폼 전송 TDD추가 및 암호화 적용 중
This commit is contained in:
@@ -43,6 +43,7 @@ export async function POST(request: Request) {
|
||||
secure: true,
|
||||
sameSite: "lax",
|
||||
path: "/",
|
||||
maxAge: 7 * 24 * 60 * 60,
|
||||
});
|
||||
|
||||
return res;
|
||||
|
||||
@@ -58,6 +58,7 @@ export async function POST(request: Request) {
|
||||
secure: true,
|
||||
sameSite: "lax",
|
||||
path: "/",
|
||||
maxAge: 7 * 24 * 60 * 60,
|
||||
});
|
||||
|
||||
return res;
|
||||
|
||||
@@ -365,11 +365,19 @@ export const buildStaticHtml = (blocks: Block[], projectConfig?: ProjectConfig):
|
||||
const configJson = JSON.stringify(props ?? {});
|
||||
const escapedConfig = escapeAttr(configJson);
|
||||
|
||||
const projectSlugRaw = (projectConfig?.slug ?? "").trim();
|
||||
const projectSlugValue = projectSlugRaw !== "" ? projectSlugRaw : "";
|
||||
|
||||
const parts: string[] = [];
|
||||
parts.push(
|
||||
`<form id="${escapeAttr(formId)}" class="pb-form-controller"${methodAttr}${actionAttr}>`,
|
||||
);
|
||||
parts.push(`<input type="hidden" name="__config" value="${escapedConfig}" />`);
|
||||
if (projectSlugValue) {
|
||||
parts.push(
|
||||
`<input type="hidden" name="__projectSlug" value="${escapeAttr(projectSlugValue)}" />`,
|
||||
);
|
||||
}
|
||||
parts.push("</form>");
|
||||
return parts.join("");
|
||||
}
|
||||
|
||||
@@ -1,15 +1,158 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import type { FormBlockProps } from "@/features/editor/state/editorStore";
|
||||
import { PrismaClient } from "@prisma/client";
|
||||
import type { FormBlockProps, FormFieldConfig } from "@/features/editor/state/editorStore";
|
||||
import { encryptJson } from "@/features/auth/authCrypto";
|
||||
|
||||
const prisma = new PrismaClient() as any;
|
||||
|
||||
function buildSensitiveFieldNameSet(config: FormBlockProps | null): Set<string> {
|
||||
const result = new Set<string>();
|
||||
const fields: FormFieldConfig[] = Array.isArray(config?.fields) ? (config!.fields as FormFieldConfig[]) : [];
|
||||
|
||||
for (const field of fields) {
|
||||
const name = (field.name ?? "").toLowerCase();
|
||||
const label = (field.label ?? "").toLowerCase();
|
||||
if (!name) continue;
|
||||
|
||||
const isEmail =
|
||||
field.type === "email" ||
|
||||
name.includes("email") ||
|
||||
label.includes("email") ||
|
||||
label.includes("이메일");
|
||||
|
||||
if (isEmail) {
|
||||
result.add(field.name);
|
||||
continue;
|
||||
}
|
||||
|
||||
const isPhone =
|
||||
name.includes("phone") ||
|
||||
name.includes("tel") ||
|
||||
name.includes("mobile") ||
|
||||
label.includes("전화") ||
|
||||
label.includes("연락처") ||
|
||||
label.includes("휴대폰");
|
||||
|
||||
if (isPhone) {
|
||||
result.add(field.name);
|
||||
continue;
|
||||
}
|
||||
|
||||
const isBirth =
|
||||
name.includes("birth") ||
|
||||
name.includes("birthday") ||
|
||||
name.includes("dob") ||
|
||||
label.includes("생년월일") ||
|
||||
label.includes("생일");
|
||||
|
||||
if (isBirth) {
|
||||
result.add(field.name);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
async function persistFormSubmission(formData: FormData, config: FormBlockProps | null) {
|
||||
const projectSlugRaw = formData.get("__projectSlug");
|
||||
let projectSlug: string | null = null;
|
||||
|
||||
if (typeof projectSlugRaw === "string" && projectSlugRaw.trim() !== "") {
|
||||
projectSlug = projectSlugRaw.trim();
|
||||
} else if (config?.extraParams && typeof config.extraParams.projectSlug === "string") {
|
||||
const v = config.extraParams.projectSlug.trim();
|
||||
if (v !== "") {
|
||||
projectSlug = v;
|
||||
}
|
||||
}
|
||||
|
||||
const sensitiveNames = buildSensitiveFieldNameSet(config);
|
||||
|
||||
formData.forEach((_, key) => {
|
||||
if (key === "__config" || key === "__projectSlug") {
|
||||
return;
|
||||
}
|
||||
|
||||
const lower = key.toLowerCase();
|
||||
|
||||
const isEmailField =
|
||||
lower.includes("email") ||
|
||||
lower.includes("e-mail") ||
|
||||
lower.includes("이메일");
|
||||
|
||||
const isPhoneField =
|
||||
lower.includes("phone") ||
|
||||
lower.includes("tel") ||
|
||||
lower.includes("mobile") ||
|
||||
lower.includes("전화") ||
|
||||
lower.includes("연락처") ||
|
||||
lower.includes("휴대폰");
|
||||
|
||||
const isBirthField =
|
||||
lower.includes("birth") ||
|
||||
lower.includes("birthday") ||
|
||||
lower.includes("birthdate") ||
|
||||
lower.includes("dob") ||
|
||||
lower.includes("생년월일") ||
|
||||
lower.includes("생일");
|
||||
|
||||
if (isEmailField || isPhoneField || isBirthField) {
|
||||
sensitiveNames.add(key);
|
||||
}
|
||||
});
|
||||
const payloadJson: Record<string, string> = {};
|
||||
const sensitivePayload: Record<string, string> = {};
|
||||
|
||||
formData.forEach((value, key) => {
|
||||
if (key === "__config" || key === "__projectSlug") {
|
||||
return;
|
||||
}
|
||||
|
||||
const strValue = String(value);
|
||||
|
||||
if (sensitiveNames.has(key)) {
|
||||
sensitivePayload[key] = strValue;
|
||||
} else {
|
||||
payloadJson[key] = strValue;
|
||||
}
|
||||
});
|
||||
|
||||
let sensitiveEnc: string | null = null;
|
||||
if (Object.keys(sensitivePayload).length > 0) {
|
||||
sensitiveEnc = await encryptJson(sensitivePayload);
|
||||
}
|
||||
|
||||
let projectId: string | null = null;
|
||||
let userId: string | null = null;
|
||||
|
||||
if (projectSlug) {
|
||||
const project = await prisma.project.findUnique({ where: { slug: projectSlug } });
|
||||
if (project) {
|
||||
projectId = project.id;
|
||||
userId = project.userId ?? null;
|
||||
}
|
||||
}
|
||||
|
||||
await prisma.formSubmission.create({
|
||||
data: {
|
||||
projectSlug: projectSlug ?? "",
|
||||
projectId,
|
||||
userId,
|
||||
payloadJson,
|
||||
sensitiveEnc,
|
||||
metaJson: null,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
export async function POST(req: Request) {
|
||||
const formData = await req.formData();
|
||||
|
||||
// 기본 필드(name/email/message)는 그대로 읽어둔다.
|
||||
const name = formData.get("name");
|
||||
const email = formData.get("email");
|
||||
const message = formData.get("message");
|
||||
|
||||
// 에디터에서 넘겨준 폼 설정(JSON) 읽기
|
||||
const rawConfig = formData.get("__config");
|
||||
let config: FormBlockProps | null = null;
|
||||
if (typeof rawConfig === "string") {
|
||||
@@ -24,18 +167,17 @@ export async function POST(req: Request) {
|
||||
const successMessage = config?.successMessage;
|
||||
const errorMessage = config?.errorMessage;
|
||||
|
||||
// 1) internal: 우리 서버에서 직접 처리하는 기본 모드
|
||||
if (submitTarget === "internal") {
|
||||
// TODO: 이곳에서 DB 저장이나 이메일 전송 등 실제 처리를 수행한다.
|
||||
await persistFormSubmission(formData, config);
|
||||
console.log("[forms/submit][internal]", { name, email, message });
|
||||
return NextResponse.json({ ok: true, message: successMessage });
|
||||
}
|
||||
|
||||
if (submitTarget === "both") {
|
||||
await persistFormSubmission(formData, config);
|
||||
console.log("[forms/submit][internal]", { name, email, message });
|
||||
}
|
||||
|
||||
// 2) webhook: destinationUrl 로 서버에서 POST (Google Sheets 등 포함)
|
||||
if (submitTarget === "webhook" || submitTarget === "both") {
|
||||
const destinationUrl = config?.destinationUrl;
|
||||
if (!destinationUrl) {
|
||||
|
||||
@@ -0,0 +1,92 @@
|
||||
import { NextResponse } from "next/server";
|
||||
import { PrismaClient } from "@prisma/client";
|
||||
import { verifyAccessToken, decryptJson } from "@/features/auth/authCrypto";
|
||||
|
||||
const prisma = new PrismaClient();
|
||||
|
||||
interface AuthUser {
|
||||
id: string;
|
||||
email: string;
|
||||
tokenVersion: number;
|
||||
}
|
||||
|
||||
function extractTokenFromCookieHeader(cookieHeader: string | null): string | null {
|
||||
if (!cookieHeader) return null;
|
||||
|
||||
const parts = cookieHeader.split(";");
|
||||
for (const part of parts) {
|
||||
const trimmed = part.trim();
|
||||
if (trimmed.startsWith("pb_access=")) {
|
||||
const value = trimmed.substring("pb_access=".length);
|
||||
return decodeURIComponent(value);
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
async function getAuthUserFromRequest(request: Request): Promise<AuthUser | null> {
|
||||
const cookieHeader = request.headers.get("cookie");
|
||||
const token = extractTokenFromCookieHeader(cookieHeader);
|
||||
if (!token) return null;
|
||||
|
||||
const payload = await verifyAccessToken(token);
|
||||
if (!payload) return null;
|
||||
|
||||
return {
|
||||
id: payload.sub,
|
||||
email: payload.email,
|
||||
tokenVersion: payload.tokenVersion,
|
||||
};
|
||||
}
|
||||
|
||||
export async function GET(
|
||||
request: Request,
|
||||
context: { params: { slug: string } | Promise<{ slug: string }> },
|
||||
) {
|
||||
const authUser = await getAuthUserFromRequest(request);
|
||||
if (!authUser) {
|
||||
return NextResponse.json({ message: "폼 제출 내역을 조회하려면 로그인이 필요합니다." }, { status: 401 });
|
||||
}
|
||||
|
||||
const { slug } = await context.params;
|
||||
|
||||
const project = await prisma.project.findUnique({
|
||||
where: { slug },
|
||||
});
|
||||
|
||||
if (!project || (project.userId && project.userId !== authUser.id)) {
|
||||
return NextResponse.json({ message: "프로젝트를 찾을 수 없습니다." }, { status: 404 });
|
||||
}
|
||||
|
||||
const submissions = await prisma.formSubmission.findMany({
|
||||
where: { projectId: project.id },
|
||||
orderBy: { createdAt: "desc" },
|
||||
take: 100,
|
||||
});
|
||||
|
||||
const items = await Promise.all(
|
||||
submissions.map(async (s: any) => {
|
||||
const basePayload = (s.payloadJson ?? {}) as Record<string, unknown>;
|
||||
let sensitive: Record<string, unknown> = {};
|
||||
|
||||
if (s.sensitiveEnc) {
|
||||
try {
|
||||
sensitive = (await decryptJson<Record<string, unknown>>(s.sensitiveEnc)) ?? {};
|
||||
} catch {
|
||||
sensitive = {};
|
||||
}
|
||||
}
|
||||
|
||||
const payload = { ...basePayload, ...sensitive };
|
||||
|
||||
return {
|
||||
id: s.id,
|
||||
createdAt: s.createdAt,
|
||||
projectSlug: s.projectSlug,
|
||||
payload,
|
||||
};
|
||||
}),
|
||||
);
|
||||
|
||||
return NextResponse.json(items, { status: 200 });
|
||||
}
|
||||
Reference in New Issue
Block a user