v0.0.5

[Byeong98]

Note

• Auth/session handling: get_current_user/get_admin_user now read access_token from cookies (fallback to Authorization); login/refresh/company login set access_token as httpOnly cookie; logout clears it; refresh endpoint returns success + cookie instead of raw token; handles admin token signatures for user endpoints.
• CI/CD: New development deploy workflow /.github/workflows/deploy-dev.yml builds, ships, and runs Docker via SSH with Traefik labels and Discord notifications. Production workflow simplifies notifications with a unified message. Jenkinsfile improves container detection, health check error handling, and cleanup (explicit rm/rmi).
• Containerization: Dockerfile/dockerfile now install and configure Redis, add entrypoint.sh, expose 8000, and start Redis before running Uvicorn (DB migration commented out).

^{Written by Cursor Bugbot for commit 539fedf. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

This is the final PR Bugbot will review for you during this billing cycle

Your free Bugbot reviews will reset on February 18

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Cookie max_age uses minutes instead of seconds

High Severity

The max_age parameter in set_cookie() expects seconds, but SETTINGS.ACCESS_TOKEN_EXPIRE_MINUTES contains a value in minutes. For example, if ACCESS_TOKEN_EXPIRE_MINUTES is 30, the cookie expires after 30 seconds instead of 30 minutes, causing users to appear logged out even though their JWT token is still valid. The value needs to be multiplied by 60 to convert minutes to seconds.

Additional Locations (2)

• app/auth/router.py#L327-L328
• app/auth/router.py#L472-L473

 

[cursor]

Company user authentication broken after cookie migration

High Severity

The company_login endpoint was changed to set the access token in a cookie instead of returning it in the JSON body (commented as "이제 쿠키로 감" - "now goes via cookie"). However, get_current_company_user was not updated to read from cookies like get_current_user and get_admin_user were. It still only reads from HTTPBearer() credentials (Authorization header), so company users will fail authentication on protected endpoints.

Additional Locations (1)

• app/auth/dependencies.py#L91-L98

 

[cursor]

Missing exec causes ungraceful container shutdown

Medium Severity

The exec command was removed from the uvicorn startup line. Without exec, the shell process remains as PID 1 instead of uvicorn. When Docker sends SIGTERM to stop the container, the shell receives it but doesn't forward it to uvicorn. This prevents graceful shutdown, causing in-flight requests to be dropped and database connections to not be closed properly during deployments.