feat/#1#2
Conversation
|
Warning Review limit reached
Next review available in: 36 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (5)
📝 WalkthroughWalkthroughAlarm 서비스에 알람 생성 기능이 새로 추가되었습니다. Alarm 엔티티/DTO/리포지토리/서비스/컨트롤러가 구현되고, 내부 매칭 서비스 호출을 위한 MatchingClient가 추가되었습니다. 예외 처리, 보안 설정, 애플리케이션 설정이 갱신되고, API 명세와 문서, 테스트가 함께 추가되었습니다. Changes알람 생성 기능
Estimated code review effort: 3 (Moderate) | ~25 minutes Sequence Diagram(s)sequenceDiagram
participant Client
participant AlarmController
participant AlarmService
participant MatchingClient
participant AlarmRepository
Client->>AlarmController: POST /alarm/{matching-id}
AlarmController->>AlarmService: create(matchingId, request)
AlarmService->>MatchingClient: getMatching(matchingId)
MatchingClient-->>AlarmService: MatchingResponse(hostId)
AlarmService->>AlarmRepository: save(Alarm)
AlarmRepository-->>AlarmService: 저장 완료
AlarmService-->>AlarmController: 완료
AlarmController-->>Client: 200 OK
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 6
🧹 Nitpick comments (6)
src/test/java/com/example/alarm/controller/AlarmControllerTest.java (1)
105-118: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win
matchingResponse헬퍼가AlarmServiceTest와 중복됨.동일한
MatchingResponse생성 로직이AlarmServiceTest.matchingResponse에도 존재합니다. 공통 테스트 픽스처/빌더로 추출하면 매칭 스키마 변경 시 두 곳을 동시에 수정하지 않아도 됩니다.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/test/java/com/example/alarm/controller/AlarmControllerTest.java` around lines 105 - 118, The matchingResponse helper in AlarmControllerTest duplicates the same MatchingResponse test fixture used in AlarmServiceTest. Extract the shared object creation logic into a common test fixture/builder and have both tests call that shared helper instead of maintaining separate copies, using the matchingResponse symbol and the MatchingResponse constructor as the main place to consolidate.src/main/resources/application.yaml (1)
4-15: 🚀 Performance & Scalability | 🔵 Trivial | ⚡ Quick win
show-sql: true가 환경 구분 없이 고정됨모든 프로필에서 SQL 로그가 활성화되어 있어, 운영 환경에서 쿼리 파라미터 등 민감 정보가 로그에 노출되거나 불필요한 I/O 오버헤드가 발생할 수 있습니다. 프로필별로 분리하거나 기본값을
false로 두는 것을 권장합니다.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/main/resources/application.yaml` around lines 4 - 15, The JPA configuration currently hardcodes show-sql to true in application.yaml, which applies to every profile. Update the JPA settings so SQL logging is disabled by default or split into profile-specific configuration, and ensure the application uses a profile-aware property around the showSql setting in the datasource/jpa config section.src/main/java/com/example/alarm/global/config/SecurityConfig.java (1)
29-32: 🔒 Security & Privacy | 🔵 Trivial
anyRequest().permitAll()+ actuator 조합 노출 위험
/alarm/**만 인증을 요구하고 나머지는 모두permitAll()인 구조에서,build.gradle에spring-boot-starter-actuator가 포함되어 있어/actuator/**엔드포인트가 기본적으로 인증 없이 노출될 수 있습니다. 이번 diff에서 새로 만든 리스크는 아니지만, 인증 경로가 명시적 화이트리스트가 아닌 기본 허용 구조이므로 향후 엔드포인트 추가 시 의도치 않게 공개될 위험이 있습니다. actuator 경로에 대한 명시적 인증/제한 설정을 검토해 보시길 권장합니다.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/main/java/com/example/alarm/global/config/SecurityConfig.java` around lines 29 - 32, The SecurityConfig authorization rules currently use a broad anyRequest().permitAll() fallback, which can leave actuator endpoints exposed. Update the HttpSecurity configuration in SecurityConfig to explicitly restrict /actuator/** (and any other sensitive endpoints) with authenticated or role-based access instead of relying on the default allow-all rule. Keep the existing /alarm/** protection, and make the permit-all behavior only apply to clearly intended public routes.API_SPEC.yaml (1)
20-21: 🗄️ Data Integrity & Integration | 🔵 Trivial | ⚡ Quick win
matching_id경로 파라미터 타입 불일치POST 엔드포인트의
matching_id는integer/int64로 갱신되었지만(Line 20-21), 같은 경로의 PATCH 엔드포인트(Line 113-118)는 여전히type: string으로 남아있습니다. 동일 리소스 식별자에 대해 타입이 다르게 문서화되어 있어 클라이언트/SDK 생성 시 혼란을 줄 수 있습니다.📝 제안 수정
patch: summary: alarmReadUpdate ... parameters: - name: matching_id in: path description: '' required: true schema: - type: string + type: integer + format: int64Also applies to: 113-118
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@API_SPEC.yaml` around lines 20 - 21, The `matching_id` path parameter is documented inconsistently across the same resource, with POST using integer/int64 while PATCH still uses string. Update the PATCH endpoint definition in `API_SPEC.yaml` to match the POST `matching_id` schema, and ensure the shared path parameter spec uses the same `type: integer` and `format: int64` so SDK/client generation sees one consistent identifier type.src/main/java/com/example/alarm/entity/Alarm.java (1)
15-15: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value테이블명
Matchings_Alarm확인 필요.엔티티명은
Alarm인데 테이블명은Matchings_Alarm으로 지정되어 있습니다. 다른 도메인(매칭) 접두사가 붙은 의도가 명확하지 않으면Alarm으로 통일하는 것을 고려해주세요. 만약 스키마 공유 등 의도된 네이밍이라면 무시해도 좋습니다.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/main/java/com/example/alarm/entity/Alarm.java` at line 15, The Alarm entity is mapped with a table name that uses the unrelated Matchings prefix, so verify whether this is intentional. Review the `@Table` mapping on Alarm and either rename the table reference to match the Alarm domain consistently or keep Matchings_Alarm only if the shared-schema naming is deliberate; make the decision in the Alarm class annotation so the entity/table relationship is clear.src/main/java/com/example/alarm/global/exception/MatchingClientException.java (1)
3-8: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win원인 예외를 포함하는 생성자 추가 제안.
MatchingClient에서 하위RestClientException을 래핑하려면 cause를 전달할 수 있는 생성자가 필요합니다.♻️ 생성자 추가 제안
public class MatchingClientException extends RuntimeException { public MatchingClientException(String message) { super(message); } + + public MatchingClientException(String message, Throwable cause) { + super(message, cause); + } }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/main/java/com/example/alarm/global/exception/MatchingClientException.java` around lines 3 - 8, Add a cause-aware constructor to MatchingClientException so MatchingClient can wrap lower-level RestClientException instances. Update the MatchingClientException class to accept both a message and a Throwable cause, and delegate to the matching RuntimeException superclass constructor; keep the existing single-argument constructor intact for current call sites.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/main/java/com/example/alarm/client/MatchingClient.java`:
- Around line 22-33: In MatchingClient.getMatching, 4xx/5xx responses from
restClient.get().retrieve().body(...) are escaping as
RestClientResponseException instead of MatchingClientException. Wrap the
retrieve/body call in MatchingClientException handling, and use the new
MatchingClientException(String, Throwable) constructor to preserve the original
error when the request to /internal/matchings/{matchingId} fails. Keep the
existing null-response guard, but ensure any non-success HTTP status from
getMatching is converted before it leaves the method so GlobalExceptionHandler
can map it correctly.
- Around line 14-20: `MatchingClient`의 생성자에서 `RestClient.builder()`를
`baseUrl`만으로 구성하고 있어 외부 호출 타임아웃이 빠져 있습니다. `MatchingClient` 생성 시점에 connect/read
타임아웃을 설정하도록 `RestClient` 빌더에 요청 설정을 추가하고, 필요하면 공통 HTTP 클라이언트 설정을 재사용할 수 있게
정리하세요. `MatchingClient`와 `RestClient.builder()`를 기준으로 수정 위치를 찾아 적용하면 됩니다.
In
`@src/main/java/com/example/alarm/global/exception/GlobalExceptionHandler.java`:
- Around line 24-28: `GlobalExceptionHandler.matchingClientHandleException` only
maps `MatchingClientException` to 502, while other `RestClient` failures from
`MatchingClient.getMatching(...)` still fall through to the generic 500 handler.
Update the error flow by either wrapping `RestClientException`-type failures in
`MatchingClient` into `MatchingClientException`, or add a dedicated handler in
`GlobalExceptionHandler` for `RestClientException`/its subclasses and map
downstream service failures to 502/504 as appropriate.
In `@src/main/java/com/example/alarm/service/AlarmService.java`:
- Around line 19-26: `AlarmService.create` currently performs
`matchingClient.getMatching()` inside the `@Transactional` method, which keeps
the transaction open during an external HTTP call. Move the external lookup out
of the transactional boundary, then keep only the `alarmRepository.save(...)`
portion inside a transactional method. Use the `create`,
`matchingClient.getMatching`, and `alarmRepository.save` symbols to split the
flow cleanly.
- Around line 3-4: Add explicit connect and read timeout settings to the
RestClient configuration used by MatchingClient so AlarmService does not block
indefinitely on slow or failing matching calls. Locate the MatchingClient
factory/builder code that creates the RestClient with RestClient.builder(), and
configure both connection and response timeouts there; keep the existing
MatchingResponse handling unchanged.
In `@src/main/resources/application.yaml`:
- Around line 19-20: `matching-service.base-url` is silently falling back to a
local default when `MATCHING_SERVICE_BASE_URL` is missing, which should be
fail-fast if this setting is required. Update the `matching-service`
configuration in `application.yaml` to remove the default value and make the
property mandatory, so startup fails clearly when the environment variable is
not provided. Use the `matching-service.base-url` key as the locator for this
change.
---
Nitpick comments:
In `@API_SPEC.yaml`:
- Around line 20-21: The `matching_id` path parameter is documented
inconsistently across the same resource, with POST using integer/int64 while
PATCH still uses string. Update the PATCH endpoint definition in `API_SPEC.yaml`
to match the POST `matching_id` schema, and ensure the shared path parameter
spec uses the same `type: integer` and `format: int64` so SDK/client generation
sees one consistent identifier type.
In `@src/main/java/com/example/alarm/entity/Alarm.java`:
- Line 15: The Alarm entity is mapped with a table name that uses the unrelated
Matchings prefix, so verify whether this is intentional. Review the `@Table`
mapping on Alarm and either rename the table reference to match the Alarm domain
consistently or keep Matchings_Alarm only if the shared-schema naming is
deliberate; make the decision in the Alarm class annotation so the entity/table
relationship is clear.
In `@src/main/java/com/example/alarm/global/config/SecurityConfig.java`:
- Around line 29-32: The SecurityConfig authorization rules currently use a
broad anyRequest().permitAll() fallback, which can leave actuator endpoints
exposed. Update the HttpSecurity configuration in SecurityConfig to explicitly
restrict /actuator/** (and any other sensitive endpoints) with authenticated or
role-based access instead of relying on the default allow-all rule. Keep the
existing /alarm/** protection, and make the permit-all behavior only apply to
clearly intended public routes.
In
`@src/main/java/com/example/alarm/global/exception/MatchingClientException.java`:
- Around line 3-8: Add a cause-aware constructor to MatchingClientException so
MatchingClient can wrap lower-level RestClientException instances. Update the
MatchingClientException class to accept both a message and a Throwable cause,
and delegate to the matching RuntimeException superclass constructor; keep the
existing single-argument constructor intact for current call sites.
In `@src/main/resources/application.yaml`:
- Around line 4-15: The JPA configuration currently hardcodes show-sql to true
in application.yaml, which applies to every profile. Update the JPA settings so
SQL logging is disabled by default or split into profile-specific configuration,
and ensure the application uses a profile-aware property around the showSql
setting in the datasource/jpa config section.
In `@src/test/java/com/example/alarm/controller/AlarmControllerTest.java`:
- Around line 105-118: The matchingResponse helper in AlarmControllerTest
duplicates the same MatchingResponse test fixture used in AlarmServiceTest.
Extract the shared object creation logic into a common test fixture/builder and
have both tests call that shared helper instead of maintaining separate copies,
using the matchingResponse symbol and the MatchingResponse constructor as the
main place to consolidate.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: d7800916-38dd-4f17-a0ad-b5754067fd11
📒 Files selected for processing (25)
API_SPEC.yamlbuild.gradledocs/common/architecture-guide.mddocs/common/coding-convention.mdsrc/main/java/com/example/alarm/client/MatchingClient.javasrc/main/java/com/example/alarm/client/dto/MatchingResponse.javasrc/main/java/com/example/alarm/client/dto/MatchingStatus.javasrc/main/java/com/example/alarm/controller/AlarmController.javasrc/main/java/com/example/alarm/dto/request/AlarmCreateRequest.javasrc/main/java/com/example/alarm/entity/Alarm.javasrc/main/java/com/example/alarm/global/config/SecurityConfig.javasrc/main/java/com/example/alarm/global/exception/GlobalExceptionHandler.javasrc/main/java/com/example/alarm/global/exception/MatchingClientException.javasrc/main/java/com/example/alarm/global/security/JwtFilter.javasrc/main/java/com/example/alarm/global/security/JwtProvider.javasrc/main/java/com/example/alarm/global/security/Role.javasrc/main/java/com/example/alarm/global/security/UserPrincipal.javasrc/main/java/com/example/alarm/global/util/ResponseUtil.javasrc/main/java/com/example/alarm/repository/AlarmRepository.javasrc/main/java/com/example/alarm/service/AlarmService.javasrc/main/resources/application.yamlsrc/test/java/com/example/alarm/controller/AlarmControllerTest.javasrc/test/java/com/example/alarm/repository/AlarmRepositoryTest.javasrc/test/java/com/example/alarm/service/AlarmServiceTest.javasrc/test/resources/application.yaml
💤 Files with no reviewable changes (3)
- src/main/java/com/example/alarm/global/security/JwtProvider.java
- src/main/java/com/example/alarm/global/security/JwtFilter.java
- src/main/java/com/example/alarm/global/security/UserPrincipal.java
#️⃣ 연관된 이슈
close #1
📝 작업 내용
💬 리뷰 요청 사항 (선택)
Summary by CodeRabbit
New Features
Bug Fixes
Documentation
Tests