refactor: move security to route by route

src/controllers/user-controller.ts

@@ -121,9 +121,9 @@ function imageLocation(id: string) {
 
 @Route("api/v1/user")
 @Tags("User")
-@Security("keycloak")
 export class UserController extends Controller {
   @Get("type-stats")
+  @Security("keycloak")
   async getUserTypeStats() {
     const list = await prisma.user.groupBy({
       by: "userType",
@@ -145,6 +145,7 @@ export class UserController extends Controller {
   }
 
   @Get()
+  @Security("keycloak")
   async getUser(
     @Query() userType?: UserType,
     @Query() zipCode?: string,
@@ -199,6 +200,7 @@ export class UserController extends Controller {
   }
 
   @Get("{userId}")
+  @Security("keycloak")
   async getUserById(@Path() userId: string) {
     const record = await prisma.user.findFirst({
       include: {
@@ -221,6 +223,7 @@ export class UserController extends Controller {
   }
 
   @Post()
+  @Security("keycloak")
   async createUser(@Request() req: RequestWithUser, @Body() body: UserCreate) {
     if (body.provinceId || body.districtId || body.subDistrictId) {
       const [province, district, subDistrict] = await prisma.$transaction([
@@ -316,6 +319,7 @@ export class UserController extends Controller {
   }
 
   @Put("{userId}")
+  @Security("keycloak")
   async editUser(
     @Request() req: RequestWithUser,
     @Body() body: UserUpdate,
@@ -454,6 +458,7 @@ export class UserController extends Controller {
   }
 
   @Delete("{userId}")
+  @Security("keycloak")
   async deleteUser(@Path() userId: string) {
     const record = await prisma.user.findFirst({
       include: {