Initial commit: OAuth 2.0 인증 시스템 with APISIX API Gateway

- FastAPI 백엔드 + MongoDB + Redis 구성
- React + Vite + TypeScript + shadcn/ui 프론트엔드
- Apache APISIX API Gateway 통합
- Docker Compose 기반 개발 환경
- 3단계 권한 체계 (System Admin, Group Admin, User)
- 동적 테마 지원
- 환경별 설정 (dev/vei/prod)

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

oauth/backend/.env.example

@@ -0,0 +1,13 @@
+SECRET_KEY=0198fd96-f538-7a81-be14-d9e4cb81f60d
+MONGODB_URL=mongodb://localhost:27017
+DATABASE_NAME=oauth_db
+REDIS_URL=redis://localhost:6379
+ENVIRONMENT=dev
+BACKUP_PATH=/var/backups/oauth
+ARCHIVE_PATH=/var/archives/oauth
+SMTP_HOST=smtp.gmail.com
+SMTP_PORT=587
+SMTP_USER=your-email@gmail.com
+SMTP_PASSWORD=your-app-password
+NEXUS_URL=http://nexus.local:8081
+NEXUS_REPOSITORY=oauth-artifacts

oauth/backend/Dockerfile

@@ -0,0 +1,16 @@
+FROM python:3.11-slim
+
+WORKDIR /app
+
+RUN apt-get update && apt-get install -y \
+    gcc \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY . .
+
+EXPOSE 8000
+
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

oauth/backend/Dockerfile.dev

@@ -0,0 +1,15 @@
+FROM python:3.11-slim
+
+WORKDIR /app
+
+RUN apt-get update && apt-get install -y \
+    gcc \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+EXPOSE 8000
+
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--reload"]

oauth/backend/app/api/v1/router.py

@@ -0,0 +1,9 @@
+from fastapi import APIRouter
+from app.api.v1.endpoints import auth, users, applications, admin
+
+api_router = APIRouter()
+
+api_router.include_router(auth.router, prefix="/auth", tags=["authentication"])
+api_router.include_router(users.router, prefix="/users", tags=["users"])
+api_router.include_router(applications.router, prefix="/applications", tags=["applications"])
+api_router.include_router(admin.router, prefix="/admin", tags=["admin"])

oauth/backend/app/core/config.py

@@ -0,0 +1,49 @@
+from typing import List, Union
+from pydantic_settings import BaseSettings
+from pydantic import field_validator
+import os
+
+class Settings(BaseSettings):
+    PROJECT_NAME: str = "OAuth Authentication System"
+    VERSION: str = "1.0.0"
+    API_V1_STR: str = "/api/v1"
+    
+    SECRET_KEY: str = os.getenv("SECRET_KEY", "0198fda4-294e-77b0-a95d-2b601d2c594d")
+    ALGORITHM: str = "HS256"
+    ACCESS_TOKEN_EXPIRE_MINUTES: int = 30
+    REFRESH_TOKEN_EXPIRE_DAYS: int = 7
+    
+    MONGODB_URL: str = os.getenv("MONGODB_URL", "mongodb://localhost:27017")
+    DATABASE_NAME: str = os.getenv("DATABASE_NAME", "oauth_db")
+    
+    REDIS_URL: str = os.getenv("REDIS_URL", "redis://localhost:6379")
+    
+    BACKEND_CORS_ORIGINS: List[str] = ["http://localhost:3000", "http://localhost:5173"]
+    
+    ENVIRONMENT: str = os.getenv("ENVIRONMENT", "dev")
+    
+    BACKUP_PATH: str = os.getenv("BACKUP_PATH", "/var/backups/oauth")
+    ARCHIVE_PATH: str = os.getenv("ARCHIVE_PATH", "/var/archives/oauth")
+    
+    SMTP_HOST: str = os.getenv("SMTP_HOST", "")
+    SMTP_PORT: int = int(os.getenv("SMTP_PORT", "587"))
+    SMTP_USER: str = os.getenv("SMTP_USER", "")
+    SMTP_PASSWORD: str = os.getenv("SMTP_PASSWORD", "")
+    
+    NEXUS_URL: str = os.getenv("NEXUS_URL", "")
+    NEXUS_REPOSITORY: str = os.getenv("NEXUS_REPOSITORY", "")
+    
+    @field_validator("BACKEND_CORS_ORIGINS", mode="before")
+    @classmethod
+    def assemble_cors_origins(cls, v: Union[str, List[str]]) -> Union[List[str], str]:
+        if isinstance(v, str) and not v.startswith("["):
+            return [i.strip() for i in v.split(",")]
+        elif isinstance(v, (list, str)):
+            return v
+        raise ValueError(v)
+    
+    class Config:
+        env_file = ".env"
+        case_sensitive = True
+
+settings = Settings()

oauth/backend/app/core/database.py

@@ -0,0 +1,38 @@
+from motor.motor_asyncio import AsyncIOMotorClient
+from app.core.config import settings
+import redis.asyncio as redis
+from typing import Optional
+
+class Database:
+    client: Optional[AsyncIOMotorClient] = None
+    database = None
+    redis_client: Optional[redis.Redis] = None
+
+db = Database()
+
+async def init_db():
+    db.client = AsyncIOMotorClient(settings.MONGODB_URL)
+    db.database = db.client[settings.DATABASE_NAME]
+    db.redis_client = await redis.from_url(settings.REDIS_URL, decode_responses=True)
+    
+    await create_indexes()
+
+async def close_db():
+    if db.client:
+        db.client.close()
+    if db.redis_client:
+        await db.redis_client.close()
+
+async def create_indexes():
+    await db.database.users.create_index("email", unique=True)
+    await db.database.users.create_index("username", unique=True)
+    await db.database.applications.create_index("client_id", unique=True)
+    await db.database.applications.create_index("app_name", unique=True)
+    await db.database.auth_history.create_index([("user_id", 1), ("created_at", -1)])
+    await db.database.auth_history.create_index("created_at")
+
+def get_database():
+    return db.database
+
+def get_redis():
+    return db.redis_client

oauth/backend/app/main.py

@@ -0,0 +1,38 @@
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+from contextlib import asynccontextmanager
+from app.core.config import settings
+from app.core.database import init_db, close_db
+from app.api.v1.router import api_router
+import logging
+
+logging.basicConfig(level=logging.INFO)
+logger = logging.getLogger(__name__)
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    await init_db()
+    logger.info("Database initialized")
+    yield
+    await close_db()
+    logger.info("Database connection closed")
+
+app = FastAPI(
+    title=settings.PROJECT_NAME,
+    version=settings.VERSION,
+    lifespan=lifespan
+)
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=settings.BACKEND_CORS_ORIGINS,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+app.include_router(api_router, prefix=settings.API_V1_STR)
+
+@app.get("/health")
+async def health_check():
+    return {"status": "healthy", "service": "OAuth Authentication System"}

oauth/backend/app/models/application.py

@@ -0,0 +1,54 @@
+from pydantic import BaseModel, Field
+from datetime import datetime
+from typing import Optional, Dict, Any
+
+class ApplicationTheme(BaseModel):
+    primary_color: str = "#1976d2"
+    secondary_color: str = "#dc004e"
+    background_color: str = "#ffffff"
+    text_color: str = "#000000"
+    logo_url: Optional[str] = None
+    background_image_url: Optional[str] = None
+    font_family: str = "Roboto, sans-serif"
+    border_radius: str = "8px"
+    custom_css: Optional[str] = None
+
+class ApplicationBase(BaseModel):
+    app_name: str
+    description: str
+    redirect_uris: list[str]
+    allowed_origins: list[str]
+    theme: ApplicationTheme = ApplicationTheme()
+    is_active: bool = True
+    allow_registration: bool = True
+    require_email_verification: bool = False
+
+class ApplicationCreate(ApplicationBase):
+    pass
+
+class ApplicationUpdate(BaseModel):
+    app_name: Optional[str] = None
+    description: Optional[str] = None
+    redirect_uris: Optional[list[str]] = None
+    allowed_origins: Optional[list[str]] = None
+    theme: Optional[ApplicationTheme] = None
+    is_active: Optional[bool] = None
+    allow_registration: Optional[bool] = None
+    require_email_verification: Optional[bool] = None
+
+class ApplicationInDB(ApplicationBase):
+    id: str = Field(alias="_id")
+    client_id: str
+    client_secret: str
+    created_at: datetime
+    updated_at: datetime
+    created_by: str
+    
+    class Config:
+        populate_by_name = True
+
+class Application(ApplicationBase):
+    id: str
+    client_id: str
+    created_at: datetime
+    updated_at: datetime

oauth/backend/app/models/user.py

@@ -0,0 +1,54 @@
+from pydantic import BaseModel, EmailStr, Field
+from datetime import datetime
+from typing import Optional, List
+from enum import Enum
+
+class UserRole(str, Enum):
+    SYSTEM_ADMIN = "system_admin"
+    GROUP_ADMIN = "group_admin"
+    USER = "user"
+
+class UserBase(BaseModel):
+    email: EmailStr
+    username: str
+    full_name: str
+    role: UserRole = UserRole.USER
+    is_active: bool = True
+    phone_number: Optional[str] = None
+    birth_date: Optional[str] = None
+    gender: Optional[str] = None
+    profile_picture: Optional[str] = None
+
+class UserCreate(UserBase):
+    password: str
+
+class UserUpdate(BaseModel):
+    full_name: Optional[str] = None
+    phone_number: Optional[str] = None
+    birth_date: Optional[str] = None
+    gender: Optional[str] = None
+    profile_picture: Optional[str] = None
+
+class UserInDB(UserBase):
+    id: str = Field(alias="_id")
+    hashed_password: str
+    created_at: datetime
+    updated_at: datetime
+    last_login: Optional[datetime] = None
+    
+    class Config:
+        populate_by_name = True
+
+class User(UserBase):
+    id: str
+    created_at: datetime
+    updated_at: datetime
+    last_login: Optional[datetime] = None
+
+class UserPermissions(BaseModel):
+    single_sign_on: bool = True
+    share_name: bool = True
+    share_gender: bool = False
+    share_birth_date: bool = False
+    share_email: bool = True
+    share_phone: bool = False

oauth/backend/requirements.txt

@@ -0,0 +1,25 @@
+fastapi==0.115.0
+uvicorn[standard]==0.30.6
+python-multipart==0.0.9
+python-jose[cryptography]==3.3.0
+passlib[bcrypt]==1.7.4
+motor==3.5.1
+redis==5.0.7
+pydantic==2.9.1
+pydantic-settings==2.4.0
+python-dotenv==1.0.1
+httpx==0.27.0
+celery==5.4.0
+flower==2.0.1
+pytest==8.3.2
+pytest-asyncio==0.24.0
+black==24.8.0
+ruff==0.6.3
+authlib==1.3.1
+itsdangerous==2.2.0
+email-validator==2.2.0
+Pillow==10.4.0
+cryptography==42.0.8
+aiofiles==24.1.0
+python-dateutil==2.9.0
+pytz==2024.1