refactor: backend tenant_group 제거 및 리팩터 반영

backend/internal/handler/user_handler.go

@@ -304,10 +304,15 @@ func (h *UserHandler) CreateUser(c *fiber.Ctx) error {
 		localUser.TenantID = &tenantID
 	}
 
+	// [SoT Policy] Kratos가 SoT이므로 로컬 DB 저장은 비동기 Read-Model 동기화로 처리합니다.
 	if h.UserRepo != nil {
-		if err := h.UserRepo.Create(c.Context(), localUser); err != nil {
-			slog.Error("[UserHandler] Failed to sync user to local DB", "email", email, "error", err)
-		}
+		go func(u *domain.User) {
+			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+			defer cancel()
+			if err := h.UserRepo.Create(ctx, u); err != nil {
+				slog.Error("[UserHandler] Failed to sync user to local DB", "email", u.Email, "error", err)
+			}
+		}(localUser)
 	}
 
 	// [Keto] Sync relations
@@ -483,27 +488,32 @@ func (h *UserHandler) UpdateUser(c *fiber.Ctx) error {
 				localUser.Metadata = req.Metadata
 			}
 
-			if err := h.UserRepo.Update(c.Context(), localUser); err == nil {
-				// [Keto Sync on Role Change]
-				if h.KetoService != nil && req.Role != nil && *req.Role != oldRole {
-					go func(uID, oldR, newR, tID string) {
-						ctx := context.Background()
-						if oldR == domain.RoleSuperAdmin {
+			// [SoT Policy] Kratos가 SoT이므로 로컬 DB 저장은 비동기 Read-Model 동기화로 처리합니다.
+			go func(u *domain.User, rRole *string, oRole string, oTenantID string) {
+				ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+				defer cancel()
+
+				if err := h.UserRepo.Update(ctx, u); err == nil {
+					// [Keto Sync on Role Change]
+					if h.KetoService != nil && rRole != nil && *rRole != oRole {
+						uID := u.ID
+						newR := *rRole
+						if oRole == domain.RoleSuperAdmin {
 							_ = h.KetoService.DeleteRelation(ctx, "System", "global", "super_admins", uID)
-						} else if oldR == domain.RoleTenantAdmin && tID != "" {
-							_ = h.KetoService.DeleteRelation(ctx, "Tenant", tID, "admins", uID)
+						} else if oRole == domain.RoleTenantAdmin && oTenantID != "" {
+							_ = h.KetoService.DeleteRelation(ctx, "Tenant", oTenantID, "admins", uID)
 						}
 
 						if newR == domain.RoleSuperAdmin {
 							_ = h.KetoService.CreateRelation(ctx, "System", "global", "super_admins", uID)
-						} else if newR == domain.RoleTenantAdmin && tID != "" {
-							_ = h.KetoService.CreateRelation(ctx, "Tenant", tID, "admins", uID)
+						} else if newR == domain.RoleTenantAdmin && u.TenantID != nil {
+							_ = h.KetoService.CreateRelation(ctx, "Tenant", *u.TenantID, "admins", uID)
 						}
-					}(userID, oldRole, *req.Role, oldTenantID)
+					}
+				} else {
+					slog.Error("[UserHandler] Failed to sync user update to local DB", "userID", u.ID, "error", err)
 				}
-			} else {
-				slog.Error("[UserHandler] Failed to sync user update to local DB", "userID", userID, "error", err)
-			}
+			}(localUser, req.Role, oldRole, oldTenantID)
 		}
 	}