tenant 삭제 시 RP 허용 테넌트 정리 및 재유입 방지

2026-06-02 18:01:47 +09:00
parent af1f45cc25
commit 80aa60fdf1
5 changed files with 349 additions and 22 deletions
--- a/backend/internal/handler/tenant_handler.go
+++ b/backend/internal/handler/tenant_handler.go
@@ -32,6 +32,8 @@ type TenantHandler struct {
 	KratosAdmin        service.KratosAdminService
 	SharedLink         service.SharedLinkService
 	Worksmobile        service.WorksmobileSyncer
+	Hydra              *service.HydraAdminService
+	ConsentRepo        repository.ClientConsentRepository
 }

 func seedTenantDeleteError(c *fiber.Ctx) error {
@@ -51,7 +53,7 @@ func seedTenantSlugsForDeleteGuard() []string {
 	return result
 }

-func NewTenantHandler(db *gorm.DB, svc service.TenantService, userRepo repository.UserRepository, userProjectionRepo repository.UserProjectionRepository, keto service.KetoService, outbox repository.KetoOutboxRepository, kratos service.KratosAdminService, sharedLink service.SharedLinkService) *TenantHandler {
+func NewTenantHandler(db *gorm.DB, svc service.TenantService, userRepo repository.UserRepository, userProjectionRepo repository.UserProjectionRepository, keto service.KetoService, outbox repository.KetoOutboxRepository, kratos service.KratosAdminService, sharedLink service.SharedLinkService, hydra *service.HydraAdminService, consentRepo repository.ClientConsentRepository) *TenantHandler {
 	return &TenantHandler{
 		DB:                 db,
 		Service:            svc,
@@ -61,6 +63,8 @@ func NewTenantHandler(db *gorm.DB, svc service.TenantService, userRepo repositor
 		KetoOutbox:         outbox,
 		KratosAdmin:        kratos,
 		SharedLink:         sharedLink,
+		Hydra:              hydra,
+		ConsentRepo:        consentRepo,
 	}
 }

@@ -1855,6 +1859,11 @@ func (h *TenantHandler) DeleteTenant(c *fiber.Ctx) error {
 		return seedTenantDeleteError(c)
 	}

+	if err := cleanupDeletedTenantReferences(c.Context(), h.Hydra, h.ConsentRepo, h.KetoOutbox, []string{tenantID}); err != nil {
+		logTenantCleanupFailure(err, []string{tenantID})
+		return errorJSON(c, fiber.StatusInternalServerError, err.Error())
+	}
+
 	// Rename slug to release it for reuse before soft delete
 	deletedSlug := tenant.Slug + "-deleted-" + time.Now().Format("20060102150405")
 	if err := h.DB.Model(&tenant).Update("slug", deletedSlug).Error; err != nil {
@@ -2183,6 +2192,11 @@ func (h *TenantHandler) DeleteTenantsBulk(c *fiber.Ctx) error {
 		}
 	}

+	if err := cleanupDeletedTenantReferences(c.Context(), h.Hydra, h.ConsentRepo, h.KetoOutbox, req.IDs); err != nil {
+		logTenantCleanupFailure(err, req.IDs)
+		return errorJSON(c, fiber.StatusInternalServerError, err.Error())
+	}
+
 	if err := h.Service.DeleteTenantsBulk(c.Context(), req.IDs); err != nil {
 		return errorJSON(c, fiber.StatusInternalServerError, err.Error())
 	}