[BE-Fix] 로그인 url을 jwt 인증 필터에서 제외

[kwon204]

#️⃣ 연관된 이슈>

• [BE-Feat] 구글 로그인 및 회원가입 구현 #32

📝 작업 내용> 이번 PR에서 작업한 내용을 간략히 설명해주세요(이미지 첨부 가능)

• 로그인 url을 jwt 인증 필터에서 제외
• 사용하지 않는 코드 삭제

🙏 여기는 꼭 봐주세요! > 리뷰어가 특별히 봐주었으면 하는 부분이 있다면 작성해주세요

Summary by CodeRabbit

• Refactor

  • Streamlined the authentication flow for a smoother sign-in experience. The login endpoint now bypasses token verification, and outdated mechanisms for generating login URLs have been removed.

• Tests

  • Removed obsolete tests that were verifying the deprecated login URL functionality.

[coderabbitai]

Walkthrough

This pull request removes several legacy annotations and components related to Google login functionality and OAuth callbacks. The OAuth callback method in the authentication controller no longer includes summary or description annotations. The dedicated URL response record and corresponding methods for generating the Google login URL have been removed across the controllers and services, along with their tests. Additionally, the JWT authentication filter has been updated to exclude the /api/v1/login endpoint from token validation.

Changes

File(s)	Change Summary
backend/src/.../AuthController.java	Removed the OAuth callback method’s @Operation annotation (summary and description)
backend/src/.../auth/dto/UrlResponse.java	Deleted the UrlResponse record used to encapsulate URL responses
backend/src/.../GoogleController.java, backend/src/.../GoogleOAuthService.java, backend/src/.../GoogleOAuthServiceTest.java	Removed Google login URL generation components: deleted the googleOAuthService field and loginUrl method in GoogleController, the getGoogleLoginUrl method in GoogleOAuthService, and the corresponding unit tests
backend/src/.../JwtAuthFilter.java	Added /api/v1/login to the excludedPaths list to bypass JWT authentication

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant JwtAuthFilter
    participant Application

    User->>JwtAuthFilter: Send request (e.g. "/api/v1/login")
    alt Request is "/api/v1/login"
        JwtAuthFilter-->>User: Bypass JWT validation
        User->>Application: Process login request
    else Other endpoint
        JwtAuthFilter->>JwtAuthFilter: Validate JWT token
        JwtAuthFilter-->>User: Forward request if valid
    end

Loading

Possibly related PRs

• [BE-Fix] 쿠키 삭제, 인증 헤더 사용으로 변경 #172: Involves modifications to the oauthCallback method annotations, similar to the changes in this PR.
• [BE-Feat] 구글 토큰 관리 기능 구현 #112: Contains adjustments to the OAuth callback functionality, aligning with the removal of annotations.
• [BE-Fix] 구글 로그인 시 프론트 엔드로 리다이렉션 하도록 수정 #151: Presents overlapping changes in the oauthCallback method with a different alteration approach.

Suggested reviewers

• efdao

Poem

I'm a rabbit in a code-filled glen,
Hopping 'round changes again and again.
Annotations and tests vanish from sight,
As login paths now skip the JWT fight.
With every hop, the code feels light—
A playful dance under the moonlit byte!

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

backend/src/main/java/endolphin/backend/global/security/JwtAuthFilter.java (2)

23-55: LGTM! Consider extracting token parsing logic.

The JWT token validation and user context management implementation is solid. The error handling is appropriate, and ThreadLocal cleanup is properly handled.

Consider extracting the token parsing logic into a separate method for better readability:

     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
         FilterChain filterChain) throws ServletException, IOException {
-        String token = request.getHeader("Authorization");
-        if (token != null && token.startsWith("Bearer ")) {
-            token = token.substring(7);
+        String token = extractToken(request);
+        if (token != null) {
             try {
                 var signedJwt = jwtProvider.validateToken(token);
                 // ... rest of the code ...
             }
         }
     }

+    private String extractToken(HttpServletRequest request) {
+        String token = request.getHeader("Authorization");
+        return (token != null && token.startsWith("Bearer ")) ? token.substring(7) : null;
+    }

---

70-71: Consider using more precise path matching.

Using startsWith for path matching could be too permissive. For example, /api/v1/login-history would also be excluded from authentication.

Consider using exact path matching or AntPathMatcher for more precise control:

-        return "OPTIONS".equalsIgnoreCase(request.getMethod()) ||
-            excludedPaths.stream().anyMatch(path::startsWith);
+        AntPathMatcher pathMatcher = new AntPathMatcher();
+        return "OPTIONS".equalsIgnoreCase(request.getMethod()) ||
+            excludedPaths.stream().anyMatch(pattern -> pathMatcher.match(pattern + "/**", path));

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0b15bc6 and 78c70f0.

📒 Files selected for processing (6)

• backend/src/main/java/endolphin/backend/domain/auth/AuthController.java (0 hunks)
• backend/src/main/java/endolphin/backend/domain/auth/dto/UrlResponse.java (0 hunks)
• backend/src/main/java/endolphin/backend/global/google/GoogleController.java (0 hunks)
• backend/src/main/java/endolphin/backend/global/google/GoogleOAuthService.java (0 hunks)
• backend/src/main/java/endolphin/backend/global/security/JwtAuthFilter.java (1 hunks)
• backend/src/test/java/endolphin/backend/global/google/GoogleOAuthServiceTest.java (0 hunks)

💤 Files with no reviewable changes (5)

• backend/src/main/java/endolphin/backend/domain/auth/dto/UrlResponse.java
• backend/src/main/java/endolphin/backend/global/google/GoogleOAuthService.java
• backend/src/main/java/endolphin/backend/domain/auth/AuthController.java
• backend/src/main/java/endolphin/backend/global/google/GoogleController.java
• backend/src/test/java/endolphin/backend/global/google/GoogleOAuthServiceTest.java

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Send PR Notification to Reviewers

🔇 Additional comments (1)

backend/src/main/java/endolphin/backend/global/security/JwtAuthFilter.java (1)

61-68: LGTM! Login path exclusion is appropriate.

Excluding the login endpoint from JWT authentication is necessary to allow users to authenticate. The other excluded paths are also appropriate for their respective purposes.

[efdao]

고생하셨습니다.