20260226 #236 관리자 페이지 통계 대시보드 실시간 활동 로그 추가

[discipline24]

Summary by CodeRabbit

릴리스 노트

• New Features

  • 회원가입 및 비밀번호 재설정(이메일 코드) 공개 API 추가
  • 사용자 활동 로그 조회: 출석 및 게시판 활동 확인 가능

• Refactor

  • 인증 API 경로 통합: /api/auth/* 표준화
  • 관리자 API 경로 정리: /api/admin/*로 변경
  • 활동 이벤트 메시지를 사용자명 대신 콘텐츠 중심으로 개선

• Frontend

  • 프론트엔드 인증 호출 경로를 /api/auth/*로 업데이트

• Chores

  • 배포 리소스 및 컨테이너 메모리 한도 상향 조정

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e6bc815 and 19ed65d.

📒 Files selected for processing (1)

• backend/src/main/java/org/sejongisc/backend/common/auth/service/EmailService.java

---

Walkthrough

인증 엔드포인트를 AuthController로 통합하고(Activity 관련 엔드포인트 포함), ActivityLog/ActivityEvent 필드명(type→activityType) 및 관련 저장소·리스너를 갱신했으며, 사용자 활동 조회 API와 관리자 컨트롤러 경로 변경 등을 적용했습니다.

Changes

Cohort / File(s)	Summary
Activity log 모델 및 리스너 backend/src/main/java/.../activity/entity/ActivityLog.java, backend/src/main/java/.../activity/event/ActivityEvent.java, backend/src/main/java/.../activity/listener/ActivityEventListener.java, backend/src/main/java/.../activity/repository/ActivityLogRepository.java	필드/레코드명 type → activityType로 변경(빌더/생성자/액세서명 포함). ActivityLog 빌더 생성자에서 createdAt 초기화 추가. Repository JPQL·쿼리·시그니처(페이징→리스트 필터) 업데이트.
인증·비밀번호 재설정 흐름 이동 및 확장 backend/src/main/java/.../auth/controller/AuthController.java, backend/src/main/java/.../common/auth/service/AuthService.java, backend/src/main/java/.../common/auth/service/EmailService.java, backend/src/main/java/.../config/security/SecurityConstants.java, frontend/src/utils/auth.js	회원가입·비밀번호 재설정 엔드포인트를 AuthController로 추가/통합. AuthService에 signup·passwordResetSendCode·resetPasswordByCode 등 추가. EmailService에 sendResetEmail 추가하고 RedisService 사용으로 전환. 시큐리티 화이트리스트와 프론트엔드 경로 동기화.
UserService / UserController 변경 backend/src/main/java/.../user/service/UserService.java, backend/src/main/java/.../user/controller/UserController.java	UserService에서 signup/비밀번호 재설정 로직 제거, ActivityLog 조회 메서드(getAttendanceActivityLog, getBoardActivityLog) 및 사용자 관리(soft-delete, 상태/역할 변경, 승급) 추가. UserController에서 signup/password-reset 엔드포인트 제거하고 활동 로그 조회 엔드포인트 추가.
Activity 메시지 텍스트 변경 backend/src/main/java/.../attendance/service/AttendanceService.java, backend/src/main/java/.../betting/service/BettingService.java, backend/src/main/java/.../board/service/PostInteractionService.java, backend/src/main/java/.../board/service/PostServiceImpl.java	ActivityEvent에 담기는 메시지에서 사용자명 접두사 제거, 세션/게시물 제목 기반 간결한 메시지로 변경(문구 변경만).
관리자 컨트롤러 재구성 backend/src/main/java/.../admin/controller/AdminBettingController.java, backend/src/main/java/.../admin/controller/AdminBoardController.java	BettingAdminController → AdminBettingController로 클래스명/패키지 변경 및 Swagger @Tag 추가. AdminBoardController의 클래스 레벨 RequestMapping을 /api/board/admin → /api/admin/board로 변경.
이메일 설정·테스트 변경 backend/src/main/java/.../config/EmailProperties.java, backend/src/test/java/.../auth/service/EmailServiceTest.java, backend/src/main/resources/application-prod.yml	EmailProperties에서 KeyPrefix·codeExpire 필드 제거. 관련 테스트 키/만료 설정 제거. prod YAML의 일부 email.code 키 삭제.
테스트 및 테스트용 코드 변경 backend/src/test/java/.../auth/controller/AuthControllerTest.java, backend/src/test/java/.../user/service/UserServiceTest.java	테스트에서 signup 호출을 UserService→AuthService로 전환, UserService 관련 스텁·검증 삭제/조정.
인프라 및 도커 설정 docker-compose.yml	컨테이너 Java 힙/GC 설정 및 메모리 제한 상향, Redis 메모리 정책/제한 추가, 로그 볼륨 마운트 추가 등 리소스·운영 설정 변경.

Sequence Diagram(s)

sequenceDiagram
    participant Client as Client
    participant AuthCtrl as AuthController
    participant AuthSvc as AuthService
    participant EmailSvc as EmailService
    participant Redis as RedisService
    participant UserRepo as UserRepository
    participant TokenSvc as RefreshTokenService

    Client->>AuthCtrl: POST /api/auth/password/reset/send (email, studentId)
    AuthCtrl->>AuthSvc: passwordResetSendCode(req)
    AuthSvc->>UserRepo: findByEmailAndStudentId(...)
    UserRepo-->>AuthSvc: user
    AuthSvc->>EmailSvc: sendResetEmail(email)
    EmailSvc->>Redis: set(PASSWORD_RESET:{email}, code, ttl)
    EmailSvc-->>AuthSvc: success
    AuthSvc-->>AuthCtrl: 200 OK

    Client->>AuthCtrl: POST /api/auth/password/reset/confirm (email, studentId, code, newPassword)
    AuthCtrl->>AuthSvc: resetPasswordByCode(req)
    AuthSvc->>Redis: get(PASSWORD_RESET:{email})
    Redis-->>AuthSvc: code
    AuthSvc->>UserRepo: updatePassword(userId, encodedPassword)
    AuthSvc->>TokenSvc: deleteByUserId(userId)
    AuthSvc-->>AuthCtrl: 200 OK

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related issues

• ⚙️ [기능추가][관리자] 관리자 페이지 통계 대시보드 실시간 활동 로그 추가 #236: ActivityLog 모델·저장소 변경 및 UserController 활동 로그 엔드포인트 추가는 통합 활동 로그 대시보드 요구사항과 직접 연관됨.

Possibly related PRs

• 20260226 #236 관리자 페이지 통계 대시보드 실시간 활동 로그 추가 #249: ActivityLog/ActivityEvent의 type→activityType 변경과 저장소·리스너 업데이트가 동일 영역에 해당합니다.
• 20260221 #221 비밀번호 초기화 api 구현 #233: 비밀번호 재설정 흐름 및 EmailService 관련 변경이 코드 레벨에서 중복 또는 보완됩니다.
• [FE] [FIX] auth state prob, login page #226: 프론트엔드의 auth API 경로 변경(signup, password reset)과 직접적으로 연동됩니다.

Suggested labels

BE

Suggested reviewers

• Kosw6
• DongEun02
• gxuoo

Poem

🐰 필드 이름 고쳐 깡충깡충,
activityType으로 바꿨네.
이메일은 Redis에 맡기고,
로그는 잘 모아서 보여주네.
당근 한 입, 축하해요! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 34.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	PR 제목이 주요 변경 사항을 명확하게 요약하고 있습니다. 변경 내용은 관리자 페이지의 통계 대시보드에 실시간 활동 로그를 추가하는 것이며, 제목이 이를 정확하게 반영합니다.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 20260226_#236_관리자_페이지_통계_대시보드_실시간_활동_로그_추가

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 8

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

backend/src/test/java/org/sejongisc/backend/auth/controller/AuthControllerTest.java (1)

451-461: ⚠️ Potential issue | 🟠 Major

회원 탈퇴 테스트의 stub과 검증이 주석 처리됨

userService.deleteUserWithOauth(userId)에 대한 stub과 검증이 모두 주석 처리되어 있습니다. 테스트가 실제 회원 탈퇴 로직을 검증하지 않고 있습니다.

새로운 탈퇴 로직(deleteUserSoftDelete)을 테스트하도록 업데이트하거나, 기존 로직이 필요한 경우 주석을 해제해야 합니다.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@backend/src/test/java/org/sejongisc/backend/auth/controller/AuthControllerTest.java`
around lines 451 - 461, The test currently skips stubbing and verifying user
deletion by commenting out userService.deleteUserWithOauth(userId); update the
test to reflect the actual deletion method: either un-comment and use
userService.deleteUserWithOauth(userId) for stubbing and verify it was called,
or change the stub/verify to the new method
userService.deleteUserSoftDelete(userId) (and adjust any signatures) so
mockMvc.perform(delete("/api/auth/withdraw")...) both stubs the correct
userService method and verifies it was invoked (in addition to the existing
refreshTokenService.deleteByUserId(userId) stub/verify).

backend/src/test/java/org/sejongisc/backend/user/service/UserServiceTest.java (1)

346-350: ⚠️ Potential issue | 🟡 Minor

테스트 검증 로직이 실제 구현과 불일치합니다.

verify(userRepository).save(existingUser)를 호출하지만, UserService.updateUser() 메서드는 명시적으로 save()를 호출하지 않고 JPA dirty checking에 의존합니다. 이 테스트는 실패하거나 잘못된 동작을 검증하고 있습니다.

🔧 수정 제안

-        verify(userRepository).save(existingUser);
+        // JPA dirty checking이 사용되므로 save() 호출 검증 제거
         verifyNoInteractions(passwordEncoder); // 비밀번호 인코더 안 씀

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@backend/src/test/java/org/sejongisc/backend/user/service/UserServiceTest.java`
around lines 346 - 350, The test currently verifies
userRepository.save(existingUser) but UserService.updateUser() uses JPA dirty
checking and does not call save explicitly; remove or change that assertion to
reflect reality: replace verify(userRepository).save(existingUser) with
verify(userRepository, never()).save(any()) or simply remove the save
verification, while keeping verify(userRepository).findById(userId) and
verifyNoInteractions(passwordEncoder) so the test matches
UserService.updateUser() behavior.

backend/src/main/java/org/sejongisc/backend/user/service/UserService.java (1)

5-40: ⚠️ Potential issue | 🟡 Minor

사용하지 않는 import 제거 필요

signup 로직이 AuthService로 이동하고 OAuth2 관련 코드가 주석 처리된 후, 다음 import들이 더 이상 사용되지 않습니다:

• SignupRequest, SignupResponse (lines 9-10)
• EmailService (line 11)
• OptimisticRetry (line 13)
• EmailProperties (line 14)
• RedisKey, RedisService (lines 17-18)
• AccountEntry, Account, AccountName, TransactionReason (lines 19-22)
• AccountService, PointLedgerService (lines 23-24)
• PasswordResetConfirmRequest, PasswordResetSendRequest (lines 25-26)
• ApplicationEventPublisher (line 34)
• DataIntegrityViolationException (line 35)
• Slice (line 36)
• RedisTemplate (line 37)

이들 import는 모두 주석 처리된 OAuth 관련 코드(lines 143-196)에서만 사용되므로 제거해도 무방합니다.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@backend/src/main/java/org/sejongisc/backend/user/service/UserService.java`
around lines 5 - 40, Remove the unused imports from UserService.java that only
supported the moved signup/OAuth code: delete SignupRequest, SignupResponse,
EmailService, OptimisticRetry, EmailProperties, RedisKey, RedisService,
AccountEntry, Account, AccountName, TransactionReason, AccountService,
PointLedgerService, PasswordResetConfirmRequest, PasswordResetSendRequest,
ApplicationEventPublisher, DataIntegrityViolationException, Slice, and
RedisTemplate; verify compilation and run static analysis to ensure no remaining
references (check commented OAuth block around lines 143-196 and methods in
class UserService that previously referenced these symbols).

🧹 Nitpick comments (1)

backend/src/main/java/org/sejongisc/backend/user/controller/UserController.java (1)

14-18: 사용하지 않는 import 존재

AuthService와 Slice import가 사용되지 않는 것으로 보입니다.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@backend/src/main/java/org/sejongisc/backend/user/controller/UserController.java`
around lines 14 - 18, Remove the unused imports AuthService and Slice from
UserController.java: locate the import statements for
org.sejongisc.backend.common.auth.service.AuthService and
org.springframework.data.domain.Slice at the top of the UserController class and
delete them (ensure no remaining references to AuthService or Slice in methods
like any controller endpoints or fields before removal).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@backend/src/main/java/org/sejongisc/backend/activity/entity/ActivityLog.java`:
- Around line 45-49: The ActivityLog constructor currently assigns the incoming
message directly which can exceed the DB column length and cause save failures;
update the ActivityLog(UUID userId, String username, ActivityType activityType,
String message, UUID targetId, String boardName) constructor to defensively
normalize the message by introducing a MAX_MESSAGE_LENGTH constant (30),
handling null (treat as empty string), and truncating message to
MAX_MESSAGE_LENGTH (optionally add an ellipsis if you prefer) before assigning
to the message field so persistence won’t fail.

In
`@backend/src/main/java/org/sejongisc/backend/activity/repository/ActivityLogRepository.java`:
- Around line 20-23: The query method
findByUserIdAndActivityTypesOrderByCreatedAtDesc in ActivityLogRepository
currently returns an unbounded List which risks OOM for users with many logs;
change its signature to enforce pagination by accepting a Pageable parameter and
returning a Page<ActivityLog> (or Slice<ActivityLog>) and keep the `@Query` (or
adapt it) so results are ordered by createdAt DESC; update all callers to pass a
Pageable and handle the Page/Slice response accordingly.

In
`@backend/src/main/java/org/sejongisc/backend/common/auth/controller/AuthController.java`:
- Around line 114-139: The API docs in AuthController's confirmReset method
incorrectly reference PasswordResetSendRequest in the `@Operation` description;
update the documentation string to reference the correct DTO
PasswordResetConfirmRequest (and fix any other occurrences in the same Javadoc
block) so the description matches the method signature public ResponseEntity<?>
confirmReset(`@RequestBody` `@Valid` PasswordResetConfirmRequest req) and avoids
confusing API consumers.

In
`@backend/src/main/java/org/sejongisc/backend/common/auth/service/AuthService.java`:
- Around line 214-231: The two helper methods getEmailFromRedis and
deleteResetTokenFromRedis are unused and inconsistent with resetPasswordByCode's
direct redisTemplate usage; either remove these unused helpers or refactor
resetPasswordByCode to use them and the RedisKey.PASSWORD_RESET abstraction. If
you choose refactor: change resetPasswordByCode to call getEmailFromRedis(token)
instead of redisTemplate.opsForValue().get(...) and call
deleteResetTokenFromRedis(token) instead of redisTemplate.delete(...), and
ensure the key format expected by RedisKey.PASSWORD_RESET matches the existing
emailProperties.getKeyPrefix().getReset() + email pattern (update RedisKey or
redisService behavior accordingly). If you choose removal: delete
getEmailFromRedis and deleteResetTokenFromRedis and keep resetPasswordByCode's
current direct redisTemplate calls, removing any unused imports/fields
(redisService) left behind.

In
`@backend/src/main/java/org/sejongisc/backend/user/controller/UserController.java`:
- Around line 61-71: Change the read-only endpoints to use GET and normalize the
path casing: replace `@PatchMapping` with `@GetMapping` on the methods
getAttendanceLogs and getBoardLogs, and update the route for getBoardLogs from
"/logs/Board" to a consistent lowercase "/logs/board" (or match whichever casing
convention the project uses); ensure the method signatures and returned types
remain unchanged and update any related route docs/annotations if present.

In
`@backend/src/test/java/org/sejongisc/backend/auth/controller/AuthControllerTest.java`:
- Around line 351-352: The commented-out stub for userService.findOrCreateUser
in AuthControllerTest leaves the OAuth test without a user and causes failures;
restore or replace that stub so the controller receives a valid User: re-enable
a when(userService.findOrCreateUser(any())).thenReturn(...) (or update to the
current method signature if it changed) returning a User built with the required
fields (userId, name, role) used by the test, or if the OAuth flow was
redesigned, refactor the test to mock the new service call(s) that create/return
the User (ensure mocks reference userService.findOrCreateUser or the new method
name and produce a non-null User to avoid NPEs).
- Around line 191-194: Tests reference jwtProvider.createToken(...) but
jwtProvider is not declared and jwtUtils is used elsewhere; either declare and
annotate a mock for jwtProvider (e.g., add a `@Mock` JwtProvider jwtProvider in
AuthControllerTest and initialize it in the test setup) and stub
jwtProvider.createToken(...) and jwtProvider.createRefreshToken(...)
accordingly, or change the calls to use the existing jwtUtils mock (replace
jwtProvider.createToken(...) with jwtUtils.createToken(...) and use
jwtUtils.createRefreshToken(...)) so the mocked symbol names are consistent with
the mocks defined in AuthControllerTest.

In
`@backend/src/test/java/org/sejongisc/backend/user/service/UserServiceTest.java`:
- Around line 62-63: Tests declare `@InjectMocks` AuthService but do not provide
its dependencies, causing NPEs; add `@Mock` fields for JwtParser, JwtProvider,
EmailService, RedisTemplate (or RedisTemplate<String, Object>), EmailProperties,
RedisService, RefreshTokenService (and any other constructor/injected
dependencies used by AuthService) in the UserServiceTest class and ensure
Mockito is initialized (e.g., annotate the test class with
`@ExtendWith`(MockitoExtension.class) or call MockitoAnnotations.openMocks(this))
so AuthService is constructed with mocked collaborators during tests.

---

Outside diff comments:
In `@backend/src/main/java/org/sejongisc/backend/user/service/UserService.java`:
- Around line 5-40: Remove the unused imports from UserService.java that only
supported the moved signup/OAuth code: delete SignupRequest, SignupResponse,
EmailService, OptimisticRetry, EmailProperties, RedisKey, RedisService,
AccountEntry, Account, AccountName, TransactionReason, AccountService,
PointLedgerService, PasswordResetConfirmRequest, PasswordResetSendRequest,
ApplicationEventPublisher, DataIntegrityViolationException, Slice, and
RedisTemplate; verify compilation and run static analysis to ensure no remaining
references (check commented OAuth block around lines 143-196 and methods in
class UserService that previously referenced these symbols).

In
`@backend/src/test/java/org/sejongisc/backend/auth/controller/AuthControllerTest.java`:
- Around line 451-461: The test currently skips stubbing and verifying user
deletion by commenting out userService.deleteUserWithOauth(userId); update the
test to reflect the actual deletion method: either un-comment and use
userService.deleteUserWithOauth(userId) for stubbing and verify it was called,
or change the stub/verify to the new method
userService.deleteUserSoftDelete(userId) (and adjust any signatures) so
mockMvc.perform(delete("/api/auth/withdraw")...) both stubs the correct
userService method and verifies it was invoked (in addition to the existing
refreshTokenService.deleteByUserId(userId) stub/verify).

In
`@backend/src/test/java/org/sejongisc/backend/user/service/UserServiceTest.java`:
- Around line 346-350: The test currently verifies
userRepository.save(existingUser) but UserService.updateUser() uses JPA dirty
checking and does not call save explicitly; remove or change that assertion to
reflect reality: replace verify(userRepository).save(existingUser) with
verify(userRepository, never()).save(any()) or simply remove the save
verification, while keeping verify(userRepository).findById(userId) and
verifyNoInteractions(passwordEncoder) so the test matches
UserService.updateUser() behavior.

---

Nitpick comments:
In
`@backend/src/main/java/org/sejongisc/backend/user/controller/UserController.java`:
- Around line 14-18: Remove the unused imports AuthService and Slice from
UserController.java: locate the import statements for
org.sejongisc.backend.common.auth.service.AuthService and
org.springframework.data.domain.Slice at the top of the UserController class and
delete them (ensure no remaining references to AuthService or Slice in methods
like any controller endpoints or fields before removal).

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4553f52 and 90c43f2.

📒 Files selected for processing (17)

• backend/src/main/java/org/sejongisc/backend/activity/entity/ActivityLog.java
• backend/src/main/java/org/sejongisc/backend/activity/listener/ActivityEventListener.java
• backend/src/main/java/org/sejongisc/backend/activity/repository/ActivityLogRepository.java
• backend/src/main/java/org/sejongisc/backend/admin/controller/AdminBettingController.java
• backend/src/main/java/org/sejongisc/backend/admin/controller/AdminBoardController.java
• backend/src/main/java/org/sejongisc/backend/attendance/service/AttendanceService.java
• backend/src/main/java/org/sejongisc/backend/betting/service/BettingService.java
• backend/src/main/java/org/sejongisc/backend/board/service/PostInteractionService.java
• backend/src/main/java/org/sejongisc/backend/board/service/PostServiceImpl.java
• backend/src/main/java/org/sejongisc/backend/common/auth/controller/AuthController.java
• backend/src/main/java/org/sejongisc/backend/common/auth/service/AuthService.java
• backend/src/main/java/org/sejongisc/backend/common/config/security/SecurityConstants.java
• backend/src/main/java/org/sejongisc/backend/user/controller/UserController.java
• backend/src/main/java/org/sejongisc/backend/user/service/UserService.java
• backend/src/test/java/org/sejongisc/backend/auth/controller/AuthControllerTest.java
• backend/src/test/java/org/sejongisc/backend/user/service/UserServiceTest.java
• frontend/src/utils/auth.js

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

backend/src/test/java/org/sejongisc/backend/auth/controller/AuthControllerTest.java (1)

189-191: ⚠️ Potential issue | 🟠 Major

OAuth 테스트가 불완전하여 실패할 수 있습니다.

userService.findOrCreateUser(...) stub이 주석 처리되어 있지만, Line 190에서 user 객체의 필드를 직접 사용하고 있습니다. OAuth 흐름에서 실제로 사용자가 생성/조회되지 않으면 테스트가 예상대로 동작하지 않을 수 있습니다.

테스트를 완전히 구현하거나, 현재 OAuth 인증 흐름에 맞게 리팩토링이 필요합니다.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@backend/src/test/java/org/sejongisc/backend/auth/controller/AuthControllerTest.java`
around lines 189 - 191, The test stubs JWT creation but leaves
userService.findOrCreateUser(...) commented out, so the OAuth flow may not get a
valid user; in AuthControllerTest un-comment and/or add a Mockito stub for
userService.findOrCreateUser(any()) to return the prepared user instance (the
same user used for jwtUtils.createToken(...) and createRefreshToken(...)) so the
controller receives the created/found user during the test, or alternatively
refactor the test to bypass findOrCreateUser and inject the user directly into
the controller flow to match the OAuth path being tested.

🧹 Nitpick comments (1)

docker-compose.yml (1)

22-28: 오래된 주석 업데이트 필요

Line 22의 주석 "1GB 램 서버 생존을 위한 메모리 제한"이 현재 설정과 맞지 않습니다. 현재 총 메모리 사용량은 약 6.3GB (API: 3.5G + Redis: 250M + Web: 512M + AI: 2G)이며, Line 15의 주석에서 언급한 "8GB 서버 기준"과 일치합니다.

♻️ 주석 업데이트 제안

-    # 1GB 램 서버 생존을 위한 메모리 제한 (Docker 레벨)
+    # 8GB 램 서버 기준 메모리 제한 (Docker 레벨)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.yml` around lines 22 - 28, Update the outdated comment above
the deploy block that currently reads "1GB 램 서버 생존을 위한 메모리 제한" to reflect the
actual configuration and context: replace it with a concise note stating this
compose sets per-service memory limits for an 8GB server (e.g., total
approximate usage ~6.3GB) and reference the configured values such as the
deploy.resources.limits.memory entry (memory: 3500M) so readers understand the
API/Redis/Web/AI splits; ensure the new comment aligns with the earlier "8GB 서버
기준" note.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@backend/src/main/java/org/sejongisc/backend/common/auth/service/EmailService.java`:
- Around line 114-115: In EmailService, you call generateCode() twice causing
mismatched codes; capture the generated value in the local variable code (as
already done) and use that same code when calling
redisService.set(RedisKey.PASSWORD_RESET, email, ... ) instead of calling
generateCode() again so the code sent via email and the code stored in Redis are
identical.

---

Duplicate comments:
In
`@backend/src/test/java/org/sejongisc/backend/auth/controller/AuthControllerTest.java`:
- Around line 189-191: The test stubs JWT creation but leaves
userService.findOrCreateUser(...) commented out, so the OAuth flow may not get a
valid user; in AuthControllerTest un-comment and/or add a Mockito stub for
userService.findOrCreateUser(any()) to return the prepared user instance (the
same user used for jwtUtils.createToken(...) and createRefreshToken(...)) so the
controller receives the created/found user during the test, or alternatively
refactor the test to bypass findOrCreateUser and inject the user directly into
the controller flow to match the OAuth path being tested.

---

Nitpick comments:
In `@docker-compose.yml`:
- Around line 22-28: Update the outdated comment above the deploy block that
currently reads "1GB 램 서버 생존을 위한 메모리 제한" to reflect the actual configuration and
context: replace it with a concise note stating this compose sets per-service
memory limits for an 8GB server (e.g., total approximate usage ~6.3GB) and
reference the configured values such as the deploy.resources.limits.memory entry
(memory: 3500M) so readers understand the API/Redis/Web/AI splits; ensure the
new comment aligns with the earlier "8GB 서버 기준" note.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 90c43f2 and e6bc815.

📒 Files selected for processing (11)

• backend/src/main/java/org/sejongisc/backend/activity/event/ActivityEvent.java
• backend/src/main/java/org/sejongisc/backend/common/auth/controller/AuthController.java
• backend/src/main/java/org/sejongisc/backend/common/auth/service/AuthService.java
• backend/src/main/java/org/sejongisc/backend/common/auth/service/EmailService.java
• backend/src/main/java/org/sejongisc/backend/common/config/EmailProperties.java
• backend/src/main/java/org/sejongisc/backend/user/controller/UserController.java
• backend/src/main/java/org/sejongisc/backend/user/service/UserService.java
• backend/src/main/resources/application-prod.yml
• backend/src/test/java/org/sejongisc/backend/auth/controller/AuthControllerTest.java
• backend/src/test/java/org/sejongisc/backend/auth/service/EmailServiceTest.java
• docker-compose.yml

💤 Files with no reviewable changes (3)

• backend/src/main/java/org/sejongisc/backend/common/config/EmailProperties.java
• backend/src/main/resources/application-prod.yml
• backend/src/test/java/org/sejongisc/backend/auth/service/EmailServiceTest.java