Skip to content

fix(security): /admin/collect 내부 호출 허용 (#117)#118

Merged
ohhalim merged 2 commits into
developfrom
fix/117/admin-collect-permitall
Jul 1, 2026
Merged

fix(security): /admin/collect 내부 호출 허용 (#117)#118
ohhalim merged 2 commits into
developfrom
fix/117/admin-collect-permitall

Conversation

@ohhalim

@ohhalim ohhalim commented Jul 1, 2026

Copy link
Copy Markdown
Owner

Summary

  • /admin/collect, /admin/collect/history를 permitAll로 변경
  • 백엔드 포트(8081)가 호스트에 미노출 + nginx에서 외부 /admin 차단 → 내부 전용 안전

목적

Docker 컨테이너 안에서 curl로 수동 크롤링 트리거 가능하도록

호출 방법 (배포 후)

docker exec membershipflow-nginx-1 wget -qO- --post-data="" http://membershipflow-backend-1:8081/admin/collect

Closes #117

Summary by CodeRabbit

  • New Features

    • Added a manually triggerable workflow to start the backend collection crawl from GitHub Actions.
    • Certain collection-related admin endpoints are now accessible without requiring admin authentication.
  • Bug Fixes

    • Updated access rules so the collection crawl can be initiated reliably through the new workflow.

백엔드 포트 미노출 + nginx 외부 접근 차단으로 내부에서만 호출 가능.
수동 크롤링 트리거를 위해 permitAll 처리.
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ddfcc6fb-dce9-408a-8ce4-9771d52324c9

📥 Commits

Reviewing files that changed from the base of the PR and between dfa2d99 and b57aea1.

📒 Files selected for processing (2)
  • .github/workflows/collect-manual.yml
  • src/main/java/com/membershipflow/common/config/SecurityConfig.java

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow (collect-manual.yml) is added to manually trigger the backend admin collect crawl via SSH into an EC2 host, executing a docker exec/wget command. SecurityConfig is updated to permit unauthenticated access to /admin/collect and /admin/collect/history endpoints.

Changes

Manual Collect Trigger

Layer / File(s) Summary
Security permitAll update for collect endpoints
src/main/java/com/membershipflow/common/config/SecurityConfig.java
Extends the permitAll() matcher list in securityFilterChain to include /admin/collect and /admin/collect/history, updating the accompanying comments.
Manual collect GitHub Actions workflow
.github/workflows/collect-manual.yml
Adds a new workflow_dispatch-triggered workflow with a single job that SSHes into an EC2 host and runs a docker exec + wget command to trigger the backend admin collect endpoint.

Estimated code review effort: 2 (Simple) | ~10 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Operator
  participant GitHubActions
  participant EC2Host
  participant NginxContainer
  participant BackendContainer

  Operator->>GitHubActions: workflow_dispatch trigger
  GitHubActions->>EC2Host: SSH connect using EC2_HOST/EC2_USER/EC2_SSH_KEY
  EC2Host->>NginxContainer: docker exec membershipflow-nginx-1
  NginxContainer->>BackendContainer: wget http://membershipflow-backend-1:8081/admin/collect
  BackendContainer-->>NginxContainer: crawl triggered
Loading

Related Issues: #117

Suggested labels: ci, security

Suggested reviewers: ohhalim

🐰 A hop through nginx, silent and sly,
Docker whispers "collect" to the sky,
No login required, the gate swings wide,
An EC2 rabbit hitches a ride,
Crawling data with a workflow's cry.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/117/admin-collect-permitall

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@ohhalim ohhalim closed this Jul 1, 2026
@ohhalim ohhalim reopened this Jul 1, 2026
@ohhalim ohhalim merged commit 1ad93ef into develop Jul 1, 2026
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(admin): /admin/collect 내부 호출 허용 (인증 없이)

1 participant