[FIX] #213 : logout 404 에러 수정

[pwc2002]

📌 연관된 이슈

#213

✨ 작업 내용

logout 시 404 에러 뜨는걸, 토큰 인증 url 에서 logout을 제외함으로서 수정

💬 리뷰 요구사항(선택)

Summary by CodeRabbit

• 버그 수정
  • 인증 예외 범위를 세분화하여 다음 경로만 공개 접근으로 유지: /api/v1/auth/refresh, /api/v1/auth/login, /api/v1/auth/oauth2/google/callback, /api/v1/auth/password-reset/request, /api/v1/auth/password-reset/verify, /api/v1/auth/password-reset/confirm
  • 위 경로 외의 /api/v1/auth/* 요청은 이제 인증 절차를 거치도록 변경되어 보안이 강화되었습니다.
  • API 문서 관련 경로(/v3/api-docs, /swagger-ui 등)는 기존과 동일하게 접근 가능합니다.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

인증 필터의 우회 대상 경로가 광범위한 프리픽스(/api/v1/auth/**)에서 구체적 엔드포인트 목록으로 축소되었고, 스웨거/문서 관련 우회는 유지되었습니다. 공개 API 시그니처 변경은 없습니다.

Changes

Cohort / File(s)	Summary
보안 필터 우회 범위 정밀화 src/main/java/inha/gdgoc/global/security/TokenAuthenticationFilter.java	/api/v1/auth/** 우회를 제거하고 다음 엔드포인트만 명시 우회: refresh, login, oauth2/google/callback, password-reset/{request,verify,confirm}. 기존 /v3/api-docs, /swagger-ui, /swagger-ui.html 등은 그대로 우회. 퍼블릭 시그니처 변경 없음.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant C as Client
    participant F as TokenAuthenticationFilter
    participant A as AuthService
    participant H as Controller

    Note over F: 우회 목록: <br/>/auth/refresh, /auth/login, <br/>/auth/oauth2/google/callback, <br/>/auth/password-reset/{request,verify,confirm}

    C->>F: HTTP Request
    alt 요청 경로 ∈ 명시 우회 목록
        F-->>H: FilterChain.continue()
        H-->>C: Response
    else 기타 모든 경로 포함 /api/v1/auth/** 중 비우회
        F->>F: 토큰 추출/검증 시도
        alt 유효 토큰
            F->>A: 토큰 검증
            A-->>F: 검증 성공
            F-->>H: FilterChain.continue() (SecurityContext 설정)
            H-->>C: Response
        else 토큰 없음/무효
            F-->>C: 401/접근 거부 처리(구현에 따름)
        end
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

작은 발로 로그를 톡톡, 우회 목록을 다듬었지
넓던 길 좁혀 딱 필요한 문만 열어두고
토큰은 꼼꼼히, 스웨거는 쓱 지나가고
깡총, 깡총—보안 숲속에 질서가 반짝
오늘도 PR 위에 당근 이모지 하나 🥕

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a896b17 and f3450fa.

📒 Files selected for processing (1)

• src/main/java/inha/gdgoc/global/security/TokenAuthenticationFilter.java (1 hunks)

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/issue-213

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

CI status
✅ Assemble 성공
✅ Test 성공