prgrms-web-devcourse-final-project · DooHyoJeong · Oct 2, 2025 · Oct 1, 2025 · Oct 1, 2025 · Oct 2, 2025
diff --git a/.github/workflows/CI-CD_Pipeline.yml b/.github/workflows/CI-CD_Pipeline.yml
@@ -80,36 +80,11 @@ jobs:
       - name: Create test .env file
         working-directory: backend
         run: |
-          cat > .env << 'EOF'
-          # Datasource 설정 (application-test.yml에서 참조)
-          TEST_DATASOURCE_URL=jdbc:h2:mem:db_test;MODE=MySQL
-          TEST_DATASOURCE_USERNAME=sa
-          TEST_DATASOURCE_PASSWORD=
-          TEST_DATASOURCE_DRIVER=org.h2.Driver
-
-          # JPA 설정 (application-test.yml에서 참조)
-          TEST_JPA_HIBERNATE_DDL_AUTO=create-drop
-
-          email_address=${{ secrets.EMAIL_ADDRESS }}
-          send_email_password=${{ secrets.EMAIL_PASSWORD }}
-          send_email_address=${{ secrets.SEND_EMAIL_ADDRESS }}
-
-          # Redis 설정 (application-test.yml에서 참조, GitHub Actions 서비스 사용)
-          TEST_REDIS_HOST=localhost
-          TEST_REDIS_PORT=6379
-          TEST_REDIS_PASSWORD=
-
-          # Qdrant
-          TEST_QDRANT_HOST=localhost
-          TEST_QDRANT_PORT=6333
-
-          # CI/CD 환경에서는 Embedded Redis 끄기
-          SPRING_DATA_REDIS_EMBEDDED=false
-
-          # JWT 설정 (application-test.yml에서 참조)
-          CUSTOM_JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}
-          CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS=3600
-          EOF
+          set -euo pipefail
+          install -d -m 700 .
+          echo "${{ secrets.ENV_BASE64 }}" | base64 -d > .env
+          chmod 600 .env
+          test -s .env || { echo ".env is empty"; exit 1; }
 
       - name: Run unit, and domain tests
         run: ${{ matrix.gradle_cmd }} clean test
@@ -219,19 +194,6 @@ jobs:
         run: |
           echo "IMAGE_PREFIX=$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
 
-      - name: Create prod .env file
-        run: |
-          cat > .env << 'EOF'
-          SPRING_PROFILES_ACTIVE=prod
-          PROD_DATASOURCE_URL=jdbc:mysql://mysql:3306/${{ secrets.DB_NAME }}
-          PROD_DATASOURCE_USERNAME=${{ secrets.DB_USER }}
-          PROD_DATASOURCE_PASSWORD=${{ secrets.DB_PASSWORD }}
-
-          PROD_REDIS_HOST=redis
-          PROD_REDIS_PORT=6379
-          PROD_REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }}
-          EOF
-
       - name: AWS SSM Send-Command
         uses: peterkimzz/aws-ssm-send-command@master
         id: ssm
@@ -243,44 +205,24 @@ jobs:
           working-directory: /
           comment: Deploy
           command: |
-            set -xe
+            set -euo pipefail
             echo "===== 현재 실행 중인 컨테이너 ====="
             docker ps -a || true
 
             echo "===== 기존 컨테이너 종료 & 제거 ====="
             docker stop app 2>/dev/null || true
             docker rm app 2>/dev/null || true
 
-            # EC2 내부에서 prod.env 파일 생성 (기존 파일 있으면 덮어쓰기)
-            mkdir -p /home/ec2-user/configs
-            cat > /home/ec2-user/configs/prod.env << 'EOF'
-            SPRING_PROFILES_ACTIVE=prod
-
-            CUSTOM_JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}
-            CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS=3600
-
-            PROD_DATASOURCE_URL=jdbc:mysql://mysql:3306/${{ secrets.DB_NAME }}?createDatabaseIfNotExist=true&useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul
-            PROD_DATASOURCE_DRIVER=com.mysql.cj.jdbc.Driver
-            PROD_DATASOURCE_USERNAME=root
-            PROD_DATASOURCE_PASSWORD=${{ secrets.DB_PASSWORD }}
-            PROD_JPA_HIBERNATE_DDL_AUTO=none 
-
-            PROD_REDIS_HOST=redis
-            PROD_REDIS_PORT=6379
-            PROD_REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }}
+            # EC2 내부에서 prod.env 복원 (ENV_BASE64 -> 디코드)
+            install -d -m 700 /home/ec2-user/configs
+            cat > /home/ec2-user/configs/prod.env.b64 <<'__B64__'
+            ${{ secrets.ENV_BASE64 }}
+            __B64__
 
-            PROD_QDRANT_HOST=qdrant
-            PROD_QDRANT_PORT=6334
-
-            send_email_address=${{ secrets.SEND_EMAIL_ADDRESS }}
-            send_email_password=${{ secrets.SEND_EMAIL_PASSWORD }}
-
-            PROD_SENTRY_DSN=${{ secrets.SENTRY_DSN }}
-
-            EOF
-
-            # 파일 권한 최소화 
+            base64 -d /home/ec2-user/configs/prod.env.b64 > /home/ec2-user/configs/prod.env
             chmod 600 /home/ec2-user/configs/prod.env
+            shred -u /home/ec2-user/configs/prod.env.b64   # 임시 파일 안전 삭제
+
 
             # EC2에서 GHCR 로그인
             echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin

diff --git a/backend/.env.default b/backend/.env.default
@@ -1,15 +1,25 @@
 SPRING_PROFILES_ACTIVE=NEED_TO_SET
-
 SPRING_JPA_HIBERNATE_DDL_AUTO=NEED_TO_SET
 
-SPRING__SECURITY__OAUTH2__CLIENT__REGISTRATION__KAKAO__CLIENT_ID=NEED_TO_SET
-SPRING__SECURITY__OAUTH2__CLIENT__REGISTRATION__KAKAO__CLIENT_SECRET=NEED_TO_SET
-SPRING__SECURITY__OAUTH2__CLIENT__REGISTRATION__NAVER__CLIENT_ID=NEED_TO_SET
-SPRING__SECURITY__OAUTH2__CLIENT__REGISTRATION__NAVER__CLIENT_SECRET=NEED_TO_SET
+SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_CLIENT_ID=NEED_TO_SET
+SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_CLIENT_SECRET=NEED_TO_SET
+SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_NAVER_CLIENT_ID=NEED_TO_SET
+SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_NAVER_CLIENT_SECRET=NEED_TO_SET
 
 CUSTOM_JWT_SECRET_KEY=NEED_TO_SET
 CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS=NEED_TO_SET
 
+# Email
+SEND_EMAIL_ADDRESS=NEED_TO_SET
+SEND_EMAIL_PASSWORD=NEED_TO_SET
+
+# PROD
+PROD_FRONTEND_URL=NEED_TO_SET
+PROD_CORS_ALLOWED_ORIGINS=NEED_TO_SET
+PROD_OAUTH2_KAKAO_REDIRECT_URI=NEED_TO_SET
+PROD_OAUTH2_NAVER_REDIRECT_URI=NEED_TO_SET
+PROD_OAUTH2_SUCCESS_REDIRECT_URL=NEED_TO_SET
+PROD_OAUTH2_FAILURE_REDIRECT_URL=NEED_TO_SET
 PROD_DATASOURCE_URL=NEED_TO_SET
 PROD_DATASOURCE_DRIVER=NEED_TO_SET
 PROD_DATASOURCE_USERNAME=NEED_TO_SET
@@ -19,16 +29,32 @@ PROD_REDIS_HOST=NEED_TO_SET
 PROD_REDIS_PORT=NEED_TO_SET
 PROD_REDIS_PASSWORD=NEED_TO_SET
 
+PROD_QDRANT_HOST=NEED_TO_SET
+PROD_QDRANT_PORT=NEED_TO_SET
+
+# DEV
+DEV_FRONTEND_URL=NEED_TO_SET
+DEV_CORS_ALLOWED_ORIGINS=NEED_TO_SET
+DEV_OAUTH2_KAKAO_REDIRECT_URI=NEED_TO_SET
+DEV_OAUTH2_NAVER_REDIRECT_URI=NEED_TO_SET
+DEV_OAUTH2_SUCCESS_REDIRECT_URL=NEED_TO_SET
+DEV_OAUTH2_FAILURE_REDIRECT_URL=NEED_TO_SET
 DEV_DATASOURCE_URL=NEED_TO_SET
 DEV_DATASOURCE_USERNAME=NEED_TO_SET
 DEV_DATASOURCE_PASSWORD=NEED_TO_SET
 DEV_DATASOURCE_DRIVER=NEED_TO_SET
 DEV_JPA_HIBERNATE_DDL_AUTO=NEED_TO_SET
+DEV_DATASOURCE_PORT=NEED_TO_SET
+DEV_DB_ROOT_PASSWORD=NEED_TO_SET
 
 DEV_REDIS_HOST=NEED_TO_SET
 DEV_REDIS_PORT=NEED_TO_SET
 DEV_REDIS_PASSWORD=NEED_TO_SET
 
+DEV_QDRANT_HOST=NEED_TO_SET
+DEV_QDRANT_PORT=NEED_TO_SET
+
+# TEST
 TEST_DATASOURCE_URL=NEED_TO_SET
 TEST_DATASOURCE_USERNAME=NEED_TO_SET
 TEST_DATASOURCE_PASSWORD=NEED_TO_SET
@@ -37,4 +63,17 @@ TEST_JPA_HIBERNATE_DDL_AUTO=NEED_TO_SET
 
 TEST_REDIS_HOST=NEED_TO_SET
 TEST_REDIS_PORT=NEED_TO_SET
-TEST_REDIS_PASSWORD=NEED_TO_SET
+TEST_REDIS_PASSWORD=NEED_TO_SET
+
+# AI
+OPENAI_API_KEY=NEED_TO_SET
+
+# Base application.yml variables (no profile-specific prefix)
+SPRING_AI_VECTORSTORE_QDRANT_HOST=NEED_TO_SET
+SPRING_AI_VECTORSTORE_QDRANT_PORT=NEED_TO_SET
+SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_REDIRECT_URI=NEED_TO_SET
+SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_NAVER_REDIRECT_URI=NEED_TO_SET
+CUSTOM_CORS_ALLOWED_ORIGINS=NEED_TO_SET
+CUSTOM_OAUTH2_REDIRECT_URL=NEED_TO_SET
+CUSTOM_OAUTH2_FAILURE_URL=NEED_TO_SET
+CUSTOM_FRONTEND_URL=NEED_TO_SET
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -38,6 +38,7 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-validation'
     implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-mail', version: '3.0.5'
 
     // API Documentation (문서화)

diff --git a/backend/src/main/java/com/ai/lawyer/domain/auth/dto/OAuth2LoginResponse.java b/backend/src/main/java/com/ai/lawyer/domain/auth/dto/OAuth2LoginResponse.java
@@ -0,0 +1,11 @@
+package com.ai.lawyer.domain.auth.dto;
+
+import lombok.Builder;
+import lombok.Getter;
+
+@Getter
+@Builder
+public class OAuth2LoginResponse {
+    private boolean success;
+    private String message;
+}
diff --git a/backend/src/main/java/com/ai/lawyer/domain/law/dto/LawSearchRequestDto.java b/backend/src/main/java/com/ai/lawyer/domain/law/dto/LawSearchRequestDto.java
@@ -1,13 +1,17 @@
 package com.ai.lawyer.domain.law.dto;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
+import lombok.NoArgsConstructor;
 
 import java.time.LocalDate;
 
 @Data
 @Builder
+@NoArgsConstructor
+@AllArgsConstructor
 public class LawSearchRequestDto {
 
     @Schema(description = "법령명", example = "형사")

diff --git a/backend/src/main/java/com/ai/lawyer/domain/law/dto/LawsDto.java b/backend/src/main/java/com/ai/lawyer/domain/law/dto/LawsDto.java
@@ -3,12 +3,14 @@
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
+import lombok.NoArgsConstructor;
 
 import java.time.LocalDate;
 
 @Data
 @Builder
 @AllArgsConstructor
+@NoArgsConstructor
 public class LawsDto {
     private Long id;