Skip to content

[Chore] swagger 설정 추가#41

Merged
Minbro-Kim merged 6 commits into
devfrom
feature/#40/swagger-config
Jun 22, 2026
Merged

[Chore] swagger 설정 추가#41
Minbro-Kim merged 6 commits into
devfrom
feature/#40/swagger-config

Conversation

@Minbro-Kim

@Minbro-Kim Minbro-Kim commented Jun 19, 2026

Copy link
Copy Markdown
Collaborator

📌 해당 이슈카드

📌 작업 내용

🔧 변경 사항

  • logback파일에 로컬 프로파일을 추가하였습니다.

반영 브랜치

feature/#40/swagger-config-> dev

💬 기타 참고 사항

Summary by CodeRabbit

릴리스 노트

  • New Features

    • OpenAPI 문서와 대화형 Swagger UI를 추가해 API 엔드포인트 및 요청/응답을 쉽게 확인할 수 있습니다.
    • 문서에 CSRF 토큰과 JWT(베어러) 기반 인증을 위한 보안 스키마를 구성했습니다.
  • Chores

    • 로컬 환경에서도 테스트용 로그 설정이 적용되도록 로깅 프로필 범위를 local, test로 확장했습니다.

@Minbro-Kim Minbro-Kim self-assigned this Jun 19, 2026
@coderabbitai

coderabbitai Bot commented Jun 19, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

springdoc-openapi-starter-webmvc-ui 의존성을 추가하고, CSRF(API key)·JWT(bearer) 보안 스키마를 포함한 OpenApiConfig 빈을 등록한다. 또한 logback-spring.xml의 TEST 프로파일 조건을 local까지 확장한다.

Changes

Swagger/OpenAPI 설정

Layer / File(s) Summary
Swagger 의존성 및 OpenApiConfig 빈 등록
build.gradle, src/main/java/com/team6/moduply/common/config/OpenApiConfig.java
springdoc-openapi-starter-webmvc-ui:2.8.15 의존성을 추가하고, OpenApiConfig에서 API 제목·버전 정보(Info), X-XSRF-TOKEN 헤더 기반 API key 스키마, Authorization 헤더 기반 JWT bearer 스키마를 Components에 등록한 OpenAPI 빈을 반환한다.
logback local 프로파일 확장
src/main/resources/logback-spring.xml
<springProfile name="test"><springProfile name="local, test">로 변경하여 local 프로파일에서도 TEST 섹션 로그 설정이 활성화되도록 한다.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Out of Scope Changes check ❓ Inconclusive logback-spring.xml의 로컬 프로파일 추가는 Swagger 설정과 직접 관련되지 않지만, PR 설명에서 언급된 관련 커밋으로 보이며 설정 구성의 일부로 포함되었습니다. logback-spring.xml 변경이 issue #40의 요구사항과 어떤 연관이 있는지 명확히 하거나, 별도의 이슈로 분리하여 관리하는 것을 권장합니다.
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check ✅ Passed PR의 모든 변경 사항이 issue #40의 요구사항을 충족합니다: (1) build.gradle에 Swagger 의존성 추가 [#40], (2) OpenApiConfig 클래스로 Swagger 설정 구현 [#40].
Title check ✅ Passed PR 제목 '[Chore] swagger 설정 추가'는 변경사항의 핵심인 Swagger 설정 추가를 명확하게 요약하고 있습니다.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/#40/swagger-config

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@build.gradle`:
- Around line 38-39: The springdoc-openapi-starter-webmvc-ui dependency is
currently set to version 2.8.15, which contains outdated swagger-ui with known
security vulnerabilities. Update the version in the implementation declaration
from 2.8.15 to 3.0.3, which is fully compatible with the current Spring Boot
3.5.15 and resolves all identified security issues.

In `@src/main/java/com/team6/moduply/common/config/OpenApiConfig.java`:
- Around line 32-42: The addSecurityItem(securityRequirement) call in the
OpenAPI configuration builder is applying CSRF and JWT authentication
requirements globally to all API endpoints, but some endpoints like login,
csrf-token generation, and public endpoints should not require authentication.
Remove the addSecurityItem(securityRequirement) line from the OpenAPI builder in
OpenApiConfig to stop applying security requirements globally, and instead apply
the `@SecurityRequirement` annotation selectively on individual controller methods
that actually require authentication by adding the security parameter to their
`@Operation` annotation with the appropriate security scheme names.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: a6964595-ec51-485d-9c51-8050c1c4bb54

📥 Commits

Reviewing files that changed from the base of the PR and between 2b8e7bb and dea96f6.

📒 Files selected for processing (3)
  • build.gradle
  • src/main/java/com/team6/moduply/common/config/OpenApiConfig.java
  • src/main/resources/logback-spring.xml

Comment thread build.gradle
Comment thread src/main/java/com/team6/moduply/common/config/OpenApiConfig.java Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
build.gradle (1)

39-39: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

springdoc 버전을 최신 안전 버전으로 상향하세요 (Line 39).

2.8.15 고정은 이미 이전 리뷰에서 지적된 보안/버전 노후화 이슈와 동일합니다. Swagger UI 경유 취약점 전파 가능성을 줄이기 위해 최신 패치 라인으로 올리는 게 안전합니다.

#!/bin/bash
# 1) 현재 선언 버전 확인
rg -n "springdoc-openapi-starter-webmvc-ui" build.gradle

# 2) Maven Central 최신 버전 확인
curl -s "https://search.maven.org/solrsearch/select?q=g:org.springdoc+AND+a:springdoc-openapi-starter-webmvc-ui&rows=20&wt=json" \
| jq -r '.response.docs[].v' | head -n 10

# 3) GitHub Advisory 조회(가능한 경우)
gh api graphql -f query='
{
  securityVulnerabilities(first: 20, ecosystem: MAVEN, package: "org.springdoc:springdoc-openapi-starter-webmvc-ui") {
    nodes {
      advisory { summary severity publishedAt }
      vulnerableVersionRange
      firstPatchedVersion { identifier }
    }
  }
}'
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@build.gradle` at line 39, Update the springdoc-openapi-starter-webmvc-ui
dependency version from the currently pinned 2.8.15 to the latest stable patch
version available on Maven Central. Verify the latest version using Maven
Central search or GitHub Advisory checks via the provided commands, then replace
the version number in the implementation dependency declaration with the
identified newer version.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@build.gradle`:
- Line 39: Update the springdoc-openapi-starter-webmvc-ui dependency version
from the currently pinned 2.8.15 to the latest stable patch version available on
Maven Central. Verify the latest version using Maven Central search or GitHub
Advisory checks via the provided commands, then replace the version number in
the implementation dependency declaration with the identified newer version.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 37036b30-8521-4a1c-b1e4-0139ef6211d0

📥 Commits

Reviewing files that changed from the base of the PR and between a07dbec and cfcb50e.

📒 Files selected for processing (2)
  • build.gradle
  • src/main/java/com/team6/moduply/common/config/OpenApiConfig.java
💤 Files with no reviewable changes (1)
  • src/main/java/com/team6/moduply/common/config/OpenApiConfig.java

@Minbro-Kim Minbro-Kim requested review from a team and kwaksss and removed request for a team June 19, 2026 10:54
@Minbro-Kim Minbro-Kim added the Feature New feature label Jun 20, 2026
@github-project-automation github-project-automation Bot moved this to Todo in ModuPly Jun 20, 2026
@Minbro-Kim Minbro-Kim removed this from ModuPly Jun 20, 2026
@Minbro-Kim Minbro-Kim force-pushed the feature/#40/swagger-config branch from cfcb50e to 939f9d4 Compare June 22, 2026 01:42
@codecov

codecov Bot commented Jun 22, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
build.gradle (1)

44-45: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

springdoc-openapi 버전을 Spring Boot 3.x 호환 최신 패치로 올려주세요.

Line 45의 2.8.15는 현재 프로젝트(Spring Boot 3.5.15) 기준에서 최신 호환 패치 라인보다 뒤쳐져 있습니다. 보안/호환성 리스크를 줄이기 위해 2.8.17로 올리는 것이 안전합니다.

권장 수정안
-    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.15'
+    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.17'

Based on learnings: springdoc-openapi는 Spring Boot 3.x에서 2.x 라인을 사용해야 하며, 2026-04 기준 최신 호환 패치는 2.8.17입니다.

springdoc-openapi-starter-webmvc-ui 2.8.17 Spring Boot 3.5.x compatibility release notes
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@build.gradle` around lines 44 - 45, The springdoc-openapi-starter-webmvc-ui
dependency version on line 45 is set to 2.8.15, which is behind the latest
compatible patch for Spring Boot 3.5.15. Update the version number from 2.8.15
to 2.8.17 to ensure optimal compatibility and reduce security risks with the
current Spring Boot version.

Source: Learnings

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/main/java/com/team6/moduply/common/config/OpenApiConfig.java`:
- Around line 32-34: The securityRequirement variable created in the
OpenApiConfig class is not being used anywhere and represents dead code that can
cause confusion about security configuration. Either remove the unused
securityRequirement variable declaration and the method calls on it entirely, or
if the security requirement was intended to be applied to the OpenAPI
specification, add the securityRequirement to the appropriate OpenAPI builder
method to actually connect it to the OpenAPI configuration instead of just
creating an unused local variable.

---

Duplicate comments:
In `@build.gradle`:
- Around line 44-45: The springdoc-openapi-starter-webmvc-ui dependency version
on line 45 is set to 2.8.15, which is behind the latest compatible patch for
Spring Boot 3.5.15. Update the version number from 2.8.15 to 2.8.17 to ensure
optimal compatibility and reduce security risks with the current Spring Boot
version.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 61f0b834-ba60-4d46-b1c1-e9633e776b19

📥 Commits

Reviewing files that changed from the base of the PR and between cfcb50e and 939f9d4.

📒 Files selected for processing (3)
  • build.gradle
  • src/main/java/com/team6/moduply/common/config/OpenApiConfig.java
  • src/main/resources/logback-spring.xml

Comment thread src/main/java/com/team6/moduply/common/config/OpenApiConfig.java Outdated
@Minbro-Kim Minbro-Kim changed the title chore: swagger 설정 추가 hore: swagger 설정 추가 Jun 22, 2026
@Minbro-Kim Minbro-Kim changed the title hore: swagger 설정 추가 [Chore] swagger 설정 추가 Jun 22, 2026
@kwaksss

kwaksss commented Jun 22, 2026

Copy link
Copy Markdown
Collaborator

Swaager에서 JWT와 CSRF 인증 테스트를 가능하도록 잘 해주신거 같습니다!

@Minbro-Kim Minbro-Kim merged commit 1debd33 into dev Jun 22, 2026
3 checks passed
@Minbro-Kim Minbro-Kim deleted the feature/#40/swagger-config branch June 22, 2026 04:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Feature New feature

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[김민형] Chore: Swagger 설정

2 participants