Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -113,26 +113,22 @@ protected void doFilterInternal(HttpServletRequest request,
FilterChain filterChain)
throws ServletException, IOException {

String path = request.getRequestURI();

// Skip JWT for public endpoints
if (isPublicEndpoint(path)) {
if (isPublicEndpoint(request)) {
filterChain.doFilter(request, response);
return;
}

String authHeader = request.getHeader("Authorization");

// If no token → just continue (DON'T block)
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
filterChain.doFilter(request, response);
return;
}

try {

String token = authHeader.substring(7);

// Validate token safely
if (jwtUtil.validateToken(token)) {

String email = jwtUtil.extractEmail(token);
Expand All @@ -141,44 +137,50 @@ protected void doFilterInternal(HttpServletRequest request,
(CustomUserDetails) userDetailsService
.loadUserByUsername(email);

UsernamePasswordAuthenticationToken authentication =
UsernamePasswordAuthenticationToken authToken =
new UsernamePasswordAuthenticationToken(
userDetails,
null,
userDetails.getAuthorities()
);

authentication.setDetails(
authToken.setDetails(
new WebAuthenticationDetailsSource()
.buildDetails(request)
);

SecurityContextHolder.getContext()
.setAuthentication(authentication);
.setAuthentication(authToken);
}

} catch (Exception e) {
// DO NOT BLOCK request if token is bad
System.out.println("JWT Error: " + e.getMessage());
System.out.println("JWT error: " + e.getMessage());
}

// Always continue
filterChain.doFilter(request, response);
}

private boolean isPublicEndpoint(String path) {
private boolean isPublicEndpoint(HttpServletRequest request) {

return path.startsWith("/api/v1/auth/")
|| path.equals("/api/v1/auth")
String path = request.getRequestURI();
String method = request.getMethod();

|| path.startsWith("/api/v1/sessions/")
|| path.equals("/api/v1/sessions")
// allow preflight requests
if ("OPTIONS".equalsIgnoreCase(method)) {
return true;
}

|| path.startsWith("/api/v1/blogs/")
|| path.startsWith("/api/v1/public/")
|| path.startsWith("/api/v1/user/review/")
return path.startsWith("/api/v1/auth/")
|| path.equals("/api/v1/auth")

|| path.startsWith("/v3/api-docs")
|| path.startsWith("/swagger-ui");
}
|| path.startsWith("/api/v1/sessions/")
|| path.equals("/api/v1/sessions")

|| path.startsWith("/api/v1/blogs/")
|| path.startsWith("/api/v1/public/")
|| path.startsWith("/api/v1/user/review/")

|| path.startsWith("/v3/api-docs")
|| path.startsWith("/swagger-ui");
}
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.divinespark.security;

import jakarta.servlet.http.HttpServletResponse;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
Expand Down Expand Up @@ -76,14 +77,22 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti

.exceptionHandling(ex -> ex
.authenticationEntryPoint((request, response, authException) -> {
response.setStatus(401);
response.setContentType("application/json");
response.getWriter().write("""
{
"error": "Unauthorized",
"message": "JWT token missing or invalid"
}
""");

String path = request.getRequestURI();

// Only return 401 for protected APIs
if (!path.startsWith("/api/v1/auth")) {

response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType("application/json");

response.getWriter().write("""
{
"error": "Unauthorized",
"message": "JWT token missing or invalid"
}
""");
}
})
)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ public AuthService(
public void register(RegisterRequest request) {

if (userRepository.findByEmail(request.getEmail()).isPresent()) {
throw new RuntimeException("Email is already in use");
throw new IllegalStateException("Email is already in use");
}

String phone = request.getContactNumber().replaceAll("\\D", "");
Expand Down