From f810427b213ff3a0fb6853a3ca17b78fcc635822 Mon Sep 17 00:00:00 2001
From: chan <b24028@hanmaceng.co.kr>
Date: Fri, 24 Apr 2026 12:00:00 +0900
Subject: [PATCH] chore(auth): restrict OIDC generated claims debug logs to dev
 environment - Prevent overly verbose logging of ID token payloads in
 production by checking APP_ENV

---
 backend/internal/handler/auth_handler.go | 14 ++++++++++----
 backend/internal/handler/user_handler.go |  2 +-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/backend/internal/handler/auth_handler.go b/backend/internal/handler/auth_handler.go
index 4bb4fd33..5d2d4dca 100644
--- a/backend/internal/handler/auth_handler.go
+++ b/backend/internal/handler/auth_handler.go
@@ -5149,8 +5149,11 @@ func (h *AuthHandler) GetConsentRequest(c *fiber.Ctx) error {
 			)
 
 			// [Debug] 실제 생성된 클레임 출력 (요청사항 확인용 - 자동 승인 시)
-			if debugClaimsJSON, err := json.MarshalIndent(sessionClaims, "", "  "); err == nil {
-				slog.Info("=== [ACTUAL DATA] GENERATED OIDC CLAIMS (SKIP) ===", "claims", string(debugClaimsJSON))
+			appEnv := strings.ToLower(os.Getenv("APP_ENV"))
+			if appEnv == "dev" || appEnv == "development" || appEnv == "" {
+				if debugClaimsJSON, err := json.MarshalIndent(sessionClaims, "", "  "); err == nil {
+					slog.Info("=== [ACTUAL DATA] GENERATED OIDC CLAIMS (SKIP) ===", "claims", string(debugClaimsJSON))
+				}
 			}
 
 			acceptResp, err := h.Hydra.AcceptConsentRequest(c.Context(), challenge, consentRequest, sessionClaims)
@@ -5316,8 +5319,11 @@ func (h *AuthHandler) AcceptConsentRequest(c *fiber.Ctx) error {
 	)
 
 	// [Debug] 실제 생성된 클레임 출력 (요청사항 확인용)
-	if debugClaimsJSON, err := json.MarshalIndent(sessionClaims, "", "  "); err == nil {
-		slog.Info("=== [ACTUAL DATA] GENERATED OIDC CLAIMS ===", "claims", string(debugClaimsJSON))
+	appEnv := strings.ToLower(os.Getenv("APP_ENV"))
+	if appEnv == "dev" || appEnv == "development" || appEnv == "" {
+		if debugClaimsJSON, err := json.MarshalIndent(sessionClaims, "", "  "); err == nil {
+			slog.Info("=== [ACTUAL DATA] GENERATED OIDC CLAIMS ===", "claims", string(debugClaimsJSON))
+		}
 	}
 
 	acceptResp, err := h.Hydra.AcceptConsentRequest(c.Context(), req.ConsentChallenge, consentRequest, sessionClaims)
diff --git a/backend/internal/handler/user_handler.go b/backend/internal/handler/user_handler.go
index 4c0f0757..a56a0564 100644
--- a/backend/internal/handler/user_handler.go
+++ b/backend/internal/handler/user_handler.go
@@ -323,7 +323,7 @@ func (h *UserHandler) GetUser(c *fiber.Ctx) error {
 	}
 
 	return c.JSON(h.mapIdentitySummary(c.Context(), *identity))
-}
+}									
 
 func (h *UserHandler) CreateUser(c *fiber.Ctx) error {
 	if h.OryProvider == nil || h.KratosAdmin == nil {