fix: 전반적인 코드 개선 1차

Author: MU-Software

app/admin_api/serializers/shop/orders.py

@@ -1,4 +1,3 @@
-from contextlib import suppress
 from typing import Any
 from urllib.parse import urljoin
 
@@ -9,7 +8,6 @@
 from core.serializer.read_only_serializer import ReadOnlyModelSerializer
 from core.serializer.skip_none_list_serializer import SkipNoneListSerializer
 from django.conf import settings
-from django.urls import NoReverseMatch
 from notification.channels import NotificationChannel
 from notification.models.base import Recipient
 from rest_framework import serializers
@@ -140,9 +138,7 @@ def to_representation(self, order: Order) -> Recipient | None:
             )
             for o_rel in order_product_rel.options.all()
         }
-        with suppress(NoReverseMatch):
-            # Order scancode viewset 미등록 (TODO.md). 미설정 시 missing_variables 로 보고.
-            ctx["scancode_url"] = urljoin(settings.BACKEND_DOMAIN, order.scancode_path)
+        ctx["scancode_url"] = urljoin(settings.BACKEND_DOMAIN, order.scancode_path)
 
         return {"recipient": recipient, "context": ctx | self.context["context_override"]}
 

app/admin_api/views/shop/orders.py

@@ -9,9 +9,7 @@
 from admin_api.serializers.shop.orders import OrderAdminSerializer, OrderExportRequestSerializer
 from core.authz import IsSuperUser
 from core.const.tag import OpenAPITag
-from core.util.totp import TOTPInfo
 from core.viewset.json_schema_viewset import JsonSchemaViewSet
-from django.conf import settings
 from django.core.files import File
 from django.db import models, transaction
 from django.http.response import StreamingHttpResponse
@@ -70,20 +68,16 @@ class OrderAdminViewSet(JsonSchemaViewSet, viewsets.ReadOnlyModelViewSet):
     @extend_schema(
         summary="주문 전체 환불 (환불 승인자 TOTP 필수)",
         tags=[OpenAPITag.ADMIN_SHOP_ORDER_REFUND],
-        parameters=[OpenApiParameter(name="otp", location=OpenApiParameter.QUERY, required=True)],
+        parameters=[OpenApiParameter(name="totp", location=OpenApiParameter.QUERY, required=True)],
         responses={status.HTTP_204_NO_CONTENT: None},
     )
     @action(detail=True, methods=["post"], url_path="refund")
     @transaction.atomic
     def refund(self, request: request.Request, pk: typing.Any = None) -> response.Response:
-        if not (otp := request.query_params.get("otp")):
-            raise exceptions.NotAuthenticated("환불 승인자의 OTP 코드가 필요합니다.")
-        if not TOTPInfo(key=settings.SHOP.refund_authorizer_secret_key.encode()).check(otp):
-            raise exceptions.PermissionDenied("OTP 코드가 올바르지 않습니다.")
-
         serializer = OrderTotalRefundSerializer(
             instance=self.get_object(),
-            data={"check_refundable_date": False},
+            data={"totp": request.query_params.get("totp")},
+            context={"check_refundable_date": False},
         )
         serializer.is_valid(raise_exception=True)
         serializer.refund()

app/core/authn/api_key.py

@@ -3,6 +3,7 @@
 from typing import TYPE_CHECKING
 
 from django.conf import settings
+from django.contrib.auth.hashers import make_password
 from drf_spectacular.extensions import OpenApiAuthenticationExtension
 from drf_spectacular.openapi import AutoSchema
 from rest_framework.authentication import BaseAuthentication
@@ -20,18 +21,10 @@ def _get_or_create_api_key_user(api_key: str) -> "UserExt":
         username = f"API_KEY_USER_{api_key.upper()}"
         email = f"api_key_user_{api_key.lower()}@pycon.kr"
 
-        if api_key_user := UserExt.objects.filter(username=username).first():
-            return api_key_user
-
-        api_key_user = UserExt.objects.create_user(
+        return UserExt.objects.get_or_create(
             username=username,
-            email=email,
-            password=None,
-        )
-        api_key_user.set_unusable_password()
-        api_key_user.save()
-
-        return api_key_user
+            defaults={"email": email, "password": make_password(None)},
+        )[0]
 
     def authenticate(self, request: Request) -> tuple["UserExt", None] | None:
         api_key = request.headers.get("x-api-key", "")

app/core/const/shop_error_messages.py

@@ -9,6 +9,7 @@ class SignInErrorMessages:
 class PermissionErrorMessages:
     INVALID_API_KEY = "API Key가 올바르지 않습니다."
     INVALID_OTP_CODE = "OTP 코드가 올바르지 않습니다."
+    OTP_REQUIRED = "환불 승인자의 OTP 코드가 필요합니다."
 
 
 class DonationNotOrderableErrorMessages:
@@ -96,3 +97,4 @@ class PortOneWebhookFailureMessages:
     UNEXPECTED_RETRIEVED_ORDER_STATUS = "예상한 결제 상태가 아닙니다."
     UNEXPECTED_RETRIEVED_ORDER_ID = "결제 ID가 일치하지 않습니다."
     UNEXPECTED_PAID_PRICE = "결제 금액이 일치하지 않습니다."
+    UNSUPPORTED_CURRENCY = "지원하지 않는 통화입니다."

app/core/util/dateutil.py

@@ -2,6 +2,11 @@
 from typing import Any
 
 
+def now_aware() -> datetime:
+    """현재 시각을 로컬 타임존이 반영된 timezone-aware datetime 으로 반환."""
+    return datetime.now().astimezone()
+
+
 def any_to_datetime(value: Any, tzinfo: timezone | None = None, raise_exception: bool = True) -> datetime | None:
     """Convert a string or datetime to a datetime object."""
     if not value:

app/internal_api/views.py

@@ -2,7 +2,6 @@
 
 from core.authn.api_key import APIKeyAuthentication
 from core.authz.api_key import RegistrationDeskAPIKeyPermission
-from core.const.shop_error_messages import PermissionErrorMessages
 from core.const.tag import OpenAPITag
 from django.db import models, transaction
 from django.utils.decorators import method_decorator
@@ -14,7 +13,7 @@
 )
 from internal_api.filters import DeskSupportFilterSet
 from internal_api.serializers import DeskSupportSerializer
-from rest_framework import exceptions, mixins, request, response, status, viewsets
+from rest_framework import mixins, request, response, status, viewsets
 from shop.order.models import Order, OrderProductOptionRelation, OrderProductRelation
 from shop.payment_history.models import PaymentHistory
 from shop.serializers.refund import OrderTotalRefundSerializer
@@ -111,12 +110,10 @@ def destroy(
         Order의 사용 및 환불하지 않은 상품을 refunded 상태로 변경하고, 결제 취소를 요청합니다.
         일반 전체 환불 API와의 차이점은, 환불 시간에 대한 제약이 없고, 환불 승인자의 OTP 코드가 필요하다는 점입니다.
         """
-        if not (otp := request.GET.get("otp")):
-            raise exceptions.NotAuthenticated(PermissionErrorMessages.INVALID_OTP_CODE)
-
         serializer = OrderTotalRefundSerializer(
             instance=self.get_object(),
-            data={"totp": otp, "check_refundable_date": False},
+            data={"totp": request.GET.get("otp")},
+            context={"check_refundable_date": False},
         )
         serializer.is_valid(raise_exception=True)
         serializer.refund()

app/shop/order/models.py

@@ -7,6 +7,7 @@
 from core.const.shop_error_messages import NotRefundableErrorMessages
 from core.models import BaseAbstractModel, BaseAbstractModelQuerySet
 from core.scancode_mixin import ScanCodeMixin
+from core.util.dateutil import now_aware
 from django.contrib.auth import get_user_model
 from django.db import models
 from django.db.models.manager import BaseManager
@@ -183,7 +184,7 @@ def not_fully_refundable_reason(self) -> str | None:
         if self.current_paid_price != expected_refund_price:
             return NotRefundableErrorMessages.ORDER_REFUND_TARGET_PRICE_IS_MISMATCH
 
-        now = datetime.datetime.now().astimezone()
+        now = now_aware()
         if any(typing.cast(Product, rel.product).refundable_ends_at < now for rel in refund_target_product_relations):
             return NotRefundableErrorMessages.ONE_OF_PRODUCT_REFUND_TIME_EXPIRED
 
@@ -238,7 +239,7 @@ def not_refundable_reason(self) -> str | None:
         if self.status != OrderProductRelation.OrderProductStatus.paid:
             return NotRefundableErrorMessages.PRODUCT_STATUS_IS_NOT_PAID
 
-        if typing.cast(Product, self.product).refundable_ends_at < datetime.datetime.now().astimezone():
+        if typing.cast(Product, self.product).refundable_ends_at < now_aware():
             return NotRefundableErrorMessages.PRODUCT_REFUND_TIME_EXPIRED
 
         if (self.price + self.donation_price) == 0:

app/shop/order/serializers/validator.py

@@ -1,10 +1,10 @@
 from __future__ import annotations
 
-import datetime
 import re
 import typing
 
 from core.const.shop_error_messages import OptionGroupNotModifiableErrorMessages
+from core.util.dateutil import now_aware
 from rest_framework import serializers
 from shop.order.models import OrderProductOptionRelation, OrderProductRelation
 from shop.product.models import OptionGroup
@@ -36,7 +36,7 @@ def validate(self, data: dict[str, str]) -> dict[str, str]:
         if not product_option_group.response_modifiable_ends_at:
             raise serializers.ValidationError(OptionGroupNotModifiableErrorMessages.RESPONSE_NOT_MODIFIABLE)
 
-        if product_option_group.response_modifiable_ends_at < datetime.datetime.now().astimezone():
+        if product_option_group.response_modifiable_ends_at < now_aware():
             raise serializers.ValidationError(OptionGroupNotModifiableErrorMessages.RESPONSE_MODIFIABLE_ENDS_AT)
 
         if product_option_group.custom_response_pattern and not re.match(

app/shop/order/views/carts.py

@@ -2,9 +2,8 @@
 
 from core.const.tag import OpenAPITag
 from django.db.models import Exists, OuterRef, QuerySet
-from django.utils.decorators import method_decorator
 from drf_spectacular.openapi import OpenApiParameter, OpenApiTypes
-from drf_spectacular.utils import extend_schema
+from drf_spectacular.utils import extend_schema, extend_schema_view
 from drf_standardized_errors.openapi_serializers import ErrorResponse403Serializer, ValidationErrorResponseSerializer
 from rest_framework import mixins, request, response, status, viewsets
 from shop.order.models import Order, OrderProductRelation
@@ -14,9 +13,8 @@
 from user.models import UserExt
 
 
-@method_decorator(
-    name="list",
-    decorator=extend_schema(
+@extend_schema_view(
+    list=extend_schema(
         summary="장바구니 정보 조회",
         tags=[OpenAPITag.SHOP_CART],
         responses={
@@ -43,9 +41,8 @@ def list(
         return response.Response(data={})
 
 
-@method_decorator(
-    name="create",
-    decorator=extend_schema(
+@extend_schema_view(
+    create=extend_schema(
         summary="장바구니에 상품 추가",
         tags=[OpenAPITag.SHOP_CART],
         responses={
@@ -54,10 +51,7 @@ def list(
             status.HTTP_403_FORBIDDEN: ErrorResponse403Serializer,
         },
     ),
-)
-@method_decorator(
-    name="destroy",
-    decorator=extend_schema(
+    destroy=extend_schema(
         summary="장바구니에서 상품 제거",
         tags=[OpenAPITag.SHOP_CART],
         parameters=[

app/shop/order/views/orders.py

@@ -7,9 +7,8 @@
 from core.openapi.schemas import build_html_responses
 from django.conf import settings
 from django.db import models, transaction
-from django.utils.decorators import method_decorator
 from drf_spectacular.openapi import OpenApiParameter, OpenApiTypes
-from drf_spectacular.utils import extend_schema
+from drf_spectacular.utils import extend_schema, extend_schema_view
 from drf_standardized_errors.openapi_serializers import ErrorResponse403Serializer, ValidationErrorResponseSerializer
 from rest_framework import mixins, renderers, request, response, serializers, status, viewsets
 from rest_framework.decorators import action
@@ -28,20 +27,16 @@
 from user.models import UserExt
 
 
-@method_decorator(
-    name="list",
-    decorator=extend_schema(
+@extend_schema_view(
+    list=extend_schema(
         summary="주문 이력 목록 조회",
         tags=[OpenAPITag.SHOP_ORDER],
         responses={
             status.HTTP_200_OK: OrderDto(many=True),
             status.HTTP_403_FORBIDDEN: ErrorResponse403Serializer,
         },
     ),
-)
-@method_decorator(
-    name="retrieve",
-    decorator=extend_schema(
+    retrieve=extend_schema(
         summary="주문 이력 상세 조회",
         tags=[OpenAPITag.SHOP_ORDER],
         parameters=[
@@ -145,6 +140,7 @@ def create_single_product_order(
             status.HTTP_403_FORBIDDEN: ErrorResponse403Serializer,
         },
     )
+    @transaction.atomic
     def create(
         self, request: request.Request, *args: tuple[typing.Any], **kwargs: dict[str, typing.Any]
     ) -> response.Response:
@@ -191,7 +187,12 @@ def create(
             cart.name_en += f" and {len(cart_product_rels) - 1} more"
         cart.save()
 
-        portone_client.register_or_update_prepared_payment(merchant_id=str(cart.id), price=cart.first_paid_price)
+        # idempotent + forward-only — DB commit 후 비동기 호출. 실패 시 클라이언트 retry 가 자연 보상.
+        transaction.on_commit(
+            lambda: portone_client.register_or_update_prepared_payment(
+                merchant_id=str(cart.id), price=cart.first_paid_price
+            )
+        )
 
         return response.Response(data=OrderDto(instance=cart).data, status=status.HTTP_201_CREATED)
 
@@ -217,7 +218,7 @@ def destroy(
         self, request: request.Request, *args: tuple[typing.Any], **kwargs: dict[str, typing.Any]
     ) -> response.Response:
         """Order의 사용 및 환불하지 않은 상품을 refunded 상태로 변경하고, 결제 취소를 요청합니다."""
-        serializer = OrderTotalRefundSerializer(instance=self.get_object(), data={"check_refundable_date": True})
+        serializer = OrderTotalRefundSerializer(instance=self.get_object(), data={}, context={"check_totp": False})
         serializer.is_valid(raise_exception=True)
         serializer.refund()
         return response.Response(status=status.HTTP_204_NO_CONTENT)
@@ -338,7 +339,7 @@ def destroy(
         self, request: request.Request, *args: tuple[typing.Any], **kwargs: dict[str, typing.Any]
     ) -> response.Response:
         """부분 환불을 진행합니다."""
-        serializer = OrderProductRefundSerializer(instance=self.get_object(), data={"check_refundable_date": True})
+        serializer = OrderProductRefundSerializer(instance=self.get_object(), data={}, context={"check_totp": False})
         serializer.is_valid(raise_exception=True)
         serializer.refund()
         return response.Response(status=status.HTTP_204_NO_CONTENT)