20260220 fe #214 about attendace page#244
Merged
Merged
Conversation
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (2)
개요이 PR은 CheckInPage 라우트를 비활성화하고, 로그인 후 리다이렉트를 위해 returnUrl 쿼리 파라미터 지원을 추가하며, QR 토큰 기반의 출석 체크인을 처리하는 새로운 useCheckIn 훅을 도입합니다. 또한 axios의 baseURL을 상대 URL 사용으로 변경합니다. 변경사항
시퀀스 다이어그램sequenceDiagram
participant User as 사용자<br/>(QR 토큰 포함)
participant Browser as 브라우저
participant AttendancePage as Attendance<br/>페이지
participant useCheckIn as useCheckIn<br/>훅
participant API as 출석<br/>API
participant Toast as Toast<br/>알림
User->>Browser: QR 토큰 포함 URL 방문
Browser->>AttendancePage: Attendance 페이지 로드
AttendancePage->>useCheckIn: useCheckIn() 호출
useCheckIn->>useCheckIn: URL에서 토큰 추출
useCheckIn->>API: POST /api/attendance/check-in<br/>(qrToken 포함)
alt 성공
API-->>useCheckIn: 성공 응답
useCheckIn->>Toast: 성공 알림 표시
useCheckIn->>Browser: 현재 경로로 replace 네비게이션
else 실패
API-->>useCheckIn: 오류 응답
useCheckIn->>Toast: 오류 알림 표시
useCheckIn->>Browser: 페이지 유지
end
코드 리뷰 난이도🎯 3 (보통) | ⏱️ ~20분 관련 PR
제안 검토자
시
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 6
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@frontend/src/App.jsx`:
- Line 69: The commented-out Route for "/attendance/check-in" removes backward
compatibility for QR links; restore a route that serves the same logic as the
new Attendance flow by adding a Route for path "/attendance/check-in" that
renders (or redirects to) the existing Attendance component which uses the
useCheckIn hook, or implement a client-side redirect from "/attendance/check-in"
to the new attendance path so existing QR codes continue to work; update App.jsx
to reintroduce that mapping while keeping the single Attendance component and
its useCheckIn usage intact.
In `@frontend/src/components/login/LoginForm.jsx`:
- Around line 16-18: The code reads returnUrl from useSearchParams in the
LoginForm and then navigates to it without validation, which allows
open-redirects; fix by validating/sanitizing returnUrl before any navigation:
ensure returnUrl is an internal relative path (e.g., starts with a single '/'
and does not start with '//' and contains no scheme like 'http:' or host part),
optionally compare against an allowlist of known internal routes, and if invalid
or absent fall back to a safe default (e.g., '/'), then use that safe path for
navigation; also remove the stray console.log at the login submission (the
console.log on Line 47) to avoid leaking data.
In `@frontend/src/hooks/useCheckIn.js`:
- Around line 14-16: Remove or guard debug console logging that exposes the QR
token and detailed failure info in the useCheckIn hook: locate the console.log
calls inside the useCheckIn function that print '=== useCheckIn 실행 ===', '현재
token:', and any subsequent logs that print token or error details (including
the other occurrences noted), and either delete them or wrap them with a
development-only guard (e.g., check process.env.NODE_ENV === 'development'
before logging) so tokens and sensitive failure information are not emitted in
production. Ensure only non-sensitive, generic messages remain in production.
- Around line 11-20: The current duplicate-execution guard uses hasChecked as a
boolean which prevents re-running when token changes; instead store the
last-processed token in the ref and compare tokens: change hasChecked from
useRef(false) to useRef(null) (or useRef<string | null>()), inside the useEffect
check if hasChecked.current === token then return, and after running set
hasChecked.current = token; update both occurrences that use hasChecked and the
useEffect in useCheckIn (and the similar guard at the other location) so the
effect re-runs when token changes but still prevents duplicate runs for the same
token.
- Around line 37-39: The toast currently reads err.response?.data?.message which
doesn't match our axios interceptor's rejected shape ({ status, message, data
}), so update the error handling in frontend/src/hooks/useCheckIn.js (where
toast.error is called) to prefer the interceptor's err.message, then fall back
to err.data?.message, then the existing default string; ensure you reference the
same error object used in the catch block and pass that combined message into
toast.error.
In `@frontend/src/utils/axios.js`:
- Around line 2-5: Replace the hardcoded baseURL in the axios instance with the
BASE_URL variable so production uses the configured API host: update the api
axios.create call (symbol: api and axios.create) to set baseURL to BASE_URL (or
BASE_URL || '') instead of the empty string, and ensure any token refresh call
that already uses BASE_URL uses the same variable so API requests and the token
refresh endpoint are consistent.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (5)
frontend/src/App.jsxfrontend/src/components/login/LoginForm.jsxfrontend/src/hooks/useCheckIn.jsfrontend/src/pages/Attendance.jsxfrontend/src/utils/axios.js
…b.com/SISC-IT/sisc-web into 20260220-FE-#214-About-Attendace-Page
discipline24
approved these changes
Feb 26, 2026
This was referenced Feb 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
1) #214
2) 변경 요약 (What & Why)
useCheckIn hook 추가
로그인 폼 수정
3) 스크린샷 / 동영상 (UI 변경 시)
(해당 PR은 UI 변경 없음)
4) 상세 변경사항
1. useCheckIn hook 추가 (qr 스캔 후 사용되는 훅)
2. 로그인 폼 수정( 로그인 안된 상태로 qr 스캔하는 경우 처리)
5) 참고사항
Summary by CodeRabbit
릴리스 노트
새로운 기능
개선 사항