Commit Graph

6 Commits

Author SHA1 Message Date
kjh2064 2bde490e9e feat: integrate Serilog and Telegram notifications
TaxBaik CI/CD / build-and-deploy (push) Successful in 51s
- Add Serilog for structured logging (Console + File)
- Implement TelegramNotificationService for admin alerts
- Log successful/failed login attempts with Telegram notifications
- Add application startup/shutdown logging
- Log important events to Telegram Chat ID: -5585148480
- Configuration: Telegram:BotToken and Telegram:ChatId in appsettings

Features:
- Automatic daily log rotation
- Structured logging with timestamps
- Environment-aware alerts
- Error and info level Telegram messages

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-06-28 16:19:38 +09:00
kjh2064 804725a785 fix: prevent admin authentication timeout during session
TaxBaik CI/CD / build-and-deploy (push) Successful in 48s
**Issues Resolved:**
1. Access Token lifetime extended 15m → 1h (better UX)
   - Users can browse admin pages for 1 hour without re-login
   - Reasonable balance between security and usability

2. Automatic pre-expiry token refresh
   - GetAuthenticationStateAsync() now checks if token expires in <5min
   - Automatically refreshes before expiry when user is still active
   - Prevents sudden logout during admin work

**Implementation:**
- Added ShouldRefreshToken() to detect imminent expiry (300s window)
- On auth state check, if token expiring soon: trigger refresh via AuthService
- Refresh happens transparently, no user interaction needed
- Maintains 7-day Refresh Token TTL for security

**Behavior:**
- User logs in with 1-hour session
- Every page load/navigation checks token status
- If <5min remaining: auto-refresh (user doesn't notice)
- If refresh fails: graceful logout with warning
- Refresh Token (7 days) allows re-login without password

This provides better UX while maintaining security through
shorter-lived access tokens and automatic renewal.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-28 12:56:44 +09:00
kjh2064 58edbd9c8f refactor: Phase 5 - JWT token lifecycle (Access + Refresh + Auto-refresh)
TaxBaik CI/CD / build-and-deploy (push) Successful in 48s
**Implementation:**
- AuthService: Split token generation
  * AccessToken: 15 minutes
  * RefreshToken: 7 days (10080 minutes)
  * New: GenerateTokenPair() method
  * New: RefreshAccessTokenAsync() method

- AuthTokenPair: New record (accessToken, refreshToken, expiresIn)

- AuthController: New /api/auth/refresh endpoint
  * POST /api/auth/refresh?refreshToken=...
  * Response: { accessToken, refreshToken, expiresIn }
  * RefreshTokenRequest DTO

- TokenRefreshHandler: New DelegatingHandler
  * Automatic Bearer token injection
  * 401 response handling
  * Auto-refresh with retry
  * localStorage sync (accessToken, refreshToken, tokenExpiry)

- CustomAuthenticationStateProvider: Token storage split
  * Before: auth_token (single)
  * After: accessToken, refreshToken, tokenExpiry
  * LoginAsync signature updated

- Login.razor: Handle token pair
  * LoginResponse: { accessToken, refreshToken, expiresIn }
  * Call new LoginAsync(accessToken, refreshToken, expiresIn)

- Program.cs: TokenRefreshHandler registration
  * AddScoped<TokenRefreshHandler>()
  * AdminDashboardClient pipeline: .AddHttpMessageHandler<TokenRefreshHandler>()

**SOLID Principles:**
✓ S (Single Responsibility): TokenRefreshHandler handles only token refresh
✓ D (Dependency Inversion): DelegatingHandler abstracts HTTP concerns
✓ O (Open/Closed): Token lifetime extension without code changes

**Security Pattern:**
- Short-lived access tokens (15min) reduce theft window
- Refresh tokens (7d) enable persistence without storing secrets
- Automatic refresh is transparent to components

**Flow:**
Blazor → AdminDashboardClient → TokenRefreshHandler (auto-add Bearer)
  → 401 → RefreshTokenAsync() → POST /api/auth/refresh
  → Store new pair → Retry original request

Status: Token lifecycle complete, ready for SignalR integration (Phase 6)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-28 10:51:24 +09:00
kjh2064 28060b71be feat: harden auth ops and deployment baseline 2026-06-27 10:53:53 +09:00
kjh2064 1d7dd71011 fix: unify TaxBaik deployment around CI
TaxBaik CI/CD / build-and-deploy (push) Successful in 41s
2026-06-27 01:34:17 +09:00
kjh2064 57269e281d refactor: Web과 Admin 통합 - 단일 포트 5001로 운영
TaxBaik CI/CD / build-and-deploy (push) Failing after 36s
분리의 단점을 제거하고 단일 앱으로 통합:

구조 변경:
- TaxBaik.Admin → TaxBaik.Web/Components/Admin/
- Admin Services → TaxBaik.Web/Services/
- 포트: 5001 (기존 5002 제거)

경로:
- 홈페이지: http://localhost:5001/taxbaik
- 관리자: http://localhost:5001/taxbaik/admin

기술:
- Razor Pages (Web) + Blazor Server (Admin) 통합
- 단일 Program.cs로 양쪽 모두 지원
- JWT 인증 유지
- MudBlazor UI 유지

장점:
- 개발 복잡도 감소 (터미널 1개)
- 배포 단순화 (앱 1개)
- DB 마이그레이션 1회 실행

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-06-26 22:35:21 +09:00