msa-django-auth/users/models.py

from django.db import models
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin, BaseUserManager
from django.utils import timezone
from django.conf import settings  # ✅ 추가
from cryptography.fernet import Fernet
import base64, hashlib  # ✅ SECRET_KEY 암호화 키 생성용

class CustomUserManager(BaseUserManager):
    def create_user(self, email, password=None, **extra_fields):
        if not email:
            raise ValueError("The Email must be set")
        email = self.normalize_email(email)
        user = self.model(email=email, **extra_fields)
        user.set_password(password)
        user.save(using=self._db)
        return user

    def create_superuser(self, email, password=None, **extra_fields):
        extra_fields.setdefault("is_staff", True)
        extra_fields.setdefault("is_superuser", True)
        extra_fields.setdefault("grade", "admin")

        if extra_fields.get("is_staff") is not True:
            raise ValueError("Superuser must have is_staff=True.")
        if extra_fields.get("is_superuser") is not True:
            raise ValueError("Superuser must have is_superuser=True.")

        return self.create_user(email, password, **extra_fields)


class CustomUser(AbstractBaseUser, PermissionsMixin):
    GRADE_CHOICES = (
        ('admin', '관리자'),
        ('manager', '매니저'),
        ('user', '일반 사용자'),
    )

    GENDER_CHOICES = (
        ('M', '남성'),
        ('F', '여성'),
        ('O', '기타'),
    )

    EDUCATION_CHOICES = (
        ('high_school', '고등학교 졸업'),
        ('associate', '전문학사'),
        ('bachelor', '학사'),
        ('master', '석사'),
        ('doctor', '박사'),
        ('other', '기타'),
    )

    email = models.EmailField(unique=True)
    name = models.CharField(max_length=255, unique=True)
    grade = models.CharField(max_length=20, choices=GRADE_CHOICES, default='user')
    desc = models.TextField(blank=True, null=True, verbose_name="설명")

    # 추가 회원 정보 (선택)
    phone = models.CharField(max_length=20, blank=True, null=True, verbose_name="전화번호")
    address = models.CharField(max_length=500, blank=True, null=True, verbose_name="주소")
    gender = models.CharField(max_length=1, choices=GENDER_CHOICES, blank=True, null=True, verbose_name="성별")
    birth_date = models.DateField(blank=True, null=True, verbose_name="생년월일")
    education = models.CharField(max_length=20, choices=EDUCATION_CHOICES, blank=True, null=True, verbose_name="학력")

    is_active = models.BooleanField(default=False)
    is_staff = models.BooleanField(default=False)
    created_at = models.DateTimeField(auto_now_add=True)

    # 🔐 SSH 키 관련 필드
    encrypted_private_key_name = models.CharField(max_length=100, blank=True, null=True, verbose_name="SSH 키 이름")
    encrypted_private_key = models.BinaryField(blank=True, null=True)
    last_used_at = models.DateTimeField(blank=True, null=True, verbose_name="SSH 키 마지막 사용 시각")

    # ☁️ NHN Cloud 자격증명 필드
    nhn_tenant_id = models.CharField(max_length=64, blank=True, null=True, verbose_name="NHN Cloud Tenant ID")
    nhn_username = models.EmailField(blank=True, null=True, verbose_name="NHN Cloud Username")
    encrypted_nhn_api_password = models.BinaryField(blank=True, null=True, verbose_name="NHN Cloud API Password (암호화)")
    nhn_storage_account = models.CharField(max_length=128, blank=True, null=True, verbose_name="NHN Cloud Storage Account")

    objects = CustomUserManager()

    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = ['name']

    def __str__(self):
        return self.email

    # ✅ 2025-05-20 SECRET_KEY 기반 암복호화 메서드들
    def get_encryption_key(self) -> bytes:
        """
        SECRET_KEY 기반으로 Fernet 키 생성 (SHA-256 -> base64)
        """
        hashed = hashlib.sha256(settings.SECRET_KEY.encode()).digest()
        return base64.urlsafe_b64encode(hashed[:32])

    def encrypt_private_key(self, private_key: str) -> bytes:
        """
        개인 키를 암호화하여 바이트 문자열로 반환
        """
        cipher = Fernet(self.get_encryption_key())
        return cipher.encrypt(private_key.encode())

    def decrypt_private_key(self) -> str:
        """
        암호화된 SSH 키를 복호화하여 문자열로 반환
        """
        if self.encrypted_private_key:
            cipher = Fernet(self.get_encryption_key())
            decrypted = cipher.decrypt(self.encrypted_private_key).decode()
            self.last_used_at = timezone.now()
            self.save(update_fields=['last_used_at'])  # 📌 사용 시각 업데이트
            return decrypted
        return ""

    def save_private_key(self, private_key: str):
        """
        암호화된 SSH 키를 저장
        """
        self.encrypted_private_key = self.encrypt_private_key(private_key)
        self.save()

    # ☁️ NHN Cloud API Password 암복호화
    def encrypt_nhn_password(self, password: str) -> bytes:
        """NHN Cloud API 비밀번호 암호화"""
        cipher = Fernet(self.get_encryption_key())
        return cipher.encrypt(password.encode())

    def decrypt_nhn_password(self) -> str:
        """NHN Cloud API 비밀번호 복호화"""
        if self.encrypted_nhn_api_password:
            cipher = Fernet(self.get_encryption_key())
            return cipher.decrypt(self.encrypted_nhn_api_password).decode()
        return ""

    def save_nhn_credentials(self, tenant_id: str, username: str, password: str, storage_account: str = None):
        """NHN Cloud 자격증명 저장"""
        self.nhn_tenant_id = tenant_id
        self.nhn_username = username
        self.encrypted_nhn_api_password = self.encrypt_nhn_password(password)
        if storage_account:
            self.nhn_storage_account = storage_account
        self.save(update_fields=[
            'nhn_tenant_id', 'nhn_username', 'encrypted_nhn_api_password', 'nhn_storage_account'
        ])