Groups the repo root into src (buildable source), docs (already existed),
and everything else (db/, scripts/, tests/, deploy/ - deployment/ops/test
assets that aren't compiled, already organized as their own folders). CI
now only needs src/ to build: dotnet restore/build/test/publish all point
at src/TaxBaik.sln, src/TaxBaik.Web/, src/TaxBaik.Proxy/.
- git mv every project (Domain, Infrastructure, Application,
Application.Tests, Web, Web.Client, Proxy) and TaxBaik.sln into src/ as a
unit, so relative ProjectReference/.sln paths stay valid unchanged.
- .gitea/workflows/deploy.yml: 6 dotnet restore/clean/build/test/publish
invocations now point at src/. db/migrations and scripts/ stay at root
(deploy_gb.sh and browser-e2e.yml only touch published output and the
deployed URL, not source paths - verified, no changes needed there).
- scripts/validate_admin_render.sh: admin render-mode file paths now
src/TaxBaik.Web.Client/...
- scripts/validate_kst_timestamps.sh: dropped deploy.sh from its target
list - that script was removed in the prior cleanup commit (dead, no
CI workflow referenced it) but this validator still expected it to exist.
- CLAUDE.md, docs/ENGINEERING_HARNESS.md, docs/ADMIN_PATTERN_CRITIQUE_WBS.md:
updated project-structure diagram, dotnet run/build commands, and grep
targets to the new src/ paths (also fixed a pre-existing stale path in
ADMIN_PATTERN_CRITIQUE_WBS.md that still said TaxBaik.Web/Components/Admin
from before that ever moved to TaxBaik.Web.Client).
- Added a Repo Root harness rule + Architecture Guardrail entries: new files
belong under src/docs/tests/scripts/db/deploy, not loose at root; temp
work stays outside the repo (or under a gitignored .scratch/) and is
never committed.
Verified locally: dotnet build/test src/TaxBaik.sln (26/26 tests), and all
three scripts/validate_*.sh pass against the new layout.
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
**Issues Resolved:**
1. Access Token lifetime extended 15m → 1h (better UX)
- Users can browse admin pages for 1 hour without re-login
- Reasonable balance between security and usability
2. Automatic pre-expiry token refresh
- GetAuthenticationStateAsync() now checks if token expires in <5min
- Automatically refreshes before expiry when user is still active
- Prevents sudden logout during admin work
**Implementation:**
- Added ShouldRefreshToken() to detect imminent expiry (300s window)
- On auth state check, if token expiring soon: trigger refresh via AuthService
- Refresh happens transparently, no user interaction needed
- Maintains 7-day Refresh Token TTL for security
**Behavior:**
- User logs in with 1-hour session
- Every page load/navigation checks token status
- If <5min remaining: auto-refresh (user doesn't notice)
- If refresh fails: graceful logout with warning
- Refresh Token (7 days) allows re-login without password
This provides better UX while maintaining security through
shorter-lived access tokens and automatic renewal.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
분리의 단점을 제거하고 단일 앱으로 통합:
구조 변경:
- TaxBaik.Admin → TaxBaik.Web/Components/Admin/
- Admin Services → TaxBaik.Web/Services/
- 포트: 5001 (기존 5002 제거)
경로:
- 홈페이지: http://localhost:5001/taxbaik
- 관리자: http://localhost:5001/taxbaik/admin
기술:
- Razor Pages (Web) + Blazor Server (Admin) 통합
- 단일 Program.cs로 양쪽 모두 지원
- JWT 인증 유지
- MudBlazor UI 유지
장점:
- 개발 복잡도 감소 (터미널 1개)
- 배포 단순화 (앱 1개)
- DB 마이그레이션 1회 실행
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>