adminfront 조직 통계오류 보정. Kratos Projection용 통계테이블 구조 추가

backend/cmd/server/main.go

@@ -300,6 +300,7 @@ func main() {
 	tenantRepo := repository.NewTenantRepository(db)
 	userGroupRepo := repository.NewUserGroupRepository(db)
 	userRepo := repository.NewUserRepository(db)
+	userProjectionRepo := repository.NewUserProjectionRepository(db)
 	ketoOutboxRepo := repository.NewKetoOutboxRepository(db) // Reuse or re-init
 	rpUsageOutboxRepo := repository.NewRPUsageOutboxRepository(db)
 	worksmobileOutboxRepo := repository.NewWorksmobileOutboxRepository(db)
@@ -307,6 +308,13 @@ func main() {
 	kratosAdminService := service.NewKratosAdminService()
 	oryAdminProvider := service.NewOryProvider()
 
+	userProjectionSyncer := service.NewUserProjectionSyncService(kratosAdminService, userProjectionRepo)
+	if synced, err := userProjectionSyncer.Reconcile(context.Background()); err != nil {
+		slog.Error("❌ Kratos user projection sync failed", "error", err)
+	} else {
+		slog.Info("✅ Kratos user projection synced", "users", synced)
+	}
+
 	tenantService := service.NewTenantService(tenantRepo, userRepo, userGroupRepo, ketoOutboxRepo)
 	worksmobilePrivateKey, err := getEnvFileOrValue("WORKS_ADMIN_OAUTH_CLIENT_PRIVATE_KEY_FILE", "WORKS_ADMIN_OAUTH_CLIENT_PRIVATE_KEY", "")
 	if err != nil {
@@ -354,6 +362,7 @@ func main() {
 	auditHandler := handler.NewAuditHandler(auditRepo)
 	authHandler := handler.NewAuthHandler(redisService, idpProvider, auditRepo, oathkeeperRepo, tenantService, ketoService, ketoOutboxRepo, userRepo, consentRepo, kratosAdminService)
 	authHandler.HeadlessJWKS = headlessJWKSCache
+	authHandler.UserProjectionRepo = userProjectionRepo
 	authHandler.RPUserMetadataRepo = rpUserMetadataRepo
 	authHandler.RPUsageSink = rpUsageEmitter
 	adminHandler := handler.NewAdminHandler(ketoService, ketoOutboxRepo)
@@ -361,14 +370,17 @@ func main() {
 	adminHandler.TenantRepo = tenantRepo
 	adminHandler.Hydra = hydraService
 	adminHandler.AuditRepo = auditRepo
+	adminHandler.UserProjectionRepo = userProjectionRepo
+	adminHandler.UserProjectionSyncer = userProjectionSyncer
 	devHandler := handler.NewDevHandler(redisService, secretRepo, consentRepo, relyingPartyService, ketoService, ketoOutboxRepo, tenantService, developerService, authHandler)
 	devHandler.HeadlessJWKS = headlessJWKSCache
 	devHandler.AuditRepo = auditRepo
 	devHandler.RPUserMetadataRepo = rpUserMetadataRepo
-	tenantHandler := handler.NewTenantHandler(db, tenantService, userRepo, ketoService, ketoOutboxRepo, kratosAdminService, sharedLinkService)
+	tenantHandler := handler.NewTenantHandler(db, tenantService, userRepo, userProjectionRepo, ketoService, ketoOutboxRepo, kratosAdminService, sharedLinkService)
 	userGroupHandler := handler.NewUserGroupHandler(userGroupService)
 	relyingPartyHandler := handler.NewRelyingPartyHandler(relyingPartyService, kratosAdminService)
 	userHandler := handler.NewUserHandler(kratosAdminService, oryAdminProvider, tenantService, ketoService, ketoOutboxRepo, userRepo, userGroupRepo, auditRepo)
+	userHandler.UserProjectionRepo = userProjectionRepo
 	tenantHandler.SetWorksmobileSyncer(worksmobileService)
 	userHandler.SetWorksmobileSyncer(worksmobileService)
 	worksmobileHandler := handler.NewWorksmobileHandler(worksmobileService)
@@ -692,6 +704,9 @@ func main() {
 
 	admin.Get("/check", adminHandler.CheckAuth) // 기본 Admin 체크는 requireAdmin 없이 ApiKeyAuth로만 보호될 수 있음 (또는 추가 가능)
 	admin.Get("/stats", requireSuperAdmin, adminHandler.GetSystemStats)
+	admin.Get("/projections/users", requireSuperAdmin, adminHandler.GetUserProjectionStatus)
+	admin.Post("/projections/users/reconcile", requireSuperAdmin, adminHandler.ReconcileUserProjection)
+	admin.Post("/projections/users/reset", requireSuperAdmin, adminHandler.ResetUserProjection)
 	admin.Get("/rp-usage/daily", requireAdmin, adminHandler.GetRPUsageDaily)
 
 	// Tenant Management (Mixed roles, handler filters results)