refactor : refresh토큰 Swagger 전달 이슈 해결

[minjee2758]

작업 내용

• swaggerConfig에 JWT_REFRESH 추가
• refresh api수정

참고 사항

• swagger에 refreshToken 등록하여 사용하실 수 있습니다

---

코드 리뷰 전 확인 체크리스트

• 불필요한 콘솔 로그, 주석 제거
• 커밋 메시지 컨벤션 준수 (type : )
• 기능 정상 동작 확인

Summary by CodeRabbit

• 신규 기능

  • Swagger 문서에 리프레시 토큰을 위한 별도의 보안 스키마(JWT_REFRESH)가 추가되어, API 문서에서 리프레시 토큰 인증 방식을 명확하게 구분할 수 있습니다.

• 버그 수정

  • 리프레시 토큰 요청 시 HTTP 헤더 키가 "Authorization"에서 "JWT_REFRESH"로 변경되어, 보다 명확한 토큰 구분이 가능합니다.

[coderabbitai]

"""

Walkthrough

Swagger 설정에 JWT 리프레시 토큰을 위한 별도의 시큐리티 스키마 "JWT_REFRESH"가 추가되었습니다. 이에 맞춰 AuthController의 리프레시 엔드포인트에서 헤더 키를 "Authorization"에서 "JWT_REFRESH"로 변경하고, Swagger 문서의 시큐리티 요구사항도 해당 스키마로 교체하였습니다.

Changes

파일/경로	변경 요약
.../swagger/config/SwaggerConfig.java	"JWT_REFRESH" 시큐리티 스키마 추가, SecuritySchemeIn enum import 추가
.../presentation/usermanagement/AuthController.java	리프레시 엔드포인트의 Swagger 파라미터 → 시큐리티 요구사항으로 변경 헤더 키 "Authorization" → "JWT_REFRESH"로 변경

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant AuthController
    participant SwaggerConfig

    Client->>AuthController: /refresh 요청 (JWT_REFRESH 헤더 포함)
    AuthController->>AuthController: JWT_REFRESH 헤더에서 토큰 추출
    AuthController-->>Client: 새 토큰 응답

    note over AuthController,SwaggerConfig: SwaggerConfig에 JWT_REFRESH 스키마 등록
    note over Client,AuthController: Swagger 문서에서 JWT_REFRESH 요구

Loading

Possibly related PRs

• Feature: Gmail 인증번호 전송 틀 마련, refreshToken Swagger 추가 #76: 리프레시 토큰 Swagger 문서에 Authorization 헤더 파라미터를 명시한 PR로, 본 PR과는 별도의 JWT_REFRESH 시큐리티 스키마 도입 및 보안 요구사항 적용 방식에서 차이가 있음.

Suggested reviewers

• thezz9
• pokerbearkr

Poem

🐇
Swagger에 새 바람, 리프레시 토큰 등장!
헤더 이름 바꿔서, 보안 한층 더 단단~
문서도 반짝, 코드도 반짝,
토큰 교환도 문제없지,
토끼는 오늘도 깡총!
🥕✨
"""

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 615d0f3 and eb6fbf0.

📒 Files selected for processing (1)

• src/main/java/org/ezcode/codetest/infrastructure/swagger/config/SwaggerConfig.java (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/main/java/org/ezcode/codetest/infrastructure/swagger/config/SwaggerConfig.java

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: build

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/main/java/org/ezcode/codetest/presentation/usermanagement/AuthController.java (1)

74-74: 로그 메시지를 제거하는 것을 고려해보세요.

개발용 로그 메시지가 남아있습니다. PR 체크리스트에 따라 불필요한 로그는 제거하는 것을 권장합니다.

-	log.info("Refresh token 추출 : {}", token);

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 14186ed and 615d0f3.

📒 Files selected for processing (2)

• src/main/java/org/ezcode/codetest/infrastructure/swagger/config/SwaggerConfig.java (2 hunks)
• src/main/java/org/ezcode/codetest/presentation/usermanagement/AuthController.java (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: build

🔇 Additional comments (4)

src/main/java/org/ezcode/codetest/infrastructure/swagger/config/SwaggerConfig.java (1)

6-6: import 추가가 적절합니다.

SecuritySchemeIn enum을 사용하기 위한 import가 올바르게 추가되었습니다.

src/main/java/org/ezcode/codetest/presentation/usermanagement/AuthController.java (3)

24-24: import 변경이 적절합니다.

SecurityRequirement 사용을 위한 import 변경이 올바르게 적용되었습니다.

---

65-66: Swagger 보안 요구사항이 올바르게 추가되었습니다.

JWT_REFRESH 스키마를 참조하는 보안 요구사항이 적절하게 설정되어 Swagger UI에서 refresh 토큰을 사용할 수 있게 되었습니다.

---

70-72: 다음 스크립트로 전체 코드베이스에서 Authorization 헤더 사용 현황을 추가로 확인해주세요:

#!/bin/bash
# 전체 코드에서 request.getHeader("Authorization") 및 @RequestHeader("Authorization") 사용 현황 확인
echo "== request.getHeader(\"Authorization\") 사용 =="
rg -n 'request\.getHeader\("Authorization"' --type java

echo
echo "== @RequestHeader(\"Authorization\") 사용 =="
rg -n '@RequestHeader\(\s*"Authorization"' --type java

[coderabbitai]

🛠️ Refactor suggestion

보안 스키마 설정에 일관성 문제가 있습니다.

SecuritySchemeType.APIKEY를 사용하면서 scheme과 bearerFormat을 설정하는 것은 부적절합니다. Bearer 토큰 형태로 사용하려면 HTTP 타입을 사용해야 합니다.

다음과 같이 수정하는 것을 권장합니다:

 @SecurityScheme(
 	name = "JWT_REFRESH", // refreshToken용
-	type = SecuritySchemeType.APIKEY,
-	in = SecuritySchemeIn.HEADER,
+	type = SecuritySchemeType.HTTP,
 	scheme = "bearer",
 	bearerFormat = "JWT"
 )

또는 실제로 커스텀 헤더 키를 사용한다면:

 @SecurityScheme(
 	name = "JWT_REFRESH", // refreshToken용
 	type = SecuritySchemeType.APIKEY,
 	in = SecuritySchemeIn.HEADER,
-	scheme = "bearer",
-	bearerFormat = "JWT"
+	parameterName = "JWT_REFRESH"
 )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	@SecurityScheme(
	name = "JWT_REFRESH", // refreshToken용
	type = SecuritySchemeType.APIKEY,
	in = SecuritySchemeIn.HEADER,
	scheme = "bearer",
	bearerFormat = "JWT"
	)
	@SecurityScheme(
	name = "JWT_REFRESH", // refreshToken용
	- type = SecuritySchemeType.APIKEY,
	- in = SecuritySchemeIn.HEADER,
	+ type = SecuritySchemeType.HTTP,
	scheme = "bearer",
	bearerFormat = "JWT"
	)

Suggested change

	@SecurityScheme(
	name = "JWT_REFRESH", // refreshToken용
	type = SecuritySchemeType.APIKEY,
	in = SecuritySchemeIn.HEADER,
	scheme = "bearer",
	bearerFormat = "JWT"
	)
	@SecurityScheme(
	name = "JWT_REFRESH", // refreshToken용
	type = SecuritySchemeType.APIKEY,
	in = SecuritySchemeIn.HEADER,
	- scheme = "bearer",
	- bearerFormat = "JWT"
	+ parameterName = "JWT_REFRESH"
	)

🤖 Prompt for AI Agents

In
src/main/java/org/ezcode/codetest/infrastructure/swagger/config/SwaggerConfig.java
around lines 23 to 29, the SecurityScheme annotation incorrectly uses
type=APIKEY together with scheme and bearerFormat, which is inconsistent. To fix
this, change the type to HTTP if you want to use a bearer token scheme, or if
you intend to use a custom header key, keep APIKEY but remove scheme and
bearerFormat. Adjust the annotation accordingly to ensure the security scheme
configuration is consistent.