fix: fuzz test fixes and auth simplification

- Fix problems/:id returning 500 on non-UUID IDs (now validates UUID format, returns 400)
- Remove GitHub and Kakao OAuth login (only Google remains)
- Merge /signup into /login (identical functionality, single route)
- Add fuzz test script (scripts/fuzz-test.ts) covering all API endpoints

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: jammy0903

packages/backend/src/modules/problems/routes.ts

@@ -43,9 +43,17 @@ export const problemRoutes: FastifyPluginAsync = async (fastify) => {
       },
     },
   }, async (request, reply) => {
+    const { id } = request.params;
+
+    // Validate UUID format to avoid Prisma throwing on invalid UUID
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+    if (!uuidRegex.test(id)) {
+      return reply.status(400).send({ error: 'Invalid problem ID format' });
+    }
+
     try {
       const problem = await prisma.problem.findUnique({
-        where: { id: request.params.id }
+        where: { id }
       });
 
       if (!problem) {

packages/frontend/src/features/auth/AuthPage.tsx

@@ -1,81 +1,41 @@
 /**
- * AuthPage - 통합 로그인/회원가입 페이지
- * Firebase 소셜 로그인 (Google, GitHub, Kakao)
+ * AuthPage - 로그인 페이지
+ * Firebase 소셜 로그인 (Google)
  *
- * WHY: LoginPage와 SignupPage가 100% 동일한 기능 수행
- * TRADEOFF: 단일 컴포넌트로 통합 > 중복 코드 145줄 제거
+ * WHY: Google OAuth 하나로 로그인/회원가입 자동 처리
+ * 신규 유저는 initializeAuthListener에서 자동 등록됨
  */
 
 import { useState } from 'react';
-import { useNavigate, useLocation } from 'react-router-dom';
+import { useNavigate } from 'react-router-dom';
 import { useTranslation } from 'react-i18next';
 import { motion } from 'framer-motion';
-import { loginWithGoogle, loginWithGithub, loginWithKakao } from '@/services/firebase';
-import { Github } from 'lucide-react';
+import { loginWithGoogle } from '@/services/firebase';
 import { logger } from '@/utils/logger';
 import { useStore } from '@/stores/store';
 
 export default function AuthPage() {
   const { t } = useTranslation();
   const navigate = useNavigate();
-  const location = useLocation();
   const setSidebarOpen = useStore((s) => s.setSidebarOpen);
   const [error, setError] = useState<string | null>(null);
   const [loading, setLoading] = useState(false);
 
-  // URL 경로로 로그인/회원가입 구분
-  const isSignup = location.pathname === '/signup';
-  const pageTitle = isSignup ? t('auth.signup') : t('auth.login');
-  const errorPrefix = isSignup ? t('auth.signup') : t('auth.login');
-  const linkPath = isSignup ? '/login' : '/signup';
-  const linkText = isSignup ? t('auth.go_login') : t('auth.go_signup');
-  const linkPrompt = isSignup ? t('auth.have_account') : t('auth.no_account');
-
   const handleGoogleLogin = async () => {
     try {
       setError(null);
       setLoading(true);
       await loginWithGoogle();
-      setSidebarOpen(false); // 로그인 성공 시 사이드바 닫기
+      setSidebarOpen(false);
       navigate('/courses');
     } catch (err) {
-      setError(t('auth.google_failed', { action: errorPrefix }));
+      setError(t('auth.google_failed', { action: t('auth.login') }));
       logger.error('Google login failed:', err);
     } finally {
       setLoading(false);
     }
   };
 
-  const handleGithubLogin = async () => {
-    try {
-      setError(null);
-      setLoading(true);
-      await loginWithGithub();
-      setSidebarOpen(false); // 로그인 성공 시 사이드바 닫기
-      navigate('/courses');
-    } catch (err) {
-      setError(t('auth.github_failed', { action: errorPrefix }));
-      logger.error('GitHub login failed:', err);
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  const handleKakaoLogin = async () => {
-    try {
-      setError(null);
-      setLoading(true);
-      await loginWithKakao();
-      setSidebarOpen(false); // 로그인 성공 시 사이드바 닫기
-      navigate('/courses');
-    } catch (err) {
-      setError(t('auth.kakao_failed', { action: errorPrefix }));
-      logger.error('Kakao login failed:', err);
-    } finally {
-      setLoading(false);
-    }
-  };
-
   return (
     <div className="min-h-screen flex items-center justify-center px-6">
       <motion.div
@@ -87,56 +47,32 @@ export default function AuthPage() {
         {/* 타이틀 */}
         <div className="text-center mb-12">
           <h1 className="text-4xl font-bold text-text mb-4">
-            {pageTitle}
+            {t('auth.login')}
           </h1>
           <p className="text-text-secondary">
             {t('auth.social_subtitle')}
           </p>
         </div>
 
-        {/* 소셜 로그인 버튼들 */}
-        <div className="flex justify-center gap-6">
-          {/* Google */}
+        {/* Google 로그인 버튼 */}
+        <div className="flex justify-center">
           <motion.button
-            whileHover={{ scale: 1.1 }}
+            whileHover={{ scale: 1.05 }}
             whileTap={{ scale: 0.95 }}
             onClick={handleGoogleLogin}
             disabled={loading}
-            className="w-16 h-16 flex items-center justify-center bg-white border-2 border-border rounded-full shadow-md hover:shadow-lg hover:border-primary transition-all disabled:opacity-50"
-            aria-label={t('auth.google_auth', { action: pageTitle })}
+            className="flex items-center gap-3 px-8 py-4 bg-white border-2 border-border rounded-2xl shadow-md hover:shadow-lg hover:border-primary transition-all disabled:opacity-50"
+            aria-label={t('auth.google_auth', { action: t('auth.login') })}
           >
-            <svg className="w-7 h-7" viewBox="0 0 24 24">
+            <svg className="w-6 h-6" viewBox="0 0 24 24">
               <path fill="#4285F4" d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"/>
               <path fill="#34A853" d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"/>
               <path fill="#FBBC05" d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"/>
               <path fill="#EA4335" d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"/>
             </svg>
-          </motion.button>
-
-          {/* GitHub */}
-          <motion.button
-            whileHover={{ scale: 1.1 }}
-            whileTap={{ scale: 0.95 }}
-            onClick={handleGithubLogin}
-            disabled={loading}
-            className="w-16 h-16 flex items-center justify-center bg-[#24292e] border-2 border-[#24292e] rounded-full shadow-md hover:shadow-lg hover:bg-[#1a1e22] transition-all disabled:opacity-50"
-            aria-label={t('auth.github_auth', { action: pageTitle })}
-          >
-            <Github className="w-7 h-7 text-white" />
-          </motion.button>
-
-          {/* Kakao */}
-          <motion.button
-            whileHover={{ scale: 1.1 }}
-            whileTap={{ scale: 0.95 }}
-            onClick={handleKakaoLogin}
-            disabled={loading}
-            className="w-16 h-16 flex items-center justify-center bg-[#FEE500] border-2 border-[#FEE500] rounded-full shadow-md hover:shadow-lg hover:bg-[#FFEB3B] transition-all disabled:opacity-50"
-            aria-label={t('auth.kakao_auth', { action: pageTitle })}
-          >
-            <svg className="w-7 h-7 text-[#3C1E1E]" viewBox="0 0 24 24" fill="currentColor">
-              <path d="M12 3C6.477 3 2 6.477 2 10.75c0 2.745 1.79 5.155 4.5 6.645l-1.125 4.125c-.075.27.21.495.45.345l5.25-3.495c.315.03.63.045.945.045 5.523 0 9.98-3.477 9.98-7.75S17.523 3 12 3z"/>
-            </svg>
+            <span className="text-base font-medium text-gray-700">
+              {t('auth.google_auth', { action: t('auth.login') })}
+            </span>
           </motion.button>
         </div>
 
@@ -150,14 +86,6 @@ export default function AuthPage() {
             {error}
           </motion.div>
         )}
-
-        {/* 하단 텍스트 */}
-        <p className="mt-8 text-center text-sm text-text-tertiary">
-          {linkPrompt}{' '}
-          <a href={linkPath} className="text-primary hover:underline font-medium">
-            {linkText}
-          </a>
-        </p>
       </motion.div>
     </div>
   );

packages/frontend/src/layouts/Sidebar.tsx

@@ -15,7 +15,7 @@ import { X, Home, BookOpen, Play, Shield, LogOut, UserPlus, FileQuestion, BarCha
 import { Link, useLocation } from 'react-router-dom';
 import { useTranslation } from 'react-i18next';
 import { useStore } from '@/stores/store';
-import { logout, loginWithGoogle, loginWithKakao } from '@/services/firebase';
+import { logout, loginWithGoogle } from '@/services/firebase';
 import { PixelAvatar } from '@/components/PixelAvatar';
 import { ReportModal } from '@/components/ReportModal';
 import { logger } from '@/utils/logger';
@@ -65,13 +65,6 @@ export function Sidebar() {
     }
   };
 
-  const handleKakaoLogin = async () => {
-    try {
-      await loginWithKakao();
-    } catch (error) {
-      logger.error('Kakao login failed:', error);
-    }
-  };
 
   return (
     <AnimatePresence>
@@ -402,34 +395,6 @@ export function Sidebar() {
                     {t('auth.login_google')}
                   </motion.button>
 
-                  {/* 카카오 로그인 */}
-                  <motion.button
-                    onClick={handleKakaoLogin}
-                    whileHover={{ scale: 1.02, y: -2 }}
-                    whileTap={{ scale: 0.98 }}
-                    transition={{ type: 'spring', stiffness: 400, damping: 20 }}
-                    className="w-full flex items-center justify-center gap-2 px-4 py-3 text-sm font-semibold border rounded-lg transition-colors"
-                    style={{
-                      color: 'var(--theme-sidebar-kakao-btn-text)',
-                      backgroundColor: 'var(--theme-sidebar-kakao-btn-bg)',
-                      borderColor: 'var(--theme-sidebar-kakao-btn-border)'
-                    }}
-                    onMouseEnter={(e) => {
-                      e.currentTarget.style.backgroundColor = 'var(--theme-sidebar-kakao-btn-hover-bg)';
-                    }}
-                    onMouseLeave={(e) => {
-                      e.currentTarget.style.backgroundColor = 'var(--theme-sidebar-kakao-btn-bg)';
-                    }}
-                  >
-                    <svg className="w-5 h-5" viewBox="0 0 24 24">
-                      <path
-                        fill="var(--theme-sidebar-kakao-btn-text)"
-                        d="M12 3C6.477 3 2 6.463 2 10.691c0 2.693 1.775 5.063 4.445 6.412-.144.523-.926 3.369-.963 3.592 0 0-.02.166.088.229.108.063.235.015.235.015.31-.043 3.593-2.363 4.159-2.771.339.047.686.071 1.036.071 5.523 0 10-3.463 10-7.548C22 6.463 17.523 3 12 3z"
-                      />
-                    </svg>
-                    {t('auth.login_kakao')}
-                  </motion.button>
-
                   <p className="text-xs text-center pt-1" style={{ color: 'var(--theme-sidebar-copyright-text)' }}>
                     © 2026 CodeInsight
                   </p>

packages/frontend/src/router.tsx

@@ -28,7 +28,6 @@ export const router = createBrowserRouter([
     children: [
       { index: true, element: <HomePage /> },
       { path: 'login', element: <AuthPage /> },
-      { path: 'signup', element: <AuthPage /> },
       {
         path: 'courses',
         element: <CoursesPage />,