From 8e780413ce6ef5cf439e87f16524d7a6198dd43f Mon Sep 17 00:00:00 2001
From: htlee <htlee@gcsc.co.kr>
Date: Sat, 14 Feb 2026 22:01:17 +0900
Subject: [PATCH] =?UTF-8?q?fix(security):=20permitAll=20=ED=8C=A8=ED=84=B4?=
 =?UTF-8?q?=EC=97=90=EC=84=9C=20/api/auth/me=20=EC=A0=9C=EC=99=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

/api/auth/** 와일드카드가 /api/auth/me까지 공개하여
인증 없이 접근 시 NPE(500) 발생. /api/auth/google과
/api/auth/logout만 공개하도록 수정.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/main/java/com/gcsc/guide/config/SecurityConfig.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/gcsc/guide/config/SecurityConfig.java b/src/main/java/com/gcsc/guide/config/SecurityConfig.java
index 2cc3f9c..0c3f01b 100644
--- a/src/main/java/com/gcsc/guide/config/SecurityConfig.java
+++ b/src/main/java/com/gcsc/guide/config/SecurityConfig.java
@@ -41,7 +41,8 @@ public class SecurityConfig {
                 session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(auth -> auth
                 .requestMatchers(
-                    "/api/auth/**",
+                    "/api/auth/google",
+                    "/api/auth/logout",
                     "/api/health",
                     "/actuator/health",
                     "/h2-console/**",