Merge branch 'dev' into pr/19

Author: vitorhugo-java

src/main/java/com/espacogeek/geek/config/CorsConfig.java

@@ -4,16 +4,32 @@
 import org.springframework.lang.NonNull;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.beans.factory.annotation.Value;
+
+import java.util.Arrays;
 
 @Configuration
 public class CorsConfig implements WebMvcConfigurer {
 
+    @Value("${spring.mvc.cors.allowed-origins:http://localhost:3000}")
+    private String allowedOrigins;
+
+    @Value("${security.jwt.expiration-ms:604800000}")
+    private long expirationMs;
+
     @Override
     public void addCorsMappings(@NonNull CorsRegistry registry) {
+        String[] origins = Arrays.stream(allowedOrigins.split(","))
+                .map(String::trim)
+                .filter(s -> !s.isEmpty())
+                .toArray(String[]::new);
+
         registry.addMapping("/**")
-            .allowedOriginPatterns("*")
-            .allowedMethods("POST")
+            .allowedOrigins(origins)
+            .allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
             .allowedHeaders("*")
-            .allowCredentials(true);
+            .exposedHeaders("Authorization", "Content-Type")
+            .allowCredentials(true)
+            .maxAge(expirationMs / 1000); // maxAge is in seconds
     }
 }

src/main/java/com/espacogeek/geek/config/SecurityConfig.java

@@ -49,9 +49,12 @@ public SecurityFilterChain configure(HttpSecurity http) throws Exception {
         authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
         var authenticationManager = authenticationManagerBuilder.build();
 
-        return http.csrf(csrf -> csrf.disable())
+        return http
+                    .cors(withDefaults())
+                    .csrf(csrf -> csrf.disable())
                     .authorizeHttpRequests(auth -> {
                         auth.requestMatchers("/api", "/graphiql/**").permitAll();
+                        auth.requestMatchers(org.springframework.http.HttpMethod.OPTIONS, "/**").permitAll();
                         auth.anyRequest().authenticated();
                     })
                     .sessionManagement(

src/main/java/com/espacogeek/geek/controllers/UserController.java

@@ -33,6 +33,36 @@ public List<UserModel> findUser(@Argument Integer id, @Argument String username,
         return userService.findByIdOrUsernameContainsOrEmail(id, username, email);
     }
 
+    @QueryMapping(name = "logout")
+    @PreAuthorize("hasRole('user')")
+    public String doLogoutUser(Authentication authentication) {
+        Integer userId = Utils.getUserID(authentication);
+
+        UserModel user = userService.findById(userId).get();
+        user.setJwtToken(null);
+        userService.save(user);
+
+        return HttpStatus.OK.toString();
+    }
+
+    @QueryMapping(name = "isLogged")
+    @PreAuthorize("hasRole('user')")
+    public String isUserLogged(Authentication authentication) {
+        Integer userId = Utils.getUserID(authentication);
+
+        UserModel user = userService.findById(userId).get();
+        String token = user.getJwtToken();
+        if (token != null) {
+            try {
+                if (jwtConfig.isValid(token)) {
+                    return HttpStatus.OK.toString();
+                }
+            } catch (Exception ignored) { }
+        }
+
+        throw new GenericException(HttpStatus.UNAUTHORIZED.toString());
+    }
+
     /**
      * Authenticate with email and password and return a JWT token.
      */

src/main/resources/.env.example

@@ -1,3 +1,7 @@
 SPRING_DATASOURCE_URL=jdbc:mysql://.../espacogeekdb
 SPRING_DATASOURCE_USERNAME=root
 SPRING_DATASOURCE_PASSWORD=root
+SPRING_MVC_CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:5173
+SECURITY_JWT_ISSUER=espacogeek
+SECURITY_JWT_EXPIRATION_MS=604800000
+SECURITY_JWT_SECRET=your_jwt_secret_key_here

src/main/resources/graphql/query.graphqls

@@ -8,41 +8,43 @@ type Query {
     Example: findUser(username: "john")
     """
     findUser(id: ID, username: String, email: String): [User]
-    
+
     """
     Search for TV series by ID or name.
     Example: tvserie(name: "Breaking Bad")
     """
     tvserie(id: ID, name: String): MediaPage
-    
+
     """
     Search for games by ID or name with pagination.
     Example: game(name: "The Last of Us", page: 0, size: 10)
     """
     game(id: ID, name: String, page: Int, size: Int): MediaPage
-    
+
     """
     Search for visual novels by ID or name with pagination.
     Example: vn(name: "Steins;Gate", page: 0, size: 10)
     """
     vn(id: ID, name: String, page: Int, size: Int): MediaPage
-    
+
     """
     Get detailed media information by ID.
     Example: media(id: "123")
     """
     media(id: ID): Media
-    
+
     """
     Authenticate and get JWT token.
     Example: login(email: "user@example.com", password: "password123")
     Returns: JWT token string
     """
     login(email: String, password: String): String
-    
+
     """
     Get a random daily quote with artwork.
     Example: dailyQuoteArtwork
     """
+    logout: String
+    isLogged: String
     dailyQuoteArtwork: QuoteArtwork
 }