Skip to content

Feat: Auth svc route 추가 #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dungbik merged 2 commits into from
Feb 9, 2026
Merged

Feat: Auth svc route 추가 #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b9410e5
Feat: Auth svc route 추가
dungbik Feb 9, 2026
77c5db2
Feat: Auth svc route 추가
dungbik Feb 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 31 additions & 4 deletions src/main/resources/application-local.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,41 @@ spring:
cloud:
gateway:
routes:
- id: user-service-public
- id: user-private
uri: http://localhost:8081
predicates:
- Path=/v1/users/signup, /v1/users/login
- Path=/v1/users/**
filters:
- AuthenticationFilter

- id: user-service-private
- id: auth-public
uri: http://localhost:8081
predicates:
- Path=/v1/users/**
- name: Path
args:
patterns:
- /v1/auth/login
- /v1/auth/register
- /v1/auth/token/refresh
- /v1/auth/email-verification/request
- /v1/auth/email-verification
- /v1/auth/password-reset/request
- /v1/auth/password-reset
- /v1/oauth2/callback/*

- id: auth-private
uri: http://localhost:8081
predicates:
- name: Path
args:
patterns:
- /v1/auth/logout
- /v1/auth/password
- /v1/auth/social-links
- /v1/auth/social-links/*
- /v1/oauth2/authorization/*
filters:
- AuthenticationFilter

jwt:
secret: "55ca298dcfc216e215622e3f48a251abaa4e8bb973074f065ab170e311acc15811d01a2407290c3ac143648196306d4a6f666a4ed364d3df633e08eb184bb0aea0f2edde4fd2d7fa68ea95ddbc421ff532ce47bde775975911042d665bc22d88a9fa26a03bb4d25530b8cdeb1247d87c9e3efcd721e368b0566b00a43308a729"
Comment on lines +41 to +42
Copy link

@coderabbitai coderabbitai bot Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

JWT 시크릿이 소스 코드에 하드코딩되어 있습니다.

Gitleaks에서도 감지된 문제입니다. 로컬 개발용이라 하더라도 시크릿 값을 레포지토리에 커밋하는 것은 권장되지 않습니다. application.yml처럼 환경 변수를 사용하거나, .env 파일을 .gitignore에 추가하여 관리하는 것을 권장합니다.

🔒 환경 변수 방식으로 변경 
 jwt:
-  secret: "55ca298dcfc216e215622e3f48a251abaa4e8bb973074f065ab170e311acc15811d01a2407290c3ac143648196306d4a6f666a4ed364d3df633e08eb184bb0aea0f2edde4fd2d7fa68ea95ddbc421ff532ce47bde775975911042d665bc22d88a9fa26a03bb4d25530b8cdeb1247d87c9e3efcd721e368b0566b00a43308a729"
+  secret: ${JWT_SECRET:local-dev-secret}

이미 커밋된 시크릿 값은 프로덕션에서 사용 중이라면 반드시 로테이션해야 합니다.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
jwt:
secret: "55ca298dcfc216e215622e3f48a251abaa4e8bb973074f065ab170e311acc15811d01a2407290c3ac143648196306d4a6f666a4ed364d3df633e08eb184bb0aea0f2edde4fd2d7fa68ea95ddbc421ff532ce47bde775975911042d665bc22d88a9fa26a03bb4d25530b8cdeb1247d87c9e3efcd721e368b0566b00a43308a729"
jwt:
secret: ${JWT_SECRET:local-dev-secret}
🧰 Tools
🪛 Gitleaks (8.30.0)

[high] 41-41: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🤖 Prompt for AI Agents 
In `@src/main/resources/application-local.yml` around lines 40 - 41, The JWT
secret is hardcoded under the jwt.secret key in application-local.yml; replace
the literal with an environment variable reference (e.g., read from JWT_SECRET)
and update local dev instructions to load it from a .env or the environment, add
.env to .gitignore, and ensure local config (jwt.secret) reads process env
(JWT_SECRET) so secrets are not committed; if the committed secret was used
anywhere in production rotate it immediately.

41 changes: 34 additions & 7 deletions src/main/resources/application.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,49 @@ spring:

cloud:
gateway:
default-filters:
- RemoveRequestHeader=X-User-Id
- RemoveRequestHeader=X-User-Email
- RemoveRequestHeader=X-User-Role
routes:
- id: user-service-public
- id: user-private
uri: http://user-service:8081
predicates:
- Path=/v1/users/signup, /v1/users/login
- Path=/v1/users/**
filters:
- AuthenticationFilter

- id: user-service-private
- id: auth-public
uri: http://user-service:8081
predicates:
- Path=/v1/users/**
- name: Path
args:
patterns:
- /v1/auth/login
- /v1/auth/register
- /v1/auth/token/refresh
- /v1/auth/email-verification/request
- /v1/auth/email-verification
- /v1/auth/password-reset/request
- /v1/auth/password-reset
- /v1/oauth2/callback/*

- id: auth-private
uri: http://user-service:8081
predicates:
- name: Path
args:
patterns:
- /v1/auth/logout
- /v1/auth/password
- /v1/auth/social-links
- /v1/auth/social-links/*
- /v1/oauth2/authorization/*
filters:
- AuthenticationFilter

jwt:
secret: ${JWT_SECRET:"55ca298dcfc216e215622e3f48a251abaa4e8bb973074f065ab170e311acc15811d01a2407290c3ac143648196306d4a6f666a4ed364d3df633e08eb184bb0aea0f2edde4fd2d7fa68ea95ddbc421ff532ce47bde775975911042d665bc22d88a9fa26a03bb4d25530b8cdeb1247d87c9e3efcd721e368b0566b00a43308a729"}
secret: ${JWT_SECRET}

management:
endpoints:
Expand All @@ -31,5 +59,4 @@ management:

logging:
level:
org.springframework.cloud.gateway: DEBUG
flipnote.apigateway: DEBUG
flipnote.apigateway: INFO