production release : member_team initiation and refresh_tokens auto saving (#428)

* add response field (memberId, cohortId) (#391)

* initiation of new member and new announcement (#393)

* appleOAuth name resolution (#395)

* whitelist email -> memberId parameter changing (#398)

* whitelist email login (parameter email -> memberId) (#399)

* whitelist email -> memberId parameter changing

* whitelist email -> memberId parameter changing

* refactor/#397 (#400)

* whitelist email -> memberId parameter changing

* whitelist email -> memberId parameter changing

* whitelist email -> memberId parameter changing

* whitelist email -> memberId parameter changing (#402)

* member_roles auto align (#405)

* re-sync member_roles after whitelist (#407)

* filtered member overview by cohort (#412)

* filtered member overview by cohort

* after_party_invitees 보상로직

* AFTERPARTY_COMPENSATIONRESPONSE

* feat: member overview true/false of latest cohort (#414)

* feat: member overview true/false of latest cohort

* feat: member overview true/false of latest cohort

* feat: invitees invitation iniation (#417)

* feat: part null safe (#420)

* refactor : Session url open and Cohort value adding (#425)

* refactor: member relink and member_team initiation (#426)

* PENDING initiation (#427)

* refactor: member relink and member_team initiation

* refactor : PENDING refresh

Author: BlackBean99

application/src/main/kotlin/core/application/cohort/application/service/CohortQueryService.kt

@@ -15,11 +15,13 @@ class CohortQueryService(
     private val cohortPersistencePort: CohortPersistencePort,
     private val cohortProperties: CohortProperties,
 ) : CohortQueryUseCase {
+    fun getLatestCohort(): Cohort = getCohort(cohortProperties.value)
+
     override fun getLatestCohortId(): CohortId =
-        getCohort(cohortProperties.value).id
+        getLatestCohort().id
             ?: throw CohortNotFoundException()
 
-    override fun getLatestCohortValue(): String = getCohort(cohortProperties.value).value
+    override fun getLatestCohortValue(): String = getLatestCohort().value
 
     private fun getCohort(value: String): Cohort =
         cohortPersistencePort.findByValue(value)

application/src/main/kotlin/core/application/cohort/presentation/controller/CohortController.kt

@@ -3,16 +3,23 @@ package core.application.cohort.presentation.controller
 import core.application.cohort.application.service.CohortQueryService
 import core.application.cohort.presentation.response.CohortNumberResponse
 import core.application.common.exception.CustomResponse
+import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.RestController
 
 @RestController
 class CohortController(
     private val cohortQueryService: CohortQueryService,
 ) : CohortApi {
+    @PreAuthorize("permitAll()")
     @GetMapping("/v1/cohort")
     override fun latestCohort(): CustomResponse<CohortNumberResponse> {
-        val cohort = cohortQueryService.getLatestCohortValue()
-        return CustomResponse.ok(CohortNumberResponse(cohort))
+        val cohort = cohortQueryService.getLatestCohort()
+        return CustomResponse.ok(
+            CohortNumberResponse(
+                cohortId = cohort.id?.value ?: error("Latest cohort id must not be null"),
+                cohortNumber = cohort.value,
+            ),
+        )
     }
 }

application/src/main/kotlin/core/application/cohort/presentation/response/CohortNumberResponse.kt

@@ -1,5 +1,6 @@
 package core.application.cohort.presentation.response
 
 data class CohortNumberResponse(
+    val cohortId: Long,
     val cohortNumber: String,
 )

application/src/main/kotlin/core/application/member/application/service/MemberCommandService.kt

@@ -153,6 +153,7 @@ class MemberCommandService(
         }
 
         val memberId = requireNotNull(member.id) { "Active member must have id" }
+        memberTeamService.ensureMemberTeamInitialized(memberId)
         val latestCohortId = cohortQueryUseCase.getLatestCohortId()
         memberCohortService.addMemberToCohort(memberId, latestCohortId)
         publishMemberActivatedEvent(memberId, latestCohortId)

application/src/main/kotlin/core/application/member/application/service/MemberLoginService.kt

@@ -4,19 +4,21 @@ import core.application.common.constant.Profile
 import core.application.member.application.exception.MemberIdRequiredException
 import core.application.member.application.service.oauth.MemberOAuthService
 import core.application.member.application.service.role.MemberRoleService
+import core.application.member.application.service.team.MemberTeamService
 import core.application.security.oauth.token.JwtTokenProvider
 import core.application.security.properties.SecurityProperties
 import core.application.security.redirect.handler.LoginRedirectHandler
 import core.domain.member.aggregate.Member
+import core.domain.member.enums.MemberStatus
 import core.domain.member.port.inbound.HandleMemberLoginUseCase
 import core.domain.member.port.outbound.MemberPersistencePort
 import core.domain.member.vo.MemberId
 import core.domain.refreshToken.aggregate.RefreshToken
 import core.domain.refreshToken.port.outbound.RefreshTokenPersistencePort
 import core.domain.security.oauth.dto.LoginResult
 import core.domain.security.oauth.dto.OAuthAttributes
-import org.springframework.dao.DataIntegrityViolationException
 import org.springframework.core.env.Environment
+import org.springframework.dao.DataIntegrityViolationException
 import org.springframework.stereotype.Service
 import org.springframework.transaction.annotation.Transactional
 
@@ -30,6 +32,7 @@ class MemberLoginService(
     private val environment: Environment,
     private val redirectHandler: LoginRedirectHandler,
     private val memberRoleService: MemberRoleService,
+    private val memberTeamService: MemberTeamService,
 ) : HandleMemberLoginUseCase {
     @Transactional
     override fun handleLoginSuccess(
@@ -46,7 +49,9 @@ class MemberLoginService(
         if (memberOAuth != null) {
             val member =
                 memberPersistencePort.findById(memberOAuth.memberId)
-                    ?: throw IllegalStateException("MemberOAuth exists but Member not found")
+                    ?: recoverOrCreateMemberForOrphanedOAuth(authAttributes).also {
+                        memberOAuthService.relinkMemberOAuthProvider(it, authAttributes)
+                    }
             return handleExistingMemberLogin(requestUrl, member)
         }
 
@@ -75,12 +80,23 @@ class MemberLoginService(
     ): LoginResult {
         val memberId = member.id ?: return LoginResult(null, securityProperties.redirect.restrictedRedirectUrl)
 
-        if (!member.isAllowed() || memberPersistencePort.existsDeletedMemberById(memberId.value)) {
+        if (member.deletedAt == null) {
+            memberTeamService.ensureMemberTeamInitialized(memberId)
+        }
+
+        if (memberPersistencePort.existsDeletedMemberById(memberId.value) || member.status == MemberStatus.WITHDRAWN) {
             return LoginResult(null, securityProperties.redirect.restrictedRedirectUrl)
         }
 
         memberRoleService.ensureGuestRoleAssigned(memberId)
 
+        if (member.status == MemberStatus.PENDING) {
+            return generateLoginResult(
+                memberId,
+                securityProperties.redirect.restrictedRedirectUrl,
+            )
+        }
+
         return generateLoginResult(
             memberId,
             redirectHandler.determineRedirectUrl(
@@ -113,11 +129,24 @@ class MemberLoginService(
     }
 
     private fun selectLoginCandidate(members: List<Member>): Member {
-        val activeCandidates = members.filter { it.isAllowed() }
-        val eligible = if (activeCandidates.isNotEmpty()) activeCandidates else members
+        val availableMembers = members.filter { it.deletedAt == null }
+        val activeCandidates = availableMembers.filter { it.isAllowed() }
+        val eligible = if (activeCandidates.isNotEmpty()) activeCandidates else availableMembers
         return eligible.maxByOrNull { it.id?.value ?: 0L } ?: throw MemberIdRequiredException()
     }
 
+    private fun recoverOrCreateMemberForOrphanedOAuth(authAttributes: OAuthAttributes): Member {
+        val existingMembers = memberPersistencePort.findAllBySignupEmail(authAttributes.getEmail())
+        return if (existingMembers.isNotEmpty()) {
+            selectLoginCandidate(existingMembers)
+        } else {
+            createOrFindMemberBySignupEmail(
+                email = authAttributes.getEmail(),
+                name = authAttributes.getName(),
+            )
+        }
+    }
+
     private fun createOrFindMemberBySignupEmail(
         email: String,
         name: String,

application/src/main/kotlin/core/application/member/application/service/auth/AppleAuthService.kt

@@ -1,7 +1,7 @@
 package core.application.member.application.service.auth
 
-import core.application.common.constant.Profile
 import core.application.member.application.service.role.MemberRoleService
+import core.application.member.application.service.team.MemberTeamService
 import core.application.security.oauth.apple.AppleTokenExchangeService
 import core.application.security.oauth.token.JwtTokenProvider
 import core.domain.member.aggregate.Member
@@ -24,6 +24,7 @@ class AppleAuthService(
     private val refreshTokenPersistencePort: RefreshTokenPersistencePort,
     private val appleIdTokenValidator: core.application.security.oauth.apple.AppleIdTokenValidator,
     private val memberRoleService: MemberRoleService,
+    private val memberTeamService: MemberTeamService,
 ) {
     @Transactional
     fun login(
@@ -36,22 +37,23 @@ class AppleAuthService(
 
         val claims = appleIdTokenValidator.verify(tokenResponse.id_token)
         val externalId = claims.subject ?: throw IllegalArgumentException("Invalid ID Token: sub missing")
+        val email =
+            claims["email"] as? String
+                ?: throw IllegalArgumentException("Invalid ID Token: email missing")
 
         val memberOAuth =
             memberOAuthPersistencePort.findByProviderAndExternalId(OAuthProvider.APPLE, externalId)
 
         val member =
             if (memberOAuth == null) {
-                val email =
-                    claims["email"] as? String
-                        ?: throw IllegalArgumentException("Invalid ID Token: emailassignments missing")
-
                 val existingMembers = memberPersistencePort.findAllBySignupEmail(email)
                 val existingMember = selectLoginCandidate(existingMembers)
+                val resolvedFullName =
+                    fullName?.trim()?.takeIf { it.isNotBlank() }
+                        ?: (claims["name"] as? String)?.trim()?.takeIf { it.isNotBlank() }
                 val memberName =
                     resolveMemberName(
-                        fullName = fullName?.trim()?.takeIf { it.isNotBlank() }
-                            ?: (claims["name"] as? String)?.trim()?.takeIf { it.isNotBlank() },
+                        fullName = resolvedFullName,
                         familyName = familyName,
                         givenName = givenName,
                         email = email,
@@ -75,12 +77,22 @@ class AppleAuthService(
 
                 targetMember
             } else {
-                // Existing member
                 memberPersistencePort.findById(memberOAuth.memberId)
-                    ?: throw IllegalStateException("MemberOAuth exists but Member not found")
+                    ?: recoverOrCreateMemberForOrphanedOAuth(
+                        externalId = externalId,
+                        email = email,
+                        name =
+                            resolveMemberName(
+                                fullName = fullName,
+                                familyName = familyName,
+                                givenName = givenName,
+                                email = email,
+                            ),
+                    )
             }
 
         memberRoleService.ensureGuestRoleAssigned(member.id!!)
+        memberTeamService.ensureMemberTeamInitialized(member.id!!)
 
         // 4. Issue App Tokens
         val accessToken = jwtTokenProvider.generateAccessToken(member.id!!.toString())
@@ -114,15 +126,37 @@ class AppleAuthService(
     }
 
     private fun selectLoginCandidate(members: List<Member>): Member? {
-        if (members.isEmpty()) {
+        val availableMembers = members.filter { it.deletedAt == null }
+        if (availableMembers.isEmpty()) {
             return null
         }
 
-        val activeCandidates = members.filter { it.isAllowed() }
-        val eligible = if (activeCandidates.isNotEmpty()) activeCandidates else members
+        val activeCandidates = availableMembers.filter { it.isAllowed() }
+        val eligible = if (activeCandidates.isNotEmpty()) activeCandidates else availableMembers
         return eligible.maxByOrNull { it.id?.value ?: 0L }
     }
 
+    private fun recoverOrCreateMemberForOrphanedOAuth(
+        externalId: String,
+        email: String,
+        name: String,
+    ): Member {
+        val targetMember =
+            selectLoginCandidate(memberPersistencePort.findAllBySignupEmail(email))
+                ?: createOrFindMemberBySignupEmail(
+                    email = email,
+                    name = name,
+                )
+
+        memberOAuthPersistencePort.relinkToMember(
+            provider = OAuthProvider.APPLE,
+            externalId = externalId,
+            member = targetMember,
+        )
+
+        return targetMember
+    }
+
     private fun createOrFindMemberBySignupEmail(
         email: String,
         name: String,

application/src/main/kotlin/core/application/member/application/service/auth/EmailPasswordAuthService.kt

@@ -6,6 +6,7 @@ import core.application.member.application.exception.MemberAllowedException
 import core.application.member.application.exception.MemberDeletedException
 import core.application.member.application.exception.MemberNotFoundException
 import core.application.member.application.service.role.MemberRoleService
+import core.application.member.application.service.team.MemberTeamService
 import core.application.security.oauth.token.JwtTokenProvider
 import core.domain.member.aggregate.Member
 import core.domain.member.port.outbound.MemberPersistencePort
@@ -33,6 +34,7 @@ class EmailPasswordAuthService(
     private val memberPersistencePort: MemberPersistencePort,
     private val roleQueryService: RoleQueryService,
     private val memberRoleService: MemberRoleService,
+    private val memberTeamService: MemberTeamService,
     private val jwtTokenProvider: JwtTokenProvider,
     private val refreshTokenPersistencePort: RefreshTokenPersistencePort,
     private val passwordEncoder: PasswordEncoder,
@@ -96,6 +98,7 @@ class EmailPasswordAuthService(
         validateMemberForLogin(member)
 
         memberRoleService.ensureGuestRoleAssigned(member.id!!)
+        memberTeamService.ensureMemberTeamInitialized(member.id!!)
 
         // Generate JWT tokens
         val permissionStrings = roleQueryService.getPermissionsByMemberId(member.id!!)
@@ -141,6 +144,7 @@ class EmailPasswordAuthService(
 
         // 2. Ensure default member role (GUEST)
         memberRoleService.ensureGuestRoleAssigned(newMember.id!!)
+        memberTeamService.ensureMemberTeamInitialized(newMember.id!!)
 
         // 3. Create MemberCredential with encoded password
         val encodedPassword = passwordEncoder.encode(password)
@@ -201,8 +205,9 @@ class EmailPasswordAuthService(
     }
 
     private fun selectLoginCandidate(members: List<Member>): Member {
-        val activeCandidates = members.filter { it.isAllowed() }
-        val eligible = if (activeCandidates.isNotEmpty()) activeCandidates else members
+        val availableMembers = members.filter { it.deletedAt == null }
+        val activeCandidates = availableMembers.filter { it.isAllowed() }
+        val eligible = if (activeCandidates.isNotEmpty()) activeCandidates else availableMembers
         return eligible.maxByOrNull { it.id?.value ?: 0L } ?: throw MemberNotFoundException()
     }
 

application/src/main/kotlin/core/application/member/application/service/oauth/MemberOAuthService.kt

@@ -16,6 +16,17 @@ class MemberOAuthService(
         externalId: String,
     ): MemberOAuth? = memberOAuthPersistencePort.findByProviderAndExternalId(provider, externalId)
 
+    fun relinkMemberOAuthProvider(
+        member: Member,
+        authAttribute: OAuthAttributes,
+    ) {
+        memberOAuthPersistencePort.relinkToMember(
+            provider = authAttribute.getProvider(),
+            externalId = authAttribute.getExternalId(),
+            member = member,
+        )
+    }
+
     /**
      * 멤버 가입 시, OAuth 클라이언트로부터 전달받은 제공자 정보를 저장함.
      *

application/src/main/kotlin/core/application/member/application/service/team/MemberTeamService.kt

@@ -1,14 +1,19 @@
 package core.application.member.application.service.team
 
 import core.domain.member.aggregate.MemberTeam
+import core.domain.member.port.outbound.MemberPersistencePort
 import core.domain.member.port.outbound.MemberTeamPersistencePort
 import core.domain.member.vo.MemberId
 import core.domain.team.vo.TeamId
+import org.springframework.beans.factory.annotation.Value
 import org.springframework.stereotype.Service
 
 @Service
 class MemberTeamService(
     private val memberTeamPersistencePort: MemberTeamPersistencePort,
+    private val memberPersistencePort: MemberPersistencePort,
+    @Value("\${member.default-team-id:0}")
+    private val defaultTeamId: Int,
 ) {
     /**
      * 팀에 멤버를 추가함.
@@ -23,6 +28,23 @@ class MemberTeamService(
         memberTeamPersistencePort.save(MemberTeam.of(memberId, teamId))
     }
 
+    fun ensureMemberTeamInitialized(memberId: MemberId) {
+        if (defaultTeamId <= 0) {
+            return
+        }
+
+        if (memberPersistencePort.findMemberTeamByMemberId(memberId) != null) {
+            return
+        }
+
+        memberTeamPersistencePort.save(
+            MemberTeam.of(
+                memberId = memberId,
+                teamId = TeamId(defaultTeamId.toLong()),
+            ),
+        )
+    }
+
     /**
      * 멤버 탈퇴 시에, 멤버를 팀에서 제거(Hard Delete)하여 팀 정보 조회 시 노출되지 않도록 함.
      *

application/src/main/kotlin/core/application/session/presentation/controller/SessionQueryController.kt

@@ -23,7 +23,7 @@ import java.time.LocalDateTime
 class SessionQueryController(
     private val sessionQueryService: SessionQueryService,
 ) : SessionQueryApi {
-    @PreAuthorize("hasAuthority('read:session')")
+    @PreAuthorize("permitAll()")
     @GetMapping("/next")
     override fun getNextSession(): CustomResponse<NextSessionResponse> {
         val response =
@@ -34,7 +34,7 @@ class SessionQueryController(
         return CustomResponse.ok(response)
     }
 
-    @PreAuthorize("hasAuthority('read:session')")
+    @PreAuthorize("permitAll()")
     @GetMapping
     override fun getAllSessions(): CustomResponse<SessionListResponse> {
         val response =