폼 전송 TDD추가 및 암호화 적용 중
CI / test (push) Failing after 4m41s
CI / pr_and_merge (push) Has been skipped

This commit is contained in:
2025-12-02 11:02:15 +09:00
parent d0766fca45
commit 3e223a45d4
40 changed files with 1290 additions and 31 deletions
+1
View File
@@ -43,6 +43,7 @@ export async function POST(request: Request) {
secure: true,
sameSite: "lax",
path: "/",
maxAge: 7 * 24 * 60 * 60,
});
return res;
+1
View File
@@ -58,6 +58,7 @@ export async function POST(request: Request) {
secure: true,
sameSite: "lax",
path: "/",
maxAge: 7 * 24 * 60 * 60,
});
return res;
+8
View File
@@ -365,11 +365,19 @@ export const buildStaticHtml = (blocks: Block[], projectConfig?: ProjectConfig):
const configJson = JSON.stringify(props ?? {});
const escapedConfig = escapeAttr(configJson);
const projectSlugRaw = (projectConfig?.slug ?? "").trim();
const projectSlugValue = projectSlugRaw !== "" ? projectSlugRaw : "";
const parts: string[] = [];
parts.push(
`<form id="${escapeAttr(formId)}" class="pb-form-controller"${methodAttr}${actionAttr}>`,
);
parts.push(`<input type="hidden" name="__config" value="${escapedConfig}" />`);
if (projectSlugValue) {
parts.push(
`<input type="hidden" name="__projectSlug" value="${escapeAttr(projectSlugValue)}" />`,
);
}
parts.push("</form>");
return parts.join("");
}
+148 -6
View File
@@ -1,15 +1,158 @@
import { NextResponse } from "next/server";
import type { FormBlockProps } from "@/features/editor/state/editorStore";
import { PrismaClient } from "@prisma/client";
import type { FormBlockProps, FormFieldConfig } from "@/features/editor/state/editorStore";
import { encryptJson } from "@/features/auth/authCrypto";
const prisma = new PrismaClient() as any;
function buildSensitiveFieldNameSet(config: FormBlockProps | null): Set<string> {
const result = new Set<string>();
const fields: FormFieldConfig[] = Array.isArray(config?.fields) ? (config!.fields as FormFieldConfig[]) : [];
for (const field of fields) {
const name = (field.name ?? "").toLowerCase();
const label = (field.label ?? "").toLowerCase();
if (!name) continue;
const isEmail =
field.type === "email" ||
name.includes("email") ||
label.includes("email") ||
label.includes("이메일");
if (isEmail) {
result.add(field.name);
continue;
}
const isPhone =
name.includes("phone") ||
name.includes("tel") ||
name.includes("mobile") ||
label.includes("전화") ||
label.includes("연락처") ||
label.includes("휴대폰");
if (isPhone) {
result.add(field.name);
continue;
}
const isBirth =
name.includes("birth") ||
name.includes("birthday") ||
name.includes("dob") ||
label.includes("생년월일") ||
label.includes("생일");
if (isBirth) {
result.add(field.name);
continue;
}
}
return result;
}
async function persistFormSubmission(formData: FormData, config: FormBlockProps | null) {
const projectSlugRaw = formData.get("__projectSlug");
let projectSlug: string | null = null;
if (typeof projectSlugRaw === "string" && projectSlugRaw.trim() !== "") {
projectSlug = projectSlugRaw.trim();
} else if (config?.extraParams && typeof config.extraParams.projectSlug === "string") {
const v = config.extraParams.projectSlug.trim();
if (v !== "") {
projectSlug = v;
}
}
const sensitiveNames = buildSensitiveFieldNameSet(config);
formData.forEach((_, key) => {
if (key === "__config" || key === "__projectSlug") {
return;
}
const lower = key.toLowerCase();
const isEmailField =
lower.includes("email") ||
lower.includes("e-mail") ||
lower.includes("이메일");
const isPhoneField =
lower.includes("phone") ||
lower.includes("tel") ||
lower.includes("mobile") ||
lower.includes("전화") ||
lower.includes("연락처") ||
lower.includes("휴대폰");
const isBirthField =
lower.includes("birth") ||
lower.includes("birthday") ||
lower.includes("birthdate") ||
lower.includes("dob") ||
lower.includes("생년월일") ||
lower.includes("생일");
if (isEmailField || isPhoneField || isBirthField) {
sensitiveNames.add(key);
}
});
const payloadJson: Record<string, string> = {};
const sensitivePayload: Record<string, string> = {};
formData.forEach((value, key) => {
if (key === "__config" || key === "__projectSlug") {
return;
}
const strValue = String(value);
if (sensitiveNames.has(key)) {
sensitivePayload[key] = strValue;
} else {
payloadJson[key] = strValue;
}
});
let sensitiveEnc: string | null = null;
if (Object.keys(sensitivePayload).length > 0) {
sensitiveEnc = await encryptJson(sensitivePayload);
}
let projectId: string | null = null;
let userId: string | null = null;
if (projectSlug) {
const project = await prisma.project.findUnique({ where: { slug: projectSlug } });
if (project) {
projectId = project.id;
userId = project.userId ?? null;
}
}
await prisma.formSubmission.create({
data: {
projectSlug: projectSlug ?? "",
projectId,
userId,
payloadJson,
sensitiveEnc,
metaJson: null,
},
});
}
export async function POST(req: Request) {
const formData = await req.formData();
// 기본 필드(name/email/message)는 그대로 읽어둔다.
const name = formData.get("name");
const email = formData.get("email");
const message = formData.get("message");
// 에디터에서 넘겨준 폼 설정(JSON) 읽기
const rawConfig = formData.get("__config");
let config: FormBlockProps | null = null;
if (typeof rawConfig === "string") {
@@ -24,18 +167,17 @@ export async function POST(req: Request) {
const successMessage = config?.successMessage;
const errorMessage = config?.errorMessage;
// 1) internal: 우리 서버에서 직접 처리하는 기본 모드
if (submitTarget === "internal") {
// TODO: 이곳에서 DB 저장이나 이메일 전송 등 실제 처리를 수행한다.
await persistFormSubmission(formData, config);
console.log("[forms/submit][internal]", { name, email, message });
return NextResponse.json({ ok: true, message: successMessage });
}
if (submitTarget === "both") {
await persistFormSubmission(formData, config);
console.log("[forms/submit][internal]", { name, email, message });
}
// 2) webhook: destinationUrl 로 서버에서 POST (Google Sheets 등 포함)
if (submitTarget === "webhook" || submitTarget === "both") {
const destinationUrl = config?.destinationUrl;
if (!destinationUrl) {
@@ -0,0 +1,92 @@
import { NextResponse } from "next/server";
import { PrismaClient } from "@prisma/client";
import { verifyAccessToken, decryptJson } from "@/features/auth/authCrypto";
const prisma = new PrismaClient();
interface AuthUser {
id: string;
email: string;
tokenVersion: number;
}
function extractTokenFromCookieHeader(cookieHeader: string | null): string | null {
if (!cookieHeader) return null;
const parts = cookieHeader.split(";");
for (const part of parts) {
const trimmed = part.trim();
if (trimmed.startsWith("pb_access=")) {
const value = trimmed.substring("pb_access=".length);
return decodeURIComponent(value);
}
}
return null;
}
async function getAuthUserFromRequest(request: Request): Promise<AuthUser | null> {
const cookieHeader = request.headers.get("cookie");
const token = extractTokenFromCookieHeader(cookieHeader);
if (!token) return null;
const payload = await verifyAccessToken(token);
if (!payload) return null;
return {
id: payload.sub,
email: payload.email,
tokenVersion: payload.tokenVersion,
};
}
export async function GET(
request: Request,
context: { params: { slug: string } | Promise<{ slug: string }> },
) {
const authUser = await getAuthUserFromRequest(request);
if (!authUser) {
return NextResponse.json({ message: "폼 제출 내역을 조회하려면 로그인이 필요합니다." }, { status: 401 });
}
const { slug } = await context.params;
const project = await prisma.project.findUnique({
where: { slug },
});
if (!project || (project.userId && project.userId !== authUser.id)) {
return NextResponse.json({ message: "프로젝트를 찾을 수 없습니다." }, { status: 404 });
}
const submissions = await prisma.formSubmission.findMany({
where: { projectId: project.id },
orderBy: { createdAt: "desc" },
take: 100,
});
const items = await Promise.all(
submissions.map(async (s: any) => {
const basePayload = (s.payloadJson ?? {}) as Record<string, unknown>;
let sensitive: Record<string, unknown> = {};
if (s.sensitiveEnc) {
try {
sensitive = (await decryptJson<Record<string, unknown>>(s.sensitiveEnc)) ?? {};
} catch {
sensitive = {};
}
}
const payload = { ...basePayload, ...sensitive };
return {
id: s.id,
createdAt: s.createdAt,
projectSlug: s.projectSlug,
payload,
};
}),
);
return NextResponse.json(items, { status: 200 });
}