bottle-note · Whale0928 · Dec 23, 2025 · Dec 22, 2025 · Dec 22, 2025 · Dec 22, 2025
diff --git a/.github/workflows/deploy_v2_development_product_api.yml b/.github/workflows/deploy_v2_development_product_api.yml
@@ -2,14 +2,20 @@ name: deploy v2 development product api
 
 on:
   workflow_dispatch:
-  push:
+  workflow_run:
+    workflows: [ "product ci pipeline" ]
+    types:
+      - completed
     branches:
       - main
-    paths:
-      - 'bottlenote-batch/**'
-      - 'bottlenote-mono/**'
-      - 'bottlenote-observability/**'
-      - 'bottlenote-product-api/**'
+  #push:
+  #  branches:
+  #    - main
+  #  paths:
+  #    - 'bottlenote-batch/**'
+  #    - 'bottlenote-mono/**'
+  #    - 'bottlenote-observability/**'
+  #    - 'bottlenote-product-api/**'
 
 concurrency:
   group: "deploy-product"

diff --git a/.github/workflows/github-pages.yml b/.github/workflows/github-pages.yml
@@ -55,7 +55,6 @@ jobs:
           destination: ./_site
       - name: Upload artifact
         uses: actions/upload-pages-artifact@v3
-
   deploy:
     environment:
       name: github-pages

diff --git a/.github/workflows/product_ci_pipeline.yml b/.github/workflows/product_ci_pipeline.yml
@@ -27,13 +27,11 @@ jobs:
         with:
           submodules: true
           token: ${{ secrets.GIT_ACCESS_TOKEN }}
-
       - name: setup jdk
         uses: actions/setup-java@v4
         with:
           java-version: '21'
           distribution: 'temurin'
-
       - name: setup gradle cache
         uses: actions/cache@v3
         with:
@@ -151,7 +149,14 @@ jobs:
     needs: prepare
     timeout-minutes: 20
     runs-on: ubuntu-latest
-
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+          - name: product
+            task: integration_test
+          - name: admin
+            task: admin_integration_test
     services:
       docker:
         image: docker:24.0
@@ -160,7 +165,6 @@ jobs:
           - 1234:1234
         env:
           DOCKER_TLS_CERTDIR: ""
-
     steps:
       - name: checkout code
         uses: actions/checkout@v4
@@ -191,17 +195,17 @@ jobs:
             */build
           key: workspace-${{ github.sha }}
 
-      - name: run integration tests
-        run: ./gradlew integration_test
+      - name: run ${{ matrix.name }} integration tests
+        run: ./gradlew ${{ matrix.task }}
 
       - name: upload test results
         if: always()
         uses: actions/upload-artifact@v4
         with:
-          name: integration-test-results-${{ github.run_number }}
+          name: ${{ matrix.name }}-integration-test-results-${{ github.run_number }}
           path: |
-            */build/reports/tests/integration_test/
-            */build/test-results/integration_test/
+            */build/reports/tests/${{ matrix.task }}/
+            */build/test-results/${{ matrix.task }}/
 
   product-ci-final-build:
     needs: [ unit-tests, rule-tests, integration-tests ]

diff --git a/bottlenote-admin-api/VERSION b/bottlenote-admin-api/VERSION
@@ -1 +1 @@
-1.0.4
+1.0.5
diff --git a/bottlenote-admin-api/build.gradle.kts b/bottlenote-admin-api/build.gradle.kts
@@ -11,6 +11,8 @@ val asciidoctorExt: Configuration by configurations.creating
 
 dependencies {
 	implementation(project(":bottlenote-mono"))
+	testImplementation(project(":bottlenote-mono").dependencyProject.sourceSets["test"].output)
+
 	implementation("org.springframework.boot:spring-boot-starter-web")
 	implementation("org.springframework.boot:spring-boot-starter-validation")
 	implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
@@ -31,9 +33,6 @@ dependencies {
 
 	// Test - Testcontainers
 	testImplementation(libs.bundles.testcontainers.complete)
-
-	// Test - mono 모듈 TestFactory 참조
-	testImplementation(project(":bottlenote-mono").dependencyProject.sourceSets.test.get().output)
 }
 
 sourceSets {
@@ -76,3 +75,4 @@ tasks.asciidoctor {
 	}
 	baseDirFollowsSourceFile()
 }
+tasks.register("prepareKotlinBuildScriptModel") {}
diff --git a/bottlenote-admin-api/src/docs/asciidoc/admin-api.adoc b/bottlenote-admin-api/src/docs/asciidoc/admin-api.adoc
@@ -26,6 +26,12 @@ include::api/overview/global-exception.adoc[]
 
 '''
 
+== Auth API
+
+include::api/admin-auth/auth.adoc[]
+
+'''
+
 == Alcohol API
 
 include::api/admin-alcohols/alcohols.adoc[]
diff --git a/bottlenote-admin-api/src/docs/asciidoc/api/admin-auth/auth.adoc b/bottlenote-admin-api/src/docs/asciidoc/api/admin-auth/auth.adoc
@@ -0,0 +1,72 @@
+=== 로그인 ===
+
+- 관리자 계정으로 로그인하여 액세스 토큰과 리프레시 토큰을 발급받습니다.
+
+[source]
+----
+POST /admin/api/v1/auth/login
+----
+
+[discrete]
+==== 요청 파라미터 ====
+
+[discrete]
+include::{snippets}/admin/auth/login/request-fields.adoc[]
+include::{snippets}/admin/auth/login/http-request.adoc[]
+
+[discrete]
+==== 응답 파라미터 ====
+
+[discrete]
+include::{snippets}/admin/auth/login/response-fields.adoc[]
+include::{snippets}/admin/auth/login/http-response.adoc[]
+
+'''
+
+=== 토큰 갱신 ===
+
+- 리프레시 토큰을 사용하여 새로운 액세스 토큰을 발급받습니다.
+
+[source]
+----
+POST /admin/api/v1/auth/refresh
+----
+
+[discrete]
+==== 요청 파라미터 ====
+
+[discrete]
+include::{snippets}/admin/auth/refresh/request-fields.adoc[]
+include::{snippets}/admin/auth/refresh/http-request.adoc[]
+
+[discrete]
+==== 응답 파라미터 ====
+
+[discrete]
+include::{snippets}/admin/auth/refresh/response-fields.adoc[]
+include::{snippets}/admin/auth/refresh/http-response.adoc[]
+
+'''
+
+=== 탈퇴 ===
+
+- 인증된 관리자 계정을 탈퇴 처리합니다.
+
+[source]
+----
+DELETE /admin/api/v1/auth/withdraw
+----
+
+[discrete]
+==== 요청 헤더 ====
+
+[discrete]
+include::{snippets}/admin/auth/withdraw/request-headers.adoc[]
+include::{snippets}/admin/auth/withdraw/http-request.adoc[]
+
+[discrete]
+==== 응답 파라미터 ====
+
+[discrete]
+include::{snippets}/admin/auth/withdraw/response-fields.adoc[]
+include::{snippets}/admin/auth/withdraw/http-response.adoc[]
diff --git a/bottlenote-admin-api/src/main/kotlin/app/Application.kt b/bottlenote-admin-api/src/main/kotlin/app/Application.kt
@@ -2,9 +2,11 @@ package app
 
 import org.springframework.boot.autoconfigure.SpringBootApplication
 import org.springframework.boot.autoconfigure.domain.EntityScan
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan
 import org.springframework.boot.runApplication
 import java.util.*
 
+@ConfigurationPropertiesScan(basePackages = ["app"])
 @EntityScan(basePackages = ["app"])
 @SpringBootApplication(scanBasePackages = ["app"])
 class AdminApplication

diff --git a/bottlenote-admin-api/src/main/kotlin/app/bottlenote/auth/config/RootAdminProperties.kt b/bottlenote-admin-api/src/main/kotlin/app/bottlenote/auth/config/RootAdminProperties.kt
@@ -0,0 +1,17 @@
+package app.bottlenote.auth.config
+
+import org.springframework.boot.context.properties.ConfigurationProperties
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+
+@ConfigurationProperties(prefix = "root.admin")
+data class RootAdminProperties(
+	val email: String,
+	private val password: String
+) {
+	/**
+	 * 주입받은 인코더를 사용하여 비밀번호를 암호화하여 반환합니다.
+	 */
+	fun getEncodedPassword(encoder: BCryptPasswordEncoder): String {
+		return encoder.encode(password)
+	}
+}
diff --git a/bottlenote-admin-api/src/main/kotlin/app/bottlenote/auth/persentaton/AuthController.kt b/bottlenote-admin-api/src/main/kotlin/app/bottlenote/auth/persentaton/AuthController.kt
@@ -0,0 +1,76 @@
+package app.bottlenote.auth.persentaton
+
+import app.bottlenote.auth.config.RootAdminProperties
+import app.bottlenote.global.data.response.GlobalResponse
+import app.bottlenote.global.security.SecurityContextUtil
+import app.bottlenote.user.dto.request.AdminSignupRequest
+import app.bottlenote.user.dto.response.TokenItem
+import app.bottlenote.user.exception.UserException
+import app.bottlenote.user.exception.UserExceptionCode
+import app.bottlenote.user.service.AdminAuthService
+import jakarta.validation.Valid
+import org.slf4j.LoggerFactory
+import org.springframework.boot.context.event.ApplicationReadyEvent
+import org.springframework.context.event.EventListener
+import org.springframework.http.ResponseEntity
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.web.bind.annotation.*
+
+@RestController
+@RequestMapping("/auth")
+class AuthController(
+	private val authService: AdminAuthService,
+	private val rootAdminProperties: RootAdminProperties,
+	private val encoder: BCryptPasswordEncoder
+) {
+	private val log = LoggerFactory.getLogger(javaClass)
+
+	@EventListener(ApplicationReadyEvent::class)
+	fun onApplicationReady() {
+		val rootAdminIsAlive = authService.rootAdminIsAlive()
+		log.info("루트 어드민 존재 여부: {}", rootAdminIsAlive)
+		if (!rootAdminIsAlive) {
+			log.info("루트 어드민 초기 생성 로직 호출")
+			val email = rootAdminProperties.email
+			val encodedPassword = rootAdminProperties.getEncodedPassword(encoder)
+			authService.initRootAdmin(email, encodedPassword)
+		}
+	}
+
+	@PostMapping("/login")
+	fun login(@RequestBody request: LoginRequest): ResponseEntity<*> {
+		val tokenItem: TokenItem = authService.login(request.email, request.password)
+		return GlobalResponse.ok(tokenItem)
+	}
+
+	@PostMapping("/refresh")
+	fun refresh(@RequestBody request: RefreshRequest): ResponseEntity<*> {
+		val tokenItem: TokenItem = authService.refresh(request.refreshToken)
+		return GlobalResponse.ok(tokenItem)
+	}
+
+	@PostMapping("/signup")
+	fun signup(@RequestBody @Valid request: AdminSignupRequest): ResponseEntity<*> {
+		val requesterId = SecurityContextUtil.getAdminUserIdByContext()
+			.orElseThrow { UserException(UserExceptionCode.REQUIRED_USER_ID) }
+		val response = authService.signup(requesterId, request)
+		return GlobalResponse.ok(response)
+	}
+
+	@DeleteMapping("/withdraw")
+	fun withdraw(): ResponseEntity<*> {
+		val adminId = SecurityContextUtil.getAdminUserIdByContext()
+			.orElseThrow { UserException(UserExceptionCode.REQUIRED_USER_ID) }
+		authService.withdraw(adminId)
+		return GlobalResponse.ok(mapOf("message" to "탈퇴 처리되었습니다."))
+	}
+
+	data class LoginRequest(
+		val email: String,
+		val password: String
+	)
+
+	data class RefreshRequest(
+		val refreshToken: String
+	)
+}
diff --git a/bottlenote-admin-api/src/main/kotlin/app/global/security/SecurityConfig.kt b/bottlenote-admin-api/src/main/kotlin/app/global/security/SecurityConfig.kt
@@ -1,32 +1,43 @@
 package app.global.security
 
+import app.bottlenote.global.security.jwt.AdminJwtAuthenticationFilter
+import app.bottlenote.global.security.jwt.AdminJwtAuthenticationManager
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 import org.springframework.web.cors.CorsConfiguration
 import org.springframework.web.cors.CorsConfigurationSource
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource
 
 @Configuration
 @EnableWebSecurity
-class SecurityConfig {
+class SecurityConfig(
+	private val adminJwtAuthenticationManager: AdminJwtAuthenticationManager
+) {
 
 	@Bean
 	fun filterChain(http: HttpSecurity): SecurityFilterChain {
 		return http
 			.csrf { it.disable() }
-			.cors { corsConfigurationSource() }
+			.cors { it.configurationSource(corsConfigurationSource()) }
+			.sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
 			.formLogin { it.disable() }
 			.httpBasic { it.disable() }
 			.authorizeHttpRequests { auth ->
-				run {
-					auth.anyRequest().permitAll()
-
-				}
+				auth
+					.requestMatchers("/auth/login", "/auth/refresh").permitAll()
+					.requestMatchers("/actuator/**").permitAll()
+					.anyRequest().authenticated()
 			}
+			.addFilterBefore(
+				AdminJwtAuthenticationFilter(adminJwtAuthenticationManager),
+				UsernamePasswordAuthenticationFilter::class.java
+			)
 			.build()
 	}
 

diff --git a/bottlenote-admin-api/src/main/resources/application.yml b/bottlenote-admin-api/src/main/resources/application.yml
@@ -58,25 +58,27 @@ schedules:
       sync:
         enable: false
 
+root:
+  admin:
+    email: ${ROOT_ADMIN_EMAIL:email@email.com}
+    password: ${ROOT_ADMIN_PASSWORD:email@email.com}
+
 --- # default/local 프로파일 (동일 설정)
 spring:
   config:
     activate:
       on-profile: default,local
-
 logging:
   level:
     root: info
     app.bottlenote: info
-
 management:
   tracing:
     enabled: false
   otlp:
     metrics:
       export:
         enabled: false
-
 server:
   tomcat:
     threads: