refactor(WEB): 코드 품질 개선 및 불필요 코드 제거

- 미사용 import/변수/console.log 대량 정리 (100+개 파일)
- ItemMasterContext 간소화 (미사용 로직 제거)
- IntegratedListTemplateV2 / UniversalListPage 개선
- 결재 컴포넌트(ApprovalBox, DraftBox, ReferenceBox) 정리
- HR 컴포넌트(급여/휴가/부서) 코드 간소화
- globals.css 스타일 정리 및 개선
- AuthenticatedLayout 개선
- middleware CSP 정리
- proxy route 불필요 로깅 제거

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/app/api/auth/check/route.ts

@@ -50,13 +50,11 @@ export async function GET(request: NextRequest) {
 
     // Only has refresh token - try to refresh
     if (refreshToken && !accessToken) {
-      console.log('🔄 [auth/check] Access token missing, attempting refresh...');
 
       // 공유 캐시를 사용하는 refreshAccessToken 함수 사용
       const refreshResult = await refreshAccessToken(refreshToken, 'auth/check');
 
       if (refreshResult.success && refreshResult.accessToken) {
-        console.log('✅ [auth/check] Token refreshed successfully');
 
         // Set new tokens with Safari-compatible configuration
         const isProduction = process.env.NODE_ENV === 'production';
@@ -91,7 +89,6 @@ export async function GET(request: NextRequest) {
       }
 
       // Refresh failed - not authenticated
-      console.log('⚠️ [auth/check] Refresh failed, returning 401');
       return NextResponse.json(
         { error: 'Token refresh failed' },
         { status: 401 }

src/app/api/auth/login/route.ts

@@ -167,7 +167,7 @@ export async function POST(request: NextRequest) {
       ...(isProduction ? ['Secure'] : []), // ✅ HTTPS only in production (Safari fix)
       'SameSite=Lax',          // ✅ CSRF protection (Lax for better compatibility)
       'Path=/',
-      'Max-Age=604800',        // TODO: 테스트용 10초, 원래 604800 (7 days)
+      'Max-Age=604800',        // 7 days
     ].join('; ');
 
     // ✅ FCM 등에서 인증 상태 확인용 (non-HttpOnly - JavaScript 접근 가능)
@@ -180,10 +180,6 @@ export async function POST(request: NextRequest) {
       `Max-Age=${data.expires_in || 7200}`,
     ].join('; ');
 
-    if (process.env.NODE_ENV === 'development') {
-      console.log('✅ Login successful - tokens stored in HttpOnly cookies');
-    }
-
     const response = NextResponse.json(responseData, { status: 200 });
 
     response.headers.append('Set-Cookie', accessTokenCookie);

src/app/api/auth/logout/route.ts

@@ -42,7 +42,6 @@ export async function POST(request: NextRequest) {
             'X-API-KEY': process.env.API_KEY || '',
           },
         });
-        console.log('✅ Backend logout API called successfully');
       } catch (error) {
         console.warn('⚠️ Backend logout API failed (continuing with cookie deletion):', error);
       }
@@ -79,7 +78,6 @@ export async function POST(request: NextRequest) {
       'Max-Age=0',
     ].join('; ');
 
-    console.log('✅ Logout complete - Access & Refresh tokens cleared');
 
     const response = NextResponse.json(
       { message: 'Logged out successfully' },

src/app/api/auth/refresh/route.ts

@@ -104,7 +104,6 @@ export async function POST(request: NextRequest) {
       `Max-Age=${refreshResult.expiresIn || 7200}`,
     ].join('; ');
 
-    console.log('✅ [api/auth/refresh] Token refresh successful');
 
     const successResponse = NextResponse.json(responseData, { status: 200 });
 

src/app/api/auth/signup/route.ts

@@ -93,7 +93,6 @@ export async function POST(request: NextRequest) {
 
     const data = await backendResponse.json();
 
-    console.log('✅ Signup successful');
 
     return NextResponse.json(
       {

src/app/api/proxy/[...path]/route.ts

@@ -112,9 +112,6 @@ async function proxyRequest(
     if (['POST', 'PUT', 'DELETE', 'PATCH'].includes(method)) {
       if (contentType.includes('application/json')) {
         body = await request.text();
-        if (process.env.NODE_ENV === 'development') {
-          console.log('🔵 [PROXY] Request:', method, url.pathname);
-        }
       } else if (contentType.includes('multipart/form-data')) {
         isFormData = true;
 
@@ -130,13 +127,6 @@ async function proxyRequest(
         }
 
         body = newFormData;
-        if (process.env.NODE_ENV === 'development') {
-          console.log('🔵 [PROXY] Request:', method, url.pathname);
-        }
-      }
-    } else {
-      if (process.env.NODE_ENV === 'development') {
-        console.log('🔵 [PROXY] Request:', method, url.pathname);
       }
     }
 
@@ -175,9 +165,6 @@ async function proxyRequest(
     }
 
     // 7. 응답 처리 (바이너리 vs 텍스트/JSON)
-    if (process.env.NODE_ENV === 'development') {
-      console.log('🔵 [PROXY] Response status:', backendResponse.status);
-    }
     const responseContentType = backendResponse.headers.get('content-type') || 'application/json';
 
     const isBinaryResponse =
@@ -192,9 +179,6 @@ async function proxyRequest(
     let clientResponse: NextResponse;
 
     if (isBinaryResponse) {
-      if (process.env.NODE_ENV === 'development') {
-        console.log('📄 [PROXY] Binary response detected:', responseContentType);
-      }
       const binaryData = await backendResponse.arrayBuffer();
 
       clientResponse = new NextResponse(binaryData, {
@@ -221,9 +205,6 @@ async function proxyRequest(
       createTokenCookies(newTokens).forEach(cookie => {
         clientResponse.headers.append('Set-Cookie', cookie);
       });
-      if (process.env.NODE_ENV === 'development') {
-        console.log('🍪 [PROXY] New tokens set in cookies');
-      }
     }
 
     return clientResponse;