation failed: %w", err)
|
||||
for attempt := 0; attempt < maxRetries; attempt++ {
|
||||
if attempt > 0 {
|
||||
suffix := hex.EncodeToString(randomBytes[attempt*2 : attempt*2+4])
|
||||
username = baseUsername + "_" + suffix
|
||||
if len(username) > 50 {
|
||||
username = username[:50]
|
||||
}
|
||||
}
|
||||
if s.profileCreator != nil {
|
||||
if err := s.profileCreator(user.ID); err != nil {
|
||||
return fmt.Errorf("profile creation failed: %w", err)
|
||||
err = s.repo.Transaction(func(txRepo *Repository) error {
|
||||
user = &User{
|
||||
Username: username,
|
||||
PasswordHash: string(hash),
|
||||
Role: RoleUser,
|
||||
SsafyID: &ssafyID,
|
||||
}
|
||||
if err := txRepo.Create(user); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if s.walletCreator != nil {
|
||||
if err := s.walletCreator(user.ID); err != nil {
|
||||
return fmt.Errorf("wallet creation failed: %w", err)
|
||||
}
|
||||
}
|
||||
if s.profileCreator != nil {
|
||||
if err := s.profileCreator(user.ID); err != nil {
|
||||
return fmt.Errorf("profile creation failed: %w", err)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
})
|
||||
if err == nil {
|
||||
break
|
||||
}
|
||||
return nil
|
||||
})
|
||||
log.Printf("SSAFY user creation attempt %d failed: %v", attempt+1, err)
|
||||
}
|
||||
if err != nil {
|
||||
log.Printf("SSAFY user creation transaction failed: %v", err)
|
||||
return "", "", nil, fmt.Errorf("계정 생성 실패: %v", err)
|
||||
}
|
||||
}
|
||||
@@ -523,6 +535,18 @@ func sanitizeForUsername(s string) string {
|
||||
// If these fail, the admin user exists without a wallet/profile.
|
||||
// This is acceptable because EnsureAdmin runs once at startup and failures
|
||||
// are logged as warnings. A restart will skip user creation (already exists).
|
||||
// VerifyPassword checks if the password matches the user's stored hash.
|
||||
func (s *Service) VerifyPassword(userID uint, password string) error {
|
||||
user, err := s.repo.FindByID(userID)
|
||||
if err != nil {
|
||||
return fmt.Errorf("user not found")
|
||||
}
|
||||
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(password)); err != nil {
|
||||
return fmt.Errorf("invalid password")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Service) EnsureAdmin(username, password string) error {
|
||||
if _, err := s.repo.FindByUsername(username); err == nil {
|
||||
return nil
|
||||
|
||||
@@ -207,10 +207,18 @@ func (h *Handler) ValidateEntryToken(c *fiber.Ctx) error {
|
||||
return apperror.Unauthorized(err.Error())
|
||||
}
|
||||
|
||||
// 방 정보에서 파티 인원 수 조회
|
||||
expectedPlayers := 0
|
||||
room, roomErr := h.svc.GetRoom(sessionName)
|
||||
if roomErr == nil && room != nil {
|
||||
expectedPlayers = room.MaxPlayers
|
||||
}
|
||||
|
||||
return c.JSON(fiber.Map{
|
||||
"valid": true,
|
||||
"username": username,
|
||||
"sessionName": sessionName,
|
||||
"valid": true,
|
||||
"username": username,
|
||||
"sessionName": sessionName,
|
||||
"expectedPlayers": expectedPlayers,
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
@@ -88,5 +88,6 @@ type RewardFailure struct {
|
||||
Experience int `json:"experience" gorm:"default:0;not null"`
|
||||
Error string `json:"error" gorm:"type:text"`
|
||||
RetryCount int `json:"retryCount" gorm:"default:0;not null"`
|
||||
LastTxID string `json:"lastTxId" gorm:"type:varchar(100)"` // 마지막 시도한 블록체인 트랜잭션 ID (이중 지급 방지용)
|
||||
ResolvedAt *time.Time `json:"resolvedAt" gorm:"index"`
|
||||
}
|
||||
|
||||
@@ -64,6 +64,17 @@ func (r *Repository) CountActiveByUsername(username string) (int64, error) {
|
||||
return count, err
|
||||
}
|
||||
|
||||
// FindWaitingRoomsByUsername returns all waiting rooms containing the given username.
|
||||
func (r *Repository) FindWaitingRoomsByUsername(username string) ([]BossRoom, error) {
|
||||
escaped := strings.NewReplacer("%", "\\%", "_", "\\_").Replace(username)
|
||||
search := `"` + escaped + `"`
|
||||
var rooms []BossRoom
|
||||
err := r.db.Where("status = ? AND players LIKE ?",
|
||||
StatusWaiting, "%"+search+"%").
|
||||
Find(&rooms).Error
|
||||
return rooms, err
|
||||
}
|
||||
|
||||
// --- DedicatedServer & RoomSlot ---
|
||||
|
||||
// UpsertDedicatedServer creates or updates a server group by name.
|
||||
@@ -213,6 +224,40 @@ func (r *Repository) DeleteRoomBySessionName(sessionName string) error {
|
||||
return r.db.Unscoped().Where("session_name = ?", sessionName).Delete(&BossRoom{}).Error
|
||||
}
|
||||
|
||||
// CleanupStaleWaitingRooms deletes BossRoom records stuck in "waiting" status
|
||||
// past the given threshold and resets their associated RoomSlots to idle.
|
||||
// This handles cases where players disconnect during loading before the Fusion session starts.
|
||||
func (r *Repository) CleanupStaleWaitingRooms(threshold time.Time) (int64, error) {
|
||||
// 1. waiting 상태에서 threshold보다 오래된 방 조회
|
||||
var staleRooms []BossRoom
|
||||
if err := r.db.Where("status = ? AND created_at < ?", StatusWaiting, threshold).
|
||||
Find(&staleRooms).Error; err != nil {
|
||||
return 0, err
|
||||
}
|
||||
if len(staleRooms) == 0 {
|
||||
return 0, nil
|
||||
}
|
||||
|
||||
// 2. 연결된 슬롯을 idle로 리셋
|
||||
staleSessionNames := make([]string, len(staleRooms))
|
||||
for i, room := range staleRooms {
|
||||
staleSessionNames[i] = room.SessionName
|
||||
}
|
||||
r.db.Model(&RoomSlot{}).
|
||||
Where("session_name IN ? AND status = ?", staleSessionNames, SlotWaiting).
|
||||
Updates(map[string]interface{}{
|
||||
"status": SlotIdle,
|
||||
"boss_room_id": nil,
|
||||
})
|
||||
|
||||
// 3. BossRoom 레코드 하드 삭제
|
||||
result := r.db.Unscoped().
|
||||
Where("status = ? AND created_at < ?", StatusWaiting, threshold).
|
||||
Delete(&BossRoom{})
|
||||
|
||||
return result.RowsAffected, result.Error
|
||||
}
|
||||
|
||||
// ResetStaleSlots clears instanceID for slots with stale heartbeats
|
||||
// and resets any active raids on those slots.
|
||||
func (r *Repository) ResetStaleSlots(threshold time.Time) (int64, error) {
|
||||
@@ -329,3 +374,10 @@ func (r *Repository) IncrementRetryCount(id uint, errMsg string) error {
|
||||
"error": errMsg,
|
||||
}).Error
|
||||
}
|
||||
|
||||
// UpdateLastTxID saves the last attempted blockchain transaction ID for idempotency checking.
|
||||
func (r *Repository) UpdateLastTxID(id uint, txID string) error {
|
||||
return r.db.Model(&RewardFailure{}).
|
||||
Where("id = ?", id).
|
||||
Update("last_tx_id", txID).Error
|
||||
}
|
||||
|
||||
@@ -11,8 +11,9 @@ import (
|
||||
// RewardWorker periodically retries failed reward grants.
|
||||
type RewardWorker struct {
|
||||
repo *Repository
|
||||
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error
|
||||
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error)
|
||||
expGrant func(username string, exp int) error
|
||||
txCheck func(txID string) (confirmed bool, err error) // 이중 지급 방지: tx 상태 확인
|
||||
interval time.Duration
|
||||
stopCh chan struct{}
|
||||
}
|
||||
@@ -20,13 +21,15 @@ type RewardWorker struct {
|
||||
// NewRewardWorker creates a new RewardWorker. Default interval is 1 minute.
|
||||
func NewRewardWorker(
|
||||
repo *Repository,
|
||||
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error,
|
||||
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error),
|
||||
expGrant func(username string, exp int) error,
|
||||
txCheck func(txID string) (confirmed bool, err error),
|
||||
) *RewardWorker {
|
||||
return &RewardWorker{
|
||||
repo: repo,
|
||||
rewardGrant: rewardGrant,
|
||||
expGrant: expGrant,
|
||||
txCheck: txCheck,
|
||||
interval: 1 * time.Minute,
|
||||
stopCh: make(chan struct{}),
|
||||
}
|
||||
@@ -71,6 +74,21 @@ func (w *RewardWorker) retryOne(rf RewardFailure) {
|
||||
|
||||
// 블록체인 보상 재시도 (토큰 또는 에셋이 있는 경우)
|
||||
if (rf.TokenAmount > 0 || rf.Assets != "[]") && w.rewardGrant != nil {
|
||||
// 이중 지급 방지: 마지막 tx가 이미 성공했는지 확인
|
||||
if rf.LastTxID != "" && w.txCheck != nil {
|
||||
confirmed, checkErr := w.txCheck(rf.LastTxID)
|
||||
if checkErr != nil {
|
||||
log.Printf("보상 재시도 tx 상태 확인 실패: ID=%d, txID=%s: %v", rf.ID, rf.LastTxID, checkErr)
|
||||
// 상태 확인 실패 시 안전하게 재시도 건너뜀 (다음 주기에 다시 확인)
|
||||
return
|
||||
}
|
||||
if confirmed {
|
||||
log.Printf("보상 재시도 건너뜀 (이전 tx 이미 성공): ID=%d, txID=%s, %s", rf.ID, rf.LastTxID, rf.Username)
|
||||
// 블록체인 보상은 이미 지급됨 → 경험치만 확인
|
||||
goto expRetry
|
||||
}
|
||||
}
|
||||
|
||||
var assets []core.MintAssetPayload
|
||||
if rf.Assets != "" && rf.Assets != "[]" {
|
||||
if err := json.Unmarshal([]byte(rf.Assets), &assets); err != nil {
|
||||
@@ -82,9 +100,18 @@ func (w *RewardWorker) retryOne(rf RewardFailure) {
|
||||
return
|
||||
}
|
||||
}
|
||||
retryErr = w.rewardGrant(rf.Username, rf.TokenAmount, assets)
|
||||
txID, grantErr := w.rewardGrant(rf.Username, rf.TokenAmount, assets)
|
||||
retryErr = grantErr
|
||||
|
||||
// 시도한 txID 저장 (다음 재시도 시 이중 지급 방지용)
|
||||
if txID != "" {
|
||||
if err := w.repo.UpdateLastTxID(rf.ID, txID); err != nil {
|
||||
log.Printf("보상 재시도 txID 저장 실패: ID=%d: %v", rf.ID, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
expRetry:
|
||||
// 경험치 재시도 (블록체인 보상이 없거나 성공한 경우)
|
||||
if retryErr == nil && rf.Experience > 0 && w.expGrant != nil {
|
||||
retryErr = w.expGrant(rf.Username, rf.Experience)
|
||||
@@ -105,7 +132,8 @@ func (w *RewardWorker) retryOne(rf RewardFailure) {
|
||||
}
|
||||
newCount := rf.RetryCount + 1
|
||||
if newCount >= 10 {
|
||||
log.Printf("보상 재시도 포기 (최대 횟수 초과): ID=%d, %s", rf.ID, rf.Username)
|
||||
log.Printf("CRITICAL: 보상 재시도 포기 (최대 횟수 초과) — 수동 복구 필요: ID=%d, session=%s, user=%s, token=%d, exp=%d",
|
||||
rf.ID, rf.SessionName, rf.Username, rf.TokenAmount, rf.Experience)
|
||||
} else {
|
||||
log.Printf("보상 재시도 실패 (%d/10): ID=%d, %s: %v", newCount, rf.ID, rf.Username, retryErr)
|
||||
}
|
||||
|
||||
@@ -22,6 +22,9 @@ const (
|
||||
entryTokenPrefix = "bossraid:entry:"
|
||||
// pendingEntryPrefix is the Redis key prefix for username → {sessionName, entryToken}.
|
||||
pendingEntryPrefix = "bossraid:pending:"
|
||||
// waitingRoomTimeout is the maximum time a room can stay in "waiting" status
|
||||
// before being considered stale and cleaned up. Covers loading + Fusion connection + retries.
|
||||
waitingRoomTimeout = 2 * time.Minute
|
||||
)
|
||||
|
||||
// entryTokenData is stored in Redis for each entry token.
|
||||
@@ -33,7 +36,7 @@ type entryTokenData struct {
|
||||
type Service struct {
|
||||
repo *Repository
|
||||
rdb *redis.Client
|
||||
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error
|
||||
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error)
|
||||
expGrant func(username string, exp int) error
|
||||
}
|
||||
|
||||
@@ -42,7 +45,8 @@ func NewService(repo *Repository, rdb *redis.Client) *Service {
|
||||
}
|
||||
|
||||
// SetRewardGranter sets the callback for granting rewards via blockchain.
|
||||
func (s *Service) SetRewardGranter(fn func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error) {
|
||||
// The callback returns the blockchain transaction ID and an error.
|
||||
func (s *Service) SetRewardGranter(fn func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (txID string, err error)) {
|
||||
s.rewardGrant = fn
|
||||
}
|
||||
|
||||
@@ -55,8 +59,10 @@ func (s *Service) SetExpGranter(fn func(username string, exp int) error) {
|
||||
// Allocates an idle room slot from a registered dedicated server.
|
||||
// Returns the room with assigned session name.
|
||||
func (s *Service) RequestEntry(usernames []string, bossID int) (*BossRoom, error) {
|
||||
// 좀비 슬롯 정리 — idle 슬롯 검색 전에 stale 인스턴스를 리셋
|
||||
// 좀비 슬롯 정리 — idle 슬롯 검색 전에 stale 인스턴스와 대기방을 리셋
|
||||
s.CheckStaleSlots()
|
||||
// 입장 요청 플레이어들의 stale waiting room 선제 정리
|
||||
s.cleanupStaleWaitingForUsers(usernames)
|
||||
|
||||
if len(usernames) == 0 {
|
||||
return nil, fmt.Errorf("플레이어 목록이 비어있습니다")
|
||||
@@ -104,7 +110,7 @@ func (s *Service) RequestEntry(usernames []string, bossID int) (*BossRoom, error
|
||||
SessionName: slot.SessionName,
|
||||
BossID: bossID,
|
||||
Status: StatusWaiting,
|
||||
MaxPlayers: defaultMaxPlayers,
|
||||
MaxPlayers: len(usernames),
|
||||
Players: string(playersJSON),
|
||||
}
|
||||
if err := txRepo.Create(room); err != nil {
|
||||
@@ -215,26 +221,19 @@ func (s *Service) CompleteRaid(sessionName string, rewards []PlayerReward) (*Bos
|
||||
hasRewardFailure := false
|
||||
if s.rewardGrant != nil {
|
||||
for _, r := range rewards {
|
||||
grantErr := s.grantWithRetry(r.Username, r.TokenAmount, r.Assets)
|
||||
lastTxID, grantErr := s.grantWithRetry(r.Username, r.TokenAmount, r.Assets)
|
||||
result := RewardResult{Username: r.Username, Success: grantErr == nil}
|
||||
if grantErr != nil {
|
||||
result.Error = grantErr.Error()
|
||||
log.Printf("보상 지급 실패 (재시도 소진): %s: %v", r.Username, grantErr)
|
||||
hasRewardFailure = true
|
||||
// 실패한 보상을 DB에 기록하여 백그라운드 재시도 가능하게 함
|
||||
s.saveRewardFailure(sessionName, r, grantErr)
|
||||
s.saveRewardFailure(sessionName, r, grantErr, lastTxID)
|
||||
}
|
||||
resultRewards = append(resultRewards, result)
|
||||
}
|
||||
}
|
||||
|
||||
// 보상 실패가 있으면 상태를 reward_failed로 업데이트 (completed → reward_failed)
|
||||
if hasRewardFailure {
|
||||
if err := s.repo.TransitionRoomStatus(sessionName, StatusCompleted, StatusRewardFailed, nil); err != nil {
|
||||
log.Printf("보상 실패 상태 업데이트 실패: %s: %v", sessionName, err)
|
||||
}
|
||||
}
|
||||
|
||||
// Grant experience to players (with retry)
|
||||
if s.expGrant != nil {
|
||||
for _, r := range rewards {
|
||||
@@ -242,17 +241,28 @@ func (s *Service) CompleteRaid(sessionName string, rewards []PlayerReward) (*Bos
|
||||
expErr := s.grantExpWithRetry(r.Username, r.Experience)
|
||||
if expErr != nil {
|
||||
log.Printf("경험치 지급 실패 (재시도 소진): %s: %v", r.Username, expErr)
|
||||
hasRewardFailure = true
|
||||
// 경험치 실패도 RewardFailure에 기록 (토큰/에셋 없이 경험치만)
|
||||
s.saveRewardFailure(sessionName, PlayerReward{
|
||||
Username: r.Username,
|
||||
Experience: r.Experience,
|
||||
}, expErr)
|
||||
}, expErr, "")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Reset slot to idle so it can accept new raids
|
||||
// 보상 실패(블록체인 또는 경험치)가 있으면 상태를 reward_failed로 업데이트
|
||||
if hasRewardFailure {
|
||||
if err := s.repo.TransitionRoomStatus(sessionName, StatusCompleted, StatusRewardFailed, nil); err != nil {
|
||||
log.Printf("보상 실패 상태 업데이트 실패: %s: %v", sessionName, err)
|
||||
}
|
||||
}
|
||||
|
||||
// BossRoom 삭제 후 슬롯 리셋 — 다음 파티가 즉시 슬롯 재사용 가능
|
||||
if err := s.repo.DeleteRoomBySessionName(sessionName); err != nil {
|
||||
log.Printf("BossRoom 삭제 실패 (complete): %s: %v", sessionName, err)
|
||||
}
|
||||
if err := s.repo.ResetRoomSlot(sessionName); err != nil {
|
||||
log.Printf("슬롯 리셋 실패 (complete): %s: %v", sessionName, err)
|
||||
}
|
||||
@@ -276,15 +286,20 @@ func (s *Service) FailRaid(sessionName string) (*BossRoom, error) {
|
||||
return nil, fmt.Errorf("상태 업데이트 실패: %w", err)
|
||||
}
|
||||
|
||||
// Reset slot to idle so it can accept new raids
|
||||
if err := s.repo.ResetRoomSlot(sessionName); err != nil {
|
||||
log.Printf("슬롯 리셋 실패 (fail): %s: %v", sessionName, err)
|
||||
}
|
||||
|
||||
// 응답용 room 조회 (삭제 전에 수행)
|
||||
room, err := s.repo.FindBySessionName(sessionName)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("방을 찾을 수 없습니다: %w", err)
|
||||
}
|
||||
|
||||
// BossRoom 삭제 후 슬롯 리셋 — 다음 파티가 즉시 슬롯 재사용 가능
|
||||
if err := s.repo.DeleteRoomBySessionName(sessionName); err != nil {
|
||||
log.Printf("BossRoom 삭제 실패 (fail): %s: %v", sessionName, err)
|
||||
}
|
||||
if err := s.repo.ResetRoomSlot(sessionName); err != nil {
|
||||
log.Printf("슬롯 리셋 실패 (fail): %s: %v", sessionName, err)
|
||||
}
|
||||
|
||||
return room, nil
|
||||
}
|
||||
|
||||
@@ -398,6 +413,36 @@ func (s *Service) RequestEntryWithTokens(usernames []string, bossID int) (*BossR
|
||||
return room, tokens, nil
|
||||
}
|
||||
|
||||
// cleanupStaleWaitingForUsers checks if any of the given users are stuck in
|
||||
// a waiting room whose entry token has already expired or been consumed.
|
||||
// If the pending token is gone from Redis, the room is abandoned and safe to remove.
|
||||
// If the token still exists, the room may have active loading players — leave it alone.
|
||||
func (s *Service) cleanupStaleWaitingForUsers(usernames []string) {
|
||||
ctx := context.Background()
|
||||
for _, username := range usernames {
|
||||
rooms, err := s.repo.FindWaitingRoomsByUsername(username)
|
||||
if err != nil || len(rooms) == 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
// pending entry token이 Redis에 남아있으면 정상 로딩 중일 수 있음 → 보존
|
||||
pendingKey := pendingEntryPrefix + username
|
||||
exists, _ := s.rdb.Exists(ctx, pendingKey).Result()
|
||||
if exists > 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
// 토큰 만료/소비됨 → 방 abandoned 확정, 정리
|
||||
for _, room := range rooms {
|
||||
log.Printf("abandoned 대기방 정리 (토큰 만료): session=%s, player=%s", room.SessionName, username)
|
||||
if err := s.repo.DeleteRoomBySessionName(room.SessionName); err != nil {
|
||||
log.Printf("대기방 삭제 실패: %v", err)
|
||||
}
|
||||
_ = s.repo.ResetRoomSlot(room.SessionName)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// --- Dedicated Server Management ---
|
||||
|
||||
const staleTimeout = 30 * time.Second
|
||||
@@ -448,7 +493,8 @@ func (s *Service) Heartbeat(instanceID string) error {
|
||||
return s.repo.UpdateHeartbeat(instanceID)
|
||||
}
|
||||
|
||||
// CheckStaleSlots resets slots whose instances have gone silent.
|
||||
// CheckStaleSlots resets slots whose instances have gone silent
|
||||
// and cleans up waiting rooms that have exceeded the timeout.
|
||||
func (s *Service) CheckStaleSlots() {
|
||||
threshold := time.Now().Add(-staleTimeout)
|
||||
count, err := s.repo.ResetStaleSlots(threshold)
|
||||
@@ -459,6 +505,17 @@ func (s *Service) CheckStaleSlots() {
|
||||
if count > 0 {
|
||||
log.Printf("스태일 슬롯 %d개 리셋", count)
|
||||
}
|
||||
|
||||
// waiting 상태로 너무 오래 머문 방 정리 (로딩 중 강제 종료 등)
|
||||
waitingThreshold := time.Now().Add(-waitingRoomTimeout)
|
||||
cleaned, err := s.repo.CleanupStaleWaitingRooms(waitingThreshold)
|
||||
if err != nil {
|
||||
log.Printf("스태일 대기방 정리 실패: %v", err)
|
||||
return
|
||||
}
|
||||
if cleaned > 0 {
|
||||
log.Printf("스태일 대기방 %d개 정리", cleaned)
|
||||
}
|
||||
}
|
||||
|
||||
// ResetRoom resets a room slot back to idle and cleans up any lingering BossRoom records.
|
||||
@@ -489,20 +546,26 @@ func (s *Service) GetServerStatus(serverName string) (*DedicatedServer, []RoomSl
|
||||
const immediateRetries = 3
|
||||
|
||||
// grantWithRetry attempts the reward grant up to 3 times with backoff (1s, 2s).
|
||||
func (s *Service) grantWithRetry(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
|
||||
// Returns the last attempted transaction ID (may be empty) and the error.
|
||||
func (s *Service) grantWithRetry(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
|
||||
delays := []time.Duration{1 * time.Second, 2 * time.Second}
|
||||
var lastErr error
|
||||
var lastTxID string
|
||||
for attempt := 0; attempt < immediateRetries; attempt++ {
|
||||
lastErr = s.rewardGrant(username, tokenAmount, assets)
|
||||
if lastErr == nil {
|
||||
return nil
|
||||
txID, err := s.rewardGrant(username, tokenAmount, assets)
|
||||
if txID != "" {
|
||||
lastTxID = txID
|
||||
}
|
||||
if err == nil {
|
||||
return txID, nil
|
||||
}
|
||||
lastErr = err
|
||||
if attempt < len(delays) {
|
||||
log.Printf("보상 지급 재시도 (%d/%d): %s: %v", attempt+1, immediateRetries, username, lastErr)
|
||||
time.Sleep(delays[attempt])
|
||||
}
|
||||
}
|
||||
return lastErr
|
||||
return lastTxID, lastErr
|
||||
}
|
||||
|
||||
// grantExpWithRetry attempts the experience grant up to 3 times with backoff (1s, 2s).
|
||||
@@ -523,7 +586,7 @@ func (s *Service) grantExpWithRetry(username string, exp int) error {
|
||||
}
|
||||
|
||||
// saveRewardFailure records a failed reward in the DB for background retry.
|
||||
func (s *Service) saveRewardFailure(sessionName string, r PlayerReward, grantErr error) {
|
||||
func (s *Service) saveRewardFailure(sessionName string, r PlayerReward, grantErr error, lastTxID string) {
|
||||
assets := "[]"
|
||||
if len(r.Assets) > 0 {
|
||||
if data, err := json.Marshal(r.Assets); err == nil {
|
||||
@@ -537,6 +600,7 @@ func (s *Service) saveRewardFailure(sessionName string, r PlayerReward, grantErr
|
||||
Assets: assets,
|
||||
Experience: r.Experience,
|
||||
Error: grantErr.Error(),
|
||||
LastTxID: lastTxID,
|
||||
}
|
||||
if err := s.repo.SaveRewardFailure(rf); err != nil {
|
||||
log.Printf("보상 실패 기록 저장 실패: %s/%s: %v", sessionName, r.Username, err)
|
||||
|
||||
@@ -226,8 +226,8 @@ func TestNewService_NilParams(t *testing.T) {
|
||||
|
||||
func TestSetRewardGranter(t *testing.T) {
|
||||
svc := NewService(nil, nil)
|
||||
svc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
|
||||
return nil
|
||||
svc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
|
||||
return "", nil
|
||||
})
|
||||
if svc.rewardGrant == nil {
|
||||
t.Error("rewardGrant should be set after SetRewardGranter")
|
||||
@@ -281,7 +281,7 @@ func newMockRepo() *mockRepo {
|
||||
// This lets us test business rules without external dependencies.
|
||||
type testableService struct {
|
||||
repo *mockRepo
|
||||
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error
|
||||
rewardGrant func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error)
|
||||
}
|
||||
|
||||
func (s *testableService) requestEntry(usernames []string, bossID int) (*BossRoom, error) {
|
||||
@@ -351,7 +351,7 @@ func (s *testableService) completeRaid(sessionName string, rewards []PlayerRewar
|
||||
var results []RewardResult
|
||||
if s.rewardGrant != nil {
|
||||
for _, r := range rewards {
|
||||
grantErr := s.rewardGrant(r.Username, r.TokenAmount, r.Assets)
|
||||
_, grantErr := s.rewardGrant(r.Username, r.TokenAmount, r.Assets)
|
||||
res := RewardResult{Username: r.Username, Success: grantErr == nil}
|
||||
if grantErr != nil {
|
||||
res.Error = grantErr.Error()
|
||||
@@ -453,9 +453,9 @@ func TestMock_CompleteRaid_WithRewardGranter(t *testing.T) {
|
||||
grantCalls := 0
|
||||
svc := &testableService{
|
||||
repo: newMockRepo(),
|
||||
rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
|
||||
rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
|
||||
grantCalls++
|
||||
return nil
|
||||
return "", nil
|
||||
},
|
||||
}
|
||||
room, _ := svc.requestEntry([]string{"p1"}, 1)
|
||||
@@ -478,8 +478,8 @@ func TestMock_CompleteRaid_WithRewardGranter(t *testing.T) {
|
||||
func TestMock_CompleteRaid_RewardFailure(t *testing.T) {
|
||||
svc := &testableService{
|
||||
repo: newMockRepo(),
|
||||
rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
|
||||
return fmt.Errorf("chain error")
|
||||
rewardGrant: func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
|
||||
return "", fmt.Errorf("chain error")
|
||||
},
|
||||
}
|
||||
room, _ := svc.requestEntry([]string{"p1"}, 1)
|
||||
|
||||
@@ -3,6 +3,7 @@ package chain
|
||||
import (
|
||||
"errors"
|
||||
"log"
|
||||
"log/slog"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
@@ -49,6 +50,10 @@ func validID(s string) bool {
|
||||
return s != "" && len(s) <= maxIDLength
|
||||
}
|
||||
|
||||
func validUsername(s string) bool {
|
||||
return len(s) >= 3 && len(s) <= 50
|
||||
}
|
||||
|
||||
// chainError classifies chain errors into appropriate HTTP responses.
|
||||
// TxError (on-chain execution failure) maps to 422 with the chain's error detail.
|
||||
// Other errors (network, timeout, build failures) remain 500.
|
||||
@@ -616,6 +621,39 @@ func (h *Handler) RegisterTemplate(c *fiber.Ctx) error {
|
||||
return c.Status(fiber.StatusCreated).JSON(result)
|
||||
}
|
||||
|
||||
// ExportWallet godoc
|
||||
// @Summary 개인키 내보내기
|
||||
// @Description 비밀번호 확인 후 현재 유저의 지갑 개인키를 반환합니다
|
||||
// @Tags Chain
|
||||
// @Accept json
|
||||
// @Produce json
|
||||
// @Security BearerAuth
|
||||
// @Param body body exportRequest true "비밀번호"
|
||||
// @Success 200 {object} map[string]string
|
||||
// @Failure 400 {object} docs.ErrorResponse
|
||||
// @Failure 401 {object} docs.ErrorResponse
|
||||
// @Router /api/chain/wallet/export [post]
|
||||
type exportRequest struct {
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
func (h *Handler) ExportWallet(c *fiber.Ctx) error {
|
||||
userID, err := getUserID(c)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
var req exportRequest
|
||||
if err := c.BodyParser(&req); err != nil || req.Password == "" {
|
||||
return c.Status(400).JSON(fiber.Map{"error": "password is required"})
|
||||
}
|
||||
slog.Warn("wallet export requested", "userID", userID, "ip", c.IP())
|
||||
privKeyHex, err := h.svc.ExportPrivKey(userID, req.Password)
|
||||
if err != nil {
|
||||
return c.Status(401).JSON(fiber.Map{"error": "invalid password"})
|
||||
}
|
||||
return c.JSON(fiber.Map{"privateKey": privKeyHex})
|
||||
}
|
||||
|
||||
// ---- Internal Handlers (game server, username-based) ----
|
||||
|
||||
// InternalGrantReward godoc
|
||||
@@ -640,8 +678,8 @@ func (h *Handler) InternalGrantReward(c *fiber.Ctx) error {
|
||||
if err := c.BodyParser(&req); err != nil {
|
||||
return apperror.ErrBadRequest
|
||||
}
|
||||
if !validID(req.Username) {
|
||||
return apperror.BadRequest("username은 필수입니다")
|
||||
if !validUsername(req.Username) {
|
||||
return apperror.BadRequest("username은 3~50자여야 합니다")
|
||||
}
|
||||
result, err := h.svc.GrantRewardByUsername(req.Username, req.TokenAmount, req.Assets)
|
||||
if err != nil {
|
||||
@@ -672,8 +710,8 @@ func (h *Handler) InternalMintAsset(c *fiber.Ctx) error {
|
||||
if err := c.BodyParser(&req); err != nil {
|
||||
return apperror.ErrBadRequest
|
||||
}
|
||||
if !validID(req.TemplateID) || !validID(req.Username) {
|
||||
return apperror.BadRequest("templateId와 username은 필수입니다")
|
||||
if !validID(req.TemplateID) || !validUsername(req.Username) {
|
||||
return apperror.BadRequest("templateId와 username은 필수입니다 (username: 3~50자)")
|
||||
}
|
||||
result, err := h.svc.MintAssetByUsername(req.TemplateID, req.Username, req.Properties)
|
||||
if err != nil {
|
||||
@@ -695,8 +733,8 @@ func (h *Handler) InternalMintAsset(c *fiber.Ctx) error {
|
||||
// @Router /api/internal/chain/balance [get]
|
||||
func (h *Handler) InternalGetBalance(c *fiber.Ctx) error {
|
||||
username := c.Query("username")
|
||||
if !validID(username) {
|
||||
return apperror.BadRequest("username은 필수입니다")
|
||||
if !validUsername(username) {
|
||||
return apperror.BadRequest("username은 3~50자여야 합니다")
|
||||
}
|
||||
result, err := h.svc.GetBalanceByUsername(username)
|
||||
if err != nil {
|
||||
@@ -720,8 +758,8 @@ func (h *Handler) InternalGetBalance(c *fiber.Ctx) error {
|
||||
// @Router /api/internal/chain/assets [get]
|
||||
func (h *Handler) InternalGetAssets(c *fiber.Ctx) error {
|
||||
username := c.Query("username")
|
||||
if !validID(username) {
|
||||
return apperror.BadRequest("username은 필수입니다")
|
||||
if !validUsername(username) {
|
||||
return apperror.BadRequest("username은 3~50자여야 합니다")
|
||||
}
|
||||
offset, limit := parsePagination(c)
|
||||
result, err := h.svc.GetAssetsByUsername(username, offset, limit)
|
||||
@@ -745,8 +783,8 @@ func (h *Handler) InternalGetAssets(c *fiber.Ctx) error {
|
||||
// @Router /api/internal/chain/inventory [get]
|
||||
func (h *Handler) InternalGetInventory(c *fiber.Ctx) error {
|
||||
username := c.Query("username")
|
||||
if !validID(username) {
|
||||
return apperror.BadRequest("username은 필수입니다")
|
||||
if !validUsername(username) {
|
||||
return apperror.BadRequest("username은 3~50자여야 합니다")
|
||||
}
|
||||
result, err := h.svc.GetInventoryByUsername(username)
|
||||
if err != nil {
|
||||
|
||||
@@ -17,4 +17,6 @@ type UserWallet struct {
|
||||
Address string `json:"address" gorm:"type:varchar(40);uniqueIndex;not null"`
|
||||
EncryptedPrivKey string `json:"-" gorm:"type:varchar(512);not null"`
|
||||
EncNonce string `json:"-" gorm:"type:varchar(48);not null"`
|
||||
KeyVersion int `json:"-" gorm:"type:tinyint;default:1;not null"`
|
||||
HKDFSalt string `json:"-" gorm:"type:varchar(32)"` // 16 bytes hex, nullable for v1
|
||||
}
|
||||
|
||||
@@ -29,3 +29,22 @@ func (r *Repository) FindByPubKeyHex(pubKeyHex string) (*UserWallet, error) {
|
||||
}
|
||||
return &w, nil
|
||||
}
|
||||
|
||||
// FindAllByKeyVersion returns all wallets with the given key version.
|
||||
func (r *Repository) FindAllByKeyVersion(version int) ([]UserWallet, error) {
|
||||
var wallets []UserWallet
|
||||
if err := r.db.Where("key_version = ?", version).Find(&wallets).Error; err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return wallets, nil
|
||||
}
|
||||
|
||||
// UpdateEncryption updates the encryption fields of a wallet.
|
||||
func (r *Repository) UpdateEncryption(id uint, encPrivKey, encNonce, hkdfSalt string, keyVersion int) error {
|
||||
return r.db.Model(&UserWallet{}).Where("id = ?", id).Updates(map[string]any{
|
||||
"encrypted_priv_key": encPrivKey,
|
||||
"enc_nonce": encNonce,
|
||||
"hkdf_salt": hkdfSalt,
|
||||
"key_version": keyVersion,
|
||||
}).Error
|
||||
}
|
||||
|
||||
@@ -4,28 +4,32 @@ import (
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"strconv"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/tolelom/tolchain/core"
|
||||
tocrypto "github.com/tolelom/tolchain/crypto"
|
||||
"github.com/tolelom/tolchain/wallet"
|
||||
"golang.org/x/crypto/hkdf"
|
||||
)
|
||||
|
||||
type Service struct {
|
||||
repo *Repository
|
||||
client *Client
|
||||
chainID string
|
||||
operatorWallet *wallet.Wallet
|
||||
encKeyBytes []byte // 32-byte AES-256 key
|
||||
userResolver func(username string) (uint, error)
|
||||
operatorMu sync.Mutex // serialises operator-nonce transactions
|
||||
userMu sync.Map // per-user mutex (keyed by userID uint)
|
||||
repo *Repository
|
||||
client *Client
|
||||
chainID string
|
||||
operatorWallet *wallet.Wallet
|
||||
encKeyBytes []byte // 32-byte AES-256 key
|
||||
userResolver func(username string) (uint, error)
|
||||
passwordVerifier func(userID uint, password string) error
|
||||
operatorMu sync.Mutex // serialises operator-nonce transactions
|
||||
userMu sync.Map // per-user mutex (keyed by userID uint)
|
||||
}
|
||||
|
||||
// SetUserResolver sets the callback that resolves username → userID.
|
||||
@@ -33,6 +37,24 @@ func (s *Service) SetUserResolver(fn func(username string) (uint, error)) {
|
||||
s.userResolver = fn
|
||||
}
|
||||
|
||||
func (s *Service) SetPasswordVerifier(fn func(userID uint, password string) error) {
|
||||
s.passwordVerifier = fn
|
||||
}
|
||||
|
||||
func (s *Service) ExportPrivKey(userID uint, password string) (string, error) {
|
||||
if s.passwordVerifier == nil {
|
||||
return "", fmt.Errorf("password verifier not configured")
|
||||
}
|
||||
if err := s.passwordVerifier(userID, password); err != nil {
|
||||
return "", err
|
||||
}
|
||||
w, _, err := s.loadUserWallet(userID)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return w.PrivKey().Hex(), nil
|
||||
}
|
||||
|
||||
// resolveUsername converts a username to the user's on-chain pubKeyHex.
|
||||
// If the user exists but has no wallet (e.g. legacy user or failed creation),
|
||||
// a wallet is auto-created on the fly.
|
||||
@@ -93,6 +115,16 @@ func NewService(
|
||||
|
||||
// ---- Wallet Encryption (AES-256-GCM) ----
|
||||
|
||||
func (s *Service) derivePerWalletKey(salt []byte, userID uint) ([]byte, error) {
|
||||
info := []byte("wallet:" + strconv.FormatUint(uint64(userID), 10))
|
||||
r := hkdf.New(sha256.New, s.encKeyBytes, salt, info)
|
||||
key := make([]byte, 32)
|
||||
if _, err := io.ReadFull(r, key); err != nil {
|
||||
return nil, fmt.Errorf("HKDF key derivation failed: %w", err)
|
||||
}
|
||||
return key, nil
|
||||
}
|
||||
|
||||
func (s *Service) encryptPrivKey(privKey tocrypto.PrivateKey) (cipherHex, nonceHex string, err error) {
|
||||
block, err := aes.NewCipher(s.encKeyBytes)
|
||||
if err != nil {
|
||||
@@ -134,6 +166,101 @@ func (s *Service) decryptPrivKey(cipherHex, nonceHex string) (tocrypto.PrivateKe
|
||||
return tocrypto.PrivateKey(plaintext), nil
|
||||
}
|
||||
|
||||
func (s *Service) encryptPrivKeyV2(privKey tocrypto.PrivateKey, userID uint) (cipherHex, nonceHex, saltHex string, err error) {
|
||||
salt := make([]byte, 16)
|
||||
if _, err := io.ReadFull(rand.Reader, salt); err != nil {
|
||||
return "", "", "", err
|
||||
}
|
||||
key, err := s.derivePerWalletKey(salt, userID)
|
||||
if err != nil {
|
||||
return "", "", "", err
|
||||
}
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
return "", "", "", err
|
||||
}
|
||||
gcm, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return "", "", "", err
|
||||
}
|
||||
nonce := make([]byte, gcm.NonceSize())
|
||||
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
|
||||
return "", "", "", err
|
||||
}
|
||||
cipherText := gcm.Seal(nil, nonce, []byte(privKey), nil)
|
||||
return hex.EncodeToString(cipherText), hex.EncodeToString(nonce), hex.EncodeToString(salt), nil
|
||||
}
|
||||
|
||||
func (s *Service) decryptPrivKeyV2(cipherHex, nonceHex, saltHex string, userID uint) (tocrypto.PrivateKey, error) {
|
||||
cipherText, err := hex.DecodeString(cipherHex)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
nonce, err := hex.DecodeString(nonceHex)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
salt, err := hex.DecodeString(saltHex)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
key, err := s.derivePerWalletKey(salt, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
gcm, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
plaintext, err := gcm.Open(nil, nonce, cipherText, nil)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("wallet decryption failed: %w", err)
|
||||
}
|
||||
return tocrypto.PrivateKey(plaintext), nil
|
||||
}
|
||||
|
||||
// ---- Wallet Migration ----
|
||||
|
||||
// MigrateWalletKeys re-encrypts all v1 wallets using HKDF per-wallet keys.
|
||||
// Each wallet is migrated individually; failures are logged and skipped.
|
||||
func (s *Service) MigrateWalletKeys() error {
|
||||
wallets, err := s.repo.FindAllByKeyVersion(1)
|
||||
if err != nil {
|
||||
return fmt.Errorf("query v1 wallets: %w", err)
|
||||
}
|
||||
if len(wallets) == 0 {
|
||||
return nil
|
||||
}
|
||||
log.Printf("INFO: migrating %d v1 wallets to v2 (HKDF)", len(wallets))
|
||||
var migrated, failed int
|
||||
for _, uw := range wallets {
|
||||
privKey, err := s.decryptPrivKey(uw.EncryptedPrivKey, uw.EncNonce)
|
||||
if err != nil {
|
||||
log.Printf("ERROR: v1 decrypt failed for walletID=%d userID=%d: %v", uw.ID, uw.UserID, err)
|
||||
failed++
|
||||
continue
|
||||
}
|
||||
cipherHex, nonceHex, saltHex, err := s.encryptPrivKeyV2(privKey, uw.UserID)
|
||||
if err != nil {
|
||||
log.Printf("ERROR: v2 encrypt failed for walletID=%d userID=%d: %v", uw.ID, uw.UserID, err)
|
||||
failed++
|
||||
continue
|
||||
}
|
||||
if err := s.repo.UpdateEncryption(uw.ID, cipherHex, nonceHex, saltHex, 2); err != nil {
|
||||
log.Printf("ERROR: DB update failed for walletID=%d userID=%d: %v", uw.ID, uw.UserID, err)
|
||||
failed++
|
||||
continue
|
||||
}
|
||||
migrated++
|
||||
}
|
||||
log.Printf("INFO: wallet migration complete: %d migrated, %d failed", migrated, failed)
|
||||
return nil
|
||||
}
|
||||
|
||||
// ---- Wallet Management ----
|
||||
|
||||
// CreateWallet generates a new keypair, encrypts it, and stores in DB.
|
||||
@@ -142,18 +269,18 @@ func (s *Service) CreateWallet(userID uint) (*UserWallet, error) {
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("key generation failed: %w", err)
|
||||
}
|
||||
|
||||
cipherHex, nonceHex, err := s.encryptPrivKey(w.PrivKey())
|
||||
cipherHex, nonceHex, saltHex, err := s.encryptPrivKeyV2(w.PrivKey(), userID)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("key encryption failed: %w", err)
|
||||
}
|
||||
|
||||
uw := &UserWallet{
|
||||
UserID: userID,
|
||||
PubKeyHex: w.PubKey(),
|
||||
Address: w.Address(),
|
||||
EncryptedPrivKey: cipherHex,
|
||||
EncNonce: nonceHex,
|
||||
KeyVersion: 2,
|
||||
HKDFSalt: saltHex,
|
||||
}
|
||||
if err := s.repo.Create(uw); err != nil {
|
||||
return nil, fmt.Errorf("wallet save failed: %w", err)
|
||||
@@ -171,7 +298,12 @@ func (s *Service) loadUserWallet(userID uint) (*wallet.Wallet, string, error) {
|
||||
if err != nil {
|
||||
return nil, "", fmt.Errorf("wallet not found: %w", err)
|
||||
}
|
||||
privKey, err := s.decryptPrivKey(uw.EncryptedPrivKey, uw.EncNonce)
|
||||
var privKey tocrypto.PrivateKey
|
||||
if uw.KeyVersion >= 2 {
|
||||
privKey, err = s.decryptPrivKeyV2(uw.EncryptedPrivKey, uw.EncNonce, uw.HKDFSalt, uw.UserID)
|
||||
} else {
|
||||
privKey, err = s.decryptPrivKey(uw.EncryptedPrivKey, uw.EncNonce)
|
||||
}
|
||||
if err != nil {
|
||||
log.Printf("WARNING: wallet decryption failed for userID=%d: %v", userID, err)
|
||||
return nil, "", fmt.Errorf("wallet decryption failed")
|
||||
|
||||
46
internal/chain/service_encryption_test.go
Normal file
46
internal/chain/service_encryption_test.go
Normal file
@@ -0,0 +1,46 @@
|
||||
package chain
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
tocrypto "github.com/tolelom/tolchain/crypto"
|
||||
)
|
||||
|
||||
func TestEncryptDecryptV2_Roundtrip(t *testing.T) {
|
||||
s := newTestService()
|
||||
priv, _, err := tocrypto.GenerateKeyPair()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
cipherHex, nonceHex, saltHex, err := s.encryptPrivKeyV2(priv, 42)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
got, err := s.decryptPrivKeyV2(cipherHex, nonceHex, saltHex, 42)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if got.Hex() != priv.Hex() {
|
||||
t.Errorf("roundtrip mismatch: got %s, want %s", got.Hex(), priv.Hex())
|
||||
}
|
||||
}
|
||||
|
||||
func TestDecryptV2_WrongUserID_Fails(t *testing.T) {
|
||||
s := newTestService()
|
||||
priv, _, _ := tocrypto.GenerateKeyPair()
|
||||
cipherHex, nonceHex, saltHex, _ := s.encryptPrivKeyV2(priv, 42)
|
||||
_, err := s.decryptPrivKeyV2(cipherHex, nonceHex, saltHex, 99)
|
||||
if err == nil {
|
||||
t.Error("expected error for wrong userID")
|
||||
}
|
||||
}
|
||||
|
||||
func TestV1V2_DifferentCiphertext(t *testing.T) {
|
||||
s := newTestService()
|
||||
priv, _, _ := tocrypto.GenerateKeyPair()
|
||||
v1cipher, _, _ := s.encryptPrivKey(priv)
|
||||
v2cipher, _, _, _ := s.encryptPrivKeyV2(priv, 1)
|
||||
if v1cipher == v2cipher {
|
||||
t.Error("v1 and v2 should produce different ciphertext")
|
||||
}
|
||||
}
|
||||
@@ -11,13 +11,17 @@ import (
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strings"
|
||||
"sync"
|
||||
)
|
||||
|
||||
const maxLauncherSize = 500 * 1024 * 1024 // 500MB
|
||||
|
||||
var versionRe = regexp.MustCompile(`v\d+\.\d+(\.\d+)?`)
|
||||
|
||||
type Service struct {
|
||||
repo *Repository
|
||||
gameDir string
|
||||
repo *Repository
|
||||
gameDir string
|
||||
uploadMu sync.Mutex
|
||||
}
|
||||
|
||||
func NewService(repo *Repository, gameDir string) *Service {
|
||||
@@ -37,6 +41,9 @@ func (s *Service) LauncherFilePath() string {
|
||||
}
|
||||
|
||||
func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error) {
|
||||
s.uploadMu.Lock()
|
||||
defer s.uploadMu.Unlock()
|
||||
|
||||
if err := os.MkdirAll(s.gameDir, 0755); err != nil {
|
||||
return nil, fmt.Errorf("디렉토리 생성 실패: %w", err)
|
||||
}
|
||||
@@ -49,9 +56,7 @@ func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error)
|
||||
return nil, fmt.Errorf("파일 생성 실패: %w", err)
|
||||
}
|
||||
|
||||
// NOTE: Partial uploads (client closes cleanly mid-transfer) are saved.
|
||||
// The hashGameExeFromZip check mitigates this for game uploads but not for launcher uploads.
|
||||
n, err := io.Copy(f, body)
|
||||
n, err := io.Copy(f, io.LimitReader(body, maxLauncherSize+1))
|
||||
if closeErr := f.Close(); closeErr != nil && err == nil {
|
||||
err = closeErr
|
||||
}
|
||||
@@ -61,6 +66,16 @@ func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error)
|
||||
}
|
||||
return nil, fmt.Errorf("파일 저장 실패: %w", err)
|
||||
}
|
||||
if n > maxLauncherSize {
|
||||
os.Remove(tmpPath)
|
||||
return nil, fmt.Errorf("런처 파일이 너무 큽니다 (최대 %dMB)", maxLauncherSize/1024/1024)
|
||||
}
|
||||
|
||||
// PE 헤더 검증 (MZ magic bytes)
|
||||
if err := validatePEHeader(tmpPath); err != nil {
|
||||
os.Remove(tmpPath)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := os.Rename(tmpPath, finalPath); err != nil {
|
||||
if removeErr := os.Remove(tmpPath); removeErr != nil {
|
||||
@@ -88,6 +103,9 @@ func (s *Service) UploadLauncher(body io.Reader, baseURL string) (*Info, error)
|
||||
|
||||
// Upload streams the body directly to disk, then extracts metadata from the zip.
|
||||
func (s *Service) Upload(filename string, body io.Reader, baseURL string) (*Info, error) {
|
||||
s.uploadMu.Lock()
|
||||
defer s.uploadMu.Unlock()
|
||||
|
||||
if err := os.MkdirAll(s.gameDir, 0755); err != nil {
|
||||
return nil, fmt.Errorf("디렉토리 생성 실패: %w", err)
|
||||
}
|
||||
@@ -153,6 +171,22 @@ func (s *Service) Upload(filename string, body io.Reader, baseURL string) (*Info
|
||||
return info, s.repo.Save(info)
|
||||
}
|
||||
|
||||
func validatePEHeader(path string) error {
|
||||
f, err := os.Open(path)
|
||||
if err != nil {
|
||||
return fmt.Errorf("파일 검증 실패: %w", err)
|
||||
}
|
||||
defer f.Close()
|
||||
header := make([]byte, 2)
|
||||
if _, err := io.ReadFull(f, header); err != nil {
|
||||
return fmt.Errorf("유효하지 않은 실행 파일입니다")
|
||||
}
|
||||
if header[0] != 'M' || header[1] != 'Z' {
|
||||
return fmt.Errorf("유효하지 않은 실행 파일입니다")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func hashFileToHex(path string) string {
|
||||
f, err := os.Open(path)
|
||||
if err != nil {
|
||||
|
||||
@@ -167,9 +167,9 @@ func (s *Service) SaveGameDataByUsername(username string, data *GameDataRequest)
|
||||
|
||||
// GrantExperience adds experience to a player and handles level ups + stat recalculation.
|
||||
func (s *Service) GrantExperience(userID uint, exp int) (*LevelUpResult, error) {
|
||||
profile, err := s.repo.FindByUserID(userID)
|
||||
profile, err := s.GetProfile(userID)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("프로필이 존재하지 않습니다")
|
||||
return nil, fmt.Errorf("프로필 조회/생성 실패: %w", err)
|
||||
}
|
||||
|
||||
result := ApplyExperience(profile.Level, profile.Experience, exp)
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"time"
|
||||
|
||||
"a301_server/pkg/apperror"
|
||||
"a301_server/pkg/config"
|
||||
"a301_server/pkg/metrics"
|
||||
"a301_server/pkg/middleware"
|
||||
|
||||
@@ -12,6 +13,7 @@ import (
|
||||
"github.com/gofiber/fiber/v2/middleware/cors"
|
||||
"github.com/gofiber/fiber/v2/middleware/limiter"
|
||||
"github.com/gofiber/fiber/v2/middleware/logger"
|
||||
"github.com/gofiber/fiber/v2/middleware/recover"
|
||||
"github.com/redis/go-redis/v9"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
@@ -23,6 +25,9 @@ func New() *fiber.App {
|
||||
BodyLimit: 4 * 1024 * 1024 * 1024, // 4GB
|
||||
ErrorHandler: middleware.ErrorHandler,
|
||||
})
|
||||
app.Use(recover.New(recover.Config{
|
||||
EnableStackTrace: true,
|
||||
}))
|
||||
app.Use(middleware.RequestID)
|
||||
app.Use(middleware.Metrics)
|
||||
app.Get("/metrics", metrics.Handler)
|
||||
@@ -32,8 +37,8 @@ func New() *fiber.App {
|
||||
}))
|
||||
app.Use(middleware.SecurityHeaders)
|
||||
app.Use(cors.New(cors.Config{
|
||||
AllowOrigins: "https://a301.tolelom.xyz",
|
||||
AllowHeaders: "Origin, Content-Type, Authorization, Idempotency-Key, X-API-Key",
|
||||
AllowOrigins: config.C.CORSAllowOrigins,
|
||||
AllowHeaders: "Origin, Content-Type, Authorization, Idempotency-Key, X-API-Key, X-Requested-With",
|
||||
AllowMethods: "GET, POST, PUT, PATCH, DELETE",
|
||||
AllowCredentials: true,
|
||||
}))
|
||||
@@ -68,6 +73,21 @@ func APILimiter() fiber.Handler {
|
||||
})
|
||||
}
|
||||
|
||||
// RefreshLimiter returns a rate limiter for refresh token endpoint (5 req/min per IP).
|
||||
// Separate from AuthLimiter to avoid NAT collisions while still preventing abuse.
|
||||
func RefreshLimiter() fiber.Handler {
|
||||
return limiter.New(limiter.Config{
|
||||
Max: 5,
|
||||
Expiration: 1 * time.Minute,
|
||||
KeyGenerator: func(c *fiber.Ctx) string {
|
||||
return "refresh:" + c.IP()
|
||||
},
|
||||
LimitReached: func(c *fiber.Ctx) error {
|
||||
return apperror.ErrRateLimited
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
// ChainUserLimiter returns a rate limiter for chain transactions (20 req/min per user).
|
||||
func ChainUserLimiter() fiber.Handler {
|
||||
return limiter.New(limiter.Config{
|
||||
|
||||
33
main.go
33
main.go
@@ -75,6 +75,11 @@ func main() {
|
||||
}
|
||||
chainHandler := chain.NewHandler(chainSvc)
|
||||
|
||||
// Migrate v1 wallets to v2 (HKDF per-wallet keys)
|
||||
if err := chainSvc.MigrateWalletKeys(); err != nil {
|
||||
log.Fatalf("wallet key migration failed: %v", err)
|
||||
}
|
||||
|
||||
userResolver := func(username string) (uint, error) {
|
||||
user, err := authRepo.FindByUsername(username)
|
||||
if err != nil {
|
||||
@@ -88,6 +93,7 @@ func main() {
|
||||
_, err := chainSvc.CreateWallet(userID)
|
||||
return err
|
||||
})
|
||||
chainSvc.SetPasswordVerifier(authSvc.VerifyPassword)
|
||||
|
||||
playerRepo := player.NewRepository(db)
|
||||
playerSvc := player.NewService(playerRepo)
|
||||
@@ -106,9 +112,12 @@ func main() {
|
||||
|
||||
brRepo := bossraid.NewRepository(db)
|
||||
brSvc := bossraid.NewService(brRepo, rdb)
|
||||
brSvc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
|
||||
_, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets)
|
||||
return err
|
||||
brSvc.SetRewardGranter(func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
|
||||
result, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets)
|
||||
if result != nil {
|
||||
return result.TxID, err
|
||||
}
|
||||
return "", err
|
||||
})
|
||||
brSvc.SetExpGranter(func(username string, exp int) error {
|
||||
return playerSvc.GrantExperienceByUsername(username, exp)
|
||||
@@ -137,7 +146,7 @@ func main() {
|
||||
|
||||
routes.Register(app, authHandler, annHandler, dlHandler, chainHandler, brHandler, playerHandler,
|
||||
server.AuthLimiter(), server.APILimiter(), server.HealthCheck(), server.ReadyCheck(db, rdb),
|
||||
server.ChainUserLimiter(), authMw, serverAuthMw, idempotencyReqMw)
|
||||
server.ChainUserLimiter(), authMw, serverAuthMw, idempotencyReqMw, server.RefreshLimiter())
|
||||
|
||||
// ── 백그라운드 워커 ──────────────────────────────────────────────
|
||||
|
||||
@@ -151,13 +160,23 @@ func main() {
|
||||
|
||||
rewardWorker := bossraid.NewRewardWorker(
|
||||
brRepo,
|
||||
func(username string, tokenAmount uint64, assets []core.MintAssetPayload) error {
|
||||
_, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets)
|
||||
return err
|
||||
func(username string, tokenAmount uint64, assets []core.MintAssetPayload) (string, error) {
|
||||
result, err := chainSvc.GrantRewardByUsername(username, tokenAmount, assets)
|
||||
if result != nil {
|
||||
return result.TxID, err
|
||||
}
|
||||
return "", err
|
||||
},
|
||||
func(username string, exp int) error {
|
||||
return playerSvc.GrantExperienceByUsername(username, exp)
|
||||
},
|
||||
func(txID string) (bool, error) {
|
||||
result, err := chainClient.GetTxStatus(txID)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return result != nil && result.Success, nil
|
||||
},
|
||||
)
|
||||
rewardWorker.Start()
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@ package config
|
||||
|
||||
import (
|
||||
"log"
|
||||
"net/url"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
@@ -35,6 +36,9 @@ type Config struct {
|
||||
OperatorKeyHex string
|
||||
WalletEncryptionKey string
|
||||
|
||||
// CORS
|
||||
CORSAllowOrigins string
|
||||
|
||||
// Server-to-server auth
|
||||
InternalAPIKey string
|
||||
|
||||
@@ -72,6 +76,8 @@ func Load() {
|
||||
OperatorKeyHex: getEnv("OPERATOR_KEY_HEX", ""),
|
||||
WalletEncryptionKey: getEnv("WALLET_ENCRYPTION_KEY", ""),
|
||||
|
||||
CORSAllowOrigins: getEnv("CORS_ALLOW_ORIGINS", "https://a301.tolelom.xyz"),
|
||||
|
||||
InternalAPIKey: getEnv("INTERNAL_API_KEY", ""),
|
||||
|
||||
SSAFYClientID: getEnv("SSAFY_CLIENT_ID", ""),
|
||||
@@ -83,6 +89,9 @@ func Load() {
|
||||
if raw := getEnv("CHAIN_NODE_URLS", ""); raw != "" {
|
||||
for _, u := range strings.Split(raw, ",") {
|
||||
if u = strings.TrimSpace(u); u != "" {
|
||||
if parsed, err := url.Parse(u); err != nil || parsed.Scheme == "" || parsed.Host == "" {
|
||||
log.Fatalf("FATAL: invalid CHAIN_NODE_URL: %q (must be http:// or https://)", u)
|
||||
}
|
||||
C.ChainNodeURLs = append(C.ChainNodeURLs, u)
|
||||
}
|
||||
}
|
||||
@@ -114,8 +123,23 @@ func WarnInsecureDefaults() {
|
||||
log.Println("WARNING: WALLET_ENCRYPTION_KEY is empty — blockchain wallet features will fail")
|
||||
}
|
||||
|
||||
if isProd {
|
||||
if C.DBPassword == "" {
|
||||
log.Println("FATAL: DB_PASSWORD must be set in production")
|
||||
insecure = true
|
||||
}
|
||||
if C.OperatorKeyHex == "" {
|
||||
log.Println("FATAL: OPERATOR_KEY_HEX must be set in production")
|
||||
insecure = true
|
||||
}
|
||||
if C.InternalAPIKey == "" {
|
||||
log.Println("FATAL: INTERNAL_API_KEY must be set in production")
|
||||
insecure = true
|
||||
}
|
||||
}
|
||||
|
||||
if isProd && insecure {
|
||||
log.Fatal("FATAL: insecure default secrets detected in production — set JWT_SECRET, REFRESH_SECRET, and ADMIN_PASSWORD")
|
||||
log.Fatal("FATAL: insecure defaults detected in production — check warnings above")
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -9,23 +9,41 @@ import (
|
||||
)
|
||||
|
||||
// ErrorHandler is a Fiber error handler that returns structured JSON for AppError.
|
||||
// Includes requestID in error responses for log correlation.
|
||||
func ErrorHandler(c *fiber.Ctx, err error) error {
|
||||
requestID, _ := c.Locals("requestID").(string)
|
||||
|
||||
var appErr *apperror.AppError
|
||||
if errors.As(err, &appErr) {
|
||||
return c.Status(appErr.Status).JSON(appErr)
|
||||
resp := fiber.Map{
|
||||
"error": appErr.Code,
|
||||
"message": appErr.Message,
|
||||
}
|
||||
if requestID != "" {
|
||||
resp["requestId"] = requestID
|
||||
}
|
||||
return c.Status(appErr.Status).JSON(resp)
|
||||
}
|
||||
|
||||
// Default Fiber error handling
|
||||
var fiberErr *fiber.Error
|
||||
if errors.As(err, &fiberErr) {
|
||||
return c.Status(fiberErr.Code).JSON(fiber.Map{
|
||||
resp := fiber.Map{
|
||||
"error": "server_error",
|
||||
"message": fiberErr.Message,
|
||||
})
|
||||
}
|
||||
if requestID != "" {
|
||||
resp["requestId"] = requestID
|
||||
}
|
||||
return c.Status(fiberErr.Code).JSON(resp)
|
||||
}
|
||||
|
||||
return c.Status(500).JSON(fiber.Map{
|
||||
resp := fiber.Map{
|
||||
"error": "internal_error",
|
||||
"message": "서버 오류가 발생했습니다",
|
||||
})
|
||||
}
|
||||
if requestID != "" {
|
||||
resp["requestId"] = requestID
|
||||
}
|
||||
return c.Status(500).JSON(resp)
|
||||
}
|
||||
|
||||
@@ -57,9 +57,9 @@ func Idempotency(rdb *redis.Client) fiber.Handler {
|
||||
// Atomically claim the key using SET NX (only succeeds if key doesn't exist)
|
||||
set, err := rdb.SetNX(ctx, redisKey, "processing", idempotencyTTL).Result()
|
||||
if err != nil {
|
||||
// Redis error — let the request through rather than blocking
|
||||
log.Printf("WARNING: idempotency SetNX failed (key=%s): %v", key, err)
|
||||
return c.Next()
|
||||
// Redis error — reject to prevent duplicate transactions
|
||||
log.Printf("ERROR: idempotency SetNX failed (key=%s): %v", key, err)
|
||||
return apperror.New("internal_error", "서버 오류가 발생했습니다. 잠시 후 다시 시도해주세요", 503)
|
||||
}
|
||||
|
||||
if !set {
|
||||
|
||||
@@ -28,6 +28,7 @@ func Register(
|
||||
authMw fiber.Handler,
|
||||
serverAuthMw fiber.Handler,
|
||||
idempotencyReqMw fiber.Handler,
|
||||
refreshLimiter fiber.Handler,
|
||||
) {
|
||||
// Swagger UI
|
||||
app.Get("/swagger/*", swagger.HandlerDefault)
|
||||
@@ -80,7 +81,7 @@ func Register(
|
||||
a := api.Group("/auth")
|
||||
a.Post("/register", authLimiter, authH.Register)
|
||||
a.Post("/login", authLimiter, authH.Login)
|
||||
a.Post("/refresh", authLimiter, authH.Refresh)
|
||||
a.Post("/refresh", refreshLimiter, authH.Refresh)
|
||||
a.Post("/logout", authMw, authH.Logout)
|
||||
// /verify moved to internal API (ServerAuth) — see internal section below
|
||||
a.Get("/ssafy/login", authH.SSAFYLoginURL)
|
||||
@@ -112,6 +113,7 @@ func Register(
|
||||
// Chain - Queries (authenticated)
|
||||
ch := api.Group("/chain", authMw)
|
||||
ch.Get("/wallet", chainH.GetWalletInfo)
|
||||
ch.Post("/wallet/export", chainH.ExportWallet)
|
||||
ch.Get("/balance", chainH.GetBalance)
|
||||
ch.Get("/assets", chainH.GetAssets)
|
||||
ch.Get("/asset/:id", chainH.GetAsset)
|
||||
|
||||
Reference in New Issue
Block a user