Merge pull request #600 from gnuboard/fix/error

fix, feat: 회원가입 및 REST API 이슈 및 오류사항 수정

Author: KimTom89

api/settings.py

@@ -21,6 +21,7 @@ class ApiSettings(BaseSettings):
 
     AUTH_ALGORITHM: str = "HS256"  # JWT 알고리즘
     AUTH_ISSUER: str = "g6_rest_api"  # JWT 발급자
+    AUTH_AUDIENCE: str = "g6_rest_api"  # JWT 대상자
 
     ACCESS_TOKEN_EXPIRE_MINUTES: float = 30
     REFRESH_TOKEN_EXPIRE_MINUTES: float = 60 * 24 * 14  # 14 days

api/v1/auth/jwt.py

@@ -54,8 +54,10 @@ def create_token(token_type: TokenType, data: dict = None) -> str:
         exp = datetime.now() + timedelta(minutes=expires_minute)
         to_encode.update({
             "iss": api_settings.AUTH_ISSUER,
-            "iat": iat.timestamp(),
-            "exp": exp.timestamp()})
+            "aud": api_settings.AUTH_AUDIENCE,
+            "nbf": int(iat.timestamp()),
+            "iat": int(iat.timestamp()),
+            "exp": int(exp.timestamp())})
 
         return encode(to_encode, secret_key, algorithm=api_settings.AUTH_ALGORITHM)
 
@@ -85,13 +87,14 @@ def decode_token(token: str, secret_key: str) -> dict:
                 token,
                 secret_key,
                 algorithms=[api_settings.AUTH_ALGORITHM],
+                audience=api_settings.AUTH_AUDIENCE,
             )
             return TokenPayload(**payload)
         except ExpiredSignatureError as e:
-            http_exception.detail = "Token has expired"
+            http_exception.detail = f"Token has expired. {e}"
             raise http_exception from e
         except InvalidTokenError as e:
-            http_exception.detail = "Could not validate credentials"
+            http_exception.detail = f"Could not validate credentials. {e}"
             raise http_exception from e
         except Exception as e:
             http_exception.detail = str(e)

api/v1/dependencies/member.py

@@ -2,7 +2,7 @@
 from typing import Optional
 from typing_extensions import Annotated
 
-from fastapi import Depends, HTTPException, status
+from fastapi import Body, Depends, HTTPException, Path, status
 
 from core.models import Member
 
@@ -12,6 +12,8 @@
 from api.v1.service.member import MemberServiceAPI, ValidateMemberAPI
 from api.v1.models.auth import TokenPayload
 from api.v1.models.member import CreateMember, UpdateMember
+from lib.common import is_none_datetime
+from lib.pbkdf2 import validate_password
 
 
 async def get_current_member(
@@ -73,8 +75,10 @@ def validate_create_data(
 ):
     """회원 가입시 회원 정보의 유효성을 검사합니다."""
     validate.valid_id(data.mb_id)
+    validate.valid_name(data.mb_name)
     validate.valid_nickname(data.mb_nick)
     validate.valid_email(data.mb_email)
+    validate.valid_recommend(data.mb_recommend, data.mb_id)
 
     return data
 
@@ -104,3 +108,28 @@ def validate_update_data(
         del data.mb_open_date
 
     return data
+
+
+
+def validate_certify_email_member(
+    member_service: Annotated[MemberServiceAPI, Depends()],
+    mb_id: Annotated[str, Path(..., title="회원 아이디", description="회원 아이디")],
+    password: Annotated[str, Body(..., title="비밀번호", description="회원 비밀번호")],
+):
+    """
+    인증 이메일 변경시 회원 정보의 유효성을 검사합니다.
+    """
+    member = member_service.fetch_member_by_id(mb_id)
+    if not validate_password(password, member.mb_password):
+        raise HTTPException(
+            status_code=400,
+            detail="비밀번호가 올바르지 않습니다.",
+        )
+
+    if not is_none_datetime(member.mb_email_certify):
+        raise HTTPException(
+            status_code=409,
+            detail="이미 메일인증을 진행한 회원입니다.",
+        )
+
+    return member

api/v1/models/__init__.py

@@ -35,6 +35,7 @@ class Tags(Enum):
     """API 태그를 정의합니다."""
     AUTH = "인증"
     BOARD = "게시판"
+    CAPTCHA = "캡차"
     GROUP = "게시판그룹"
     CONFIG = "환경설정"
     CONTENT = "컨텐츠"

api/v1/models/auth.py

@@ -18,7 +18,7 @@ class TokenPayload(BaseModel):
     iss: str = None
     sub: str = None
     aud: str = None
-    exp: float = None
+    exp: int = None
     nbf: int = None
-    iat: float = None
+    iat: int = None
     jti: str = None

api/v1/models/member.py

@@ -17,8 +17,8 @@ class CreateMember(BaseModel):
 
     mb_id: str = Body(..., min_length=3, max_length=20, pattern=r"^[a-zA-Z0-9_]+$",
                       title="아이디", description="3~20자의 영문, 숫자, _만 사용 가능합니다.")
-    mb_password: str = Body(..., title="비밀번호")
-    mb_password_re: str = Body(..., title="비밀번호 확인")
+    mb_password: str = Body(..., title="비밀번호", min_length=4, max_length=20)
+    mb_password_re: str = Body(..., title="비밀번호 확인", min_length=4, max_length=20)
     mb_nick: str = Body(..., title="닉네임")
     mb_name: str = Body(..., title="이름")
     mb_sex: str = Body("", pattern=r"^[mf]?$", title="성별")
@@ -86,8 +86,8 @@ class UpdateMember(BaseModel):
     # 추가 필드 허용
     model_config = ConfigDict(extra='allow')
 
-    mb_password: str = Body(None, title="비밀번호")
-    mb_password_re: str = Body(None, title="비밀번호 확인")
+    mb_password: str = Body(None, title="비밀번호", min_length=4, max_length=20)
+    mb_password_re: str = Body(None, title="비밀번호 확인", min_length=4, max_length=20)
     mb_nick: str = Body(None, title="닉네임")
     mb_sex: str = Body(None, pattern=r"^[mf]?$", title="성별")
     mb_email: EmailStr = Body(..., title="이메일", description="이메일 형식에 맞게 입력해주세요.")
@@ -106,6 +106,17 @@ class UpdateMember(BaseModel):
     mb_sms: int = Body(None, title="SMS 수신 여부")
     mb_open: int = Body(None, title="회원정보 공개 여부")
 
+    mb_1: str
+    mb_2: str
+    mb_3: str
+    mb_4: str
+    mb_5: str
+    mb_6: str
+    mb_7: str
+    mb_8: str
+    mb_9: str
+    mb_10: str
+
     @field_validator('mb_zip', mode='after')
     @classmethod
     def divide_zip(cls, v: str) -> str:
@@ -160,6 +171,17 @@ class MemberResponse(BaseModel):
     mb_icon_path: str
     mb_image_path: str
 
+    mb_1: str
+    mb_2: str
+    mb_3: str
+    mb_4: str
+    mb_5: str
+    mb_6: str
+    mb_7: str
+    mb_8: str
+    mb_9: str
+    mb_10: str
+
     @model_validator(mode='before')
     def init_fields(self) -> 'MemberResponse':
         """

api/v1/models/response.py

@@ -7,6 +7,12 @@ class MessageResponse(BaseModel):
     """메시지 응답 모델 (API Docs)"""
     message: str
 
+response_400 = {
+    status.HTTP_400_BAD_REQUEST: {
+        "model": MessageResponse,
+        "description": "잘못된 요청"
+    }
+}
 
 response_401 = {
     status.HTTP_401_UNAUTHORIZED: {

api/v1/routers/__init__.py

@@ -5,7 +5,7 @@
 from api.v1.dependencies.current_connect import set_current_connect
 from api.v1.models import Tags
 from api.v1.routers import (
-    auth, autosave, board, board_good, board_new, config, content,
+    auth, autosave, board, board_good, board_new, captcha, config, content,
     current_connect, faq, member, memo, menu, newwin, point, poll, popular,
     qa, scrap, search, visit, group
 )
@@ -17,11 +17,12 @@
                                  Depends(set_current_connect)])
 router.include_router(auth.router, tags=[Tags.AUTH])
 router.include_router(board.router, prefix="/boards", tags=[Tags.BOARD])
-router.include_router(group.router, prefix="/groups", tags=[Tags.GROUP])
+router.include_router(captcha.router, tags=[Tags.CAPTCHA])
 router.include_router(config.router, tags=[Tags.CONFIG])
 router.include_router(content.router, tags=[Tags.CONTENT])
 router.include_router(current_connect.router, tags=[Tags.CURRENT_CONNECT])
 router.include_router(faq.router, tags=[Tags.FAQ])
+router.include_router(group.router, prefix="/groups", tags=[Tags.GROUP])
 router.include_router(member.router, tags=[Tags.MEMBER])
 router.include_router(memo.router, prefix="/member", tags=[Tags.MEMO])
 router.include_router(menu.router, tags=[Tags.MENU])

api/v1/routers/auth.py

@@ -34,7 +34,7 @@ async def login_for_access_token(
     access_token, access_token_expire_at = _create_token_and_expiration(
         TokenType.ACCESS, member.mb_id)
     refresh_token, refresh_token_expire_at = _create_token_and_expiration(
-        TokenType.REFRESH)
+        TokenType.REFRESH, member.mb_id)
 
     # 기존 Refresh Token 삭제
     db.execute(
@@ -78,7 +78,7 @@ async def refresh_access_token(
     access_token, access_token_expire_at = _create_token_and_expiration(
         TokenType.ACCESS, member_refresh_token.mb_id)
     refresh_token, refresh_token_expire_at = _create_token_and_expiration(
-        TokenType.REFRESH)
+        TokenType.REFRESH, member_refresh_token.mb_id)
 
     # 데이터베이스의 refresh_token 갱신
     member_refresh_token.updated_at = datetime.now()

api/v1/routers/captcha.py

@@ -0,0 +1,36 @@
+"""캡차 API Router"""
+from typing_extensions import Annotated
+from fastapi import APIRouter, Body, HTTPException, Request
+
+from api.v1.models.response import (
+    MessageResponse, response_400, response_404, response_422
+)
+from lib.captcha import get_current_captcha_cls
+
+router = APIRouter(prefix="/captcha")
+
+
+@router.post("/recaptcha/verify",
+             summary="구글 reCAPTCHA 유효성 검사",
+             responses={**response_400, **response_404, **response_422})
+async def recaptcha_verify(
+    request: Request,
+    recaptcha_response: Annotated[str, Body()] = None,
+) -> MessageResponse:
+    """
+    구글 reCAPTCHA 유효성 검사
+    
+    #### Request Body
+    - recaptcha_response: 구글 reCAPTCHA 응답 토큰
+    """
+    config = request.state.config
+
+    captcha_cls = get_current_captcha_cls(config)
+    if not captcha_cls:
+        raise HTTPException(status_code=404, detail="사용할 수 있는 캡차가 없습니다.")
+
+    captcha = captcha_cls(config)
+    if captcha and (not await captcha.verify(recaptcha_response)):
+        raise HTTPException(status_code=400, detail="캡차가 올바르지 않습니다.")
+
+    return {"message": "캡차가 올바릅니다."}

api/v1/routers/member.py

@@ -1,25 +1,21 @@
 """회원 관련 API Router"""
 from datetime import datetime
+import secrets
 from typing_extensions import Annotated
 
 from fastapi import (
-    APIRouter, BackgroundTasks, Depends, File, Form, Path, Query,
+    APIRouter, BackgroundTasks, Body, Depends, File, Form, Path, Query,
     Request, status, UploadFile
 )
 from sqlalchemy import delete
 
-from api.v1.service.point import PointServiceAPI
 from bbs.social import SocialAuthService
 from core.database import db_session
 from core.models import Member
-from lib.mail import send_password_reset_mail, send_register_mail
+from lib.mail import send_password_reset_mail, send_register_admin_mail, send_register_mail
 
 from api.v1.dependencies.member import (
-    get_current_member, validate_create_data, validate_update_data
-)
-from api.v1.service.member import (
-    MemberServiceAPI,
-    MemberImageServiceAPI as ImageService
+    get_current_member, validate_certify_email_member, validate_create_data, validate_update_data
 )
 from api.v1.models import MemberRefreshToken
 from api.v1.models.member import (
@@ -30,6 +26,12 @@
 from api.v1.models.response import (
     MessageResponse, response_401, response_403, response_404, response_409, response_422
 )
+from api.v1.service.member import (
+    MemberServiceAPI,
+    MemberImageServiceAPI as ImageService,
+    ValidateMemberAPI
+)
+from api.v1.service.point import PointServiceAPI
 
 router = APIRouter()
 
@@ -70,6 +72,7 @@ async def create_member(
 
     # 회원가입메일 발송 처리(백그라운드)
     background_tasks.add_task(send_register_mail, request, member)
+    background_tasks.add_task(send_register_admin_mail, request, member)
 
     message = "회원가입이 완료되었습니다."
     if member.mb_email_certify2:
@@ -83,6 +86,37 @@ async def create_member(
     }
 
 
+@router.put("/members/{mb_id}/email-certification/change",
+            summary="인증 이메일 변경",
+            responses={**response_403, **response_409, **response_422})
+async def certificate_email_change(
+    request: Request,
+    db: db_session,
+    member_vaildate: Annotated[ValidateMemberAPI, Depends()],
+    member: Annotated[Member, Depends(validate_certify_email_member)],
+    email: Annotated[str, Body(..., title="이메일", description="변경할 이메일")],
+) -> MessageResponse:
+    """
+    메일인증을 처리하지 않은 회원의 메일을 변경하고 인증메일을 재전송합니다.
+    
+    #### Request Body
+    - email: 변경할 이메일 주소
+    - password: 회원 비밀번호
+    """
+    member_vaildate.valid_email(email, member.mb_id)
+
+    # 이메일 및 인증코드 변경
+    member.mb_email = email
+    member.mb_email_certify2 = secrets.token_hex(16)
+    db.commit()
+    db.refresh(member)
+
+    # 인증메일 재전송
+    await send_register_mail(request, member)
+
+    return {"message": f"{email} 주소로 인증 메일을 재전송 했습니다."}
+
+
 @router.put("/members/{mb_id}/email-certification",
             summary="회원가입 메일인증 처리")
 async def certificate_email(