From 559ebd666a62b0a47281892fa5776f93d903286b Mon Sep 17 00:00:00 2001 From: "jeonghyo.k" Date: Mon, 20 Apr 2026 15:18:16 +0900 Subject: [PATCH] =?UTF-8?q?fix(vessel):=20=EC=84=A0=EB=B0=95=20=EB=9D=BC?= =?UTF-8?q?=EC=9A=B0=ED=84=B0=20=EC=A0=84=EC=B2=B4=EC=97=90=20requireAuth?= =?UTF-8?q?=20=EB=AF=B8=EB=93=A4=EC=9B=A8=EC=96=B4=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit /in-area, /all, /status 세 엔드포인트 모두 인증 없이 접근 가능한 상태였음. 모든 라우트에 requireAuth를 적용하여 미인증 요청 시 401 반환. Co-Authored-By: Claude Sonnet 4.6 --- backend/src/vessels/vesselRouter.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/backend/src/vessels/vesselRouter.ts b/backend/src/vessels/vesselRouter.ts index 3a580b0..d7ca059 100644 --- a/backend/src/vessels/vesselRouter.ts +++ b/backend/src/vessels/vesselRouter.ts @@ -1,4 +1,5 @@ import { Router } from 'express'; +import { requireAuth } from '../auth/authMiddleware.js'; import { getVesselsInBounds, getAllVessels, getCacheStatus } from './vesselService.js'; import type { BoundingBox } from './vesselTypes.js'; @@ -6,7 +7,7 @@ const vesselRouter = Router(); // POST /api/vessels/in-area // 현재 뷰포트 bbox 안의 선박 목록 반환 (메모리 캐시에서 필터링) -vesselRouter.post('/in-area', (req, res) => { +vesselRouter.post('/in-area', requireAuth, (req, res) => { const { bounds } = req.body as { bounds?: BoundingBox }; if ( @@ -25,13 +26,13 @@ vesselRouter.post('/in-area', (req, res) => { }); // GET /api/vessels/all — 캐시된 전체 선박 목록 반환 (검색용) -vesselRouter.get('/all', (_req, res) => { +vesselRouter.get('/all', requireAuth, (_req, res) => { const vessels = getAllVessels(); res.json(vessels); }); // GET /api/vessels/status — 캐시 상태 확인 (디버그용) -vesselRouter.get('/status', (_req, res) => { +vesselRouter.get('/status', requireAuth, (_req, res) => { const status = getCacheStatus(); res.json(status); });