fix(security): /admin/collect 내부 호출 허용 (#117)#118
Conversation
백엔드 포트 미노출 + nginx 외부 접근 차단으로 내부에서만 호출 가능. 수동 크롤링 트리거를 위해 permitAll 처리.
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughA new GitHub Actions workflow (collect-manual.yml) is added to manually trigger the backend admin collect crawl via SSH into an EC2 host, executing a docker exec/wget command. SecurityConfig is updated to permit unauthenticated access to /admin/collect and /admin/collect/history endpoints. ChangesManual Collect Trigger
Estimated code review effort: 2 (Simple) | ~10 minutes Sequence Diagram(s)sequenceDiagram
participant Operator
participant GitHubActions
participant EC2Host
participant NginxContainer
participant BackendContainer
Operator->>GitHubActions: workflow_dispatch trigger
GitHubActions->>EC2Host: SSH connect using EC2_HOST/EC2_USER/EC2_SSH_KEY
EC2Host->>NginxContainer: docker exec membershipflow-nginx-1
NginxContainer->>BackendContainer: wget http://membershipflow-backend-1:8081/admin/collect
BackendContainer-->>NginxContainer: crawl triggered
Related Issues: Suggested labels: ci, security Suggested reviewers: ohhalim 🐰 A hop through nginx, silent and sly, ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary
/admin/collect,/admin/collect/history를 permitAll로 변경목적
Docker 컨테이너 안에서 curl로 수동 크롤링 트리거 가능하도록
호출 방법 (배포 후)
Closes #117
Summary by CodeRabbit
New Features
Bug Fixes