From 76161e1dbf13e2c04085fc4e9d244a046dc1eeaf Mon Sep 17 00:00:00 2001 From: rucha Date: Tue, 24 Mar 2026 13:38:30 +0530 Subject: [PATCH] fixed register issue --- .../divinespark/security/JwtAuthFilter.java | 48 ++++++++++--------- .../divinespark/security/SecurityConfig.java | 25 ++++++---- .../com/divinespark/service/AuthService.java | 2 +- 3 files changed, 43 insertions(+), 32 deletions(-) diff --git a/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java b/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java index 1700cd2..779a6bb 100644 --- a/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java +++ b/divinespark-backend/src/main/java/com/divinespark/security/JwtAuthFilter.java @@ -113,26 +113,22 @@ protected void doFilterInternal(HttpServletRequest request, FilterChain filterChain) throws ServletException, IOException { - String path = request.getRequestURI(); - - // Skip JWT for public endpoints - if (isPublicEndpoint(path)) { + if (isPublicEndpoint(request)) { filterChain.doFilter(request, response); return; } String authHeader = request.getHeader("Authorization"); - // If no token → just continue (DON'T block) if (authHeader == null || !authHeader.startsWith("Bearer ")) { filterChain.doFilter(request, response); return; } try { + String token = authHeader.substring(7); - // Validate token safely if (jwtUtil.validateToken(token)) { String email = jwtUtil.extractEmail(token); @@ -141,44 +137,50 @@ protected void doFilterInternal(HttpServletRequest request, (CustomUserDetails) userDetailsService .loadUserByUsername(email); - UsernamePasswordAuthenticationToken authentication = + UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken( userDetails, null, userDetails.getAuthorities() ); - authentication.setDetails( + authToken.setDetails( new WebAuthenticationDetailsSource() .buildDetails(request) ); SecurityContextHolder.getContext() - .setAuthentication(authentication); + .setAuthentication(authToken); } } catch (Exception e) { - // DO NOT BLOCK request if token is bad - System.out.println("JWT Error: " + e.getMessage()); + System.out.println("JWT error: " + e.getMessage()); } - // Always continue filterChain.doFilter(request, response); } - private boolean isPublicEndpoint(String path) { + private boolean isPublicEndpoint(HttpServletRequest request) { - return path.startsWith("/api/v1/auth/") - || path.equals("/api/v1/auth") + String path = request.getRequestURI(); + String method = request.getMethod(); - || path.startsWith("/api/v1/sessions/") - || path.equals("/api/v1/sessions") + // allow preflight requests + if ("OPTIONS".equalsIgnoreCase(method)) { + return true; + } - || path.startsWith("/api/v1/blogs/") - || path.startsWith("/api/v1/public/") - || path.startsWith("/api/v1/user/review/") + return path.startsWith("/api/v1/auth/") + || path.equals("/api/v1/auth") - || path.startsWith("/v3/api-docs") - || path.startsWith("/swagger-ui"); -} + || path.startsWith("/api/v1/sessions/") + || path.equals("/api/v1/sessions") + + || path.startsWith("/api/v1/blogs/") + || path.startsWith("/api/v1/public/") + || path.startsWith("/api/v1/user/review/") + + || path.startsWith("/v3/api-docs") + || path.startsWith("/swagger-ui"); + } } diff --git a/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java b/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java index 3478420..0e2a04d 100644 --- a/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java +++ b/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java @@ -1,5 +1,6 @@ package com.divinespark.security; +import jakarta.servlet.http.HttpServletResponse; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; @@ -76,14 +77,22 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .exceptionHandling(ex -> ex .authenticationEntryPoint((request, response, authException) -> { - response.setStatus(401); - response.setContentType("application/json"); - response.getWriter().write(""" - { - "error": "Unauthorized", - "message": "JWT token missing or invalid" - } - """); + + String path = request.getRequestURI(); + + // Only return 401 for protected APIs + if (!path.startsWith("/api/v1/auth")) { + + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + response.setContentType("application/json"); + + response.getWriter().write(""" + { + "error": "Unauthorized", + "message": "JWT token missing or invalid" + } + """); + } }) ) diff --git a/divinespark-backend/src/main/java/com/divinespark/service/AuthService.java b/divinespark-backend/src/main/java/com/divinespark/service/AuthService.java index d1c1d08..a0d5332 100644 --- a/divinespark-backend/src/main/java/com/divinespark/service/AuthService.java +++ b/divinespark-backend/src/main/java/com/divinespark/service/AuthService.java @@ -39,7 +39,7 @@ public AuthService( public void register(RegisterRequest request) { if (userRepository.findByEmail(request.getEmail()).isPresent()) { - throw new RuntimeException("Email is already in use"); + throw new IllegalStateException("Email is already in use"); } String phone = request.getContactNumber().replaceAll("\\D", "");