[공통] sitemap.xml 자동 생성 및 robots.txt 강화

[dooohun]

What is this PR? 🔍

• 기능 : next-sitemap 도입으로 sitemap.xml / robots.txt 자동 생성
• issue : SEO 메타데이터 인프라 구축 및 사이트맵/robots 정비 #1256

Changes 📝

• next-sitemap.config.js — siteUrl(stage/prod 자동 분기), 비공개 경로 exclude, robots Disallow 정책
• package.json — next-sitemap 추가, build 스크립트에 체이닝 (Yarn 4는 postbuild 훅 자동 실행 안 함)
• .gitignore — public/sitemap*.xml, public/robots.txt 추가

삭제

• public/robots.txt — 빌드 시 자동 생성으로 대체

Disallow 대상

• /auth, /webview, /report, /callvan/add|chat|notifications, /timetable/modify, /clubs/new|edit|recruitment/edit, /lost-item/edit|report|chat, /store/review, /monitoring

ScreenShot 📷

N/A

Test CheckList ✅

• yarn build 후 sitemap.xml, robots.txt 정상 생성
• 배포 후 접근 확인

Precaution

• next-sitemap.config.js는 ESM (export default) — package.json의 "type": "module"과 정합
• 동적 SSR 라우트(clubs/[id], lost-item/[id])는 sitemap 자동 검출 대상 외. 필요 시 후속 PR에서 additionalPaths로 추가

✔️ Please check if the PR fulfills these requirements

• It's submitted to the correct branch, not the develop branch unconditionally?
• If on a hotfix branch, ensure it targets main?
• There are no warning message when you run yarn lint

Summary by CodeRabbit

• 새로운 기능
  • 사이트맵 및 robots.txt 자동 생성으로 SEO 개선
  • 환경에 따라 스테이징/프로덕션 도메인을 자동 선택하여 올바른 사이트맵 생성
• 변경(빌드)
  • 빌드 프로세스에 사이트맵 생성 단계 추가
• 기타
  • 빌드 산출물(사이트맵/robots 등) 및 빌드 플러그인 환경 파일을 무시하도록 설정 업데이트

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ff0bf685-317f-4f7a-bcdf-f3657a5ec4a0

📥 Commits

Reviewing files that changed from the base of the PR and between d22af96 and 1e44aba.

📒 Files selected for processing (1)

• next-sitemap.config.js

🚧 Files skipped from review as they are similar to previous changes (1)

• next-sitemap.config.js

---

Walkthrough

Next.js 빌드 파이프라인에 next-sitemap을 통합해 환경별 siteUrl을 선택하고 PRIVATE_PATHS를 제외한 sitemap과 robots.txt를 생성하며, 관련 생성물을 .gitignore에 추가합니다.

Changes

Sitemap 및 Robots.txt 생성 통합

Layer / File(s)	Summary
환경 기반 사이트 URL 선택 next-sitemap.config.js	NEXT_PUBLIC_API_PATH에서 'stage' 포함 여부로 스테이징 또는 프로덕션 siteUrl을 선택합니다.
비공개 경로 정의 next-sitemap.config.js	인증이 필요하거나 비공개인 경로 패턴들을 PRIVATE_PATHS 배열로 정의합니다.
Sitemap 생성 설정 내보내기 next-sitemap.config.js	사이트맵 옵션(sitemapSize, changefreq, priority)을 설정하고 exclude에 기본 Next.js 라우트와 PRIVATE_PATHS를 병합하며 robotsTxtOptions 정책을 정의해 export default합니다.
빌드 스크립트 및 의존성 package.json	build 스크립트를 tsc && next build && next-sitemap로 변경하고 devDependencies에 next-sitemap@^4.2.3을 추가합니다.
생성 산출물 무시 설정 .gitignore	.env.sentry-build-plugin, public/sitemap*.xml, public/robots.txt를 git 무시 목록에 추가합니다.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10분

Suggested labels

⚙ Setting

Suggested reviewers

• JeongWon-CHO

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	PR 제목은 주요 변경사항인 sitemap.xml 자동 생성과 robots.txt 강화를 명확하게 요약하고 있으며, 변경 내용과 직접적으로 관련됨.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/#1256/seo-sitemap

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@next-sitemap.config.js`:
- Around line 43-65: The robotsTxtOptions.policies[0].disallow array is missing
specific patterns and non-trailing-slash variants so crawlers can still reach
private routes; update the disallow list used by robotsTxtOptions in
next-sitemap.config.js (and ensure PRIVATE_PATHS is honored) to add the wildcard
patterns '/store/review/edit/*' and '/monitoring/*' and include both trailing
and non-trailing variants for the listed prefixes (e.g., add '/auth' in addition
to '/auth/', '/webview' in addition to '/webview/', and '/report' in addition to
'/report/') so all exact and nested paths are disallowed by the policy.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f28896ab-d791-446d-8843-945f31dc1532

📥 Commits

Reviewing files that changed from the base of the PR and between 0ae4a8b and d22af96.

⛔ Files ignored due to path filters (6)

• .pnp.cjs is excluded by !.pnp.cjs and included by **
• .yarn/cache/@corex-deepmerge-npm-4.0.43-390ed1175e-c9ac6163e9.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/@next-env-npm-13.5.11-7bdb393acd-2d34ec742e.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• .yarn/cache/next-sitemap-npm-4.2.3-463254c2cb-8e88c941b5.zip is excluded by !**/.yarn/**, !**/*.zip, !.yarn/** and included by **
• public/robots.txt is excluded by !public/** and included by **
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock, !yarn.lock and included by **

📒 Files selected for processing (3)

• .gitignore
• next-sitemap.config.js
• package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

find . -name "next-sitemap.config.js" -o -name "*sitemap*" -type f | head -20

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 1409

---

🏁 Script executed:

fd -e js -e ts -e json | grep -i "sitemap\|next.config" | head -20

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 90

---

🏁 Script executed:

git ls-files | grep -i sitemap

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 151

---

🌐 Web query:

next-sitemap exclude robotsTxtOptions disallow behavior configuration

💡 Result:

In next-sitemap, the 'exclude' configuration and 'robotsTxtOptions' (specifically its 'policies' with 'disallow') serve distinct purposes with no direct interaction between them. The 'exclude' option is an array of relative paths (supporting wildcards like '/private/') that prevents specific paths from being included in the generated sitemap XML files (sitemap.xml, sitemap-.xml). It does not affect robots.txt generation.[1][2][3] Separately, 'robotsTxtOptions.policies' defines crawl policies for the generated robots.txt file. Each policy has a 'userAgent', optional 'allow' (string | string[]), and optional 'disallow' (string | string[]) directives. These follow standard robots.txt syntax to instruct crawlers on allowed/disallowed paths. For example: robotsTxtOptions: { policies: [ { userAgent: '', allow: '/', disallow: ['/admin/', '/private/'] // Crawlers should not crawl these paths }, { userAgent: 'bad-bot', disallow: '/' } ] } This generates robots.txt entries like: User-agent: * Allow: / Disallow: /admin/* Disallow: /private/ # bad-bot User-agent: bad-bot Disallow: /[3][2] 'robotsTxtOptions.additionalSitemaps' adds extra sitemap URLs to robots.txt (e.g., custom server-side sitemaps), but these may inadvertently appear in the main sitemap index despite 'exclude', due to known issues (e.g., #823, #481). Workarounds include custom 'transform' functions or disabling index sitemaps.[4][5][3] Disallowing paths in robots.txt does not exclude them from sitemaps; crawlers use sitemaps to discover URLs but respect robots.txt for crawling/indexing. Conversely, excluding from sitemaps hides from discovery but does not prevent crawling if linked elsewhere.[1][6]

Citations:

• 1: https://github.com/iamvishnusankar/next-sitemap/blob/master/packages/next-sitemap/src/interface.ts
• 2: https://www.npmjs.com/package/next-sitemap
• 3: https://github.com/iamvishnusankar/next-sitemap
• 4: not possible to exclude sitemap from "main" sitemap while including it in robots.txt iamvishnusankar/next-sitemap#823
• 5: Adding a sitemap to the robotsTxtOptions.additionalSitemaps list adds it to the sitemap index iamvishnusankar/next-sitemap#481
• 6: https://stackoverflow.com/questions/79455802/how-to-set-up-next-sitemap-to-properly-generate-robots-txt-and-sitemap-xml-for-n

---

🌐 Web query:

robots.txt trailing slash pattern matching /auth vs /auth/

💡 Result:

In robots.txt path patterns, rules are matched by “path prefix” semantics: a crawler checks whether the URL path starts with the pattern from an Allow/Disallow rule, and the “most specific” (longest matching) rule wins. That means /auth and /auth/ are not equivalent patterns; they differ in what they match around the immediate next character after auth. What matches with Disallow: /auth - It matches any URL path that starts with /auth, including /auth itself and any path that continues with anything after auth (for example /auth/anything and /authfoo). This follows from prefix matching of the path value in Allow/Disallow rules [1]. What matches with Disallow: /auth/ - It matches only URL paths that start with /auth/ (note the trailing slash), i.e., it matches /auth/ and subpaths like /auth/login, but it does NOT match /auth (the version without the slash), because that path does not start with /auth/. This is consistent with the example prefix matching behavior and the “longest specific match” rule in RFC 9309 [2]. Practical guidance - If you intend to block a directory and its contents, the standard approach is to include the trailing slash in the directory path pattern (e.g., Disallow: /auth/) [3]. - If you instead use Disallow: /auth, you may accidentally block URLs you didn’t mean to (e.g., /auth.html-like paths or other paths that merely begin with /auth but aren’t under /auth/). This risk is explicitly noted for prefix-style matching behavior in explanations of robots.txt path matching [4]. Answer to your specific comparison - Disallow: /auth blocks both /auth and /auth/… (and also anything else that has prefix /auth). - Disallow: /auth/ blocks /auth/… but does not block /auth (no trailing slash).

Citations:

• 1: https://datatracker.ietf.org/doc/html/rfc9309
• 2: https://rfc-editor.org/rfc/rfc9309.txt
• 3: https://developers.google.com/crawling/docs/robots-txt/useful-robots-txt-rules
• 4: https://stackoverflow.com/questions/72105880/should-i-use-a-trailing-slash-when-disallowing-a-directory-in-robots-txt

---

🏁 Script executed:

cat -n ./next-sitemap.config.js

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 2207

---

🏁 Script executed:

wc -l ./next-sitemap.config.js

Repository: BCSDLab/KOIN_WEB_RECODE

Length of output: 95

---

robots.txt disallow 설정이 누락되어 크롤러가 비공개 경로에 접근할 수 있습니다.

robots.txt의 disallow 목록(49-65줄)에서 다음 경로들이 누락되었습니다:

• /store/review/edit/* (PRIVATE_PATHS에는 있음)
• /monitoring/* (PRIVATE_PATHS에는 있음)

또한 /auth/, /webview/, /report/는 trailing slash 규칙으로만 설정되어 /auth, /webview, /report 정확 경로는 차단되지 않습니다. 크롤러가 이 경로들에 접근할 수 있게 됩니다.

🔧 제안 수정안

         disallow: [
-          '/auth/',
-          '/webview/',
-          '/report/',
+          '/auth',
+          '/webview',
+          '/report',
           '/callvan/add',
-          '/callvan/chat/',
+          '/callvan/chat',
           '/callvan/notifications',
           '/timetable/modify',
           '/clubs/new',
-          '/clubs/edit/',
+          '/clubs/edit',
-          '/clubs/recruitment/edit/',
+          '/clubs/recruitment/edit',
-          '/lost-item/edit/',
-          '/lost-item/report/',
+          '/lost-item/edit',
+          '/lost-item/report',
           '/lost-item/chat',
-          '/store/review/',
+          '/store/review',
+          '/store/review/edit',
+          '/monitoring',

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@next-sitemap.config.js` around lines 43 - 65, The
robotsTxtOptions.policies[0].disallow array is missing specific patterns and
non-trailing-slash variants so crawlers can still reach private routes; update
the disallow list used by robotsTxtOptions in next-sitemap.config.js (and ensure
PRIVATE_PATHS is honored) to add the wildcard patterns '/store/review/edit/*'
and '/monitoring/*' and include both trailing and non-trailing variants for the
listed prefixes (e.g., add '/auth' in addition to '/auth/', '/webview' in
addition to '/webview/', and '/report' in addition to '/report/') so all exact
and nested paths are disallowed by the policy.

[ff1451]

고생하셨습니다!

[ff1451]

이 라우트는 어떤 용도인지 알 수 있을까요?