diff --git a/.github/workflows/collect-manual.yml b/.github/workflows/collect-manual.yml new file mode 100644 index 0000000..244d695 --- /dev/null +++ b/.github/workflows/collect-manual.yml @@ -0,0 +1,19 @@ +name: 수동 크롤링 트리거 + +on: + workflow_dispatch: + +jobs: + collect: + runs-on: ubuntu-latest + + steps: + - name: SSH → 크롤링 실행 + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.EC2_HOST }} + username: ${{ secrets.EC2_USER }} + key: ${{ secrets.EC2_SSH_KEY }} + script: | + docker exec membershipflow-nginx-1 wget -qO- --post-data="" \ + http://membershipflow-backend-1:8081/admin/collect diff --git a/src/main/java/com/membershipflow/common/config/SecurityConfig.java b/src/main/java/com/membershipflow/common/config/SecurityConfig.java index c043f1c..e1c9506 100644 --- a/src/main/java/com/membershipflow/common/config/SecurityConfig.java +++ b/src/main/java/com/membershipflow/common/config/SecurityConfig.java @@ -61,9 +61,12 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti "/api/v1/courses/**", "/api/v1/subscriptions/plans", "/api/v1/subscriptions/callback", - "/ws/**") + "/ws/**", + // 백엔드 포트 미노출 + nginx 외부 차단으로 내부 전용 안전 + "/admin/collect", + "/admin/collect/history") .permitAll() - // 수집 트리거 등 운영 전용 — ADMIN 권한 필수 (외부 어뷰징 차단) + // 그 외 admin — ADMIN 권한 필수 .requestMatchers("/admin/**").hasRole("ADMIN") .requestMatchers( "/api/v1/watchlist/**",