(#87) unit test baseline과 서비스 계층 테스트 도입

* test: 백엔드 unit test baseline과 서비스 계층 테스트 도입

- unit test runtime과 workflow verification baseline 정렬
- pure component와 domain service 계층 테스트 추가
- locale 및 wall-clock 의존을 줄이는 최소 seam 보강

* test: 리뷰 피드백과 fixture 안정성을 보강

- unresolved PR 리뷰 스레드의 테스트 안정성 피드백 반영
- TestFixtures 의존을 단순화해 IDE 해석 안정성 개선
- badge diff 포맷과 응답 단언 범위를 보강

Author: alexization

.github/workflows/ci.yml

@@ -12,7 +12,7 @@ on:
 
 jobs:
   verify:
-    name: Build Verification
+    name: Test and Build Verification
     runs-on: ubuntu-latest
 
     steps:
@@ -29,5 +29,8 @@ jobs:
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
-      - name: Run packaging build
-        run: ./gradlew build
+      - name: Run unit tests
+        run: ./gradlew test
+
+      - name: Run packaging build without rerunning tests
+        run: ./gradlew build -x test

.github/workflows/deploy.yml

@@ -13,7 +13,7 @@ env:
 
 jobs:
   verify:
-    name: Pre-deploy Build Verification
+    name: Pre-deploy Test and Build Verification
     runs-on: ubuntu-latest
 
     steps:
@@ -30,8 +30,11 @@ jobs:
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
-      - name: Run packaging build
-        run: ./gradlew build
+      - name: Run unit tests
+        run: ./gradlew test
+
+      - name: Run packaging build without rerunning tests
+        run: ./gradlew build -x test
 
   docker:
     name: Build & Push Docker Image

AGENTS.md

@@ -8,7 +8,7 @@
 2. `build.gradle`, `settings.gradle`에서 모듈 구조, 의존성, verification task를 확인한다.
 3. `.github/workflows/ci.yml`, `.github/workflows/deploy.yml`에서 CI verification lane과 pre-deploy gate를 확인한다.
 4. 테스트 코드 작성이나 TDD 기반 기능 구현 요청이면 `.codex/skills/README.md`와 `red`, `green`, `refactor` skill을 먼저 확인한다.
-5. 현재 `src/test/` tree는 baseline reset 상태이므로, follow-up verification rebuild 전까지는 `build.gradle`과 workflow가 retained build-only lane을 어떻게 고정하는지 먼저 본다.
+5. `src/test/` tree와 `build.gradle`의 test runtime 구성을 함께 확인하고, unit test baseline이 `./gradlew test` 기준으로 정렬되어 있는지 본다.
 6. `src/main/java/`, `src/main/resources/`에서 실제 구현과 runtime config를 읽는다.
 
 ## Source Of Truth
@@ -24,11 +24,12 @@
 
 - backend 구현 세부사항은 workflow repo 문서가 아니라 이 저장소의 문서, 설정, 코드, 테스트가 canonical source다.
 - root `README.md`는 개요만 유지한다. concrete bootstrap, verification, entrypoint 설명은 `AGENTS.md`와 named entry docs가 맡는다.
-- 현재 verification baseline command set은 `./gradlew build`다.
-- current baseline에는 dedicated test/integration lane이 없다. follow-up rebuild가 필요하면 `build.gradle`, workflow YAML, `AGENTS.md`를 함께 갱신한 뒤 repo-local baseline으로 다시 도입한다.
+- 현재 verification baseline command set은 `./gradlew test`, `./gradlew build`다.
+- current baseline은 unit-test gate를 포함하지만 dedicated integration lane은 없다. follow-up rebuild가 필요하면 `build.gradle`, workflow YAML, `AGENTS.md`를 함께 갱신한 뒤 repo-local baseline으로 다시 도입한다.
+- CI와 deploy verification에서 `./gradlew test`를 먼저 실행한 뒤 packaging build는 `./gradlew build -x test`로 수행해 test suite를 중복 실행하지 않는다.
 - verification lane이나 deploy gate를 바꾸면 `build.gradle`, workflow YAML, `AGENTS.md`를 함께 맞춘다.
 - repo-local TDD workflow는 `.codex/skills/red`, `.codex/skills/green`, `.codex/skills/refactor`가 소유한다.
 - 테스트 코드 작성 요청이나 TDD 기반 기능 구현 요청이 들어오면 기본 순서를 `red -> green -> refactor`로 고정한다.
 - `red`는 failing test와 현재 slice를 잠그고, `green`은 최소 production 변경으로 pass를 만들고, `refactor`는 green을 유지한 채 구조만 정리한다.
-- 현재 baseline이 build-only 상태이므로, test dependency 추가나 verification lane rebuild가 필요하면 그 범위를 spec에 먼저 잠그고 `build.gradle`, workflow YAML, `AGENTS.md`를 함께 갱신한다.
+- unit test baseline을 바꾸거나 test dependency를 조정할 때는 그 범위를 spec에 먼저 잠그고 `build.gradle`, workflow YAML, `AGENTS.md`를 함께 갱신한다.
 - repo-local skill로 해결되지 않는 작업만 이 문서와 nearest code/test를 추가로 읽고 진행한다.

build.gradle

@@ -46,7 +46,14 @@ dependencies {
 	runtimeOnly 'io.micrometer:micrometer-registry-prometheus'
 	runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.3'
 	runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.3'
+	testImplementation 'org.springframework.boot:spring-boot-starter-test'
+	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }
+
+tasks.named('test') {
+	useJUnitPlatform()
+}
+
 tasks.named('processResources') {
 	filteringCharset = 'UTF-8'
 	filesMatching('static/swagger-ui/index.html') {

src/main/java/com/gitranker/api/domain/badge/BadgeFormatter.java

@@ -2,32 +2,34 @@
 
 import org.springframework.stereotype.Component;
 
+import java.util.Locale;
+
 /**
  * 배지에 표시되는 숫자 및 텍스트 포맷팅을 담당하는 컴포넌트.
  */
 @Component
 public class BadgeFormatter {
 
     public String formatNumber(long number) {
-        return String.format("%,d", number);
+        return String.format(Locale.US, "%,d", number);
     }
 
     public String formatCount(int count) {
-        return String.format("%,d", count);
+        return String.format(Locale.US, "%,d", count);
     }
 
     public String formatDiff(int diff) {
         if (diff > 0) {
-            return String.format("<tspan class='diff-plus' dy='-1'>+%d</tspan>", diff);
+            return String.format(Locale.US, "<tspan class='diff-plus' dy='-1'>+%d</tspan>", diff);
         }
         if (diff < 0) {
-            return String.format("<tspan class='diff-minus' dy='-1'>-%d</tspan>", Math.abs(diff));
+            return String.format(Locale.US, "<tspan class='diff-minus' dy='-1'>-%d</tspan>", Math.abs(diff));
         }
         return "";
     }
 
     public String formatTierName(String tierName) {
-        return tierName.charAt(0) + tierName.substring(1).toLowerCase();
+        return tierName.charAt(0) + tierName.substring(1).toLowerCase(Locale.ROOT);
     }
 
     public int calculateTierFontSize(String displayTierName) {

src/main/java/com/gitranker/api/domain/badge/BadgeService.java

@@ -35,7 +35,7 @@ public String generateBadge(String nodeId) {
 
         ActivityLog activityLog = Optional.ofNullable(
                 activityLogRepository.getTopByUserOrderByActivityDateDesc(user)
-        ).orElseGet(() -> ActivityLog.empty(user, LocalDate.now()));
+        ).orElseGet(() -> ActivityLog.empty(user, currentDate()));
 
         LogContext.event(Event.BADGE_VIEWED)
                 .with("target_username", user.getUsername())
@@ -71,4 +71,8 @@ public String generateBadgeByTier(Tier tier) {
 
         return svgBadgeRenderer.render(user, tier, activityLog);
     }
+
+    LocalDate currentDate() {
+        return LocalDate.now();
+    }
 }

src/main/java/com/gitranker/api/domain/badge/SvgBadgeRenderer.java

@@ -6,6 +6,8 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Component;
 
+import java.util.Locale;
+
 /**
  * SVG 배지 렌더링을 담당하는 컴포넌트.
  */
@@ -24,7 +26,7 @@ public String render(User user, Tier tier, ActivityLog activityLog) {
         String displayTierName = formatter.formatTierName(tier.name());
         int tierFontSize = formatter.calculateTierFontSize(displayTierName);
 
-        return String.format(SVG_TEMPLATE,
+        return String.format(Locale.US, SVG_TEMPLATE,
                 gradientDefs,
                 FONT_IMPORT_CSS,
                 tierFontSize,

src/main/java/com/gitranker/api/domain/user/service/BaselineStatsCalculator.java

@@ -20,7 +20,7 @@ public class BaselineStatsCalculator {
     private final GitHubDataMapper gitHubDataMapper;
 
     public ActivityStatistics calculate(User user, GitHubAllActivitiesResponse rawResponse) {
-        int currentYear = LocalDate.now().getYear();
+        int currentYear = currentDate().getYear();
         int userJoinYear = user.getGithubCreatedAt().getYear();
 
         if (userJoinYear < currentYear) {
@@ -30,4 +30,8 @@ public ActivityStatistics calculate(User user, GitHubAllActivitiesResponse rawRe
 
         return null;
     }
+
+    LocalDate currentDate() {
+        return LocalDate.now();
+    }
 }

src/test/java/com/gitranker/api/domain/auth/service/AuthServiceTest.java

@@ -0,0 +1,153 @@
+package com.gitranker.api.domain.auth.service;
+
+import com.gitranker.api.domain.auth.RefreshToken;
+import com.gitranker.api.domain.auth.RefreshTokenRepository;
+import com.gitranker.api.domain.user.Role;
+import com.gitranker.api.domain.user.User;
+import com.gitranker.api.global.auth.AuthCookieManager;
+import com.gitranker.api.global.auth.jwt.JwtProvider;
+import com.gitranker.api.global.error.ErrorType;
+import com.gitranker.api.global.error.exception.BusinessException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.time.LocalDateTime;
+import java.util.Optional;
+
+import static com.gitranker.api.support.TestFixtures.refreshToken;
+import static com.gitranker.api.support.TestFixtures.savedUser;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class AuthServiceTest {
+
+    @InjectMocks
+    private AuthService authService;
+
+    @Mock
+    private RefreshTokenRepository refreshTokenRepository;
+    @Mock
+    private RefreshTokenService refreshTokenService;
+    @Mock
+    private JwtProvider jwtProvider;
+    @Mock
+    private AuthCookieManager authCookieManager;
+
+    @Test
+    @DisplayName("유효한 refresh token이면 새 access/refresh token 쿠키를 발급한다")
+    void refreshesAccessTokenForValidRefreshToken() {
+        User user = savedUser(1L, "alice");
+        RefreshToken refreshToken = refreshToken(user, "valid-token", validExpiry());
+        HttpServletResponse response = mock(HttpServletResponse.class);
+
+        when(refreshTokenRepository.findByToken("valid-token")).thenReturn(Optional.of(refreshToken));
+        when(jwtProvider.createAccessToken("alice", Role.USER)).thenReturn("new-access-token");
+        when(refreshTokenService.issueRefreshToken(user)).thenReturn("new-refresh-token");
+
+        authService.refreshAccessToken("valid-token", response);
+
+        verify(authCookieManager).addAccessTokenCookie(response, "new-access-token");
+        verify(authCookieManager).addRefreshTokenCookie(response, "new-refresh-token");
+    }
+
+    @Test
+    @DisplayName("존재하지 않는 refresh token이면 INVALID_REFRESH_TOKEN 예외가 발생한다")
+    void throwsWhenRefreshTokenDoesNotExist() {
+        when(refreshTokenRepository.findByToken("missing")).thenReturn(Optional.empty());
+
+        assertThatThrownBy(() -> authService.refreshAccessToken("missing", mock(HttpServletResponse.class)))
+                .isInstanceOf(BusinessException.class)
+                .extracting(exception -> ((BusinessException) exception).getErrorType())
+                .isEqualTo(ErrorType.INVALID_REFRESH_TOKEN);
+    }
+
+    @Test
+    @DisplayName("만료된 refresh token이면 삭제 후 EXPIRED_REFRESH_TOKEN 예외가 발생한다")
+    void deletesExpiredRefreshTokenBeforeThrowing() {
+        User user = savedUser(1L, "alice");
+        RefreshToken expiredToken = refreshToken(user, "expired-token", expiredAt());
+
+        when(refreshTokenRepository.findByToken("expired-token")).thenReturn(Optional.of(expiredToken));
+
+        assertThatThrownBy(() -> authService.refreshAccessToken("expired-token", mock(HttpServletResponse.class)))
+                .isInstanceOf(BusinessException.class)
+                .extracting(exception -> ((BusinessException) exception).getErrorType())
+                .isEqualTo(ErrorType.EXPIRED_REFRESH_TOKEN);
+
+        verify(refreshTokenRepository).delete(expiredToken);
+        verify(authCookieManager, never()).addAccessTokenCookie(org.mockito.ArgumentMatchers.any(), org.mockito.ArgumentMatchers.anyString());
+    }
+
+    @Test
+    @DisplayName("본인 token으로 logout하면 token을 삭제하고 쿠키와 세션을 정리한다")
+    void logsOutAndClearsSessionForMatchingUser() {
+        User user = savedUser(1L, "alice");
+        RefreshToken refreshToken = refreshToken(user, "valid-token", validExpiry());
+        HttpServletRequest request = mock(HttpServletRequest.class);
+        HttpServletResponse response = mock(HttpServletResponse.class);
+        HttpSession session = mock(HttpSession.class);
+
+        when(refreshTokenRepository.findByToken("valid-token")).thenReturn(Optional.of(refreshToken));
+        when(request.getSession(false)).thenReturn(session);
+
+        authService.logout(user, "valid-token", request, response);
+
+        verify(refreshTokenRepository).deleteByToken("valid-token");
+        verify(authCookieManager).clearAccessTokenCookie(response);
+        verify(authCookieManager).clearRefreshTokenCookie(response);
+        verify(session).invalidate();
+    }
+
+    @Test
+    @DisplayName("다른 사용자의 token으로 logout하면 FORBIDDEN 예외가 발생한다")
+    void throwsForbiddenForOtherUsersToken() {
+        User currentUser = savedUser(1L, "alice");
+        User otherUser = savedUser(2L, "bob");
+        RefreshToken refreshToken = refreshToken(otherUser, "foreign-token", validExpiry());
+
+        when(refreshTokenRepository.findByToken("foreign-token")).thenReturn(Optional.of(refreshToken));
+
+        assertThatThrownBy(() -> authService.logout(currentUser, "foreign-token", mock(HttpServletRequest.class), mock(HttpServletResponse.class)))
+                .isInstanceOf(BusinessException.class)
+                .extracting(exception -> ((BusinessException) exception).getErrorType())
+                .isEqualTo(ErrorType.FORBIDDEN);
+    }
+
+    @Test
+    @DisplayName("logoutAll은 사용자의 모든 token과 쿠키를 정리한다")
+    void logoutAllClearsAllTokensAndCookies() {
+        User user = savedUser(1L, "alice");
+        HttpServletRequest request = mock(HttpServletRequest.class);
+        HttpServletResponse response = mock(HttpServletResponse.class);
+        HttpSession session = mock(HttpSession.class);
+
+        when(request.getSession(false)).thenReturn(session);
+
+        authService.logoutAll(user, request, response);
+
+        verify(refreshTokenRepository).deleteAllByUser(user);
+        verify(authCookieManager).clearAccessTokenCookie(response);
+        verify(authCookieManager).clearRefreshTokenCookie(response);
+        verify(session).invalidate();
+    }
+
+    private LocalDateTime validExpiry() {
+        return LocalDateTime.now().plusDays(1);
+    }
+
+    private LocalDateTime expiredAt() {
+        return LocalDateTime.now().minusDays(1);
+    }
+}