userfront 로그인 후 /dashboard로 이동하게 변경

2026-02-23 22:06:00 +09:00
parent 19d3bade30
commit 2bdfc2eb51
37 changed files with 1504 additions and 222 deletions
--- a/backend/internal/logger/audit_logger_test.go
+++ b/backend/internal/logger/audit_logger_test.go
@@ -0,0 +1,80 @@
+package logger
+
+import (
+	"bytes"
+	"encoding/json"
+	"log/slog"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAuditLogEntry_RedactsSensitiveFields(t *testing.T) {
+	buf := &bytes.Buffer{}
+	previous := slog.Default()
+	slog.SetDefault(slog.New(slog.NewJSONHandler(buf, nil)))
+	defer slog.SetDefault(previous)
+
+	ale := &AuditLogEntry{
+		RequestID:      "req-1",
+		Stage:          "login",
+		Token:          "tok-secret",
+		RefreshToken:   "refresh-secret",
+		SessionJwt:     "session-secret",
+		AccessJwt:      "access-secret",
+		SetCookieName:  "sid",
+		SetCookieValue: "cookie-secret",
+		ParsedCookieDSRF: "dsrf-secret",
+		LoginIDs: map[string]string{
+			"loginId": "user@example.com",
+		},
+		Query: map[string]string{
+			"token":  "query-token",
+			"locale": "ko",
+		},
+		Headers: map[string]string{
+			"Authorization": "Bearer secret",
+			"Cookie":        "session=secret",
+		},
+	}
+
+	ale.Log(slog.LevelInfo, "test")
+
+	line := strings.TrimSpace(buf.String())
+	require.NotEmpty(t, line)
+
+	var payload map[string]any
+	require.NoError(t, json.Unmarshal([]byte(line), &payload))
+
+	assert.NotContains(t, payload, "token")
+	assert.NotContains(t, payload, "refresh_token")
+	assert.NotContains(t, payload, "session_jwt")
+	assert.NotContains(t, payload, "access_jwt")
+	assert.NotContains(t, payload, "set_cookie_value")
+	assert.NotContains(t, payload, "parsed_cookie_DSRF")
+	assert.NotContains(t, payload, "request_body")
+	assert.NotContains(t, payload, "new_password")
+
+	assert.Equal(t, true, payload["has_token"])
+	assert.Equal(t, true, payload["has_refresh_token"])
+	assert.Equal(t, true, payload["has_session_jwt"])
+	assert.Equal(t, true, payload["has_access_jwt"])
+	assert.Equal(t, true, payload["has_set_cookie_value"])
+	assert.Equal(t, true, payload["has_parsed_cookie_DSRF"])
+
+	loginIDs, ok := payload["login_ids"].(map[string]any)
+	require.True(t, ok)
+	assert.Equal(t, "user@example.com", loginIDs["loginId"])
+
+	query, ok := payload["query"].(map[string]any)
+	require.True(t, ok)
+	assert.Equal(t, "*****", query["token"])
+	assert.Equal(t, "ko", query["locale"])
+
+	headers, ok := payload["headers"].(map[string]any)
+	require.True(t, ok)
+	assert.Equal(t, "*****", headers["Authorization"])
+	assert.Equal(t, "*****", headers["Cookie"])
+}