chore: 인증 활성화

backend/src/main/java/moadong/club/controller/ClubController.java

@@ -1,6 +1,7 @@
 package moadong.club.controller;
 
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.AllArgsConstructor;
@@ -17,6 +18,7 @@
 import moadong.user.annotation.CurrentUser;
 import moadong.user.payload.CustomUserDetails;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -40,20 +42,26 @@ public class ClubController {
 
     @PostMapping("")
     @Operation(summary = "클럽 생성", description = "클럽을 생성합니다.")
+    @PreAuthorize("isAuthenticated()")
+    @SecurityRequirement(name = "BearerAuth")
     public ResponseEntity<?> createClub(@CurrentUser CustomUserDetails user, @RequestBody ClubCreateRequest request) {
         String clubId = clubCommandService.createClub(request);
         return Response.ok("success create club", "clubId : " + clubId);
     }
 
     @PutMapping("/info")
     @Operation(summary = "클럽 수정", description = "클럽을 수정합니다.")
+    @PreAuthorize("isAuthenticated()")  // 인증 필요
+    @SecurityRequirement(name = "BearerAuth")
     public ResponseEntity<?> updateClubInfo(@RequestBody @Validated ClubInfoRequest request) {
         clubCommandService.updateClubInfo(request);
         return Response.ok("success update club");
     }
 
     @PutMapping("/description")
     @Operation(summary = "클럽 상세소개 수정", description = "클럽의 상세소개 내용을 수정합니다.")
+    @PreAuthorize("isAuthenticated()")
+    @SecurityRequirement(name = "BearerAuth")
     public ResponseEntity<?> updateClubDescription(
         @RequestBody ClubDescriptionUpdateRequest request) {
         clubCommandService.updateClubDescription(request);

backend/src/main/java/moadong/club/controller/ClubMetricController.java

@@ -1,11 +1,13 @@
 package moadong.club.controller;
 
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.AllArgsConstructor;
 import moadong.club.service.ClubMetricService;
 import moadong.global.payload.Response;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -15,6 +17,8 @@
 @RequestMapping("/api/club/metric")
 @AllArgsConstructor
 @Tag(name = "Club_Metric", description = "클럽 통계 API")
+@PreAuthorize("isAuthenticated()")
+@SecurityRequirement(name = "BearerAuth")
 public class ClubMetricController {
 
     private final ClubMetricService clubMetricService;

backend/src/main/java/moadong/gcs/controller/ClubImageController.java

@@ -1,6 +1,7 @@
 package moadong.gcs.controller;
 
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
@@ -10,6 +11,7 @@
 import moadong.global.payload.Response;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -23,6 +25,8 @@
 @RequestMapping("/api/club")
 @RequiredArgsConstructor
 @Tag(name = "ClubImage", description = "클럽 이미지 관련 API")
+@PreAuthorize("isAuthenticated()")
+@SecurityRequirement(name = "BearerAuth")
 public class ClubImageController {
 
     private final ClubImageService clubImageService;

backend/src/main/java/moadong/global/config/SecurityConfig.java

@@ -6,6 +6,9 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.List;
+
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
 import moadong.global.util.JwtAuthenticationFilter;
 import moadong.global.util.JwtProvider;
 import moadong.user.service.CustomUserDetailService;
@@ -27,6 +30,12 @@
 @Configuration
 @EnableWebSecurity
 @EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
+@SecurityScheme(
+        name = "BearerAuth",
+        type = SecuritySchemeType.HTTP,
+        scheme = "bearer",
+        bearerFormat = "JWT"
+)
 public class SecurityConfig {
 
     private final JwtProvider jwtProvider;

backend/src/main/java/moadong/user/controller/UserController.java

@@ -1,6 +1,7 @@
 package moadong.user.controller;
 
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.AllArgsConstructor;
@@ -14,6 +15,7 @@
 import moadong.user.service.UserCommandService;
 import moadong.user.view.UserSwaggerView;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -56,6 +58,8 @@ public ResponseEntity<?> refresh(
     }
 
     @PutMapping("/")
+    @PreAuthorize("isAuthenticated()")
+    @SecurityRequirement(name = "BearerAuth")
     public ResponseEntity<?> update(@CurrentUser CustomUserDetails user,
         @RequestBody @Validated UserUpdateRequest userUpdateRequest) {
         userCommandService.update(user.getUserId(), userUpdateRequest);