릴리스: v1.3.12 회원 정렬 방향과 입력 길이 피드백

릴리스: v1.3.11 회원 관리 모달과 최고 관리자 보호
릴리스: v1.3.10 게임 허브 카드 폭과 SVG 아이콘 렌더링 정리
2026-04-01 11:15:49 +09:00 · 2026-04-01 10:53:14 +09:00 · 2026-04-01 10:29:34 +09:00 · 2026-04-01 10:11:48 +09:00 · 2026-03-31 18:53:39 +09:00
18 changed files with 621 additions and 169 deletions
--- a/backend/package.json
+++ b/backend/package.json
@@ -7,7 +7,8 @@
    "dev": "DB_HOST=127.0.0.1 DB_PORT=3307 DB_USER=tier_cursor DB_PASSWORD=tier_cursor1234 DB_NAME=tier_cursor nodemon --legacy-watch --watch index.js --watch src index.js",
    "start": "DB_HOST=127.0.0.1 DB_PORT=3307 DB_USER=tier_cursor DB_PASSWORD=tier_cursor1234 DB_NAME=tier_cursor node index.js",
    "images:backfill": "DB_HOST=127.0.0.1 DB_PORT=3307 DB_USER=tier_cursor DB_PASSWORD=tier_cursor1234 DB_NAME=tier_cursor node scripts/backfill-legacy-image-assets.js",
-    "images:migrate-legacy": "DB_HOST=127.0.0.1 DB_PORT=3307 DB_USER=tier_cursor DB_PASSWORD=tier_cursor1234 DB_NAME=tier_cursor node scripts/migrate-legacy-uploads-to-assets.js"
+    "images:migrate-legacy": "DB_HOST=127.0.0.1 DB_PORT=3307 DB_USER=tier_cursor DB_PASSWORD=tier_cursor1234 DB_NAME=tier_cursor node scripts/migrate-legacy-uploads-to-assets.js",
+    "uploads:cleanup-legacy": "DB_HOST=127.0.0.1 DB_PORT=3307 DB_USER=tier_cursor DB_PASSWORD=tier_cursor1234 DB_NAME=tier_cursor node scripts/cleanup-unreferenced-legacy-uploads.js"
  },
  "keywords": [],
  "author": "",
--- a/backend/scripts/cleanup-unreferenced-legacy-uploads.js
+++ b/backend/scripts/cleanup-unreferenced-legacy-uploads.js
@@ -0,0 +1,56 @@
+const fs = require('fs/promises')
+const path = require('path')
+const {
+  ensureData,
+  closePool,
+  listReferencedUploadSources,
+} = require('../src/db')
+
+const BACKEND_ROOT = path.join(__dirname, '..')
+const TARGET_DIRS = ['avatars', 'custom', 'games', 'tierlists']
+
+async function main() {
+  await ensureData()
+
+  const referenced = new Set(await listReferencedUploadSources())
+  const deleted = []
+  const missing = []
+  let scanned = 0
+
+  for (const dir of TARGET_DIRS) {
+    const absoluteDir = path.join(BACKEND_ROOT, 'uploads', dir)
+    let entries = []
+    try {
+      entries = await fs.readdir(absoluteDir, { withFileTypes: true })
+    } catch (error) {
+      if (error?.code === 'ENOENT') continue
+      throw error
+    }
+
+    for (const entry of entries) {
+      if (!entry.isFile()) continue
+      scanned += 1
+      const src = `/uploads/${dir}/${entry.name}`
+      if (referenced.has(src)) continue
+      const absolutePath = path.join(absoluteDir, entry.name)
+      try {
+        await fs.unlink(absolutePath)
+        deleted.push(src)
+      } catch (error) {
+        if (error?.code === 'ENOENT') missing.push(src)
+        else throw error
+      }
+    }
+  }
+
+  console.log(JSON.stringify({ scanned, deletedCount: deleted.length, missingCount: missing.length, deleted, missing }, null, 2))
+}
+
+main()
+  .catch((error) => {
+    console.error(error)
+    process.exitCode = 1
+  })
+  .finally(async () => {
+    await closePool()
+  })
--- a/backend/src/db.js
+++ b/backend/src/db.js
@@ -506,25 +506,59 @@ async function updateUserProfile({ id, nickname, avatarSrc }) {
  return findUserById(id)
 }

-async function listUsers() {
-  const rows = await query(`
-    SELECT
-      u.id,
-      u.email,
-      u.nickname,
-      u.is_admin,
-      u.avatar_src,
-      u.created_at,
-      COUNT(t.id) AS tierlist_count,
-      GREATEST(
+async function findPrimaryAdminUser() {
+  const rows = await query(
+    'SELECT id, email, nickname, is_admin, avatar_src, created_at FROM users WHERE is_admin = 1 ORDER BY created_at ASC, email ASC LIMIT 1'
+  )
+  return mapUserRow(rows[0])
+}
+
+async function listUsers({ queryText = '', sort = 'recent', direction = 'desc' } = {}) {
+  const where = []
+  const params = []
+  const trimmedQuery = typeof queryText === 'string' ? queryText.trim() : ''
+
+  if (trimmedQuery) {
+    where.push('(u.email LIKE ? OR u.nickname LIKE ?)')
+    params.push(`%${trimmedQuery}%`, `%${trimmedQuery}%`)
+  }
+
+  const isAsc = direction === 'asc'
+  const orderBy =
+    sort === 'created'
+      ? isAsc
+        ? 'u.created_at ASC, recent_activity_at ASC, u.email ASC'
+        : 'u.created_at DESC, recent_activity_at DESC, u.email ASC'
+      : sort === 'tierlists'
+        ? isAsc
+          ? 'tierlist_count ASC, recent_activity_at ASC, u.email ASC'
+          : 'tierlist_count DESC, recent_activity_at DESC, u.email ASC'
+        : isAsc
+          ? 'recent_activity_at ASC, u.created_at ASC, u.email ASC'
+          : 'recent_activity_at DESC, u.created_at ASC, u.email ASC'
+
+  const rows = await query(
+    `
+      SELECT
+        u.id,
+        u.email,
+        u.nickname,
+        u.is_admin,
+        u.avatar_src,
        u.created_at,
-        COALESCE(MAX(t.updated_at), 0)
-      ) AS recent_activity_at
-    FROM users u
-    LEFT JOIN tierlists t ON t.author_id = u.id
-    GROUP BY u.id, u.email, u.nickname, u.is_admin, u.avatar_src, u.created_at
-    ORDER BY recent_activity_at DESC, u.created_at ASC, u.email ASC
-  `)
+        COUNT(t.id) AS tierlist_count,
+        GREATEST(
+          u.created_at,
+          COALESCE(MAX(t.updated_at), 0)
+        ) AS recent_activity_at
+      FROM users u
+      LEFT JOIN tierlists t ON t.author_id = u.id
+      ${where.length ? `WHERE ${where.join(' AND ')}` : ''}
+      GROUP BY u.id, u.email, u.nickname, u.is_admin, u.avatar_src, u.created_at
+      ORDER BY ${orderBy}
+    `,
+    params
+  )
  return rows.map(mapUserRow)
 }

@@ -1852,6 +1886,7 @@ module.exports = {
  findUserById,
  createUser,
  updateUserProfile,
+  findPrimaryAdminUser,
  listUsers,
  adminUpdateUser,
  adminUpdateUserPassword,
--- a/backend/src/routes/admin.js
+++ b/backend/src/routes/admin.js
@@ -22,6 +22,7 @@ const {
  findCustomItemsByIds,
  deleteCustomItems,
  listUsers,
+  findPrimaryAdminUser,
  listAdminTierLists,
  findTierListById,
  listAdminTemplateRequests,
@@ -62,6 +63,30 @@ function buildItemLabelFromFilename(file) {
 const upload = createMemoryUpload(multer, { fileSize: 8 * 1024 * 1024, maxCount: 50 })
 const avatarUpload = createMemoryUpload(multer, { fileSize: 4 * 1024 * 1024 })

+function decorateAdminUser(user, primaryAdmin) {
+  if (!user) return null
+  const isPrimaryAdmin = !!user.isAdmin && primaryAdmin?.id === user.id
+  return {
+    ...user,
+    isPrimaryAdmin,
+    isOperator: !!user.isAdmin && !isPrimaryAdmin,
+    role: isPrimaryAdmin ? 'owner' : user.isAdmin ? 'operator' : 'user',
+  }
+}
+
+async function getAdminUserContext(targetUserId, actingUserId) {
+  const [targetUser, actingUser, primaryAdmin] = await Promise.all([
+    findUserById(targetUserId),
+    findUserById(actingUserId),
+    findPrimaryAdminUser(),
+  ])
+  return { targetUser, actingUser, primaryAdmin }
+}
+
+function canManageAdminRole(actingUser, primaryAdmin) {
+  return !!actingUser?.isAdmin && primaryAdmin?.id === actingUser.id
+}
+
 router.post('/games', requireAdmin, async (req, res) => {
  const schema = z.object({ id: z.string().min(1), name: z.string().min(1).max(60) })
  const parsed = schema.safeParse(req.body)
@@ -537,8 +562,19 @@ router.delete('/custom-items', requireAdmin, async (req, res) => {
 })

 router.get('/users', requireAdmin, async (req, res) => {
-  const users = await listUsers()
-  res.json({ users })
+  const schema = z.object({
+    q: z.string().trim().max(120).optional().default(''),
+    sort: z.enum(['recent', 'created', 'tierlists']).optional().default('recent'),
+    direction: z.enum(['asc', 'desc']).optional().default('desc'),
+  })
+  const parsed = schema.safeParse(req.query)
+  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
+
+  const [users, primaryAdmin] = await Promise.all([
+    listUsers({ queryText: parsed.data.q, sort: parsed.data.sort, direction: parsed.data.direction }),
+    findPrimaryAdminUser(),
+  ])
+  res.json({ users: users.map((user) => decorateAdminUser(user, primaryAdmin)) })
 })

 router.patch('/users/:userId', requireAdmin, async (req, res) => {
@@ -550,21 +586,34 @@ router.patch('/users/:userId', requireAdmin, async (req, res) => {
  const parsed = schema.safeParse(req.body)
  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })

+  const { targetUser, actingUser, primaryAdmin } = await getAdminUserContext(req.params.userId, req.session.userId)
+  if (!targetUser) return res.status(404).json({ error: 'not_found' })
+
+  const actingIsPrimaryAdmin = canManageAdminRole(actingUser, primaryAdmin)
+  const targetIsPrimaryAdmin = primaryAdmin?.id === targetUser.id
+  const roleChanged = parsed.data.isAdmin !== !!targetUser.isAdmin
+
  if (req.params.userId === req.session.userId && !parsed.data.isAdmin) {
    return res.status(400).json({ error: 'self_admin_required' })
  }
-
-  const user = await findUserById(req.params.userId)
-  if (!user) return res.status(404).json({ error: 'not_found' })
+  if (targetIsPrimaryAdmin && !actingIsPrimaryAdmin) {
+    return res.status(403).json({ error: 'primary_admin_protected' })
+  }
+  if (targetIsPrimaryAdmin && !parsed.data.isAdmin) {
+    return res.status(400).json({ error: 'primary_admin_required' })
+  }
+  if (roleChanged && !actingIsPrimaryAdmin) {
+    return res.status(403).json({ error: 'primary_admin_only' })
+  }

  try {
    const updated = await adminUpdateUser({
-      id: user.id,
+      id: targetUser.id,
      email: parsed.data.email,
      nickname: parsed.data.nickname,
      isAdmin: parsed.data.isAdmin,
    })
-    res.json({ user: updated })
+    res.json({ user: decorateAdminUser(updated, primaryAdmin) })
  } catch (e) {
    if (e && e.code === 'ER_DUP_ENTRY') {
      return res.status(409).json({ error: 'email_taken' })
@@ -580,8 +629,11 @@ router.post('/users/:userId/avatar', requireAdmin, avatarUpload.single('avatar')
  const parsed = schema.safeParse(req.body)
  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })

-  const user = await findUserById(req.params.userId)
-  if (!user) return res.status(404).json({ error: 'not_found' })
+  const { targetUser, actingUser, primaryAdmin } = await getAdminUserContext(req.params.userId, req.session.userId)
+  if (!targetUser) return res.status(404).json({ error: 'not_found' })
+  if (primaryAdmin?.id === targetUser.id && !canManageAdminRole(actingUser, primaryAdmin)) {
+    return res.status(403).json({ error: 'primary_admin_protected' })
+  }

  const optimized = req.file
    ? await writeOptimizedImage({
@@ -594,16 +646,16 @@ router.post('/users/:userId/avatar', requireAdmin, avatarUpload.single('avatar')
      })
    : null
  const shouldRemoveAvatar = parsed.data.removeAvatar === '1'
-  const nextAvatarSrc = shouldRemoveAvatar ? '' : optimized?.src || user.avatarSrc || ''
+  const nextAvatarSrc = shouldRemoveAvatar ? '' : optimized?.src || targetUser.avatarSrc || ''
  const updated = await adminUpdateUser({
-    id: user.id,
-    email: user.email,
-    nickname: user.nickname || '',
-    isAdmin: !!user.isAdmin,
+    id: targetUser.id,
+    email: targetUser.email,
+    nickname: targetUser.nickname || '',
+    isAdmin: !!targetUser.isAdmin,
    avatarSrc: nextAvatarSrc,
  })

-  res.json({ user: updated })
+  res.json({ user: decorateAdminUser(updated, primaryAdmin) })
 })

 router.delete('/users/:userId', requireAdmin, async (req, res) => {
@@ -611,10 +663,19 @@ router.delete('/users/:userId', requireAdmin, async (req, res) => {
    return res.status(400).json({ error: 'cannot_delete_self' })
  }

-  const user = await findUserById(req.params.userId)
-  if (!user) return res.status(404).json({ error: 'not_found' })
+  const { targetUser, actingUser, primaryAdmin } = await getAdminUserContext(req.params.userId, req.session.userId)
+  if (!targetUser) return res.status(404).json({ error: 'not_found' })

-  await adminDeleteUser(user.id)
+  const actingIsPrimaryAdmin = canManageAdminRole(actingUser, primaryAdmin)
+  const targetIsPrimaryAdmin = primaryAdmin?.id === targetUser.id
+  if (targetIsPrimaryAdmin) {
+    return res.status(400).json({ error: 'cannot_delete_primary_admin' })
+  }
+  if (targetUser.isAdmin && !actingIsPrimaryAdmin) {
+    return res.status(403).json({ error: 'primary_admin_only' })
+  }
+
+  await adminDeleteUser(targetUser.id)
  res.json({ ok: true })
 })

@@ -625,11 +686,14 @@ router.patch('/users/:userId/password', requireAdmin, async (req, res) => {
  const parsed = schema.safeParse(req.body)
  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })

-  const user = await findUserById(req.params.userId)
-  if (!user) return res.status(404).json({ error: 'not_found' })
+  const { targetUser, actingUser, primaryAdmin } = await getAdminUserContext(req.params.userId, req.session.userId)
+  if (!targetUser) return res.status(404).json({ error: 'not_found' })
+  if (primaryAdmin?.id === targetUser.id && !canManageAdminRole(actingUser, primaryAdmin)) {
+    return res.status(403).json({ error: 'primary_admin_protected' })
+  }

  const passwordHash = await bcrypt.hash(parsed.data.password, 10)
-  await adminUpdateUserPassword({ id: user.id, passwordHash })
+  await adminUpdateUserPassword({ id: targetUser.id, passwordHash })
  res.json({ ok: true })
 })

--- a/backend/src/routes/auth.js
+++ b/backend/src/routes/auth.js
@@ -9,6 +9,7 @@ const {
  findUserById,
  createUser,
  updateUserProfile,
+  findPrimaryAdminUser,
 } = require('../db')
 const { requireAuth } = require('../middleware/auth')
 const { createMemoryUpload, writeOptimizedImage } = require('../lib/image-storage')
@@ -25,6 +26,24 @@ const profileSchema = z.object({
  removeAvatar: z.union([z.string(), z.undefined()]).optional(),
 })

+async function serializeUser(user) {
+  if (!user) return null
+  const primaryAdmin = await findPrimaryAdminUser()
+  const isPrimaryAdmin = !!user.isAdmin && primaryAdmin?.id === user.id
+
+  return {
+    id: user.id,
+    email: user.email,
+    nickname: user.nickname || '',
+    isAdmin: !!user.isAdmin,
+    isPrimaryAdmin,
+    isOperator: !!user.isAdmin && !isPrimaryAdmin,
+    role: isPrimaryAdmin ? 'owner' : user.isAdmin ? 'operator' : 'user',
+    avatarSrc: user.avatarSrc || '',
+    createdAt: user.createdAt,
+  }
+}
+
 router.post('/signup', async (req, res) => {
  const parsed = signupSchema.safeParse(req.body)
  if (!parsed.success) return res.status(400).json({ error: 'bad_request' })
@@ -39,9 +58,9 @@ router.post('/signup', async (req, res) => {

  req.session.userId = user.id
  req.session.isAdmin = !!user.isAdmin
-  req.session.save((err) => {
+  req.session.save(async (err) => {
    if (err) return res.status(500).json({ error: 'session_save_failed' })
-    res.json(user)
+    res.json(await serializeUser(user))
  })
 })

@@ -58,16 +77,9 @@ router.post('/login', async (req, res) => {

  req.session.userId = user.id
  req.session.isAdmin = !!user.isAdmin
-  req.session.save((err) => {
+  req.session.save(async (err) => {
    if (err) return res.status(500).json({ error: 'session_save_failed' })
-    res.json({
-      id: user.id,
-      email: user.email,
-      nickname: user.nickname || '',
-      isAdmin: !!user.isAdmin,
-      avatarSrc: user.avatarSrc || '',
-      createdAt: user.createdAt,
-    })
+    res.json(await serializeUser(user))
  })
 })

@@ -80,7 +92,7 @@ router.get('/me', async (req, res) => {
  if (!req.session || !req.session.userId) return res.json({ user: null })
  const user = await findUserById(req.session.userId)
  if (!user) return res.json({ user: null })
-  res.json({ user })
+  res.json({ user: await serializeUser(user) })
 })

 router.get('/meta', async (req, res) => {
@@ -115,7 +127,7 @@ router.post('/profile', requireAuth, upload.single('avatar'), async (req, res) =
    avatarSrc: nextAvatarSrc,
  })

-  res.json({ user: updated })
+  res.json({ user: await serializeUser(updated) })
 })

 module.exports = router
--- a/docs/todo.md
+++ b/docs/todo.md
@@ -1,7 +1,8 @@
 # 할 일 및 이슈

 ## 즉시 확인 필요
- 레거시 참조를 `/uploads/assets/`로 재정렬하는 마이그레이션 스크립트는 준비됐으므로, 운영 반영 후에는 더 이상 참조되지 않는 예전 업로드 파일을 안전하게 정리하는 후속 배치를 검토한다.
+- 티어표 형식 추가 필요. 최근 게임들은 S, A, B,C 같은 랭크 뿐만 아니라 가로 열도 나누어진형태의 티어표를 원함 (공격, 방어, 지원 등 각 파트별 랭크를 보고싶어함)
+- 레거시 파일 정리 스크립트는 준비됐으므로, 운영 단계에서는 cron 등으로 주기 실행할지와 삭제 전 보관 기간을 함께 정한다.
 - 관리자 기본 아이템 다중 업로드는 현재 파일명 기반 자동 라벨만 지원하므로, 필요하면 업로드 후 일괄 라벨 수정/정렬 UX를 추가 검토한다.
 - 사용자 커스텀 아이템 승격은 현재 수동 복제 방식이므로, 필요하면 중복 감지나 “비슷한 항목 추천” 같은 보조 UX를 검토한다.
 - 관리자 티어표 관리의 추가 아이템 승격은 현재 커스텀(origin=`custom`) 아이템 기준이므로, 필요하면 “기존 게임 아이템과 비교한 차집합” 기준으로 더 정교하게 확장할 수 있다.
@@ -16,5 +17,5 @@

 ## 중기 개선
 - 관리자용 티어표 승인/숨김 처리, 아이템 정렬 UI를 추가한다.
- 회원 검색/필터, 일괄 권한 변경 같은 관리 보조 기능을 추가한다.
+- 회원 일괄 작업(다중 선택, 일괄 비밀번호 초기화, 활동 저조 계정 정리) 같은 관리 보조 기능을 추가한다.
 - 티어 행 프리셋 저장, 색상 관리, 행 복제 같은 고급 편집 기능을 추가한다.
--- a/docs/update.md
+++ b/docs/update.md
@@ -1,5 +1,30 @@
 # 업데이트 로그

+## 2026-04-01 v1.3.12
+- 관리자 회원 관리 상단에 정렬 방향 선택을 추가해, 최근 활동순·가입순·작성 티어표순을 각각 오름차순/내림차순으로 다시 볼 수 있게 확장함.
+- 회원 정보 수정, 새 게임 생성, 비밀번호 초기화 모달은 Settings 톤 입력 스타일을 유지하면서 각 입력칸에 글자 수 피드백을 함께 보여주도록 정리함.
+- 로그인, 설정, 티어 에디터 제목·설명·요청 제목·요청 설명·티어 행 이름에도 최대 길이와 현재 입력 길이 안내를 붙여, 제출 전에 제한을 바로 인지할 수 있게 개선함.
+
+## 2026-04-01 v1.3.11
+- **회원 관리 편집 모달 전환**: 관리자 회원 카드를 읽기 전용 정보 카드로 바꾸고, `회원 정보 수정` 버튼으로 Settings 톤의 편집 모달에서 이메일/닉네임/운영자 권한을 저장하도록 재구성
+- **회원 검색/정렬 추가**: 회원 관리 상단에 이메일/닉네임 검색과 `최근 활동순`, `가입순`, `작성 티어표 많은 순` 정렬을 추가해 운영자가 원하는 기준으로 목록을 다시 볼 수 있도록 확장
+- **최고 관리자 보호 도입**: 가장 먼저 생성된 관리자 계정을 `최고 관리자`로 구분하고, 운영자는 최고 관리자 권한/아바타/비밀번호/삭제를 변경할 수 없도록 백엔드 보호 로직과 역할 메타데이터를 추가
+
+## 2026-04-01 v1.3.10
+- 게임 허브 공개 티어표 카드 그리드는 최소/최대 폭을 고정해, 목록이 1~2장뿐일 때도 카드가 화면 전체를 먹으며 과하게 커지지 않도록 보정함.
+- 티어표 행 삭제는 상단 아이콘 대신 우측 하단의 작은 텍스트 액션으로 바꿔, 랭크 카드 안에서 더 조용하고 정돈된 편집 흐름으로 정리함.
+- 공통 `SvgIcon` 컴포넌트를 추가하고 앱 셸, 홈 즐겨찾기, 관리자 회원 액션 같은 UI 아이콘은 `img` 대신 SVG 아이콘 컴포넌트로 렌더링하도록 전환함.
+
+## 2026-04-01 v1.3.9
+- 관리자 오른쪽 사이드의 Image Optimization 패널은 이제 기본 탭인 목록 관리에서만 노출되도록 줄여, 게임/아이템/티어표/회원 관리 화면에서는 실제 작업 패널에 더 집중할 수 있게 정리함.
+- 커스텀 아이템 상세의 '이미 사용 중인 게임' 목록에서는 개인 보드용 freeform 템플릿을 제외하고, 실제 템플릿에 연결된 게임만 보이도록 다듬음.
+- 티어표 행 삭제는 큰 버튼 대신 우측 상단의 작은 x 아이콘으로 바꾸고, 삭제 시 아이템이 풀 영역으로 돌아간다는 안내를 포함한 확인 모달을 거친 뒤 삭제되도록 개선함.
+
+## 2026-03-31 v1.3.8
+- 홈 화면 게임 즐겨찾기 버튼은 일반 문자 별 대신 'kid_star.svg' 아이콘을 사용하도록 바꿔, 기존 아이콘 시스템과 같은 문법으로 정리함.
+- 실제로 더 이상 참조되지 않는 예전 업로드 파일을 정리하는 레거시 업로드 클린업 스크립트를 추가하고, 루트/백엔드 실행 스크립트도 함께 연결함.
+- todo 문서도 이제 운영 반영 후 레거시 파일 정리 배치를 주기화하는 쪽으로 기준을 갱신함.
+
 ## 2026-03-31 v1.3.7
 - 현재 참조 중인 레거시 업로드를 다시 최적화 자산 경로로 편입하고 DB 참조를 일괄 교체하는 1회 마이그레이션 스크립트를 추가함.
 - 아바타/썸네일/아이템 역할에 따라 기존 업로드를 512px 또는 1280px 규격으로 다시 정리해, 실제 참조 경로도 '/uploads/assets/' 체계에 점진적으로 수렴시킬 수 있게 함.
--- a/frontend/src/App.vue
+++ b/frontend/src/App.vue
@@ -12,6 +12,7 @@ import iconLists from './assets/icons/lists.svg'
 import iconSearch from './assets/icons/search.svg'
 import iconSettings from './assets/icons/settings.svg'
 import RightRailAd from './components/RightRailAd.vue'
+import SvgIcon from './components/SvgIcon.vue'

 const route = useRoute()
 const router = useRouter()
@@ -302,7 +303,7 @@ function submitGlobalSearch() {
      <aside class="leftRail">
        <div class="leftRail__top railHeader">
          <button v-if="!isMobileLayout" class="ghostIcon ghostIcon--iconOnly" type="button" aria-label="왼쪽 패널 토글" @click="toggleLeftRail">
-            <img :src="iconDockToRight" alt="" />
+            <SvgIcon :src="iconDockToRight" :size="24" />
          </button>
        </div>

@@ -322,7 +323,7 @@ function submitGlobalSearch() {
        <form class="searchStub" @submit.prevent="submitGlobalSearch">
          <button class="searchStub__iconButton" type="button" :aria-label="leftRailCollapsed ? '검색 열기' : '검색'" @click="handleLeftRailSearch">
            <span class="searchStub__icon">
-              <img :src="iconSearch" alt="" />
+              <SvgIcon :src="iconSearch" :size="24" />
            </span>
          </button>
          <input v-model="searchQuery" class="searchStub__input" type="search" :placeholder="leftRailCollapsed ? '' : searchPlaceholder" />
@@ -339,7 +340,7 @@ function submitGlobalSearch() {
            :aria-label="leftRailCollapsed ? item.label : undefined"
          >
            <span class="leftNav__glyph">
-              <img v-if="item.iconSrc" :src="item.iconSrc" alt="" />
+              <SvgIcon v-if="item.iconSrc" :src="item.iconSrc" :size="24" />
              <svg v-else viewBox="0 0 24 24" aria-hidden="true"><path :d="item.icon" /></svg>
            </span>
            <span class="leftNav__label">{{ item.label }}</span>
@@ -365,14 +366,14 @@ function submitGlobalSearch() {
            <div class="workspaceHead__actions">
              <div v-if="showGameHubViewToggle" class="viewToggle" role="group" aria-label="티어표 보기 방식">
                <button class="ghostIcon ghostIcon--iconOnly" :class="{ 'ghostIcon--active': gameHubViewMode === 'grid' }" type="button" aria-label="그리드 보기" @click="setGameHubViewMode('grid')">
-                  <img :src="iconGridView" alt="" />
+                  <SvgIcon :src="iconGridView" :size="24" />
                </button>
                <button class="ghostIcon ghostIcon--iconOnly" :class="{ 'ghostIcon--active': gameHubViewMode === 'list' }" type="button" aria-label="리스트 보기" @click="setGameHubViewMode('list')">
-                  <img :src="iconLists" alt="" />
+                  <SvgIcon :src="iconLists" :size="24" />
                </button>
              </div>
              <button v-if="!rightRailOpen" class="ghostIcon ghostIcon--iconOnly" type="button" aria-label="패널 열기" @click="toggleRightRail">
-                <img :src="iconDockToLeft" alt="" />
+                <SvgIcon :src="iconDockToLeft" :size="24" />
              </button>
            </div>
          </header>
@@ -385,7 +386,7 @@ function submitGlobalSearch() {
      <div v-if="isCollapsedSearchOpen" class="collapsedSearchModal" role="dialog" aria-modal="true" :aria-label="searchPlaceholder" @click.self="closeCollapsedSearch">
        <form class="collapsedSearchBar" @submit.prevent="submitGlobalSearch">
          <span class="collapsedSearchBar__icon">
-            <img :src="iconSearch" alt="" />
+            <SvgIcon :src="iconSearch" :size="24" />
          </span>
          <input v-model="searchQuery" class="collapsedSearchBar__input" type="search" :placeholder="searchPlaceholder" autofocus />
        </form>
@@ -396,7 +397,7 @@ function submitGlobalSearch() {
      <aside class="rightRail" :class="{ 'rightRail--closed': !rightRailOpen, 'rightRail--overlay': isRightRailOverlay }" :aria-hidden="!rightRailOpen">
        <div class="rightRail__top railHeader">
          <button v-if="rightRailOpen" class="ghostIcon ghostIcon--iconOnly" type="button" aria-label="패널 닫기" @click="toggleRightRail">
-            <img :src="iconDockToLeft" alt="" />
+            <SvgIcon :src="iconDockToLeft" :size="24" />
          </button>
        </div>
        <div class="rightRail__body">
--- a/frontend/src/assets/icons/kid_star.svg
+++ b/frontend/src/assets/icons/kid_star.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="ffffff"><path d="m305-704 112-145q12-16 28.5-23.5T480-880q18 0 34.5 7.5T543-849l112 145 170 57q26 8 41 29.5t15 47.5q0 12-3.5 24T866-523L756-367l4 164q1 35-23 59t-56 24q-2 0-22-3l-179-50-179 50q-5 2-11 2.5t-11 .5q-32 0-56-24t-23-59l4-165L95-523q-8-11-11.5-23T80-570q0-25 14.5-46.5T135-647l170-57Zm49 69-194 64 124 179-4 191 200-55 200 56-4-192 124-177-194-66-126-165-126 165Zm126 135Z"/></svg>
--- a/frontend/src/components/SvgIcon.vue
+++ b/frontend/src/components/SvgIcon.vue
@@ -0,0 +1,38 @@
+<script setup>
+import { computed } from 'vue'
+
+const props = defineProps({
+  src: { type: String, required: true },
+  size: { type: [Number, String], default: 20 },
+  color: { type: String, default: 'currentColor' },
+})
+
+const normalizedSize = computed(() => (typeof props.size === "number" ? `${props.size}px` : props.size))
+const iconStyle = computed(() => ({
+  "--svg-icon-src": `url("${props.src}")`,
+  "--svg-icon-size": normalizedSize.value,
+  "--svg-icon-color": props.color,
+}))
+</script>
+
+<template>
+  <span class="svgIcon" :style="iconStyle" aria-hidden="true"></span>
+</template>
+
+<style scoped>
+.svgIcon {
+  display: inline-block;
+  width: var(--svg-icon-size);
+  height: var(--svg-icon-size);
+  background-color: var(--svg-icon-color);
+  -webkit-mask-image: var(--svg-icon-src);
+  mask-image: var(--svg-icon-src);
+  -webkit-mask-repeat: no-repeat;
+  mask-repeat: no-repeat;
+  -webkit-mask-position: center;
+  mask-position: center;
+  -webkit-mask-size: contain;
+  mask-size: contain;
+  flex: 0 0 auto;
+}
+</style>
--- a/frontend/src/lib/api.js
+++ b/frontend/src/lib/api.js
@@ -62,7 +62,8 @@ export const api = {
  approveAdminTemplateRequest: (requestId, payload) =>
    request(`/api/admin/template-requests/${encodeURIComponent(requestId)}/approve`, { method: 'POST', body: payload || {} }),
  rejectAdminTemplateRequest: (requestId) => request(`/api/admin/template-requests/${encodeURIComponent(requestId)}/reject`, { method: 'POST', body: {} }),
-  listAdminUsers: () => request('/api/admin/users'),
+  listAdminUsers: ({ q = '', sort = 'recent', direction = 'desc' } = {}) =>
+    request(`/api/admin/users?q=${encodeURIComponent(q)}&sort=${encodeURIComponent(sort)}&direction=${encodeURIComponent(direction)}`),
  updateAdminUser: (userId, payload) =>
    request(`/api/admin/users/${encodeURIComponent(userId)}`, { method: 'PATCH', body: payload }),
  updateAdminUserPassword: (userId, payload) =>
--- a/frontend/src/views/AdminView.vue
+++ b/frontend/src/views/AdminView.vue
@@ -5,6 +5,7 @@ import { api } from '../lib/api'
 import { toApiUrl } from '../lib/runtime'
 import lockResetIcon from '../assets/icons/lock_reset.svg'
 import deleteIcon from '../assets/icons/delete.svg'
+import SvgIcon from '../components/SvgIcon.vue'
 import { useAuthStore } from '../stores/auth'
 import { useToast } from '../composables/useToast'

@@ -46,6 +47,7 @@ const importModalNewGameId = ref('')
 const importModalNewGameName = ref('')
 const previewModalOpen = ref(false)
 const previewTierList = ref(null)
+const userEditModalOpen = ref(false)
 const userPasswordModalOpen = ref(false)
 const userDeleteModalOpen = ref(false)
 const userRoleModalOpen = ref(false)
@@ -54,9 +56,15 @@ const customItemDeleteModalOpen = ref(false)
 const modalTargetUser = ref(null)
 const modalPasswordDraft = ref('')
 const modalRoleNextAdmin = ref(false)
+const modalUserDraftEmail = ref('')
+const modalUserDraftNickname = ref('')
+const modalUserDraftIsAdmin = ref(false)
 const modalTargetCustomItem = ref(null)

 const users = ref([])
+const userQuery = ref('')
+const userSort = ref('recent')
+const userSortDirection = ref('desc')
 const imageStats = ref(null)
 const imageQueue = ref({ concurrency: 1, activeCount: 0, pendingCount: 0 })
 const imageRecentJobs = ref([])
@@ -127,7 +135,7 @@ const adminOverviewStats = computed(() => {
  const publishedTierLists = adminTierLists.value.filter((tierList) => tierList.isPublic).length
  const pendingRequests = templateRequests.value.length
  const orphanItems = customItems.value.filter((item) => item.usageCount === 0).length
-  const adminCount = users.value.filter((user) => user.isAdmin || user.draftIsAdmin).length
+  const adminCount = users.value.filter((user) => user.isAdmin).length

  if (activeTab.value === 'featured') {
    return [
@@ -257,6 +265,9 @@ const imageDiagnosticsCards = computed(() => {
    { label: '절감률', value: `${Math.round((stats.savingsRatio || 0) * 100)}%` },
  ]
 })
+const visibleLinkedGames = computed(() =>
+  (modalTargetCustomItem.value?.linkedGames || []).filter((game) => game?.id && game.id !== 'freeform')
+)

 const imageStatsPeriodLabel = computed(() => (imageStatsMonth.value ? `${imageStatsMonth.value} 기준` : '전체 기간'))

@@ -347,9 +358,25 @@ function setUserAvatarInput(userId, el) {
  userAvatarInputs.value[userId] = el
 }

-function isUserDirty(user) {
-  if (!user) return false
-  return user.draftEmail !== user.email || (user.draftNickname || '') !== (user.nickname || '') || !!user.draftIsAdmin !== !!user.isAdmin
+const canManageModalRole = computed(() => {
+  if (!auth.user?.isPrimaryAdmin) return false
+  if (!modalTargetUser.value) return false
+  return !modalTargetUser.value.isPrimaryAdmin
+})
+
+const isUserEditDirty = computed(() => {
+  if (!modalTargetUser.value) return false
+  return (
+    modalUserDraftEmail.value.trim() !== (modalTargetUser.value.email || '') ||
+    modalUserDraftNickname.value.trim() !== (modalTargetUser.value.nickname || '') ||
+    !!modalUserDraftIsAdmin.value !== !!modalTargetUser.value.isAdmin
+  )
+})
+
+function roleLabelOf(user) {
+  if (user?.isPrimaryAdmin) return '최고 관리자'
+  if (user?.isAdmin) return '운영자'
+  return '일반 회원'
 }

 function openUserAvatarPicker(user) {
@@ -368,17 +395,14 @@ async function uploadUserAvatar(user, file, { remove = false } = {}) {
      entry.id === updated.id
        ? {
            ...entry,
-            avatarSrc: updated.avatarSrc || '',
-            email: updated.email,
-            nickname: updated.nickname || '',
-            isAdmin: !!updated.isAdmin,
-            draftEmail: updated.email,
-            draftNickname: updated.nickname || '',
-            draftIsAdmin: !!updated.isAdmin,
+            ...updated,
            isAvatarBusy: false,
          }
        : entry
    )
+    if (modalTargetUser.value?.id === updated.id) {
+      modalTargetUser.value = { ...modalTargetUser.value, ...updated }
+    }
    if (updated.id === auth.user?.id) await auth.refresh()
    await refreshUsers()
    success.value = remove ? '회원 썸네일을 삭제했어요.' : '회원 썸네일을 업데이트했어요.'
@@ -492,12 +516,9 @@ async function refreshTemplateRequests() {
 async function refreshUsers() {
  if (!auth.user?.isAdmin) return
  try {
-    const data = await api.listAdminUsers()
+    const data = await api.listAdminUsers({ q: userQuery.value, sort: userSort.value, direction: userSortDirection.value })
    users.value = (data.users || []).map((user) => ({
      ...user,
-      draftEmail: user.email,
-      draftNickname: user.nickname || '',
-      draftIsAdmin: !!user.isAdmin,
      isAvatarBusy: false,
    }))
  } catch (e) {
@@ -774,29 +795,45 @@ async function removeGame() {
  }
 }

-async function saveUser(user) {
+function openUserEditModal(user) {
  resetMessages()
+  modalTargetUser.value = user ? { ...user } : null
+  modalUserDraftEmail.value = user?.email || ''
+  modalUserDraftNickname.value = user?.nickname || ''
+  modalUserDraftIsAdmin.value = !!user?.isAdmin
+  userEditModalOpen.value = true
+}
+
+function closeUserEditModal() {
+  userEditModalOpen.value = false
+  modalTargetUser.value = null
+  modalUserDraftEmail.value = ''
+  modalUserDraftNickname.value = ''
+  modalUserDraftIsAdmin.value = false
+}
+
+async function saveUserEdit() {
+  resetMessages()
+  if (!modalTargetUser.value?.id) return
+
  try {
-    const data = await api.updateAdminUser(user.id, {
-      email: user.draftEmail,
-      nickname: user.draftNickname,
-      isAdmin: !!user.draftIsAdmin,
+    const data = await api.updateAdminUser(modalTargetUser.value.id, {
+      email: modalUserDraftEmail.value.trim(),
+      nickname: modalUserDraftNickname.value.trim(),
+      isAdmin: !!modalUserDraftIsAdmin.value,
    })
    const updated = data.user
    users.value = users.value.map((entry) =>
      entry.id === updated.id
        ? {
            ...entry,
-            email: updated.email,
-            nickname: updated.nickname || '',
-            isAdmin: !!updated.isAdmin,
-            draftEmail: updated.email,
-            draftNickname: updated.nickname || '',
-            draftIsAdmin: !!updated.isAdmin,
+            ...updated,
+            isAvatarBusy: entry.isAvatarBusy || false,
          }
        : entry
    )
    if (updated.id === auth.user?.id) await auth.refresh()
+    closeUserEditModal()
    await refreshUsers()
    success.value = '회원 정보를 저장했어요.'
  } catch (e) {
@@ -806,7 +843,7 @@ async function saveUser(user) {

 function openUserPasswordModal(user) {
  resetMessages()
-  modalTargetUser.value = user || null
+  modalTargetUser.value = user ? { ...user } : null
  modalPasswordDraft.value = ''
  userPasswordModalOpen.value = true
 }
@@ -838,7 +875,7 @@ async function confirmUserPasswordReset() {

 function openUserDeleteModal(user) {
  resetMessages()
-  modalTargetUser.value = user || null
+  modalTargetUser.value = user ? { ...user } : null
  userDeleteModalOpen.value = true
 }

@@ -865,34 +902,31 @@ async function confirmUserDelete() {
 }


-function openUserRoleModal(user) {
+function openUserRoleModal(user, nextIsAdmin = !modalUserDraftIsAdmin.value) {
  resetMessages()
-  modalTargetUser.value = user || null
-  modalRoleNextAdmin.value = !user?.draftIsAdmin
+  modalTargetUser.value = user ? { ...user } : null
+  modalRoleNextAdmin.value = !!nextIsAdmin
  userRoleModalOpen.value = true
 }

 function closeUserRoleModal() {
  userRoleModalOpen.value = false
-  modalTargetUser.value = null
+  if (!userEditModalOpen.value) modalTargetUser.value = null
  modalRoleNextAdmin.value = false
 }

 function confirmUserRoleDraft() {
  if (!modalTargetUser.value?.id) return
-  users.value = users.value.map((entry) =>
-    entry.id === modalTargetUser.value.id
-      ? {
-          ...entry,
-          draftIsAdmin: modalRoleNextAdmin.value,
-        }
-      : entry
-  )
-  const targetLabel = modalRoleNextAdmin.value ? '관리자로 지정했어요. 저장하면 반영됩니다.' : '관리자 권한 해제로 표시했어요. 저장하면 반영됩니다.'
+  modalUserDraftIsAdmin.value = modalRoleNextAdmin.value
+  const targetLabel = modalRoleNextAdmin.value ? '운영자 권한을 저장 대기 상태로 반영했어요.' : '운영자 권한 해제를 저장 대기 상태로 반영했어요.'
  closeUserRoleModal()
  success.value = targetLabel
 }

+function submitUserFilters() {
+  refreshUsers()
+}
+
 function submitCustomItemSearch() {
  customItemPage.value = 1
  refreshCustomItems()
@@ -1544,6 +1578,25 @@ async function saveFeaturedOrder() {
              </div>
            </div>

+            <div class="toolbar toolbar--secondary">
+              <input
+                v-model="userQuery"
+                class="input toolbar__search"
+                placeholder="이메일, 닉네임 검색"
+                @keydown.enter.prevent="submitUserFilters"
+              />
+              <select v-model="userSort" class="select toolbar__select" @change="submitUserFilters">
+                <option value="recent">최근 활동순</option>
+                <option value="created">가입순</option>
+                <option value="tierlists">작성 티어표 많은 순</option>
+              </select>
+              <select v-model="userSortDirection" class="select toolbar__select" @change="submitUserFilters">
+                <option value="desc">내림차순</option>
+                <option value="asc">오름차순</option>
+              </select>
+              <button class="btn btn--ghost toolbar__button" type="button" @click="submitUserFilters">조회</button>
+            </div>
+
            <div v-if="!users.length" class="hint">아직 가입한 회원이 없어요.</div>
            <div v-else class="userList">
              <article v-for="user in users" :key="user.id" class="userCard">
@@ -1570,7 +1623,7 @@ async function saveFeaturedOrder() {
                        :disabled="user.isAvatarBusy"
                        @click.stop="removeUserAvatar(user)"
                      >
-                        <img :src="deleteIcon" alt="" />
+                        <SvgIcon class="userAvatarRemoveIcon" :src="deleteIcon" :size="12" />
                      </button>
                    </div>
                    <div class="userCard__identityMeta">
@@ -1580,33 +1633,25 @@ async function saveFeaturedOrder() {
                  </div>
                </div>

-                <div v-if="user.draftIsAdmin" class="roleBadge userCard__roleBadge">Administrator</div>
+                <div v-if="user.isAdmin" class="roleBadge userCard__roleBadge">{{ roleLabelOf(user) }}</div>

                <div class="userInfoList">
                  <div class="userInfoLine"><span>가입일</span><strong>{{ fmt(user.createdAt) }}</strong></div>
                  <div class="userInfoLine"><span>작성 티어표</span><strong>{{ user.tierListCount }}개</strong></div>
                  <div class="userInfoLine"><span>최근 활동</span><strong>{{ fmt(user.recentActivityAt || user.createdAt) }}</strong></div>
+                  <div class="userInfoLine"><span>계정명</span><strong>{{ user.email }}</strong></div>
+                  <div class="userInfoLine"><span>닉네임</span><strong>{{ user.nickname || '미설정' }}</strong></div>
+                  <div class="userInfoLine"><span>권한</span><strong>{{ roleLabelOf(user) }}</strong></div>
                </div>

-                <input v-model="user.draftEmail" class="input" placeholder="이메일" />
-                <input v-model="user.draftNickname" class="input" placeholder="닉네임" />
-                <button
-                  class="userRoleAction"
-                  type="button"
-                  :disabled="user.id === auth.user?.id"
-                  @click="openUserRoleModal(user)"
-                >
-                  {{ user.draftIsAdmin ? '관리자 권한 해제' : '관리자 권한 임명' }}
-                </button>
-
                <div class="userCard__actions userCard__actions--compact">
                  <button class="iconActionButton" type="button" title="비밀번호 초기화" @click="openUserPasswordModal(user)">
-                    <img :src="lockResetIcon" alt="" />
+                    <SvgIcon class="iconActionButton__icon" :src="lockResetIcon" :size="18" />
                  </button>
                  <button class="iconActionButton iconActionButton--danger" type="button" title="회원 삭제" @click="openUserDeleteModal(user)">
-                    <img :src="deleteIcon" alt="" />
+                    <SvgIcon class="iconActionButton__icon" :src="deleteIcon" :size="18" />
                  </button>
-                  <button class="btn btn--ghost userSaveButton" :disabled="!isUserDirty(user)" @click="saveUser(user)">회원정보 저장</button>
+                  <button class="btn btn--ghost userSaveButton" type="button" @click="openUserEditModal(user)">회원 정보 수정</button>
                </div>
              </article>
            </div>
@@ -1618,8 +1663,22 @@ async function saveFeaturedOrder() {
                <div class="modalCard__title">새 게임 만들기</div>
                <div class="modalCard__desc">게임 이름과 고유 ID를 입력한 뒤 생성하면 바로 아래 상세 관리 화면으로 이어집니다.</div>
                <div class="modalCard__form">
-                  <input v-model="newGameName" class="input" placeholder="게임 이름" />
-                  <input v-model="newGameId" class="input" placeholder="game id (영문/숫자)" @keydown.enter.prevent="createGame" />
+                  <label class="field">
+                    <span class="field__label">게임 이름</span>
+                    <input v-model="newGameName" class="field__input" maxlength="60" placeholder="게임 이름" />
+                    <span class="field__hint">{{ newGameName.length }}/60자</span>
+                  </label>
+                  <label class="field">
+                    <span class="field__label">게임 ID</span>
+                    <input
+                      v-model="newGameId"
+                      class="field__input"
+                      maxlength="120"
+                      placeholder="game id (영문/숫자)"
+                      @keydown.enter.prevent="createGame"
+                    />
+                    <span class="field__hint">영문, 숫자, 하이픈 조합 권장 · {{ newGameId.length }}/120자</span>
+                  </label>
                </div>
                <div class="modalCard__actions">
                  <button class="btn btn--ghost" @click="closeGameCreateModal">취소</button>
@@ -1628,12 +1687,56 @@ async function saveFeaturedOrder() {
              </div>
            </div>

+            <div v-if="userEditModalOpen" class="modalOverlay" @click.self="closeUserEditModal">
+              <div class="modalCard modalCard--userEdit" role="dialog" aria-modal="true">
+                <div class="modalCard__title">회원 정보 수정</div>
+                <div class="modalCard__desc">{{ modalTargetUser ? `${userDisplayName(modalTargetUser)} 계정의 정보와 권한을 조정할 수 있어요.` : '' }}</div>
+                <div class="userEditForm">
+                  <label class="field">
+                    <span class="field__label">이메일</span>
+                    <input v-model="modalUserDraftEmail" class="field__input" maxlength="255" placeholder="계정 이메일" />
+                    <span class="field__hint">로그인 계정으로 사용하는 이메일입니다. {{ modalUserDraftEmail.length }}/255자</span>
+                  </label>
+
+                  <label class="field">
+                    <span class="field__label">닉네임</span>
+                    <input v-model="modalUserDraftNickname" class="field__input" maxlength="40" placeholder="표시용 닉네임" />
+                    <span class="field__hint">티어표 작성자명과 프로필에 표시됩니다. {{ modalUserDraftNickname.length }}/40자</span>
+                  </label>
+
+                  <button
+                    v-if="canManageModalRole"
+                    class="userRoleAction"
+                    type="button"
+                    @click="openUserRoleModal(modalTargetUser, !modalUserDraftIsAdmin)"
+                  >
+                    {{ modalUserDraftIsAdmin ? '운영자 권한 해제' : '운영자 권한 부여' }}
+                  </button>
+                </div>
+                <div class="modalCard__actions">
+                  <button class="btn btn--ghost" @click="closeUserEditModal">취소</button>
+                  <button class="btn btn--primary" :disabled="!isUserEditDirty" @click="saveUserEdit">회원 정보 저장</button>
+                </div>
+              </div>
+            </div>
+
            <div v-if="userPasswordModalOpen" class="modalOverlay" @click.self="closeUserPasswordModal">
              <div class="modalCard" role="dialog" aria-modal="true">
                <div class="modalCard__title">비밀번호 초기화</div>
                <div class="modalCard__desc">{{ modalTargetUser ? `${userDisplayName(modalTargetUser)} 계정에 설정할 새 비밀번호를 입력해주세요.` : '' }}</div>
                <div class="modalCard__form">
-                  <input v-model="modalPasswordDraft" class="input" type="password" placeholder="초기화할 비밀번호 입력" @keydown.enter.prevent="confirmUserPasswordReset" />
+                  <label class="field">
+                    <span class="field__label">새 비밀번호</span>
+                    <input
+                      v-model="modalPasswordDraft"
+                      class="field__input"
+                      type="password"
+                      maxlength="120"
+                      placeholder="초기화할 비밀번호 입력"
+                      @keydown.enter.prevent="confirmUserPasswordReset"
+                    />
+                    <span class="field__hint">6~120자 권장 · {{ modalPasswordDraft.length }}/120자</span>
+                  </label>
                </div>
                <div class="modalCard__actions">
                  <button class="btn btn--ghost" @click="closeUserPasswordModal">취소</button>
@@ -1655,13 +1758,13 @@ async function saveFeaturedOrder() {

            <div v-if="userRoleModalOpen" class="modalOverlay" @click.self="closeUserRoleModal">
              <div class="modalCard" role="dialog" aria-modal="true">
-                <div class="modalCard__title">관리자 권한 변경</div>
+                <div class="modalCard__title">운영자 권한 변경</div>
                <div class="modalCard__desc">
                  {{
                    modalTargetUser
                      ? modalRoleNextAdmin
-                        ? `${userDisplayName(modalTargetUser)} 사용자를 관리자로 임명할까요?`
-                        : `${userDisplayName(modalTargetUser)} 사용자의 관리자 권한을 해제할까요?`
+                        ? `${userDisplayName(modalTargetUser)} 사용자를 운영자로 지정할까요?`
+                        : `${userDisplayName(modalTargetUser)} 사용자의 운영자 권한을 해제할까요?`
                      : ''
                  }}
                </div>
@@ -1726,11 +1829,11 @@ async function saveFeaturedOrder() {
                      </select>
                    </div>
                    <div class="customItemModal__linked">
-                      <span class="customItemModal__label">이미 사용 중인 게임</span>
-                      <div v-if="modalTargetCustomItem.linkedGames?.length" class="customItemModal__chips">
-                        <span v-for="game in modalTargetCustomItem.linkedGames" :key="game.id" class="pill">{{ game.name }}</span>
+                      <span class="customItemModal__label">템플릿에 사용 중인 게임</span>
+                      <div v-if="visibleLinkedGames.length" class="customItemModal__chips">
+                        <span v-for="game in visibleLinkedGames" :key="game.id" class="pill">{{ game.name }}</span>
                      </div>
-                      <div v-else class="hint hint--tight">아직 연결된 게임이 없어요.</div>
+                      <div v-else class="hint hint--tight">아직 템플릿에 연결된 게임이 없어요.</div>
                    </div>
                  </div>
                  <div class="customItemModal__body">
@@ -1925,7 +2028,7 @@ async function saveFeaturedOrder() {
      </section>


-      <section class="adminSidebar__panel">
+      <section v-if="activeTab === 'featured'" class="adminSidebar__panel">
        <div class="adminSidebar__label">Image Optimization</div>
        <div class="adminSidebar__group">
          <input v-model="imageStatsMonth" class="input" type="month" />
@@ -2455,11 +2558,11 @@ async function saveFeaturedOrder() {
  border: 0;
 }
 .btn {
+  height: 100%;
  font-size: 12px;
  line-height: 1.2;
  white-space: nowrap;
  word-break: keep-all;
-  margin-top: 12px;
  padding: 11px 13px;
  border-radius: 14px;
  border: 1px solid rgba(255, 255, 255, 0.14);
@@ -2925,10 +3028,8 @@ async function saveFeaturedOrder() {
  transform: translateY(2px) scale(0.96);
  transition: opacity 160ms ease, transform 160ms ease, background 160ms ease, visibility 160ms ease;
 }
-.userAvatarRemoveButton img {
-  width: 12px;
-  height: 12px;
-  filter: brightness(0) invert(1);
+.userAvatarRemoveIcon {
+  color: rgba(255, 255, 255, 0.96);
 }
 .userAvatarRemoveButton:disabled {
  opacity: 0.45;
@@ -2993,6 +3094,44 @@ async function saveFeaturedOrder() {
  font-size: 14px;
  font-weight: 900;
 }
+.field {
+  display: grid;
+  gap: 8px;
+}
+.field__label {
+  font-size: 13px;
+  color: rgba(255, 255, 255, 0.62);
+}
+.field__input {
+  width: 100%;
+  padding: 14px 0;
+  border: 0;
+  border-bottom: 1px solid rgba(255, 255, 255, 0.12);
+  background: transparent;
+  color: rgba(255, 255, 255, 0.94);
+  outline: none;
+  font-size: 18px;
+  letter-spacing: -0.02em;
+}
+.field__input:focus {
+  border-bottom-color: rgba(96, 165, 250, 0.9);
+}
+.field__hint {
+  font-size: 12px;
+  color: rgba(255, 255, 255, 0.42);
+}
+
+.userEditForm {
+  display: grid;
+  gap: 18px;
+}
+.userEditForm .field {
+  gap: 10px;
+}
+.modalCard--userEdit {
+  max-width: 520px;
+}
+
 .userCard__actions {
  display: grid;
  grid-template-columns: repeat(2, minmax(0, 1fr));
@@ -3001,6 +3140,7 @@ async function saveFeaturedOrder() {
 .userCard__actions--compact {
  grid-template-columns: auto auto minmax(0, 1fr);
  align-items: center;
+  margin-top: 12px;
 }
 .roleBadge {
  width: fit-content;
@@ -3030,9 +3170,8 @@ async function saveFeaturedOrder() {
  background: rgba(255, 255, 255, 0.04);
  cursor: pointer;
 }
-.iconActionButton img {
-  width: 18px;
-  height: 18px;
+.iconActionButton__icon {
+  color: rgba(255, 255, 255, 0.92);
 }
 .iconActionButton:disabled {
  cursor: not-allowed;
--- a/frontend/src/views/GameHubView.vue
+++ b/frontend/src/views/GameHubView.vue
@@ -222,7 +222,8 @@ function submitSearch() {
 }
 .list {
  display: grid;
-  grid-template-columns: repeat(auto-fit, minmax(min(100%, 280px), 1fr));
+  grid-template-columns: repeat(auto-fit, minmax(260px, 320px));
+  justify-content: start;
  gap: 18px;
 }

--- a/frontend/src/views/HomeView.vue
+++ b/frontend/src/views/HomeView.vue
@@ -2,6 +2,8 @@
 import { computed, onMounted, ref, watch } from 'vue'
 import { useRoute, useRouter } from 'vue-router'
 import { api } from '../lib/api'
+import SvgIcon from '../components/SvgIcon.vue'
+import kidStarIcon from '../assets/icons/kid_star.svg'
 import { toApiUrl } from '../lib/runtime'
 import { useAuthStore } from '../stores/auth'

@@ -91,7 +93,7 @@ function thumbUrl(g) {
        :disabled="loadingFavoriteId === g.id"
        @click.stop="toggleFavorite(g, $event)"
      >
-        {{ g.isFavorited ? '★' : '☆' }}
+        <SvgIcon class="libraryCard__favoriteIcon" :src="kidStarIcon" :size="18" />
      </button>
      <button class="libraryCard__main" type="button" @click="goGame(g.id)">
        <div class="libraryCard__thumbWrap">
@@ -169,8 +171,20 @@ function thumbUrl(g) {
  line-height: 1;
  cursor: pointer;
  z-index: 2;
+  display: flex;
+  align-items: center;
+  justify-content: center;
 }
 .libraryCard__favorite--active {
+  background: rgba(54, 45, 10, 0.92);
+  border-color: rgba(255, 216, 107, 0.28);
+}
+.libraryCard__favoriteIcon {
+  opacity: 0.76;
+  color: rgba(255, 255, 255, 0.94);
+}
+.libraryCard__favorite--active .libraryCard__favoriteIcon {
+  opacity: 1;
  color: #ffd86b;
 }
 .libraryCard__thumbWrap {
--- a/frontend/src/views/LoginView.vue
+++ b/frontend/src/views/LoginView.vue
@@ -79,8 +79,8 @@ async function submit() {
      <form class="authFields" @submit.prevent="submit">
        <label class="field">
          <span class="field__label">이메일</span>
-          <input v-model="email" class="field__input" placeholder="you@example.com" autocomplete="email" />
-          <span class="field__hint">로그인과 알림에 사용되는 계정 이메일입니다.</span>
+          <input v-model="email" class="field__input" placeholder="you@example.com" autocomplete="email" maxlength="255" />
+          <span class="field__hint">로그인과 알림에 사용되는 계정 이메일입니다. {{ email.length }}/255자</span>
        </label>

        <label class="field">
@@ -91,8 +91,9 @@ async function submit() {
            type="password"
            placeholder="********"
            autocomplete="current-password"
+            maxlength="120"
          />
-          <span class="field__hint">8자 이상으로 설정하면 더 안전하게 사용할 수 있어요.</span>
+          <span class="field__hint">6~120자 입력 가능 · {{ password.length }}/120자</span>
        </label>

        <label v-if="mode === 'signup'" class="field">
@@ -103,8 +104,9 @@ async function submit() {
            type="password"
            placeholder="********"
            autocomplete="new-password"
+            maxlength="120"
          />
-          <span class="field__hint">같은 비밀번호를 한 번 더 입력해주세요.</span>
+          <span class="field__hint">같은 비밀번호를 한 번 더 입력해주세요. {{ passwordConfirm.length }}/120자</span>
        </label>

        <div v-if="!hasUsers" class="roleBadge">첫 회원가입 계정은 자동으로 관리자 권한이 부여됩니다.</div>
--- a/frontend/src/views/ProfileView.vue
+++ b/frontend/src/views/ProfileView.vue
@@ -156,8 +156,8 @@ async function logout() {
      <div class="settingsFields">
        <label class="field">
          <span class="field__label">닉네임</span>
-          <input v-model="nickname" class="field__input" placeholder="작성자 닉네임" />
-          <span class="field__hint">티어표 작성자 이름으로 표시됩니다.</span>
+          <input v-model="nickname" class="field__input" maxlength="40" placeholder="작성자 닉네임" />
+          <span class="field__hint">티어표 작성자 이름으로 표시됩니다. {{ nickname.length }}/40자</span>
        </label>

        <label class="field">
--- a/frontend/src/views/TierEditorView.vue
+++ b/frontend/src/views/TierEditorView.vue
@@ -45,6 +45,8 @@ const isTemplateUpdateModalOpen = ref(false)
 const templateRequestDraftTitle = ref('')
 const templateRequestDraftDescription = ref('')
 const isDeleteModalOpen = ref(false)
+const isGroupDeleteModalOpen = ref(false)
+const pendingRemoveGroupId = ref('')
 const ownerId = ref('')
 const authorName = ref('')
 const authorAccountName = ref('')
@@ -280,7 +282,7 @@ async function addGroup() {
  await syncSortables()
 }

-async function removeGroup(groupId) {
+async function performRemoveGroup(groupId) {
  if (groups.value.length <= 1) return
  const target = groups.value.find((group) => group.id === groupId)
  if (!target) return
@@ -290,6 +292,24 @@ async function removeGroup(groupId) {
  await syncSortables()
 }

+function openGroupDeleteModal(groupId) {
+  if (!canEdit.value || groups.value.length <= 1 || !groupId) return
+  pendingRemoveGroupId.value = groupId
+  isGroupDeleteModalOpen.value = true
+}
+
+function closeGroupDeleteModal() {
+  isGroupDeleteModalOpen.value = false
+  pendingRemoveGroupId.value = ''
+}
+
+async function confirmRemoveGroup() {
+  const groupId = pendingRemoveGroupId.value
+  closeGroupDeleteModal()
+  if (!groupId) return
+  await performRemoveGroup(groupId)
+}
+
 function addCustomImage(file) {
  if (!file || !file.type.startsWith('image/')) return
  const url = URL.createObjectURL(file)
@@ -774,10 +794,12 @@ onUnmounted(() => {
        <label class="templateRequestDraft__field">
          <span class="templateRequestDraft__label">요청 제목</span>
          <input v-model="templateRequestDraftTitle" class="templateRequestDraft__input" maxlength="80" placeholder="예: 템플릿 등록 요청" />
+          <span class="templateRequestDraft__hint">{{ templateRequestDraftTitle.length }}/80자</span>
        </label>
        <label class="templateRequestDraft__field">
          <span class="templateRequestDraft__label">요청 설명</span>
          <textarea v-model="templateRequestDraftDescription" class="templateRequestDraft__input templateRequestDraft__textarea" maxlength="240" placeholder="예: 여름 이벤트 한정 캐릭터 추가용으로 신규 템플릿이 필요합니다." />
+          <span class="templateRequestDraft__hint">{{ templateRequestDraftDescription.length }}/240자</span>
        </label>
      </div>
      <div class="modalCard__actions">
@@ -803,10 +825,12 @@ onUnmounted(() => {
        <label class="templateRequestDraft__field">
          <span class="templateRequestDraft__label">요청 제목</span>
          <input v-model="templateRequestDraftTitle" class="templateRequestDraft__input" maxlength="80" placeholder="예: 템플릿 업데이트 요청" />
+          <span class="templateRequestDraft__hint">{{ templateRequestDraftTitle.length }}/80자</span>
        </label>
        <label class="templateRequestDraft__field">
          <span class="templateRequestDraft__label">요청 설명</span>
          <textarea v-model="templateRequestDraftDescription" class="templateRequestDraft__input templateRequestDraft__textarea" maxlength="240" placeholder="예: 여름 이벤트 한정 캐릭터 추가" />
+          <span class="templateRequestDraft__hint">{{ templateRequestDraftDescription.length }}/240자</span>
        </label>
      </div>
      <div class="modalCard__actions">
@@ -833,6 +857,19 @@ onUnmounted(() => {
    </div>
  </div>

+  <div v-if="isGroupDeleteModalOpen" class="modalOverlay" @click.self="closeGroupDeleteModal">
+    <div class="modalCard" role="dialog" aria-modal="true" aria-labelledby="deleteGroupTitle">
+      <div id="deleteGroupTitle" class="modalCard__title">티어 라인 삭제</div>
+      <div class="modalCard__desc">
+        이 라인을 삭제하면 현재 들어 있는 아이템은 모두 아래 아이템 영역으로 이동합니다. 삭제 후에도 아이템 자체는 유지돼요.
+      </div>
+      <div class="modalCard__actions">
+        <button class="btn btn--ghost" @click="closeGroupDeleteModal">취소</button>
+        <button class="btn btn--danger" @click="confirmRemoveGroup">라인 삭제</button>
+      </div>
+    </div>
+  </div>
+
  <section class="layout" :style="{ '--thumb-size': `${iconSize}px` }">
    <div class="editorMain">
      <section class="head">
@@ -884,9 +921,18 @@ onUnmounted(() => {
                    <div class="row__exportName">{{ g.name }}</div>
                  </template>
                  <template v-else>
+                    <button
+                      v-if="canEdit"
+                      class="rowRemoveText"
+                      type="button"
+                      title="티어 라인 삭제"
+                      :disabled="groups.length <= 1"
+                      @click="openGroupDeleteModal(g.id)"
+                    >
+                      열 삭제
+                    </button>
                    <span class="grab" title="드래그로 순서 변경" data-group-handle>↕</span>
-                    <input v-model="g.name" class="groupName" :readonly="!canEdit" />
-                    <button v-if="canEdit" class="rowRemoveBtn" :disabled="groups.length <= 1" @click="removeGroup(g.id)">삭제</button>
+                    <input v-model="g.name" class="groupName" maxlength="16" :readonly="!canEdit" />
                  </template>
                </div>
                <div
@@ -962,7 +1008,8 @@ onUnmounted(() => {
    <template v-if="globalRightRailOpen">
      <div class="editorSidebar__section">
        <div class="editorSidebar__label">Title</div>
-        <input v-model="title" class="editorSidebar__input" placeholder="Title Text" :readonly="!canEdit" />
+        <input v-model="title" class="editorSidebar__input" maxlength="120" placeholder="Title Text" :readonly="!canEdit" />
+        <div class="editorSidebar__hint">{{ title.length }}/120자</div>
        <div v-if="untitledWarning" class="editorSidebar__hint editorSidebar__hint--warn">{{ untitledWarning }}</div>
      </div>

@@ -972,8 +1019,10 @@ onUnmounted(() => {
          v-model="description"
          class="editorSidebar__textarea"
          placeholder="Description Text"
+          maxlength="1000"
          :readonly="!canEdit"
        ></textarea>
+        <div class="editorSidebar__hint">{{ description.length }}/1000자</div>
      </div>

      <div class="editorSidebar__section">
@@ -1146,7 +1195,7 @@ onUnmounted(() => {
 .previewOnly__label {
  display: grid;
  place-items: center;
-  padding: 10px 8px;
+  padding: 10px 12px;
  text-align: center;
  font-weight: 900;
  border-radius: 14px;
@@ -1396,6 +1445,10 @@ onUnmounted(() => {
  font-size: 12px;
  color: rgba(255, 255, 255, 0.64);
 }
+.templateRequestDraft__hint {
+  font-size: 12px;
+  color: rgba(255, 255, 255, 0.46);
+}
 .templateRequestDraft__input {
  width: 100%;
  padding: 14px 0;
@@ -1512,6 +1565,7 @@ onUnmounted(() => {
  align-items: stretch;
 }
 .row__label {
+  position: relative;
  border-radius: 16px;
  background: rgba(255, 255, 255, 0.08);
  border: 1px solid rgba(255, 255, 255, 0.12);
@@ -1519,7 +1573,7 @@ onUnmounted(() => {
  gap: 8px;
  align-items: center;
  justify-content: center;
-  padding: 10px 8px;
+  padding: 10px 12px 30px;
  font-weight: 900;
  overflow: hidden;
 }
@@ -1547,26 +1601,32 @@ onUnmounted(() => {
  outline: none;
  min-width: 0;
 }
+.rowRemoveText {
+  position: absolute;
+  right: 12px;
+  bottom: 10px;
+  padding: 0;
+  border: 0;
+  background: transparent;
+  color: rgba(255, 255, 255, 0.6);
+  cursor: pointer;
+  font-size: 12px;
+  line-height: 1;
+  font-weight: 800;
+}
+.rowRemoveText:hover {
+  color: rgba(255, 255, 255, 0.9);
+}
+.rowRemoveText:disabled {
+  opacity: 0.32;
+  cursor: not-allowed;
+}
 .row__exportName {
  width: 100%;
  text-align: center;
  font-weight: 900;
  word-break: break-word;
 }
-.rowRemoveBtn {
-  padding: 6px 10px;
-  border-radius: 10px;
-  border: 1px solid rgba(239, 68, 68, 0.28);
-  background: rgba(239, 68, 68, 0.12);
-  color: rgba(255, 255, 255, 0.92);
-  cursor: pointer;
-  font-weight: 800;
-  flex: 0 0 auto;
-}
-.rowRemoveBtn:disabled {
-  opacity: 0.45;
-  cursor: not-allowed;
-}
 .row__drop {
  border-radius: 16px;
  background: rgba(0, 0, 0, 0.18);
--- a/package.json
+++ b/package.json
@@ -10,7 +10,8 @@
    "start": "npm --prefix backend run start",
    "test": "echo \"Error: no test specified\" && exit 1",
    "images:backfill": "npm --prefix backend run images:backfill",
-    "images:migrate-legacy": "npm --prefix backend run images:migrate-legacy"
+    "images:migrate-legacy": "npm --prefix backend run images:migrate-legacy",
+    "uploads:cleanup-legacy": "npm --prefix backend run uploads:cleanup-legacy"
  },
  "keywords": [],
  "author": "",
Author	SHA1	Message	Date
zenn	b2a838ff34	릴리스: v1.3.12 회원 정렬 방향과 입력 길이 피드백	2026-04-01 11:15:49 +09:00
zenn	695c0bd4dd	릴리스: v1.3.11 회원 관리 모달과 최고 관리자 보호	2026-04-01 10:53:14 +09:00
zenn	7b1ba19572	릴리스: v1.3.10 게임 허브 카드 폭과 SVG 아이콘 렌더링 정리	2026-04-01 10:29:34 +09:00
zenn	b4ada4b9a2	릴리스: v1.3.9 관리자 최적화 패널 범위와 티어 행 삭제 UX 정리	2026-04-01 10:11:48 +09:00
zenn	7f9a7cc947	릴리스: v1.3.8 홈 즐겨찾기 아이콘과 레거시 업로드 정리	2026-03-31 18:53:39 +09:00
				`@@ -0,0 +1 @@`
				`<svg xmlns="http://www.w3.org/2000/svg" height="24px" viewBox="0 -960 960 960" width="24px" fill="ffffff"><path d="m305-704 112-145q12-16 28.5-23.5T480-880q18 0 34.5 7.5T543-849l112 145 170 57q26 8 41 29.5t15 47.5q0 12-3.5 24T866-523L756-367l4 164q1 35-23 59t-56 24q-2 0-22-3l-179-50-179 50q-5 2-11 2.5t-11 .5q-32 0-56-24t-23-59l4-165L95-523q-8-11-11.5-23T80-570q0-25 14.5-46.5T135-647l170-57Zm49 69-194 64 124 179-4 191 200-55 200 56-4-192 124-177-194-66-126-165-126 165Zm126 135Z"/></svg>`