Docker 런타임 환경 변수 우선 적용

2026-05-14 13:48:23 +09:00
parent 4862b52b3a
commit 1b035de16c
17 changed files with 84 additions and 24 deletions
--- a/server/api/auth/bootstrap-status.get.js
+++ b/server/api/auth/bootstrap-status.get.js
@@ -1,5 +1,6 @@
 import { getMemberBootstrapState } from '../../repositories/member-repository'
 import { isResendConfigured } from '../../utils/resend-mail'
+import { getRuntimeEnvValue } from '../../utils/runtime-env'

 /**
 * 최초 관리자 등록 필요 여부·이메일 OTP(Resend) 사용 가능 여부를 조회한다.
@@ -8,7 +9,7 @@ import { isResendConfigured } from '../../utils/resend-mail'
 export default defineEventHandler(async () => {
  const base = await getMemberBootstrapState()
  const config = useRuntimeConfig()
-  const hasPepper = Boolean(String(config.emailOtpPepper || config.memberSessionSecret || '').trim())
+  const hasPepper = Boolean(getRuntimeEnvValue('EMAIL_OTP_PEPPER', 'emailOtpPepper', getRuntimeEnvValue('MEMBER_SESSION_SECRET', 'memberSessionSecret')).trim())
  const emailOtpConfigured = isResendConfigured(config) && hasPepper
  return {
    ...base,
--- a/server/api/auth/email-otp/request.post.js
+++ b/server/api/auth/email-otp/request.post.js
@@ -13,6 +13,7 @@ import {
 } from '../../../repositories/email-otp-repository'
 import { generateSixDigitOtp, hashOtpCode, normalizeOtpEmail } from '../../../utils/email-otp'
 import { isResendConfigured, sendResendEmail } from '../../../utils/resend-mail'
+import { getRuntimeEnvValue } from '../../../utils/runtime-env'

 const bodySchema = z.object({
  email: z.string().trim().email(),
@@ -28,7 +29,7 @@ const MAX_SENDS_PER_HOUR = 5
 * @returns {string}
 */
 const resolveOtpPepper = (config) => {
-  const pepper = String(config.emailOtpPepper || config.memberSessionSecret || '').trim()
+  const pepper = getRuntimeEnvValue('EMAIL_OTP_PEPPER', 'emailOtpPepper', getRuntimeEnvValue('MEMBER_SESSION_SECRET', 'memberSessionSecret')).trim()
  if (!pepper) {
    throw createError({
      statusCode: 500,
@@ -150,8 +151,8 @@ export default defineEventHandler(async (event) => {

  try {
    await sendResendEmail({
-      apiKey: String(config.resendApiKey).trim(),
-      from: String(config.resendFromEmail).trim(),
+      apiKey: getRuntimeEnvValue('RESEND_API_KEY', 'resendApiKey').trim(),
+      from: getRuntimeEnvValue('RESEND_FROM_EMAIL', 'resendFromEmail').trim(),
      to: email,
      subject,
      html
--- a/server/api/auth/password-reset/confirm.post.js
+++ b/server/api/auth/password-reset/confirm.post.js
@@ -3,6 +3,7 @@ import { z } from 'zod'
 import { createError, readBody } from 'h3'
 import { updateMemberPasswordByEmail } from '../../../repositories/member-repository'
 import { verifyAndConsumeEmailOtp } from '../../../repositories/email-otp-repository'
+import { getRuntimeEnvValue } from '../../../utils/runtime-env'

 const bodySchema = z.object({
  email: z.string().trim().email(),
@@ -24,8 +25,7 @@ export default defineEventHandler(async (event) => {
    })
  }

-  const config = useRuntimeConfig()
-  const pepper = String(config.emailOtpPepper || config.memberSessionSecret || '').trim()
+  const pepper = getRuntimeEnvValue('EMAIL_OTP_PEPPER', 'emailOtpPepper', getRuntimeEnvValue('MEMBER_SESSION_SECRET', 'memberSessionSecret')).trim()
  if (!pepper) {
    throw createError({
      statusCode: 500,
--- a/server/api/auth/signup.post.js
+++ b/server/api/auth/signup.post.js
@@ -6,6 +6,7 @@ import { verifyAndConsumeEmailOtp } from '../../repositories/email-otp-repositor
 import { setMemberSession } from '../../utils/member-auth'
 import { setAdminSession } from '../../utils/admin-auth'
 import { isResendConfigured } from '../../utils/resend-mail'
+import { getRuntimeEnvValue } from '../../utils/runtime-env'

 const signupSchema = z.object({
  username: z.string().trim().min(1),
@@ -24,7 +25,7 @@ const isSignupOtpRequired = (config, bootstrap) => {
  if (bootstrap.needsAdminSetup) {
    return false
  }
-  const hasPepper = Boolean(String(config.emailOtpPepper || config.memberSessionSecret || '').trim())
+  const hasPepper = Boolean(getRuntimeEnvValue('EMAIL_OTP_PEPPER', 'emailOtpPepper', getRuntimeEnvValue('MEMBER_SESSION_SECRET', 'memberSessionSecret')).trim())
  return isResendConfigured(config) && hasPepper
 }

@@ -77,7 +78,7 @@ export default defineEventHandler(async (event) => {
        message: '이메일 인증번호를 입력해 주세요.'
      })
    }
-    const pepper = String(config.emailOtpPepper || config.memberSessionSecret || '').trim()
+    const pepper = getRuntimeEnvValue('EMAIL_OTP_PEPPER', 'emailOtpPepper', getRuntimeEnvValue('MEMBER_SESSION_SECRET', 'memberSessionSecret')).trim()
    const verify = await verifyAndConsumeEmailOtp({
      email: emailNorm,
      purpose: 'signup',