Merge branch 'dev'

yeongbin1999 · yeongbin1999 · commit a264166fc83d · 2025-10-16T10:48:53.000+09:00
diff --git a/backend/src/main/java/com/deliveranything/domain/notification/controller/NotificationController.java b/backend/src/main/java/com/deliveranything/domain/notification/controller/NotificationController.java
@@ -46,7 +46,7 @@ public SseEmitter subscribe(
       throw new CustomException(ErrorCode.PROFILE_REQUIRED);
     }
 
-    SseEmitter emitter = new SseEmitter(0L);
+    SseEmitter emitter = new SseEmitter(60 * 60 * 1000L);
     emitterRepository.save(profileId, deviceId, emitter);
 
     // 연결 종료 시 Emitter 제거
diff --git a/backend/src/main/java/com/deliveranything/global/config/WebSocketConfig.java b/backend/src/main/java/com/deliveranything/global/config/WebSocketConfig.java
@@ -15,6 +15,7 @@
 import com.deliveranything.global.security.handler.StompErrorHandler;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.messaging.Message;
 import org.springframework.messaging.MessageChannel;
@@ -29,13 +30,15 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.config.annotation.web.socket.EnableWebSocketSecurity;
 import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
 
 @Slf4j
 @Configuration
 @EnableWebSocketMessageBroker
+@EnableWebSocketSecurity
 @RequiredArgsConstructor
 public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
 
@@ -155,4 +158,14 @@ private Authentication authenticate(StompHeaderAccessor accessor) {
       }
     });
   }
+
+  /**
+   * Disables CSRF for STOMP messages when using @EnableWebSocketSecurity.
+   * This bean name is specifically recognized by Spring Security to override the default CSRF ChannelInterceptor.
+   */
+  @Bean
+  public ChannelInterceptor csrfChannelInterceptor() {
+      // Returning a no-op ChannelInterceptor effectively disables the CSRF check
+      return new ChannelInterceptor() {};
+  }
 }
diff --git a/backend/src/main/java/com/deliveranything/global/security/config/WebSocketSecurityConfig.java b/backend/src/main/java/com/deliveranything/global/security/config/WebSocketSecurityConfig.java
diff --git a/backend/test_sse.py b/backend/test_sse.py
@@ -0,0 +1,76 @@
+import requests
+import json
+import time
+
+BASE_URL = "https://api.deliver-anything.shop"
+LOGIN_ENDPOINT = f"{BASE_URL}/api/v1/auth/login"
+SSE_ENDPOINT = f"{BASE_URL}/api/v1/notifications/stream"
+
+# 1. 로그인 정보
+email = "test2@test.com"
+password = "password2!"
+initial_device_id = "test_device_123"
+
+# 2. 로그인 요청
+print("로그인 요청 중...")
+login_payload = {
+    "email": email,
+    "password": password
+}
+login_headers = {
+    "Content-Type": "application/json",
+    "X-Device-ID": initial_device_id
+}
+
+try:
+    login_response = requests.post(LOGIN_ENDPOINT, json=login_payload, headers=login_headers)
+    login_response.raise_for_status()
+
+    access_token = login_response.headers.get("Authorization")
+    received_device_id_raw = login_response.headers.get("X-Device-ID")
+
+    if not access_token:
+        print("로그인 응답에서 Authorization 헤더를 찾을 수 없습니다.")
+        print(f"응답 헤더: {login_response.headers}")
+        print(f"응답 본문: {login_response.text}")
+        exit()
+
+    final_device_id = initial_device_id
+    if received_device_id_raw:
+        final_device_id = received_device_id_raw.split(',')[0].strip()
+        print(f"로그인 응답에서 X-Device-ID를 추출했습니다: {final_device_id}")
+    else:
+        print("로그인 응답에서 X-Device-ID 헤더를 찾을 수 없습니다. 초기 device_id를 사용합니다.")
+
+    print("로그인 성공!")
+    print(f"Access Token: {access_token}")
+    print(f"Final X-Device-ID: {final_device_id}")
+
+    # 3. SSE 연결
+    print("\nSSE 연결 시도 중...")
+    sse_headers = {
+        "Accept": "text/event-stream",
+        "Authorization": access_token,
+        "X-Device-ID": final_device_id
+    }
+
+    with requests.get(SSE_ENDPOINT, headers=sse_headers, stream=True) as sse_response:
+        sse_response.raise_for_status()
+
+        print("SSE 연결 성공! 이벤트를 수신 중...")
+        for line in sse_response.iter_lines():
+            if line:
+                decoded_line = line.decode('utf-8')
+                print(decoded_line)
+            if not line and sse_response.raw.closed:
+                print("SSE 연결이 종료되었습니다.")
+                break
+            time.sleep(0.1)
+
+except requests.exceptions.RequestException as e:
+    print(f"요청 중 오류 발생: {e}")
+    if hasattr(e, 'response') and e.response is not None:
+        print(f"응답 상태 코드: {e.response.status_code}")
+        print(f"응답 본문: {e.response.text}")
+except Exception as e:
+    print(f"예상치 못한 오류 발생: {e}")

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ public SseEmitter subscribe(`
`46`	`46`	`throw new CustomException(ErrorCode.PROFILE_REQUIRED);`
`47`	`47`	`}`
`48`	`48`
`49`		`- SseEmitter emitter = new SseEmitter(0L);`
	`49`	`+ SseEmitter emitter = new SseEmitter(60 * 60 * 1000L);`
`50`	`50`	`emitterRepository.save(profileId, deviceId, emitter);`
`51`	`51`
`52`	`52`	`// 연결 종료 시 Emitter 제거`