Skip to content

[FEAT] 모임에서 공개할 API 설정 #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
LimdaeIl merged 1 commit into from
Dec 11, 2025
Merged

[FEAT] 모임에서 공개할 API 설정 #79

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions src/main/java/team/wego/wegobackend/common/security/JwtAuthenticationFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,14 @@ private boolean isPublicEndpoint(HttpServletRequest request) {
return true;
}

if ("GET".equals(method) && pathMatcher.match("/api/v1/groups/**", path)) {
return true;
}

if ("GET".equals(method) && pathMatcher.match("/api/v1/group", path)) {
return true;
}

Comment on lines +135 to +138
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The path pattern /api/v1/group appears to be a typo and doesn't match the pattern in SecurityConfig which uses /api/v1/groups. This inconsistency means the filter logic won't align with the security configuration, potentially causing authentication issues. Change this to /api/v1/groups to match the SecurityConfig pattern, or remove this check as it would be redundant with the /** pattern on line 131.

Suggested change
if ("GET".equals(method) && pathMatcher.match("/api/v1/group", path)) {
return true;
}

Copilot uses AI. Check for mistakes.
Comment on lines +135 to +138
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to SecurityConfig, if you correct the typo to /api/v1/groups, this check would be redundant since line 131 already covers /api/v1/groups/** which matches the base path as well. Consider removing this redundant check.

Suggested change
if ("GET".equals(method) && pathMatcher.match("/api/v1/group", path)) {
return true;
}

Copilot uses AI. Check for mistakes.
// SecurityEndpoints.PUBLIC_PATTERNS 체크
return Arrays.stream(SecurityEndpoints.PUBLIC_PATTERNS)
.anyMatch(pattern -> pathMatcher.match(pattern, path));
Expand Down
4 changes: 3 additions & 1 deletion src/main/java/team/wego/wegobackend/common/security/SecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

http
.authorizeHttpRequests((auth) -> auth
.requestMatchers(HttpMethod.GET, "/api/v1/users/*").permitAll()
.requestMatchers(HttpMethod.GET, "/api/v1/users/*").permitAll()
.requestMatchers(HttpMethod.GET, "/api/v1/groups/**").permitAll()
.requestMatchers(HttpMethod.GET, "/api/v1/groups").permitAll()
Copy link

Copilot AI Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pattern /api/v1/groups/** on line 34 already covers /api/v1/groups on line 35. The double asterisk pattern matches zero or more path segments, making line 35 redundant. You can remove line 35 to avoid duplication.

Suggested change
.requestMatchers(HttpMethod.GET, "/api/v1/groups").permitAll()

Copilot uses AI. Check for mistakes.
.requestMatchers(SecurityEndpoints.PUBLIC_PATTERNS).permitAll()
.anyRequest().authenticated()
);
Expand Down
Loading