Check-Data-Out · Jihyun3478 · May 3, 2025 · Apr 20, 2025 · Apr 20, 2025 · Apr 21, 2025
diff --git a/src/app.ts b/src/app.ts
@@ -13,6 +13,8 @@ import { NotFoundError } from './exception';
 dotenv.config();
 
 const app: Application = express();
+// 실제 클라이언트 IP를 알기 위한 trust proxy 설정
+app.set('trust proxy', true);
 const swaggerSpec = swaggerJSDoc(options);
 
 app.use(cookieParser());

diff --git a/src/controllers/user.controller.ts b/src/controllers/user.controller.ts
@@ -1,7 +1,13 @@
 import { NextFunction, Request, Response, RequestHandler, CookieOptions } from 'express';
 import logger from '@/configs/logger.config';
 import { EmptyResponseDto, LoginResponseDto, UserWithTokenDto } from '@/types';
+import { QRLoginTokenResponseDto } from '@/types/dto/responses/qrResponse.type';
 import { UserService } from '@/services/user.service';
+import { InvalidTokenError, TokenExpiredError } from '@/exception/token.exception';
+import { NotFoundError } from '@/exception';
+
+type Token10 = string & { __lengthBrand: 10 };
+
 export class UserController {
  constructor(private userService: UserService) { }
 
@@ -102,4 +108,64 @@ export class UserController {
 
  res.status(200).json(response);
  };
+
+ createToken: RequestHandler = async (
+ req: Request,
+ res: Response<QRLoginTokenResponseDto>,
+ next: NextFunction,
+ ) => {
+ try {
+ const user = req.user;
+ const ip = typeof req.headers['x-forwarded-for'] === 'string' ? req.headers['x-forwarded-for'].split(',')[0].trim() : req.ip ?? '';
+ const userAgent = req.headers['user-agent'] || '';
+
+ const token = await this.userService.create(user.id, ip, userAgent);
+ const typedToken = token as Token10;
+
+ const response = new QRLoginTokenResponseDto(
+ true,
+ 'QR 토큰 생성 완료',
+ { token: typedToken },
+ null
+ );
+ res.status(200).json(response);
+ } catch (error) {
+ logger.error(`QR 토큰 생성 실패: [userId: ${req.user?.id || 'anonymous'}]`, error);
+ next(error);
+ }
+ };
+
+ getToken: RequestHandler = async (req: Request, res: Response, next: NextFunction) => {
+ try {
+ const token = req.query.token as string;
+ if (!token) {
+ throw new InvalidTokenError('토큰이 필요합니다.');
+ }
+
+ const found = await this.userService.useToken(token);
+ if (!found) {
+ throw new TokenExpiredError();
+ }
+
+ const user = await this.userService.findByVelogUUID(found.user.toString());
+ if (!user) throw new NotFoundError('유저를 찾을 수 없습니다.');
+
+ const { decryptedAccessToken, decryptedRefreshToken } = this.userService.getDecryptedTokens( 
+ user.group_id, 
+ user.access_token, 
+ user.refresh_token 
+ );
+
+ res.clearCookie('access_token', this.cookieOption());
+ res.clearCookie('refresh_token', this.cookieOption());
+
+ res.cookie('access_token', decryptedAccessToken, this.cookieOption());
+ res.cookie('refresh_token', decryptedRefreshToken, this.cookieOption());
+
+ res.redirect('/main');
+ } catch (error) {
+ logger.error(`QR 토큰 로그인 처리 실패: [userId: ${req.user?.id || 'anonymous'}]`, error);
+ next(error);
+ }
+ };
 }
diff --git a/src/repositories/__test__/qr.repo.integration.test.ts b/src/repositories/__test__/qr.repo.integration.test.ts
@@ -0,0 +1,147 @@
+import dotenv from 'dotenv';
+import { Pool } from 'pg';
+import pg from 'pg';
+import { UserRepository } from '@/repositories/user.repository';
+import { generateRandomToken } from '@/utils/generateRandomToken.util';
+import logger from '@/configs/logger.config';
+
+dotenv.config();
+jest.setTimeout(5000);
+
+describe('QRLoginTokenRepository 통합 테스트', () => {
+ let testPool: Pool;
+ let repo: UserRepository;
+
+ const TEST_DATA = {
+ USER_ID: 1,
+ };
+
+ beforeAll(async () => {
+ const testPoolConfig: pg.PoolConfig = {
+ database: process.env.DATABASE_NAME,
+ user: process.env.POSTGRES_USER,
+ host: process.env.POSTGRES_HOST,
+ password: process.env.POSTGRES_PASSWORD,
+ port: Number(process.env.POSTGRES_PORT),
+ max: 1,
+ idleTimeoutMillis: 30000,
+ connectionTimeoutMillis: 5000,
+ allowExitOnIdle: false,
+ statement_timeout: 30000,
+ };
+
+ if (process.env.POSTGRES_HOST !== 'localhost') {
+ testPoolConfig.ssl = { rejectUnauthorized: false };
+ }
+
+ testPool = new Pool(testPoolConfig);
+
+ await testPool.query('SELECT 1');
+ logger.info('테스트 DB 연결 성공');
+
+ repo = new UserRepository(testPool);
+ });
+
+ afterAll(async () => {
+ try {
+ await testPool.query(
+ `
+ DELETE FROM users_qrlogintoken
+ WHERE ip_address = '127.0.0.1'
+ AND user_agent = 'test-agent'
+ AND user_id = $1
+ `,
+ [TEST_DATA.USER_ID]
+ );
+
+ await new Promise(resolve => setTimeout(resolve, 1000));
+
+ if (testPool) {
+ await testPool.end();
+ }
+
+ await new Promise(resolve => setTimeout(resolve, 1000));
+ logger.info('테스트 DB 연결 종료 및 테스트 데이터 정리 완료');
+ } catch (error) {
+ logger.error('테스트 종료 중 오류:', error);
+ }
+ });
+
+ describe('QR 토큰 생성 및 조회', () => {
+ it('QR 토큰을 생성하고 정상 조회할 수 있어야 한다', async () => {
+ const token = generateRandomToken();
+ const ip = '127.0.0.1';
+ const userAgent = 'test-agent';
+
+ await repo.createQRLoginToken(token, TEST_DATA.USER_ID, ip, userAgent);
+ const foundToken = await repo.findQRLoginToken(token);
+
+ expect(foundToken).not.toBeNull();
+ expect(foundToken?.token).toBe(token);
+ expect(foundToken?.is_used).toBe(false);
+ if (foundToken) { 
+ expect(new Date(foundToken.expires_at).getTime()).toBeGreaterThan(new Date(foundToken.created_at).getTime()); 
+ }
+ });
+
+ it('존재하지 않는 토큰 조회 시 null을 반환해야 한다', async () => {
+ const invalidToken = generateRandomToken();
+ const result = await repo.findQRLoginToken(invalidToken);
+
+ expect(result).toBeNull();
+ });
+ });
+
+ describe('QR 토큰 사용 처리', () => {
+ it('QR 토큰을 사용 처리한 후 조회되지 않아야 한다', async () => {
+ const token = generateRandomToken();
+ const ip = '127.0.0.1';
+ const userAgent = 'test-agent';
+
+ await repo.createQRLoginToken(token, TEST_DATA.USER_ID, ip, userAgent);
+ await repo.markTokenUsed(token);
+
+ const found = await repo.findQRLoginToken(token);
+
+ expect(found).toBeNull();
+ });
+ });
+
+ describe('QR 토큰 만료 처리', () => {
+ it('만료된 토큰은 조회되지 않아야 한다', async () => {
+ const token = generateRandomToken();
+ const ip = '127.0.0.1';
+ const userAgent = 'test-agent';
+
+ await testPool.query(
+ `
+ INSERT INTO users_qrlogintoken (token, user_id, created_at, expires_at, is_used, ip_address, user_agent)
+ VALUES ($1, $2, NOW() - INTERVAL '10 minutes', NOW() - INTERVAL '5 minutes', false, $3, $4)
+ `,
+ [token, TEST_DATA.USER_ID, ip, userAgent]
+ );
+
+ const found = await repo.findQRLoginToken(token);
+
+ expect(found).toBeNull();
+ });
+
+ it('만료되고 사용된 토큰도 조회되지 않아야 한다', async () => {
+ const token = generateRandomToken();
+ const ip = '127.0.0.1';
+ const userAgent = 'test-agent';
+
+ await testPool.query(
+ `
+ INSERT INTO users_qrlogintoken (token, user_id, created_at, expires_at, is_used, ip_address, user_agent)
+ VALUES ($1, $2, NOW() - INTERVAL '10 minutes', NOW() - INTERVAL '5 minutes', true, $3, $4)
+ `,
+ [token, TEST_DATA.USER_ID, ip, userAgent]
+ );
+
+ const found = await repo.findQRLoginToken(token);
+
+ expect(found).toBeNull();
+ });
+ });
+});
diff --git a/src/repositories/__test__/qr.repo.test.ts b/src/repositories/__test__/qr.repo.test.ts
@@ -0,0 +1,80 @@
+import { UserRepository } from '@/repositories/user.repository';
+import { DBError } from '@/exception';
+import { Pool } from 'pg';
+
+const mockPool: Partial<Pool> = {
+ query: jest.fn(),
+};
+
+describe('QRLoginTokenRepository', () => {
+ let repo: UserRepository;
+
+ beforeEach(() => {
+ repo = new UserRepository(mockPool as Pool);
+ });
+
+ afterEach(() => {
+ jest.clearAllMocks();
+ });
+
+ describe('createQRLoginToken', () => {
+ it('QR 토큰을 성공적으로 삽입해야 한다', async () => {
+ (mockPool.query as jest.Mock).mockResolvedValueOnce(undefined);
+
+ await expect(
+ repo.createQRLoginToken('token', 1, 'ip', 'agent')
+ ).resolves.not.toThrow();
+
+ expect(mockPool.query).toHaveBeenCalled();
+ });
+
+ it('삽입 중 오류 발생 시 DBError를 던져야 한다', async () => {
+ (mockPool.query as jest.Mock).mockRejectedValueOnce(new Error('fail'));
+
+ await expect(
+ repo.createQRLoginToken('token', 1, 'ip', 'agent')
+ ).rejects.toThrow(DBError);
+ });
+ });
+
+ describe('findQRLoginToken', () => {
+ it('토큰이 존재할 경우 반환해야 한다', async () => {
+ const mockTokenData = { token: 'token', user: 1 };
+ (mockPool.query as jest.Mock).mockResolvedValueOnce({ rows: [mockTokenData] });
+
+ const result = await repo.findQRLoginToken('token');
+ expect(result).toEqual(mockTokenData);
+ });
+
+ it('토큰이 존재하지 않으면 null을 반환해야 한다', async () => {
+ (mockPool.query as jest.Mock).mockResolvedValueOnce({ rows: [] });
+
+ const result = await repo.findQRLoginToken('token');
+ expect(result).toBeNull();
+ });
+
+ it('조회 중 오류 발생 시 DBError를 던져야 한다', async () => {
+ (mockPool.query as jest.Mock).mockRejectedValueOnce(new Error('fail'));
+
+ await expect(repo.findQRLoginToken('token')).rejects.toThrow(DBError);
+ });
+ });
+
+ describe('markTokenUsed', () => {
+ it('토큰을 사용 처리해야 한다', async () => {
+ (mockPool.query as jest.Mock).mockResolvedValueOnce(undefined);
+
+ await expect(repo.markTokenUsed('token')).resolves.not.toThrow();
+ expect(mockPool.query).toHaveBeenCalledWith(
+ expect.stringContaining('UPDATE users_qrlogintoken SET is_used = true'),
+ ['token']
+ );
+ });
+
+ it('토큰 사용 처리 중 오류 발생 시 DBError를 던져야 한다', async () => {
+ (mockPool.query as jest.Mock).mockRejectedValueOnce(new Error('fail'));
+
+ await expect(repo.markTokenUsed('token')).rejects.toThrow(DBError);
+ });
+ });
+});
diff --git a/src/repositories/user.repository.ts b/src/repositories/user.repository.ts
@@ -1,10 +1,11 @@
 import { Pool } from 'pg';
 import logger from '@/configs/logger.config';
 import { User } from '@/types';
+import { QRLoginToken } from "@/types/models/QRLoginToken.type";
 import { DBError } from '@/exception';
 
 export class UserRepository {
- constructor(private readonly pool: Pool) { }
+ constructor(private readonly pool: Pool) {}
 
  async findByUserVelogUUID(uuid: string): Promise<User> {
  try {
@@ -91,4 +92,44 @@ export class UserRepository {
  throw new DBError('유저 생성 중 문제가 발생했습니다.');
  }
  }
+
+ async createQRLoginToken(token: string, userId: number, ip: string, userAgent: string): Promise<void> {
+ try {
+ const query = `
+ INSERT INTO users_qrlogintoken (token, user_id, created_at, expires_at, is_used, ip_address, user_agent)
+ VALUES ($1, $2, NOW(), NOW() + INTERVAL '5 minutes', false, $3, $4);
+ `;
+ await this.pool.query(query, [token, userId, ip, userAgent]);
+ } catch (error) {
+ logger.error('QRLoginToken Repo Create Error : ', error);
+ throw new DBError('QR 코드 토큰 생성 중 문제가 발생했습니다.');
+ }
+ }
+
+ async findQRLoginToken(token: string): Promise<QRLoginToken | null> {
+ try {
+ const query = `
+ SELECT *
+ FROM users_qrlogintoken
+ WHERE token = $1 AND is_used = false AND expires_at > NOW();
+ `;
+ const result = await this.pool.query(query, [token]);
+ return result.rows[0] ?? null;
+ } catch (error) {
+ logger.error('QRLoginToken Repo find QR Code Error : ', error);
+ throw new DBError('QR 코드 토큰 조회 중 문제가 발생했습니다.');
+ }
+ }
+
+ async markTokenUsed(token: string): Promise<void> {
+ try {
+ const query = `
+ UPDATE users_qrlogintoken SET is_used = true WHERE token = $1;
+ `;
+ await this.pool.query(query, [token]);
+ } catch (error) {
+ logger.error('QRLoginToken Repo mark as used Error : ', error);
+ throw new DBError('QR 코드 사용 처리 중 문제가 발생했습니다.');
+ }
+ }
 }
diff --git a/src/routes/index.ts b/src/routes/index.ts
@@ -14,4 +14,5 @@ router.use('/', UserRouter);
 router.use('/', PostRouter);
 router.use('/', NotiRouter);
 router.use('/', LeaderboardRouter);
+
 export default router;