Docker 런타임 환경 변수 우선 적용

server/api/auth/bootstrap-status.get.js

@@ -1,5 +1,6 @@
 import { getMemberBootstrapState } from '../../repositories/member-repository'
 import { isResendConfigured } from '../../utils/resend-mail'
+import { getRuntimeEnvValue } from '../../utils/runtime-env'
 
 /**
  * 최초 관리자 등록 필요 여부·이메일 OTP(Resend) 사용 가능 여부를 조회한다.
@@ -8,7 +9,7 @@ import { isResendConfigured } from '../../utils/resend-mail'
 export default defineEventHandler(async () => {
   const base = await getMemberBootstrapState()
   const config = useRuntimeConfig()
-  const hasPepper = Boolean(String(config.emailOtpPepper || config.memberSessionSecret || '').trim())
+  const hasPepper = Boolean(getRuntimeEnvValue('EMAIL_OTP_PEPPER', 'emailOtpPepper', getRuntimeEnvValue('MEMBER_SESSION_SECRET', 'memberSessionSecret')).trim())
   const emailOtpConfigured = isResendConfigured(config) && hasPepper
   return {
     ...base,

server/api/auth/email-otp/request.post.js

@@ -13,6 +13,7 @@ import {
 } from '../../../repositories/email-otp-repository'
 import { generateSixDigitOtp, hashOtpCode, normalizeOtpEmail } from '../../../utils/email-otp'
 import { isResendConfigured, sendResendEmail } from '../../../utils/resend-mail'
+import { getRuntimeEnvValue } from '../../../utils/runtime-env'
 
 const bodySchema = z.object({
   email: z.string().trim().email(),
@@ -28,7 +29,7 @@ const MAX_SENDS_PER_HOUR = 5
  * @returns {string}
  */
 const resolveOtpPepper = (config) => {
-  const pepper = String(config.emailOtpPepper || config.memberSessionSecret || '').trim()
+  const pepper = getRuntimeEnvValue('EMAIL_OTP_PEPPER', 'emailOtpPepper', getRuntimeEnvValue('MEMBER_SESSION_SECRET', 'memberSessionSecret')).trim()
   if (!pepper) {
     throw createError({
       statusCode: 500,
@@ -150,8 +151,8 @@ export default defineEventHandler(async (event) => {
 
   try {
     await sendResendEmail({
-      apiKey: String(config.resendApiKey).trim(),
-      from: String(config.resendFromEmail).trim(),
+      apiKey: getRuntimeEnvValue('RESEND_API_KEY', 'resendApiKey').trim(),
+      from: getRuntimeEnvValue('RESEND_FROM_EMAIL', 'resendFromEmail').trim(),
       to: email,
       subject,
       html

server/api/auth/password-reset/confirm.post.js

@@ -3,6 +3,7 @@ import { z } from 'zod'
 import { createError, readBody } from 'h3'
 import { updateMemberPasswordByEmail } from '../../../repositories/member-repository'
 import { verifyAndConsumeEmailOtp } from '../../../repositories/email-otp-repository'
+import { getRuntimeEnvValue } from '../../../utils/runtime-env'
 
 const bodySchema = z.object({
   email: z.string().trim().email(),
@@ -24,8 +25,7 @@ export default defineEventHandler(async (event) => {
     })
   }
 
-  const config = useRuntimeConfig()
-  const pepper = String(config.emailOtpPepper || config.memberSessionSecret || '').trim()
+  const pepper = getRuntimeEnvValue('EMAIL_OTP_PEPPER', 'emailOtpPepper', getRuntimeEnvValue('MEMBER_SESSION_SECRET', 'memberSessionSecret')).trim()
   if (!pepper) {
     throw createError({
       statusCode: 500,

server/api/auth/signup.post.js

@@ -6,6 +6,7 @@ import { verifyAndConsumeEmailOtp } from '../../repositories/email-otp-repositor
 import { setMemberSession } from '../../utils/member-auth'
 import { setAdminSession } from '../../utils/admin-auth'
 import { isResendConfigured } from '../../utils/resend-mail'
+import { getRuntimeEnvValue } from '../../utils/runtime-env'
 
 const signupSchema = z.object({
   username: z.string().trim().min(1),
@@ -24,7 +25,7 @@ const isSignupOtpRequired = (config, bootstrap) => {
   if (bootstrap.needsAdminSetup) {
     return false
   }
-  const hasPepper = Boolean(String(config.emailOtpPepper || config.memberSessionSecret || '').trim())
+  const hasPepper = Boolean(getRuntimeEnvValue('EMAIL_OTP_PEPPER', 'emailOtpPepper', getRuntimeEnvValue('MEMBER_SESSION_SECRET', 'memberSessionSecret')).trim())
   return isResendConfigured(config) && hasPepper
 }
 
@@ -77,7 +78,7 @@ export default defineEventHandler(async (event) => {
         message: '이메일 인증번호를 입력해 주세요.'
       })
     }
-    const pepper = String(config.emailOtpPepper || config.memberSessionSecret || '').trim()
+    const pepper = getRuntimeEnvValue('EMAIL_OTP_PEPPER', 'emailOtpPepper', getRuntimeEnvValue('MEMBER_SESSION_SECRET', 'memberSessionSecret')).trim()
     const verify = await verifyAndConsumeEmailOtp({
       email: emailNorm,
       purpose: 'signup',

server/repositories/postgres-client.js

@@ -1,4 +1,5 @@
 import postgres from 'postgres'
+import { getRuntimeEnvValue } from '../utils/runtime-env'
 
 let client = null
 
@@ -13,9 +14,9 @@ const isProductionRuntime = () => process.env.NODE_ENV === 'production'
  * @returns {ReturnType<typeof postgres> | null} PostgreSQL 클라이언트
  */
 export const getPostgresClient = () => {
-  const config = useRuntimeConfig()
+  const databaseUrl = getRuntimeEnvValue('DATABASE_URL', 'databaseUrl').trim()
 
-  if (!config.databaseUrl) {
+  if (!databaseUrl) {
     if (isProductionRuntime()) {
       throw new Error('DATABASE_URL_REQUIRED')
     }
@@ -24,7 +25,7 @@ export const getPostgresClient = () => {
   }
 
   if (!client) {
-    client = postgres(config.databaseUrl, {
+    client = postgres(databaseUrl, {
       max: 5,
       idle_timeout: 20,
       connect_timeout: 10

server/routes/admin/api/auth/login.post.js

@@ -4,6 +4,7 @@ import bcrypt from 'bcrypt'
 import { safeCompare, setAdminSession } from '../../../../utils/admin-auth'
 import { getAdminUserByEmail, getMemberBootstrapState, touchUserActivity, upsertBootstrapOwner } from '../../../../repositories/member-repository'
 import { setMemberSession } from '../../../../utils/member-auth'
+import { getRuntimeEnvValue } from '../../../../utils/runtime-env'
 
 const loginSchema = z.object({
   email: z.string().email(),
@@ -26,9 +27,8 @@ const createBootstrapUsername = (email) => {
  * @returns {Promise<import('../../../../repositories/member-repository').MemberUser | null>} 생성된 관리자
  */
 const createBootstrapAdminUser = async (credentials) => {
-  const config = useRuntimeConfig()
-  const adminEmail = String(config.adminEmail || '').trim().toLowerCase()
-  const adminPassword = String(config.adminPassword || '')
+  const adminEmail = getRuntimeEnvValue('ADMIN_EMAIL', 'adminEmail').trim().toLowerCase()
+  const adminPassword = getRuntimeEnvValue('ADMIN_PASSWORD', 'adminPassword')
 
   if (!adminEmail || !adminPassword || credentials.email.trim().toLowerCase() !== adminEmail || !safeCompare(credentials.password, adminPassword)) {
     return null

server/utils/admin-auth.js

@@ -1,5 +1,6 @@
 import { createHmac, timingSafeEqual } from 'node:crypto'
 import { createError, deleteCookie, getCookie, setCookie } from 'h3'
+import { getRuntimeEnvValue } from './runtime-env'
 
 const adminSessionCookieName = 'sori_admin_session'
 const sessionMaxAge = 60 * 60 * 12
@@ -9,16 +10,16 @@ const sessionMaxAge = 60 * 60 * 12
  * @returns {string} 세션 서명 비밀값
  */
 const getSessionSecret = () => {
-  const config = useRuntimeConfig()
+  const adminPassword = getRuntimeEnvValue('ADMIN_PASSWORD', 'adminPassword')
 
-  if (!config.adminPassword) {
+  if (!adminPassword) {
     throw createError({
       statusCode: 500,
       message: '관리자 비밀번호 환경 변수가 없습니다.'
     })
   }
 
-  return config.adminPassword
+  return adminPassword
 }
 
 /**

server/utils/member-auth.js

@@ -1,5 +1,6 @@
 import { createHmac, timingSafeEqual } from 'node:crypto'
 import { createError, deleteCookie, getCookie, setCookie } from 'h3'
+import { getRuntimeEnvValue } from './runtime-env'
 
 const memberSessionCookieName = 'sori_member_session'
 const sessionMaxAge = 60 * 60 * 24 * 14
@@ -9,8 +10,7 @@ const sessionMaxAge = 60 * 60 * 24 * 14
  * @returns {string} 세션 서명 비밀값
  */
 const getSessionSecret = () => {
-  const config = useRuntimeConfig()
-  const sessionSecret = String(config.memberSessionSecret || '').trim()
+  const sessionSecret = getRuntimeEnvValue('MEMBER_SESSION_SECRET', 'memberSessionSecret').trim()
 
   if (!sessionSecret) {
     throw createError({

server/utils/resend-mail.js

@@ -1,4 +1,5 @@
 import { createError } from 'h3'
+import { getRuntimeEnvValue } from './runtime-env'
 
 /**
  * Resend가 서버 설정으로 사용 가능한지
@@ -6,8 +7,8 @@ import { createError } from 'h3'
  * @returns {boolean}
  */
 export const isResendConfigured = (config) => {
-  const key = String(config?.resendApiKey || '').trim()
-  const from = String(config?.resendFromEmail || '').trim()
+  const key = getRuntimeEnvValue('RESEND_API_KEY', 'resendApiKey', String(config?.resendApiKey || '')).trim()
+  const from = getRuntimeEnvValue('RESEND_FROM_EMAIL', 'resendFromEmail', String(config?.resendFromEmail || '')).trim()
   return Boolean(key && from)
 }
 

server/utils/runtime-env.js

@@ -0,0 +1,36 @@
+/**
+ * 서버 런타임 환경 변수 값을 조회한다.
+ * @param {string} envName - process.env 변수명
+ * @param {string} configName - Nuxt runtimeConfig 키
+ * @param {string} fallback - 기본값
+ * @returns {string} 환경 변수 값
+ */
+export const getRuntimeEnvValue = (envName, configName, fallback = '') => {
+  const directValue = process.env[envName]
+  if (typeof directValue === 'string' && directValue.length > 0) {
+    return directValue
+  }
+
+  const config = useRuntimeConfig()
+  const configValue = config?.[configName]
+
+  return typeof configValue === 'string' && configValue.length > 0
+    ? configValue
+    : fallback
+}
+
+/**
+ * 숫자형 서버 런타임 환경 변수 값을 조회한다.
+ * @param {string} envName - process.env 변수명
+ * @param {string} configName - Nuxt runtimeConfig 키
+ * @param {number} fallback - 기본값
+ * @returns {number} 환경 변수 숫자 값
+ */
+export const getRuntimeEnvNumber = (envName, configName, fallback) => {
+  const value = getRuntimeEnvValue(envName, configName, '')
+  const parsed = Number(value)
+
+  return Number.isFinite(parsed) && parsed > 0
+    ? parsed
+    : fallback
+}