클라이언트 시크릿 캐싱 로직 적용 및 의존성 주입

backend/cmd/server/main.go

@@ -252,11 +252,12 @@ func main() {
 	relyingPartyRepo := repository.NewRelyingPartyRepository(db)
 	hydraService := service.NewHydraAdminService()
 	relyingPartyService := service.NewRelyingPartyService(relyingPartyRepo, hydraService, ketoService)
+	secretRepo := repository.NewClientSecretRepository(db)
 
 	auditHandler := handler.NewAuditHandler(auditRepo)
 	authHandler := handler.NewAuthHandler(redisService, idpProvider, auditRepo, oathkeeperRepo, tenantService, ketoService, userRepo)
 	adminHandler := handler.NewAdminHandler()
-	devHandler := handler.NewDevHandler(redisService)
+	devHandler := handler.NewDevHandler(redisService, secretRepo)
 	tenantHandler := handler.NewTenantHandler(db, tenantService)
 	relyingPartyHandler := handler.NewRelyingPartyHandler(relyingPartyService)
 	kratosAdminService := service.NewKratosAdminService()

backend/internal/handler/dev_handler.go

@@ -3,6 +3,7 @@ package handler
 import (
 	"baron-sso-backend/internal/domain"
 	"baron-sso-backend/internal/service"
+	"context"
 	"errors"
 	"strings"
 	"time"
@@ -12,14 +13,16 @@ import (
 )
 
 type DevHandler struct {
-	Hydra *service.HydraAdminService
+	Hydra      *service.HydraAdminService
-	Redis *service.RedisService
+	Redis      *service.RedisService
+	SecretRepo domain.ClientSecretRepository
 }
 
-func NewDevHandler(redis *service.RedisService) *DevHandler {
+func NewDevHandler(redis *service.RedisService, secretRepo domain.ClientSecretRepository) *DevHandler {
 	return &DevHandler{
-		Hydra: service.NewHydraAdminService(),
+		Hydra:      service.NewHydraAdminService(),
-		Redis: redis,
+		Redis:      redis,
+		SecretRepo: secretRepo,
 	}
 }
 
@@ -249,13 +252,12 @@ func (h *DevHandler) CreateClient(c *fiber.Ctx) error {
 
 	// Store secret in metadata for later retrieval
 	if created.ClientSecret != "" {
-		if created.Metadata == nil {
+		// 1. Store in PostgreSQL (Source of Truth)
-			created.Metadata = map[string]interface{}{}
+		if h.SecretRepo != nil {
+			_ = h.SecretRepo.Upsert(c.Context(), created.ClientID, created.ClientSecret)
 		}
-		created.Metadata["client_secret"] = created.ClientSecret
+
-		_, _ = h.Hydra.UpdateClient(c.Context(), created.ClientID, *created)
+		// 2. Also store in Redis (Cache)
-		
-		// Also store in Redis if available
 		if h.Redis != nil {
 			_ = h.Redis.Set("client_secret:"+created.ClientID, created.ClientSecret, 0)
 		}
@@ -375,7 +377,12 @@ func (h *DevHandler) DeleteClient(c *fiber.Ctx) error {
 		return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
 	}
 
-	// Clean up Redis
+	// 1. Clean up PostgreSQL
+	if h.SecretRepo != nil {
+		_ = h.SecretRepo.Delete(c.Context(), clientID)
+	}
+
+	// 2. Clean up Redis
 	if h.Redis != nil {
 		_ = h.Redis.Delete("client_secret:" + clientID)
 	}
@@ -466,13 +473,25 @@ func (h *DevHandler) mapClientSummary(client domain.HydraClient) clientSummary {
 			clientSecret = val
 		}
 	}
-	// 2. Check Redis (New)
+
+	// 2. Check Redis (Cache)
 	if clientSecret == "" && h.Redis != nil {
 		if val, err := h.Redis.Get("client_secret:" + client.ClientID); err == nil && val != "" {
 			clientSecret = val
 		}
 	}
 
+	// 3. Check PostgreSQL (Source of Truth) & Cache Warming
+	if clientSecret == "" && h.SecretRepo != nil {
+		if val, err := h.SecretRepo.GetByID(context.Background(), client.ClientID); err == nil && val != "" {
+			clientSecret = val
+			// Warm up cache
+			if h.Redis != nil {
+				_ = h.Redis.Set("client_secret:"+client.ClientID, clientSecret, 0)
+			}
+		}
+	}
+
 	return clientSummary{
 		ID:           client.ClientID,
 		Name:         name,