보안 점검 및 대시보드 문구 수정

app/api/kis/_session.ts

@@ -0,0 +1,18 @@
+import { createClient } from "@/utils/supabase/server";
+
+/**
+ * @description KIS API 라우트 접근 전에 Supabase 로그인 세션을 검증합니다.
+ * @returns 로그인 세션 존재 여부
+ * @remarks UI 흐름: 클라이언트 요청 -> KIS API route -> hasKisApiSession -> (실패 시 401, 성공 시 KIS 호출)
+ * @see app/api/kis/domestic/balance/route.ts 잔고 API 세션 가드
+ * @see app/api/kis/validate/route.ts 인증 검증 API 세션 가드
+ */
+export async function hasKisApiSession() {
+  const supabase = await createClient();
+  const {
+    data: { user },
+    error,
+  } = await supabase.auth.getUser();
+
+  return Boolean(!error && user);
+}

app/api/kis/domestic/_shared.ts

@@ -26,7 +26,7 @@ export function readKisCredentialsFromHeaders(headers: Headers): KisCredentialIn
 }
 
 /**
- * @description 요청 헤더(또는 서버 환경변수)에서 계좌번호(8-2)를 읽어옵니다.
+ * @description 요청 헤더에서 계좌번호(8-2)를 읽어옵니다.
  * @param headers 요청 헤더
  * @returns 계좌번호 파트(8 + 2) 또는 null
  * @see app/api/kis/domestic/balance/route.ts 잔고 조회 시 필수 계좌정보 파싱
@@ -35,11 +35,5 @@ export function readKisAccountParts(headers: Headers) {
   const headerAccountNo = headers.get("x-kis-account-no");
   const headerAccountProductCode = headers.get("x-kis-account-product-code");
 
-  const envAccountNo = process.env.KIS_ACCOUNT_NO;
-  const envAccountProductCode = process.env.KIS_ACCOUNT_PRODUCT_CODE;
-
-  return (
-    parseKisAccountParts(headerAccountNo, headerAccountProductCode) ??
-    parseKisAccountParts(envAccountNo, envAccountProductCode)
-  );
+  return parseKisAccountParts(headerAccountNo, headerAccountProductCode);
 }

app/api/kis/domestic/activity/route.ts

@@ -2,6 +2,7 @@ import { NextResponse } from "next/server";
 import type { DashboardActivityResponse } from "@/features/dashboard/types/dashboard.types";
 import { hasKisConfig, normalizeTradingEnv } from "@/lib/kis/config";
 import { getDomesticDashboardActivity } from "@/lib/kis/dashboard";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 import {
   readKisAccountParts,
   readKisCredentialsFromHeaders,
@@ -20,6 +21,11 @@ import {
  * @see features/dashboard/components/ActivitySection.tsx 주문내역/매매일지 섹션 렌더링
  */
 export async function GET(request: Request) {
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json({ error: "로그인이 필요합니다." }, { status: 401 });
+  }
+
   const credentials = readKisCredentialsFromHeaders(request.headers);
 
   if (!hasKisConfig(credentials)) {

app/api/kis/domestic/balance/route.ts

@@ -2,6 +2,7 @@ import { NextResponse } from "next/server";
 import type { DashboardBalanceResponse } from "@/features/dashboard/types/dashboard.types";
 import { hasKisConfig, normalizeTradingEnv } from "@/lib/kis/config";
 import { getDomesticDashboardBalance } from "@/lib/kis/dashboard";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 import {
   readKisAccountParts,
   readKisCredentialsFromHeaders,
@@ -18,6 +19,11 @@ import {
  * @see features/dashboard/hooks/use-dashboard-data.ts 대시보드 초기 로드/새로고침에서 호출합니다.
  */
 export async function GET(request: Request) {
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json({ error: "로그인이 필요합니다." }, { status: 401 });
+  }
+
   const credentials = readKisCredentialsFromHeaders(request.headers);
 
   if (!hasKisConfig(credentials)) {

app/api/kis/domestic/chart/route.ts

@@ -6,6 +6,7 @@ import type { KisCredentialInput } from "@/lib/kis/config";
 import { hasKisConfig, normalizeTradingEnv } from "@/lib/kis/config";
 import { getDomesticChart } from "@/lib/kis/domestic";
 import { NextRequest, NextResponse } from "next/server";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 
 const VALID_TIMEFRAMES: DashboardChartTimeframe[] = [
   "1m",
@@ -20,6 +21,11 @@ const VALID_TIMEFRAMES: DashboardChartTimeframe[] = [
  * @description 국내주식 차트(분봉/일봉/주봉) 조회 API
  */
 export async function GET(request: NextRequest) {
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json({ error: "로그인이 필요합니다." }, { status: 401 });
+  }
+
   const { searchParams } = new URL(request.url);
   const symbol = (searchParams.get("symbol") ?? "").trim();
   const timeframe = (

app/api/kis/domestic/indices/route.ts

@@ -2,6 +2,7 @@ import { NextResponse } from "next/server";
 import type { DashboardIndicesResponse } from "@/features/dashboard/types/dashboard.types";
 import { hasKisConfig, normalizeTradingEnv } from "@/lib/kis/config";
 import { getDomesticDashboardIndices } from "@/lib/kis/dashboard";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 import { readKisCredentialsFromHeaders } from "@/app/api/kis/domestic/_shared";
 
 /**
@@ -15,6 +16,11 @@ import { readKisCredentialsFromHeaders } from "@/app/api/kis/domestic/_shared";
  * @see features/dashboard/hooks/use-dashboard-data.ts 대시보드 초기 로드/주기 갱신에서 호출합니다.
  */
 export async function GET(request: Request) {
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json({ error: "로그인이 필요합니다." }, { status: 401 });
+  }
+
   const credentials = readKisCredentialsFromHeaders(request.headers);
 
   if (!hasKisConfig(credentials)) {

app/api/kis/domestic/order-cash/route.ts

@@ -4,6 +4,7 @@ import {
   DashboardStockCashOrderRequest,
   DashboardStockCashOrderResponse,
 } from "@/features/trade/types/trade.types";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 import {
   KisCredentialInput,
   hasKisConfig,
@@ -17,12 +18,25 @@ import {
 
 export async function POST(request: NextRequest) {
   const credentials = readKisCredentialsFromHeaders(request.headers);
+  const tradingEnv = normalizeTradingEnv(credentials.tradingEnv);
+
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json(
+      {
+        ok: false,
+        tradingEnv,
+        message: "로그인이 필요합니다.",
+      },
+      { status: 401 },
+    );
+  }
 
   if (!hasKisConfig(credentials)) {
     return NextResponse.json(
       {
         ok: false,
-        tradingEnv: normalizeTradingEnv(credentials.tradingEnv),
+        tradingEnv,
         message: "KIS API 키 설정이 필요합니다.",
       },
       { status: 400 },
@@ -42,7 +56,7 @@ export async function POST(request: NextRequest) {
       return NextResponse.json(
         {
           ok: false,
-          tradingEnv: normalizeTradingEnv(credentials.tradingEnv),
+          tradingEnv,
           message:
             "주문 정보가 올바르지 않습니다. (종목코드, 계좌번호, 수량 확인)",
         },
@@ -65,7 +79,7 @@ export async function POST(request: NextRequest) {
 
     const response: DashboardStockCashOrderResponse = {
       ok: true,
-      tradingEnv: normalizeTradingEnv(credentials.tradingEnv),
+      tradingEnv,
       message: "주문이 전송되었습니다.",
       orderNo: output.ODNO,
       orderTime: output.ORD_TMD,
@@ -81,7 +95,7 @@ export async function POST(request: NextRequest) {
     return NextResponse.json(
       {
         ok: false,
-        tradingEnv: normalizeTradingEnv(credentials.tradingEnv),
+        tradingEnv,
         message,
       },
       { status: 500 },

app/api/kis/domestic/orderbook/route.ts

@@ -4,6 +4,7 @@ import {
   KisDomesticOrderBookOutput,
 } from "@/lib/kis/domestic";
 import { DashboardStockOrderBookResponse } from "@/features/trade/types/trade.types";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 import {
   KisCredentialInput,
   hasKisConfig,
@@ -20,6 +21,11 @@ import {
  */
 
 export async function GET(request: NextRequest) {
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json({ error: "로그인이 필요합니다." }, { status: 401 });
+  }
+
   const { searchParams } = new URL(request.url);
   const symbol = (searchParams.get("symbol") ?? "").trim();
 

app/api/kis/domestic/overview/route.ts

@@ -2,6 +2,7 @@ import { KOREAN_STOCK_INDEX } from "@/features/trade/data/korean-stocks";
 import type { DashboardStockOverviewResponse } from "@/features/trade/types/trade.types";
 import type { KisCredentialInput } from "@/lib/kis/config";
 import { hasKisConfig, normalizeTradingEnv } from "@/lib/kis/config";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 import { getDomesticOverview } from "@/lib/kis/domestic";
 import { NextRequest, NextResponse } from "next/server";
 import {
@@ -20,6 +21,11 @@ import {
  * @returns 대시보드 상세 모델
  */
 export async function GET(request: NextRequest) {
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json({ error: "로그인이 필요합니다." }, { status: 401 });
+  }
+
   const { searchParams } = new URL(request.url);
   const symbol = (searchParams.get("symbol") ?? "").trim();
 

app/api/kis/domestic/search/route.ts

@@ -4,6 +4,7 @@ import type {
   DashboardStockSearchResponse,
   KoreanStockIndexItem,
 } from "@/features/trade/types/trade.types";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 import { NextRequest, NextResponse } from "next/server";
 
 const SEARCH_LIMIT = 10;
@@ -26,6 +27,11 @@ const SEARCH_LIMIT = 10;
  * @see features/trade/components/dashboard-main.tsx 검색 폼에서 호출합니다.
  */
 export async function GET(request: NextRequest) {
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json({ error: "로그인이 필요합니다." }, { status: 401 });
+  }
+
   // [Step 1] query string에서 검색어(q)를 읽고 공백을 제거합니다.
   const { searchParams } = new URL(request.url);
   const query = (searchParams.get("q") ?? "").trim();

app/api/kis/revoke/route.ts

@@ -5,6 +5,7 @@ import {
   validateKisCredentialInput,
 } from "@/lib/kis/request";
 import { revokeKisAccessToken } from "@/lib/kis/token";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 import { NextRequest, NextResponse } from "next/server";
 
 /**
@@ -20,6 +21,18 @@ export async function POST(request: NextRequest) {
   const credentials = await parseKisCredentialRequest(request);
   const tradingEnv = normalizeTradingEnv(credentials.tradingEnv);
 
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json(
+      {
+        ok: false,
+        tradingEnv,
+        message: "로그인이 필요합니다.",
+      } satisfies DashboardKisRevokeResponse,
+      { status: 401 },
+    );
+  }
+
   const invalidMessage = validateKisCredentialInput(credentials);
   if (invalidMessage) {
     return NextResponse.json(

app/api/kis/validate-profile/route.ts

@@ -1,5 +1,6 @@
 import { NextRequest, NextResponse } from "next/server";
 import type { DashboardKisProfileValidateResponse } from "@/features/trade/types/trade.types";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 import { parseKisAccountParts } from "@/lib/kis/account";
 import { kisGet } from "@/lib/kis/client";
 import { normalizeTradingEnv, type KisCredentialInput } from "@/lib/kis/config";
@@ -43,6 +44,22 @@ const BALANCE_VALIDATION_PRESETS: BalanceValidationPreset[] = [
  * @see features/settings/apis/kis-auth.api.ts validateKisProfile 클라이언트 API 함수
  */
 export async function POST(request: NextRequest) {
+  const fallbackTradingEnv = normalizeTradingEnv(
+    request.headers.get("x-kis-trading-env") ?? undefined,
+  );
+
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json(
+      {
+        ok: false,
+        tradingEnv: fallbackTradingEnv,
+        message: "로그인이 필요합니다.",
+      } satisfies Pick<DashboardKisProfileValidateResponse, "ok" | "tradingEnv" | "message">,
+      { status: 401 },
+    );
+  }
+
   let body: KisProfileValidateRequestBody = {};
 
   try {
@@ -51,7 +68,7 @@ export async function POST(request: NextRequest) {
     return NextResponse.json(
       {
         ok: false,
-        tradingEnv: "mock",
+        tradingEnv: fallbackTradingEnv,
         message: "요청 본문(JSON)을 읽을 수 없습니다.",
       } satisfies Pick<DashboardKisProfileValidateResponse, "ok" | "tradingEnv" | "message">,
       { status: 400 },

app/api/kis/validate/route.ts

@@ -5,6 +5,7 @@ import {
   validateKisCredentialInput,
 } from "@/lib/kis/request";
 import { getKisAccessToken } from "@/lib/kis/token";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 import { NextRequest, NextResponse } from "next/server";
 
 /**
@@ -20,6 +21,18 @@ export async function POST(request: NextRequest) {
   const credentials = await parseKisCredentialRequest(request);
   const tradingEnv = normalizeTradingEnv(credentials.tradingEnv);
 
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json(
+      {
+        ok: false,
+        tradingEnv,
+        message: "로그인이 필요합니다.",
+      } satisfies DashboardKisValidateResponse,
+      { status: 401 },
+    );
+  }
+
   const invalidMessage = validateKisCredentialInput(credentials);
   if (invalidMessage) {
     return NextResponse.json(

app/api/kis/ws/approval/route.ts

@@ -1,4 +1,5 @@
 import type { DashboardKisWsApprovalResponse } from "@/features/trade/types/trade.types";
+import { hasKisApiSession } from "@/app/api/kis/_session";
 import { getKisApprovalKey, resolveKisWebSocketUrl } from "@/lib/kis/approval";
 import { normalizeTradingEnv } from "@/lib/kis/config";
 import {
@@ -20,6 +21,18 @@ export async function POST(request: NextRequest) {
   const credentials = await parseKisCredentialRequest(request);
   const tradingEnv = normalizeTradingEnv(credentials.tradingEnv);
 
+  const hasSession = await hasKisApiSession();
+  if (!hasSession) {
+    return NextResponse.json(
+      {
+        ok: false,
+        tradingEnv,
+        message: "로그인이 필요합니다.",
+      } satisfies DashboardKisWsApprovalResponse,
+      { status: 401 },
+    );
+  }
+
   const invalidMessage = validateKisCredentialInput(credentials);
   if (invalidMessage) {
     return NextResponse.json(