[PERF] Optimized Stress Test Bundle#258
Open
CHOOSLA wants to merge 6 commits into
Open
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
33Auto-Bot
requested review from
Lee-Jong-Jin,
Sangyoon98,
taemin3,
vivivim and
yangjiseonn
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
Walkthrough신규 Changes
Sequence Diagram(s)sequenceDiagram
participant Client as Client
participant Router as Router (route)
participant Loader as inventoryLoader
participant Network as Network (fetch)
participant MSW as MSW (mock)
Client->>Router: navigate /perf-stress-test
Router->>Router: lazy load InventoryDashboard
Router->>Loader: invoke inventoryLoader()
Loader->>Network: fetch /api/...
Network->>MSW: request intercepted by wildcard handlers
MSW-->>Network: mock response (apiSuccess)
Network-->>Loader: return response
Loader-->>Router: resolve loader data
Router-->>Client: render InventoryDashboard with data
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
portfolio.json (1)
29-146:metrics필드 스키마를 한 가지 타입으로 통일하는 것을 권장합니다.현재
metrics가 문자열/객체로 혼합되어 있어 소비 코드에서 분기 처리가 늘어납니다. 렌더러와 타입 정의 안정성을 위해 단일 스키마(예: 항상 객체)로 맞추는 편이 유지보수에 유리합니다.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@portfolio.json` around lines 29 - 146, Metrics fields are inconsistent (sometimes string, sometimes object) which complicates rendering and types; normalize all "metrics" under keyAchievements to a single object schema (e.g., { value: string } or a structured map) across the JSON. Update every occurrence such as in the FSD achievement ("Zero Trace of legacy patterns via global history rewriting (git filter-branch)"), the FlipFlick achievement ("60fps consistent UI interaction"), and Progmong/Campick/ISAK entries so they use the chosen object shape, and adjust any consumer/type definitions accordingly (e.g., the renderer expects keyAchievements[].metrics as an object). Ensure no entries leave metrics as plain strings and maintain existing metric details inside the new object fields.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@public/mockServiceWorker.js`:
- Line 10: The generated mockServiceWorker.js was manually patched (only
PACKAGE_VERSION changed) which can desync MSW metadata; instead regenerate the
worker so PACKAGE_VERSION and INTEGRITY_CHECKSUM match the installed MSW. Locate
public/mockServiceWorker.js (search for PACKAGE_VERSION and INTEGRITY_CHECKSUM)
and run the MSW CLI/initializer used in your project to recreate the worker file
from the installed MSW package (so the constants in mockServiceWorker.js are
produced consistently with package.json), then commit the regenerated file.
In `@src/app/providers/router.tsx`:
- Around line 156-166: The public route with path "/perf-stress-test" currently
lazily exposes InventoryDashboard and inventoryLoader without auth; restrict it
by gating the route registration with an environment/feature flag check (e.g.,
process.env.NODE_ENV !== 'production' or a dedicated FEATURE_PERF_STRESS_TEST
flag) and/or require authentication before returning Component/loader from the
lazy import; update the route definition so InventoryDashboard and
inventoryLoader are only registered when the flag permits (or replace the route
with a placeholder/404 in production), ensuring the route string
"/perf-stress-test", InventoryDashboard, and inventoryLoader are the referenced
symbols to change.
---
Nitpick comments:
In `@portfolio.json`:
- Around line 29-146: Metrics fields are inconsistent (sometimes string,
sometimes object) which complicates rendering and types; normalize all "metrics"
under keyAchievements to a single object schema (e.g., { value: string } or a
structured map) across the JSON. Update every occurrence such as in the FSD
achievement ("Zero Trace of legacy patterns via global history rewriting (git
filter-branch)"), the FlipFlick achievement ("60fps consistent UI interaction"),
and Progmong/Campick/ISAK entries so they use the chosen object shape, and
adjust any consumer/type definitions accordingly (e.g., the renderer expects
keyAchievements[].metrics as an object). Ensure no entries leave metrics as
plain strings and maintain existing metric details inside the new object fields.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 7f8fa89a-3e29-4352-a968-4ce61f87321e
📒 Files selected for processing (8)
op.htmlop.jsonportfolio.jsonpublic/mockServiceWorker.jssrc/app/providers/router.tsxunop.htmlunop.jsonvite.config.ts
| */ | ||
|
|
||
| const PACKAGE_VERSION = "2.12.11"; | ||
| const PACKAGE_VERSION = "2.12.14"; |
There was a problem hiding this comment.
생성 파일은 수동 패치 대신 재생성으로 동기화해 주세요.
Line 10처럼 PACKAGE_VERSION만 변경되면, MSW 버전/워커 파일 메타데이터가 어긋날 수 있습니다. mockServiceWorker.js는 CLI 재생성 기준으로 맞추는 편이 안전합니다.
#!/bin/bash
set -euo pipefail
echo "== package.json 내 msw 버전 확인 =="
fd -i '^package\.json$' -x sh -c '
echo "---- {} ----"
jq -r ".dependencies.msw // .devDependencies.msw // \"(msw not found)\"" "{}"
'
echo
echo "== public/mockServiceWorker.js 메타데이터 확인 =="
rg -n "PACKAGE_VERSION|INTEGRITY_CHECKSUM" public/mockServiceWorker.js🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@public/mockServiceWorker.js` at line 10, The generated mockServiceWorker.js
was manually patched (only PACKAGE_VERSION changed) which can desync MSW
metadata; instead regenerate the worker so PACKAGE_VERSION and
INTEGRITY_CHECKSUM match the installed MSW. Locate public/mockServiceWorker.js
(search for PACKAGE_VERSION and INTEGRITY_CHECKSUM) and run the MSW
CLI/initializer used in your project to recreate the worker file from the
installed MSW package (so the constants in mockServiceWorker.js are produced
consistently with package.json), then commit the regenerated file.
Comment on lines
+156
to
+166
| { | ||
| path: "/perf-stress-test", | ||
| lazy: async () => { | ||
| const { InventoryDashboard, inventoryLoader } = | ||
| await import("@/pages/wms/inventory"); | ||
| return { | ||
| Component: InventoryDashboard, | ||
| loader: inventoryLoader, | ||
| }; | ||
| }, | ||
| }, |
There was a problem hiding this comment.
/perf-stress-test 공개 라우트는 운영 환경에서 제한이 필요합니다.
Line 157~164에서 인증 없이 InventoryDashboard + inventoryLoader가 열려 내부 WMS 경로가 퍼블릭으로 노출됩니다. 성능 점검용이면 최소한 운영(Production)에서는 비활성화하거나 별도 플래그로 제한해 주세요.
🔧 제안 변경안 (운영 환경 비활성화)
{
path: "/signup",
lazy: async () => {
const { Register: Component } = await import("@/pages/register");
return { Component };
},
},
- {
- path: "/perf-stress-test",
- lazy: async () => {
- const { InventoryDashboard, inventoryLoader } =
- await import("@/pages/wms/inventory");
- return {
- Component: InventoryDashboard,
- loader: inventoryLoader,
- };
- },
- },
+ ...(import.meta.env.PROD
+ ? []
+ : [
+ {
+ path: "/perf-stress-test",
+ lazy: async () => {
+ const { InventoryDashboard, inventoryLoader } =
+ await import("@/pages/wms/inventory");
+ return {
+ Component: InventoryDashboard,
+ loader: inventoryLoader,
+ };
+ },
+ },
+ ]),📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| { | |
| path: "/perf-stress-test", | |
| lazy: async () => { | |
| const { InventoryDashboard, inventoryLoader } = | |
| await import("@/pages/wms/inventory"); | |
| return { | |
| Component: InventoryDashboard, | |
| loader: inventoryLoader, | |
| }; | |
| }, | |
| }, | |
| { | |
| path: "/signup", | |
| lazy: async () => { | |
| const { Register: Component } = await import("@/pages/register"); | |
| return { Component }; | |
| }, | |
| }, | |
| ...(import.meta.env.PROD | |
| ? [] | |
| : [ | |
| { | |
| path: "/perf-stress-test", | |
| lazy: async () => { | |
| const { InventoryDashboard, inventoryLoader } = | |
| await import("@/pages/wms/inventory"); | |
| return { | |
| Component: InventoryDashboard, | |
| loader: inventoryLoader, | |
| }; | |
| }, | |
| }, | |
| ]), |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@src/app/providers/router.tsx` around lines 156 - 166, The public route with
path "/perf-stress-test" currently lazily exposes InventoryDashboard and
inventoryLoader without auth; restrict it by gating the route registration with
an environment/feature flag check (e.g., process.env.NODE_ENV !== 'production'
or a dedicated FEATURE_PERF_STRESS_TEST flag) and/or require authentication
before returning Component/loader from the lazy import; update the route
definition so InventoryDashboard and inventoryLoader are only registered when
the flag permits (or replace the route with a placeholder/404 in production),
ensuring the route string "/perf-stress-test", InventoryDashboard, and
inventoryLoader are the referenced symbols to change.
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/pages/master/positions/mocks/handlers.ts (1)
37-39:⚠️ Potential issue | 🟠 MajorPUT 경로도 동일하게 와일드카드로 맞춰야 합니다.
Line 38만 절대 경로(
"/api/...")로 남아 있어서, PUT만 인터셉트되지 않고 실제 네트워크로 빠질 수 있습니다.수정 제안
- http.put( - "/api/master/positions/:positionCode", + http.put( + "*/api/master/positions/:positionCode", async ({ params, request }) => {🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/pages/master/positions/mocks/handlers.ts` around lines 37 - 39, The PUT handler uses a hard-coded path string (http.put("/api/master/positions/:positionCode", ...)) which will miss the wildcard pattern used by other handlers and allow real network calls; update the route string on the http.put call to use the same wildcard pattern used elsewhere in this file (replace the absolute "/api/master/positions/:positionCode" with the wildcard variant used by the other handlers) so the PUT is intercepted consistently.
🧹 Nitpick comments (4)
src/pages/wms/purchase-orders/mocks/handlers.ts (1)
67-67:"*/api"매처 문자열은 공통 헬퍼/상수로 묶는 편이 유지보수에 유리합니다.이번 PR처럼 동일 패턴이 여러 파일에 반복되어 있어, 추후 경로 규칙 변경 시 누락 위험이 있습니다.
♻️ 제안 예시
+const withAnyOrigin = (path: string) => `*/api${path}`; export const handlers = [ - http.get("*/api/warehouse/po", async ({ request }) => { + http.get(withAnyOrigin("/warehouse/po"), async ({ request }) => {🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/pages/wms/purchase-orders/mocks/handlers.ts` at line 67, Extract the repeated matcher string "*/api/warehouse/po" into a shared constant (e.g., API_WMS_PO_MATCHER) in a common mocks helper/constant module and replace the inline usage in the http.get call (the matcher passed to http.get) with that imported constant; update all other files using the same "*/api/..." pattern to import and reuse the same constant to avoid duplication and future-mismatch risks.src/app/providers/loaders/bootstrap-auth.loader.ts (1)
44-47: 운영 환경에서는 성능 테스트 공개 라우트를 플래그로 제한하는 것을 권장합니다.
/perf-stress-test를 항상 public으로 두면 운영 노출 범위가 넓어질 수 있어,MODE/feature flag 조건으로 열어두는 편이 안전합니다.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/app/providers/loaders/bootstrap-auth.loader.ts` around lines 44 - 47, The current public-route check always treats "/perf-stress-test" as public (isPublicPage), which is unsafe for production; update the isPublicPage logic to gate "/perf-stress-test" behind an environment/feature flag (e.g., process.env.MODE === 'staging' || isFeatureEnabled('perfStressTest')) instead of unconditional url.pathname === "/perf-stress-test". Locate the isPublicPage definition and modify the condition that references "/perf-stress-test" (and any related auth check code that consumes isPublicPage) so that the perf route is only considered public when the configured MODE or feature flag returns true.src/app/providers/index.tsx (1)
64-65: 중복 null 체크는 제거해도 됩니다.Line 9-11에서 이미 rootElement 부재 시 throw 하므로, Line 64의 재검사는 불필요합니다.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/app/providers/index.tsx` around lines 64 - 65, Remove the redundant null-check "if (!rootElement) return;" — since rootElement is already validated and throws when missing earlier in this file, delete that conditional to avoid duplicate checks; locate the rootElement variable and the earlier throw (the initial validation near the top of src/app/providers/index.tsx) and remove the later guard that returns when rootElement is falsy.src/app/providers/mocks/handlers.ts (1)
10-10: 핸들러 카운트 로그는 개발 환경에서만 출력하는 것을 권장합니다.Line 10 로그는 운영 환경에서 불필요한 콘솔 노이즈를 만들 수 있어
import.meta.env.DEV가드로 감싸는 편이 좋습니다.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/app/providers/mocks/handlers.ts` at line 10, The console.log line that prints `[MSW] ${handlers.length} handlers loaded successfully.` should only run in development; wrap the log in an import.meta.env.DEV check so it won't execute in production. Locate the console.log that references handlers.length in handlers.ts (the MSW handlers loader) and guard it with a conditional that checks import.meta.env.DEV before calling console.log to silence the message in non-dev environments.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/app/providers/index.tsx`:
- Around line 45-46: Replace the overly-broad pathname check that uses
window.location.pathname.includes("/perf-stress-test") with an exact equality
check so mock mode only enables for the exact path "/perf-stress-test"; update
the expression that combines import.meta.env.VITE_USE_MOCK and the pathname
check (the use of import.meta.env.VITE_USE_MOCK and
window.location.pathname.includes) to use window.location.pathname ===
"/perf-stress-test" instead.
In `@src/app/providers/loaders/bootstrap-auth.loader.ts`:
- Around line 44-50: Normalize the incoming URL.pathname and use a set-based
membership check instead of exact string equality: trim any trailing slash from
url.pathname (so "/perf-stress-test/" -> "/perf-stress-test"), create a constant
collection like publicPaths (e.g., ['/login','/signup','/perf-stress-test']),
and replace the current isPublicPage logic with a lookup against that normalized
pathname; update the check inside the bootstrap-auth loader where isPublicPage
is defined so trailing-slash variants are treated as public pages.
In `@src/pages/sales/orders/mocks/handlers.ts`:
- Around line 26-27: The page/size query parsing allows 0, negative, or NaN
which can break pagination; after parsing `page` and `size` in the handler
(variables `page` and `size`), validate them: coerce to integers, default to
safe values (e.g., page >= 0, size >= 1) using Number.isFinite/Number.isInteger
checks and Math.max, and ensure the calculation that uses `totalPages`
(referenced as `totalPages`) never divides by zero by using the validated
`size`; update any places that read `page`/`size` (the same handler and the
block around `totalPages`) to use these sanitized values.
---
Outside diff comments:
In `@src/pages/master/positions/mocks/handlers.ts`:
- Around line 37-39: The PUT handler uses a hard-coded path string
(http.put("/api/master/positions/:positionCode", ...)) which will miss the
wildcard pattern used by other handlers and allow real network calls; update the
route string on the http.put call to use the same wildcard pattern used
elsewhere in this file (replace the absolute
"/api/master/positions/:positionCode" with the wildcard variant used by the
other handlers) so the PUT is intercepted consistently.
---
Nitpick comments:
In `@src/app/providers/index.tsx`:
- Around line 64-65: Remove the redundant null-check "if (!rootElement) return;"
— since rootElement is already validated and throws when missing earlier in this
file, delete that conditional to avoid duplicate checks; locate the rootElement
variable and the earlier throw (the initial validation near the top of
src/app/providers/index.tsx) and remove the later guard that returns when
rootElement is falsy.
In `@src/app/providers/loaders/bootstrap-auth.loader.ts`:
- Around line 44-47: The current public-route check always treats
"/perf-stress-test" as public (isPublicPage), which is unsafe for production;
update the isPublicPage logic to gate "/perf-stress-test" behind an
environment/feature flag (e.g., process.env.MODE === 'staging' ||
isFeatureEnabled('perfStressTest')) instead of unconditional url.pathname ===
"/perf-stress-test". Locate the isPublicPage definition and modify the condition
that references "/perf-stress-test" (and any related auth check code that
consumes isPublicPage) so that the perf route is only considered public when the
configured MODE or feature flag returns true.
In `@src/app/providers/mocks/handlers.ts`:
- Line 10: The console.log line that prints `[MSW] ${handlers.length} handlers
loaded successfully.` should only run in development; wrap the log in an
import.meta.env.DEV check so it won't execute in production. Locate the
console.log that references handlers.length in handlers.ts (the MSW handlers
loader) and guard it with a conditional that checks import.meta.env.DEV before
calling console.log to silence the message in non-dev environments.
In `@src/pages/wms/purchase-orders/mocks/handlers.ts`:
- Line 67: Extract the repeated matcher string "*/api/warehouse/po" into a
shared constant (e.g., API_WMS_PO_MATCHER) in a common mocks helper/constant
module and replace the inline usage in the http.get call (the matcher passed to
http.get) with that imported constant; update all other files using the same
"*/api/..." pattern to import and reuse the same constant to avoid duplication
and future-mismatch risks.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: ce0adf56-00c1-486e-898f-95c6241bb21f
📒 Files selected for processing (33)
src/app/providers/index.tsxsrc/app/providers/loaders/bootstrap-auth.loader.tssrc/app/providers/mocks/handlers.tssrc/entities/agency/mocks/handlers.tssrc/entities/factory/mocks/handlers.tssrc/entities/material/mocks/handlers.tssrc/entities/mps/mocks/handlers.tssrc/entities/part/mocks/handlers.tssrc/entities/user/mocks/handlers.tssrc/entities/vendor/mocks/handlers.tssrc/entities/wms/mocks/handlers.tssrc/features/bom-process/mocks/handlers.tssrc/features/branch-process/mocks/handlers.tssrc/features/item-process/mocks/handlers.tssrc/features/partner-process/mocks/handlers.tssrc/features/rop-process/mocks/handlers.tssrc/features/routing-process/mocks/handlers.tssrc/features/shipping-process/mocks/handlers.tssrc/features/stocking-process/mocks/handlers.tssrc/features/workcenter-process/mocks/handlers.tssrc/pages/hrm/employees/mocks/handlers.tssrc/pages/master/bom/mocks/handlers.tssrc/pages/master/branches/mocks/handlers.tssrc/pages/master/departments/mocks/handlers.tssrc/pages/master/items/mocks/handlers.tssrc/pages/master/partners/mocks/handlers.tssrc/pages/master/positions/mocks/handlers.tssrc/pages/master/routings/mocks/handlers.tssrc/pages/purchasing/requests/mocks/handlers.tssrc/pages/sales/orders/mocks/handlers.tssrc/pages/wms/purchase-orders/mocks/handlers.tssrc/pages/wms/rop-settings/mocks/handlers.tssrc/pages/wms/shipping/mocks/handlers.ts
✅ Files skipped from review due to trivial changes (3)
- src/pages/master/items/mocks/handlers.ts
- src/pages/wms/rop-settings/mocks/handlers.ts
- src/features/partner-process/mocks/handlers.ts
Comment on lines
+45
to
+46
| import.meta.env.VITE_USE_MOCK === "true" || | ||
| window.location.pathname.includes("/perf-stress-test"); |
There was a problem hiding this comment.
includes 대신 경로 동등 비교로 제한하는 게 안전합니다.
Line 45-46은 /foo/perf-stress-test-anything 같은 경로에서도 mock이 켜질 수 있습니다. 이 파일의 의도와 bootstrap-auth.loader.ts의 공개 경로 판정(정확 비교)을 맞추려면 === "/perf-stress-test"가 더 안전합니다.
수정 제안
const shouldUseMock =
import.meta.env.VITE_USE_MOCK === "true" ||
- window.location.pathname.includes("/perf-stress-test");
+ window.location.pathname === "/perf-stress-test";📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| import.meta.env.VITE_USE_MOCK === "true" || | |
| window.location.pathname.includes("/perf-stress-test"); | |
| import.meta.env.VITE_USE_MOCK === "true" || | |
| window.location.pathname === "/perf-stress-test"; |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@src/app/providers/index.tsx` around lines 45 - 46, Replace the overly-broad
pathname check that uses window.location.pathname.includes("/perf-stress-test")
with an exact equality check so mock mode only enables for the exact path
"/perf-stress-test"; update the expression that combines
import.meta.env.VITE_USE_MOCK and the pathname check (the use of
import.meta.env.VITE_USE_MOCK and window.location.pathname.includes) to use
window.location.pathname === "/perf-stress-test" instead.
Comment on lines
+44
to
50
| const isPublicPage = | ||
| url.pathname === "/login" || | ||
| url.pathname === "/signup" || | ||
| url.pathname === "/perf-stress-test"; | ||
|
|
||
| if (isAuthPage) { | ||
| if (isPublicPage) { | ||
| return null; |
There was a problem hiding this comment.
공개 경로 판별에 경로 정규화가 없어 후행 슬래시 케이스를 놓칠 수 있습니다.
Line 44~50은 완전 일치 비교만 사용해서 /perf-stress-test/ 같은 URL에서 인증 부트스트랩이 실행될 수 있습니다.
수정 제안 (경로 정규화 + 집합 기반 판별)
export const bootstrapAuthLoader = async ({ request }: LoaderFunctionArgs) => {
const url = new URL(request.url);
- const isPublicPage =
- url.pathname === "/login" ||
- url.pathname === "/signup" ||
- url.pathname === "/perf-stress-test";
+ const normalizedPath = url.pathname.replace(/\/+$/, "") || "/";
+ const publicPaths = new Set(["/login", "/signup", "/perf-stress-test"]);
+ const isPublicPage = publicPaths.has(normalizedPath);
if (isPublicPage) {
return null;
}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@src/app/providers/loaders/bootstrap-auth.loader.ts` around lines 44 - 50,
Normalize the incoming URL.pathname and use a set-based membership check instead
of exact string equality: trim any trailing slash from url.pathname (so
"/perf-stress-test/" -> "/perf-stress-test"), create a constant collection like
publicPaths (e.g., ['/login','/signup','/perf-stress-test']), and replace the
current isPublicPage logic with a lookup against that normalized pathname;
update the check inside the bootstrap-auth loader where isPublicPage is defined
so trailing-slash variants are treated as public pages.
Comment on lines
+26
to
+27
| const page = Number(url.searchParams.get("page") ?? "0"); | ||
| const size = Number(url.searchParams.get("size") ?? "20"); |
There was a problem hiding this comment.
page/size 검증이 없어 페이징 메타가 깨질 수 있습니다.
Line 26-27에서 size=0, 음수, NaN을 막지 않아 Line 51의 totalPages가 비정상 값(예: Infinity)이 될 수 있습니다. 최소 1 이상의 정수 검증이 필요합니다.
수정 제안
- const page = Number(url.searchParams.get("page") ?? "0");
- const size = Number(url.searchParams.get("size") ?? "20");
+ const page = Number(url.searchParams.get("page") ?? "0");
+ const size = Number(url.searchParams.get("size") ?? "20");
+ if (!Number.isInteger(page) || page < 0) {
+ return apiFail(400, "page는 0 이상의 정수여야 합니다.");
+ }
+ if (!Number.isInteger(size) || size <= 0) {
+ return apiFail(400, "size는 1 이상의 정수여야 합니다.");
+ }
@@
- totalPages: Math.max(1, Math.ceil(filtered.length / size || 1)),
+ totalPages: Math.max(1, Math.ceil(filtered.length / size)),Also applies to: 43-52
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@src/pages/sales/orders/mocks/handlers.ts` around lines 26 - 27, The page/size
query parsing allows 0, negative, or NaN which can break pagination; after
parsing `page` and `size` in the handler (variables `page` and `size`), validate
them: coerce to integers, default to safe values (e.g., page >= 0, size >= 1)
using Number.isFinite/Number.isInteger checks and Math.max, and ensure the
calculation that uses `totalPages` (referenced as `totalPages`) never divides by
zero by using the validated `size`; update any places that read `page`/`size`
(the same handler and the block around `totalPages`) to use these sanitized
values.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Performance stress test using optimized bundle (manualChunks, lazy loading).
Route:
/perf-stress-testSummary by CodeRabbit
릴리스 노트
새로운 기능
기타