feat: Base64 형식의 시크릿키를 검증하는 인터셉터 추가

2025-10-01 10:51:58 +09:00 · 2025-10-01 10:51:58 +09:00 · dc17316856
commit dc17316856
parent 6974418cef
2 changed files with 54 additions and 0 deletions
--- a/tosspay-mock/src/main/kotlin/com/sangdol/tosspaymock/web/supports/SecretKeyInterceptor.kt
+++ b/tosspay-mock/src/main/kotlin/com/sangdol/tosspaymock/web/supports/SecretKeyInterceptor.kt
@ -0,0 +1,39 @@
+package com.sangdol.tosspaymock.web.supports
+
+import com.sangdol.tosspaymock.exception.TosspayException
+import com.sangdol.tosspaymock.exception.code.TosspayConfirmErrorCode
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.springframework.http.HttpHeaders
+import org.springframework.stereotype.Component
+import org.springframework.web.method.HandlerMethod
+import org.springframework.web.servlet.HandlerInterceptor
+import java.util.*
+
+@Component
+class SecretKeyInterceptor : HandlerInterceptor {
+
+    companion object {
+        val basicAuthRegex = Regex("Basic (.*)")
+    }
+
+    override fun preHandle(
+        request: HttpServletRequest,
+        response: HttpServletResponse,
+        handler: Any
+    ): Boolean {
+        if (handler !is HandlerMethod) return true
+
+        val basicAuthSecretKey: String = request.getHeader(HttpHeaders.AUTHORIZATION)
+            ?: throw TosspayException(TosspayConfirmErrorCode.INVALID_API_KEY)
+
+        return try {
+            val secretKey = basicAuthRegex.find(basicAuthSecretKey)!!.groupValues[1]
+            Base64.getDecoder().decode(secretKey)
+
+            true
+        } catch (_: Exception) {
+            throw TosspayException(TosspayConfirmErrorCode.UNAUTHORIZED_KEY)
+        }
+    }
+}
--- a/tosspay-mock/src/main/kotlin/com/sangdol/tosspaymock/web/supports/TosspayMvcConfig.kt
+++ b/tosspay-mock/src/main/kotlin/com/sangdol/tosspaymock/web/supports/TosspayMvcConfig.kt
@ -0,0 +1,15 @@
+package com.sangdol.tosspaymock.web.supports
+
+import org.springframework.context.annotation.Configuration
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
+
+@Configuration
+class TosspayMvcConfig(
+    private val secretKeyInterceptor: SecretKeyInterceptor
+) : WebMvcConfigurer {
+
+    override fun addInterceptors(registry: InterceptorRegistry) {
+        registry.addInterceptor(secretKeyInterceptor)
+    }
+}