diff --git a/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java b/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java index c4a75d5..3d08549 100644 --- a/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java +++ b/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java @@ -1,22 +1,99 @@ -package com.divinespark.security; +//package com.divinespark.security; +// +// +//import com.divinespark.utils.JwtUtil; +//import jakarta.servlet.FilterChain; +//import jakarta.servlet.ServletException; +//import jakarta.servlet.http.HttpServletRequest; +//import jakarta.servlet.http.HttpServletResponse; +//import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +//import org.springframework.security.core.GrantedAuthority; +//import org.springframework.security.core.authority.SimpleGrantedAuthority; +//import org.springframework.security.core.context.SecurityContextHolder; +//import org.springframework.security.core.userdetails.UserDetails; +//import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; +//import org.springframework.stereotype.Component; +//import org.springframework.web.filter.OncePerRequestFilter; +// +//import java.io.IOException; +//import java.util.List; +// +//@Component +//public class JwtAuthFilter extends OncePerRequestFilter { +// +// private final JwtUtil jwtUtil; +// private final CustomUserDetailsService userDetailsService; +// +// public JwtAuthFilter(JwtUtil jwtUtil, +// CustomUserDetailsService userDetailsService) { +// this.jwtUtil = jwtUtil; +// this.userDetailsService = userDetailsService; +// } +// +// @Override +// protected void doFilterInternal(HttpServletRequest request, +// HttpServletResponse response, +// FilterChain filterChain) +// throws ServletException, IOException { +// +// String authHeader = request.getHeader("Authorization"); +// +// if (authHeader != null && authHeader.startsWith("Bearer ")) { +// +// String token = authHeader.substring(7); +// +// if (jwtUtil.validateToken(token)) { +// +// String email = jwtUtil.extractEmail(token); +// +// // Load full CustomUserDetails +// CustomUserDetails userDetails = +// (CustomUserDetails) userDetailsService +// .loadUserByUsername(email); +// +// UsernamePasswordAuthenticationToken authentication = +// new UsernamePasswordAuthenticationToken( +// userDetails, +// null, +// userDetails.getAuthorities() +// ); +// +// authentication.setDetails( +// new WebAuthenticationDetailsSource() +// .buildDetails(request) +// ); +// +// SecurityContextHolder.getContext() +// .setAuthentication(authentication); +// +// System.out.println( +// "SPRING PRINCIPAL → " + +// authentication.getPrincipal().getClass() +// ); +// } +// } +// +// filterChain.doFilter(request, response); +// } +// +//} + +package com.divinespark.security; import com.divinespark.utils.JwtUtil; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; + import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; import java.io.IOException; -import java.util.List; @Component public class JwtAuthFilter extends OncePerRequestFilter { @@ -36,17 +113,30 @@ protected void doFilterInternal(HttpServletRequest request, FilterChain filterChain) throws ServletException, IOException { + String path = request.getServletPath(); + + // Skip JWT for public endpoints + if (isPublicEndpoint(path)) { + filterChain.doFilter(request, response); + return; + } + String authHeader = request.getHeader("Authorization"); - if (authHeader != null && authHeader.startsWith("Bearer ")) { + // If no token → just continue (DON'T block) + if (authHeader == null || !authHeader.startsWith("Bearer ")) { + filterChain.doFilter(request, response); + return; + } + try { String token = authHeader.substring(7); + // Validate token safely if (jwtUtil.validateToken(token)) { String email = jwtUtil.extractEmail(token); - // Load full CustomUserDetails CustomUserDetails userDetails = (CustomUserDetails) userDetailsService .loadUserByUsername(email); @@ -65,15 +155,25 @@ protected void doFilterInternal(HttpServletRequest request, SecurityContextHolder.getContext() .setAuthentication(authentication); - - System.out.println( - "SPRING PRINCIPAL → " + - authentication.getPrincipal().getClass() - ); } + + } catch (Exception e) { + // DO NOT BLOCK request if token is bad + System.out.println("JWT Error: " + e.getMessage()); } + // Always continue filterChain.doFilter(request, response); } + //Define PUBLIC APIs here + private boolean isPublicEndpoint(String path) { + return path.startsWith("/api/v1/auth") + || path.startsWith("/api/v1/sessions") + || path.startsWith("/api/v1/blogs") + || path.startsWith("/api/v1/public") + || path.startsWith("/api/v1/user/review") + || path.startsWith("/v3/api-docs") + || path.startsWith("/swagger-ui"); + } } \ No newline at end of file diff --git a/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java b/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java index 0b18021..c40bc8e 100644 --- a/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java +++ b/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java @@ -109,7 +109,8 @@ public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(List.of( - "http://localhost:5173" + "http://localhost:5173", + "https://suvirsabnis.org" )); config.setAllowedMethods(List.of(