audit 로그 개선. kratos 코드발급 링크로 전송까지 진행 완료 #104

2026-01-29 01:20:19 +09:00
parent ff17259117
commit b88de7ec91
46 changed files with 2843 additions and 585 deletions
--- a/backend/cmd/server/main.go
+++ b/backend/cmd/server/main.go
@@ -267,10 +267,13 @@ func main() {
 	})

 	app.Use(recover.New())
+	allowedOrigins := getEnv("CORS_ALLOWED_ORIGINS", "http://localhost:5000")
+	allowCredentials := allowedOrigins != "*"
 	app.Use(cors.New(cors.Config{
-		AllowOrigins: "*", // Adjust in production
-		AllowHeaders: "Origin, Content-Type, Accept, Authorization",
-		AllowMethods: "GET, POST, HEAD, PUT, DELETE, PATCH, OPTIONS",
+		AllowOrigins:     allowedOrigins,
+		AllowHeaders:     "Origin, Content-Type, Accept, Authorization",
+		AllowMethods:     "GET, POST, HEAD, PUT, DELETE, PATCH, OPTIONS",
+		AllowCredentials: allowCredentials,
 	}))

 	// Ensure COOKIE_SECRET is exactly 32 bytes for AES-256
@@ -384,12 +387,19 @@ func main() {

 	// API Group
 	api := app.Group("/api/v1")
-	api.Use(middleware.RequireAudit(middleware.AuditRequiredConfig{
+	
+	workerCount, _ := strconv.Atoi(getEnv("AUDIT_WORKER_COUNT", "5"))
+	queueSize, _ := strconv.Atoi(getEnv("AUDIT_QUEUE_SIZE", "2000"))
+	
+	api.Use(middleware.AuditMiddleware(middleware.AuditConfig{
 		Repo: auditRepo,
 		ExcludePaths: map[string]struct{}{
 			"/api/v1/audit":      {},
 			"/api/v1/client-log": {},
 		},
+		BodyDump:    true,
+		WorkerCount: workerCount,
+		QueueSize:   queueSize,
 	}))
 	api.Post("/audit", auditHandler.CreateLog)
 	api.Get("/audit", auditHandler.ListLogs)
@@ -399,6 +409,7 @@ func main() {
 	auth.Post("/enchanted-link/init", authHandler.InitEnchantedLink)
 	auth.Post("/enchanted-link/poll", authHandler.PollEnchantedLink)
 	auth.Post("/magic-link/verify", authHandler.VerifyMagicLink)
+	auth.Post("/login/code/verify", authHandler.VerifyLoginCode)
 	auth.Post("/password/login", authHandler.PasswordLogin)
 	auth.Post("/password/reset/initiate", authHandler.InitiatePasswordReset)
 	// [Changed] Use Interstitial Page for GET to prevent Scanner consumption
@@ -431,6 +442,7 @@ func main() {
 	// Admin Routes
 	admin := api.Group("/admin")
 	admin.Get("/check", adminHandler.CheckAuth)
+	admin.Get("/stats", adminHandler.GetSystemStats)
 	admin.Get("/tenants", tenantHandler.ListTenants)
 	admin.Post("/tenants", tenantHandler.CreateTenant)
 	admin.Get("/tenants/:id", tenantHandler.GetTenant)
@@ -454,6 +466,9 @@ func main() {
 	// Webhook for Descope Generic Email Gateway (Fake Email Strategy)
 	auth.Post("/webhooks/descope-email", authHandler.HandleDescopeEmailRelay)

+	// Webhook for Kratos courier (HTTP delivery)
+	auth.Post("/webhooks/kratos-courier", authHandler.HandleKratosCourierRelay)
+
 	// Client Logging Route (Standardized & Flattened)
 	api.Post("/client-log", func(c *fiber.Ctx) error {
 		type LogReq struct {