feat: Base64 형식의 시크릿키를 검증하는 인터셉터 추가

2025-10-01 10:51:58 +09:00 · 2025-10-01 10:51:58 +09:00 · dc17316856
commit dc17316856
parent 6974418cef
2 changed files with 54 additions and 0 deletions
--- a/tosspay-mock/src/main/kotlin/com/sangdol/tosspaymock/web/supports/SecretKeyInterceptor.kt
+++ b/tosspay-mock/src/main/kotlin/com/sangdol/tosspaymock/web/supports/SecretKeyInterceptor.kt
@ -0,0 +1,39 @@
 package com.sangdol.tosspaymock.web.supports
 import com.sangdol.tosspaymock.exception.TosspayException
 import com.sangdol.tosspaymock.exception.code.TosspayConfirmErrorCode
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
 import org.springframework.http.HttpHeaders
 import org.springframework.stereotype.Component
 import org.springframework.web.method.HandlerMethod
 import org.springframework.web.servlet.HandlerInterceptor
 import java.util.*
@Component
 class SecretKeyInterceptor : HandlerInterceptor {
    companion object {
        val basicAuthRegex = Regex("Basic (.*)")
    }
    override fun preHandle(
        request: HttpServletRequest,
        response: HttpServletResponse,
        handler: Any
    ): Boolean {
        if (handler !is HandlerMethod) return true
        val basicAuthSecretKey: String = request.getHeader(HttpHeaders.AUTHORIZATION)
            ?: throw TosspayException(TosspayConfirmErrorCode.INVALID_API_KEY)
        return try {
            val secretKey = basicAuthRegex.find(basicAuthSecretKey)!!.groupValues[1]
            Base64.getDecoder().decode(secretKey)
            true
        } catch (_: Exception) {
            throw TosspayException(TosspayConfirmErrorCode.UNAUTHORIZED_KEY)
        }
    }
 }
--- a/tosspay-mock/src/main/kotlin/com/sangdol/tosspaymock/web/supports/TosspayMvcConfig.kt
+++ b/tosspay-mock/src/main/kotlin/com/sangdol/tosspaymock/web/supports/TosspayMvcConfig.kt
@ -0,0 +1,15 @@
 package com.sangdol.tosspaymock.web.supports
 import org.springframework.context.annotation.Configuration
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
@Configuration
 class TosspayMvcConfig(
    private val secretKeyInterceptor: SecretKeyInterceptor
 ) : WebMvcConfigurer {
    override fun addInterceptors(registry: InterceptorRegistry) {
        registry.addInterceptor(secretKeyInterceptor)
    }
 }