[HOTFIX] Guest 유저의 API 접근 제한

src/main/java/com/neighbors/tohero/common/ErrorResponseUtil.java

@@ -13,7 +13,7 @@ public class ErrorResponseUtil {
 
     public static void setResponse(HttpServletResponse response, BaseResponseStatus responseStatus) throws IOException {
 
-        BaseResponse errorResponse = new BaseResponse(responseStatus, "JWT TOKEN 오류입니다.");
+        BaseResponse errorResponse = new BaseResponse(responseStatus, "THIS API NEED AUTHORIZED JWT TOKEN (MAYBE NOT GUEST TOKEN)");
 
         response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
         response.setContentType("application/json");

src/main/java/com/neighbors/tohero/common/security/AuthenticationUtil.java

@@ -2,6 +2,7 @@
 
 import com.neighbors.tohero.common.enums.Role;
 import com.neighbors.tohero.common.jwt.JwtProvider;
+import jakarta.annotation.PostConstruct;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -10,14 +11,32 @@
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 
-import java.util.Optional;
+import java.util.*;
 
 @Slf4j
 @Component
 @RequiredArgsConstructor
 public class AuthenticationUtil {
 
     private final JwtProvider jwtProvider;
+    private Map<String, List<String>> onlyUserRequest;
+
+    @PostConstruct
+    private void initOnlyUserRequest() {
+        onlyUserRequest = new HashMap<>();
+
+        // 초기화
+        addToOnlyUserRequest("PUT", "/user/name");
+        addToOnlyUserRequest("POST", "/user/signout");
+        addToOnlyUserRequest("POST", "/user/logout");
+        addToOnlyUserRequest("GET", "/letter");
+        addToOnlyUserRequest("PUT", "/letter");
+        addToOnlyUserRequest("GET", "/auth/refreshToken");
+    }
+
+    private void addToOnlyUserRequest(String method, String url) {
+        onlyUserRequest.computeIfAbsent(method, k -> new ArrayList<>()).add(url);
+    }
 
     public void setAuthenticationFromRequest(HttpServletRequest request) {
 
@@ -42,9 +61,11 @@ private Optional<UserAuthentication> makeAuthentication(HttpServletRequest reque
 
         if(isTokenValid(token)) {
             if (isRequestAvailableToGuest(token)) {
-                log.info("[AuthenticationUtil.makeAuthentication : Guest 권한 부여]");
-                String nickname = jwtProvider.getGuestJwtUserDetails(token).getNickname();
-                authentication = UserAuthentication.makeGuestAuthentication(nickname);
+                if(checkGuestAccessRequest(request)){
+                    log.info("[AuthenticationUtil.makeAuthentication : Guest 권한 부여]");
+                    String nickname = jwtProvider.getGuestJwtUserDetails(token).getNickname();
+                    authentication = UserAuthentication.makeGuestAuthentication(nickname);
+                }
             }
             else {
                 log.info("[AuthenticationUtil.makeAuthentication : User 권한 부여]");
@@ -59,6 +80,18 @@ private Optional<UserAuthentication> makeAuthentication(HttpServletRequest reque
         return Optional.ofNullable(authentication);
     }
 
+    private boolean checkGuestAccessRequest(HttpServletRequest request) {
+        List<String> urls = onlyUserRequest.get(request.getMethod());
+        if (urls != null) {
+            for (String url : urls) {
+                if (request.getRequestURI().contains(url)) {
+                    return false;
+                }
+            }
+        }
+        return true;
+    }
+
     private String getJwtFromRequest(HttpServletRequest request) {
         String bearerToken = request.getHeader("Authorization");
 

src/main/java/com/neighbors/tohero/presentation/controller/AddressController.java

@@ -3,6 +3,7 @@
 import com.neighbors.tohero.application.address.dto.SearchAddressRequest;
 import com.neighbors.tohero.application.address.service.AddressService;
 import com.neighbors.tohero.application.baseResponse.BaseResponse;
+import io.swagger.v3.oas.annotations.Operation;
 import lombok.RequiredArgsConstructor;
 import org.springdoc.core.annotations.ParameterObject;
 import org.springframework.http.ResponseEntity;
@@ -18,6 +19,7 @@ public class AddressController {
 
     private final AddressService addressService;
 
+    @Operation(summary = "주소 API", description = "주소 조회를 위해 사용되는 API입니다. 경찰서 기준으로 검색하고 싶으면 TargetJob 부분에 POLICE_OFFICER, 소방서 기준으로 검색하고 싶으면 FIRE_FIGHTER 로 입력해주시면 됩니다.")
     @GetMapping("/address")
     public ResponseEntity<BaseResponse> searchAddress(@ParameterObject @Validated SearchAddressRequest searchAddressRequest) {
         return ResponseEntity.ok()

src/main/java/com/neighbors/tohero/presentation/controller/AuthController.java

@@ -2,6 +2,7 @@
 
 import com.neighbors.tohero.application.auth.service.AuthService;
 import com.neighbors.tohero.application.baseResponse.BaseResponse;
+import io.swagger.v3.oas.annotations.Operation;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -16,6 +17,7 @@ public class AuthController {
 
     private final AuthService authService;
 
+    @Operation(summary = "JWT 토큰 API", description = "refresh 토큰으로 access 토큰을 재발급하는 API입니다.")
     @GetMapping("/auth/refreshToken")
     public ResponseEntity<BaseResponse> refreshAccessToken(@RequestParam String refreshToken) {
         return ResponseEntity.ok()

src/main/java/com/neighbors/tohero/presentation/controller/LetterController.java

@@ -6,6 +6,7 @@
 import com.neighbors.tohero.application.letter.dto.UpdateLetterPublic;
 import com.neighbors.tohero.application.letter.service.LetterService;
 import com.neighbors.tohero.common.jwt.JwtUserDetails;
+import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import lombok.RequiredArgsConstructor;
 import org.springdoc.core.annotations.ParameterObject;
@@ -21,6 +22,7 @@ public class LetterController {
 
     private final LetterService letterService;
 
+    @Operation(summary = "편지 API", description = "편지를 생성하는 API입니다. content, isPublic은 필수 정보입니다. TargetJob, addressId, heroName은 사용자에게 입력받은 여부에 따라 json에 포함/미포함 할 수 있습니다. readingAlarm은 열람여부를 메시지로 받을지 여부이며, 로그인한 유저일 경우만 json에 포함시키면 됩니다. ")
     @PostMapping("")
     public ResponseEntity<BaseResponse> createLetter(
             @Parameter(hidden=true) @AuthenticationPrincipal JwtUserDetails jwtUserDetail,
@@ -30,18 +32,21 @@ public ResponseEntity<BaseResponse> createLetter(
                 .body(letterService.createLetter(jwtUserDetail, createLetterRequest));
     }
 
+    @Operation(summary = "편지 API", description = "편지를 상세 조회하는 API입니다.")
     @GetMapping("/detail")
     public ResponseEntity<BaseResponse> getLetterDetail(@ParameterObject GetLetterDetailRequest getLetterDetailRequest){
         return ResponseEntity.ok()
                 .body(letterService.getLetterDetail(getLetterDetailRequest));
     }
 
+    @Operation(summary = "편지 API", description = "내가 작성한 편지를 조회하는 API입니다. 로그인한 유저만 사용할 수 있습니다.")
     @GetMapping("")
     public ResponseEntity<BaseResponse> getMyLetters(@Parameter(hidden = true) @AuthenticationPrincipal JwtUserDetails jwtUserDetail){
         return ResponseEntity.ok()
                 .body(letterService.getMyLetters(jwtUserDetail.getUserId()));
     }
 
+    @Operation(summary = "편지 API", description = "편지의 공개 여부를 수정하는 API입니다. 로그인한 유저만 사용할 수 있습니다.")
     @PutMapping("")
     public ResponseEntity<BaseResponse> updateLetterPublic(
             @Parameter(hidden = true) @AuthenticationPrincipal JwtUserDetails jwtUserDetail,

src/main/java/com/neighbors/tohero/presentation/controller/NewsController.java

@@ -2,6 +2,7 @@
 
 import com.neighbors.tohero.application.baseResponse.BaseResponse;
 import com.neighbors.tohero.application.news.service.NewsService;
+import io.swagger.v3.oas.annotations.Operation;
 import lombok.RequiredArgsConstructor;
 import org.springdoc.core.annotations.ParameterObject;
 import org.springframework.data.domain.Pageable;
@@ -18,6 +19,7 @@ public class NewsController {
 
     private final NewsService newsService;
 
+    @Operation(summary = "소식 API", description = "소식 모아보기 API입니다. 무한페이징입니다.")
     @GetMapping("")
     public ResponseEntity<BaseResponse> getPagedNews(@ParameterObject Pageable pageable){
         return ResponseEntity.ok()