fix(auth): 로그인 IP를 X-Forwarded-For 헤더에서 추출

Nginx 리버스 프록시 환경에서 getRemoteAddr()가 127.0.0.1 반환하는 문제 수정. X-Forwarded-For → X-Real-IP → getRemoteAddr() 순서로 폴백. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 23:50:41 +09:00 · 2026-02-16 23:50:41 +09:00 · 4092f5e8b4
--- a/src/main/java/com/gcsc/guide/auth/AuthController.java
+++ b/src/main/java/com/gcsc/guide/auth/AuthController.java
@ -24,7 +24,6 @@ import lombok.extern.slf4j.Slf4j;

 import java.util.HashSet;
 import java.util.List;
-import java.util.Set;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
@ -85,7 +84,7 @@ public class AuthController {

        activityService.recordLogin(
            userWithRoles.getId(),
-            httpRequest.getRemoteAddr(),
+            resolveClientIp(httpRequest),
            httpRequest.getHeader("User-Agent"));

        String token = jwtTokenProvider.generateToken(
@ -143,4 +142,16 @@ public class AuthController {
        newUser.updateLastLogin();
        return userRepository.save(newUser);
    }
+
+    private String resolveClientIp(HttpServletRequest request) {
+        String xff = request.getHeader("X-Forwarded-For");
+        if (xff != null && !xff.isBlank()) {
+            return xff.split(",")[0].trim();
+        }
+        String realIp = request.getHeader("X-Real-IP");
+        if (realIp != null && !realIp.isBlank()) {
+            return realIp.trim();
+        }
+        return request.getRemoteAddr();
+    }
 }