added swagger

pom.xml

@@ -99,6 +99,13 @@
       <artifactId>spring-boot-starter-security</artifactId>
     </dependency>
 
+    <!-- OpenAPI / Swagger (public API docs only; admin excluded) -->
+    <dependency>
+      <groupId>org.springdoc</groupId>
+      <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+      <version>2.5.0</version>
+    </dependency>
+
     <!-- JWT -->
     <dependency>
       <groupId>io.jsonwebtoken</groupId>

src/main/java/com/honey/honey/config/AdminSecurityConfig.java

@@ -5,6 +5,7 @@ import com.honey.honey.security.admin.JwtAuthenticationFilter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@@ -16,6 +17,9 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.OrRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -50,7 +54,23 @@ public class AdminSecurityConfig {
         return new ProviderManager(adminAuthenticationProvider());
     }
 
+    /** Permit Swagger UI and OpenAPI docs without authentication (public API documentation). */
     @Bean
+    @Order(1)
+    public SecurityFilterChain swaggerSecurityFilterChain(HttpSecurity http) throws Exception {
+        RequestMatcher swaggerMatcher = new OrRequestMatcher(
+                new AntPathRequestMatcher("/swagger-ui/**"),
+                new AntPathRequestMatcher("/v3/api-docs"),
+                new AntPathRequestMatcher("/v3/api-docs/**")
+        );
+        http
+                .securityMatcher(swaggerMatcher)
+                .authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
+        return http.build();
+    }
+
+    @Bean
+    @Order(2)
     public SecurityFilterChain adminSecurityFilterChain(HttpSecurity http) throws Exception {
         http
             .securityMatcher("/api/admin/**")

src/main/java/com/honey/honey/config/OpenApiConfig.java

@@ -0,0 +1,33 @@
+package com.honey.honey.config;
+
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springdoc.core.models.GroupedOpenApi;
+
+/**
+ * OpenAPI / Swagger configuration for the public API only.
+ * Admin endpoints (/api/admin/**) are excluded from the documentation.
+ */
+@Configuration
+public class OpenApiConfig {
+
+    @Bean
+    public GroupedOpenApi publicApi() {
+        return GroupedOpenApi.builder()
+                .group("public")
+                .pathsToMatch("/**")
+                .pathsToExclude("/api/admin/**")
+                .build();
+    }
+
+    @Bean
+    public OpenAPI honeyOpenAPI() {
+        return new OpenAPI()
+                .info(new Info()
+                        .title("Honey Public API")
+                        .description("API for the Honey frontend. Admin panel endpoints are not included.")
+                        .version("1.0"));
+    }
+}

src/main/resources/application.yml

@@ -128,6 +128,15 @@ app:
 geoip:
   db-path: ${GEOIP_DB_PATH:}
 
+# OpenAPI / Swagger (public API only; admin endpoints excluded via OpenApiConfig)
+springdoc:
+  api-docs:
+    path: /v3/api-docs
+  swagger-ui:
+    path: /swagger-ui.html
+  default-consumes-media-type: application/json
+  default-produces-media-type: application/json
+
 # Logging configuration moved to logback-spring.xml
 # To use external logback-spring.xml on VPS, set system property:
 # -Dlogging.config=/path/to/logback-spring.xml