애플리케이션(RP) 관리 기능 구현 및 Ory Keto 권한 연동

backend/cmd/server/main.go

@@ -173,6 +173,13 @@ func main() {
 		slog.Info("✅ Connected to Ory ClickHouse")
 	}
 
+	redisService, err := service.NewRedisService()
+	if err != nil {
+		slog.Warn("Failed to connect to Redis. Auth features may fail.", "error", err)
+	}
+
+	ketoService := service.NewKetoService()
+
 	// PostgreSQL (Meta Store)
 	pgHost := getEnv("DB_HOST", "localhost")
 	pgPort := getEnv("DB_PORT", "5432")
@@ -205,17 +212,16 @@ func main() {
 		// Run Bootstrap (Migrations & Seeding)
 		if err := bootstrap.Run(db); err != nil {
 			slog.Error("❌ Bootstrap failed", "error", err)
-			// Panic or Exit depending on policy.
+		}
+
+		// [New] Sync existing data to Keto
+		if ketoService != nil {
+			if err := bootstrap.SyncKetoRelations(db, ketoService); err != nil {
+				slog.Warn("⚠️ Keto synchronization failed during startup", "error", err)
+			}
 		}
 	}
 
-	redisService, err := service.NewRedisService()
-	if err != nil {
-		slog.Warn("Failed to connect to Redis. Auth features may fail.", "error", err)
-	}
-
-	ketoService := service.NewKetoService()
-
 	// Oathkeeper 상태를 주기적으로 확인해 다운을 감지합니다.
 	var oathkeeperProbe *HTTPProbe
 	if strings.ToLower(getEnv("OATHKEEPER_HEALTH_ENABLED", "true")) != "false" {
@@ -243,12 +249,16 @@ func main() {
 	tenantService := service.NewTenantService(tenantRepo)
 	tenantService.SetKetoService(ketoService) // Keto 주입
 	userRepo := repository.NewUserRepository(db)
+	relyingPartyRepo := repository.NewRelyingPartyRepository(db)
+	hydraService := service.NewHydraAdminService()
+	relyingPartyService := service.NewRelyingPartyService(relyingPartyRepo, hydraService, ketoService)
 
 	auditHandler := handler.NewAuditHandler(auditRepo)
 	authHandler := handler.NewAuthHandler(redisService, idpProvider, auditRepo, oathkeeperRepo, tenantService, ketoService, userRepo)
 	adminHandler := handler.NewAdminHandler()
 	devHandler := handler.NewDevHandler(redisService)
 	tenantHandler := handler.NewTenantHandler(db, tenantService)
+	relyingPartyHandler := handler.NewRelyingPartyHandler(relyingPartyService)
 	kratosAdminService := service.NewKratosAdminService()
 	oryAdminProvider := service.NewOryProvider()
 	userHandler := handler.NewUserHandler(kratosAdminService, oryAdminProvider, tenantService, ketoService, userRepo)
@@ -550,6 +560,35 @@ func main() {
 	admin.Put("/tenants/:id", requireSuperAdmin, tenantHandler.UpdateTenant)
 	admin.Delete("/tenants/:id", requireSuperAdmin, tenantHandler.DeleteTenant)
 
+	// Relying Party Management (Global List)
+	admin.Get("/relying-parties", requireAdmin, relyingPartyHandler.ListAll)
+
+	// Relying Party Management (Tenant Context)
+	admin.Post("/tenants/:tenantId/relying-parties",
+		requireAdmin,
+		middleware.RequireKetoPermission(middleware.RBACConfig{AuthHandler: authHandler, KetoService: ketoService}, "Tenant", "manage"),
+		relyingPartyHandler.Create)
+
+	admin.Get("/tenants/:tenantId/relying-parties",
+		requireAdmin,
+		middleware.RequireKetoPermission(middleware.RBACConfig{AuthHandler: authHandler, KetoService: ketoService}, "Tenant", "view"),
+		relyingPartyHandler.List)
+
+	admin.Get("/relying-parties/:id",
+		requireAdmin,
+		middleware.RequireKetoPermission(middleware.RBACConfig{AuthHandler: authHandler, KetoService: ketoService}, "RelyingParty", "view"),
+		relyingPartyHandler.Get)
+
+	admin.Put("/relying-parties/:id",
+		requireAdmin,
+		middleware.RequireKetoPermission(middleware.RBACConfig{AuthHandler: authHandler, KetoService: ketoService}, "RelyingParty", "manage"),
+		relyingPartyHandler.Update)
+
+	admin.Delete("/relying-parties/:id",
+		requireAdmin,
+		middleware.RequireKetoPermission(middleware.RBACConfig{AuthHandler: authHandler, KetoService: ketoService}, "RelyingParty", "manage"),
+		relyingPartyHandler.Delete)
+
 	// Admin User Management
 	admin.Get("/users", requireAdmin, userHandler.ListUsers) // TODO: TenantAdmin인 경우 해당 테넌트 사용자만 보이도록 Handler 수정 필요
 	admin.Post("/users", requireAdmin, userHandler.CreateUser)