Conversation
|
Caution Review failedThe pull request is closed. Walkthrough모임(그룹) 관련 API 엔드포인트들을 JWT 인증이 필요 없는 공개 엔드포인트로 설정합니다. 두 개의 보안 설정 파일에서 Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8분
Possibly related PRs
Poem
✨ Finishing touches
🧪 Generate unit tests (beta)
📜 Recent review detailsConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro 📒 Files selected for processing (2)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR makes group-related APIs public by adding permitAll() configurations for GET requests to /api/v1/groups/** endpoints. The changes allow unauthenticated access to group list and detail views.
- Added public access configuration for group endpoints in Spring Security
- Updated JWT authentication filter to skip authentication for group GET requests
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| SecurityConfig.java | Added permitAll() rules for GET requests to /api/v1/groups/** and /api/v1/groups endpoints |
| JwtAuthenticationFilter.java | Added public endpoint checks for group API paths to bypass JWT authentication |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| .requestMatchers(HttpMethod.GET, "/api/v1/users/*").permitAll() | ||
| .requestMatchers(HttpMethod.GET, "/api/v1/users/*").permitAll() | ||
| .requestMatchers(HttpMethod.GET, "/api/v1/groups/**").permitAll() | ||
| .requestMatchers(HttpMethod.GET, "/api/v1/groups").permitAll() |
There was a problem hiding this comment.
The pattern /api/v1/groups/** on line 34 already covers /api/v1/groups on line 35. The double asterisk pattern matches zero or more path segments, making line 35 redundant. You can remove line 35 to avoid duplication.
| .requestMatchers(HttpMethod.GET, "/api/v1/groups").permitAll() |
| if ("GET".equals(method) && pathMatcher.match("/api/v1/group", path)) { | ||
| return true; | ||
| } | ||
|
|
There was a problem hiding this comment.
The path pattern /api/v1/group appears to be a typo and doesn't match the pattern in SecurityConfig which uses /api/v1/groups. This inconsistency means the filter logic won't align with the security configuration, potentially causing authentication issues. Change this to /api/v1/groups to match the SecurityConfig pattern, or remove this check as it would be redundant with the /** pattern on line 131.
| if ("GET".equals(method) && pathMatcher.match("/api/v1/group", path)) { | |
| return true; | |
| } | |
| if ("GET".equals(method) && pathMatcher.match("/api/v1/group", path)) { | ||
| return true; | ||
| } | ||
|
|
There was a problem hiding this comment.
Similar to SecurityConfig, if you correct the typo to /api/v1/groups, this check would be redundant since line 131 already covers /api/v1/groups/** which matches the base path as well. Consider removing this redundant check.
| if ("GET".equals(method) && pathMatcher.match("/api/v1/group", path)) { | |
| return true; | |
| } | |
1 participant
📝 Pull Request
📌 PR 종류
해당하는 항목에 체크해주세요.
✨ 변경 내용
모임 목록 조회, 모임 상세 조회 API를 모두 공개로 수정합니다.
Filter와 Security Config에 공개 API를 작성했습니다.
🔍 관련 이슈
🧪 테스트
변경된 기능에 대한 테스트 범위 또는 테스트 결과를 작성해주세요.
🚨 확인해야 할 사항 (Checklist)
PR을 제출하기 전에 아래 항목들을 확인해주세요.
🙋 기타 참고 사항
리뷰어가 참고하면 좋을 만한 추가 설명이 있다면 적어주세요.
Summary by CodeRabbit
릴리즈 노트
/api/v1/groups/**,/api/v1/groups)를 공개 접근 가능하도록 설정했습니다. 이제 인증 없이 해당 엔드포인트에 접근할 수 있습니다.✏️ Tip: You can customize this high-level summary in your review settings.