diff --git a/divinespark-backend/src/main/java/com/divinespark/controller/user/ReviewController.java b/divinespark-backend/src/main/java/com/divinespark/controller/user/ReviewController.java index db2733e..1f30f15 100644 --- a/divinespark-backend/src/main/java/com/divinespark/controller/user/ReviewController.java +++ b/divinespark-backend/src/main/java/com/divinespark/controller/user/ReviewController.java @@ -31,7 +31,6 @@ public ResponseEntity submitReview( return ResponseEntity.ok().build(); } - @PreAuthorize("hasRole('USER')") @GetMapping public ResponseEntity getMyReview( @AuthenticationPrincipal CustomUserDetails userDetails diff --git a/divinespark-backend/src/main/java/com/divinespark/dto/SessionCreateRequest.java b/divinespark-backend/src/main/java/com/divinespark/dto/SessionCreateRequest.java index 436d70b..8bc8684 100644 --- a/divinespark-backend/src/main/java/com/divinespark/dto/SessionCreateRequest.java +++ b/divinespark-backend/src/main/java/com/divinespark/dto/SessionCreateRequest.java @@ -13,7 +13,7 @@ public class SessionCreateRequest { private double price; private String whatsappGroupLink; - // ✅ Frontend sends OffsetDateTime with +05:30 + // Frontend sends OffsetDateTime with +05:30 private OffsetDateTime startTime; private OffsetDateTime endTime; diff --git a/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java b/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java index 8d57938..6c4761a 100644 --- a/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java +++ b/divinespark-backend/src/main/java/com/divinespark/security/SecurityConfig.java @@ -53,22 +53,28 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti "/api/v1/user/review/**" ).permitAll() - // User APIs + // PUBLIC: session browsing & reviews (NO LOGIN) + .requestMatchers( + HttpMethod.GET, + "/api/v1/sessions/**", + "/api/v1/user/review/**", + "/api/v1/blogs/**" + ).permitAll() + + // User APIs (LOGIN REQUIRED) .requestMatchers( "/api/v1/user/**", "/api/v1/installments/**", "/api/v1/payments/**" ).hasRole("USER") - // Public session browsing - .requestMatchers(HttpMethod.GET, "/api/v1/sessions/**").permitAll() - // Admin APIs .requestMatchers("/api/v1/admin/**").hasRole("ADMIN") .anyRequest().authenticated() ) + // THIS PREVENTS GOOGLE REDIRECTS // .exceptionHandling(ex -> ex // .authenticationEntryPoint((request, response, authException) -> { diff --git a/divinespark-backend/src/main/java/com/divinespark/service/AuthService.java b/divinespark-backend/src/main/java/com/divinespark/service/AuthService.java index 74e644f..d1c1d08 100644 --- a/divinespark-backend/src/main/java/com/divinespark/service/AuthService.java +++ b/divinespark-backend/src/main/java/com/divinespark/service/AuthService.java @@ -19,11 +19,10 @@ public class AuthService { private final UserRepository userRepository; - private final OtpRepository otpRepository; // ✅ ADD THIS + private final OtpRepository otpRepository; private final PasswordEncoder passwordEncoder; private final JwtUtil jwtUtil; - // ✅ UPDATE CONSTRUCTOR public AuthService( UserRepository userRepository, OtpRepository otpRepository, @@ -43,7 +42,13 @@ public void register(RegisterRequest request) { throw new RuntimeException("Email is already in use"); } - if (!request.getContactNumber().matches("^[6-9]\\d{9}$")) { + String phone = request.getContactNumber().replaceAll("\\D", ""); + + if (phone.startsWith("91") && phone.length() == 12) { + phone = phone.substring(2); + } + + if (!phone.matches("^[6-9]\\d{9}$")) { throw new RuntimeException("Invalid contact number"); } @@ -51,14 +56,13 @@ public void register(RegisterRequest request) { .username(request.getUsername()) .email(request.getEmail()) .password(passwordEncoder.encode(request.getPassword())) - .contactNumber(request.getContactNumber()) + .contactNumber(phone) .role(Role.USER) .isActive(true) .build(); userRepository.save(user); } - // ================= LOGIN ================= public String login(LoginRequest request) {