From 6daec050d49c7f7a6dd0ef194d8d28f657b0bd20 Mon Sep 17 00:00:00 2001 From: ohhalim Date: Wed, 1 Jul 2026 16:16:52 +0900 Subject: [PATCH 1/2] =?UTF-8?q?fix(security):=20/admin/collect=20=EC=9D=B8?= =?UTF-8?q?=EC=A6=9D=20=EC=97=86=EC=9D=B4=20=EB=82=B4=EB=B6=80=20=ED=98=B8?= =?UTF-8?q?=EC=B6=9C=20=ED=97=88=EC=9A=A9=20(#117)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 백엔드 포트 미노출 + nginx 외부 접근 차단으로 내부에서만 호출 가능. 수동 크롤링 트리거를 위해 permitAll 처리. --- .../com/membershipflow/common/config/SecurityConfig.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/membershipflow/common/config/SecurityConfig.java b/src/main/java/com/membershipflow/common/config/SecurityConfig.java index c043f1c..e1c9506 100644 --- a/src/main/java/com/membershipflow/common/config/SecurityConfig.java +++ b/src/main/java/com/membershipflow/common/config/SecurityConfig.java @@ -61,9 +61,12 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti "/api/v1/courses/**", "/api/v1/subscriptions/plans", "/api/v1/subscriptions/callback", - "/ws/**") + "/ws/**", + // 백엔드 포트 미노출 + nginx 외부 차단으로 내부 전용 안전 + "/admin/collect", + "/admin/collect/history") .permitAll() - // 수집 트리거 등 운영 전용 — ADMIN 권한 필수 (외부 어뷰징 차단) + // 그 외 admin — ADMIN 권한 필수 .requestMatchers("/admin/**").hasRole("ADMIN") .requestMatchers( "/api/v1/watchlist/**", From b57aea15470a4059b888ac7525cf30df8e525593 Mon Sep 17 00:00:00 2001 From: ohhalim Date: Wed, 1 Jul 2026 16:58:00 +0900 Subject: [PATCH 2/2] =?UTF-8?q?ci:=20=EC=88=98=EB=8F=99=20=ED=81=AC?= =?UTF-8?q?=EB=A1=A4=EB=A7=81=20workflow=5Fdispatch=20=EC=B6=94=EA=B0=80?= =?UTF-8?q?=20(#117)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/collect-manual.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/collect-manual.yml diff --git a/.github/workflows/collect-manual.yml b/.github/workflows/collect-manual.yml new file mode 100644 index 0000000..244d695 --- /dev/null +++ b/.github/workflows/collect-manual.yml @@ -0,0 +1,19 @@ +name: 수동 크롤링 트리거 + +on: + workflow_dispatch: + +jobs: + collect: + runs-on: ubuntu-latest + + steps: + - name: SSH → 크롤링 실행 + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ secrets.EC2_HOST }} + username: ${{ secrets.EC2_USER }} + key: ${{ secrets.EC2_SSH_KEY }} + script: | + docker exec membershipflow-nginx-1 wget -qO- --post-data="" \ + http://membershipflow-backend-1:8081/admin/collect