Change: public-authenticated routes in auth controller like login, refresh or change-password.

core/src/main/java/net/miarma/backend/core/config/SecurityConfig.java

@@ -64,7 +64,10 @@ public class SecurityConfig {
                 .accessDeniedHandler(accessDeniedHandler)
             )
             .authorizeHttpRequests(auth -> auth
-                .requestMatchers("/auth/**", "/screenshot").permitAll()
+                .requestMatchers("/auth/login").permitAll()
+                .requestMatchers("/auth/refresh").permitAll()
+                .requestMatchers("/auth/change-password").permitAll()
+                .requestMatchers("/screenshot").permitAll()
                 .anyRequest().authenticated()
             );
 

core/src/main/java/net/miarma/backend/core/controller/AuthController.java

@@ -41,7 +41,7 @@ public class AuthController {
         return ResponseEntity.ok(authService.register(request));
     }
     
-    @PostMapping("/refresh")
+    @GetMapping("/refresh")
     public ResponseEntity<?> refreshToken(@RequestHeader("Authorization") String authHeader) {
         if (authHeader == null || !authHeader.startsWith("Bearer ")) {
             return ResponseEntity.status(401).body(