Change: public-authenticated routes in auth controller like login, refresh or change-password.

2026-01-31 01:59:51 +01:00
parent 4303caaf74
commit 681b6a3ba2
2 changed files with 8 additions and 5 deletions
--- a/core/src/main/java/net/miarma/backend/core/config/SecurityConfig.java
+++ b/core/src/main/java/net/miarma/backend/core/config/SecurityConfig.java
@@ -64,7 +64,10 @@ public class SecurityConfig {
                .accessDeniedHandler(accessDeniedHandler)
            )
            .authorizeHttpRequests(auth -> auth
-                .requestMatchers("/auth/**", "/screenshot").permitAll()
+                .requestMatchers("/auth/login").permitAll()
+                .requestMatchers("/auth/refresh").permitAll()
+                .requestMatchers("/auth/change-password").permitAll()
+                .requestMatchers("/screenshot").permitAll()
                .anyRequest().authenticated()
            );

--- a/core/src/main/java/net/miarma/backend/core/controller/AuthController.java
+++ b/core/src/main/java/net/miarma/backend/core/controller/AuthController.java
@@ -41,7 +41,7 @@ public class AuthController {
        return ResponseEntity.ok(authService.register(request));
    }
    
-    @PostMapping("/refresh")
+    @GetMapping("/refresh")
    public ResponseEntity<?> refreshToken(@RequestHeader("Authorization") String authHeader) {
        if (authHeader == null || !authHeader.startsWith("Bearer ")) {
            return ResponseEntity.status(401).body(