Skip to content

Comments

[FEAT] public 버킷 설정 및 usage에 따라 분기#366

Merged
1000hyehyang merged 3 commits intodevfrom
feat/364-attachment
Feb 10, 2026
Merged

[FEAT] public 버킷 설정 및 usage에 따라 분기#366
1000hyehyang merged 3 commits intodevfrom
feat/364-attachment

Conversation

@1000hyehyang
Copy link
Member

@1000hyehyang 1000hyehyang commented Feb 10, 2026
edited
Loading

Summary

public 버킷 설정 및 usage에 따라 분기

Changes

public 버킷 설정 및 usage에 따라 분기

Type of Change

  • Bug fix (기존 기능에 영향을 주지 않는 버그 수정)
  • New feature (기존 기능에 영향을 주지 않는 새로운 기능 추가)
  • Breaking change (기존 기능에 영향을 주는 수정)
  • Refactoring (기능 변경 없는 코드 개선)
  • Documentation (문서 수정)
  • Chore (빌드, 설정 등 기타 변경)
  • Release (develop → main 배포)

Related Issues

참고 사항

@1000hyehyang 1000hyehyang self-assigned this Feb 10, 2026
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Feb 10, 2026

Summary of Changes

Hello @1000hyehyang, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

이 Pull Request는 첨부파일 관리 시스템의 S3 스토리지 전략을 개선하여, 파일의 용도에 따라 접근 권한을 분리하고 효율적인 URL 관리를 가능하게 합니다. 퍼블릭 접근이 필요한 파일은 CloudFront를 통해 제공되는 별도의 퍼블릭 S3 버킷에 저장하고, 보안이 필요한 파일은 기존 프라이빗 버킷에 저장하며 Presigned URL을 통해 접근하도록 로직을 변경했습니다. 이를 통해 시스템의 보안성과 유연성을 향상시키고, 향후 캐싱 및 TTL 정책 적용의 기반을 마련했습니다.

Highlights

  • S3 버킷 분리: 첨부파일 용도(AttachmentUsage)에 따라 S3 업로드 및 삭제 시 퍼블릭 버킷과 프라이빗 버킷을 구분하여 사용하도록 로직을 구현했습니다.
  • URL 생성 로직 개선: 첨부파일 용도에 따라 CloudFront URL (퍼블릭) 또는 Presigned URL (프라이빗)을 동적으로 생성하는 기능을 추가했습니다.
  • 설정 속성 추가: 퍼블릭 S3 버킷 이름과 CloudFront 기본 URL을 설정할 수 있는 새로운 속성을 S3Properties에 추가했습니다.
  • Presigned URL 만료 시간 단축: Presigned URL의 기본 만료 시간을 7일에서 1일(86400초)로 단축하여 보안을 강화했습니다.
Changelog
  • src/main/java/com/example/RealMatch/attachment/application/service/AttachmentCleanupScheduler.java
    • deleteFile 메서드 호출 시 AttachmentUsage 인자를 추가했습니다.
  • src/main/java/com/example/RealMatch/attachment/application/service/AttachmentServiceImpl.java
    • S3 파일 업로드 및 삭제 로직에 AttachmentUsage를 전달하도록 수정했습니다.
  • src/main/java/com/example/RealMatch/attachment/application/service/AttachmentUrlService.java
    • 첨부파일 용도에 따라 CloudFront 또는 Presigned URL을 생성하는 로직을 추가했습니다.
  • src/main/java/com/example/RealMatch/attachment/domain/enums/AttachmentUsage.java
    • 불필요한 Javadoc 주석을 제거했습니다.
  • src/main/java/com/example/RealMatch/attachment/domain/repository/AttachmentRepository.java
    • 첨부파일 정리 대상 조회 시 usage 정보를 포함하도록 쿼리와 인터페이스를 업데이트했습니다.
  • src/main/java/com/example/RealMatch/attachment/infrastructure/storage/NoOpS3FileUploadService.java
    • S3FileUploadService 인터페이스 변경에 맞춰 메서드 시그니처를 업데이트하고 buildPublicUrl을 추가했습니다.
  • src/main/java/com/example/RealMatch/attachment/infrastructure/storage/S3FileUploadService.java
    • uploadFile 및 deleteFile 메서드에 AttachmentUsage 인자를 추가하고, buildPublicUrl 메서드를 정의했습니다.
  • src/main/java/com/example/RealMatch/attachment/infrastructure/storage/S3FileUploadServiceImpl.java
    • AttachmentUsage에 따라 S3 버킷을 결정하고 CloudFront URL을 생성하는 실제 구현 로직을 추가했습니다.
  • src/main/java/com/example/RealMatch/attachment/infrastructure/storage/S3Properties.java
    • 퍼블릭 버킷 및 CloudFront 관련 설정 속성을 추가하고, Presigned URL 만료 시간 기본값을 변경했습니다.
  • src/main/resources/application-dev.yml
    • 개발 환경 S3 설정에 퍼블릭 버킷 및 CloudFront URL 속성을 추가하고, Presigned URL 만료 시간 기본값을 변경했습니다.
  • src/main/resources/application-prod.yml
    • 운영 환경 S3 설정에 퍼블릭 버킷 및 CloudFront URL 속성을 추가하고, Presigned URL 만료 시간 기본값을 변경했습니다.
Ignored Files
  • Ignored by pattern: .github/workflows/** (1)
    • .github/workflows/pr-check.yml
Activity
  • 이 Pull Request에 대한 활동 내역은 제공되지 않았습니다.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Feb 10, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This PR introduces a feature to store attachments in different S3 buckets based on their usage (PUBLIC, CHAT) and generate appropriate access URLs (CloudFront CDN or Presigned URL). A security audit has identified two medium-severity vulnerabilities: an Open Redirect in AttachmentUrlService.java, which could allow attackers to redirect users to malicious websites, and a Path Traversal vulnerability in S3FileUploadServiceImpl.java, which could allow attackers to access unauthorized files in the S3 bucket. The path traversal comment has been enhanced with a reference to the rule regarding S3Key content verification. Additionally, consider restoring the removed Javadoc in the AttachmentUsage enum to improve code readability and maintainability. For PUBLIC usage file uploads, instead of falling back to the private bucket with just a warning log if the public bucket is not configured, it's safer to throw an exception to ensure immediate awareness and correction of the configuration error. This suggestion aligns with the rule on using standard exceptions as placeholders for undefined custom error codes. Please refer to the inline comments for detailed feedback on each file.

@1000hyehyang 1000hyehyang merged commit 1b09c45 into dev Feb 10, 2026
1 check passed
@1000hyehyang 1000hyehyang deleted the feat/364-attachment branch February 10, 2026 16:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@1000hyehyang 1000hyehyang

Labels

기능 추가

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@1000hyehyang