Add NHN Cloud credentials management and bump version to v0.0.19

- Add NHN Cloud credential fields to User model (tenant_id, username, encrypted password, storage_account) - Add API endpoints for credentials CRUD operations - Implement Fernet encryption for password storage Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-14 01:25:43 +09:00
parent dce4663a67
commit e318855b14
5 changed files with 180 additions and 2 deletions
--- a/users/views.py
+++ b/users/views.py
@ -319,3 +319,114 @@ class UserUpdateView(generics.RetrieveUpdateDestroyAPIView):
                {"message": f"사용자 {target_email}이(가) 삭제되었습니다."},
                status=status.HTTP_200_OK
            )
+
+
+# ============================================
+# NHN Cloud 자격증명 관리 API
+# ============================================
+
+class NHNCloudCredentialsView(APIView):
+    """NHN Cloud 자격증명 저장/조회/삭제"""
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request):
+        """자격증명 조회 (비밀번호 제외)"""
+        with tracer.start_as_current_span("NHNCloudCredentialsView GET") as span:
+            email, ip, ua = get_request_info(request)
+            user = request.user
+            logger.debug(f"[NHN CREDENTIALS GET] user={email} | IP={ip} | UA={ua}")
+            span.add_event("NHN credentials retrieved", attributes={"email": email})
+
+            return Response({
+                "has_credentials": bool(user.nhn_tenant_id and user.encrypted_nhn_api_password),
+                "tenant_id": user.nhn_tenant_id or "",
+                "username": user.nhn_username or "",
+                "storage_account": user.nhn_storage_account or "",
+            })
+
+    def post(self, request):
+        """자격증명 저장"""
+        with tracer.start_as_current_span("NHNCloudCredentialsView POST") as span:
+            email, ip, ua = get_request_info(request)
+            user = request.user
+
+            tenant_id = request.data.get("tenant_id")
+            username = request.data.get("username")
+            password = request.data.get("password")
+            storage_account = request.data.get("storage_account", "")
+
+            if not tenant_id or not username or not password:
+                logger.warning(
+                    f"[NHN CREDENTIALS SAVE] user={email} | status=fail | reason=missing_fields | IP={ip} | UA={ua}"
+                )
+                return Response(
+                    {"error": "tenant_id, username, password는 필수입니다."},
+                    status=status.HTTP_400_BAD_REQUEST,
+                )
+
+            try:
+                user.save_nhn_credentials(tenant_id, username, password, storage_account)
+                logger.info(
+                    f"[NHN CREDENTIALS SAVE] user={email} | status=success | IP={ip} | UA={ua}"
+                )
+                span.add_event("NHN credentials saved", attributes={"email": email})
+                return Response({"message": "NHN Cloud 자격증명이 저장되었습니다."}, status=201)
+            except Exception as e:
+                logger.exception(
+                    f"[NHN CREDENTIALS SAVE] user={email} | status=fail | reason=exception | IP={ip} | UA={ua}"
+                )
+                return Response({"error": f"저장 실패: {str(e)}"}, status=500)
+
+    def delete(self, request):
+        """자격증명 삭제"""
+        with tracer.start_as_current_span("NHNCloudCredentialsView DELETE") as span:
+            email, ip, ua = get_request_info(request)
+            user = request.user
+
+            user.nhn_tenant_id = None
+            user.nhn_username = None
+            user.encrypted_nhn_api_password = None
+            user.nhn_storage_account = None
+            user.save(update_fields=[
+                'nhn_tenant_id', 'nhn_username', 'encrypted_nhn_api_password', 'nhn_storage_account'
+            ])
+
+            logger.info(f"[NHN CREDENTIALS DELETE] user={email} | status=success | IP={ip} | UA={ua}")
+            span.add_event("NHN credentials deleted", attributes={"email": email})
+            return Response({"message": "NHN Cloud 자격증명이 삭제되었습니다."})
+
+
+class NHNCloudPasswordView(APIView):
+    """NHN Cloud API 비밀번호 조회 (복호화) - msa-django-nhn에서 사용"""
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request):
+        """복호화된 비밀번호 조회"""
+        with tracer.start_as_current_span("NHNCloudPasswordView GET") as span:
+            email, ip, ua = get_request_info(request)
+            user = request.user
+
+            if not user.encrypted_nhn_api_password:
+                logger.warning(
+                    f"[NHN PASSWORD GET] user={email} | status=fail | reason=not_found | IP={ip} | UA={ua}"
+                )
+                return Response(
+                    {"error": "NHN Cloud 자격증명이 등록되어 있지 않습니다."},
+                    status=404
+                )
+
+            try:
+                decrypted_password = user.decrypt_nhn_password()
+                logger.info(f"[NHN PASSWORD GET] user={email} | status=success | IP={ip} | UA={ua}")
+                span.add_event("NHN password retrieved", attributes={"email": email})
+                return Response({
+                    "tenant_id": user.nhn_tenant_id,
+                    "username": user.nhn_username,
+                    "password": decrypted_password,
+                    "storage_account": user.nhn_storage_account or "",
+                })
+            except Exception as e:
+                logger.exception(
+                    f"[NHN PASSWORD GET] user={email} | status=fail | reason=exception | IP={ip} | UA={ua}"
+                )
+                return Response({"error": f"복호화 실패: {str(e)}"}, status=500)