diff --git a/backend/.mvn/wrapper/maven-wrapper.properties b/backend/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 0000000..c595b00 --- /dev/null +++ b/backend/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1,3 @@ +wrapperVersion=3.3.4 +distributionType=only-script +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.14/apache-maven-3.9.14-bin.zip diff --git a/backend/.sdkmanrc b/backend/.sdkmanrc new file mode 100644 index 0000000..8bea3c1 --- /dev/null +++ b/backend/.sdkmanrc @@ -0,0 +1 @@ +java=21.0.9-amzn diff --git a/backend/mvnw b/backend/mvnw new file mode 100755 index 0000000..bd8896b --- /dev/null +++ b/backend/mvnw @@ -0,0 +1,295 @@ +#!/bin/sh +# ---------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# ---------------------------------------------------------------------------- + +# ---------------------------------------------------------------------------- +# Apache Maven Wrapper startup batch script, version 3.3.4 +# +# Optional ENV vars +# ----------------- +# JAVA_HOME - location of a JDK home dir, required when download maven via java source +# MVNW_REPOURL - repo url base for downloading maven distribution +# MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +# MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output +# ---------------------------------------------------------------------------- + +set -euf +[ "${MVNW_VERBOSE-}" != debug ] || set -x + +# OS specific support. +native_path() { printf %s\\n "$1"; } +case "$(uname)" in +CYGWIN* | MINGW*) + [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")" + native_path() { cygpath --path --windows "$1"; } + ;; +esac + +# set JAVACMD and JAVACCMD +set_java_home() { + # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched + if [ -n "${JAVA_HOME-}" ]; then + if [ -x "$JAVA_HOME/jre/sh/java" ]; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACCMD="$JAVA_HOME/jre/sh/javac" + else + JAVACMD="$JAVA_HOME/bin/java" + JAVACCMD="$JAVA_HOME/bin/javac" + + if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ]; then + echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2 + echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2 + return 1 + fi + fi + else + JAVACMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v java + )" || : + JAVACCMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v javac + )" || : + + if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ]; then + echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2 + return 1 + fi + fi +} + +# hash string like Java String::hashCode +hash_string() { + str="${1:-}" h=0 + while [ -n "$str" ]; do + char="${str%"${str#?}"}" + h=$(((h * 31 + $(LC_CTYPE=C printf %d "'$char")) % 4294967296)) + str="${str#?}" + done + printf %x\\n $h +} + +verbose() { :; } +[ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; } + +die() { + printf %s\\n "$1" >&2 + exit 1 +} + +trim() { + # MWRAPPER-139: + # Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds. + # Needed for removing poorly interpreted newline sequences when running in more + # exotic environments such as mingw bash on Windows. + printf "%s" "${1}" | tr -d '[:space:]' +} + +scriptDir="$(dirname "$0")" +scriptName="$(basename "$0")" + +# parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties +while IFS="=" read -r key value; do + case "${key-}" in + distributionUrl) distributionUrl=$(trim "${value-}") ;; + distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;; + esac +done <"$scriptDir/.mvn/wrapper/maven-wrapper.properties" +[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" + +case "${distributionUrl##*/}" in +maven-mvnd-*bin.*) + MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ + case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in + *AMD64:CYGWIN* | *AMD64:MINGW*) distributionPlatform=windows-amd64 ;; + :Darwin*x86_64) distributionPlatform=darwin-amd64 ;; + :Darwin*arm64) distributionPlatform=darwin-aarch64 ;; + :Linux*x86_64*) distributionPlatform=linux-amd64 ;; + *) + echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2 + distributionPlatform=linux-amd64 + ;; + esac + distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip" + ;; +maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;; +*) MVN_CMD="mvn${scriptName#mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;; +esac + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +[ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}" +distributionUrlName="${distributionUrl##*/}" +distributionUrlNameMain="${distributionUrlName%.*}" +distributionUrlNameMain="${distributionUrlNameMain%-bin}" +MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}" +MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")" + +exec_maven() { + unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || : + exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD" +} + +if [ -d "$MAVEN_HOME" ]; then + verbose "found existing MAVEN_HOME at $MAVEN_HOME" + exec_maven "$@" +fi + +case "${distributionUrl-}" in +*?-bin.zip | *?maven-mvnd-?*-?*.zip) ;; +*) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;; +esac + +# prepare tmp dir +if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then + clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; } + trap clean HUP INT TERM EXIT +else + die "cannot create temp dir" +fi + +mkdir -p -- "${MAVEN_HOME%/*}" + +# Download and Install Apache Maven +verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +verbose "Downloading from: $distributionUrl" +verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +# select .zip or .tar.gz +if ! command -v unzip >/dev/null; then + distributionUrl="${distributionUrl%.zip}.tar.gz" + distributionUrlName="${distributionUrl##*/}" +fi + +# verbose opt +__MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR='' +[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v + +# normalize http auth +case "${MVNW_PASSWORD:+has-password}" in +'') MVNW_USERNAME='' MVNW_PASSWORD='' ;; +has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;; +esac + +if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then + verbose "Found wget ... using wget" + wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" || die "wget: Failed to fetch $distributionUrl" +elif [ -z "${MVNW_USERNAME-}" ] && command -v curl >/dev/null; then + verbose "Found curl ... using curl" + curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" || die "curl: Failed to fetch $distributionUrl" +elif set_java_home; then + verbose "Falling back to use Java to download" + javaSource="$TMP_DOWNLOAD_DIR/Downloader.java" + targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName" + cat >"$javaSource" <<-END + public class Downloader extends java.net.Authenticator + { + protected java.net.PasswordAuthentication getPasswordAuthentication() + { + return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() ); + } + public static void main( String[] args ) throws Exception + { + setDefault( new Downloader() ); + java.nio.file.Files.copy( java.net.URI.create( args[0] ).toURL().openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() ); + } + } + END + # For Cygwin/MinGW, switch paths to Windows format before running javac and java + verbose " - Compiling Downloader.java ..." + "$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" || die "Failed to compile Downloader.java" + verbose " - Running Downloader.java ..." + "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")" +fi + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +if [ -n "${distributionSha256Sum-}" ]; then + distributionSha256Result=false + if [ "$MVN_CMD" = mvnd.sh ]; then + echo "Checksum validation is not supported for maven-mvnd." >&2 + echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + elif command -v sha256sum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c - >/dev/null 2>&1; then + distributionSha256Result=true + fi + elif command -v shasum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then + distributionSha256Result=true + fi + else + echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2 + echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + fi + if [ $distributionSha256Result = false ]; then + echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2 + echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2 + exit 1 + fi +fi + +# unzip and move +if command -v unzip >/dev/null; then + unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" || die "failed to unzip" +else + tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" || die "failed to untar" +fi + +# Find the actual extracted directory name (handles snapshots where filename != directory name) +actualDistributionDir="" + +# First try the expected directory name (for regular distributions) +if [ -d "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" ]; then + if [ -f "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/bin/$MVN_CMD" ]; then + actualDistributionDir="$distributionUrlNameMain" + fi +fi + +# If not found, search for any directory with the Maven executable (for snapshots) +if [ -z "$actualDistributionDir" ]; then + # enable globbing to iterate over items + set +f + for dir in "$TMP_DOWNLOAD_DIR"/*; do + if [ -d "$dir" ]; then + if [ -f "$dir/bin/$MVN_CMD" ]; then + actualDistributionDir="$(basename "$dir")" + break + fi + fi + done + set -f +fi + +if [ -z "$actualDistributionDir" ]; then + verbose "Contents of $TMP_DOWNLOAD_DIR:" + verbose "$(ls -la "$TMP_DOWNLOAD_DIR")" + die "Could not find Maven distribution directory in extracted archive" +fi + +verbose "Found extracted Maven distribution directory: $actualDistributionDir" +printf %s\\n "$distributionUrl" >"$TMP_DOWNLOAD_DIR/$actualDistributionDir/mvnw.url" +mv -- "$TMP_DOWNLOAD_DIR/$actualDistributionDir" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME" + +clean || : +exec_maven "$@" diff --git a/backend/mvnw.cmd b/backend/mvnw.cmd new file mode 100644 index 0000000..92450f9 --- /dev/null +++ b/backend/mvnw.cmd @@ -0,0 +1,189 @@ +<# : batch portion +@REM ---------------------------------------------------------------------------- +@REM Licensed to the Apache Software Foundation (ASF) under one +@REM or more contributor license agreements. See the NOTICE file +@REM distributed with this work for additional information +@REM regarding copyright ownership. The ASF licenses this file +@REM to you under the Apache License, Version 2.0 (the +@REM "License"); you may not use this file except in compliance +@REM with the License. You may obtain a copy of the License at +@REM +@REM http://www.apache.org/licenses/LICENSE-2.0 +@REM +@REM Unless required by applicable law or agreed to in writing, +@REM software distributed under the License is distributed on an +@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +@REM KIND, either express or implied. See the License for the +@REM specific language governing permissions and limitations +@REM under the License. +@REM ---------------------------------------------------------------------------- + +@REM ---------------------------------------------------------------------------- +@REM Apache Maven Wrapper startup batch script, version 3.3.4 +@REM +@REM Optional ENV vars +@REM MVNW_REPOURL - repo url base for downloading maven distribution +@REM MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +@REM MVNW_VERBOSE - true: enable verbose log; others: silence the output +@REM ---------------------------------------------------------------------------- + +@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0) +@SET __MVNW_CMD__= +@SET __MVNW_ERROR__= +@SET __MVNW_PSMODULEP_SAVE=%PSModulePath% +@SET PSModulePath= +@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @( + IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B) +) +@SET PSModulePath=%__MVNW_PSMODULEP_SAVE% +@SET __MVNW_PSMODULEP_SAVE= +@SET __MVNW_ARG0_NAME__= +@SET MVNW_USERNAME= +@SET MVNW_PASSWORD= +@IF NOT "%__MVNW_CMD__%"=="" ("%__MVNW_CMD__%" %*) +@echo Cannot start maven from wrapper >&2 && exit /b 1 +@GOTO :EOF +: end batch / begin powershell #> + +$ErrorActionPreference = "Stop" +if ($env:MVNW_VERBOSE -eq "true") { + $VerbosePreference = "Continue" +} + +# calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties +$distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl +if (!$distributionUrl) { + Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" +} + +switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) { + "maven-mvnd-*" { + $USE_MVND = $true + $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip" + $MVN_CMD = "mvnd.cmd" + break + } + default { + $USE_MVND = $false + $MVN_CMD = $script -replace '^mvnw','mvn' + break + } +} + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +if ($env:MVNW_REPOURL) { + $MVNW_REPO_PATTERN = if ($USE_MVND -eq $False) { "/org/apache/maven/" } else { "/maven/mvnd/" } + $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace "^.*$MVNW_REPO_PATTERN",'')" +} +$distributionUrlName = $distributionUrl -replace '^.*/','' +$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$','' + +$MAVEN_M2_PATH = "$HOME/.m2" +if ($env:MAVEN_USER_HOME) { + $MAVEN_M2_PATH = "$env:MAVEN_USER_HOME" +} + +if (-not (Test-Path -Path $MAVEN_M2_PATH)) { + New-Item -Path $MAVEN_M2_PATH -ItemType Directory | Out-Null +} + +$MAVEN_WRAPPER_DISTS = $null +if ((Get-Item $MAVEN_M2_PATH).Target[0] -eq $null) { + $MAVEN_WRAPPER_DISTS = "$MAVEN_M2_PATH/wrapper/dists" +} else { + $MAVEN_WRAPPER_DISTS = (Get-Item $MAVEN_M2_PATH).Target[0] + "/wrapper/dists" +} + +$MAVEN_HOME_PARENT = "$MAVEN_WRAPPER_DISTS/$distributionUrlNameMain" +$MAVEN_HOME_NAME = ([System.Security.Cryptography.SHA256]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' +$MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME" + +if (Test-Path -Path "$MAVEN_HOME" -PathType Container) { + Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME" + Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" + exit $? +} + +if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) { + Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl" +} + +# prepare tmp dir +$TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile +$TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir" +$TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null +trap { + if ($TMP_DOWNLOAD_DIR.Exists) { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } + } +} + +New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null + +# Download and Install Apache Maven +Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +Write-Verbose "Downloading from: $distributionUrl" +Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +$webclient = New-Object System.Net.WebClient +if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) { + $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD) +} +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +$webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +$distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum +if ($distributionSha256Sum) { + if ($USE_MVND) { + Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." + } + Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash + if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) { + Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property." + } +} + +# unzip and move +Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null + +# Find the actual extracted directory name (handles snapshots where filename != directory name) +$actualDistributionDir = "" + +# First try the expected directory name (for regular distributions) +$expectedPath = Join-Path "$TMP_DOWNLOAD_DIR" "$distributionUrlNameMain" +$expectedMvnPath = Join-Path "$expectedPath" "bin/$MVN_CMD" +if ((Test-Path -Path $expectedPath -PathType Container) -and (Test-Path -Path $expectedMvnPath -PathType Leaf)) { + $actualDistributionDir = $distributionUrlNameMain +} + +# If not found, search for any directory with the Maven executable (for snapshots) +if (!$actualDistributionDir) { + Get-ChildItem -Path "$TMP_DOWNLOAD_DIR" -Directory | ForEach-Object { + $testPath = Join-Path $_.FullName "bin/$MVN_CMD" + if (Test-Path -Path $testPath -PathType Leaf) { + $actualDistributionDir = $_.Name + } + } +} + +if (!$actualDistributionDir) { + Write-Error "Could not find Maven distribution directory in extracted archive" +} + +Write-Verbose "Found extracted Maven distribution directory: $actualDistributionDir" +Rename-Item -Path "$TMP_DOWNLOAD_DIR/$actualDistributionDir" -NewName $MAVEN_HOME_NAME | Out-Null +try { + Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null +} catch { + if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) { + Write-Error "fail to move MAVEN_HOME" + } +} finally { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } +} + +Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" diff --git a/backend/pom.xml b/backend/pom.xml new file mode 100644 index 0000000..e3106d9 --- /dev/null +++ b/backend/pom.xml @@ -0,0 +1,168 @@ + + + 4.0.0 + + org.springframework.boot + spring-boot-starter-parent + 3.5.7 + + + gc.mda.kcg + kcg-ai-backend + 0.0.1-SNAPSHOT + kcg-ai-backend + + + + + + + + + + + + + + + + 21 + + + + org.springframework.boot + spring-boot-starter-actuator + + + org.springframework.boot + spring-boot-starter-cache + + + org.springframework.boot + spring-boot-starter-data-jpa + + + org.springframework.boot + spring-boot-starter-security + + + org.springframework.boot + spring-boot-starter-validation + + + org.springframework.boot + spring-boot-starter-web + + + org.flywaydb + flyway-core + + + org.flywaydb + flyway-database-postgresql + + + + org.postgresql + postgresql + runtime + + + org.projectlombok + lombok + true + + + + com.github.ben-manes.caffeine + caffeine + + + + io.jsonwebtoken + jjwt-api + 0.12.6 + + + io.jsonwebtoken + jjwt-impl + 0.12.6 + runtime + + + io.jsonwebtoken + jjwt-jackson + 0.12.6 + runtime + + + org.springframework.boot + spring-boot-starter-test + test + + + org.springframework.security + spring-security-test + test + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + org.projectlombok + lombok + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + + default-compile + compile + + compile + + + + + org.springframework.boot + spring-boot-configuration-processor + + + org.projectlombok + lombok + + + + + + default-testCompile + test-compile + + testCompile + + + + + org.projectlombok + lombok + + + + + + + + + + diff --git a/backend/src/main/java/gc/mda/kcg/KcgAiApplication.java b/backend/src/main/java/gc/mda/kcg/KcgAiApplication.java new file mode 100644 index 0000000..e602960 --- /dev/null +++ b/backend/src/main/java/gc/mda/kcg/KcgAiApplication.java @@ -0,0 +1,15 @@ +package gc.mda.kcg; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.cache.annotation.EnableCaching; + +@SpringBootApplication +@EnableCaching +public class KcgAiApplication { + + public static void main(String[] args) { + SpringApplication.run(KcgAiApplication.class, args); + } + +} diff --git a/backend/src/main/java/gc/mda/kcg/config/SecurityConfig.java b/backend/src/main/java/gc/mda/kcg/config/SecurityConfig.java new file mode 100644 index 0000000..68cdb2c --- /dev/null +++ b/backend/src/main/java/gc/mda/kcg/config/SecurityConfig.java @@ -0,0 +1,26 @@ +package gc.mda.kcg.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.web.SecurityFilterChain; + +/** + * Phase 2 임시 SecurityConfig. + * Phase 3에서 JWT 필터 + 권한 체계 본격 도입 시 확장. + */ +@Configuration +public class SecurityConfig { + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http + .csrf(AbstractHttpConfigurer::disable) + .authorizeHttpRequests(auth -> auth + .requestMatchers("/actuator/**").permitAll() + .anyRequest().permitAll() // Phase 2: 모두 허용. Phase 3에서 인증 필수로 전환 + ); + return http.build(); + } +} diff --git a/backend/src/main/resources/application-local.yml b/backend/src/main/resources/application-local.yml new file mode 100644 index 0000000..4626fb0 --- /dev/null +++ b/backend/src/main/resources/application-local.yml @@ -0,0 +1,10 @@ +spring: + jpa: + properties: + hibernate: + show_sql: true + +logging: + level: + org.springframework.security: DEBUG + org.springframework.web: DEBUG diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml new file mode 100644 index 0000000..ed57eed --- /dev/null +++ b/backend/src/main/resources/application.yml @@ -0,0 +1,68 @@ +spring: + application: + name: kcg-ai-backend + + datasource: + url: jdbc:postgresql://211.208.115.83:5432/kcgaidb + username: kcg-app + password: Kcg2026ai + driver-class-name: org.postgresql.Driver + hikari: + maximum-pool-size: 10 + minimum-idle: 2 + connection-timeout: 30000 + + jpa: + hibernate: + ddl-auto: validate + properties: + hibernate: + default_schema: kcg + format_sql: true + jdbc: + time_zone: Asia/Seoul + open-in-view: false + + flyway: + enabled: true + schemas: kcg + default-schema: kcg + locations: classpath:db/migration + baseline-on-migrate: true + + cache: + type: caffeine + cache-names: permissions,users + caffeine: + spec: maximumSize=1000,expireAfterWrite=10m + +server: + port: 8080 + forward-headers-strategy: framework + +management: + endpoints: + web: + exposure: + include: health,info,flyway + endpoint: + health: + show-details: when-authorized + +logging: + level: + root: INFO + gc.mda.kcg: DEBUG + org.flywaydb: INFO + +# === 애플리케이션 커스텀 설정 === +app: + prediction: + base-url: ${PREDICTION_BASE_URL:http://localhost:8001} + iran-backend: + base-url: ${IRAN_BACKEND_BASE_URL:http://localhost:18080} + cors: + allowed-origins: ${CORS_ALLOWED_ORIGINS:http://localhost:5173,http://localhost:5174} + jwt: + secret: ${JWT_SECRET:change-me-in-production-this-must-be-at-least-256-bits-long-secret-key} + expiration-ms: ${JWT_EXPIRATION_MS:86400000} diff --git a/backend/src/main/resources/db/migration/V001__auth_init.sql b/backend/src/main/resources/db/migration/V001__auth_init.sql new file mode 100644 index 0000000..4f6da55 --- /dev/null +++ b/backend/src/main/resources/db/migration/V001__auth_init.sql @@ -0,0 +1,101 @@ +-- ============================================================================ +-- V001: 인증/조직/역할/로그인 이력 초기 스키마 +-- ============================================================================ + +-- UUID 생성용 확장 (kcgaidb는 신규 DB이므로 한 번만 활성화) +CREATE EXTENSION IF NOT EXISTS pgcrypto; + +-- ---------------------------------------------------------------------------- +-- 조직 (계층 구조) +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.auth_org ( + org_sn BIGSERIAL PRIMARY KEY, + org_nm VARCHAR(100) NOT NULL, + org_abbr_nm VARCHAR(50), + org_tp_cd VARCHAR(20), -- HQ, REGIONAL, STATION, AGENCY + upper_org_sn BIGINT REFERENCES kcg.auth_org(org_sn), + sort_ord INT DEFAULT 0, + use_yn CHAR(1) NOT NULL DEFAULT 'Y', + created_at TIMESTAMPTZ NOT NULL DEFAULT now(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT now() +); + +CREATE INDEX idx_auth_org_upper ON kcg.auth_org(upper_org_sn); + +COMMENT ON TABLE kcg.auth_org IS '조직 (해양경찰청 본청/지방청/서/파출소 등)'; + +-- ---------------------------------------------------------------------------- +-- 사용자 +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.auth_user ( + user_id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_acnt VARCHAR(50) UNIQUE NOT NULL, -- 로그인 ID + pswd_hash VARCHAR(255), -- BCrypt 해시 (PASSWORD provider 전용) + user_nm VARCHAR(100) NOT NULL, -- 이름 + rnkp_nm VARCHAR(50), -- 직급/계급 + email VARCHAR(255), + org_sn BIGINT REFERENCES kcg.auth_org(org_sn), + user_stts_cd VARCHAR(20) NOT NULL DEFAULT 'PENDING', -- PENDING/ACTIVE/LOCKED/INACTIVE/REJECTED + fail_cnt INT NOT NULL DEFAULT 0, + last_login_dtm TIMESTAMPTZ, + -- 인증 방식 확장 (Phase 9: GPKI/SSO) + auth_provider VARCHAR(20) NOT NULL DEFAULT 'PASSWORD', -- PASSWORD/GPKI/SSO + provider_sub VARCHAR(255), -- GPKI DN 또는 SSO subject + created_at TIMESTAMPTZ NOT NULL DEFAULT now(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT now() +); + +CREATE INDEX idx_auth_user_org ON kcg.auth_user(org_sn); +CREATE INDEX idx_auth_user_status ON kcg.auth_user(user_stts_cd); +CREATE INDEX idx_auth_user_provider ON kcg.auth_user(auth_provider, provider_sub); + +COMMENT ON TABLE kcg.auth_user IS '사용자 계정'; +COMMENT ON COLUMN kcg.auth_user.auth_provider IS '인증 방식: PASSWORD(자체) / GPKI(공무원 인증서) / SSO'; + +-- ---------------------------------------------------------------------------- +-- 역할 +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.auth_role ( + role_sn BIGSERIAL PRIMARY KEY, + role_cd VARCHAR(50) UNIQUE NOT NULL, -- ADMIN, OPERATOR, ANALYST, VIEWER, FIELD + role_nm VARCHAR(100) NOT NULL, + role_dc TEXT, + dflt_yn CHAR(1) NOT NULL DEFAULT 'N', -- 신규 사용자 자동 배정 여부 + builtin_yn CHAR(1) NOT NULL DEFAULT 'N', -- 내장 역할 (삭제 불가) + created_at TIMESTAMPTZ NOT NULL DEFAULT now(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT now() +); + +COMMENT ON TABLE kcg.auth_role IS '사용자 역할'; + +-- ---------------------------------------------------------------------------- +-- 사용자-역할 매핑 (다대다) +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.auth_user_role ( + user_id UUID NOT NULL REFERENCES kcg.auth_user(user_id) ON DELETE CASCADE, + role_sn BIGINT NOT NULL REFERENCES kcg.auth_role(role_sn) ON DELETE CASCADE, + granted_at TIMESTAMPTZ NOT NULL DEFAULT now(), + granted_by UUID, + PRIMARY KEY (user_id, role_sn) +); + +CREATE INDEX idx_auth_user_role_role ON kcg.auth_user_role(role_sn); + +-- ---------------------------------------------------------------------------- +-- 로그인 이력 +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.auth_login_hist ( + hist_sn BIGSERIAL PRIMARY KEY, + user_id UUID, + user_acnt VARCHAR(50), + login_dtm TIMESTAMPTZ NOT NULL DEFAULT now(), + login_ip VARCHAR(45), + user_agent TEXT, + result VARCHAR(20) NOT NULL, -- SUCCESS, FAILED, LOCKED + fail_reason VARCHAR(255), + auth_provider VARCHAR(20) +); + +CREATE INDEX idx_login_hist_user ON kcg.auth_login_hist(user_id, login_dtm DESC); +CREATE INDEX idx_login_hist_acnt ON kcg.auth_login_hist(user_acnt, login_dtm DESC); +CREATE INDEX idx_login_hist_dtm ON kcg.auth_login_hist(login_dtm DESC); diff --git a/backend/src/main/resources/db/migration/V002__perm_tree.sql b/backend/src/main/resources/db/migration/V002__perm_tree.sql new file mode 100644 index 0000000..8c425e6 --- /dev/null +++ b/backend/src/main/resources/db/migration/V002__perm_tree.sql @@ -0,0 +1,57 @@ +-- ============================================================================ +-- V002: 권한 트리 + 권한 매트릭스 (wing 패턴) +-- ============================================================================ + +-- ---------------------------------------------------------------------------- +-- 리소스 트리 (메뉴/탭/패널 계층 구조) +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.auth_perm_tree ( + rsrc_cd VARCHAR(100) PRIMARY KEY, + parent_cd VARCHAR(100) REFERENCES kcg.auth_perm_tree(rsrc_cd) ON DELETE CASCADE, + rsrc_nm VARCHAR(100) NOT NULL, + rsrc_desc TEXT, + icon VARCHAR(50), + rsrc_level INT NOT NULL DEFAULT 0, -- 0=tab(권한그룹), 1=subtab/패널, 2+=중첩 + sort_ord INT NOT NULL DEFAULT 0, + use_yn CHAR(1) NOT NULL DEFAULT 'Y', + created_at TIMESTAMPTZ NOT NULL DEFAULT now(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT now() +); + +CREATE INDEX idx_perm_tree_parent ON kcg.auth_perm_tree(parent_cd); +CREATE INDEX idx_perm_tree_level ON kcg.auth_perm_tree(rsrc_level, sort_ord); + +COMMENT ON TABLE kcg.auth_perm_tree IS '리소스 트리 (좌측 탭=권한그룹, 자식=패널/액션)'; +COMMENT ON COLUMN kcg.auth_perm_tree.rsrc_cd IS '리소스 코드 (예: detection, detection:gear-detection)'; + +-- ---------------------------------------------------------------------------- +-- 권한 매트릭스 (역할 × 리소스 × 오퍼레이션) +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.auth_perm ( + perm_sn BIGSERIAL PRIMARY KEY, + role_sn BIGINT NOT NULL REFERENCES kcg.auth_role(role_sn) ON DELETE CASCADE, + rsrc_cd VARCHAR(100) NOT NULL REFERENCES kcg.auth_perm_tree(rsrc_cd) ON DELETE CASCADE, + oper_cd VARCHAR(20) NOT NULL, -- READ, CREATE, UPDATE, DELETE, EXPORT, MANAGE + grant_yn CHAR(1) NOT NULL, -- Y(허용), N(명시적 거부) + updated_at TIMESTAMPTZ NOT NULL DEFAULT now(), + updated_by UUID, + UNIQUE(role_sn, rsrc_cd, oper_cd) +); + +CREATE INDEX idx_perm_role ON kcg.auth_perm(role_sn); +CREATE INDEX idx_perm_rsrc ON kcg.auth_perm(rsrc_cd); + +COMMENT ON TABLE kcg.auth_perm IS '권한 매트릭스 (명시적 권한만 저장, 미저장 시 트리 상속)'; + +-- ---------------------------------------------------------------------------- +-- 시스템 설정 (메뉴 구성, 자동 승인 등 JSON) +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.auth_setting ( + setting_key VARCHAR(50) PRIMARY KEY, + setting_val JSONB NOT NULL, + description TEXT, + updated_at TIMESTAMPTZ NOT NULL DEFAULT now(), + updated_by UUID +); + +COMMENT ON TABLE kcg.auth_setting IS '시스템 설정 (메뉴 구성, 자동승인, 정책 등)'; diff --git a/backend/src/main/resources/db/migration/V003__perm_seed.sql b/backend/src/main/resources/db/migration/V003__perm_seed.sql new file mode 100644 index 0000000..7d67705 --- /dev/null +++ b/backend/src/main/resources/db/migration/V003__perm_seed.sql @@ -0,0 +1,180 @@ +-- ============================================================================ +-- V003: 초기 역할 + 리소스 트리 시드 + 역할별 권한 매트릭스 +-- ============================================================================ + +-- ---------------------------------------------------------------------------- +-- 역할 시드 (5종) +-- ---------------------------------------------------------------------------- +INSERT INTO kcg.auth_role(role_cd, role_nm, role_dc, dflt_yn, builtin_yn) VALUES + ('ADMIN', '시스템 관리자', '모든 권한 + 사용자/역할/권한 관리', 'N', 'Y'), + ('OPERATOR', '운영자', '분석 + 모선 확정/제외/학습 의사결정', 'N', 'Y'), + ('ANALYST', '분석가', '조회 + 분석 (확정 권한 없음)', 'N', 'Y'), + ('VIEWER', '조회자', '읽기 전용', 'Y', 'Y'), + ('FIELD', '현장요원', '현장 작전 + 알림', 'N', 'Y'); + +-- ---------------------------------------------------------------------------- +-- Level 0: 좌측 탭 (권한 그룹) +-- ---------------------------------------------------------------------------- +INSERT INTO kcg.auth_perm_tree(rsrc_cd, parent_cd, rsrc_nm, rsrc_level, sort_ord, icon) VALUES + ('dashboard', NULL, '대시보드', 0, 10, 'LayoutDashboard'), + ('monitoring', NULL, '실시간 모니터링', 0, 20, 'Activity'), + ('surveillance', NULL, '감시', 0, 30, 'Eye'), + ('detection', NULL, '탐지', 0, 40, 'Radar'), + ('vessel', NULL, '선박', 0, 50, 'Ship'), + ('risk-assessment', NULL, '위험평가', 0, 60, 'AlertTriangle'), + ('patrol', NULL, '순찰', 0, 70, 'Navigation'), + ('enforcement', NULL, '단속', 0, 80, 'Shield'), + ('field-ops', NULL, '현장작전', 0, 90, 'MapPin'), + ('ai-operations', NULL, 'AI 운영', 0, 100, 'Bot'), + ('statistics', NULL, '통계', 0, 110, 'BarChart3'), + ('parent-inference-workflow', NULL, '모선 워크플로우', 0, 120, 'GitBranch'), + ('admin', NULL, '관리', 0, 999, 'Settings'); + +-- ---------------------------------------------------------------------------- +-- Level 1: 서브탭/패널 +-- ---------------------------------------------------------------------------- +INSERT INTO kcg.auth_perm_tree(rsrc_cd, parent_cd, rsrc_nm, rsrc_level, sort_ord) VALUES + -- monitoring + ('monitoring:alert-list', 'monitoring', '알림 목록', 1, 10), + ('monitoring:kpi-panel', 'monitoring', 'KPI 패널', 1, 20), + -- surveillance + ('surveillance:live-map', 'surveillance', '실시간 맵', 1, 10), + ('surveillance:map-control', 'surveillance', '해역 관리', 1, 20), + -- detection + ('detection:gear-detection', 'detection', '어구탐지', 1, 10), + ('detection:dark-vessel', 'detection', 'Dark Vessel', 1, 20), + ('detection:china-fishing', 'detection', '중국어선', 1, 30), + ('detection:gear-identification', 'detection', '어구식별', 1, 40), + -- vessel + ('vessel:vessel-detail', 'vessel', '선박상세', 1, 10), + ('vessel:transfer-detection', 'vessel', '전재탐지', 1, 20), + -- risk-assessment + ('risk-assessment:risk-map', 'risk-assessment', '위험지도', 1, 10), + ('risk-assessment:enforcement-plan', 'risk-assessment', '단속계획', 1, 20), + -- patrol + ('patrol:patrol-route', 'patrol', '순찰경로', 1, 10), + ('patrol:fleet-optimization', 'patrol', '선단최적화', 1, 20), + -- enforcement + ('enforcement:enforcement-history', 'enforcement', '단속이력', 1, 10), + ('enforcement:event-list', 'enforcement', '이벤트 목록', 1, 20), + -- field-ops + ('field-ops:mobile-service', 'field-ops', '모바일 서비스', 1, 10), + ('field-ops:ship-agent', 'field-ops', '함정 에이전트', 1, 20), + ('field-ops:ai-alert', 'field-ops', 'AI 경보', 1, 30), + -- ai-operations + ('ai-operations:ai-assistant', 'ai-operations', 'AI 어시스턴트', 1, 10), + ('ai-operations:ai-model', 'ai-operations', 'AI 모델', 1, 20), + ('ai-operations:mlops', 'ai-operations', 'MLOps', 1, 30), + -- statistics + ('statistics:statistics', 'statistics', '통계', 1, 10), + ('statistics:external-service', 'statistics', '외부 서비스', 1, 20), + -- parent-inference-workflow ★ + ('parent-inference-workflow:parent-review', 'parent-inference-workflow', '확정/거부', 1, 10), + ('parent-inference-workflow:parent-exclusion', 'parent-inference-workflow', '후보 제외', 1, 20), + ('parent-inference-workflow:label-session', 'parent-inference-workflow', '학습 세션', 1, 30), + ('parent-inference-workflow:exclusion-management','parent-inference-workflow','전역 제외 관리', 1, 40), + -- admin ★ + ('admin:user-management', 'admin', '사용자 관리', 1, 10), + ('admin:role-management', 'admin', '역할 관리', 1, 20), + ('admin:permission-management', 'admin', '권한 관리', 1, 30), + ('admin:menu-management', 'admin', '메뉴 설정', 1, 40), + ('admin:audit-logs', 'admin', '감사로그', 1, 50), + ('admin:access-logs', 'admin', '접근 이력', 1, 60), + ('admin:login-history', 'admin', '로그인 이력', 1, 70), + ('admin:system-config', 'admin', '시스템 설정', 1, 80); + +-- ---------------------------------------------------------------------------- +-- 권한 시드: 헬퍼 - 역할별로 일괄 INSERT +-- ---------------------------------------------------------------------------- + +-- ADMIN: 모든 리소스에 대해 R/C/U/D/EXPORT 부여 +INSERT INTO kcg.auth_perm(role_sn, rsrc_cd, oper_cd, grant_yn) +SELECT r.role_sn, t.rsrc_cd, op.oper_cd, 'Y' +FROM kcg.auth_role r +CROSS JOIN kcg.auth_perm_tree t +CROSS JOIN (VALUES ('READ'), ('CREATE'), ('UPDATE'), ('DELETE'), ('EXPORT')) AS op(oper_cd) +WHERE r.role_cd = 'ADMIN'; + +-- VIEWER: 모든 view 탭(READ만), admin/parent-inference-workflow는 deny +-- (1) view 가능 Level 0 탭에만 READ 부여 +INSERT INTO kcg.auth_perm(role_sn, rsrc_cd, oper_cd, grant_yn) +SELECT r.role_sn, t.rsrc_cd, 'READ', 'Y' +FROM kcg.auth_role r +CROSS JOIN kcg.auth_perm_tree t +WHERE r.role_cd = 'VIEWER' + AND t.rsrc_level = 0 + AND t.rsrc_cd NOT IN ('admin', 'parent-inference-workflow'); + +-- (2) admin / parent-inference-workflow는 명시적 deny +INSERT INTO kcg.auth_perm(role_sn, rsrc_cd, oper_cd, grant_yn) +SELECT r.role_sn, t.rsrc_cd, 'READ', 'N' +FROM kcg.auth_role r +CROSS JOIN kcg.auth_perm_tree t +WHERE r.role_cd = 'VIEWER' + AND t.rsrc_level = 0 + AND t.rsrc_cd IN ('admin', 'parent-inference-workflow'); + +-- ANALYST: 모든 view + parent-inference-workflow READ만 (확정 권한 없음) +INSERT INTO kcg.auth_perm(role_sn, rsrc_cd, oper_cd, grant_yn) +SELECT r.role_sn, t.rsrc_cd, 'READ', 'Y' +FROM kcg.auth_role r +CROSS JOIN kcg.auth_perm_tree t +WHERE r.role_cd = 'ANALYST' + AND t.rsrc_level = 0 + AND t.rsrc_cd != 'admin'; + +INSERT INTO kcg.auth_perm(role_sn, rsrc_cd, oper_cd, grant_yn) +SELECT r.role_sn, 'admin', 'READ', 'N' +FROM kcg.auth_role r WHERE r.role_cd = 'ANALYST'; + +-- OPERATOR: 모든 view + parent-inference-workflow R/C/U + admin은 거부 +INSERT INTO kcg.auth_perm(role_sn, rsrc_cd, oper_cd, grant_yn) +SELECT r.role_sn, t.rsrc_cd, 'READ', 'Y' +FROM kcg.auth_role r +CROSS JOIN kcg.auth_perm_tree t +WHERE r.role_cd = 'OPERATOR' + AND t.rsrc_level = 0 + AND t.rsrc_cd != 'admin'; + +-- OPERATOR에 parent-inference-workflow의 자식 리소스에 R/C/U 부여 +INSERT INTO kcg.auth_perm(role_sn, rsrc_cd, oper_cd, grant_yn) +SELECT r.role_sn, t.rsrc_cd, op.oper_cd, 'Y' +FROM kcg.auth_role r +CROSS JOIN kcg.auth_perm_tree t +CROSS JOIN (VALUES ('READ'), ('CREATE'), ('UPDATE')) AS op(oper_cd) +WHERE r.role_cd = 'OPERATOR' + AND t.parent_cd = 'parent-inference-workflow' + AND t.rsrc_cd != 'parent-inference-workflow:exclusion-management'; -- 전역 제외는 admin만 + +INSERT INTO kcg.auth_perm(role_sn, rsrc_cd, oper_cd, grant_yn) +SELECT r.role_sn, 'admin', 'READ', 'N' +FROM kcg.auth_role r WHERE r.role_cd = 'OPERATOR'; + +-- FIELD: field-ops, vessel, monitoring, dashboard READ만 +INSERT INTO kcg.auth_perm(role_sn, rsrc_cd, oper_cd, grant_yn) +SELECT r.role_sn, t.rsrc_cd, 'READ', 'Y' +FROM kcg.auth_role r +CROSS JOIN kcg.auth_perm_tree t +WHERE r.role_cd = 'FIELD' + AND t.rsrc_level = 0 + AND t.rsrc_cd IN ('dashboard', 'monitoring', 'vessel', 'field-ops'); + +-- 다른 모든 탭 명시적 deny +INSERT INTO kcg.auth_perm(role_sn, rsrc_cd, oper_cd, grant_yn) +SELECT r.role_sn, t.rsrc_cd, 'READ', 'N' +FROM kcg.auth_role r +CROSS JOIN kcg.auth_perm_tree t +WHERE r.role_cd = 'FIELD' + AND t.rsrc_level = 0 + AND t.rsrc_cd NOT IN ('dashboard', 'monitoring', 'vessel', 'field-ops'); + +-- ---------------------------------------------------------------------------- +-- 초기 admin 계정 시드 (Phase 3에서 BCrypt 해시로 갱신) +-- ---------------------------------------------------------------------------- +INSERT INTO kcg.auth_user(user_acnt, user_nm, user_stts_cd, auth_provider, pswd_hash) +VALUES ('admin', '시스템 관리자', 'ACTIVE', 'PASSWORD', '$2a$10$placeholder.will.be.set.in.phase3'); + +INSERT INTO kcg.auth_user_role(user_id, role_sn) +SELECT u.user_id, r.role_sn +FROM kcg.auth_user u, kcg.auth_role r +WHERE u.user_acnt = 'admin' AND r.role_cd = 'ADMIN'; diff --git a/backend/src/main/resources/db/migration/V004__access_logs.sql b/backend/src/main/resources/db/migration/V004__access_logs.sql new file mode 100644 index 0000000..bf2bc3a --- /dev/null +++ b/backend/src/main/resources/db/migration/V004__access_logs.sql @@ -0,0 +1,50 @@ +-- ============================================================================ +-- V004: 감사로그 + 접근 이력 +-- ============================================================================ + +-- ---------------------------------------------------------------------------- +-- 감사로그 (의사결정 액션 - @Auditable AOP가 기록) +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.auth_audit_log ( + audit_sn BIGSERIAL PRIMARY KEY, + user_id UUID, + user_acnt VARCHAR(50), + action_cd VARCHAR(50) NOT NULL, -- LOGIN, LOGOUT, CONFIRM_PARENT, REJECT_PARENT, EXCLUDE_CANDIDATE, LABEL_CREATE, ROLE_GRANT, PERM_UPDATE, USER_CREATE, ... + resource_type VARCHAR(50), -- VESSEL, GROUP, PARENT_INFERENCE, USER, ROLE, SYSTEM + resource_id VARCHAR(100), + detail JSONB, + ip_address VARCHAR(45), + result VARCHAR(20), -- SUCCESS, FAILED + fail_reason TEXT, + created_at TIMESTAMPTZ NOT NULL DEFAULT now() +); + +CREATE INDEX idx_audit_user ON kcg.auth_audit_log(user_id, created_at DESC); +CREATE INDEX idx_audit_action ON kcg.auth_audit_log(action_cd, created_at DESC); +CREATE INDEX idx_audit_resource ON kcg.auth_audit_log(resource_type, resource_id); +CREATE INDEX idx_audit_created ON kcg.auth_audit_log(created_at DESC); + +COMMENT ON TABLE kcg.auth_audit_log IS '감사로그 (운영자 의사결정 + 시스템 액션)'; + +-- ---------------------------------------------------------------------------- +-- 접근 이력 (모든 HTTP 요청 - AccessLogFilter가 기록) +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.auth_access_log ( + access_sn BIGSERIAL PRIMARY KEY, + user_id UUID, + user_acnt VARCHAR(50), + http_method VARCHAR(10), + request_path VARCHAR(500), + query_string TEXT, + status_code INT, + duration_ms INT, + ip_address VARCHAR(45), + user_agent TEXT, + created_at TIMESTAMPTZ NOT NULL DEFAULT now() +); + +CREATE INDEX idx_access_user ON kcg.auth_access_log(user_id, created_at DESC); +CREATE INDEX idx_access_path ON kcg.auth_access_log(request_path, created_at DESC); +CREATE INDEX idx_access_created ON kcg.auth_access_log(created_at DESC); + +COMMENT ON TABLE kcg.auth_access_log IS '접근 이력 (모든 HTTP 요청)'; diff --git a/backend/src/main/resources/db/migration/V005__parent_workflow.sql b/backend/src/main/resources/db/migration/V005__parent_workflow.sql new file mode 100644 index 0000000..5b7a133 --- /dev/null +++ b/backend/src/main/resources/db/migration/V005__parent_workflow.sql @@ -0,0 +1,97 @@ +-- ============================================================================ +-- V005: 모선 워크플로우 (운영자 의사결정 - HYBRID) +-- iran 백엔드 마이그레이션 012/014의 백엔드 쓰기 부분만 이식 +-- ============================================================================ + +-- ---------------------------------------------------------------------------- +-- 모선 확정 결과 (운영자 액션 결과) +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.gear_group_parent_resolution ( + id BIGSERIAL PRIMARY KEY, + group_key VARCHAR(255) NOT NULL, + sub_cluster_id INT NOT NULL, + status VARCHAR(30) NOT NULL, -- UNRESOLVED, MANUAL_CONFIRMED, REVIEW_REQUIRED + selected_parent_mmsi VARCHAR(20), + rejected_candidate_mmsi VARCHAR(20), + approved_by UUID, + approved_at TIMESTAMPTZ, + rejected_at TIMESTAMPTZ, + manual_comment TEXT, + created_at TIMESTAMPTZ NOT NULL DEFAULT now(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT now(), + UNIQUE(group_key, sub_cluster_id) +); + +CREATE INDEX idx_parent_resolution_status ON kcg.gear_group_parent_resolution(status); +CREATE INDEX idx_parent_resolution_group ON kcg.gear_group_parent_resolution(group_key); + +COMMENT ON TABLE kcg.gear_group_parent_resolution IS '모선 확정 결과 (HYBRID: prediction 후보 + 운영자 결정)'; + +-- ---------------------------------------------------------------------------- +-- 운영자 액션 로그 (도메인 컨텍스트 보존, audit_log와 별개) +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.gear_group_parent_review_log ( + id BIGSERIAL PRIMARY KEY, + group_key VARCHAR(255) NOT NULL, + sub_cluster_id INT, + action VARCHAR(30) NOT NULL, -- CONFIRM, REJECT, RESET, EXCLUDE_GROUP, EXCLUDE_GLOBAL, LABEL_PARENT, CANCEL_LABEL, RELEASE_EXCLUSION + selected_parent_mmsi VARCHAR(20), + actor UUID, + actor_acnt VARCHAR(50), + comment TEXT, + created_at TIMESTAMPTZ NOT NULL DEFAULT now() +); + +CREATE INDEX idx_review_log_group ON kcg.gear_group_parent_review_log(group_key, created_at DESC); +CREATE INDEX idx_review_log_actor ON kcg.gear_group_parent_review_log(actor, created_at DESC); +CREATE INDEX idx_review_log_action ON kcg.gear_group_parent_review_log(action, created_at DESC); + +COMMENT ON TABLE kcg.gear_group_parent_review_log IS '모선 워크플로우 운영자 액션 로그'; + +-- ---------------------------------------------------------------------------- +-- 후보 제외 (운영자 또는 관리자가 잘못된 후보 차단) +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.gear_parent_candidate_exclusions ( + id BIGSERIAL PRIMARY KEY, + scope_type VARCHAR(20) NOT NULL, -- GROUP, GLOBAL + group_key VARCHAR(255), -- GLOBAL일 때는 NULL + sub_cluster_id INT, + excluded_mmsi VARCHAR(20) NOT NULL, + reason TEXT, + actor UUID, + actor_acnt VARCHAR(50), + created_at TIMESTAMPTZ NOT NULL DEFAULT now(), + released_at TIMESTAMPTZ, + released_by UUID, + released_by_acnt VARCHAR(50) +); + +CREATE INDEX idx_exclusion_scope ON kcg.gear_parent_candidate_exclusions(scope_type, group_key, excluded_mmsi); +CREATE INDEX idx_exclusion_active ON kcg.gear_parent_candidate_exclusions(scope_type, released_at) WHERE released_at IS NULL; + +COMMENT ON TABLE kcg.gear_parent_candidate_exclusions IS '모선 후보 제외 (그룹/전역 스코프)'; + +-- ---------------------------------------------------------------------------- +-- 학습 세션 (운영자가 정답 라벨링) +-- ---------------------------------------------------------------------------- +CREATE TABLE kcg.gear_parent_label_sessions ( + id BIGSERIAL PRIMARY KEY, + group_key VARCHAR(255) NOT NULL, + sub_cluster_id INT NOT NULL, + label_parent_mmsi VARCHAR(20) NOT NULL, + status VARCHAR(20) NOT NULL DEFAULT 'ACTIVE', -- ACTIVE, CANCELLED, COMPLETED + active_from TIMESTAMPTZ NOT NULL DEFAULT now(), + active_until TIMESTAMPTZ, + anchor_snapshot JSONB, + created_by UUID, + created_by_acnt VARCHAR(50), + cancelled_by UUID, + cancelled_at TIMESTAMPTZ, + cancel_reason TEXT, + created_at TIMESTAMPTZ NOT NULL DEFAULT now() +); + +CREATE INDEX idx_label_session_group ON kcg.gear_parent_label_sessions(group_key, status); +CREATE INDEX idx_label_session_status ON kcg.gear_parent_label_sessions(status); + +COMMENT ON TABLE kcg.gear_parent_label_sessions IS '모선 추론 학습 세션 (운영자 정답 라벨링)'; diff --git a/backend/src/test/java/gc/mda/kcg/KcgAiApplicationTests.java b/backend/src/test/java/gc/mda/kcg/KcgAiApplicationTests.java new file mode 100644 index 0000000..f005dcc --- /dev/null +++ b/backend/src/test/java/gc/mda/kcg/KcgAiApplicationTests.java @@ -0,0 +1,13 @@ +package gc.mda.kcg; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +class KcgAiApplicationTests { + + @Test + void contextLoads() { + } + +}