From eb427753de55fa44fd3278c914c07762f43bab2e Mon Sep 17 00:00:00 2001 From: root Date: Tue, 24 Mar 2026 07:43:18 +0100 Subject: [PATCH] fix: public auth endpoints, sessions access, ignore logs --- divinespark-backend/.gitignore | 1 + .../divinespark/security/JwtAuthFilter.java | 27 +++++++++++-------- .../divinespark/security/SecurityConfig.java | 1 - 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/divinespark-backend/.gitignore b/divinespark-backend/.gitignore index 0fa072b..525e2e2 100644 --- a/divinespark-backend/.gitignore +++ b/divinespark-backend/.gitignore @@ -42,3 +42,4 @@ src/main/resources/application-*.properties *.env notepad .gitignore +app.log diff --git a/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java b/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java index 3d08549..1700cd2 100644 --- a/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java +++ b/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java @@ -113,7 +113,7 @@ protected void doFilterInternal(HttpServletRequest request, FilterChain filterChain) throws ServletException, IOException { - String path = request.getServletPath(); + String path = request.getRequestURI(); // Skip JWT for public endpoints if (isPublicEndpoint(path)) { @@ -166,14 +166,19 @@ protected void doFilterInternal(HttpServletRequest request, filterChain.doFilter(request, response); } - //Define PUBLIC APIs here private boolean isPublicEndpoint(String path) { - return path.startsWith("/api/v1/auth") - || path.startsWith("/api/v1/sessions") - || path.startsWith("/api/v1/blogs") - || path.startsWith("/api/v1/public") - || path.startsWith("/api/v1/user/review") - || path.startsWith("/v3/api-docs") - || path.startsWith("/swagger-ui"); - } -} \ No newline at end of file + + return path.startsWith("/api/v1/auth/") + || path.equals("/api/v1/auth") + + || path.startsWith("/api/v1/sessions/") + || path.equals("/api/v1/sessions") + + || path.startsWith("/api/v1/blogs/") + || path.startsWith("/api/v1/public/") + || path.startsWith("/api/v1/user/review/") + + || path.startsWith("/v3/api-docs") + || path.startsWith("/swagger-ui"); +} +} diff --git a/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java b/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java index 19f2d24..3478420 100644 --- a/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java +++ b/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java @@ -55,7 +55,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti // PUBLIC: session browsing & reviews (NO LOGIN) .requestMatchers( - HttpMethod.GET, "/api/v1/sessions/**", "/api/v1/user/review/**", "/api/v1/blogs/**"