[Chore] swagger 설정 추가#41
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthrough
ChangesSwagger/OpenAPI 설정
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@build.gradle`:
- Around line 38-39: The springdoc-openapi-starter-webmvc-ui dependency is
currently set to version 2.8.15, which contains outdated swagger-ui with known
security vulnerabilities. Update the version in the implementation declaration
from 2.8.15 to 3.0.3, which is fully compatible with the current Spring Boot
3.5.15 and resolves all identified security issues.
In `@src/main/java/com/team6/moduply/common/config/OpenApiConfig.java`:
- Around line 32-42: The addSecurityItem(securityRequirement) call in the
OpenAPI configuration builder is applying CSRF and JWT authentication
requirements globally to all API endpoints, but some endpoints like login,
csrf-token generation, and public endpoints should not require authentication.
Remove the addSecurityItem(securityRequirement) line from the OpenAPI builder in
OpenApiConfig to stop applying security requirements globally, and instead apply
the `@SecurityRequirement` annotation selectively on individual controller methods
that actually require authentication by adding the security parameter to their
`@Operation` annotation with the appropriate security scheme names.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: a6964595-ec51-485d-9c51-8050c1c4bb54
📒 Files selected for processing (3)
build.gradlesrc/main/java/com/team6/moduply/common/config/OpenApiConfig.javasrc/main/resources/logback-spring.xml
There was a problem hiding this comment.
♻️ Duplicate comments (1)
build.gradle (1)
39-39:⚠️ Potential issue | 🟠 Major | ⚡ Quick winspringdoc 버전을 최신 안전 버전으로 상향하세요 (Line 39).
2.8.15고정은 이미 이전 리뷰에서 지적된 보안/버전 노후화 이슈와 동일합니다. Swagger UI 경유 취약점 전파 가능성을 줄이기 위해 최신 패치 라인으로 올리는 게 안전합니다.#!/bin/bash # 1) 현재 선언 버전 확인 rg -n "springdoc-openapi-starter-webmvc-ui" build.gradle # 2) Maven Central 최신 버전 확인 curl -s "https://search.maven.org/solrsearch/select?q=g:org.springdoc+AND+a:springdoc-openapi-starter-webmvc-ui&rows=20&wt=json" \ | jq -r '.response.docs[].v' | head -n 10 # 3) GitHub Advisory 조회(가능한 경우) gh api graphql -f query=' { securityVulnerabilities(first: 20, ecosystem: MAVEN, package: "org.springdoc:springdoc-openapi-starter-webmvc-ui") { nodes { advisory { summary severity publishedAt } vulnerableVersionRange firstPatchedVersion { identifier } } } }'🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@build.gradle` at line 39, Update the springdoc-openapi-starter-webmvc-ui dependency version from the currently pinned 2.8.15 to the latest stable patch version available on Maven Central. Verify the latest version using Maven Central search or GitHub Advisory checks via the provided commands, then replace the version number in the implementation dependency declaration with the identified newer version.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Duplicate comments:
In `@build.gradle`:
- Line 39: Update the springdoc-openapi-starter-webmvc-ui dependency version
from the currently pinned 2.8.15 to the latest stable patch version available on
Maven Central. Verify the latest version using Maven Central search or GitHub
Advisory checks via the provided commands, then replace the version number in
the implementation dependency declaration with the identified newer version.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 37036b30-8521-4a1c-b1e4-0139ef6211d0
📒 Files selected for processing (2)
build.gradlesrc/main/java/com/team6/moduply/common/config/OpenApiConfig.java
💤 Files with no reviewable changes (1)
- src/main/java/com/team6/moduply/common/config/OpenApiConfig.java
cfcb50e to
939f9d4
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
build.gradle (1)
44-45:⚠️ Potential issue | 🟠 Major | ⚡ Quick win
springdoc-openapi버전을 Spring Boot 3.x 호환 최신 패치로 올려주세요.Line 45의
2.8.15는 현재 프로젝트(Spring Boot 3.5.15) 기준에서 최신 호환 패치 라인보다 뒤쳐져 있습니다. 보안/호환성 리스크를 줄이기 위해2.8.17로 올리는 것이 안전합니다.권장 수정안
- implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.15' + implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.17'Based on learnings: springdoc-openapi는 Spring Boot 3.x에서 2.x 라인을 사용해야 하며, 2026-04 기준 최신 호환 패치는 2.8.17입니다.
springdoc-openapi-starter-webmvc-ui 2.8.17 Spring Boot 3.5.x compatibility release notes🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@build.gradle` around lines 44 - 45, The springdoc-openapi-starter-webmvc-ui dependency version on line 45 is set to 2.8.15, which is behind the latest compatible patch for Spring Boot 3.5.15. Update the version number from 2.8.15 to 2.8.17 to ensure optimal compatibility and reduce security risks with the current Spring Boot version.Source: Learnings
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/main/java/com/team6/moduply/common/config/OpenApiConfig.java`:
- Around line 32-34: The securityRequirement variable created in the
OpenApiConfig class is not being used anywhere and represents dead code that can
cause confusion about security configuration. Either remove the unused
securityRequirement variable declaration and the method calls on it entirely, or
if the security requirement was intended to be applied to the OpenAPI
specification, add the securityRequirement to the appropriate OpenAPI builder
method to actually connect it to the OpenAPI configuration instead of just
creating an unused local variable.
---
Duplicate comments:
In `@build.gradle`:
- Around line 44-45: The springdoc-openapi-starter-webmvc-ui dependency version
on line 45 is set to 2.8.15, which is behind the latest compatible patch for
Spring Boot 3.5.15. Update the version number from 2.8.15 to 2.8.17 to ensure
optimal compatibility and reduce security risks with the current Spring Boot
version.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 61f0b834-ba60-4d46-b1c1-e9633e776b19
📒 Files selected for processing (3)
build.gradlesrc/main/java/com/team6/moduply/common/config/OpenApiConfig.javasrc/main/resources/logback-spring.xml
|
Swaager에서 JWT와 CSRF 인증 테스트를 가능하도록 잘 해주신거 같습니다! |
📌 해당 이슈카드
📌 작업 내용
🔧 변경 사항
반영 브랜치
feature/#40/swagger-config-> dev
💬 기타 참고 사항
Summary by CodeRabbit
릴리스 노트
New Features
Chores
local, test로 확장했습니다.