(#25) 경로 변수 및 요청 파라미터 유효성 검사

alexization · web-flow · commit 72369be8caa8 · 2026-02-01T17:19:55.000+09:00
* feat: 입력 검증 추가 - 경로 변수 및 요청 파라미터 유효성 검사

- UserController: username 경로 변수에 GitHub 사용자명 패턴 검증 추가
- RankingController: page 파라미터에 최소값 검증 추가
- GlobalExceptionHandler: ConstraintViolationException 처리 추가

* refactor: GitHub username 연속 하이픈 금지
diff --git a/src/main/java/com/gitranker/api/domain/ranking/RankingController.java b/src/main/java/com/gitranker/api/domain/ranking/RankingController.java
@@ -3,12 +3,15 @@
 import com.gitranker.api.domain.ranking.dto.RankingList;
 import com.gitranker.api.domain.user.Tier;
 import com.gitranker.api.global.response.ApiResponse;
+import jakarta.validation.constraints.Min;
 import lombok.RequiredArgsConstructor;
+import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
+@Validated
 @RequiredArgsConstructor
 @RestController
 @RequestMapping("/api/v1/ranking")
@@ -18,7 +21,7 @@ public class RankingController {
 
     @GetMapping
     public ApiResponse<RankingList> getRankings(
-            @RequestParam(defaultValue = "0") int page,
+            @RequestParam(defaultValue = "0") @Min(value = 0, message = "페이지 번호는 0 이상이어야 합니다") int page,
             @RequestParam(required = false) Tier tier
     ) {
         RankingList response = rankingService.getRankingList(page, tier);
diff --git a/src/main/java/com/gitranker/api/domain/user/UserController.java b/src/main/java/com/gitranker/api/domain/user/UserController.java
@@ -8,29 +8,37 @@
 import com.gitranker.api.global.error.exception.BusinessException;
 import com.gitranker.api.global.response.ApiResponse;
 import jakarta.servlet.http.HttpServletResponse;
+import jakarta.validation.constraints.Pattern;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
+@Validated
 @RequiredArgsConstructor
 @RestController
 @RequestMapping("/api/v1/users")
 public class UserController {
+
+    private static final String USERNAME_PATTERN = "^(?=.{1,39}$)[A-Za-z0-9]+(?:-[A-Za-z0-9]+)*$";
+    private static final String USERNAME_MESSAGE = "GitHub 사용자명은 1-39자의 영문, 숫자, 하이픈만 허용됩니다";
     private final UserQueryService userQueryService;
     private final UserRefreshService userRefreshService;
     private final UserDeletionService userDeletionService;
 
     @GetMapping("/{username}")
-    public ApiResponse<RegisterUserResponse> getUser(@PathVariable String username) {
+    public ApiResponse<RegisterUserResponse> getUser(
+            @PathVariable @Pattern(regexp = USERNAME_PATTERN, message = USERNAME_MESSAGE) String username
+    ) {
         RegisterUserResponse response = userQueryService.findByUsername(username);
 
         return ApiResponse.success(response);
     }
 
     @PostMapping("/{username}/refresh")
     public ApiResponse<RegisterUserResponse> refreshUser(
-            @PathVariable String username,
+            @PathVariable @Pattern(regexp = USERNAME_PATTERN, message = USERNAME_MESSAGE) String username,
             @AuthenticationPrincipal User user
     ) {
         if (user == null) {
diff --git a/src/main/java/com/gitranker/api/global/error/GlobalExceptionHandler.java b/src/main/java/com/gitranker/api/global/error/GlobalExceptionHandler.java
@@ -5,6 +5,7 @@
 import com.gitranker.api.global.response.ApiResponse;
 import com.gitranker.api.global.util.TimeUtils;
 import jakarta.servlet.http.HttpServletRequest;
+import jakarta.validation.ConstraintViolationException;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
@@ -35,6 +36,20 @@ public ResponseEntity<ApiResponse<Object>> handleBusinessException(BusinessExcep
                 .body(ApiResponse.error(errorType, e.getData()));
     }
 
+    @ExceptionHandler(ConstraintViolationException.class)
+    public ResponseEntity<ApiResponse<Object>> handleConstraintViolationException(ConstraintViolationException e) {
+        String message = e.getConstraintViolations().stream()
+                .map(violation -> violation.getMessage())
+                .findFirst()
+                .orElse("잘못된 요청입니다");
+
+        log.warn("입력값 검증 실패 - Message: {}", message);
+
+        return ResponseEntity
+                .status(HttpStatus.BAD_REQUEST)
+                .body(ApiResponse.error(ErrorType.INVALID_REQUEST, message));
+    }
+
     @ExceptionHandler(NoResourceFoundException.class)
     public Object handleNoResourceFoundException(NoResourceFoundException e, HttpServletRequest request) {
         log.debug("리소스 없음 - Path: {}", e.getResourcePath());
