From 4a167b31e55a38c9cca65ab8dc9eb4e2a3a383c1 Mon Sep 17 00:00:00 2001
From: kent <shine1324@gmail.com>
Date: Sat, 26 Jul 2025 15:52:47 +0900
Subject: [PATCH] =?UTF-8?q?fix=20:=20=ED=9A=8C=EC=9B=90=20=EC=9D=B8?=
 =?UTF-8?q?=EC=A6=9D=20=EC=8B=A4=ED=8C=A8=EC=8B=9C=20401=20=EC=A0=84?=
 =?UTF-8?q?=EC=86=A1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Middleware/ApiKeyMiddleware.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/app/Http/Middleware/ApiKeyMiddleware.php b/app/Http/Middleware/ApiKeyMiddleware.php
index 4511f1d..b341cf9 100644
--- a/app/Http/Middleware/ApiKeyMiddleware.php
+++ b/app/Http/Middleware/ApiKeyMiddleware.php
@@ -3,6 +3,7 @@
 namespace App\Http\Middleware;
 
 use Closure;
+use Illuminate\Auth\AuthenticationException;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\DB;
 use App\Models\User;
@@ -62,6 +63,23 @@ public function handle(Request $request, Closure $next)
             }
         }
 
+        // 화이트리스트(인증 예외 라우트)
+        $allowWithoutAuth = [
+            'api/v1/login',
+            'api/v1/debug-apikey',
+            // 추가적으로 허용하고 싶은 라우트
+        ];
+
+        // 현재 라우트 확인 (경로 또는 이름)
+        $currentRoute = $request->route()->uri(); // 또는 $request->path()
+
+        if (!in_array($currentRoute, $allowWithoutAuth)) {
+            // 인증정보(api_user, tenant_id) 없으면 튕김
+            if (!app()->bound('api_user') || !app()->bound('tenant_id')) {
+                throw new AuthenticationException('회원정보 또는 테넌트 정보 없음');
+            }
+        }
+
         $response = $next($request);
 
         // 응답 정보 저장