Auto-deploy from GitHub Actions - 2025-12-12 04:33:23

app/__init__.py

@@ -221,13 +221,18 @@ def migrate_database(app: Flask) -> None:
         with app.app_context():
             inspector = inspect(db.engine)
             
-            # 1. user 테이블 - nickname 컬럼
+            # 1. user 테이블 - nickname, must_change_password 컬럼
             if inspector.has_table('user'):
                 columns = [c['name'] for c in inspector.get_columns('user')]
-                if 'nickname' not in columns:
-                    logger.info("user 테이블에 nickname 컬럼 추가 중...")
-                    with db.engine.begin() as conn:
+                with db.engine.begin() as conn:
+                    if 'nickname' not in columns:
+                        logger.info("user 테이블에 nickname 컬럼 추가 중...")
                         conn.execute(text("ALTER TABLE \"user\" ADD COLUMN nickname VARCHAR(80)"))
+                    
+                    if 'must_change_password' not in columns:
+                        logger.info("user 테이블에 must_change_password 컬럼 추가 중...")
+                        # Boolean 타입은 DB에 따라 다를 수 있으므로 주의 (PostgreSQL/SQLite 모두 BOOLEAN 지원)
+                        conn.execute(text("ALTER TABLE \"user\" ADD COLUMN must_change_password BOOLEAN DEFAULT FALSE NOT NULL"))
             
             # 2. uploaded_file 테이블 - uploaded_by, parent_file_id 컬럼
             if inspector.has_table('uploaded_file'):

app/database.py

@@ -13,6 +13,7 @@ class User(UserMixin, db.Model):
     password_hash = db.Column(db.String(255), nullable=False)
     is_admin = db.Column(db.Boolean, default=False, nullable=False)
     is_active = db.Column(db.Boolean, default=True, nullable=False)
+    must_change_password = db.Column(db.Boolean, default=False, nullable=False)  # 다음 로그인 시 비밀번호 변경 강제 여부
     created_at = db.Column(db.DateTime, default=datetime.utcnow, nullable=False)
     last_login = db.Column(db.DateTime, nullable=True)
     
@@ -29,6 +30,7 @@ class User(UserMixin, db.Model):
             'nickname': self.nickname,
             'is_admin': self.is_admin,
             'is_active': self.is_active,
+            'must_change_password': self.must_change_password,
             'created_at': self.created_at.isoformat() if self.created_at else None,
             'last_login': self.last_login.isoformat() if self.last_login else None
         }

app/routes.py

@@ -1807,6 +1807,50 @@ def search_relevant_chunks_fallback(query, file_ids=None, model_name=None, top_k
         traceback.print_exc()
         return []
 
+@main_bp.before_request
+def check_password_change_requirement():
+    """다음 로그인 시 패스워드 변경 강제 확인 미들웨어"""
+    if current_user.is_authenticated and current_user.must_change_password:
+        # 허용된 엔드포인트 목록 (로그아웃, 패스워드 변경, 정적 파일)
+        allowed_endpoints = [
+            'main.logout', 
+            'main.change_password', 
+            'main.change_password_post',
+            'static'
+        ]
+        
+        # 현재 요청이 허용된 엔드포인트가 아니고 정적 파일도 아니면 리다이렉트
+        if request.endpoint not in allowed_endpoints and not request.path.startswith('/static/'):
+            return redirect(url_for('main.change_password'))
+
+@main_bp.route('/change-password', methods=['GET'])
+@login_required
+def change_password():
+    """패스워드 변경 페이지"""
+    return render_template('change_password.html')
+
+@main_bp.route('/change-password', methods=['POST'])
+@login_required
+def change_password_post():
+    """패스워드 변경 처리"""
+    password = request.form.get('password')
+    confirm_password = request.form.get('confirm_password')
+    
+    if not password or not confirm_password:
+        return render_template('change_password.html', error="비밀번호를 입력해주세요.")
+    
+    if password != confirm_password:
+        return render_template('change_password.html', error="비밀번호가 일치하지 않습니다.")
+        
+    try:
+        current_user.set_password(password)
+        current_user.must_change_password = False
+        db.session.commit()
+        return redirect(url_for('main.index'))
+    except Exception as e:
+        db.session.rollback()
+        return render_template('change_password.html', error=f"오류가 발생했습니다: {str(e)}")
+
 @main_bp.route('/login', methods=['GET', 'POST'])
 def login():
     """로그인 페이지"""
@@ -1830,6 +1874,11 @@ def login():
             login_user(user)
             user.last_login = datetime.utcnow()
             db.session.commit()
+            
+            # 패스워드 변경이 필요한 경우 리다이렉트
+            if user.must_change_password:
+                return redirect(url_for('main.change_password'))
+            
             next_page = request.args.get('next')
             # 관리자인 경우 관리자 페이지로 리다이렉트
             if user.is_admin:

templates/admin.html

@@ -657,7 +657,7 @@
                         <td>{{ user.created_at.strftime('%Y-%m-%d %H:%M') if user.created_at else '-' }}</td>
                         <td>{{ user.last_login.strftime('%Y-%m-%d %H:%M') if user.last_login else '-' }}</td>
                         <td>
-                            <button class="btn btn-secondary" onclick="openEditModal({{ user.id }}, '{{ user.username }}', '{{ user.nickname or '' }}', {{ user.is_admin|lower }}, {{ user.is_active|lower }})" style="padding: 4px 8px; font-size: 12px;">수정</button>
+                            <button class="btn btn-secondary" onclick="openEditModal({{ user.id }}, '{{ user.username }}', '{{ user.nickname or '' }}', {{ user.is_admin|lower }}, {{ user.is_active|lower }}, {{ user.must_change_password|lower }})" style="padding: 4px 8px; font-size: 12px;">수정</button>
                             {% if user.id != current_user.id %}
                             <button class="btn btn-danger" onclick="deleteUser({{ user.id }})" style="padding: 4px 8px; font-size: 12px;">삭제</button>
                             {% endif %}
@@ -699,6 +699,10 @@
                     <input type="checkbox" id="isActive" name="is_active" checked>
                     <label for="isActive">활성 상태</label>
                 </div>
+                <div class="form-group-checkbox">
+                    <input type="checkbox" id="mustChangePassword" name="must_change_password">
+                    <label for="mustChangePassword">다음 로그인 시 패스워드 변경</label>
+                </div>
                 <div class="modal-actions">
                     <button type="button" class="btn btn-secondary" onclick="closeModal()">취소</button>
                     <button type="submit" class="btn btn-primary">저장</button>
@@ -743,10 +747,11 @@
             document.getElementById('userId').value = '';
             document.getElementById('password').required = true;
             document.getElementById('isActive').checked = true;
+            document.getElementById('mustChangePassword').checked = false;
             document.getElementById('userModal').classList.add('active');
         }
 
-        function openEditModal(userId, username, nickname, isAdmin, isActive) {
+        function openEditModal(userId, username, nickname, isAdmin, isActive, mustChangePassword) {
             currentEditUserId = userId;
             document.getElementById('modalTitle').textContent = '사용자 수정';
             document.getElementById('userId').value = userId;
@@ -756,6 +761,7 @@
             document.getElementById('password').required = false;
             document.getElementById('isAdmin').checked = isAdmin;
             document.getElementById('isActive').checked = isActive;
+            document.getElementById('mustChangePassword').checked = mustChangePassword;
             document.getElementById('userModal').classList.add('active');
         }
 
@@ -772,7 +778,8 @@
                 nickname: document.getElementById('nickname').value.trim(),
                 password: document.getElementById('password').value,
                 is_admin: document.getElementById('isAdmin').checked,
-                is_active: document.getElementById('isActive').checked
+                is_active: document.getElementById('isActive').checked,
+                must_change_password: document.getElementById('mustChangePassword').checked
             };
 
             const userId = document.getElementById('userId').value;

templates/change_password.html

@@ -0,0 +1,152 @@
+<!DOCTYPE html>
+<html lang="ko">
+<head>
+    <script type="text/javascript">
+        (function(c,l,a,r,i,t,y){
+            c[a]=c[a]||function(){(c[a].q=c[a].q||[]).push(arguments)};
+            t=l.createElement(r);t.async=1;t.src="https://www.clarity.ms/tag/"+i;
+            y=l.getElementsByTagName(r)[0];y.parentNode.insertBefore(t,y);
+        })(window, document, "clarity", "script", "ujskfvh0bu");
+    </script>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>비밀번호 변경 - SOY NV AI</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap" rel="stylesheet">
+    <style>
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+
+        body {
+            font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+            background: #f0f2f5;
+            color: #202124;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            min-height: 100vh;
+        }
+
+        .container {
+            width: 100%;
+            max-width: 400px;
+            padding: 20px;
+        }
+
+        .card {
+            background: white;
+            padding: 40px;
+            border-radius: 8px;
+            box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1), 0 8px 16px rgba(0, 0, 0, 0.1);
+        }
+
+        .logo {
+            text-align: center;
+            margin-bottom: 24px;
+            font-size: 24px;
+            font-weight: 600;
+            color: #1a73e8;
+        }
+
+        .title {
+            text-align: center;
+            margin-bottom: 8px;
+            font-size: 20px;
+            font-weight: 500;
+        }
+
+        .subtitle {
+            text-align: center;
+            margin-bottom: 24px;
+            font-size: 14px;
+            color: #5f6368;
+        }
+
+        .form-group {
+            margin-bottom: 16px;
+        }
+
+        .form-group label {
+            display: block;
+            margin-bottom: 8px;
+            font-size: 14px;
+            font-weight: 500;
+            color: #202124;
+        }
+
+        .form-group input {
+            width: 100%;
+            padding: 10px 12px;
+            border: 1px solid #dadce0;
+            border-radius: 4px;
+            font-size: 16px;
+            transition: border-color 0.2s;
+        }
+
+        .form-group input:focus {
+            outline: none;
+            border-color: #1a73e8;
+            box-shadow: 0 0 0 2px rgba(26, 115, 232, 0.2);
+        }
+
+        .btn {
+            width: 100%;
+            padding: 10px 12px;
+            background: #1a73e8;
+            color: white;
+            border: none;
+            border-radius: 4px;
+            font-size: 16px;
+            font-weight: 500;
+            cursor: pointer;
+            transition: background 0.2s;
+        }
+
+        .btn:hover {
+            background: #1557b0;
+        }
+
+        .alert {
+            padding: 12px;
+            border-radius: 4px;
+            margin-bottom: 20px;
+            font-size: 14px;
+            background: #fce8e6;
+            color: #c5221f;
+            text-align: center;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="card">
+            <div class="logo">SOY NV AI</div>
+            <div class="title">비밀번호 변경</div>
+            <div class="subtitle">보안을 위해 비밀번호를 변경해야 합니다.</div>
+            
+            {% if error %}
+            <div class="alert">
+                {{ error }}
+            </div>
+            {% endif %}
+
+            <form method="POST" action="{{ url_for('main.change_password_post') }}">
+                <div class="form-group">
+                    <label for="password">새 비밀번호</label>
+                    <input type="password" id="password" name="password" required autofocus>
+                </div>
+                
+                <div class="form-group">
+                    <label for="confirm_password">새 비밀번호 확인</label>
+                    <input type="password" id="confirm_password" name="confirm_password" required>
+                </div>
+
+                <button type="submit" class="btn">비밀번호 변경</button>
+            </form>
+        </div>
+    </div>
+</body>
+</html>