feat: Apache Tika 기반 이미지 파일 유효성 검증 로직 구현

larama-C · larama-C · commit e885d65adde1 · 2025-12-21T11:52:07.000+09:00
diff --git a/src/main/java/com/back/web7_9_codecrete_be/domain/users/service/UserService.java b/src/main/java/com/back/web7_9_codecrete_be/domain/users/service/UserService.java
@@ -12,6 +12,7 @@
 import com.back.web7_9_codecrete_be.global.error.code.UserErrorCode;
 import com.back.web7_9_codecrete_be.global.error.exception.BusinessException;
 import com.back.web7_9_codecrete_be.global.storage.FileStorageService;
+import com.back.web7_9_codecrete_be.global.storage.ImageFileValidator;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -34,7 +35,7 @@ public class UserService {
     private final UserRestoreTokenRedisRepository userRestoreTokenRedisRepository;
     private final EmailService emailService;
 
-    private static final long MAX_PROFILE_IMAGE_SIZE = 10 * 1024 * 1024; // 10MB
+    private final ImageFileValidator imageFileValidator;
 
     // 내 정보 조회
     @Transactional(readOnly = true)
@@ -74,14 +75,7 @@ public void deleteMyAccount(User user) {
     public String updateProfileImage(User user, MultipartFile file) {
         validateActiveUser(user);
 
-        // 파일 유효성 검사
-        if (file == null || file.isEmpty()) {
-            throw new BusinessException(UserErrorCode.INVALID_PROFILE_IMAGE);
-        }
-
-        if (file.getSize() > MAX_PROFILE_IMAGE_SIZE) {
-            throw new BusinessException(UserErrorCode.PROFILE_IMAGE_SIZE_EXCEEDED);
-        }
+        imageFileValidator.validateImageFile(file);
 
         // 기존 이미지 URL 보관
         String oldImageUrl = user.getProfileImage();
diff --git a/src/main/java/com/back/web7_9_codecrete_be/global/storage/ImageFileValidator.java b/src/main/java/com/back/web7_9_codecrete_be/global/storage/ImageFileValidator.java
@@ -0,0 +1,53 @@
+package com.back.web7_9_codecrete_be.global.storage;
+
+import com.back.web7_9_codecrete_be.global.error.code.FileErrorCode;
+import com.back.web7_9_codecrete_be.global.error.exception.BusinessException;
+import org.apache.tika.Tika;
+import org.springframework.stereotype.Component;
+import org.springframework.web.multipart.MultipartFile;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+@Component
+public class ImageFileValidator {
+
+    private final Tika tika = new Tika();
+    private static final long MAX_PROFILE_IMAGE_SIZE = 10 * 1024 * 1024; // 10MB
+
+    public void validateImageFile(MultipartFile file) {
+
+        // 파일 비어있는지 검사
+        if (file == null || file.isEmpty()) {
+            throw new BusinessException(FileErrorCode.FILE_EMPTY);
+        }
+
+        // 파일 크기 검사
+        if (file.getSize() > MAX_PROFILE_IMAGE_SIZE) {
+            throw new BusinessException(FileErrorCode.PROFILE_IMAGE_SIZE_EXCEEDED);
+        }
+
+        // 실제 MIME 타입 분석
+        String detectedMimeType;
+        try (InputStream is = file.getInputStream()) {
+            detectedMimeType = tika.detect(is);
+        } catch (IOException e) {
+            throw new BusinessException(FileErrorCode.FILE_ANALYZE_FAILED);
+        }
+
+        ImageMimeType imageMimeType = ImageMimeType.from(detectedMimeType);
+
+        // 확장자 추출
+        String filename = file.getOriginalFilename();
+        if (filename == null || !filename.contains(".")) {
+            throw new BusinessException(FileErrorCode.EXTENSION_MISMATCH);
+        }
+
+        String extension = filename.substring(filename.lastIndexOf('.') + 1);
+
+        // 확장자 ↔ MIME 타입 매칭
+        if (!imageMimeType.matches(extension)) {
+            throw new BusinessException(FileErrorCode.EXTENSION_MISMATCH);
+        }
+    }
+}
diff --git a/src/main/java/com/back/web7_9_codecrete_be/global/storage/ImageMimeType.java b/src/main/java/com/back/web7_9_codecrete_be/global/storage/ImageMimeType.java
@@ -0,0 +1,36 @@
+package com.back.web7_9_codecrete_be.global.storage;
+
+import com.back.web7_9_codecrete_be.global.error.code.FileErrorCode;
+import com.back.web7_9_codecrete_be.global.error.exception.BusinessException;
+
+import java.util.Arrays;
+import java.util.List;
+
+public enum ImageMimeType {
+
+    JPEG("image/jpeg", List.of("jpg", "jpeg")),
+    PNG("image/png", List.of("png")),
+    WEBP("image/webp", List.of("webp"));
+
+    private final String mimeType;
+    private final List<String> extensions;
+
+    ImageMimeType(String mimeType, List<String> extensions) {
+        this.mimeType = mimeType;
+        this.extensions = extensions;
+    }
+
+    public static ImageMimeType from(String detectedMimeType) {
+        return Arrays.stream(values())
+                .filter(it -> it.mimeType.equals(detectedMimeType))
+                .findFirst()
+                .orElseThrow(() ->
+                        new BusinessException(FileErrorCode.INVALID_IMAGE_TYPE)
+                );
+    }
+
+    public boolean matches(String extension) {
+        return extensions.contains(extension.toLowerCase());
+    }
+}
+
