[Refactor] 운영 준비성 개선: 인증 흐름 정리 및 테스트 코드 격리 (#233)

* refactor: JWT 인증 흐름에 맞게 보안 설정 정리

* refactor: 테스트 전용 코드 실행 프로필 제한

* refactor: 레거시 선착순 처리 경로 제거

Author: Ji-minhyeok

src/main/java/com/threestar/trainus/domain/lesson/issue/LegacyLessonAdmissionScheduler.java

@@ -17,7 +17,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 
-@Profile("consumer & !legacy")
+@Profile("consumer")
 @Slf4j
 @Component
 @RequiredArgsConstructor

src/main/java/com/threestar/trainus/domain/lesson/issue/LegacyLessonApplyConsumer.java

@@ -18,7 +18,7 @@
 import java.util.concurrent.ConcurrentLinkedQueue;
 import java.util.stream.Collectors;
 
-@Profile("consumer & !legacy")
+@Profile("consumer")
 @Slf4j
 @Component
 @RequiredArgsConstructor

src/main/java/com/threestar/trainus/domain/lesson/issue/LessonAdmissionScheduler.java

@@ -24,14 +24,11 @@
 import com.threestar.trainus.domain.lesson.teacher.entity.Category;
 import com.threestar.trainus.global.annotation.LoginUser;
 import com.threestar.trainus.global.dto.PageRequestDto;
-import com.threestar.trainus.global.exception.domain.ErrorCode;
-import com.threestar.trainus.global.exception.handler.BusinessException;
 import com.threestar.trainus.global.unit.BaseResponse;
 import com.threestar.trainus.global.unit.PagedResponse;
 
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import jakarta.servlet.http.HttpSession;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.Max;
 import jakarta.validation.constraints.Min;
@@ -137,13 +134,8 @@ public ResponseEntity<PagedResponse<MyLessonApplicationListWrapperDto>> getMyLes
 		@RequestParam(defaultValue = "5") @Min(value = 1, message = "limit는 1 이상이어야 합니다.")
 		@Max(value = 100, message = "limit는 100 이하여야 합니다.") int limit,
 		@RequestParam(defaultValue = "ALL") String status,
-		HttpSession session
+		@LoginUser Long userId
 	) {
-		Long userId = (Long)session.getAttribute("LOGIN_USER");
-		if (userId == null) {
-			throw new BusinessException(ErrorCode.AUTHENTICATION_REQUIRED);
-		}
-
 		MyLessonApplicationListResponseDto serviceResponse = studentLessonService.getMyLessonApplications(userId, page,
 			limit, status);
 		MyLessonApplicationListWrapperDto response = new MyLessonApplicationListWrapperDto(

src/main/java/com/threestar/trainus/domain/lesson/issue/LessonApplyConsumer.java

@@ -4,6 +4,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.context.annotation.Profile;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -27,6 +28,7 @@
 import lombok.RequiredArgsConstructor;
 
 @Tag(name = "동시성 테스트 API", description = "선착순 기능 테스트를 위한 API")
+@Profile({"local", "test"})
 @RestController
 @RequestMapping("/test")
 @RequiredArgsConstructor

src/main/java/com/threestar/trainus/domain/lesson/student/controller/StudentLessonController.java

@@ -8,6 +8,7 @@
 import java.util.Set;
 
 import org.springframework.boot.CommandLineRunner;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
@@ -26,7 +27,6 @@
 import com.threestar.trainus.domain.metadata.entity.ProfileMetadata;
 import com.threestar.trainus.domain.metadata.mapper.ProfileMetadataMapper;
 import com.threestar.trainus.domain.metadata.repository.ProfileMetadataRepository;
-import com.threestar.trainus.domain.profile.entity.Profile;
 import com.threestar.trainus.domain.profile.mapper.ProfileMapper;
 import com.threestar.trainus.domain.profile.repository.ProfileRepository;
 import com.threestar.trainus.domain.review.entity.Review;
@@ -40,7 +40,7 @@
 
 @Slf4j
 @Component
-@org.springframework.context.annotation.Profile("dev") // dev 프로필에서만 실행
+@Profile({"local", "test"})
 @RequiredArgsConstructor
 public class MockDataInitializer implements CommandLineRunner {
 
@@ -111,7 +111,7 @@ private List<User> createInstructors() {
 			User savedInstructor = userRepository.save(instructor);
 
 			// Profile 생성
-			Profile profile = ProfileMapper.toDefaultEntity(savedInstructor);
+			var profile = ProfileMapper.toDefaultEntity(savedInstructor);
 			profile.updateProfileImage("https://example.com/instructor" + (i + 1) + ".jpg");
 			profile.updateProfileIntro(instructorNames[i] + "입니다. 최고의 레슨을 제공합니다!");
 			profileRepository.save(profile);
@@ -138,7 +138,7 @@ private List<User> createInstructors() {
 		User savedAdmin = userRepository.save(admin);
 
 		// 관리자 Profile 생성
-		Profile adminProfile = ProfileMapper.toDefaultEntity(savedAdmin);
+		var adminProfile = ProfileMapper.toDefaultEntity(savedAdmin);
 		adminProfile.updateProfileImage("https://example.com/admin.jpg");
 		profileRepository.save(adminProfile);
 
@@ -165,7 +165,7 @@ private List<User> createStudents() {
 			User savedStudent = userRepository.save(student);
 
 			// Profile 생성
-			Profile profile = ProfileMapper.toDefaultEntity(savedStudent);
+			var profile = ProfileMapper.toDefaultEntity(savedStudent);
 			profile.updateProfileImage("https://example.com/student" + (i + 1) + ".jpg");
 			profileRepository.save(profile);
 

src/main/java/com/threestar/trainus/domain/test/controller/TestConcurrencyController.java

@@ -14,20 +14,20 @@ public class SwaggerConfig {
 	@Bean
 	public OpenAPI openApi() {
 		return new OpenAPI()
-			.addSecurityItem(new SecurityRequirement().addList("session"))
+			.addSecurityItem(new SecurityRequirement().addList("bearerAuth"))
 			.components(new Components()
-				.addSecuritySchemes("session", new SecurityScheme()
-					.type(SecurityScheme.Type.APIKEY)
-					.in(SecurityScheme.In.COOKIE)
-					.name("JSESSIONID")
+				.addSecuritySchemes("bearerAuth", new SecurityScheme()
+					.type(SecurityScheme.Type.HTTP)
+					.scheme("bearer")
+					.bearerFormat("JWT")
 				)
 			)
 			.info(apiInfo());
 	}
 
 	private Info apiInfo() {
 		return new Info()
-			.title("FitMate API 문서") // API의 제목
+			.title("TrainUs API 문서") // API의 제목
 			.description("운동 메이트 매칭 플랫폼의 API 명세서") // API에 대한 설명
 			.version("1.0.0"); // API의 버전
 	}

src/main/java/com/threestar/trainus/global/config/MockDataInitializer.java

@@ -4,6 +4,7 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -29,10 +30,26 @@ public PasswordEncoder passwordEncoder() {
 	@Bean
 	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http.authorizeHttpRequests(
-				auth -> auth.requestMatchers("/api/v1/users/**", "/api/lessons/test-auth", "/swagger-ui/**",
-						"/v3/api-docs/**", "/api/v1/profiles/**", "/api/v1/lessons/**", "api/v1/coupons/**",
-						"/api/v1/comments/**", "/api/v1/reviews/**", "/api/v1/admin/**", "/api/v1/rankings/**",
-						"/api/v1/payments/**", "/test/**", "/health", "/actuator/**")
+				auth -> auth.requestMatchers(
+						"/api/v1/users/signup",
+						"/api/v1/users/login",
+						"/api/v1/users/verify/**",
+						"/swagger-ui/**",
+						"/v3/api-docs/**",
+						"/health",
+						"/actuator/**")
+					.permitAll()
+					.requestMatchers(HttpMethod.GET,
+						"/api/v1/profiles/*",
+						"/api/v1/profiles/*/created-lessons",
+						"/api/v1/lessons",
+						"/api/v1/lessons/search/nearby",
+						"/api/v1/lessons/*",
+						"/api/v1/lessons/summary/*",
+						"/api/v1/lessons/apply/status/*",
+						"/api/v1/comments/**",
+						"/api/v1/reviews/**",
+						"/api/v1/rankings/**")
 					.permitAll()
 					.requestMatchers("/api/v1/admin/**")
 					.hasRole("ADMIN")

src/main/java/com/threestar/trainus/global/config/SwaggerConfig.java

@@ -2,6 +2,7 @@
 
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.context.annotation.Profile;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -15,6 +16,7 @@
 import lombok.RequiredArgsConstructor;
 
 @Tag(name = "S3 테스트 컨트롤러", description = "S3 업로더 테스트용 컨트롤러입니다.")
+@Profile({"local", "test"})
 @RestController
 @RequestMapping("/api/v1/test/s3")
 @RequiredArgsConstructor
@@ -38,4 +40,4 @@ public ResponseEntity<String> upload(
 			return ResponseEntity.badRequest().body("업로드 실패: " + e.getMessage());
 		}
 	}
-}
+}