feat: 아이템 메타 데이터 조회 API에 item_top_category 파라미터 추가

src/main/java/until/the/eternity/auctionhistory/domain/repository/AuctionHistoryRepositoryPort.java

@@ -12,21 +12,13 @@
 /** 경매장 거래 내역 POJO Repository - Mock 또는 Stub 으로 대체해 단위 테스트 용이성 확보 */
 public interface AuctionHistoryRepositoryPort {
 
-    List<AuctionHistory> findAllByAuctionBuyIds(List<String> auctionBuyIds);
-
     Page<AuctionHistory> search(AuctionHistorySearchRequest condition, Pageable pageable);
 
-    Optional<AuctionHistory> findByIdWithOptions(String id);
-
-    boolean existsByAuctionBuyIds(List<String> ids);
-
-    List<String> findExistingIds(List<String> ids);
-
-    boolean existsByAuctionBuyIdIn(List<String> ids);
-
     Optional<AuctionHistory> findById(String id);
 
     void saveAll(List<AuctionHistory> newEntities);
 
     Optional<Instant> findLatestDateAuctionBuyBySubCategory(ItemCategory itemCategory);
+
+    List<Object[]> findDistinctItemInfo();
 }

src/main/java/until/the/eternity/auctionhistory/infrastructure/persistence/AuctionHistoryJpaRepository.java

@@ -36,4 +36,11 @@ select MAX(a.dateAuctionBuy)
 
     @EntityGraph(attributePaths = "itemOptions")
     Optional<AuctionHistory> findWithItemOptionsByAuctionBuyId(String id);
+
+    @Query(
+            """
+           select distinct a.itemName, a.itemTopCategory, a.itemSubCategory
+             from AuctionHistory a
+           """)
+    List<Object[]> findDistinctItemInfo();
 }

src/main/java/until/the/eternity/auctionhistory/infrastructure/persistence/AuctionHistoryRepositoryPortImpl.java

@@ -27,36 +27,11 @@ public class AuctionHistoryRepositoryPortImpl implements AuctionHistoryRepositor
     @Value("${spring.jpa.properties.hibernate.jdbc.batch_size:500}")
     private int batchSize;
 
-    @Override
-    public List<AuctionHistory> findAllByAuctionBuyIds(List<String> auctionBuyIds) {
-        return jpaRepository.findAllByAuctionBuyIdIn(auctionBuyIds);
-    }
-
     @Override
     public Page<AuctionHistory> search(AuctionHistorySearchRequest condition, Pageable pageable) {
         return queryDslRepository.search(condition, pageable);
     }
 
-    @Override
-    public Optional<AuctionHistory> findByIdWithOptions(String id) {
-        return jpaRepository.findWithItemOptionsByAuctionBuyId(id);
-    }
-
-    @Override
-    public boolean existsByAuctionBuyIds(List<String> ids) {
-        return jpaRepository.existsByAuctionBuyIdIn(ids);
-    }
-
-    @Override
-    public List<String> findExistingIds(List<String> ids) {
-        return jpaRepository.findExistingIds(ids);
-    }
-
-    @Override
-    public boolean existsByAuctionBuyIdIn(List<String> ids) {
-        return jpaRepository.existsByAuctionBuyIdIn(ids);
-    }
-
     @Override
     public Optional<AuctionHistory> findById(String id) {
         return jpaRepository.findById(id);
@@ -83,4 +58,9 @@ public Optional<Instant> findLatestDateAuctionBuyBySubCategory(ItemCategory item
         return jpaRepository.findLatestDateAuctionBuyBySubCategory(
                 itemCategory.getTopCategory(), itemCategory.getSubCategory());
     }
+
+    @Override
+    public List<Object[]> findDistinctItemInfo() {
+        return jpaRepository.findDistinctItemInfo();
+    }
 }

src/main/java/until/the/eternity/common/entity/CustomWebAuthenticationDetails.java

@@ -0,0 +1,27 @@
+package until.the.eternity.common.entity;
+
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.Getter;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+
+@Getter
+public class CustomWebAuthenticationDetails extends WebAuthenticationDetails {
+
+    private final String realRemoteAddress;
+
+    public CustomWebAuthenticationDetails(HttpServletRequest request, String realIp) {
+        super(request);
+        this.realRemoteAddress = realIp;
+    }
+
+    @Override
+    public String toString() {
+        return "CustomWebAuthenticationDetails [RemoteIpAddress(Custom)="
+                + realRemoteAddress
+                + ", SessionId="
+                + getSessionId()
+                + ", OriginalRemoteAddress(WebDetails)="
+                + super.getRemoteAddress()
+                + "]";
+    }
+}

src/main/java/until/the/eternity/common/filter/GatewayAuthFilter.java

@@ -0,0 +1,110 @@
+package until.the.eternity.common.filter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import lombok.NonNull;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+import until.the.eternity.common.entity.CustomWebAuthenticationDetails;
+import until.the.eternity.common.util.IpAddressUtil;
+
+/**
+ * Gateway에서 전달한 인증 헤더(X-Auth-*)를 기반으로 Spring Security의 Authentication을 생성하는 필터
+ *
+ * <p>Gateway에서 전달하는 헤더: - X-Auth-User-Id: 사용자 ID (Long) - X-Auth-Username: 사용자 이메일/username
+ * (String) - X-Auth-Roles: 사용자 역할 (예: ROLE_USER, ROLE_ADMIN)
+ */
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class GatewayAuthFilter extends OncePerRequestFilter {
+
+    private final IpAddressUtil ipAddressUtil;
+
+    @Override
+    protected void doFilterInternal(
+            @NonNull HttpServletRequest request,
+            @NonNull HttpServletResponse response,
+            @NonNull FilterChain filterChain)
+            throws ServletException, IOException {
+
+        // Gateway에서 전달한 인증 헤더 읽기
+        String userIdHeader = request.getHeader("X-Auth-User-Id");
+        String usernameHeader = request.getHeader("X-Auth-Username");
+        String rolesHeader = request.getHeader("X-Auth-Roles");
+
+        UsernamePasswordAuthenticationToken authentication =
+                getAuthentication(userIdHeader, usernameHeader, rolesHeader);
+
+        String clientIp = ipAddressUtil.getClientIp(request);
+
+        CustomWebAuthenticationDetails webAuthenticationDetails =
+                new CustomWebAuthenticationDetails(request, clientIp);
+
+        authentication.setDetails(webAuthenticationDetails);
+
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+
+        log.debug("Authentication set for user: {} with roles: {}", usernameHeader, rolesHeader);
+
+        filterChain.doFilter(request, response);
+    }
+
+    /**
+     * Gateway에서 전달한 헤더 정보를 기반으로 Authentication 생성
+     *
+     * @param userIdHeader 사용자 ID (Gateway에서 검증됨)
+     * @param usernameHeader 사용자 이메일/username (Gateway에서 검증됨)
+     * @param rolesHeader 사용자 역할 (Gateway에서 검증됨)
+     * @return UsernamePasswordAuthenticationToken
+     */
+    private UsernamePasswordAuthenticationToken getAuthentication(
+            String userIdHeader, String usernameHeader, String rolesHeader) {
+
+        // User ID 파싱
+        Long userId = null;
+        try {
+            if (userIdHeader != null) {
+                userId = Long.parseLong(userIdHeader);
+            }
+        } catch (NumberFormatException e) {
+            log.warn("Invalid user ID header: {}", userIdHeader);
+        }
+
+        // Roles가 없으면 익명 사용자로 처리
+        if (rolesHeader == null || rolesHeader.isEmpty()) {
+            log.debug("No roles found, creating anonymous authentication");
+            return new UsernamePasswordAuthenticationToken(userId, null);
+        }
+
+        // Roles 파싱 (ROLE_USER, ROLE_ADMIN 등)
+        List<GrantedAuthority> authorities = new ArrayList<>();
+
+        // Gateway에서 넘어온 role이 이미 "ROLE_" prefix를 가지고 있으므로 그대로 사용
+        // 단, "ROLE_" prefix가 없으면 추가
+        String role = rolesHeader.trim();
+        if (!role.startsWith("ROLE_")) {
+            role = "ROLE_" + role;
+        }
+        authorities.add(new SimpleGrantedAuthority(role));
+
+        log.debug(
+                "Created authentication for userId: {}, username: {}, role: {}",
+                userId,
+                usernameHeader,
+                role);
+
+        return new UsernamePasswordAuthenticationToken(userId, null, authorities);
+    }
+}

src/main/java/until/the/eternity/common/request/PageRequestDto.java

@@ -18,7 +18,6 @@ public record PageRequestDto(
                         example = "dateAuctionBuy")
                 SortField sortBy,
         @Schema(description = "정렬 방향 (ASC, DESC)", example = "DESC") SortDirection direction) {
-
     private static final int DEFAULT_PAGE = 1;
     private static final int DEFAULT_SIZE = 20;
     private static final SortField DEFAULT_SORT_BY = SortField.DATE_AUCTION_BUY;

src/main/java/until/the/eternity/common/util/IpAddressUtil.java

@@ -0,0 +1,41 @@
+package until.the.eternity.common.util;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+
+@Component
+public class IpAddressUtil {
+
+    public String getClientIp(HttpServletRequest request) {
+
+        String ip = request.getHeader("X-Forwarded-For");
+
+        if (!isIpFound(ip)) {
+            ip = request.getHeader("Proxy-Client-IP");
+        }
+        if (!isIpFound(ip)) {
+            ip = request.getHeader("WL-Proxy-Client-IP");
+        }
+        if (!isIpFound(ip)) {
+            ip = request.getHeader("HTTP_CLIENT_IP");
+        }
+        if (!isIpFound(ip)) {
+            ip = request.getHeader("HTTP_X_FORWARDED_FOR");
+        }
+
+        if (!isIpFound(ip)) {
+            ip = request.getRemoteAddr();
+        }
+
+        if (StringUtils.hasText(ip) && ip.contains(",")) {
+            return ip.split(",")[0].trim();
+        }
+
+        return ip;
+    }
+
+    private boolean isIpFound(String ip) {
+        return StringUtils.hasText(ip) && !"unknown".equalsIgnoreCase(ip);
+    }
+}

src/main/java/until/the/eternity/config/SecurityConfig.java

@@ -1,21 +1,52 @@
 package until.the.eternity.config;
 
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import until.the.eternity.common.filter.GatewayAuthFilter;
 
 @Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
 public class SecurityConfig {
 
+    private final GatewayAuthFilter gatewayAuthFilter;
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http.authorizeHttpRequests(
-                        authorize -> authorize.anyRequest().permitAll() // 모든 요청 허용
-                        )
-                .csrf(csrf -> csrf.disable()) // CSRF 비활성화
-                .formLogin(form -> form.disable()) // 기본 로그인 폼 비활성화
-                .httpBasic(basic -> basic.disable()); // HTTP Basic 인증 비활성화
+        http.csrf(AbstractHttpConfigurer::disable)
+                .httpBasic(AbstractHttpConfigurer::disable)
+                .formLogin(AbstractHttpConfigurer::disable)
+                .logout(AbstractHttpConfigurer::disable)
+                .sessionManagement(
+                        session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests(
+                        authorize ->
+                                authorize
+                                        // Actuator 및 헬스체크 엔드포인트는 공개
+                                        .requestMatchers("/actuator/**", "/health")
+                                        .permitAll()
+                                        // Swagger 문서는 공개
+                                        .requestMatchers(
+                                                "/swagger-ui/**", "/v3/api-docs/**", "/docs/**")
+                                        .permitAll()
+                                        // API 엔드포인트는 공개
+                                        // TODO: API endpoint 정리 후 matcher 수정
+                                        // TODO: 권한 관련 기능 개발 완료 후 hasRole 추가
+                                        .requestMatchers("/api/**", "/auction-history/**")
+                                        .permitAll()
+                                        // 나머지 요청은 인증 필요
+                                        .anyRequest()
+                                        .authenticated())
+                .addFilterBefore(gatewayAuthFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();
     }