Merged
Conversation
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (136)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
# Conflicts: # src/main/java/com/souzip/application/admin/required/CityCommandPort.java # src/main/java/com/souzip/application/admin/required/CityQueryPort.java # src/main/java/com/souzip/application/admin/required/CountryQueryPort.java
Develop-KIM
force-pushed
the
fix/NO-ISSUE-properties
branch
from
d48c7ed to
8feeb45
Compare
There was a problem hiding this comment.
Pull request overview
This PR rolls back to commit 755d2a7 while re-establishing the admin domain/API structure under com.souzip.domain.admin (models, application services, persistence adapters, security wiring) and updating tests + REST Docs accordingly.
Changes:
- Introduces a new
domain.adminmodule (controllers, services/use-cases, repositories, ports/adapters, security annotations/filter/resolver, init/cleanup scheduler). - Replaces legacy
application.admin+adapter.webapi.adminadmin implementations with the new structure and removes outdated DTOs/services/tests. - Adds/updates controller/service/repository/unit tests and adjusts REST Docs snippets + documentation.
Reviewed changes
Copilot reviewed 135 out of 136 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| src/test/java/com/souzip/domain/admin/presentation/AdminManagementControllerTest.java | Adds RestDocs tests for admin management endpoints |
| src/test/java/com/souzip/domain/admin/presentation/AdminAuthControllerTest.java | Adds RestDocs tests for admin auth endpoints |
| src/test/java/com/souzip/domain/admin/model/UsernameTest.java | Adds Username value-object tests |
| src/test/java/com/souzip/domain/admin/model/PasswordTest.java | Adds Password value-object tests |
| src/test/java/com/souzip/domain/admin/model/AdminTest.java | Adds Admin domain tests |
| src/test/java/com/souzip/domain/admin/model/AdminRefreshTokenTest.java | Adds AdminRefreshToken domain tests |
| src/test/java/com/souzip/domain/admin/infrastructure/persistence/AdminRepositoryTest.java | Adds JPA adapter tests for AdminRepositoryImpl |
| src/test/java/com/souzip/domain/admin/infrastructure/persistence/AdminRefreshTokenRepositoryTest.java | Adds JPA adapter tests for refresh token repository |
| src/test/java/com/souzip/domain/admin/infrastructure/persistence/AdminRefreshTokenMapperTest.java | Adds mapper tests for refresh token entity/domain |
| src/test/java/com/souzip/domain/admin/infrastructure/persistence/AdminMapperTest.java | Adds mapper tests for admin entity/domain |
| src/test/java/com/souzip/domain/admin/fixture/TestAdminPasswordEncoder.java | Adds test password encoder fixture |
| src/test/java/com/souzip/domain/admin/application/AdminManagementServiceTest.java | Adds service tests for admin management |
| src/test/java/com/souzip/domain/admin/application/AdminCountryQueryServiceTest.java | Adds query service tests for countries |
| src/test/java/com/souzip/domain/admin/application/AdminCityQueryServiceTest.java | Adds query service tests for cities |
| src/test/java/com/souzip/domain/admin/application/AdminAuthServiceTest.java | Adds auth service tests (login/refresh/logout) |
| src/test/java/com/souzip/domain/admin/AdminTest.java | Removes legacy admin domain test |
| src/test/java/com/souzip/domain/admin/AdminRefreshTokenTest.java | Removes legacy refresh token test |
| src/test/java/com/souzip/domain/admin/AdminFixture.java | Removes legacy admin fixture |
| src/test/java/com/souzip/docs/RestDocsSupport.java | Updates CurrentAdminId import/package |
| src/test/java/com/souzip/application/admin/AdminQueryServiceTest.java | Removes legacy application-layer admin tests |
| src/test/java/com/souzip/application/admin/AdminModifyServiceTest.java | Removes legacy application-layer admin tests |
| src/test/java/com/souzip/application/admin/AdminAuthServiceTest.java | Removes legacy application-layer admin tests |
| src/test/java/com/souzip/adapter/webapi/admin/AdminNoticeApiTest.java | Adjusts imports to new AdminRole location |
| src/test/java/com/souzip/adapter/webapi/admin/AdminLocationApiTest.java | Removes legacy admin location API test |
| src/test/java/com/souzip/adapter/webapi/admin/AdminAuthApiTest.java | Removes legacy admin auth API test |
| src/test/java/com/souzip/adapter/webapi/admin/AdminApiTest.java | Removes legacy admin API test |
| src/main/resources/META-INF/orm.xml | Removes legacy admin ORM mappings and reformats XML |
| src/main/java/com/souzip/global/security/config/SecurityConfig.java | Points to new admin JWT filter package |
| src/main/java/com/souzip/global/config/WebConfig.java | Points to new CurrentAdminIdArgumentResolver package |
| src/main/java/com/souzip/domain/city/entity/CityUpdateRequest.java | Removes legacy city update request DTO |
| src/main/java/com/souzip/domain/city/entity/CityCreateRequest.java | Removes legacy city create request DTO |
| src/main/java/com/souzip/domain/admin/repository/AdminRepository.java | Adds admin repository abstraction |
| src/main/java/com/souzip/domain/admin/repository/AdminRefreshTokenRepository.java | Moves refresh token repository to domain layer + adjusts API |
| src/main/java/com/souzip/domain/admin/presentation/response/InviteAdminResponse.java | Adds invite response DTO |
| src/main/java/com/souzip/domain/admin/presentation/response/AdminResponse.java | Adds admin list response DTO + pagination mapping |
| src/main/java/com/souzip/domain/admin/presentation/response/AdminRefreshResponse.java | Adds refresh response DTO |
| src/main/java/com/souzip/domain/admin/presentation/response/AdminLoginResponse.java | Adds login response DTO |
| src/main/java/com/souzip/domain/admin/presentation/request/UpdateCityRequest.java | Adds update-city-name request DTO |
| src/main/java/com/souzip/domain/admin/presentation/request/InviteAdminRequest.java | Adds invite-admin request DTO + validation |
| src/main/java/com/souzip/domain/admin/presentation/request/CreateCityRequest.java | Adds create-city request DTO + validation |
| src/main/java/com/souzip/domain/admin/presentation/request/AdminRefreshRequest.java | Adds refresh request DTO + validation |
| src/main/java/com/souzip/domain/admin/presentation/request/AdminLoginRequest.java | Adds login request DTO + command mapping |
| src/main/java/com/souzip/domain/admin/presentation/AdminManagementController.java | Adds admin management endpoints (admins/countries/cities) |
| src/main/java/com/souzip/domain/admin/presentation/AdminAuthController.java | Adds admin auth endpoints (login/refresh/logout) |
| src/main/java/com/souzip/domain/admin/model/Username.java | Adds username value object + validation |
| src/main/java/com/souzip/domain/admin/model/Password.java | Adds password value object (encoding/matching) |
| src/main/java/com/souzip/domain/admin/model/AdminRole.java | Moves AdminRole into domain.admin.model |
| src/main/java/com/souzip/domain/admin/model/AdminRefreshToken.java | Adds refresh token domain model |
| src/main/java/com/souzip/domain/admin/model/AdminPasswordEncoder.java | Adds password encoder interface |
| src/main/java/com/souzip/domain/admin/model/Admin.java | Adds admin domain aggregate |
| src/main/java/com/souzip/domain/admin/infrastructure/security/resolver/CurrentAdminIdArgumentResolver.java | Moves/updates resolver package + formatting |
| src/main/java/com/souzip/domain/admin/infrastructure/security/jwt/AdminJwtAuthenticationFilter.java | Moves/updates admin JWT filter package/imports |
| src/main/java/com/souzip/domain/admin/infrastructure/security/annotation/ViewerAccess.java | Adds method-security annotation for viewer/admin/super-admin |
| src/main/java/com/souzip/domain/admin/infrastructure/security/annotation/SuperAdminOnly.java | Adds method-security annotation for super-admin only |
| src/main/java/com/souzip/domain/admin/infrastructure/security/annotation/CurrentAdminId.java | Moves CurrentAdminId annotation package |
| src/main/java/com/souzip/domain/admin/infrastructure/security/annotation/AdminAccess.java | Adds method-security annotation for admin/super-admin |
| src/main/java/com/souzip/domain/admin/infrastructure/scheduler/AdminRefreshTokenCleanupScheduler.java | Moves refresh-token cleanup scheduler into admin module |
| src/main/java/com/souzip/domain/admin/infrastructure/persistence/CountryQueryAdapter.java | Adds adapter from CountryAdminPort to admin query port |
| src/main/java/com/souzip/domain/admin/infrastructure/persistence/CityQueryAdapter.java | Adds adapter from CityAdminPort to admin query port |
| src/main/java/com/souzip/domain/admin/infrastructure/persistence/CityCommandAdapter.java | Adds adapter from admin commands to city management port |
| src/main/java/com/souzip/domain/admin/infrastructure/persistence/AdminRepositoryImpl.java | Adds JPA-backed admin repository implementation |
| src/main/java/com/souzip/domain/admin/infrastructure/persistence/AdminRefreshTokenRepositoryImpl.java | Adds JPA-backed refresh token repository implementation |
| src/main/java/com/souzip/domain/admin/infrastructure/persistence/AdminRefreshTokenMapper.java | Adds refresh token entity/domain mapper |
| src/main/java/com/souzip/domain/admin/infrastructure/persistence/AdminRefreshTokenJpaRepository.java | Adds Spring Data JPA repository for refresh tokens |
| src/main/java/com/souzip/domain/admin/infrastructure/persistence/AdminMapper.java | Adds admin entity/domain mapper |
| src/main/java/com/souzip/domain/admin/infrastructure/persistence/AdminJpaRepository.java | Adds Spring Data JPA repository for admins |
| src/main/java/com/souzip/domain/admin/infrastructure/init/AdminProperties.java | Adds initial-admin configuration properties |
| src/main/java/com/souzip/domain/admin/infrastructure/init/AdminInitializer.java | Adds initializer to create initial SUPER_ADMIN if missing |
| src/main/java/com/souzip/domain/admin/infrastructure/entity/AdminRefreshTokenEntity.java | Adds JPA entity for refresh tokens |
| src/main/java/com/souzip/domain/admin/infrastructure/entity/AdminEntity.java | Adds JPA entity for admins |
| src/main/java/com/souzip/domain/admin/infrastructure/encoder/AdminPasswordEncoderImpl.java | Adds Spring Security PasswordEncoder adapter |
| src/main/java/com/souzip/domain/admin/exception/AdminException.java | Minor formatting cleanup |
| src/main/java/com/souzip/domain/admin/exception/AdminErrorCode.java | Adjusts error codes (adds username empty) |
| src/main/java/com/souzip/domain/admin/application/query/CitySearchQuery.java | Adds query DTO for city search |
| src/main/java/com/souzip/domain/admin/application/query/AdminCountryQueryService.java | Adds country query use-case implementation |
| src/main/java/com/souzip/domain/admin/application/query/AdminCityQueryService.java | Adds city query use-case implementation |
| src/main/java/com/souzip/domain/admin/application/port/CountryQueryPort.java | Adds country query port |
| src/main/java/com/souzip/domain/admin/application/port/CityQueryPort.java | Adds city query port |
| src/main/java/com/souzip/domain/admin/application/port/CityCommandPort.java | Adds city command port |
| src/main/java/com/souzip/domain/admin/application/command/InviteAdminCommand.java | Adds invite admin command |
| src/main/java/com/souzip/domain/admin/application/command/AdminUpdateCityPriorityCommand.java | Adds update city priority command |
| src/main/java/com/souzip/domain/admin/application/command/AdminUpdateCityCommand.java | Adds update city name command |
| src/main/java/com/souzip/domain/admin/application/command/AdminLoginCommand.java | Adds login command |
| src/main/java/com/souzip/domain/admin/application/command/AdminDeleteCityCommand.java | Adds delete city command |
| src/main/java/com/souzip/domain/admin/application/command/AdminCreateCityCommand.java | Adds create city command |
| src/main/java/com/souzip/domain/admin/application/AdminManagementUseCase.java | Adds admin management use-case interface |
| src/main/java/com/souzip/domain/admin/application/AdminManagementService.java | Adds admin management service implementation |
| src/main/java/com/souzip/domain/admin/application/AdminCountryQueryUseCase.java | Adds country query use-case interface |
| src/main/java/com/souzip/domain/admin/application/AdminCityQueryUseCase.java | Adds city query use-case interface |
| src/main/java/com/souzip/domain/admin/application/AdminAuthService.java | Adds admin auth service (JWT + refresh tokens) |
| src/main/java/com/souzip/domain/admin/PasswordEncoder.java | Removes legacy password encoder interface |
| src/main/java/com/souzip/domain/admin/AdminRegisterRequest.java | Removes legacy register request DTO |
| src/main/java/com/souzip/domain/admin/AdminRefreshToken.java | Removes legacy refresh token domain entity |
| src/main/java/com/souzip/domain/admin/Admin.java | Removes legacy admin domain entity |
| src/main/java/com/souzip/application/notice/assembler/NoticeResponseAssembler.java | Adjusts author username mapping to Username.value() |
| src/main/java/com/souzip/application/admin/required/TokenProvider.java | Removes legacy token provider abstraction |
| src/main/java/com/souzip/application/admin/required/CountryQueryPort.java | Removes legacy country query port |
| src/main/java/com/souzip/application/admin/required/CityQueryPort.java | Removes legacy city query port |
| src/main/java/com/souzip/application/admin/required/CityCommandPort.java | Removes legacy city command port |
| src/main/java/com/souzip/application/admin/required/AdminRepository.java | Removes legacy admin repository contract |
| src/main/java/com/souzip/application/admin/provided/AdminModifier.java | Removes legacy provided interface |
| src/main/java/com/souzip/application/admin/provided/AdminLocationModifier.java | Removes legacy provided interface |
| src/main/java/com/souzip/application/admin/provided/AdminLocationFinder.java | Removes legacy provided interface |
| src/main/java/com/souzip/application/admin/provided/AdminFinder.java | Removes legacy provided interface |
| src/main/java/com/souzip/application/admin/dto/AdminRefreshResult.java | Removes legacy DTO |
| src/main/java/com/souzip/application/admin/dto/AdminPageResult.java | Removes legacy DTO |
| src/main/java/com/souzip/application/admin/dto/AdminLoginResult.java | Removes legacy DTO |
| src/main/java/com/souzip/application/admin/AdminQueryService.java | Removes legacy query service |
| src/main/java/com/souzip/application/admin/AdminModifyService.java | Removes legacy modify service |
| src/main/java/com/souzip/application/admin/AdminLocationQueryService.java | Removes legacy location query service |
| src/main/java/com/souzip/application/admin/AdminLocationModifyService.java | Removes legacy location modify service |
| src/main/java/com/souzip/application/admin/AdminAuthService.java | Removes legacy admin auth service |
| src/main/java/com/souzip/adapter/webapi/admin/dto/CountryResponse.java | Removes legacy web DTO |
| src/main/java/com/souzip/adapter/webapi/admin/dto/CityResponse.java | Removes legacy web DTO |
| src/main/java/com/souzip/adapter/webapi/admin/dto/AdminResponse.java | Removes legacy web DTO |
| src/main/java/com/souzip/adapter/webapi/admin/dto/AdminRegisterResponse.java | Removes legacy web DTO |
| src/main/java/com/souzip/adapter/webapi/admin/dto/AdminRefreshResponse.java | Removes legacy web DTO |
| src/main/java/com/souzip/adapter/webapi/admin/dto/AdminRefreshRequest.java | Removes legacy web DTO |
| src/main/java/com/souzip/adapter/webapi/admin/dto/AdminLoginResponse.java | Removes legacy web DTO |
| src/main/java/com/souzip/adapter/webapi/admin/dto/AdminLoginRequest.java | Removes legacy web DTO |
| src/main/java/com/souzip/adapter/webapi/admin/AdminNoticeApi.java | Switches security annotation imports to new packages |
| src/main/java/com/souzip/adapter/webapi/admin/AdminLocationApi.java | Removes legacy admin location API |
| src/main/java/com/souzip/adapter/webapi/admin/AdminAuthApi.java | Removes legacy admin auth API |
| src/main/java/com/souzip/adapter/webapi/admin/AdminApi.java | Removes legacy admin API |
| src/main/java/com/souzip/adapter/security/admin/jwt/JwtTokenProviderAdapter.java | Removes legacy token provider adapter |
| src/main/java/com/souzip/adapter/security/admin/encoder/SecurePasswordEncoder.java | Removes legacy encoder implementation |
| src/main/java/com/souzip/adapter/security/admin/annotation/ViewerAccess.java | Removes legacy annotation |
| src/main/java/com/souzip/adapter/security/admin/annotation/SuperAdminOnly.java | Removes legacy annotation |
| src/main/java/com/souzip/adapter/security/admin/annotation/AdminAccess.java | Removes legacy annotation |
| src/main/java/com/souzip/adapter/persistence/admin/AdminInitializer.java | Removes legacy initializer |
| src/main/java/com/souzip/adapter/config/AdminProperties.java | Removes legacy properties component |
| src/docs/asciidoc/admin/location.adoc | Updates admin location docs (adds priority reset section) |
| .gitignore | Ignores root .env instead of resources .env |
Comments suppressed due to low confidence (1)
src/main/java/com/souzip/domain/admin/infrastructure/security/jwt/AdminJwtAuthenticationFilter.java:22
- Remove the inline "// ← 추가" comments in the import section. These comments add noise to production code and can trip style/checkstyle rules; the imports themselves are self-explanatory.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -32,15 +32,6 @@ operation::admin/get-cities[snippets='http-request,request-headers,query-paramet | |||
|
|
|||
| operation::admin/create-city[snippets='http-request,request-headers,request-fields,http-response,response-fields'] | |||
|
|
|||
There was a problem hiding this comment.
AdminManagementControllerTest documents a 도시 이름 수정 endpoint (admin/update-city-name), but this Asciidoc file no longer includes any section/operation that references that snippet. Add a 도시 이름 수정 section (or restore an update section) so the endpoint is included in the generated docs.
Suggested change
| [[city-update-name]] | |
| === 도시 이름 수정 | |
| 도시의 이름을 수정합니다. | |
| * SUPER_ADMIN 또는 ADMIN 권한이 필요합니다. | |
| operation::admin/update-city-name[snippets='http-request,request-headers,path-parameters,request-fields,http-response,response-fields'] |
Comment on lines
+75
to
+77
| requestFields( | ||
| fieldWithPath("username").type(JsonFieldType.STRING).description("어드민 아이디 (4~10자)"), | ||
| fieldWithPath("password").type(JsonFieldType.STRING).description("비밀번호") |
There was a problem hiding this comment.
The REST Docs description says the admin username is "410자", but the domain 10).Username value object validates 2~20 characters. Please align the documentation with the actual validation rules (or adjust the validation if the intended constraint is 4
Comment on lines
+20
to
+43
| public static AdminRefreshToken create(UUID adminId, String token, LocalDateTime expiresAt) { | ||
| return new AdminRefreshToken( | ||
| UUID.randomUUID(), | ||
| adminId, | ||
| token, | ||
| expiresAt, | ||
| LocalDateTime.now() | ||
| ); | ||
| } | ||
|
|
||
| public static AdminRefreshToken restore( | ||
| UUID id, | ||
| UUID adminId, | ||
| String token, | ||
| LocalDateTime expiresAt, | ||
| LocalDateTime createdAt | ||
| ) { | ||
| return new AdminRefreshToken(id, adminId, token, expiresAt, createdAt); | ||
| } | ||
|
|
||
| public void updateToken(String token, LocalDateTime expiresAt) { | ||
| this.token = token; | ||
| this.expiresAt = expiresAt; | ||
| } |
There was a problem hiding this comment.
AdminRefreshToken.create(...) and updateToken(...) no longer validate required fields (adminId/token/expiresAt). This permits constructing an invalid token object (null values) and can cause runtime failures later (e.g., expiry checks, persistence). Add null/blank checks (and optionally validate that expiresAt is in the future) to preserve domain invariants.
Comment on lines
+7
to
+10
| @ConfigurationProperties(prefix = "admin.initial") | ||
| public class | ||
| AdminProperties { | ||
| private final String username; |
There was a problem hiding this comment.
The class declaration is split across two lines (public class then AdminProperties). While valid Java, it’s likely an accidental formatting artifact and can violate style rules / reduce readability. Reformat to a standard single-line class declaration.
Comment on lines
+97
to
+100
| public SuccessResponse<PaginationResponse<CityQueryResult>> getCities( | ||
| @RequestParam Long countryId, | ||
| @RequestParam(required = false) String keyword, | ||
| @ModelAttribute PaginationRequest paginationRequest |
There was a problem hiding this comment.
GET /api/admin/cities currently requires countryId, but existing API docs/tests describe it as optional with a default (e.g., 83). If countryId should be optional, set required=false and provide defaultValue (or apply the default inside the method) so the runtime behavior matches the documented contract; otherwise update the docs/tests to remove the default/optional wording.
Comment on lines
+3
to
+16
| import com.souzip.domain.admin.application.AdminManagementService.AdminPageResult; | ||
| import com.souzip.domain.admin.application.command.AdminCreateCityCommand; | ||
| import com.souzip.domain.admin.application.command.AdminDeleteCityCommand; | ||
| import com.souzip.domain.admin.application.command.AdminUpdateCityCommand; | ||
| import com.souzip.domain.admin.application.command.AdminUpdateCityPriorityCommand; | ||
| import com.souzip.domain.admin.application.command.InviteAdminCommand; | ||
| import com.souzip.domain.admin.model.Admin; | ||
| import java.util.UUID; | ||
|
|
||
| public interface AdminManagementUseCase { | ||
|
|
||
| AdminPageResult getAdmins(int pageNo, int pageSize); | ||
|
|
||
| Admin inviteAdmin(InviteAdminCommand command); |
There was a problem hiding this comment.
AdminManagementUseCase depends on the nested AdminManagementService.AdminPageResult type, which couples the interface to a concrete implementation. Consider moving AdminPageResult to its own top-level DTO (or defining it on the interface) so other implementations can exist without importing the service class.
Comment on lines
+12
to
+30
| import com.souzip.domain.admin.infrastructure.encoder.AdminPasswordEncoderImpl; | ||
| import com.souzip.domain.admin.model.Admin; | ||
| import com.souzip.domain.admin.model.AdminRole; | ||
| import com.souzip.domain.admin.repository.AdminRepository; | ||
| import java.util.List; | ||
| import java.util.UUID; | ||
| import lombok.RequiredArgsConstructor; | ||
| import org.springframework.stereotype.Service; | ||
| import org.springframework.transaction.annotation.Transactional; | ||
|
|
||
| @Transactional(readOnly = true) | ||
| @RequiredArgsConstructor | ||
| @Service | ||
| public class AdminManagementService implements AdminManagementUseCase { | ||
|
|
||
| private final AdminRepository adminRepository; | ||
| private final AdminPasswordEncoderImpl passwordEncoder; | ||
| private final CityCommandPort cityCommandPort; | ||
|
|
There was a problem hiding this comment.
AdminManagementService injects AdminPasswordEncoderImpl (a concrete type) instead of the AdminPasswordEncoder interface. Injecting the interface keeps the service decoupled from the infrastructure layer and simplifies testing/replacement of the encoder implementation.
Comment on lines
+11
to
+17
| public static Password encode(String rawPassword, AdminPasswordEncoder encoder) { | ||
| return new Password(encoder.encode(rawPassword)); | ||
| } | ||
|
|
||
| public static Password of(String encodedValue) { | ||
| return new Password(encodedValue); | ||
| } |
There was a problem hiding this comment.
Password.encode(...) / Password.of(...) accept null (and encode will pass null through to the encoder). This allows creating an invalid Password value object and can lead to NPEs or weak/empty passwords being persisted (e.g., via initializer/service code). Add validation (non-null, and if required by the domain, minimum length) inside Password (and reintroduce/adjust an error code as needed) so invariants are enforced consistently.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d48c7ed979
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+36
to
+40
| Admin admin = Admin.create( | ||
| username.value(), | ||
| adminProperties.getPassword(), | ||
| AdminRole.SUPER_ADMIN, | ||
| passwordEncoder |
There was a problem hiding this comment.
여기서 초기 SUPER_ADMIN 생성 시 admin.initial.password를 그대로 Admin.create로 전달하고 있어, 최소 길이(8자) 같은 비밀번호 정책을 전혀 거치지 않습니다. 현재 초대 API는 DTO validation으로 길이를 막지만 bootstrap 경로는 우회되므로, 운영 설정 실수만으로 매우 약한 관리자 비밀번호가 저장되어 인증 보안이 약화됩니다.
Useful? React with 👍 / 👎.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.