icurfer
d79c57d11b
Some checks failed
Build And Test / build-and-push (push) Failing after 36s
- NHNCloudProject 모델에 dns_appkey 필드 추가 - 프로젝트 CRUD API에서 dns_appkey 처리 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
743 lines
31 KiB
Python
743 lines
31 KiB
Python
# views.py
|
|
import logging
|
|
from opentelemetry import trace # ✅ OpenTelemetry 트레이서
|
|
from rest_framework.views import APIView
|
|
from rest_framework.response import Response
|
|
from rest_framework import status
|
|
from rest_framework.permissions import IsAuthenticated, BasePermission
|
|
from rest_framework_simplejwt.views import TokenObtainPairView
|
|
from rest_framework import generics
|
|
from .serializers import RegisterSerializer, CustomTokenObtainPairSerializer, UserListSerializer
|
|
from .models import CustomUser, NHNCloudProject
|
|
|
|
logger = logging.getLogger(__name__)
|
|
tracer = trace.get_tracer(__name__) # ✅ 트레이서 생성
|
|
|
|
|
|
def get_request_info(request):
|
|
ip = request.META.get("REMOTE_ADDR", "unknown")
|
|
ua = request.META.get("HTTP_USER_AGENT", "unknown")
|
|
email = getattr(request.user, "email", "anonymous")
|
|
return email, ip, ua
|
|
|
|
|
|
class RegisterView(APIView):
|
|
def post(self, request):
|
|
with tracer.start_as_current_span("RegisterView POST") as span: # ✅ Span 생성
|
|
email, ip, ua = get_request_info(request)
|
|
serializer = RegisterSerializer(data=request.data)
|
|
if serializer.is_valid():
|
|
user = serializer.save()
|
|
logger.info(
|
|
f"[REGISTER] user={user.email} | status=success | IP={ip} | UA={ua}"
|
|
)
|
|
# ✅ Jaeger 이벤트 등록
|
|
span.add_event("User registered", attributes={"email": user.email})
|
|
return Response(
|
|
{"message": "User registered successfully."},
|
|
status=status.HTTP_201_CREATED,
|
|
)
|
|
logger.warning(
|
|
f"[REGISTER] user={email} | status=fail | IP={ip} | UA={ua} | detail={serializer.errors}"
|
|
)
|
|
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
|
class MeView(APIView):
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get(self, request):
|
|
with tracer.start_as_current_span("MeView GET") as span: # ✅ Span 생성
|
|
email, ip, ua = get_request_info(request)
|
|
logger.debug(f"[ME GET] user={email} | IP={ip} | UA={ua}")
|
|
serializer = RegisterSerializer(request.user)
|
|
span.add_event(
|
|
"Me info retrieved", attributes={"email": email}
|
|
) # ✅ Jaeger 이벤트 등록
|
|
return Response(serializer.data)
|
|
|
|
def put(self, request):
|
|
with tracer.start_as_current_span("MeView PUT") as span: # ✅ Span 생성
|
|
email, ip, ua = get_request_info(request)
|
|
serializer = RegisterSerializer(
|
|
request.user, data=request.data, partial=True
|
|
)
|
|
if serializer.is_valid():
|
|
serializer.save()
|
|
logger.info(
|
|
f"[ME UPDATE] user={email} | status=success | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event(
|
|
"Me info updated", attributes={"email": email}
|
|
) # ✅ Jaeger 이벤트 등록
|
|
return Response(serializer.data)
|
|
logger.warning(
|
|
f"[ME UPDATE] user={email} | status=fail | IP={ip} | UA={ua} | detail={serializer.errors}"
|
|
)
|
|
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
|
class CustomTokenObtainPairView(TokenObtainPairView):
|
|
serializer_class = CustomTokenObtainPairSerializer
|
|
|
|
def post(self, request, *args, **kwargs):
|
|
with tracer.start_as_current_span(
|
|
"TokenObtainPairView POST"
|
|
) as span: # ✅ Span 생성
|
|
ip = request.META.get("REMOTE_ADDR", "unknown")
|
|
ua = request.META.get("HTTP_USER_AGENT", "unknown")
|
|
email = request.data.get("email", "unknown")
|
|
logger.info(f"[LOGIN] user={email} | status=attempt | IP={ip} | UA={ua}")
|
|
response = super().post(request, *args, **kwargs)
|
|
|
|
if response.status_code == 200:
|
|
logger.info(
|
|
f"[LOGIN] user={email} | status=success | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event(
|
|
"Login success", attributes={"email": email}
|
|
) # ✅ Jaeger 이벤트 등록
|
|
else:
|
|
logger.warning(
|
|
f"[LOGIN] user={email} | status=fail | IP={ip} | UA={ua} | detail={response.data}"
|
|
)
|
|
span.add_event(
|
|
"Login failed",
|
|
attributes={"email": email, "reason": str(response.data)},
|
|
) # ✅
|
|
return response
|
|
|
|
|
|
class SSHKeyUploadView(APIView):
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def post(self, request):
|
|
with tracer.start_as_current_span(
|
|
"SSHKeyUploadView POST"
|
|
) as span: # ✅ Span 생성
|
|
email, ip, ua = get_request_info(request)
|
|
private_key = request.data.get("private_key")
|
|
key_name = request.data.get("key_name")
|
|
|
|
if not private_key or not key_name:
|
|
logger.warning(
|
|
f"[SSH UPLOAD] user={email} | status=fail | reason=missing_key_or_name | IP={ip} | UA={ua}"
|
|
)
|
|
return Response(
|
|
{"error": "private_key와 key_name 모두 필요합니다."},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
try:
|
|
user = request.user
|
|
user.save_private_key(private_key)
|
|
user.encrypted_private_key_name = key_name
|
|
user.save(
|
|
update_fields=[
|
|
"encrypted_private_key",
|
|
"encrypted_private_key_name",
|
|
]
|
|
)
|
|
logger.info(
|
|
f"[SSH UPLOAD] user={email} | status=success | key_name={key_name} | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event(
|
|
"SSH key saved", attributes={"email": email, "key_name": key_name}
|
|
) # ✅
|
|
return Response({"message": "SSH key 저장 완료."}, status=201)
|
|
except Exception as e:
|
|
logger.exception(
|
|
f"[SSH UPLOAD] user={email} | status=fail | reason=exception | IP={ip} | UA={ua}"
|
|
)
|
|
return Response(
|
|
{"error": f"암호화 또는 저장 실패: {str(e)}"}, status=500
|
|
)
|
|
|
|
def delete(self, request):
|
|
with tracer.start_as_current_span(
|
|
"SSHKeyUploadView DELETE"
|
|
) as span: # ✅ Span 생성
|
|
email, ip, ua = get_request_info(request)
|
|
user = request.user
|
|
user.encrypted_private_key = None
|
|
user.encrypted_private_key_name = None
|
|
user.last_used_at = None
|
|
user.save(
|
|
update_fields=[
|
|
"encrypted_private_key",
|
|
"encrypted_private_key_name",
|
|
"last_used_at",
|
|
]
|
|
)
|
|
logger.info(
|
|
f"[SSH DELETE] user={email} | status=success | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event(
|
|
"SSH key deleted", attributes={"email": email}
|
|
) # ✅ Jaeger 이벤트 등록
|
|
return Response({"message": "SSH key deleted."}, status=200)
|
|
|
|
|
|
class SSHKeyInfoView(APIView):
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get(self, request):
|
|
with tracer.start_as_current_span("SSHKeyInfoView GET") as span: # ✅ Span 생성
|
|
email, ip, ua = get_request_info(request)
|
|
logger.debug(f"[SSH INFO] user={email} | IP={ip} | UA={ua}")
|
|
user = request.user
|
|
span.add_event(
|
|
"SSH key info retrieved", attributes={"email": email}
|
|
) # ✅ Jaeger 이벤트 등록
|
|
return Response(
|
|
{
|
|
"has_key": bool(user.encrypted_private_key),
|
|
"encrypted_private_key_name": user.encrypted_private_key_name,
|
|
"last_used_at": user.last_used_at,
|
|
}
|
|
)
|
|
|
|
|
|
class SSHKeyRetrieveView(APIView):
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get(self, request):
|
|
with tracer.start_as_current_span(
|
|
"SSHKeyRetrieveView GET"
|
|
) as span: # ✅ Span 생성
|
|
email, ip, ua = get_request_info(request)
|
|
user = request.user
|
|
if not user.encrypted_private_key:
|
|
logger.warning(
|
|
f"[SSH RETRIEVE] user={email} | status=fail | reason=not_found | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event(
|
|
"SSH key retrieve failed",
|
|
attributes={"email": email, "reason": "not_found"},
|
|
) # ✅
|
|
return Response(
|
|
{"error": "SSH 키가 등록되어 있지 않습니다."}, status=404
|
|
)
|
|
|
|
try:
|
|
decrypted_key = user.decrypt_private_key()
|
|
logger.info(
|
|
f"[SSH RETRIEVE] user={email} | status=success | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event("SSH key retrieved", attributes={"email": email}) # ✅
|
|
return Response({"ssh_key": decrypted_key})
|
|
except Exception as e:
|
|
logger.exception(
|
|
f"[SSH RETRIEVE] user={email} | status=fail | reason=exception | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event(
|
|
"SSH key retrieve failed",
|
|
attributes={"email": email, "reason": str(e)},
|
|
) # ✅
|
|
return Response({"error": f"복호화 실패: {str(e)}"}, status=500)
|
|
|
|
|
|
# ============================================
|
|
# 관리자용 사용자 관리 API
|
|
# ============================================
|
|
|
|
class IsAdminOrManager(BasePermission):
|
|
"""admin 또는 manager 등급만 접근 가능"""
|
|
def has_permission(self, request, view):
|
|
if not request.user or not request.user.is_authenticated:
|
|
return False
|
|
return request.user.grade in ['admin', 'manager']
|
|
|
|
|
|
class UserListView(generics.ListAPIView):
|
|
"""사용자 목록 조회 (관리자 전용)"""
|
|
queryset = CustomUser.objects.all().order_by('-created_at')
|
|
serializer_class = UserListSerializer
|
|
permission_classes = [IsAuthenticated, IsAdminOrManager]
|
|
|
|
def list(self, request, *args, **kwargs):
|
|
with tracer.start_as_current_span("UserListView GET") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
logger.info(f"[USER LIST] admin={email} | IP={ip} | UA={ua}")
|
|
span.add_event("User list retrieved", attributes={"admin": email})
|
|
return super().list(request, *args, **kwargs)
|
|
|
|
|
|
class UserUpdateView(generics.RetrieveUpdateDestroyAPIView):
|
|
"""사용자 상태 수정/삭제 (관리자 전용)"""
|
|
queryset = CustomUser.objects.all()
|
|
serializer_class = UserListSerializer
|
|
permission_classes = [IsAuthenticated, IsAdminOrManager]
|
|
|
|
def partial_update(self, request, *args, **kwargs):
|
|
with tracer.start_as_current_span("UserUpdateView PATCH") as span:
|
|
admin_email, ip, ua = get_request_info(request)
|
|
instance = self.get_object()
|
|
target_email = instance.email
|
|
|
|
# is_active만 수정 가능
|
|
is_active = request.data.get('is_active')
|
|
if is_active is not None:
|
|
instance.is_active = is_active
|
|
instance.save(update_fields=['is_active'])
|
|
|
|
action = "activated" if is_active else "deactivated"
|
|
logger.info(
|
|
f"[USER UPDATE] admin={admin_email} | target={target_email} | action={action} | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event(
|
|
f"User {action}",
|
|
attributes={"admin": admin_email, "target": target_email}
|
|
)
|
|
|
|
serializer = self.get_serializer(instance)
|
|
return Response(serializer.data)
|
|
|
|
def destroy(self, request, *args, **kwargs):
|
|
with tracer.start_as_current_span("UserUpdateView DELETE") as span:
|
|
admin_email, ip, ua = get_request_info(request)
|
|
instance = self.get_object()
|
|
target_email = instance.email
|
|
|
|
# 자기 자신은 삭제 불가
|
|
if request.user.id == instance.id:
|
|
return Response(
|
|
{"error": "자기 자신의 계정은 삭제할 수 없습니다."},
|
|
status=status.HTTP_400_BAD_REQUEST
|
|
)
|
|
|
|
logger.info(
|
|
f"[USER DELETE] admin={admin_email} | target={target_email} | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event(
|
|
"User deleted",
|
|
attributes={"admin": admin_email, "target": target_email}
|
|
)
|
|
|
|
instance.delete()
|
|
return Response(
|
|
{"message": f"사용자 {target_email}이(가) 삭제되었습니다."},
|
|
status=status.HTTP_200_OK
|
|
)
|
|
|
|
|
|
# ============================================
|
|
# NHN Cloud 자격증명 관리 API
|
|
# ============================================
|
|
|
|
class NHNCloudCredentialsView(APIView):
|
|
"""NHN Cloud 자격증명 저장/조회/삭제"""
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get(self, request):
|
|
"""자격증명 조회 (비밀번호 제외)"""
|
|
with tracer.start_as_current_span("NHNCloudCredentialsView GET") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
user = request.user
|
|
logger.debug(f"[NHN CREDENTIALS GET] user={email} | IP={ip} | UA={ua}")
|
|
span.add_event("NHN credentials retrieved", attributes={"email": email})
|
|
|
|
return Response({
|
|
"has_credentials": bool(user.nhn_tenant_id and user.encrypted_nhn_api_password),
|
|
"tenant_id": user.nhn_tenant_id or "",
|
|
"username": user.nhn_username or "",
|
|
"storage_account": user.nhn_storage_account or "",
|
|
})
|
|
|
|
def post(self, request):
|
|
"""자격증명 저장"""
|
|
with tracer.start_as_current_span("NHNCloudCredentialsView POST") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
user = request.user
|
|
|
|
tenant_id = request.data.get("tenant_id")
|
|
username = request.data.get("username")
|
|
password = request.data.get("password")
|
|
storage_account = request.data.get("storage_account", "")
|
|
|
|
if not tenant_id or not username or not password:
|
|
logger.warning(
|
|
f"[NHN CREDENTIALS SAVE] user={email} | status=fail | reason=missing_fields | IP={ip} | UA={ua}"
|
|
)
|
|
return Response(
|
|
{"error": "tenant_id, username, password는 필수입니다."},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
try:
|
|
user.save_nhn_credentials(tenant_id, username, password, storage_account)
|
|
logger.info(
|
|
f"[NHN CREDENTIALS SAVE] user={email} | status=success | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event("NHN credentials saved", attributes={"email": email})
|
|
return Response({"message": "NHN Cloud 자격증명이 저장되었습니다."}, status=201)
|
|
except Exception as e:
|
|
logger.exception(
|
|
f"[NHN CREDENTIALS SAVE] user={email} | status=fail | reason=exception | IP={ip} | UA={ua}"
|
|
)
|
|
return Response({"error": f"저장 실패: {str(e)}"}, status=500)
|
|
|
|
def delete(self, request):
|
|
"""자격증명 삭제"""
|
|
with tracer.start_as_current_span("NHNCloudCredentialsView DELETE") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
user = request.user
|
|
|
|
user.nhn_tenant_id = None
|
|
user.nhn_username = None
|
|
user.encrypted_nhn_api_password = None
|
|
user.nhn_storage_account = None
|
|
user.save(update_fields=[
|
|
'nhn_tenant_id', 'nhn_username', 'encrypted_nhn_api_password', 'nhn_storage_account'
|
|
])
|
|
|
|
logger.info(f"[NHN CREDENTIALS DELETE] user={email} | status=success | IP={ip} | UA={ua}")
|
|
span.add_event("NHN credentials deleted", attributes={"email": email})
|
|
return Response({"message": "NHN Cloud 자격증명이 삭제되었습니다."})
|
|
|
|
|
|
class NHNCloudPasswordView(APIView):
|
|
"""NHN Cloud API 비밀번호 조회 (복호화) - msa-django-nhn에서 사용"""
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get(self, request):
|
|
"""복호화된 비밀번호 조회"""
|
|
with tracer.start_as_current_span("NHNCloudPasswordView GET") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
user = request.user
|
|
|
|
if not user.encrypted_nhn_api_password:
|
|
logger.warning(
|
|
f"[NHN PASSWORD GET] user={email} | status=fail | reason=not_found | IP={ip} | UA={ua}"
|
|
)
|
|
return Response(
|
|
{"error": "NHN Cloud 자격증명이 등록되어 있지 않습니다."},
|
|
status=404
|
|
)
|
|
|
|
try:
|
|
decrypted_password = user.decrypt_nhn_password()
|
|
logger.info(f"[NHN PASSWORD GET] user={email} | status=success | IP={ip} | UA={ua}")
|
|
span.add_event("NHN password retrieved", attributes={"email": email})
|
|
return Response({
|
|
"tenant_id": user.nhn_tenant_id,
|
|
"username": user.nhn_username,
|
|
"password": decrypted_password,
|
|
"storage_account": user.nhn_storage_account or "",
|
|
})
|
|
except Exception as e:
|
|
logger.exception(
|
|
f"[NHN PASSWORD GET] user={email} | status=fail | reason=exception | IP={ip} | UA={ua}"
|
|
)
|
|
return Response({"error": f"복호화 실패: {str(e)}"}, status=500)
|
|
|
|
|
|
# ============================================
|
|
# NHN Cloud 프로젝트 관리 API (멀티 프로젝트 지원)
|
|
# ============================================
|
|
|
|
class NHNCloudProjectListView(APIView):
|
|
"""NHN Cloud 프로젝트 목록 조회 및 추가"""
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get(self, request):
|
|
"""프로젝트 목록 조회"""
|
|
with tracer.start_as_current_span("NHNCloudProjectListView GET") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
projects = NHNCloudProject.objects.filter(user=request.user)
|
|
|
|
logger.debug(f"[NHN PROJECT LIST] user={email} | count={projects.count()} | IP={ip} | UA={ua}")
|
|
span.add_event("NHN projects listed", attributes={"email": email, "count": projects.count()})
|
|
|
|
data = [{
|
|
"id": p.id,
|
|
"name": p.name,
|
|
"tenant_id": p.tenant_id,
|
|
"username": p.username,
|
|
"storage_account": p.storage_account or "",
|
|
"dns_appkey": p.dns_appkey or "",
|
|
"is_active": p.is_active,
|
|
"created_at": p.created_at.isoformat(),
|
|
} for p in projects]
|
|
|
|
return Response(data)
|
|
|
|
def post(self, request):
|
|
"""프로젝트 추가"""
|
|
with tracer.start_as_current_span("NHNCloudProjectListView POST") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
|
|
name = request.data.get("name")
|
|
tenant_id = request.data.get("tenant_id")
|
|
username = request.data.get("username")
|
|
password = request.data.get("password")
|
|
storage_account = request.data.get("storage_account", "")
|
|
dns_appkey = request.data.get("dns_appkey", "")
|
|
|
|
if not name or not tenant_id or not username or not password:
|
|
logger.warning(
|
|
f"[NHN PROJECT CREATE] user={email} | status=fail | reason=missing_fields | IP={ip} | UA={ua}"
|
|
)
|
|
return Response(
|
|
{"error": "name, tenant_id, username, password는 필수입니다."},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
# 중복 체크
|
|
if NHNCloudProject.objects.filter(user=request.user, tenant_id=tenant_id).exists():
|
|
logger.warning(
|
|
f"[NHN PROJECT CREATE] user={email} | status=fail | reason=duplicate | IP={ip} | UA={ua}"
|
|
)
|
|
return Response(
|
|
{"error": "이미 등록된 Tenant ID입니다."},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
try:
|
|
# 첫 프로젝트면 자동 활성화
|
|
is_first = not NHNCloudProject.objects.filter(user=request.user).exists()
|
|
|
|
project = NHNCloudProject(
|
|
user=request.user,
|
|
name=name,
|
|
tenant_id=tenant_id,
|
|
username=username,
|
|
storage_account=storage_account,
|
|
dns_appkey=dns_appkey,
|
|
is_active=is_first,
|
|
)
|
|
# 암호화된 비밀번호 설정 후 저장
|
|
project.encrypted_password = project.encrypt_password(password)
|
|
project.save()
|
|
|
|
logger.info(
|
|
f"[NHN PROJECT CREATE] user={email} | project={name} | is_active={is_first} | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event("NHN project created", attributes={"email": email, "project": name})
|
|
|
|
return Response({
|
|
"id": project.id,
|
|
"name": project.name,
|
|
"tenant_id": project.tenant_id,
|
|
"username": project.username,
|
|
"storage_account": project.storage_account or "",
|
|
"dns_appkey": project.dns_appkey or "",
|
|
"is_active": project.is_active,
|
|
"created_at": project.created_at.isoformat(),
|
|
}, status=status.HTTP_201_CREATED)
|
|
|
|
except Exception as e:
|
|
logger.exception(
|
|
f"[NHN PROJECT CREATE] user={email} | status=fail | reason=exception | IP={ip} | UA={ua}"
|
|
)
|
|
return Response({"error": f"프로젝트 생성 실패: {str(e)}"}, status=500)
|
|
|
|
|
|
class NHNCloudProjectDetailView(APIView):
|
|
"""NHN Cloud 프로젝트 상세 (조회/수정/삭제)"""
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get_project(self, request, project_id):
|
|
"""프로젝트 조회 (본인 것만)"""
|
|
try:
|
|
return NHNCloudProject.objects.get(id=project_id, user=request.user)
|
|
except NHNCloudProject.DoesNotExist:
|
|
return None
|
|
|
|
def get(self, request, project_id):
|
|
"""프로젝트 상세 조회"""
|
|
with tracer.start_as_current_span("NHNCloudProjectDetailView GET") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
|
|
project = self.get_project(request, project_id)
|
|
if not project:
|
|
return Response({"error": "프로젝트를 찾을 수 없습니다."}, status=404)
|
|
|
|
span.add_event("NHN project retrieved", attributes={"email": email, "project": project.name})
|
|
|
|
return Response({
|
|
"id": project.id,
|
|
"name": project.name,
|
|
"tenant_id": project.tenant_id,
|
|
"username": project.username,
|
|
"storage_account": project.storage_account or "",
|
|
"dns_appkey": project.dns_appkey or "",
|
|
"is_active": project.is_active,
|
|
"created_at": project.created_at.isoformat(),
|
|
})
|
|
|
|
def put(self, request, project_id):
|
|
"""프로젝트 수정"""
|
|
with tracer.start_as_current_span("NHNCloudProjectDetailView PUT") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
|
|
project = self.get_project(request, project_id)
|
|
if not project:
|
|
logger.warning(
|
|
f"[NHN PROJECT UPDATE] user={email} | status=fail | reason=not_found | IP={ip} | UA={ua}"
|
|
)
|
|
return Response({"error": "프로젝트를 찾을 수 없습니다."}, status=404)
|
|
|
|
# 수정 가능한 필드
|
|
name = request.data.get("name")
|
|
tenant_id = request.data.get("tenant_id")
|
|
username = request.data.get("username")
|
|
password = request.data.get("password") # 비어있으면 변경 안함
|
|
storage_account = request.data.get("storage_account")
|
|
dns_appkey = request.data.get("dns_appkey")
|
|
|
|
# 필수 필드 검증
|
|
if not name or not tenant_id or not username:
|
|
return Response(
|
|
{"error": "name, tenant_id, username은 필수입니다."},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
# tenant_id 중복 체크 (자기 자신 제외)
|
|
if NHNCloudProject.objects.filter(
|
|
user=request.user, tenant_id=tenant_id
|
|
).exclude(id=project_id).exists():
|
|
return Response(
|
|
{"error": "이미 등록된 Tenant ID입니다."},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
try:
|
|
project.name = name
|
|
project.tenant_id = tenant_id
|
|
project.username = username
|
|
if storage_account is not None:
|
|
project.storage_account = storage_account
|
|
if dns_appkey is not None:
|
|
project.dns_appkey = dns_appkey
|
|
|
|
# 비밀번호가 제공된 경우에만 변경
|
|
if password:
|
|
project.encrypted_password = project.encrypt_password(password)
|
|
|
|
project.save()
|
|
|
|
logger.info(
|
|
f"[NHN PROJECT UPDATE] user={email} | project={name} | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event("NHN project updated", attributes={"email": email, "project": name})
|
|
|
|
return Response({
|
|
"id": project.id,
|
|
"name": project.name,
|
|
"tenant_id": project.tenant_id,
|
|
"username": project.username,
|
|
"storage_account": project.storage_account or "",
|
|
"dns_appkey": project.dns_appkey or "",
|
|
"is_active": project.is_active,
|
|
"created_at": project.created_at.isoformat(),
|
|
})
|
|
|
|
except Exception as e:
|
|
logger.exception(
|
|
f"[NHN PROJECT UPDATE] user={email} | status=fail | reason=exception | IP={ip} | UA={ua}"
|
|
)
|
|
return Response({"error": f"프로젝트 수정 실패: {str(e)}"}, status=500)
|
|
|
|
def delete(self, request, project_id):
|
|
"""프로젝트 삭제"""
|
|
with tracer.start_as_current_span("NHNCloudProjectDetailView DELETE") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
|
|
project = self.get_project(request, project_id)
|
|
if not project:
|
|
logger.warning(
|
|
f"[NHN PROJECT DELETE] user={email} | status=fail | reason=not_found | IP={ip} | UA={ua}"
|
|
)
|
|
return Response({"error": "프로젝트를 찾을 수 없습니다."}, status=404)
|
|
|
|
project_name = project.name
|
|
was_active = project.is_active
|
|
project.delete()
|
|
|
|
# 삭제된 프로젝트가 활성이었으면 다른 프로젝트 활성화
|
|
if was_active:
|
|
other_project = NHNCloudProject.objects.filter(user=request.user).first()
|
|
if other_project:
|
|
other_project.is_active = True
|
|
other_project.save(update_fields=['is_active'])
|
|
|
|
logger.info(
|
|
f"[NHN PROJECT DELETE] user={email} | project={project_name} | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event("NHN project deleted", attributes={"email": email, "project": project_name})
|
|
|
|
return Response(status=status.HTTP_204_NO_CONTENT)
|
|
|
|
|
|
class NHNCloudProjectActivateView(APIView):
|
|
"""NHN Cloud 프로젝트 활성화"""
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def patch(self, request, project_id):
|
|
"""프로젝트 활성화 (기존 활성 해제)"""
|
|
with tracer.start_as_current_span("NHNCloudProjectActivateView PATCH") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
|
|
try:
|
|
project = NHNCloudProject.objects.get(id=project_id, user=request.user)
|
|
except NHNCloudProject.DoesNotExist:
|
|
logger.warning(
|
|
f"[NHN PROJECT ACTIVATE] user={email} | status=fail | reason=not_found | IP={ip} | UA={ua}"
|
|
)
|
|
return Response({"error": "프로젝트를 찾을 수 없습니다."}, status=404)
|
|
|
|
# 기존 활성 프로젝트 비활성화
|
|
NHNCloudProject.objects.filter(user=request.user, is_active=True).update(is_active=False)
|
|
|
|
# 새 프로젝트 활성화
|
|
project.is_active = True
|
|
project.save(update_fields=['is_active'])
|
|
|
|
logger.info(
|
|
f"[NHN PROJECT ACTIVATE] user={email} | project={project.name} | IP={ip} | UA={ua}"
|
|
)
|
|
span.add_event("NHN project activated", attributes={"email": email, "project": project.name})
|
|
|
|
return Response({
|
|
"message": "프로젝트가 활성화되었습니다.",
|
|
"id": project.id,
|
|
"name": project.name,
|
|
})
|
|
|
|
|
|
class NHNCloudProjectPasswordView(APIView):
|
|
"""NHN Cloud 프로젝트 비밀번호 조회 (복호화)"""
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get(self, request, project_id):
|
|
"""복호화된 비밀번호 조회"""
|
|
with tracer.start_as_current_span("NHNCloudProjectPasswordView GET") as span:
|
|
email, ip, ua = get_request_info(request)
|
|
|
|
try:
|
|
project = NHNCloudProject.objects.get(id=project_id, user=request.user)
|
|
except NHNCloudProject.DoesNotExist:
|
|
logger.warning(
|
|
f"[NHN PROJECT PASSWORD] user={email} | status=fail | reason=not_found | IP={ip} | UA={ua}"
|
|
)
|
|
return Response({"error": "프로젝트를 찾을 수 없습니다."}, status=404)
|
|
|
|
try:
|
|
decrypted_password = project.decrypt_password()
|
|
logger.info(f"[NHN PROJECT PASSWORD] user={email} | project={project.name} | IP={ip} | UA={ua}")
|
|
span.add_event("NHN project password retrieved", attributes={"email": email, "project": project.name})
|
|
|
|
return Response({
|
|
"tenant_id": project.tenant_id,
|
|
"username": project.username,
|
|
"password": decrypted_password,
|
|
"storage_account": project.storage_account or "",
|
|
"dns_appkey": project.dns_appkey or "",
|
|
})
|
|
except Exception as e:
|
|
logger.exception(
|
|
f"[NHN PROJECT PASSWORD] user={email} | status=fail | reason=exception | IP={ip} | UA={ua}"
|
|
)
|
|
return Response({"error": f"복호화 실패: {str(e)}"}, status=500)
|