diff --git a/.gitignore b/.gitignore index da1f147..8162bd2 100644 --- a/.gitignore +++ b/.gitignore @@ -51,7 +51,7 @@ Dockerfile #------------------------- # CI ignore #------------------------- -app/Config/App.php +#app/Config/App.php #------------------------- # Temporary Files @@ -71,6 +71,13 @@ writable/uploads/* writable/debugbar/* !writable/debugbar/index.html +# Ignore writable but keep directory structure +!/writable/logs/.gitkeep +!/writable/cache/.gitkeep +!/writable/session/.gitkeep +!/writable/debugbar/.gitkeep +!/writable/uploads/.gitkeep + php_errors.log #------------------------- @@ -135,4 +142,32 @@ _modules/* .history/ -.README \ No newline at end of file +.README + +# 1. 민감한 환경 설정 파일 (필수) +# 실제 환경 변수 값이 담긴 파일은 Git에 절대 포함하지 않습니다. +#/.env + +# 2. Composer 종속성 (필수) +# CI/CD에서 'composer install'로 재설치합니다. +/vendor/ + +# 3. CI4가 생성하는 런타임 파일 (필수) +# 캐시, 로그, 세션 등은 서버에서 생성 및 관리되어야 합니다. +/writable/cache/* +/writable/logs/* +/writable/session/* + +# 4. IDE 및 OS 생성 파일 +# 개발 환경에서만 필요한 파일 (Windows/MacOS/Linux 등) +.idea/ +.vscode/ +*.swp +.DS_Store + +# 5. 빌드 및 테스트 부산물 (선택적) +# 특정 IDE나 빌드 도구가 생성하는 파일은 추가합니다. +/build/ +/dist/ +/node_modules/ +.env diff --git a/app/Commands/NaverWorker.php b/app/Commands/NaverWorker.php new file mode 100644 index 0000000..580e25b --- /dev/null +++ b/app/Commands/NaverWorker.php @@ -0,0 +1,107 @@ +connect($redisHost, $redisPort); + + CLI::write('Worker started. Listening on naver:queue...'); + + while (true) { + // 메인 큐 및 재시도 큐에서 데이터 꺼내기 (Blocking Pop, 5초 타임아웃) + // LIFO (lPush/brPop) 사용 시: ['naver:queue:retry', 'naver:queue'] + $item = $redis->brPop(['naver:worker_queue'], 5); + + if ($item) { + $payload = json_decode($item[1], true); + $this->process($redis, $payload); // Redis 객체를 process에 전달 + } + } + } + + private function process(\Redis $redis, $payload) + { + $articleNum = $payload['articleNumbr']; + $requestType = $payload['reqeustType']; + $retryCount = $payload['retry_count'] ?? 0; + + CLI::write("Processing {$requestType} for {$articleNum} (Attempt: " . ($retryCount + 1) . ")"); + + if (!in_array($requestType, ['REG', 'MOD'])) { + CLI::write("Skipping non-verification request {$requestType} for {$articleNum}"); + return; + } + + // 1. 네이버 CP API 호출 + $client = \Config\Services::curlrequest([ + 'timeout' => 10, + // ... (인증 헤더 설정 등 이전 답변의 보안 관련 항목 추가) + ]); + $url = "https://네이버CP/kiso/center/verification-article/{$articleNum}"; + + try { + $response = $client->get($url); + $statusCode = $response->getStatusCode(); + + if ($statusCode >= 200 && $statusCode < 300) { + // 2. 성공 처리 + CLI::write("✅ SUCCESS: {$requestType} for {$articleNum} (Status: {$statusCode})"); + // 성공 시 DB에 결과 업데이트 등 후속 작업 진행 + } else { + // 3. API 실패 (4xx, 5xx 에러) + $this->handleFailure($redis, $payload, $retryCount, "API returned Status: {$statusCode}"); + } + } catch (\Exception $e) { + // 4. 네트워크/타임아웃 오류 + $this->handleFailure($redis, $payload, $retryCount, "Network Error: " . $e->getMessage()); + } + } + + private function handleFailure(\Redis $redis, $payload, $retryCount, $reason) + { + $articleNum = $payload['articleNumbr']; + + if ($retryCount < self::MAX_RETRIES) { + // 5. 재시도 로직: 재시도 횟수 증가 및 큐에 다시 푸시 + $payload['retry_count'] = $retryCount + 1; + + // 지연된 재시도를 위해 Sorted Set (ZADD) 또는 별도의 큐 사용을 고려할 수 있으나, + // 여기서는 단순성을 위해 즉시 재시도 큐에 넣고 sleep을 사용하는 방식을 가정합니다. + // **주의: 실제 프로덕션 환경에서는 `Redis ZSET`을 사용하여 지연된 작업을 처리하는 것이 더 일반적입니다.** + + // 단순 재시도 큐 (ZSET을 사용하지 않는 경우) + $redis->lPush('naver:queue:retry', json_encode($payload)); + + // CLI 환경에서 재시도 간 지연 시간을 강제 (Blocking pop을 쓰므로 실제 지연은 다음 worker 실행 시 발생) + CLI::error("Attempt {$retryCount} FAILED for {$articleNum}. Reason: {$reason}. Retrying later."); + + } else { + // 6. 최종 실패 처리: DLQ로 이동 + $payload['fail_reason'] = $reason; + $payload['fail_time'] = date('Y-m-d H:i:s'); + + $redis->lPush('naver:queue:dlq', json_encode($payload)); + + CLI::error("❌ CRITICAL FAIL: {$articleNum} moved to DLQ after " . self::MAX_RETRIES . " attempts."); + } + } +} \ No newline at end of file diff --git a/app/Config/App.php b/app/Config/App.php new file mode 100644 index 0000000..b4c64a6 --- /dev/null +++ b/app/Config/App.php @@ -0,0 +1,202 @@ + + */ + public array $allowedHostnames = []; + + /** + * -------------------------------------------------------------------------- + * Index File + * -------------------------------------------------------------------------- + * + * Typically, this will be your `index.php` file, unless you've renamed it to + * something else. If you have configured your web server to remove this file + * from your site URIs, set this variable to an empty string. + */ + public string $indexPage = ''; + + /** + * -------------------------------------------------------------------------- + * URI PROTOCOL + * -------------------------------------------------------------------------- + * + * This item determines which server global should be used to retrieve the + * URI string. The default setting of 'REQUEST_URI' works for most servers. + * If your links do not seem to work, try one of the other delicious flavors: + * + * 'REQUEST_URI': Uses $_SERVER['REQUEST_URI'] + * 'QUERY_STRING': Uses $_SERVER['QUERY_STRING'] + * 'PATH_INFO': Uses $_SERVER['PATH_INFO'] + * + * WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded! + */ + public string $uriProtocol = 'REQUEST_URI'; + + /* + |-------------------------------------------------------------------------- + | Allowed URL Characters + |-------------------------------------------------------------------------- + | + | This lets you specify which characters are permitted within your URLs. + | When someone tries to submit a URL with disallowed characters they will + | get a warning message. + | + | As a security measure you are STRONGLY encouraged to restrict URLs to + | as few characters as possible. + | + | By default, only these are allowed: `a-z 0-9~%.:_-` + | + | Set an empty string to allow all characters -- but only if you are insane. + | + | The configured value is actually a regular expression character group + | and it will be used as: '/\A[]+\z/iu' + | + | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! + | + */ + public string $permittedURIChars = 'a-z 0-9~%.:_\-'; + + /** + * -------------------------------------------------------------------------- + * Default Locale + * -------------------------------------------------------------------------- + * + * The Locale roughly represents the language and location that your visitor + * is viewing the site from. It affects the language strings and other + * strings (like currency markers, numbers, etc), that your program + * should run under for this request. + */ + public string $defaultLocale = 'en'; + + /** + * -------------------------------------------------------------------------- + * Negotiate Locale + * -------------------------------------------------------------------------- + * + * If true, the current Request object will automatically determine the + * language to use based on the value of the Accept-Language header. + * + * If false, no automatic detection will be performed. + */ + public bool $negotiateLocale = false; + + /** + * -------------------------------------------------------------------------- + * Supported Locales + * -------------------------------------------------------------------------- + * + * If $negotiateLocale is true, this array lists the locales supported + * by the application in descending order of priority. If no match is + * found, the first locale will be used. + * + * IncomingRequest::setLocale() also uses this list. + * + * @var list + */ + public array $supportedLocales = ['en']; + + /** + * -------------------------------------------------------------------------- + * Application Timezone + * -------------------------------------------------------------------------- + * + * The default timezone that will be used in your application to display + * dates with the date helper, and can be retrieved through app_timezone() + * + * @see https://www.php.net/manual/en/timezones.php for list of timezones + * supported by PHP. + */ + public string $appTimezone = 'UTC'; + + /** + * -------------------------------------------------------------------------- + * Default Character Set + * -------------------------------------------------------------------------- + * + * This determines which character set is used by default in various methods + * that require a character set to be provided. + * + * @see http://php.net/htmlspecialchars for a list of supported charsets. + */ + public string $charset = 'UTF-8'; + + /** + * -------------------------------------------------------------------------- + * Force Global Secure Requests + * -------------------------------------------------------------------------- + * + * If true, this will force every request made to this application to be + * made via a secure connection (HTTPS). If the incoming request is not + * secure, the user will be redirected to a secure version of the page + * and the HTTP Strict Transport Security (HSTS) header will be set. + */ + public bool $forceGlobalSecureRequests = false; + + /** + * -------------------------------------------------------------------------- + * Reverse Proxy IPs + * -------------------------------------------------------------------------- + * + * If your server is behind a reverse proxy, you must whitelist the proxy + * IP addresses from which CodeIgniter should trust headers such as + * X-Forwarded-For or Client-IP in order to properly identify + * the visitor's IP address. + * + * You need to set a proxy IP address or IP address with subnets and + * the HTTP header for the client IP address. + * + * Here are some examples: + * [ + * '10.0.1.200' => 'X-Forwarded-For', + * '192.168.5.0/24' => 'X-Real-IP', + * ] + * + * @var array + */ + public array $proxyIPs = []; + + /** + * -------------------------------------------------------------------------- + * Content Security Policy + * -------------------------------------------------------------------------- + * + * Enables the Response's Content Secure Policy to restrict the sources that + * can be used for images, scripts, CSS files, audio, video, etc. If enabled, + * the Response object will populate default values for the policy from the + * `ContentSecurityPolicy.php` file. Controllers can always add to those + * restrictions at run time. + * + * For a better understanding of CSP, see these documents: + * + * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/ + * @see http://www.w3.org/TR/CSP/ + */ + public bool $CSPEnabled = false; +} diff --git a/app/Config/Cache.php b/app/Config/Cache.php index 1169c95..1b9c141 100644 --- a/app/Config/Cache.php +++ b/app/Config/Cache.php @@ -21,7 +21,7 @@ class Cache extends BaseConfig * The name of the preferred handler that should be used. If for some reason * it is not available, the $backupHandler will be used in its place. */ - public string $handler = 'file'; + public string $handler = 'redis'; /** * -------------------------------------------------------------------------- @@ -114,13 +114,7 @@ class Cache extends BaseConfig * * @var array{host?: string, password?: string|null, port?: int, timeout?: int, database?: int} */ - public array $redis = [ - 'host' => '127.0.0.1', - 'password' => null, - 'port' => 6379, - 'timeout' => 0, - 'database' => 0, - ]; + public array $redis = []; /** * -------------------------------------------------------------------------- @@ -159,4 +153,22 @@ class Cache extends BaseConfig * @var bool|list */ public $cacheQueryString = false; + + + public function __construct() + { + parent::__construct(); + + // Redis 설정에 .env 값을 할당 (이전 논의된 Docker 호스트 이름 'redis' 사용) + $this->redis = [ + 'host' => env('redis.default.host', '127.0.0.1'), + 'password' => env('redis.default.password', null), + 'port' => (int)env('redis.default.port', 6379), + 'timeout' => (int)env('redis.default.timeout', 0), + 'database' => (int)env('redis.default.database', 0) + ]; + + // 필요하다면, 이 생성자에서 $handler나 $backupHandler 같은 다른 설정도 + // 환경 변수에 따라 동적으로 설정할 수 있습니다. + } } diff --git a/app/Config/Filters.php b/app/Config/Filters.php index 2d029f6..cca04dc 100644 --- a/app/Config/Filters.php +++ b/app/Config/Filters.php @@ -35,6 +35,7 @@ class Filters extends BaseFilters 'pagecache' => PageCache::class, 'performance' => PerformanceMetrics::class, 'auth' => \App\Filters\AuthCheck::class, + 'jsInjector' => \App\Filters\JavascriptInjector::class, ]; /** @@ -84,13 +85,15 @@ class Filters extends BaseFilters 'index.php/login/*', // /index.php/login/* 'register', // 회원가입 등 'register/*', - 'api/*', // 필요하면 API는 예외 + 'kiso/*', // 필요하면 API는 예외 ], ], ], 'after' => [ // 'honeypot', // 'secureheaders', + 'jsInjector', // 모든 페이지 응답 후에 실행 + 'toolbar', ], ]; diff --git a/app/Config/Routes.php b/app/Config/Routes.php index e0217b8..f969561 100644 --- a/app/Config/Routes.php +++ b/app/Config/Routes.php @@ -247,3 +247,16 @@ $routes->group('manage', ['namespace' => 'App\Controllers\Manage'], function ($r * 로그인 API */ $routes->post('/login/chkLogin', 'Login::chkLogin'); + + +/* + * -------------------------------------------------------------------- + * Additional Routing + * -------------------------------------------------------------------- + * + * 이 영역에서 다른 라우트 파일을 로드할 수 있습니다. + */ + +if (is_file($filepath = APPPATH . 'Config/Routes/Api.php')) { + require $filepath; +} diff --git a/app/Config/Routes/Api.php b/app/Config/Routes/Api.php new file mode 100644 index 0000000..9961c47 --- /dev/null +++ b/app/Config/Routes/Api.php @@ -0,0 +1,10 @@ +group('kiso', function(RouteCollection $routes) { + $routes->match(['get', 'post'], 'api/vrfcReq', 'KisoController::vrfcReq'); +}); \ No newline at end of file diff --git a/app/Controllers/KisoController.php b/app/Controllers/KisoController.php new file mode 100644 index 0000000..d7af24a --- /dev/null +++ b/app/Controllers/KisoController.php @@ -0,0 +1,80 @@ +request->is('post') ) { + // POST 방식: JSON Body에서 데이터 가져오기 + $data = $this->request->getJSON(true); + } else if ( $this->request->is('get') ) { + // GET 방식: Query Parameter에서 데이터 가져오기 + $data = $this->request->getGet(); + } else { + // 지원하지 않는 메소드 처리 (예: PUT, DELETE 등) + return $this->response->setStatusCode(Response::HTTP_METHOD_NOT_ALLOWED) + ->setJSON(['resultCode' => 'E005', 'resultMessage' => 'Method not allowed. Use GET or POST.']); + } + + // 2. 필수 항목 검증 + $requiredKeys = ['articleNumber', 'requestType', 'requestDatetime']; + + foreach ($requiredKeys as $key) { + // 파싱된 데이터($data) 내에 키가 없거나 값이 비어있는지 확인 + if (empty($data[$key])) { + return $this->response->setStatusCode(Response::HTTP_BAD_REQUEST) + ->setJSON([ + 'resultCode' => 'E001', + 'resultMessage' => "Missing required parameter: {$key}" + ]); + } + } + + // 3. Redis 연결 및 예외 처리 + // 3. Redis 연결 및 직접 푸시 + try { + $redis = new \Redis(); + // Docker 환경이므로 host를 'redis'로 설정 + $success = $redis->connect('redis', 6379); + + if (!$success) { + throw new \Exception('Redis connection failed'); + } + + $redis->select(10); // 10번 DB 선택 + + // 데이터 준비 + $data['retry_count'] = 0; + + // 리스트에 데이터 삽입 (이 명령어가 실행되어야 monitor에 LPUSH가 뜹니다) + $redis->lPush('naver:queue', json_encode($data)); + + } catch (\Exception $e) { + log_message('error', 'Redis Push Error: ' . $e->getMessage()); + return $this->response->setStatusCode(500)->setJSON([ + 'resultCode' => 'E999', + 'resultMessage' => 'Redis Connection Error' + ]); + } + + // 4. 성공 응답 + return $this->response->setStatusCode(Response::HTTP_ACCEPTED) // 202 Accepted + ->setJSON([ + 'resultCode' => 'S000', + 'resultMessage' => 'Request successfully queued for processing', + 'articleNumber' => $data['articleNumber'] + ]); + } +} \ No newline at end of file diff --git a/app/Filters/JavascriptInjector.php b/app/Filters/JavascriptInjector.php new file mode 100644 index 0000000..fee49ff --- /dev/null +++ b/app/Filters/JavascriptInjector.php @@ -0,0 +1,39 @@ +getHeaderLine('Content-Type'), 'text/html') === false) return; + + // .env에서 서버 이름 가져오기 (없으면 'Unknown' 또는 컨테이너ID) + $serverAlias = env('APP_SERVER_NAME') ?? gethostname(); + $envMode = ENVIRONMENT; + + $scriptTag = " + + "; + + $body = $response->getBody(); + if (strpos($body, '') !== false) { + $response->setBody(str_replace('', $scriptTag . '', $body)); + } + } +} \ No newline at end of file diff --git a/app/Views/layouts/footer.php b/app/Views/layouts/footer.php index f273d1d..0d87401 100644 --- a/app/Views/layouts/footer.php +++ b/app/Views/layouts/footer.php @@ -34,4 +34,24 @@ --> + + + + +
+
+
+
+ Current Mode: +
+ +
+ IP: +
+
+
\ No newline at end of file diff --git a/public/common/js/de.js b/public/common/js/de.js new file mode 100644 index 0000000..450533e --- /dev/null +++ b/public/common/js/de.js @@ -0,0 +1,43 @@ +(function() { + // 1. 환경 데이터 가져오기 (없으면 기본값 production) + const info = window.SERVER_INFO || { alias: 'UNKNOWN', env: 'production' }; + + // 2. 운영 환경이면 실행 중단 (표시 안 함) + if (info.env === 'production') { + return; + } + + // 3. 테스트/로컬 환경일 때 스타일 설정 (강렬한 빨간색) + const bgColor = '#dc3545'; // 경고 의미의 빨간색 + const textColor = '#ffffff'; + const borderColor = '#a71d2a'; // 더 어두운 빨간색 테두리 + + // 4. 상태바 생성 및 스타일 적용 + const statusDiv = document.createElement('div'); + Object.assign(statusDiv.style, { + position: 'fixed', + bottom: '0', + left: '0', + width: '100%', + height: '32px', + backgroundColor: bgColor, + color: textColor, + textAlign: 'center', + fontSize: '14px', + lineHeight: '32px', + fontWeight: '900', + zIndex: '2147483647', // 최상단 레이어 보장 + opacity: '1', + pointerEvents: 'none', // 클릭 방해 금지 + boxShadow: '0 -4px 15px rgba(0,0,0,0.4)', + borderTop: `3px solid ${borderColor}`, + letterSpacing: '0.5px', + fontFamily: 'system-ui, -apple-system, sans-serif' + }); + + // 5. 출력 문구 (서버 이름 강조) + statusDiv.innerHTML = `⚠️ [TEST SERVER] NAME: ${info.alias} | HOST: ${window.location.hostname} ⚠️`; + + // 6. 문서에 추가 + document.body.appendChild(statusDiv); +})(); \ No newline at end of file