Loopers-dev-lab · SukheeChoi · Feb 2, 2026 · Feb 2, 2026 · Feb 2, 2026 · Feb 2, 2026
diff --git a/.codeguide/loopers-1-week.md b/.codeguide/loopers-1-week.md
@@ -43,3 +43,90 @@
 
 - [ ]  포인트 조회에 성공할 경우, 보유 포인트를 응답으로 반환한다.
 - [ ]  `X-USER-ID` 헤더가 없을 경우, `400 Bad Request` 응답을 반환한다.
+
+---
+
+## 📋 구현 기록
+
+### 1. 회원가입 기능 (`feature/sign-up`)
+
+**구현 파일:**
+| 파일 | 역할 |
+|------|------|
+| `MemberModel.java` | 회원 엔티티 |
+| `MemberRepository.java` | Repository 인터페이스 |
+| `MemberService.java` | 비즈니스 로직 (중복 검증, 비밀번호 검증, 암호화) |
+| `MemberJpaRepository.java` | Spring Data JPA 인터페이스 |
+| `MemberRepositoryImpl.java` | Repository 구현체 |
+| `MemberV1Controller.java` | REST API 컨트롤러 |
+| `MemberV1Dto.java` | 요청/응답 DTO |
+| `PasswordEncoderConfig.java` | BCrypt Bean 설정 |
+
+**설계 근거:**
+- `spring-security-crypto`만 사용: 전체 Spring Security는 과한 의존성
+- Layered Architecture: Domain → Infrastructure → Interface 분리
+- 비밀번호 검증을 Service에 위치: PasswordEncoder 의존성 필요
+
+**TDD 테스트 목록:**
+| 테스트 | 검증 내용 |
+|--------|----------|
+| `register_withValidInfo_savesMember` | 정상 회원가입 |
+| `register_withDuplicateLoginId_throwsException` | 로그인 ID 중복 검증 |
+| `register_withShortPassword_throwsException` | 비밀번호 8자 미만 검증 |
+| `register_withBirthDateInPassword_throwsException` | 생년월일 포함 검증 |
+| `signUp_withValidRequest_returnsCreated` | API 201 응답 |
+| `signUp_withInvalidLoginIdFormat_returnsBadRequest` | API 400 응답 |
+
+---
+
+### 2. 내 정보 조회 기능 (`feature/my-info`)
+
+**구현 파일:**
+| 파일 | 역할 |
+|------|------|
+| `AuthMember.java` | 인증 어노테이션 |
+| `AuthMemberResolver.java` | 헤더 기반 인증 처리 |
+| `WebMvcConfig.java` | Resolver 등록 |
+| `MemberV1Dto.MyInfoResponse` | 응답 DTO (마스킹 로직 포함) |
+| `MemberV1Controller.getMyInfo()` | API 추가 |
+| `ErrorType.UNAUTHORIZED` | 401 에러 타입 |
+
+**설계 근거:**
+- `HandlerMethodArgumentResolver` 사용: 컨트롤러 코드 깔끔, 인증 로직 집중
+- Facade 생략: 단순 조회이므로 Controller에서 직접 DTO 변환
+- 마스킹 로직을 DTO에 위치: 표현 계층 관심사
+
+**TDD 테스트 목록:**
+| 테스트 | 검증 내용 |
+|--------|----------|
+| `myInfoResponse_masksLastCharacterOfName` | 이름 마스킹 (홍길동 → 홍길*) |
+| `myInfoResponse_doesNotMaskSingleCharacterName` | 1글자 이름 마스킹 안함 |
+| `getMyInfo_withoutAuthHeaders_returnsUnauthorized` | 인증 헤더 없음 401 |
+| `getMyInfo_withWrongPassword_returnsUnauthorized` | 잘못된 비밀번호 401 |
+| `getMyInfo_withValidAuth_returnsOkWithMaskedName` | 정상 조회 200 |
+
+---
+
+### 3. 비밀번호 수정 기능 (`feature/change-password`)
+
+**구현 파일:**
+| 파일 | 역할 |
+|------|------|
+| `MemberModel.changePassword()` | 비밀번호 변경 메서드 |
+| `MemberService.changePassword()` | 검증 로직 + 암호화 |
+| `MemberV1Controller.changePassword()` | PATCH API |
+| `MemberV1Dto.ChangePasswordRequest` | 요청 DTO |
+
+**설계 근거:**
+- 기존 비밀번호 검증 로직 재사용 (`PASSWORD_PATTERN`, `containsBirthDate`)
+- Facade 생략: 단순 흐름 (Controller → Service → Entity)
+
+**TDD 테스트 목록:**
+| 테스트 | 검증 내용 | 상태 |
+|--------|----------|------|
+| `changePassword_withWrongCurrentPassword_throwsException` | 현재 비밀번호 불일치 | ✅ |
+| `changePassword_withSamePassword_throwsException` | 동일 비밀번호 | ✅ |
+| `changePassword_withInvalidNewPassword_throwsException` | 규칙 위반 | ✅ |
+| `changePassword_withBirthDateInNewPassword_throwsException` | 생년월일 포함 | ✅ |
+| `changePassword_withValidInput_updatesPassword` | 정상 변경 | ✅ |
+| `changePassword_withValidAuth_returnsOk` | PATCH API 200 응답 | ✅ |
diff --git a/.gitignore b/.gitignore
@@ -38,3 +38,7 @@ out/
 
 ### Kotlin ###
 .kotlin
+
+### Claude Code ###
+*.md
+!docs/**/*.md
-
-### Claude Code ###
-*.md
-!docs/**/*.md
+### Claude Code ###
+# Claude Code 산출물 디렉터리만 무시
+.claude/
+.claude/**/*.md
-
-### Claude Code ###
-*.md
-!docs/**/*.md
+### Claude Code ###
+# Claude Code 산출물 디렉터리만 무시
+.claude/
+.claude/**/*.md
diff --git a/apps/commerce-api/build.gradle.kts b/apps/commerce-api/build.gradle.kts
@@ -8,6 +8,10 @@ dependencies {
 
     // web
     implementation("org.springframework.boot:spring-boot-starter-web")
+    implementation("org.springframework.boot:spring-boot-starter-validation")
+
+    // security (password encryption only)
+    implementation("org.springframework.security:spring-security-crypto")
     implementation("org.springframework.boot:spring-boot-starter-actuator")
     implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:${project.properties["springDocOpenApiVersion"]}")
 

diff --git a/apps/commerce-api/src/main/java/com/loopers/application/example/ExampleFacade.java b/apps/commerce-api/src/main/java/com/loopers/application/example/ExampleFacade.java
diff --git a/apps/commerce-api/src/main/java/com/loopers/application/example/ExampleInfo.java b/apps/commerce-api/src/main/java/com/loopers/application/example/ExampleInfo.java
diff --git a/apps/commerce-api/src/main/java/com/loopers/domain/example/ExampleModel.java b/apps/commerce-api/src/main/java/com/loopers/domain/example/ExampleModel.java
diff --git a/apps/commerce-api/src/main/java/com/loopers/domain/example/ExampleRepository.java b/apps/commerce-api/src/main/java/com/loopers/domain/example/ExampleRepository.java
diff --git a/apps/commerce-api/src/main/java/com/loopers/domain/example/ExampleService.java b/apps/commerce-api/src/main/java/com/loopers/domain/example/ExampleService.java
diff --git a/apps/commerce-api/src/main/java/com/loopers/domain/member/Member.java b/apps/commerce-api/src/main/java/com/loopers/domain/member/Member.java
@@ -0,0 +1,57 @@
+package com.loopers.domain.member;
+
+import com.loopers.domain.BaseEntity;
+import com.loopers.domain.member.vo.BirthDate;
+import com.loopers.domain.member.vo.Email;
+import com.loopers.domain.member.vo.LoginId;
+import com.loopers.domain.member.vo.Password;
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Embedded;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "member")
+public class Member extends BaseEntity {
+
+    @Embedded
+    private LoginId loginId;
+
+    @Embedded
+    private Password password;
+
+    @Column(nullable = false, length = 50)
+    private String name;
+
+    @Embedded
+    private BirthDate birthDate;
+
+    @Embedded
+    private Email email;
+
+    protected Member() {}
+
+    public Member(LoginId loginId, Password password, String name,
+                  BirthDate birthDate, Email email) {
+        if (name == null || name.isBlank()) {
+            throw new CoreException(ErrorType.BAD_REQUEST, "이름은 필수입니다.");
+        }
+        this.loginId = loginId;
+        this.password = password;
+        this.name = name;
+        this.birthDate = birthDate;
+        this.email = email;
+    }
+
+    public LoginId getLoginId() { return loginId; }
+    public Password getPassword() { return password; }
+    public String getName() { return name; }
+    public BirthDate getBirthDate() { return birthDate; }
+    public Email getEmail() { return email; }
+
+    public void changePassword(Password newPassword) {
+        this.password = newPassword;
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/domain/member/MemberRepository.java b/apps/commerce-api/src/main/java/com/loopers/domain/member/MemberRepository.java
@@ -0,0 +1,11 @@
+package com.loopers.domain.member;
+
+import com.loopers.domain.member.vo.LoginId;
+
+import java.util.Optional;
+
+public interface MemberRepository {
+    Member save(Member member);
+    Optional<Member> findByLoginId(LoginId loginId);
+    boolean existsByLoginId(LoginId loginId);
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/domain/member/MemberService.java b/apps/commerce-api/src/main/java/com/loopers/domain/member/MemberService.java
@@ -0,0 +1,60 @@
+package com.loopers.domain.member;
+
+import com.loopers.domain.member.vo.BirthDate;
+import com.loopers.domain.member.vo.Email;
+import com.loopers.domain.member.vo.LoginId;
+import com.loopers.domain.member.vo.Password;
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.Optional;
+
+@RequiredArgsConstructor
+@Service
+@Transactional(readOnly = true)
+public class MemberService {
+
+    private final MemberRepository memberRepository;
+    private final PasswordEncoder passwordEncoder;
+
+    @Transactional
+    public Member register(String loginId, String plainPassword, String name,
+                           String birthDate, String email) {
+        LoginId loginIdVo = new LoginId(loginId);
+
+        if (memberRepository.existsByLoginId(loginIdVo)) {
+            throw new CoreException(ErrorType.CONFLICT, "이미 존재하는 ID입니다.");
+        }
+
+        BirthDate birthDateVo = BirthDate.from(birthDate);
+        Password password = Password.create(plainPassword, birthDateVo.value(), passwordEncoder);
+        Email emailVo = new Email(email);
+
+        Member member = new Member(loginIdVo, password, name, birthDateVo, emailVo);
+        return memberRepository.save(member);
+    }
-    @Transactional
-    public Member register(String loginId, String plainPassword, String name,
-                           String birthDate, String email) {
-        LoginId loginIdVo = new LoginId(loginId);
-
-        if (memberRepository.existsByLoginId(loginIdVo)) {
-            throw new CoreException(ErrorType.CONFLICT, "이미 존재하는 ID입니다.");
-        }
-
-        BirthDate birthDateVo = BirthDate.from(birthDate);
-        Password password = Password.create(plainPassword, birthDateVo.value(), passwordEncoder);
-        Email emailVo = new Email(email);
-
-        Member member = new Member(loginIdVo, password, name, birthDateVo, emailVo);
-        return memberRepository.save(member);
-    }
+    `@Transactional`
+    public Member register(String loginId, String plainPassword, String name,
+                           String birthDate, String email) {
+        LoginId loginIdVo = new LoginId(loginId);
+
+        if (memberRepository.existsByLoginId(loginIdVo)) {
+            throw new CoreException(ErrorType.CONFLICT, "이미 존재하는 ID입니다.");
+        }
+
+        BirthDate birthDateVo = BirthDate.from(birthDate);
+        Password password = Password.create(plainPassword, birthDateVo.value(), passwordEncoder);
+        Email emailVo = new Email(email);
+
+        Member member = new Member(loginIdVo, password, name, birthDateVo, emailVo);
+        try {
+            return memberRepository.save(member);
+        } catch (DataIntegrityViolationException e) {
+            throw new CoreException(ErrorType.CONFLICT, "이미 존재하는 ID입니다.", e);
+        }
+    }
-    @Transactional
-    public Member register(String loginId, String plainPassword, String name,
-                           String birthDate, String email) {
-        LoginId loginIdVo = new LoginId(loginId);
-
-        if (memberRepository.existsByLoginId(loginIdVo)) {
-            throw new CoreException(ErrorType.CONFLICT, "이미 존재하는 ID입니다.");
-        }
-
-        BirthDate birthDateVo = BirthDate.from(birthDate);
-        Password password = Password.create(plainPassword, birthDateVo.value(), passwordEncoder);
-        Email emailVo = new Email(email);
-
-        Member member = new Member(loginIdVo, password, name, birthDateVo, emailVo);
-        return memberRepository.save(member);
-    }
+    `@Transactional`
+    public Member register(String loginId, String plainPassword, String name,
+                           String birthDate, String email) {
+        LoginId loginIdVo = new LoginId(loginId);
+
+        if (memberRepository.existsByLoginId(loginIdVo)) {
+            throw new CoreException(ErrorType.CONFLICT, "이미 존재하는 ID입니다.");
+        }
+
+        BirthDate birthDateVo = BirthDate.from(birthDate);
+        Password password = Password.create(plainPassword, birthDateVo.value(), passwordEncoder);
+        Email emailVo = new Email(email);
+
+        Member member = new Member(loginIdVo, password, name, birthDateVo, emailVo);
+        try {
+            return memberRepository.save(member);
+        } catch (DataIntegrityViolationException e) {
+            throw new CoreException(ErrorType.CONFLICT, "이미 존재하는 ID입니다.", e);
+        }
+    }
+
+    public Optional<Member> findByLoginId(String loginId) {
+        return memberRepository.findByLoginId(new LoginId(loginId));
+    }
+
+    @Transactional
+    public void changePassword(Member member, String currentPlain, String newPlain) {
+        if (!member.getPassword().matches(currentPlain, passwordEncoder)) {
+            throw new CoreException(ErrorType.BAD_REQUEST, "현재 비밀번호가 일치하지 않습니다.");
+        }
+
+        if (member.getPassword().matches(newPlain, passwordEncoder)) {
+            throw new CoreException(ErrorType.BAD_REQUEST,
+                "새 비밀번호는 현재 비밀번호와 달라야 합니다.");
+        }
+
+        Password newPassword = Password.create(
+            newPlain, member.getBirthDate().value(), passwordEncoder);
+        member.changePassword(newPassword);
-    @Transactional
-    public void changePassword(Member member, String currentPlain, String newPlain) {
-        if (!member.getPassword().matches(currentPlain, passwordEncoder)) {
-            throw new CoreException(ErrorType.BAD_REQUEST, "현재 비밀번호가 일치하지 않습니다.");
-        }
-
-        if (member.getPassword().matches(newPlain, passwordEncoder)) {
-            throw new CoreException(ErrorType.BAD_REQUEST,
-                "새 비밀번호는 현재 비밀번호와 달라야 합니다.");
-        }
-
-        Password newPassword = Password.create(
-            newPlain, member.getBirthDate().value(), passwordEncoder);
-        member.changePassword(newPassword);
+    `@Transactional`
+    public void changePassword(Member member, String currentPlain, String newPlain) {
+        if (!member.getPassword().matches(currentPlain, passwordEncoder)) {
+            throw new CoreException(ErrorType.BAD_REQUEST, "현재 비밀번호가 일치하지 않습니다.");
+        }
+
+        if (member.getPassword().matches(newPlain, passwordEncoder)) {
+            throw new CoreException(ErrorType.BAD_REQUEST,
+                "새 비밀번호는 현재 비밀번호와 달라야 합니다.");
+        }
+
+        Password newPassword = Password.create(
+            newPlain, member.getBirthDate().value(), passwordEncoder);
+        member.changePassword(newPassword);
+        memberRepository.save(member);
+    }
-    @Transactional
-    public void changePassword(Member member, String currentPlain, String newPlain) {
-        if (!member.getPassword().matches(currentPlain, passwordEncoder)) {
-            throw new CoreException(ErrorType.BAD_REQUEST, "현재 비밀번호가 일치하지 않습니다.");
-        }
-
-        if (member.getPassword().matches(newPlain, passwordEncoder)) {
-            throw new CoreException(ErrorType.BAD_REQUEST,
-                "새 비밀번호는 현재 비밀번호와 달라야 합니다.");
-        }
-
-        Password newPassword = Password.create(
-            newPlain, member.getBirthDate().value(), passwordEncoder);
-        member.changePassword(newPassword);
+    `@Transactional`
+    public void changePassword(Member member, String currentPlain, String newPlain) {
+        if (!member.getPassword().matches(currentPlain, passwordEncoder)) {
+            throw new CoreException(ErrorType.BAD_REQUEST, "현재 비밀번호가 일치하지 않습니다.");
+        }
+
+        if (member.getPassword().matches(newPlain, passwordEncoder)) {
+            throw new CoreException(ErrorType.BAD_REQUEST,
+                "새 비밀번호는 현재 비밀번호와 달라야 합니다.");
+        }
+
+        Password newPassword = Password.create(
+            newPlain, member.getBirthDate().value(), passwordEncoder);
+        member.changePassword(newPassword);
+        memberRepository.save(member);
+    }
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/domain/member/policy/PasswordPolicy.java b/apps/commerce-api/src/main/java/com/loopers/domain/member/policy/PasswordPolicy.java
@@ -0,0 +1,45 @@
+package com.loopers.domain.member.policy;
+
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+import java.util.List;
+import java.util.regex.Pattern;
+
+public class PasswordPolicy {
+
+    private static final Pattern FORMAT_PATTERN =
+        Pattern.compile("^[A-Za-z0-9!@#$%^&*()_+=-]{8,16}$");
+
+    public static void validate(String plain, LocalDate birthDate) {
+        validateFormat(plain);
+        validateNotContainsSubstrings(plain,
+            extractBirthDateStrings(birthDate),
+            "비밀번호에 생년월일을 포함할 수 없습니다.");
+    }
+
+    public static void validateFormat(String plain) {
+        if (plain == null || !FORMAT_PATTERN.matcher(plain).matches()) {
+            throw new CoreException(ErrorType.BAD_REQUEST,
+                "비밀번호는 8~16자의 영문, 숫자, 특수문자만 허용됩니다.");
+        }
+    }
+
+    public static void validateNotContainsSubstrings(
+            String plain, List<String> forbidden, String errorMessage) {
+        for (String s : forbidden) {
+            if (plain.contains(s)) {
+                throw new CoreException(ErrorType.BAD_REQUEST, errorMessage);
+            }
+        }
+    }
+
+    public static List<String> extractBirthDateStrings(LocalDate birthDate) {
+        return List.of(
+            birthDate.format(DateTimeFormatter.ofPattern("yyyyMMdd")),
+            birthDate.format(DateTimeFormatter.ofPattern("yyMMdd"))
+        );
+    }
+}