Skip to content

Commit f6a9f48

Browse files
move-hoonmove-hoon
authored
feat: DisableSwaggerSecurity 어노테이션으로 Swagger 내 로그인과 토큰 갱신 API 보안 설정을 비활성화하는 기능 추가 (#87)
* [BOOK-90] fix: gateway - 화이트리스트를 제외하고, 모든 경로에 인증된 사용자만 접근 가능하도록 수정 * [BOOK-90] feat: global-utils - Swagger 보안을 비활성화하는 어노테이션 추가 * [BOOK-90] feat: apis - Swagger 보안 설정을 비활성화하는 OperationCustomizer 추가 * [BOOK-90] feat: apis - 소셜 로그인 및 토큰 갱신 API에 Swagger 보안 비활성화 어노테이션 추가 * [BOOK-90] chore: apis - Book 관련 유틸 클래스 book 패키지로 이동 * [BOOK-90] refactor: apis, global-utils - 코드레빗 리뷰 반영 * [BOOK-90] feat: apis, global-utils - ApplicationService 커스텀 어노테이션 생성 및 기존 Service 어노테이션 리팩토링 * [BOOK-90] chore: apis - DTO에 스키마 명세 추가 * [BOOK-90] chore: apis - 가독성을 위한 반환 방식 리팩토링 * [BOOK-90] refactor: apis, domain - 애플 리프레쉬 토큰 관련 DTO 내부 로직 변경 * [BOOK-90] fix: apis - item 내부에 있는 link를 전달하도록 수정 * [BOOK-90] chore: apis - 최소 개수 명세 추가 * [BOOK-90] refactor: apis - 애플 refreshToken이 null이나 빈문자열로 올 경우 기존 initialUserResponse를 반환하도록 변경 * [BOOK-90] refactor: apis - 프로퍼티 위의 @Schema@field:Schema로 변경 * [BOOK-90] chore: apis - categories 프로퍼티의 명세 변경
1 parent 73a1dff commit f6a9f48

File tree

57 files changed

+416
-209
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

57 files changed

+416
-209
lines changed

apis/src/main/kotlin/org/yapp/apis/auth/controller/AuthControllerApi.kt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,14 @@ import org.springframework.web.bind.annotation.RequestBody
1515
import org.yapp.apis.auth.dto.request.SocialLoginRequest
1616
import org.yapp.apis.auth.dto.request.TokenRefreshRequest
1717
import org.yapp.apis.auth.dto.response.AuthResponse
18+
import org.yapp.globalutils.annotation.DisableSwaggerSecurity
1819
import org.yapp.globalutils.exception.ErrorResponse
1920
import java.util.*
2021

2122
@Tag(name = "Authentication", description = "인증 관련 API")
2223
interface AuthControllerApi {
2324

25+
@DisableSwaggerSecurity
2426
@Operation(
2527
summary = "소셜 로그인",
2628
description = "카카오 또는 애플 계정으로 로그인합니다. 사용자가 존재하지 않으면 자동으로 회원가입됩니다."
@@ -47,6 +49,7 @@ interface AuthControllerApi {
4749
@PostMapping("/signin")
4850
fun signIn(@RequestBody @Valid request: SocialLoginRequest): ResponseEntity<AuthResponse>
4951

52+
@DisableSwaggerSecurity
5053
@Operation(
5154
summary = "토큰 갱신",
5255
description = "리프레시 토큰을 사용하여 액세스 토큰을 갱신합니다. 새로운 액세스 토큰과 리프레시 토큰을 반환합니다."

apis/src/main/kotlin/org/yapp/apis/auth/dto/request/DeleteTokenRequest.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ import org.yapp.apis.auth.dto.response.RefreshTokenResponse
1010
)
1111
data class DeleteTokenRequest private constructor(
1212
@field:NotBlank(message = "Refresh token must not be blank.")
13-
@Schema(description = "Refresh token to be deleted", example = "eyJhbGciOiJIUz...")
13+
@field:Schema(description = "Refresh token to be deleted", example = "eyJhbGciOiJIUz...")
1414
val refreshToken: String? = null
1515
) {
1616
fun validRefreshToken() = refreshToken!!

apis/src/main/kotlin/org/yapp/apis/auth/dto/request/GenerateTokenPairRequest.kt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,14 +12,14 @@ import java.util.UUID
1212
description = "Request DTO to generate a new pair of access and refresh tokens"
1313
)
1414
data class GenerateTokenPairRequest private constructor(
15-
@Schema(
15+
@field:Schema(
1616
description = "User ID",
1717
example = "a1b2c3d4-e5f6-7890-1234-56789abcdef0"
1818
)
1919
@field:NotNull(message = "userId must not be null")
2020
val userId: UUID? = null,
2121

22-
@Schema(
22+
@field:Schema(
2323
description = "User role",
2424
example = "USER"
2525
)

apis/src/main/kotlin/org/yapp/apis/auth/dto/request/SocialLoginRequest.kt

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,23 +14,23 @@ import org.yapp.domain.user.ProviderType
1414
description = "DTO for social login requests"
1515
)
1616
data class SocialLoginRequest private constructor(
17-
@Schema(
17+
@field:Schema(
1818
description = "Type of social login provider",
1919
example = "KAKAO",
2020
required = true
2121
)
2222
@field:NotBlank(message = "Provider type is required")
2323
val providerType: String? = null,
2424

25-
@Schema(
25+
@field:Schema(
2626
description = "OAuth token issued by the social provider",
2727
example = "eyJ...",
2828
required = true
2929
)
3030
@field:NotBlank(message = "OAuth token is required")
3131
val oauthToken: String? = null,
3232

33-
@Schema(
33+
@field:Schema(
3434
description = "Authorization code used to issue Apple access/refresh tokens (required only for Apple login)",
3535
example = "c322a426...",
3636
required = false

apis/src/main/kotlin/org/yapp/apis/auth/dto/request/TokenGenerateRequest.kt

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,15 +11,15 @@ import java.util.*
1111
)
1212
data class TokenGenerateRequest private constructor(
1313
@field:NotNull(message = "userId must not be null")
14-
@Schema(description = "User ID", example = "f6b7d490-1b1a-4b9f-8e8e-27f8e3a5dafa")
14+
@field:Schema(description = "User ID", example = "f6b7d490-1b1a-4b9f-8e8e-27f8e3a5dafa")
1515
val userId: UUID? = null,
1616

1717
@field:NotBlank(message = "refreshToken must not be blank")
18-
@Schema(description = "Generated refresh token", example = "eyJhbGciOiJIUzI1NiIsInR...")
18+
@field:Schema(description = "Generated refresh token", example = "eyJhbGciOiJIUzI1NiIsInR...")
1919
val refreshToken: String? = null,
2020

2121
@field:NotNull(message = "expiration must not be null")
22-
@Schema(description = "Refresh token expiration time (in seconds)", example = "2592000")
22+
@field:Schema(description = "Refresh token expiration time (in seconds)", example = "2592000")
2323
val expiration: Long? = null
2424
) {
2525
fun validUserId() = userId!!

apis/src/main/kotlin/org/yapp/apis/auth/dto/request/TokenRefreshRequest.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ import jakarta.validation.constraints.NotBlank
88
description = "DTO for requesting an access token using a refresh token"
99
)
1010
data class TokenRefreshRequest private constructor(
11-
@Schema(
11+
@field:Schema(
1212
description = "Valid refresh token issued during previous authentication",
1313
example = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
1414
required = true

apis/src/main/kotlin/org/yapp/apis/auth/dto/request/WithdrawStrategyRequest.kt

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,27 +10,27 @@ import java.util.*
1010
@Schema(description = "회원 탈퇴 처리 시 내부적으로 사용되는 요청 DTO")
1111
data class WithdrawStrategyRequest private constructor(
1212
@field:NotNull(message = "사용자 ID는 필수 값입니다.")
13-
@Schema(
13+
@field:Schema(
1414
description = "사용자 고유 ID",
1515
example = "123e4567-e89b-12d3-a456-426614174000"
1616
)
1717
val userId: UUID,
1818

1919
@field:NotNull(message = "소셜 로그인 제공자 타입은 필수 값입니다.")
20-
@Schema(
20+
@field:Schema(
2121
description = "소셜 로그인 제공자 타입",
2222
example = "KAKAO"
2323
)
2424
val providerType: ProviderType,
2525

2626
@field:NotBlank(message = "소셜 로그인 제공자로부터 발급받은 고유 ID는 필수 값입니다.")
27-
@Schema(
27+
@field:Schema(
2828
description = "소셜 로그인 제공자로부터 발급받은 고유 ID",
2929
example = "21412412412"
3030
)
3131
val providerId: String,
3232

33-
@Schema(
33+
@field:Schema(
3434
description = "Apple 로그인 시 발급받은 리프레시 토큰 (Apple 로그인 회원 탈퇴 시에만 필요)",
3535
example = "r_abc123def456ghi789jkl0mnopqrstu",
3636
required = false

apis/src/main/kotlin/org/yapp/apis/auth/dto/response/AuthResponse.kt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,13 @@ import io.swagger.v3.oas.annotations.media.Schema
88
)
99
data class AuthResponse private constructor(
1010

11-
@Schema(
11+
@field:Schema(
1212
description = "Access token for authorization",
1313
example = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
1414
)
1515
val accessToken: String,
1616

17-
@Schema(
17+
@field:Schema(
1818
description = "Refresh token used to obtain a new access token",
1919
example = "dGhpc2lzYXJlZnJlc2h0b2tlbg=="
2020
)

apis/src/main/kotlin/org/yapp/apis/auth/dto/response/RefreshTokenResponse.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ import org.yapp.domain.token.RefreshToken.Token
88
description = "Response DTO containing the issued refresh token"
99
)
1010
data class RefreshTokenResponse(
11-
@Schema(description = "The refresh token string", example = "eyJhbGciOiJIUz...")
11+
@field:Schema(description = "The refresh token string", example = "eyJhbGciOiJIUz...")
1212
val refreshToken: String
1313
) {
1414
companion object {

apis/src/main/kotlin/org/yapp/apis/auth/dto/response/TokenPairResponse.kt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,13 @@ import io.swagger.v3.oas.annotations.media.Schema
88
)
99
data class TokenPairResponse private constructor(
1010

11-
@Schema(
11+
@field:Schema(
1212
description = "Access token for user authorization",
1313
example = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
1414
)
1515
val accessToken: String,
1616

17-
@Schema(
17+
@field:Schema(
1818
description = "Refresh token to get new access token",
1919
example = "dGhpc2lzYXJlZnJlc2h0b2tlbg=="
2020
)

0 commit comments

Comments
 (0)