refactor/OPS-338 : Dev 토큰 발급 컨트롤러 추가

yonggi1234 · yonggi1234 · commit 0991b95c0907 · 2025-09-29T12:38:12.000+09:00
diff --git a/src/main/java/org/tuna/zoopzoop/backend/domain/auth/dev/controller/DevController.java b/src/main/java/org/tuna/zoopzoop/backend/domain/auth/dev/controller/DevController.java
@@ -0,0 +1,35 @@
+package org.tuna.zoopzoop.backend.domain.auth.dev.controller;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Profile;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
+import org.tuna.zoopzoop.backend.domain.member.entity.Member;
+import org.tuna.zoopzoop.backend.domain.member.enums.Provider;
+import org.tuna.zoopzoop.backend.domain.member.repository.MemberRepository;
+import org.tuna.zoopzoop.backend.global.security.jwt.JwtUtil;
+
+import java.util.Map;
+
+@Profile({"local","dev","staging","test"})
+@RestController
+@RequestMapping("/dev")
+@RequiredArgsConstructor
+public class DevController {
+
+    private final MemberRepository memberRepository;
+    private final JwtUtil jwtUtil;
+
+    @GetMapping("/token")
+    public Map<String, String> issueToken(
+            @RequestParam Provider provider,
+            @RequestParam String key
+    ) {
+        Member m = memberRepository.findByProviderAndProviderKey(provider, key)
+                .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "member not found"));
+
+        String accessToken = jwtUtil.generateToken(m);
+        return Map.of("accessToken", accessToken);
+    }
+}
diff --git a/src/main/java/org/tuna/zoopzoop/backend/global/security/SecurityConfig.java b/src/main/java/org/tuna/zoopzoop/backend/global/security/SecurityConfig.java
@@ -43,7 +43,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                                 "/webjars/**",
                                 "/api/v1/**", // API 테스트용으로 모두 허용. 차후 필수로 변경 필요.
                                 "/test/**", // 테스트용으로 모두 허용. 차후 삭제 필요.
-                                "/actuator/health" // health 체크용
+                                "/actuator/health", // health 체크용
+                                "/dev/**" // ← 추가: dev 토큰 발급은 누구나 접근
                         ).permitAll()
                         .anyRequest().authenticated()
                 )
