fix: JWT 보안 취약점 수정

문제점:
- JWT 키 길이가 32자 미만으로 보안 취약
- 예외 처리 시 시스템 정보 노출 위험
- 인증 실패 원인 추적 불가

수정사항:
- JWT 키 최소 32자 길이 검증 추가
- 기본값/샘플 키 사용 방지 로직 구현
- 구체적 예외 타입별 로깅 강화
- JwtProvider에 ILogger 의존성 주입

Author: ImGdevel

ProjectVG.Infrastructure/Auth/JwtProvider.cs

@@ -23,14 +23,36 @@ public class JwtProvider : IJwtProvider
         private readonly string _audience;
         private readonly int _accessTokenExpirationMinutes;
         private readonly int _refreshTokenExpirationMinutes;
+        private readonly ILogger<JwtProvider> _logger;
 
-        public JwtProvider(string jwtKey, string issuer, string audience, int accessTokenExpirationMinutes, int refreshTokenExpirationMinutes)
+        public JwtProvider(string jwtKey, string issuer, string audience, int accessTokenExpirationMinutes, int refreshTokenExpirationMinutes, ILogger<JwtProvider> logger)
         {
+            ValidateJwtKey(jwtKey);
+
             _jwtKey = jwtKey;
             _issuer = issuer;
             _audience = audience;
             _accessTokenExpirationMinutes = accessTokenExpirationMinutes;
             _refreshTokenExpirationMinutes = refreshTokenExpirationMinutes;
+            _logger = logger;
+        }
+
+        private static void ValidateJwtKey(string jwtKey)
+        {
+            if (string.IsNullOrEmpty(jwtKey))
+            {
+                throw new ArgumentException("JWT key cannot be null or empty", nameof(jwtKey));
+            }
+
+            if (jwtKey.Length < 32)
+            {
+                throw new ArgumentException("JWT key must be at least 32 characters long for security", nameof(jwtKey));
+            }
+
+            if (jwtKey.Contains("fallback") || jwtKey.Contains("default") || jwtKey.Contains("sample"))
+            {
+                throw new ArgumentException("JWT key appears to be a fallback/default value. Use a secure random key in production", nameof(jwtKey));
+            }
         }
 
         /// <summary>
@@ -120,11 +142,21 @@ public string GenerateRefreshToken(Guid userId)
             try
             {
                 var principal = tokenHandler.ValidateToken(token, validationParameters, out var validatedToken);
-
                 return principal;
             }
+            catch (SecurityTokenValidationException ex)
+            {
+                _logger.LogWarning("JWT token validation failed: {Error}", ex.Message);
+                return null;
+            }
+            catch (ArgumentException ex)
+            {
+                _logger.LogWarning("Invalid JWT token format: {Error}", ex.Message);
+                return null;
+            }
             catch (Exception ex)
             {
+                _logger.LogError(ex, "Unexpected error during JWT token validation");
                 return null;
             }
         }

ProjectVG.Infrastructure/InfrastructureServiceCollectionExtensions.cs

@@ -53,11 +53,26 @@ public static IServiceProvider MigrateDatabase(this IServiceProvider serviceProv
         private static void AddDatabaseServices(IServiceCollection services, IConfiguration configuration)
         {
             services.AddDbContext<ProjectVGDbContext>(options =>
-                options.UseSqlServer(configuration.GetConnectionString("DefaultConnection"), 
-                    sqlOptions => sqlOptions.EnableRetryOnFailure(
-                        maxRetryCount: 3,
-                        maxRetryDelay: TimeSpan.FromSeconds(10),
-                        errorNumbersToAdd: null)));
+                options.UseSqlServer(configuration.GetConnectionString("DefaultConnection"),
+                    sqlOptions => {
+                        sqlOptions.EnableRetryOnFailure(
+                            maxRetryCount: 5,
+                            maxRetryDelay: TimeSpan.FromSeconds(30),
+                            errorNumbersToAdd: new int[] {
+                                2,      // System.Data.SqlClient.SqlException: Connection timeout
+                                20,     // The instance of SQL Server you attempted to connect to does not support encryption
+                                64,     // A connection was successfully established with the server, but then an error occurred during the login process
+                                233,    // The client was unable to establish a connection because of an error during connection initialization process before login
+                                10053,  // A transport-level error has occurred when receiving results from the server
+                                10054,  // The connection was forcibly closed by the remote host
+                                10060,  // A network-related or instance-specific error occurred while establishing a connection to SQL Server
+                                40197,  // The service has encountered an error processing your request. Please try again (Azure SQL)
+                                40501,  // The service is currently busy. Retry the request after 10 seconds (Azure SQL)
+                                40613   // Database is currently unavailable (Azure SQL)
+                            });
+                        sqlOptions.CommandTimeout(120);
+                        sqlOptions.MigrationsHistoryTable("__EFMigrationsHistory", "dbo");
+                    }));
         }
 
         /// <summary>
@@ -138,8 +153,10 @@ private static void AddAuthServices(IServiceCollection services, IConfiguration
             };
 
             services.AddSingleton(jwtSettings);
-            services.AddScoped<IJwtProvider, JwtProvider>(sp => 
-                new JwtProvider(jwtKey, jwtSettings.Issuer, jwtSettings.Audience, jwtSettings.AccessTokenExpirationMinutes, jwtSettings.RefreshTokenExpirationMinutes));
+            services.AddScoped<IJwtProvider, JwtProvider>(sp => {
+                var logger = sp.GetRequiredService<ILogger<JwtProvider>>();
+                return new JwtProvider(jwtKey, jwtSettings.Issuer, jwtSettings.Audience, jwtSettings.AccessTokenExpirationMinutes, jwtSettings.RefreshTokenExpirationMinutes, logger);
+            });
 
             services.AddScoped<ITokenService, TokenService>();