MOSU-57 chore: API 연동을 위한 Redis 비밀번호 제거

[wlgns12370]

✨ 구현한 기능

• x

📢 논의하고 싶은 내용

• x

🎸 기타

• x

Summary by CodeRabbit

• New Features

  • Added a new REST API endpoint to retrieve a list of schools, returning detailed information including address and exam date.
  • Introduced response formats for school and address data to standardize API outputs.

• Security

  • Enhanced security by adding new filters for access token validation and exception handling.

• Chores

  • Updated Docker Compose configuration to remove password requirement for the velkey service.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

This update introduces a new school lookup feature by adding service, controller, and DTO classes for retrieving school information. It also restores and integrates the AccessTokenFilter and TokenExceptionFilter into the security filter chain, and modifies the Docker Compose configuration for the velkey service to remove password requirements.

Changes

File(s)	Change Summary
docker-compose/docker-compose.local.yml	Removed Redis password requirement from velkey service configuration.
src/main/java/life/mosu/mosuserver/application/school/SchoolService.java	Added new SchoolService class with a method to fetch and map all schools.
src/main/java/life/mosu/mosuserver/presentation/school/SchoolController.java	Added new REST controller exposing a GET endpoint for school retrieval.
src/main/java/life/mosu/mosuserver/presentation/school/dto/SchoolResponse.java	Added new SchoolResponse record with mapping from domain entity.
src/main/java/life/mosu/mosuserver/presentation/common/AddressResponse.java	Added new AddressResponse record for address DTO mapping.
src/main/java/life/mosu/mosuserver/global/config/SecurityConfig.java	Integrated AccessTokenFilter and TokenExceptionFilter into the Spring Security filter chain.
src/main/java/life/mosu/mosuserver/presentation/oauth/AccessTokenFilter.java	Restored and uncommented the AccessTokenFilter class.
src/main/java/life/mosu/mosuserver/presentation/oauth/TokenExceptionFilter.java	Restored and uncommented the TokenExceptionFilter class.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant SchoolController
  participant SchoolService
  participant SchoolJpaRepository

  Client->>SchoolController: GET /school
  SchoolController->>SchoolService: getSchools()
  SchoolService->>SchoolJpaRepository: findAll()
  SchoolJpaRepository-->>SchoolService: List<SchoolJpaEntity>
  SchoolService-->>SchoolController: List<SchoolResponse>
  SchoolController-->>Client: ApiResponseWrapper<List<SchoolResponse>>

Loading

sequenceDiagram
  participant Client
  participant AccessTokenFilter
  participant TokenExceptionFilter
  participant SecurityContext

  Client->>AccessTokenFilter: HTTP Request
  AccessTokenFilter->>AccessTokenFilter: Check for Bearer token
  AccessTokenFilter->>SecurityContext: Set authentication (if token valid)
  AccessTokenFilter->>TokenExceptionFilter: (on error) Throw CustomRuntimeException
  TokenExceptionFilter->>Client: HTTP Error Response (if exception)

Loading

Possibly related PRs

• MOSU-40 Test: API 연동을 위한 PR #61: Both PRs modify the security configuration to add or remove AccessTokenFilter and TokenExceptionFilter.
• MOSU-57 feat: 학교 조회 기능 구현 #63: Both PRs introduce the SchoolService, SchoolController, and SchoolResponse classes for the school lookup feature.

Suggested reviewers

• polyglot-k

Poem

In fields of code, a school list grows,
With filters set where token flows.
Controllers guide each student’s quest,
While service layers do the rest.
No password locks the Redis door—
The rabbit hops and leaps once more!
🐇

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 866f280 and f455e3b.

📒 Files selected for processing (8)

• docker-compose/docker-compose.local.yml (1 hunks)
• src/main/java/life/mosu/mosuserver/application/school/SchoolService.java (1 hunks)
• src/main/java/life/mosu/mosuserver/global/config/SecurityConfig.java (4 hunks)
• src/main/java/life/mosu/mosuserver/presentation/common/AddressResponse.java (1 hunks)
• src/main/java/life/mosu/mosuserver/presentation/oauth/AccessTokenFilter.java (1 hunks)
• src/main/java/life/mosu/mosuserver/presentation/oauth/TokenExceptionFilter.java (1 hunks)
• src/main/java/life/mosu/mosuserver/presentation/school/SchoolController.java (1 hunks)
• src/main/java/life/mosu/mosuserver/presentation/school/dto/SchoolResponse.java (1 hunks)

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[gemini-code-assist]

Summary of Changes

Hello @wlgns12370, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request primarily focuses on enhancing API integration capabilities. It includes a minor configuration update to remove the Redis password requirement for local development environments, alongside the more substantial introduction of new API endpoints for school data and the activation of custom token-based authentication filters within the Spring Security chain.

Highlights

• Redis Configuration Adjustment: I've updated the docker-compose.local.yml file to remove the Redis password requirement for the velkey service, simplifying the local development setup.
• API Authentication Filter Integration: I've activated and integrated AccessTokenFilter and TokenExceptionFilter into the Spring Security configuration. These filters are now part of the security chain, enabling token-based authentication and robust error handling for API requests.
• New School Data API: I've introduced new REST API endpoints under /school to expose school information. This includes the creation of SchoolController, SchoolService, and associated data transfer objects (SchoolResponse, AddressResponse) to facilitate fetching and presenting school data.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request removes the Redis password from the docker-compose file and adds token filters to the security configuration. The removal of the Redis password should be carefully considered for security implications, and the order of token filters in the security configuration should be reviewed for optimal exception handling.

[gemini-code-assist]

Removing the Redis password from the docker-compose file might expose the Redis instance without authentication. Ensure that appropriate security measures are in place to protect the Redis instance, such as firewall rules or network isolation. If the Redis instance is only intended for local development, consider adding a comment explaining why the password is not required in this environment.

command: [ "valkey-server", "--port", "${VELKEY_PORT}" ] # No password required for local development

[gemini-code-assist]

Consider the order of filters. It's generally recommended to place the TokenExceptionFilter before the AccessTokenFilter so that any exceptions thrown during token validation are caught before attempting to process the token. This can prevent potential issues with unhandled exceptions.

Suggested change

	.addFilterBefore(tokenExceptionFilter, accessTokenFilter.getClass())
	.addFilterBefore(tokenExceptionFilter, UsernamePasswordAuthenticationFilter.class)
	.addFilterBefore(accessTokenFilter, tokenExceptionFilter.getClass())