Merge pull request #535 from DSM-PICK/534-이메일-고의적-재발송-방어

ByunDohwi · web-flow · commit 8edbcee83f2b · 2025-11-19T18:30:27.000+09:00
534 이메일 고의적 재발송 방어
diff --git a/src/main/kotlin/dsm/pick2024/domain/mail/service/SendMailService.kt b/src/main/kotlin/dsm/pick2024/domain/mail/service/SendMailService.kt
@@ -4,6 +4,7 @@ import dsm.pick2024.domain.mail.port.`in`.SendMailUseCase
 import dsm.pick2024.domain.mail.presentation.dto.request.SendMailRequest
 import dsm.pick2024.global.security.jwt.exception.InternalServerErrorException
 import dsm.pick2024.infrastructure.mail.MailProperties
+import dsm.pick2024.infrastructure.util.redis.port.RateLimiterPort
 import dsm.pick2024.infrastructure.util.redis.port.RedisUtilPort
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.core.io.ClassPathResource
@@ -20,14 +21,15 @@ class SendMailService(
     private val mailSender: JavaMailSender,
     private val redisUtilPort: RedisUtilPort,
     private val mailProperties: MailProperties,
+    private val rateLimiterPort: RateLimiterPort,
     @Value("\${server.url}")
     private val SERVER_URL: String
 ) : SendMailUseCase {
 
     private val CODE_LENGTH = 6
 
     override fun execute(request: SendMailRequest) {
-        println("SERVER_URL = $SERVER_URL")
+        rateLimiterPort.isAllowed(request.mail)
 
         val email = request.mail + mailProperties.dsmPostFix
         val authCode = generateAuthCode()
diff --git a/src/main/kotlin/dsm/pick2024/global/error/exception/ErrorCode.kt b/src/main/kotlin/dsm/pick2024/global/error/exception/ErrorCode.kt
@@ -49,6 +49,8 @@ enum class ErrorCode(
 
     NOT_EXTENSION_XSL(415, "XSL 확장자가 아닙니다"),
 
+    TOO_MANY_REQUEST(429, "너무 많은 요청입니다."),
+
     // Internal Server Error
     INTERNAL_SERVER_ERROR(500, "내부 서버 오류"),
     FEIGN_SERVER_ERROR(500, "Feign 서버 오류"),
diff --git a/src/main/kotlin/dsm/pick2024/infrastructure/util/redis/RateLimiter.kt b/src/main/kotlin/dsm/pick2024/infrastructure/util/redis/RateLimiter.kt
@@ -0,0 +1,33 @@
+package dsm.pick2024.infrastructure.util.redis
+
+import dsm.pick2024.infrastructure.util.redis.exception.TooManyRequestException
+import dsm.pick2024.infrastructure.util.redis.port.RateLimiterPort
+import org.springframework.data.redis.core.StringRedisTemplate
+import org.springframework.stereotype.Component
+import java.time.Duration
+
+@Component
+class RateLimiter(
+    private val redisTemplate: StringRedisTemplate
+) : RateLimiterPort {
+    private val RATE_LIMIT_PREFIX = "RATE_LIMIT"
+
+    private val REQUEST_LIMIT = 5L
+
+    private val TIME_WINDOW = Duration.ofMinutes(10)
+
+    override fun isAllowed(key: String) {
+        val valueOperations = redisTemplate.opsForValue()
+        val redisKey = "$RATE_LIMIT_PREFIX:$key"
+
+        val requestCount = valueOperations.increment(redisKey) ?: 0L
+
+        if (requestCount == 1L) {
+            redisTemplate.expire(redisKey, TIME_WINDOW)
+        }
+
+        if (requestCount > REQUEST_LIMIT) {
+            throw TooManyRequestException
+        }
+    }
+}
diff --git a/src/main/kotlin/dsm/pick2024/infrastructure/util/redis/exception/TooManyRequestException.kt b/src/main/kotlin/dsm/pick2024/infrastructure/util/redis/exception/TooManyRequestException.kt
@@ -0,0 +1,8 @@
+package dsm.pick2024.infrastructure.util.redis.exception
+
+import dsm.pick2024.global.error.exception.ErrorCode
+import dsm.pick2024.global.error.exception.PickException
+
+object TooManyRequestException : PickException(
+    ErrorCode.TOO_MANY_REQUEST
+)
diff --git a/src/main/kotlin/dsm/pick2024/infrastructure/util/redis/port/RateLimiterPort.kt b/src/main/kotlin/dsm/pick2024/infrastructure/util/redis/port/RateLimiterPort.kt
@@ -0,0 +1,5 @@
+package dsm.pick2024.infrastructure.util.redis.port
+
+interface RateLimiterPort {
+    fun isAllowed(key: String)
+}
