Skip to content

[SRLT-129] 가격을 프로모션에 맞춰 수정한다 #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SeongHo5356 merged 5 commits into from
Jan 14, 2026
Merged

[SRLT-129] 가격을 프로모션에 맞춰 수정한다 #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
0e7b80d
[SRLT-129] Chore: 요금제 가격을 프로모션 가격으로 변경한다
SeongHo5356 Jan 7, 2026
2fddbff
[SRLT-129] Chore: Cors에 개발 주소를 추가한다
SeongHo5356 Jan 7, 2026
b6890b6
[SRLT-129] Chore: Cors에 개발 주소를 추가한다
SeongHo5356 Jan 7, 2026
2eb78df
[SRLT-129] Chore: 가격을 되돌린다
SeongHo5356 Jan 7, 2026
e83f14a
[SRLT-129] test: 변경내용은 테스트 환경설정에 추가한다
SeongHo5356 Jan 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion config
Open in desktop
Submodule config updated from 1d8d33 to f99b53
4 changes: 3 additions & 1 deletion src/main/java/starlight/bootstrap/SecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ public class SecurityConfig {

@Value("${cors.origin.server}") String ServerBaseUrl;
@Value("${cors.origin.client}") String clientBaseUrl;
@Value("${cors.origin.develop}") String devBaseUrl;

private final JwtFilter jwtFilter;
private final ExceptionFilter exceptionFilter;
Expand Down Expand Up @@ -100,7 +101,8 @@ public CorsConfigurationSource corsConfigurationSource() {

configuration.setAllowedOrigins(List.of(
clientBaseUrl,
ServerBaseUrl
ServerBaseUrl,
devBaseUrl
));
Comment on lines 102 to 106
Copy link

@coderabbitai coderabbitai bot Jan 7, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# First, let's find the SecurityConfig.java file and examine the relevant code
find . -name "SecurityConfig.java" -type f | head -20

Repository: StartUpLight/STARLIGHT_BE

Length of output: 124

🏁 Script executed:

# Find all application configuration files
fd -e yml -e yaml -e properties | grep -i application | head -30

Repository: StartUpLight/STARLIGHT_BE

Length of output: 51

🏁 Script executed:

# Search for cors-related properties and devBaseUrl
rg -n 'cors\.origin|devBaseUrl|dev-base-url' --type-list | head -30

Repository: StartUpLight/STARLIGHT_BE

Length of output: 458

🏁 Script executed:

# Read the SecurityConfig.java file to understand devBaseUrl usage
cat -n ./src/main/java/starlight/bootstrap/SecurityConfig.java | sed -n '90,120p'

Repository: StartUpLight/STARLIGHT_BE

Length of output: 1366

🏁 Script executed:

# Search for application configuration files in src/main/resources
find ./src/main/resources -name "application*.yml" -o -name "application*.yaml" -o -name "application*.properties" 2>/dev/null

Repository: StartUpLight/STARLIGHT_BE

Length of output: 51

🏁 Script executed:

# Search for cors.origin.develop property across configuration files
rg 'cors\.origin\.develop|devBaseUrl|dev-base-url' -t yaml -t properties

Repository: StartUpLight/STARLIGHT_BE

Length of output: 103

🏁 Script executed:

# Search for @Value annotation or injection of devBaseUrl
rg -B 2 -A 2 'devBaseUrl' ./src/main/java/starlight/bootstrap/SecurityConfig.java

Repository: StartUpLight/STARLIGHT_BE

Length of output: 385

🏁 Script executed:

# Find all yml and yaml files in the repository
find . -name "*.yml" -o -name "*.yaml" | grep -v node_modules | head -20

Repository: StartUpLight/STARLIGHT_BE

Length of output: 210

🏁 Script executed:

# Broader search for cors and origin properties
rg 'cors|origin|devBaseUrl|dev' -t yaml

Repository: StartUpLight/STARLIGHT_BE

Length of output: 51

🏁 Script executed:

# List all files in src/main/resources directory
ls -la ./src/main/resources/ 2>/dev/null || echo "No src/main/resources directory found"

Repository: StartUpLight/STARLIGHT_BE

Length of output: 290

🏁 Script executed:

# Search for any yml/yaml files with cors or origin properties
rg -l 'cors|origin' --type yaml . 2>/dev/null || rg 'cors|origin' . --include="*.yml" --include="*.yaml" 2>/dev/null

Repository: StartUpLight/STARLIGHT_BE

Length of output: 51

🏁 Script executed:

# Check if application.yml exists anywhere
find . -name "application.yml" -o -name "application-*.yml" -o -name "application-*.yaml" 2>/dev/null

Repository: StartUpLight/STARLIGHT_BE

Length of output: 51

🏁 Script executed:

# Search for all yml files in entire repository
fd '\\.ya?ml$' . | head -30

Repository: StartUpLight/STARLIGHT_BE

Length of output: 51

🏁 Script executed:

# Search for any .yml/.yaml files in entire repository
find . -type f \( -name "*.yml" -o -name "*.yaml" \) 2>/dev/null | head -30

Repository: StartUpLight/STARLIGHT_BE

Length of output: 210

🏁 Script executed:

# Check deploy directory for configuration files
ls -la ./deploy/ 2>/dev/null || echo "No deploy directory"

Repository: StartUpLight/STARLIGHT_BE

Length of output: 308

🏁 Script executed:

# Search for @ConfigurationProperties annotation
rg '@ConfigurationProperties' ./src/main/java --type java

Repository: StartUpLight/STARLIGHT_BE

Length of output: 186

🏁 Script executed:

# Check if properties are defined anywhere in codebase
rg 'cors\.origin\.(server|client|develop)' . --include="*.java" --include="*.yml" --include="*.yaml" --include="*.properties"

Repository: StartUpLight/STARLIGHT_BE

Length of output: 510

🏁 Script executed:

# Search for cors.origin properties using correct rg syntax
rg 'cors\.origin\.' -g '*.java' -g '*.yml' -g '*.yaml' -g '*.properties'

Repository: StartUpLight/STARLIGHT_BE

Length of output: 534

🏁 Script executed:

# Check docker-compose.yaml for environment variable definitions
cat ./deploy/docker-compose.yaml

Repository: StartUpLight/STARLIGHT_BE

Length of output: 1146

🏁 Script executed:

# Search for environment variable declarations for cors
rg -i 'CORS|cors\.origin' ./deploy/

Repository: StartUpLight/STARLIGHT_BE

Length of output: 51

CORS 설정 속성 파일 필수 구성 필요 - 애플리케이션 구동 불가

devBaseUrl 외에도 cors.origin.server, cors.origin.client 등 CORS 허용 origin 설정이 @Value 어노테이션으로 주입되고 있으나, 이들 속성을 정의하는 설정 파일이 저장소 어디에도 없습니다. 현재 상태로는 애플리케이션 구동 시 PropertySourceNotFoundException 또는 NullPointerException이 발생합니다.

필수 조치:

  1. src/main/resources/application.yml (또는 .properties)을 생성하여 최소한 다음 속성들을 정의:

    • cors.origin.server
    • cors.origin.client
    • cors.origin.develop

  2. 프로파일 분리: application-dev.yml, application-stg.yml, application-prod.yml을 작성하여 각 환경에 맞는 URL만 설정. 특히 cors.origin.develop은 개발 프로파일에만 포함되어야 하며, 운영 환경에서는 제거해야 합니다.

  3. 예시:

    # application.yml (공통)
cors:
  origin:
    server: "https://api.starlight.com"
    client: "https://app.starlight.com"

# application-dev.yml (개발 환경만)
cors:
  origin:
    develop: "http://localhost:3000"

이는 보안 문제뿐만 아니라 기능 구현의 기초입니다. StarLight 백엔드가 제대로 구동될 수 없습니다.

🤖 Prompt for AI Agents 
In @src/main/java/starlight/bootstrap/SecurityConfig.java around lines 102 -
106, The CORS origin properties injected for configuration.setAllowedOrigins
(clientBaseUrl, ServerBaseUrl, devBaseUrl) are missing from the repo and cause
startup failures; add an application.yml (or .properties) defining
cors.origin.server, cors.origin.client and cors.origin.develop, and split into
environment-specific files (application-dev.yml, application-stg.yml,
application-prod.yml) so that devBaseUrl (cors.origin.develop) exists only in
the dev profile while production profiles only define cors.origin.server and
cors.origin.client; ensure the property names match the @Value injections used
where configuration.setAllowedOrigins is called.

Copy link
Member Author

@SeongHo5356 SeongHo5356 Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

지금 스테이징 서버를 개발에서도 공유하고 있어서 스테이징 서버에서 localhost:3000도 포함시켜줘야해 그래서 이렇게 했어

Copy link

@coderabbitai coderabbitai bot Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SeongHo5356, 스테이징 환경에서 개발 프론트엔드(localhost:3000)를 함께 사용해야 하는 상황은 이해했습니다! 👍

제가 언급한 주요 우려사항은 cors.origin.develop, cors.origin.server, cors.origin.client 속성 값들이 어디서 정의되는지에 관한 것이었습니다.

혹시 다음 중 어떤 방식으로 이 속성들을 관리하고 계신가요?

  1. 환경 변수로 주입 (docker-compose, k8s configmap 등)
  2. 외부 설정 서버 또는 서브모듈
  3. application.yml 파일이 별도로 관리됨 (gitignore 되어 있거나)

현재 방식이 확인되면 제 리뷰 코멘트를 조정하겠습니다!

참고 제안:
스테이징에서 개발 localhost를 허용해야 한다면, 프로파일 기반 설정보다는 환경 변수로 여러 origin을 쉼표로 구분해 주입하는 방식도 고려해볼 수 있습니다:

@Value("${cors.origin.allowed}") String allowedOrigins;
// "https://api.starlight.com,https://app.starlight.com,http://localhost:3000"
configuration.setAllowedOrigins(List.of(allowedOrigins.split(",")));


configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
Expand Down
Loading