fix: 코드 리뷰 반영

- 사용하지 않는 변수 삭제
- review_rating 컬럼에 NOT NULL 제약 추가
- 토글 기능 동시성 문제 발생 가능으로 비관적 락을 걸어 문제 해결

Author: kangcheolung

src/main/java/com/ongil/backend/domain/product/entity/Product.java

@@ -70,7 +70,7 @@ public class Product extends BaseEntity {
 	@Column(name = "review_count")
 	private Integer reviewCount = 0;
 
-	@Column(name = "review_rating")
+	@Column(name = "review_rating", nullable = false)
 	private Double reviewRating = 0.0;
 
 	@Formula("coalesce(view_count, 0) + coalesce(purchase_count, 0)")

src/main/java/com/ongil/backend/domain/review/repository/ReviewRepository.java

@@ -1,18 +1,22 @@
 package com.ongil.backend.domain.review.repository;
 
 import java.util.List;
+import java.util.Optional;
 
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.data.jpa.repository.EntityGraph;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Lock;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
 
 import com.ongil.backend.domain.review.entity.Review;
 import com.ongil.backend.domain.review.enums.ReviewStatus;
 import com.ongil.backend.domain.review.enums.ReviewType;
 
+import jakarta.persistence.LockModeType;
+
 public interface ReviewRepository extends JpaRepository<Review, Long> {
 
 	// 상품별 리뷰 목록 조회 (필터 없음)
@@ -142,7 +146,7 @@ List<Object[]> countByMaterialAnswer(
 	);
 
 	// 상품별 평균 별점
-	@Query("SELECT AVG(r.rating) FROM Review r " +
+	@Query("SELECT COALESCE(AVG(r.rating), 0.0) FROM Review r " +
 		"WHERE r.product.id = :productId " +
 		"AND r.reviewStatus = 'COMPLETED'")
 	Double getAverageRating(@Param("productId") Long productId);
@@ -173,4 +177,9 @@ Page<Review> findByUserIdAndReviewStatusAndReviewType(
 	// OrderItem에 대해 이미 작성된 리뷰 타입 확인
 	boolean existsByOrderItemIdAndReviewType(Long orderItemId, ReviewType reviewType);
 
+	// ReviewRepository.java
+
+	@Lock(LockModeType.PESSIMISTIC_WRITE)
+	@Query("SELECT r FROM Review r WHERE r.id = :reviewId")
+	Optional<Review> findByIdWithLock(@Param("reviewId") Long reviewId);
 }

src/main/java/com/ongil/backend/domain/review/service/ReviewService.java

@@ -147,7 +147,6 @@ public Page<MyReviewResponse> getMyReviews(Long userId, ReviewType reviewType, i
 
 	// 5. 작성 가능한 리뷰 목록 조회
 	public List<PendingReviewResponse> getPendingReviews(Long userId) {
-		User user = findUserById(userId);
 		List<PendingReviewResponse> pendingReviews = new ArrayList<>();
 
 		// 사용자의 주문 상품 중 리뷰 작성 가능한 항목 조회
@@ -175,19 +174,18 @@ public List<PendingReviewResponse> getPendingReviews(Long userId) {
 	// 6. 리뷰 도움돼요 토글
 	@Transactional
 	public ReviewHelpfulResponse toggleHelpful(Long reviewId, Long userId) {
-		Review review = reviewRepository.findById(reviewId)
+		// 리뷰에 대한 PESSIMISTIC WRITE 락 획득
+		Review review = reviewRepository.findByIdWithLock(reviewId)
 			.orElseThrow(() -> new EntityNotFoundException(ErrorCode.REVIEW_NOT_FOUND));
 
 		User user = findUserById(userId);
 
 		boolean exists = reviewHelpfulRepository.existsByReviewIdAndUserId(reviewId, userId);
 
 		if (exists) {
-			// 이미 눌렀으면 취소(악의적으로 중복으로 누르는 경우 방지)
 			reviewHelpfulRepository.deleteByReviewIdAndUserId(reviewId, userId);
 			review.decrementHelpfulCount();
 		} else {
-			// 안 눌렀으면 추가
 			ReviewHelpful helpful = ReviewHelpful.builder()
 				.review(review)
 				.user(user)

src/main/java/com/ongil/backend/global/config/SecurityConfig.java

@@ -2,6 +2,7 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -55,10 +56,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 				.requestMatchers("/api/categories/**").permitAll()
 				.requestMatchers("/api/search/**").permitAll()
 
-				.requestMatchers("/api/reviews/*/details").permitAll()  // 리뷰 상세 조회 (비로그인 가능)
-				.requestMatchers("/api/reviews/*/helpful").authenticated()  // 도움돼요 토글 (로그인 필수)
-				.requestMatchers("/api/users/me/reviews/**").authenticated()  // 내 리뷰 관련 (로그인 필수)
-
+				.requestMatchers(HttpMethod.GET, "/api/reviews/*/details").permitAll()
+				.requestMatchers(HttpMethod.POST, "/api/reviews/*/helpful").authenticated()
+				.requestMatchers(HttpMethod.GET, "/api/users/me/reviews/**").authenticated()
 				// [6] 그 외 모든 요청은 로그인(인증) 필요
 				.anyRequest().authenticated()
 			)