Change: public-authenticated routes in auth controller like login, refresh or change-password.

core/src/main/java/net/miarma/backend/core/config/SecurityConfig.java

@@ -64,7 +64,10 @@ public class SecurityConfig {
                 .accessDeniedHandler(accessDeniedHandler)
             )
             .authorizeHttpRequests(auth -> auth
-                .requestMatchers("/auth/**", "/screenshot").permitAll()
+                .requestMatchers("/auth/login").permitAll()
+                .requestMatchers("/auth/refresh").permitAll()
+                .requestMatchers("/auth/change-password").permitAll()
+                .requestMatchers("/screenshot").permitAll()
                 .anyRequest().authenticated()
             );
 

core/src/main/java/net/miarma/backend/core/controller/AuthController.java

@@ -41,7 +41,7 @@ public class AuthController {
         return ResponseEntity.ok(authService.register(request));
     }
     
-    @PostMapping("/refresh")
+    @GetMapping("/refresh")
     public ResponseEntity<?> refreshToken(@RequestHeader("Authorization") String authHeader) {
         if (authHeader == null || !authHeader.startsWith("Bearer ")) {
             return ResponseEntity.status(401).body(
@@ -72,9 +72,9 @@ public class AuthController {
         String newToken = jwtService.generateToken(userId, serviceId);
 
         return ResponseEntity.ok(Map.of(
-                "token", newToken,
+            "token", newToken,
-                "userId", userId,
+            "userId", userId,
-                "serviceId", serviceId
+            "serviceId", serviceId
         ));
     }