Feat: [FN-82] S3 presigned url 생성

stoneTiger0912 · web-flow · commit 0dce162f5520 · 2025-08-05T23:13:28.000+09:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -24,6 +24,12 @@ jobs:
     permissions:
       contents: read
 
+    env:
+      S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
+      S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}
+      S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }}
+      S3_BUCKET_REGION: ${{ secrets.S3_BUCKET_REGION }}
+
     steps:
     - uses: actions/checkout@v4
     - name: Set up JDK 17
diff --git a/.github/workflows/develop-cd.yml b/.github/workflows/develop-cd.yml
@@ -8,6 +8,12 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
 
+    env:
+      S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
+      S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}
+      S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }}
+      S3_BUCKET_REGION: ${{ secrets.S3_BUCKET_REGION }}
+
     steps:
       - name: Checkout source code
         uses: actions/checkout@v4
@@ -44,6 +50,11 @@ jobs:
           script: |
             export IMAGE_TAG=${{ steps.meta.outputs.version }}
             bash ~/deploy/deploy-flipnote.sh
+        env:
+            S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
+            S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}
+            S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }}
+            S3_BUCKET_REGION: ${{ secrets.S3_BUCKET_REGION }}
 
       - name: Notify Slack on Success
         if: success()
diff --git a/build.gradle b/build.gradle
@@ -44,6 +44,8 @@ dependencies {
 	testImplementation 'org.springframework.security:spring-security-test'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 	testRuntimeOnly 'com.h2database:h2'
+	implementation platform('software.amazon.awssdk:bom:2.20.56')
+	implementation 'software.amazon.awssdk:s3'
 }
 
 tasks.named('test') {
diff --git a/src/main/java/project/flipnote/common/config/S3Config.java b/src/main/java/project/flipnote/common/config/S3Config.java
@@ -0,0 +1,51 @@
+package project.flipnote.common.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.s3.S3Client;
+import software.amazon.awssdk.services.s3.presigner.S3Presigner;
+
+@Configuration
+public class S3Config {
+    @Value("${cloud.aws.credentials.access-key}")
+    private String accessKey;
+
+    @Value("${cloud.aws.credentials.secret-key}")
+    private String secretKey;
+
+    @Value("${cloud.aws.region}")
+    private String region;
+
+    /*
+    리전과 자격 증명한 객체 생성
+     */
+    @Bean
+    public S3Client s3Client() {
+        return S3Client.builder()
+            .region(Region.of(region))
+            .credentialsProvider(
+                StaticCredentialsProvider.create(
+                    AwsBasicCredentials.create(accessKey, secretKey)
+                )
+            )
+            .build();
+    }
+
+    @Bean
+    public S3Presigner s3Presigner() {
+        return S3Presigner.builder()
+            .region(Region.of(region))
+            .credentialsProvider(
+                StaticCredentialsProvider.create(
+                    AwsBasicCredentials.create(accessKey, secretKey)
+                )
+            )
+            .build();
+    }
+
+}
diff --git a/src/main/java/project/flipnote/group/entity/Group.java b/src/main/java/project/flipnote/group/entity/Group.java
@@ -19,7 +19,7 @@
 
 @Getter
 @NoArgsConstructor(access = AccessLevel.PROTECTED)
-@Table(name = "groups")
+@Table(name = "app_groups")
 @Entity
 public class Group extends BaseEntity {
 	@Id
diff --git a/src/main/java/project/flipnote/image/controller/ImageUploadController.java b/src/main/java/project/flipnote/image/controller/ImageUploadController.java
@@ -0,0 +1,32 @@
+package project.flipnote.image.controller;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import project.flipnote.common.security.dto.AuthPrinciple;
+import project.flipnote.image.model.ImageUploadRequestDto;
+import project.flipnote.image.model.ImageUploadResponseDto;
+import project.flipnote.image.service.ImageUploadService;
+
+@RestController
+@RequestMapping("/v1/images")
+@RequiredArgsConstructor
+public class ImageUploadController {
+
+	private final ImageUploadService fileService;
+
+	//파일 업로드 API
+	@PostMapping("/upload")
+	public ResponseEntity<ImageUploadResponseDto> getPresignedUrl(
+		@AuthenticationPrincipal AuthPrinciple authPrinciple,
+		@RequestBody @Valid ImageUploadRequestDto req) {
+		ImageUploadResponseDto res = fileService.getPresignedUrl(authPrinciple, req.fileName());
+		return ResponseEntity.ok(res);
+	}
+}
diff --git a/src/main/java/project/flipnote/image/exception/ImageErrorCode.java b/src/main/java/project/flipnote/image/exception/ImageErrorCode.java
@@ -0,0 +1,23 @@
+package project.flipnote.image.exception;
+
+import org.springframework.http.HttpStatus;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import project.flipnote.common.exception.ErrorCode;
+
+@Getter
+@RequiredArgsConstructor
+public enum ImageErrorCode implements ErrorCode {
+	CONFLICT_IMAGE(HttpStatus.CONFLICT, "IMAGE_001", "이미 존재하는 파일입니다."),
+	S3_SERVICE_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "IMAGE_002", "S3 서비스 처리 중 오류가 발생했습니다.");
+
+	private final HttpStatus httpStatus;
+	private final String code;
+	private final String message;
+
+	@Override
+	public int getStatus() {
+		return httpStatus.value();
+	}
+}
diff --git a/src/main/java/project/flipnote/image/model/ImageUploadRequestDto.java b/src/main/java/project/flipnote/image/model/ImageUploadRequestDto.java
@@ -0,0 +1,12 @@
+package project.flipnote.image.model;
+
+import jakarta.validation.constraints.Pattern;
+
+public record ImageUploadRequestDto(
+	@Pattern(
+		regexp = "^[a-fA-F0-9]{32}\\.(jpg|jpeg|png|gif)$",
+		message = "파일 이름은 32자리 MD5 해시와 jpg/jpeg/png/gif 확장자 형식이어야 합니다."
+	)
+	String fileName
+) {
+}
diff --git a/src/main/java/project/flipnote/image/model/ImageUploadResponseDto.java b/src/main/java/project/flipnote/image/model/ImageUploadResponseDto.java
@@ -0,0 +1,11 @@
+package project.flipnote.image.model;
+
+import java.net.URL;
+
+public record ImageUploadResponseDto(
+	URL url
+) {
+	public static ImageUploadResponseDto from(URL url) {
+		return new ImageUploadResponseDto(url);
+	}
+}
diff --git a/src/main/java/project/flipnote/image/service/ImageUploadService.java b/src/main/java/project/flipnote/image/service/ImageUploadService.java
@@ -0,0 +1,105 @@
+package project.flipnote.image.service;
+
+import java.net.URL;
+import java.time.Duration;
+import java.util.Date;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import lombok.RequiredArgsConstructor;
+import project.flipnote.common.exception.BizException;
+import project.flipnote.common.security.dto.AuthPrinciple;
+import project.flipnote.image.exception.ImageErrorCode;
+import project.flipnote.image.model.ImageUploadResponseDto;
+import project.flipnote.user.entity.UserProfile;
+import project.flipnote.user.entity.UserStatus;
+import project.flipnote.user.exception.UserErrorCode;
+import project.flipnote.user.repository.UserProfileRepository;
+import software.amazon.awssdk.services.s3.S3Client;
+import software.amazon.awssdk.services.s3.model.HeadObjectRequest;
+import software.amazon.awssdk.services.s3.model.PutObjectRequest;
+import software.amazon.awssdk.services.s3.model.S3Exception;
+import software.amazon.awssdk.services.s3.presigner.S3Presigner;
+import software.amazon.awssdk.services.s3.presigner.model.PutObjectPresignRequest;
+
+@Service
+@RequiredArgsConstructor
+public class ImageUploadService {
+
+	@Value("${cloud.s3.bucket}")
+	private String bucket;
+
+	private final S3Client s3Client;
+	private final S3Presigner s3Presigner;
+	private final UserProfileRepository userRepository;
+	private static final int EXPIRE_MINUTES = 5;
+
+	//유저 찾기
+	private void findUser(AuthPrinciple authPrinciple) {
+		userRepository.findByIdAndStatus(authPrinciple.userId(), UserStatus.ACTIVE).orElseThrow(
+			() -> new BizException(UserErrorCode.USER_NOT_FOUND)
+		);
+	}
+
+	//확장자 형식 찾기
+	private String getContentType(String fileName) {
+		String extension = fileName.substring(fileName.lastIndexOf('.') + 1).toLowerCase();
+
+		return switch (extension) {
+			case "jpg", "jpeg" -> "image/jpeg";
+			case "png" -> "image/png";
+			case "gif" -> "image/gif";
+			case "webp" -> "image/webp";
+			default -> "application/octet-stream";
+		};
+	}
+
+	// presigned URL 생성
+	public ImageUploadResponseDto getPresignedUrl(AuthPrinciple authPrinciple, String fileName) {
+
+		// 유저 찾기
+		findUser(authPrinciple);
+
+		// S3에 동일한 파일명이 이미 존재하는지 확인
+		if (objectExists(fileName)) {
+			throw new BizException(ImageErrorCode.CONFLICT_IMAGE);
+		}
+
+		// PutObjectRequest 정의
+		PutObjectRequest putObjectRequest = PutObjectRequest.builder()
+			.bucket(bucket)
+			.key(fileName)
+			.contentType(getContentType(fileName))
+			.build();
+
+		// Presign 요청 생성 (5분 유효)
+		PutObjectPresignRequest presignRequest = PutObjectPresignRequest.builder()
+			.signatureDuration(Duration.ofMinutes(EXPIRE_MINUTES))
+			.putObjectRequest(putObjectRequest)
+			.build();
+
+		URL presignedUrl = s3Presigner.presignPutObject(presignRequest).url();
+
+		return ImageUploadResponseDto.from(presignedUrl);
+	}
+
+	// 파일 존재 여부 확인
+	private boolean objectExists(String fileName) {
+		try {
+			s3Client.headObject(
+				HeadObjectRequest.builder()
+					.bucket(bucket)
+					.key(fileName)
+					.build()
+			);
+			return true;
+		} catch (S3Exception e) {
+			// 404면 존재하지 않음
+			if (e.statusCode() == 404) {
+				return false;
+			}
+			throw new BizException(ImageErrorCode.S3_SERVICE_ERROR);
+		}
+	}
+}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -55,6 +55,18 @@ app:
   encryption:
     key: ${APP_ENCRYPTION_KEY}
 
+cloud:
+  aws:
+    region: ${S3_BUCKET_REGION}
+    credentials:
+      access-key: ${S3_ACCESS_KEY}
+      secret-key: ${S3_SECRET_KEY}
+    stack:
+      auto: false
+  s3:
+    bucket: ${S3_BUCKET_NAME}
+
+
   client:
     url: ${APP_CLIENT_URL:https://flipnote.site}
     paths:
diff --git a/src/test/java/project/flipnote/group/service/GroupServiceTest.java b/src/test/java/project/flipnote/group/service/GroupServiceTest.java
diff --git a/src/test/java/project/flipnote/image/service/ImageUploadServiceTest.java b/src/test/java/project/flipnote/image/service/ImageUploadServiceTest.java

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,8 @@ dependencies {`
`44`	`44`	`testImplementation 'org.springframework.security:spring-security-test'`
`45`	`45`	`testRuntimeOnly 'org.junit.platform:junit-platform-launcher'`
`46`	`46`	`testRuntimeOnly 'com.h2database:h2'`
	`47`	`+ implementation platform('software.amazon.awssdk:bom:2.20.56')`
	`48`	`+ implementation 'software.amazon.awssdk:s3'`
`47`	`49`	`}`
`48`	`50`
`49`	`51`	`tasks.named('test') {`