Conversation
✅ 테스트 결과 for PRBuild: success 🧪 테스트 실행 with Gradle |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
Pull request overview
Adds a versioned Redis cache key prefix to allow cache invalidation via namespace changes, and updates related cache configuration.
Changes:
- Introduces
app.cache.redis-prefixconfiguration and applies it to Spring Cache Redis key prefixes. - Modifies Redis cache value serialization typing configuration.
- Enables P6Spy logging in
application.yml.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| src/main/resources/application.yml | Adds app.cache.redis-prefix default and flips P6Spy logging to enabled. |
| src/main/java/until/the/eternity/config/RedisConfig.java | Reads app.cache.redis-prefix, applies it via computePrefixWith, and changes Jackson default typing mode. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| objectMapper.activateDefaultTyping( | ||
| LaissezFaireSubTypeValidator.instance, | ||
| DefaultTyping.NON_FINAL, | ||
| DefaultTyping.EVERYTHING, | ||
| JsonTypeInfo.As.PROPERTY); |
There was a problem hiding this comment.
activateDefaultTyping with LaissezFaireSubTypeValidator is already permissive; switching to DefaultTyping.EVERYTHING further expands polymorphic type metadata to essentially all values, increasing the risk of unsafe deserialization gadgets and unexpected payload bloat. Prefer a narrower typing mode (e.g., NON_FINAL / OBJECT_AND_NON_CONCRETE) and a restrictive PolymorphicTypeValidator allowlisting only your DTO packages, or avoid global default typing entirely for cache serialization.
| @EnableCaching | ||
| public class RedisConfig implements CachingConfigurer { | ||
|
|
||
| @Value("${app.cache.redis-prefix:oab:v2}") |
There was a problem hiding this comment.
The default value for app.cache.redis-prefix is defined both here in @Value(...:oab:v2) and in application.yml. Keeping defaults in two places makes future version bumps easy to miss; consider defining the default only in configuration (and reference ${app.cache.redis-prefix} here without an inline default), or binding via @ConfigurationProperties for a single source of truth.
| @Value("${app.cache.redis-prefix:oab:v2}") | |
| @Value("${app.cache.redis-prefix}") |
| objectMapper.activateDefaultTyping( | ||
| LaissezFaireSubTypeValidator.instance, | ||
| DefaultTyping.NON_FINAL, | ||
| DefaultTyping.EVERYTHING, | ||
| JsonTypeInfo.As.PROPERTY); |
There was a problem hiding this comment.
This PR is titled around Redis cache prefix versioning, but this change also modifies the cache value serialization behavior (DefaultTyping) which can affect compatibility and security posture. If this is intentional, it should be called out in the PR description (or split into a separate PR) because it’s a behavior change independent of key prefixing.
| datasource: | ||
| p6spy: | ||
| enable-logging: false | ||
| enable-logging: true |
There was a problem hiding this comment.
decorator.datasource.p6spy.enable-logging is now enabled by default in the main application.yml. This can significantly increase log volume and may expose SQL/parameter values in non-local environments; consider defaulting to false and controlling it via an environment variable or profile-specific config (the application-sample.yml currently defaults it to false).
| enable-logging: true | |
| enable-logging: ${P6SPY_ENABLE_LOGGING:false} |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
src/main/resources/application.yml:100
decorator.datasource.p6spy.enable-loggingis now hard-coded totruein the mainapplication.yml. This will enable SQL logging in all environments that use this config, which can significantly increase log volume and may leak sensitive query parameters. Consider defaulting this back tofalseand/or wiring it to an env var (or profile-specific config) so it’s only enabled for local/dev.
decorator:
datasource:
p6spy:
enable-logging: false
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| app: | ||
| cache: | ||
| redis-prefix: ${APP_CACHE_REDIS_PREFIX:oab:v2} # 직렬화 방식 변경 시 버전업 필요 | ||
| warmup: | ||
| enabled: ${APP_CACHE_WARMUP_ENABLED:true} |
There was a problem hiding this comment.
A new app.cache.redis-prefix property was added here, but application-sample.yml still appears to have no corresponding entry (and still uses the old enable-logging: false value for p6spy). To avoid configuration drift for developers, please mirror this new property (and intended defaults) in application-sample.yml as well.
📋 상세 설명
app.cache.redis-prefix설정을 도입하고, 이를 Spring Cache Redis 키 prefix에 적용application.yml에서 P6Spy 로깅을 활성화📊 체크리스트