fix: return 401 when token is invalid

SSOCK · Jun 3, 2024 · d147a6e · d147a6e
1 parent 3bff0e6
commit d147a6e
Showing 1 changed file with 25 additions and 17 deletions.
diff --git a/src/main/java/com/runningmate/backend/jwt/filter/JwtAuthenticationFilter.java b/src/main/java/com/runningmate/backend/jwt/filter/JwtAuthenticationFilter.java
@@ -1,5 +1,6 @@
 package com.runningmate.backend.jwt.filter;
 
+import com.runningmate.backend.exception.InvalidTokenException;
 import com.runningmate.backend.jwt.service.JwtService;
 import com.runningmate.backend.member.repository.MemberRepository;
 import jakarta.servlet.FilterChain;
@@ -65,23 +66,30 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 //            return;
 //        }
 
-        jwtService.extractAccessToken(request).ifPresent(
-                accessToken -> jwtService.extractUsername(accessToken).ifPresent(
-                        username -> memberRepository.findByUsername(username).ifPresent(
-                                member -> {
-                                    UserDetails user = User.builder()
-                                            .username(member.getUsername())
-                                            .password(member.getPassword())
-                                            .roles(member.getRole().name())
-                                            .build();
-                                    //TODO: Create Custom UserDetails to store member so i do not need to do another findByUsername in controller
-                                    Authentication authentication = new UsernamePasswordAuthenticationToken(user, null, authoritiesMapper.mapAuthorities(user.getAuthorities()));
-                                    SecurityContextHolder.getContext().setAuthentication(authentication);
-                                }
-                        )
-                )
-        );
-        System.out.println("Went through extracting username from accessToken");
+        boolean tokenValid = jwtService.extractAccessToken(request)
+                .filter(jwtService::isTokenValid)
+                .flatMap(jwtService::extractUsername)
+                .flatMap(username -> memberRepository.findByUsername(username)
+                        .map(member -> {
+                            UserDetails user = User.builder()
+                                    .username(member.getUsername())
+                                    .password(member.getPassword())
+                                    .roles(member.getRole().name())
+                                    .build();
+                            Authentication authentication = new UsernamePasswordAuthenticationToken(user, null, authoritiesMapper.mapAuthorities(user.getAuthorities()));
+                            SecurityContextHolder.getContext().setAuthentication(authentication);
+                            return true;
+                        }))
+                .orElse(false);
+
+        // If the token is invalid, return a 401 response
+        if (!tokenValid) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.getWriter().write("{\"error\":\"Invalid token\"}");
+            response.setContentType("application/json");
+            return;
+        }
+
         filterChain.doFilter(request, response);
     }