diff --git a/src/main/java/com/eactive/apim/portal/portaluser/entity/TwoFactorAuth.java b/src/main/java/com/eactive/apim/portal/portaluser/entity/TwoFactorAuth.java index 0b0e714..a838918 100644 --- a/src/main/java/com/eactive/apim/portal/portaluser/entity/TwoFactorAuth.java +++ b/src/main/java/com/eactive/apim/portal/portaluser/entity/TwoFactorAuth.java @@ -28,6 +28,11 @@ public class TwoFactorAuth { @Convert(converter = PersonalDataEncryptConverter.class) private String recipient; + // recipient 가 암호화 컬럼이라 값으로 동등 조회/중복정리가 불가능하므로, + // recipient 평문의 결정적 해시(HMAC-SHA256, hex)를 별도 조회 키로 둔다. (비암호화) + @Column(name = "recipient_key", length = 64) + private String recipientKey; + @Column(name = "auth_number", length = 255) private String authNumber; @@ -49,6 +54,14 @@ public class TwoFactorAuth { this.recipient = recipient; } + public String getRecipientKey() { + return recipientKey; + } + + public void setRecipientKey(String recipientKey) { + this.recipientKey = recipientKey; + } + public String getAuthNumber() { return authNumber; } diff --git a/src/main/java/com/eactive/apim/portal/portaluser/repository/TwoFactorAuthRepository.java b/src/main/java/com/eactive/apim/portal/portaluser/repository/TwoFactorAuthRepository.java index b8219c9..ef636a0 100644 --- a/src/main/java/com/eactive/apim/portal/portaluser/repository/TwoFactorAuthRepository.java +++ b/src/main/java/com/eactive/apim/portal/portaluser/repository/TwoFactorAuthRepository.java @@ -6,7 +6,16 @@ import org.springframework.data.jpa.repository.JpaRepository; import java.util.Optional; public interface TwoFactorAuthRepository extends JpaRepository { + + // recipientKey(결정적 해시) 기반 조회/정리. recipient 가 암호화 컬럼이라 값 동등 조회가 깨지는 문제를 우회한다. + Optional findByRecipientKey(String recipientKey); + + void deleteAllByRecipientKey(String recipientKey); + + // 아래 두 메서드는 recipient(암호화 컬럼) 기반이라 신뢰할 수 없음 — 신규 코드에서는 RecipientKey 버전을 사용할 것. + @Deprecated Optional findByRecipient(String recipientKey); + @Deprecated void deleteAllByRecipient(String recipient); }