Skip to content

refactor : refresh토큰 Swagger 전달 이슈 해결 #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
minjee2758 merged 2 commits into from
Jun 19, 2025
Merged

refactor : refresh토큰 Swagger 전달 이슈 해결 #79

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
615d0f3
refactor : refresh토큰 Swagger 전달 이슈 해결
minjee2758 Jun 19, 2025
eb6fbf0
refactor : coderabbit 반영
minjee2758 Jun 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions src/main/java/org/ezcode/codetest/infrastructure/swagger/config/SwaggerConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import org.springframework.context.annotation.Configuration;

import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeIn;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.info.Info;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
Expand All @@ -19,5 +20,12 @@
scheme = "bearer",
bearerFormat = "JWT"
)
@SecurityScheme(
name = "JWT_REFRESH", // refreshToken용
type = SecuritySchemeType.APIKEY,
in = SecuritySchemeIn.HEADER,
scheme = "bearer",
bearerFormat = "JWT"
)
Copy link

@coderabbitai coderabbitai bot Jun 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

보안 스키마 설정에 일관성 문제가 있습니다.

SecuritySchemeType.APIKEY를 사용하면서 scheme과 bearerFormat을 설정하는 것은 부적절합니다. Bearer 토큰 형태로 사용하려면 HTTP 타입을 사용해야 합니다.

다음과 같이 수정하는 것을 권장합니다:

 @SecurityScheme(
 	name = "JWT_REFRESH", // refreshToken용
-	type = SecuritySchemeType.APIKEY,
-	in = SecuritySchemeIn.HEADER,
+	type = SecuritySchemeType.HTTP,
 	scheme = "bearer",
 	bearerFormat = "JWT"
 )

또는 실제로 커스텀 헤더 키를 사용한다면:

 @SecurityScheme(
 	name = "JWT_REFRESH", // refreshToken용
 	type = SecuritySchemeType.APIKEY,
 	in = SecuritySchemeIn.HEADER,
-	scheme = "bearer",
-	bearerFormat = "JWT"
+	parameterName = "JWT_REFRESH"
 )
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
@SecurityScheme(
name = "JWT_REFRESH", // refreshToken용
type = SecuritySchemeType.APIKEY,
in = SecuritySchemeIn.HEADER,
scheme = "bearer",
bearerFormat = "JWT"
)
@SecurityScheme(
name = "JWT_REFRESH", // refreshToken용
- type = SecuritySchemeType.APIKEY,
- in = SecuritySchemeIn.HEADER,
+ type = SecuritySchemeType.HTTP,
scheme = "bearer",
bearerFormat = "JWT"
)
Suggested change
@SecurityScheme(
name = "JWT_REFRESH", // refreshToken용
type = SecuritySchemeType.APIKEY,
in = SecuritySchemeIn.HEADER,
scheme = "bearer",
bearerFormat = "JWT"
)
@SecurityScheme(
name = "JWT_REFRESH", // refreshToken용
type = SecuritySchemeType.APIKEY,
in = SecuritySchemeIn.HEADER,
- scheme = "bearer",
- bearerFormat = "JWT"
+ parameterName = "JWT_REFRESH"
)
🤖 Prompt for AI Agents 
In
src/main/java/org/ezcode/codetest/infrastructure/swagger/config/SwaggerConfig.java
around lines 23 to 29, the SecurityScheme annotation incorrectly uses
type=APIKEY together with scheme and bearerFormat, which is inconsistent. To fix
this, change the type to HTTP if you want to use a bearer token scheme, or if
you intend to use a custom header key, keep APIKEY but remove scheme and
bearerFormat. Adjust the annotation accordingly to ensure the security scheme
configuration is consistent.

public class SwaggerConfig {
}
9 changes: 4 additions & 5 deletions src/main/java/org/ezcode/codetest/presentation/usermanagement/AuthController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
import org.springframework.web.bind.annotation.RestController;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.validation.Valid;
Expand Down Expand Up @@ -62,13 +62,12 @@ public ResponseEntity<LogoutResponse> logout(
}

@Operation(summary = "토큰 재발급", description = "리프레시 토큰을 이용하여 새로운 액세스 토큰을 발급합니다.",
parameters = {
@Parameter(name = "Authorization", description = "Bearer {refreshToken}", required = true)
})
security = @SecurityRequirement(name = "JWT_REFRESH")
)
@PostMapping("/auth/refresh")
public ResponseEntity<RefreshTokenResponse> refresh(HttpServletRequest request) {

String token = Optional.ofNullable(request.getHeader("Authorization"))
String token = Optional.ofNullable(request.getHeader("JWT_REFRESH"))
.map(h -> h.replace("Bearer ", ""))
.orElseThrow(()-> new AuthException(AuthExceptionCode.INVALID_AUTHORIZATION_HEADER));

Expand Down