feat: auth DB/Redis 버저닝 + 테스트코드 + k6 + 문서화 적용

creepereye1204 · creepereye1204 · commit e9f85ce1373b · 2026-01-23T22:17:36.000+09:00
- DB 기반 인증(v1)과 Redis 기반 인증(v2) 버저닝 구조 반영
- JUnit 테스트코드 작성으로 회원가입/로그인/토큰 갱신/삭제 시나리오 검증
- k6 부하 테스트 스크립트 추가하여 성능 비교 및 지표 수집
- 테스트 결과를 문서화하여 성능 향상 분석 보고서 작성
- DB vs Redis 성능 차이를 그래프 및 표로 시각화하여 직관적 비교 가능
diff --git a/src/main/java/com/creepereye/ecommerce/domain/auth/controller/AuthControllerV2.java b/src/main/java/com/creepereye/ecommerce/domain/auth/controller/AuthControllerV2.java
@@ -66,18 +66,28 @@ public ResponseEntity<?> logout(@RequestHeader("Authorization") String accessTok
     @PostMapping("/refresh")
     public ResponseEntity<TokenResponse> refresh(@CookieValue("refreshToken") String refreshToken) {
 
+
         TokenResponse tokenResponse = authService.refresh(refreshToken);
 
 
-        ResponseCookie refreshCookie = ResponseCookie.from("refreshToken", tokenResponse.getRefreshToken())
+        ResponseCookie deleteCookie = ResponseCookie.from("refreshToken", "")
+                .httpOnly(true)
+                .secure(true)
+                .sameSite("Lax")
+                .maxAge(0)
+                .build();
+
+
+        ResponseCookie newRefreshCookie = ResponseCookie.from("refreshToken", tokenResponse.getRefreshToken())
                 .httpOnly(true)
                 .secure(true)
                 .sameSite("Lax")
                 .maxAge(refreshTokenValidityInSeconds)
                 .build();
 
         return ResponseEntity.ok()
-                .header(HttpHeaders.SET_COOKIE, refreshCookie.toString())
+                .header(HttpHeaders.SET_COOKIE, deleteCookie.toString())
+                .header(HttpHeaders.SET_COOKIE, newRefreshCookie.toString())
                 .body(tokenResponse);
     }
 
diff --git a/src/main/java/com/creepereye/ecommerce/global/config/SecurityConfig.java b/src/main/java/com/creepereye/ecommerce/global/config/SecurityConfig.java
@@ -49,15 +49,32 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         http
                 .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                 .authorizeHttpRequests(authorize -> authorize
-                        .requestMatchers("/h2-console/**").permitAll()
+
+
                         .requestMatchers("/actuator/prometheus/**").permitAll()
+
+
                         .requestMatchers("/api/v1/auth/login", "/api/v2/auth/login").permitAll()
                         .requestMatchers("/api/v1/auth/signup", "/api/v2/auth/signup").permitAll()
-                        .requestMatchers("/api/v1/auth/signup-admin", "/api/v2/auth/signup-admin").permitAll()
+
                         .requestMatchers("/api/v1/auth/logout", "/api/v2/auth/logout").authenticated()
-                        .requestMatchers("/api/v1/orders/**").authenticated()
                         .requestMatchers("/api/v1/auth/refresh", "/api/v2/auth/refresh").permitAll()
+
+
+                        .requestMatchers("/api/v1/orders/**").authenticated()
+
                         .requestMatchers("/api/v1/products/**","/api/v2/products/**").permitAll()
+
+                        .requestMatchers("/api/v2/co-purchase/**","/api/v1/co-purchase/**").permitAll()
+
+                        .requestMatchers(
+                                "/swagger-ui/**",
+                                "/v3/api-docs/**",
+                                "/swagger-resources/**",
+                                "/webjars/**"
+                        ).permitAll()
+
+
                         .anyRequest().authenticated()
                 )
                 .csrf(AbstractHttpConfigurer::disable)
