From 7ea899792726b89bfe02c5a870aee7bf42c7af0a Mon Sep 17 00:00:00 2001
From: kent <shine1324@gmail.com>
Date: Mon, 1 Dec 2025 23:44:56 +0900
Subject: [PATCH] =?UTF-8?q?feat:=20=EC=B5=9C=EC=B4=88=20=EB=A1=9C=EA=B7=B8?=
 =?UTF-8?q?=EC=9D=B8=20=EC=8B=9C=20=EB=B9=84=EB=B0=80=EB=B2=88=ED=98=B8=20?=
 =?UTF-8?q?=EB=B3=80=EA=B2=BD=20=EA=B0=95=EC=A0=9C=20=EA=B8=B0=EB=8A=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- User 모델에 must_change_password 필드 추가
- UserService: createUser(), resetPassword()에서 플래그 설정
- ProfileService: changePassword()에서 플래그 해제
- EnsurePasswordChanged 미들웨어 추가
- 인증 라우트에 password.changed 미들웨어 적용
- 프로필 페이지에 비밀번호 변경 필요 알림 추가

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 app/Http/Middleware/EnsurePasswordChanged.php | 39 +++++++++++++++++++
 app/Models/User.php                           |  2 +
 app/Services/ProfileService.php               |  3 +-
 app/Services/UserService.php                  |  6 ++-
 bootstrap/app.php                             |  1 +
 resources/views/profile/index.blade.php       | 28 +++++++++++++
 routes/web.php                                | 18 +++++++--
 7 files changed, 92 insertions(+), 5 deletions(-)
 create mode 100644 app/Http/Middleware/EnsurePasswordChanged.php

diff --git a/app/Http/Middleware/EnsurePasswordChanged.php b/app/Http/Middleware/EnsurePasswordChanged.php
new file mode 100644
index 00000000..64a43c2f
--- /dev/null
+++ b/app/Http/Middleware/EnsurePasswordChanged.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class EnsurePasswordChanged
+{
+    /**
+     * 비밀번호 변경이 필요한 사용자를 프로필 페이지로 리다이렉트
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        $user = $request->user();
+
+        // 로그인한 사용자가 비밀번호 변경이 필요한 경우
+        if ($user && $user->must_change_password) {
+            // 프로필 관련 라우트는 허용 (무한 리다이렉트 방지)
+            if ($request->routeIs('profile.*')) {
+                return $next($request);
+            }
+
+            // 로그아웃 라우트는 허용
+            if ($request->routeIs('logout')) {
+                return $next($request);
+            }
+
+            // 그 외 모든 요청은 프로필 페이지로 리다이렉트
+            return redirect()->route('profile.index')
+                ->with('warning', '보안을 위해 비밀번호를 변경해주세요.');
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Models/User.php b/app/Models/User.php
index 4b001565..6e7bb039 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -25,6 +25,7 @@ class User extends Authenticatable
         'email',
         'phone',
         'password',
+        'must_change_password',
         'options',
         'profile_photo_path',
         'role',
@@ -60,6 +61,7 @@ protected function casts(): array
             'options' => 'array',
             'is_active' => 'boolean',
             'is_super_admin' => 'boolean',
+            'must_change_password' => 'boolean',
         ];
     }
 
diff --git a/app/Services/ProfileService.php b/app/Services/ProfileService.php
index d71d6e12..27b046dc 100644
--- a/app/Services/ProfileService.php
+++ b/app/Services/ProfileService.php
@@ -40,8 +40,9 @@ public function changePassword(User $user, string $currentPassword, string $newP
             ];
         }
 
-        // 비밀번호 업데이트
+        // 비밀번호 업데이트 + 비밀번호 변경 필요 플래그 해제
         $user->password = Hash::make($newPassword);
+        $user->must_change_password = false;
         $user->updated_by = $user->id;
         $user->save();
 
diff --git a/app/Services/UserService.php b/app/Services/UserService.php
index b360f689..41c8cffd 100644
--- a/app/Services/UserService.php
+++ b/app/Services/UserService.php
@@ -95,6 +95,9 @@ public function createUser(array $data): User
         // is_active 처리
         $data['is_active'] = isset($data['is_active']) && $data['is_active'] == '1';
 
+        // 최초 로그인 시 비밀번호 변경 필요
+        $data['must_change_password'] = true;
+
         // 생성자 정보
         $data['created_by'] = auth()->id();
 
@@ -136,8 +139,9 @@ public function resetPassword(int $id): bool
         // 임의 비밀번호 생성
         $plainPassword = $this->generateRandomPassword();
 
-        // 비밀번호 업데이트
+        // 비밀번호 업데이트 + 비밀번호 변경 필요 플래그
         $user->password = Hash::make($plainPassword);
+        $user->must_change_password = true;
         $user->updated_by = auth()->id();
         $user->save();
 
diff --git a/bootstrap/app.php b/bootstrap/app.php
index acfa7c9c..c81249de 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -17,6 +17,7 @@
         $middleware->alias([
             'hq.member' => \App\Http\Middleware\EnsureHQMember::class,
             'super.admin' => \App\Http\Middleware\EnsureSuperAdmin::class,
+            'password.changed' => \App\Http\Middleware\EnsurePasswordChanged::class,
         ]);
 
         // auth 미들웨어 그룹에 HQ 검증 추가
diff --git a/resources/views/profile/index.blade.php b/resources/views/profile/index.blade.php
index f7dbe44a..4d61c477 100644
--- a/resources/views/profile/index.blade.php
+++ b/resources/views/profile/index.blade.php
@@ -9,6 +9,34 @@
         <h1 class="text-2xl font-bold text-gray-800">프로필 설정</h1>
     </div>
 
+    <!-- 비밀번호 변경 필요 알림 -->
+    @if(auth()->user()->must_change_password)
+    <div class="bg-amber-50 border border-amber-200 rounded-lg p-4 mb-6">
+        <div class="flex items-start gap-3">
+            <svg class="w-6 h-6 text-amber-500 flex-shrink-0 mt-0.5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
+            </svg>
+            <div>
+                <h3 class="text-sm font-semibold text-amber-800">비밀번호 변경이 필요합니다</h3>
+                <p class="text-sm text-amber-700 mt-1">
+                    보안을 위해 비밀번호를 변경해주세요. 비밀번호를 변경하기 전까지 다른 기능을 이용할 수 없습니다.
+                </p>
+            </div>
+        </div>
+    </div>
+    @endif
+
+    @if(session('warning'))
+    <div class="bg-amber-50 border border-amber-200 rounded-lg p-4 mb-6">
+        <div class="flex items-center gap-2">
+            <svg class="w-5 h-5 text-amber-500" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
+            </svg>
+            <p class="text-sm text-amber-700">{{ session('warning') }}</p>
+        </div>
+    </div>
+    @endif
+
     <!-- 기본 정보 -->
     <div class="bg-white rounded-lg shadow-sm p-6 mb-6">
         <h2 class="text-lg font-semibold text-gray-800 mb-4 pb-2 border-b flex items-center gap-2">
diff --git a/routes/web.php b/routes/web.php
index afbd3c03..52477155 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -3,15 +3,16 @@
 use App\Http\Controllers\ArchivedRecordController;
 use App\Http\Controllers\Auth\LoginController;
 use App\Http\Controllers\BoardController;
+use App\Http\Controllers\DailyLogController;
 use App\Http\Controllers\DepartmentController;
 use App\Http\Controllers\DevTools\FlowTesterController;
 use App\Http\Controllers\MenuController;
 use App\Http\Controllers\PermissionController;
-use App\Http\Controllers\DailyLogController;
+use App\Http\Controllers\PostController;
+use App\Http\Controllers\ProfileController;
 use App\Http\Controllers\ProjectManagementController;
 use App\Http\Controllers\RoleController;
 use App\Http\Controllers\RolePermissionController;
-use App\Http\Controllers\ProfileController;
 use App\Http\Controllers\TenantController;
 use App\Http\Controllers\UserController;
 use Illuminate\Support\Facades\Route;
@@ -35,7 +36,7 @@
 | - hq.member: 본사(HQ) 테넌트 소속 확인
 */
 
-Route::middleware(['auth', 'hq.member'])->group(function () {
+Route::middleware(['auth', 'hq.member', 'password.changed'])->group(function () {
     Route::post('/logout', [LoginController::class, 'logout'])->name('logout');
 
     // 테넌트 전환
@@ -95,6 +96,17 @@
         Route::get('/', [BoardController::class, 'index'])->name('index');
         Route::get('/create', [BoardController::class, 'create'])->name('create');
         Route::get('/{id}/edit', [BoardController::class, 'edit'])->name('edit');
+
+        // 게시글 CRUD (board 하위 중첩 라우트)
+        Route::prefix('{board}/posts')->name('posts.')->group(function () {
+            Route::get('/', [PostController::class, 'index'])->name('index');
+            Route::get('/create', [PostController::class, 'create'])->name('create');
+            Route::post('/', [PostController::class, 'store'])->name('store');
+            Route::get('/{post}', [PostController::class, 'show'])->name('show');
+            Route::get('/{post}/edit', [PostController::class, 'edit'])->name('edit');
+            Route::put('/{post}', [PostController::class, 'update'])->name('update');
+            Route::delete('/{post}', [PostController::class, 'destroy'])->name('destroy');
+        });
     });
 
     // 역할 권한 관리 (Blade 화면만)