!Hotfix: Swagger 인증 표시를 정리하고 공개 엔드포인트를 분리한다

src/main/java/starlight/adapter/aireport/webapi/AiReportController.java

@@ -1,6 +1,7 @@
 package starlight.adapter.aireport.webapi;
 
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
@@ -18,6 +19,7 @@
 @RequiredArgsConstructor
 @RequestMapping("/v1/ai-reports")
 @Tag(name = "AI 리포트", description = "AI 리포트 채점 및 조회 API")
+@SecurityRequirement(name = "bearerAuth")
 public class AiReportController {
 
     private final AiReportService aiReportService;

src/main/java/starlight/adapter/aireport/webapi/swagger/ImageApiDoc.java

@@ -5,6 +5,7 @@
 import io.swagger.v3.oas.annotations.media.ExampleObject;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.http.MediaType;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
@@ -20,7 +21,8 @@ public interface ImageApiDoc {
 
     @Operation(
             summary = "Presigned URL 발급",
-            description = "S3 Presigned URL을 발급합니다."
+            description = "S3 Presigned URL을 발급합니다.",
+            security = @SecurityRequirement(name = "bearerAuth")
     )
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(
@@ -52,7 +54,8 @@ ApiResponse<PreSignedUrlResponse> getPresignedUrl(
 
     @Operation(
             summary = "이미지 공개 전환",
-            description = "업로드된 이미지를 공개 상태로 전환합니다."
+            description = "업로드된 이미지를 공개 상태로 전환합니다.",
+            security = @SecurityRequirement(name = "bearerAuth")
     )
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(

src/main/java/starlight/adapter/businessplan/webapi/BusinessPlanController.java

@@ -3,6 +3,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.Min;
@@ -29,6 +30,7 @@
 @RequiredArgsConstructor
 @RequestMapping("/v1/business-plans")
 @Tag(name = "사업계획서", description = "사업계획서 API")
+@SecurityRequirement(name = "bearerAuth")
 public class BusinessPlanController {
 
     private final BusinessPlanService businessPlanService;

src/main/java/starlight/adapter/expert/webapi/swagger/ExpertApiDoc.java

@@ -6,6 +6,7 @@
 import io.swagger.v3.oas.annotations.media.ExampleObject;
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -23,7 +24,8 @@ public interface ExpertApiDoc {
 
     @Operation(
             summary = "전문가 목록 조회",
-            description = "전체 전문가 목록을 반환합니다."
+            description = "전체 전문가 목록을 반환합니다.",
+            security = {}
     )
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(
@@ -114,7 +116,7 @@ public interface ExpertApiDoc {
     @GetMapping
     ApiResponse<List<ExpertListResponse>> search();
 
-    @Operation(summary = "전문가 상세 조회")
+    @Operation(summary = "전문가 상세 조회", security = {})
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(
                     responseCode = "200",
@@ -186,7 +188,8 @@ ApiResponse<ExpertDetailResponse> detail(
 
     @Operation(
             summary = "전문가 상세 내 AI 리포트 보유 사업계획서 목록",
-            description = "지정된 전문가의 전문가 상세 페이지에서 로그인한 사용자의 사업계획서 중 AI 리포트가 생성된 항목만 조회합니다."
+            description = "지정된 전문가의 전문가 상세 페이지에서 로그인한 사용자의 사업계획서 중 AI 리포트가 생성된 항목만 조회합니다.",
+            security = @SecurityRequirement(name = "bearerAuth")
     )
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(

src/main/java/starlight/adapter/expertApplication/webapi/swagger/ExpertApplicationApiDoc.java

@@ -28,7 +28,7 @@ public interface ExpertApplicationApiDoc {
             - 동일한 전문가에게 동일한 사업계획서로 중복 요청할 수 없습니다.
             - 이메일 발송은 비동기로 처리되며, 요청 즉시 응답을 반환합니다.
             """,
-            security = @SecurityRequirement(name = "Bearer Authentication")
+            security = @SecurityRequirement(name = "bearerAuth")
     )
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(

src/main/java/starlight/adapter/member/auth/redis/RedisKeyValueMap.java

@@ -41,10 +41,8 @@ public void setValue(String key, String value, Long timeout) {
     public String getValue(String key) {
         try {
             ValueOperations<String, Object> values = redisTemplate.opsForValue();
-            if (values.get(key) == null) {
-                return "";
-            }
-            return values.get(key).toString();
+            Object value = values.get(key);
+            return value == null ? null : value.toString();
         } catch (Exception e) {
             throw new GlobalException(GlobalErrorType.REDIS_GET_ERROR);
         }

src/main/java/starlight/adapter/member/auth/security/filter/JwtFilter.java

@@ -34,8 +34,12 @@ protected void doFilterInternal(HttpServletRequest request,
                                     HttpServletResponse response,
                                     FilterChain filterChain) throws ServletException, IOException {
         String token = tokenResolver.resolveAccessToken(request);
+        boolean hasToken = StringUtils.hasText(token);
+        String redisValue = hasToken ? redisClient.getValue(token) : null;
+        boolean isBlacklisted = hasToken && redisValue != null;
+        boolean isValid = hasToken && tokenProvider.validateToken(token);
 
-        if (StringUtils.hasText(token) && redisClient.getValue(token) == null && tokenProvider.validateToken(token)) {
+        if (hasToken && !isBlacklisted && isValid) {
             String email = tokenProvider.getEmail(token);
             UserDetails userDetails = authDetailsService.loadUserByUsername(email);
 

src/main/java/starlight/adapter/member/auth/security/jwt/JwtTokenProvider.java

@@ -152,7 +152,9 @@ public String getEmail(String token) {
      */
     @Override
     public Long getExpirationTime(String token) {
-        return Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token).getBody().getExpiration().getTime();
+        return Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token).getBody()
+                .getExpiration()
+                .getTime();
     }
 
     /**

src/main/java/starlight/adapter/member/auth/webapi/swagger/AuthApiDoc.java

@@ -6,6 +6,7 @@
 import io.swagger.v3.oas.annotations.media.Schema;
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
@@ -182,7 +183,8 @@ ApiResponse<TokenResponse> signIn(
 
     @Operation(
             summary = "로그아웃",
-            description = "사용자 로그아웃 기능"
+            description = "사용자 로그아웃 기능",
+            security = @SecurityRequirement(name = "bearerAuth")
     )
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(
@@ -248,7 +250,8 @@ ApiResponse<TokenResponse> signIn(
 
     @Operation(
             summary = "토큰 재발급",
-            description = "AccessToken 만료 시 RefreshToken으로 AccessToken 재발급"
+            description = "AccessToken 만료 시 RefreshToken으로 AccessToken 재발급",
+            security = @SecurityRequirement(name = "bearerAuth")
     )
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(

src/main/java/starlight/adapter/member/webapi/swagger/MemberApiDoc.java

@@ -16,7 +16,7 @@
 @Tag(name = "사용자", description = "사용자 관련 API")
 public interface MemberApiDoc {
 
-    @Operation(summary = "멤버 정보를 조회합니다.", security = @SecurityRequirement(name = "Bearer Authentication"))
+    @Operation(summary = "멤버 정보를 조회합니다.", security = @SecurityRequirement(name = "bearerAuth"))
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(
                     responseCode = "200",

src/main/java/starlight/adapter/order/webapi/swagger/OrderApiDoc.java

@@ -28,7 +28,7 @@
 @Tag(name = "결제", description = "결제 관련 API")
 public interface OrderApiDoc {
 
-    @Operation(summary = "결제 준비", security = @SecurityRequirement(name = "Bearer Authentication"))
+    @Operation(summary = "결제 준비", security = @SecurityRequirement(name = "bearerAuth"))
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(
                     responseCode = "200",
@@ -120,7 +120,7 @@ ApiResponse<OrderPrepareResponse> prepareOrder(
             @AuthenticationPrincipal AuthenticatedMember authenticatedMember
     );
 
-    @Operation(summary = "결제 승인", security = @SecurityRequirement(name = "Bearer Authentication"))
+    @Operation(summary = "결제 승인", security = @SecurityRequirement(name = "bearerAuth"))
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(
                     responseCode = "200",
@@ -315,7 +315,7 @@ ApiResponse<OrderCancelResponse> cancelPayment(
             @Valid @RequestBody OrderCancelRequest request
     );
 
-    @Operation(summary = "내 결제 내역 조회", security = @SecurityRequirement(name = "Bearer Authentication"))
+    @Operation(summary = "내 결제 내역 조회", security = @SecurityRequirement(name = "bearerAuth"))
     @ApiResponses({
             @io.swagger.v3.oas.annotations.responses.ApiResponse(
                     responseCode = "200",

src/main/java/starlight/bootstrap/SwaggerConfig.java

@@ -2,10 +2,10 @@
 
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.servers.Server;
 import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.OpenAPI;
-import io.swagger.v3.oas.models.security.SecurityRequirement;
 import io.swagger.v3.oas.models.security.SecurityScheme;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -16,7 +16,7 @@
         info = @Info(title = "StarLight 명세서", description = "StarLight API 명세서", version = "v1"
         ),
         servers = {
-                @Server(url = "${cors.origin.server}",description = "서버 URL")
+                @Server(url = "${cors.origin.server}", description = "서버 URL")
         }
 )
 
@@ -26,9 +26,13 @@ public class SwaggerConfig {
     @Bean
     public OpenAPI openAPI() {
         SecurityScheme securityScheme = new SecurityScheme()
-                .type(SecurityScheme.Type.HTTP).scheme("bearer").bearerFormat("JWT")
-                .in(SecurityScheme.In.HEADER).name("Authorization");
-        SecurityRequirement securityRequirement = new SecurityRequirement().addList("bearerAuth");
+                .type(SecurityScheme.Type.HTTP)
+                .scheme("bearer")
+                .bearerFormat("JWT")
+                .in(SecurityScheme.In.HEADER)
+                .name("Authorization");
+        io.swagger.v3.oas.models.security.SecurityRequirement securityRequirement =
+                new io.swagger.v3.oas.models.security.SecurityRequirement().addList("bearerAuth");
 
         return new OpenAPI()
                 .components(new Components().addSecuritySchemes("bearerAuth", securityScheme))