rework after review

kursph · Nov 18, 2023 · 7a99ef8 · 7a99ef8
1 parent bd34ef1
commit 7a99ef8
Show file tree

Hide file tree

Showing 7 changed files with 51 additions and 35 deletions.
diff --git a/backend/src/main/java/com/kursph/auth/AuthenticationController.java b/backend/src/main/java/com/kursph/auth/AuthenticationController.java
@@ -17,12 +17,10 @@ public AuthenticationController(AuthenticationService authenticationService) {
     }
 
     @PostMapping("login")
-    public ResponseEntity<?> login(@RequestBody AuthenticationRequest authenticationRequest) {
-        AuthenticationResponse authenticationResponse = authenticationService.login(authenticationRequest);
-
-        return ResponseEntity
-                .ok()
-                .header(HttpHeaders.AUTHORIZATION, authenticationResponse.token())
-                .body(authenticationResponse);
+    public ResponseEntity<?> login(@RequestBody AuthenticationRequest request) {
+        AuthenticationResponse response = authenticationService.login(request);
+        return ResponseEntity.ok()
+                .header(HttpHeaders.AUTHORIZATION, response.token())
+                .body(response);
     }
 }
diff --git a/backend/src/main/java/com/kursph/auth/AuthenticationService.java b/backend/src/main/java/com/kursph/auth/AuthenticationService.java
@@ -15,17 +15,19 @@ public class AuthenticationService {
     private final CustomerDTOMapper customerDTOMapper;
     private final JWTUtil jwtUtil;
 
-    public AuthenticationService(AuthenticationManager authenticationManager, CustomerDTOMapper customerDTOMapper, JWTUtil jwtUtil) {
+    public AuthenticationService(AuthenticationManager authenticationManager,
+                                 CustomerDTOMapper customerDTOMapper,
+                                 JWTUtil jwtUtil) {
         this.authenticationManager = authenticationManager;
         this.customerDTOMapper = customerDTOMapper;
         this.jwtUtil = jwtUtil;
     }
 
-    public AuthenticationResponse login(AuthenticationRequest authenticationRequest) {
+    public AuthenticationResponse login(AuthenticationRequest request) {
         Authentication authentication = authenticationManager.authenticate(
                 new UsernamePasswordAuthenticationToken(
-                        authenticationRequest.username(),
-                        authenticationRequest.password()
+                        request.username(),
+                        request.password()
                 )
         );
         Customer principal = (Customer) authentication.getPrincipal();

diff --git a/backend/src/main/java/com/kursph/exception/ApiError.java b/backend/src/main/java/com/kursph/exception/ApiError.java
@@ -6,6 +6,6 @@ public record ApiError(
         String path,
         String message,
         int statusCode,
-        LocalDateTime localTime
+        LocalDateTime localDateTime
 ) {
 }
diff --git a/backend/src/main/java/com/kursph/exception/DefaultExceptionHandler.java b/backend/src/main/java/com/kursph/exception/DefaultExceptionHandler.java
@@ -13,9 +13,10 @@
 @ControllerAdvice
 public class DefaultExceptionHandler {
     @ExceptionHandler(ResourceNotFoundException.class)
-    public ResponseEntity<ApiError> handleException(ResourceNotFoundException e, HttpServletRequest httpServletRequest) {
+    public ResponseEntity<ApiError> handleException(ResourceNotFoundException e,
+                                                    HttpServletRequest request) {
         ApiError apiError = new ApiError(
-                httpServletRequest.getRequestURI(),
+                request.getRequestURI(),
                 e.getMessage(),
                 HttpStatus.NOT_FOUND.value(),
                 LocalDateTime.now()
@@ -25,9 +26,10 @@ public ResponseEntity<ApiError> handleException(ResourceNotFoundException e, Htt
     }
 
     @ExceptionHandler(InsufficientAuthenticationException.class)
-    public ResponseEntity<ApiError> handleException(InsufficientAuthenticationException e, HttpServletRequest httpServletRequest) {
+    public ResponseEntity<ApiError> handleException(InsufficientAuthenticationException e,
+                                                    HttpServletRequest request) {
         ApiError apiError = new ApiError(
-                httpServletRequest.getRequestURI(),
+                request.getRequestURI(),
                 e.getMessage(),
                 HttpStatus.FORBIDDEN.value(),
                 LocalDateTime.now()
@@ -37,9 +39,10 @@ public ResponseEntity<ApiError> handleException(InsufficientAuthenticationExcept
     }
 
     @ExceptionHandler(BadCredentialsException.class)
-    public ResponseEntity<ApiError> handleException(BadCredentialsException e, HttpServletRequest httpServletRequest) {
+    public ResponseEntity<ApiError> handleException(BadCredentialsException e,
+                                                    HttpServletRequest request) {
         ApiError apiError = new ApiError(
-                httpServletRequest.getRequestURI(),
+                request.getRequestURI(),
                 e.getMessage(),
                 HttpStatus.UNAUTHORIZED.value(),
                 LocalDateTime.now()
@@ -49,9 +52,10 @@ public ResponseEntity<ApiError> handleException(BadCredentialsException e, HttpS
     }
 
     @ExceptionHandler(Exception.class)
-    public ResponseEntity<ApiError> handleException(Exception e, HttpServletRequest httpServletRequest) {
+    public ResponseEntity<ApiError> handleException(Exception e,
+                                                    HttpServletRequest request) {
         ApiError apiError = new ApiError(
-                httpServletRequest.getRequestURI(),
+                request.getRequestURI(),
                 e.getMessage(),
                 HttpStatus.INTERNAL_SERVER_ERROR.value(),
                 LocalDateTime.now()

diff --git a/backend/src/main/java/com/kursph/exception/DelegatedAuthEntryPoint.java b/backend/src/main/java/com/kursph/exception/DelegatedAuthEntryPoint.java
@@ -11,16 +11,20 @@
 
 import java.io.IOException;
 
-@Component
+@Component("delegatedAuthEntryPoint")
 public class DelegatedAuthEntryPoint implements AuthenticationEntryPoint {
     private final HandlerExceptionResolver handlerExceptionResolver;
 
-    public DelegatedAuthEntryPoint(@Qualifier("handlerExceptionResolver") HandlerExceptionResolver handlerExceptionResolver) {
+    public DelegatedAuthEntryPoint(
+            @Qualifier("handlerExceptionResolver") HandlerExceptionResolver handlerExceptionResolver) {
         this.handlerExceptionResolver = handlerExceptionResolver;
     }
 
     @Override
-    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
+    public void commence(HttpServletRequest request,
+                         HttpServletResponse response,
+                         AuthenticationException authException)
+            throws IOException, ServletException {
         handlerExceptionResolver.resolveException(
                 request, response, null, authException
         );

diff --git a/backend/src/main/java/com/kursph/security/CorsConfig.java b/backend/src/main/java/com/kursph/security/CorsConfig.java
@@ -11,7 +11,6 @@
 
 @Configuration
 public class CorsConfig {
-
     @Value("#{'${cors.allowed-origins}'.split(',')}")
     private List<String> allowedOrigins;
 
@@ -22,15 +21,15 @@ public class CorsConfig {
     private List<String> allowedHeaders;
 
     @Value("#{'${cors.exposed-headers}'.split(',')}")
-    private List<String> exposedHeaders;
+    private List<String> expectedHeaders;
 
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
         configuration.setAllowedOrigins(allowedOrigins);
         configuration.setAllowedMethods(allowedMethods);
         configuration.setAllowedHeaders(allowedHeaders);
-        configuration.setAllowedHeaders(exposedHeaders);
+        configuration.setExposedHeaders(expectedHeaders);
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/api/**", configuration);
 

diff --git a/backend/src/main/java/com/kursph/security/SecurityFilterChainConfig.java b/backend/src/main/java/com/kursph/security/SecurityFilterChainConfig.java
@@ -1,6 +1,7 @@
 package com.kursph.security;
 
 import com.kursph.jwt.JWTAuthenticationFilter;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -20,18 +21,27 @@ public class SecurityFilterChainConfig {
     private final JWTAuthenticationFilter jwtAuthenticationFilter;
     private final AuthenticationEntryPoint authenticationEntryPoint;
 
-    public SecurityFilterChainConfig(AuthenticationProvider authenticationProvider, JWTAuthenticationFilter jwtAuthenticationFilter, AuthenticationEntryPoint authenticationEntryPoint) {
+    public SecurityFilterChainConfig(
+            AuthenticationProvider authenticationProvider,
+            JWTAuthenticationFilter jwtAuthenticationFilter,
+            @Qualifier("delegatedAuthEntryPoint") AuthenticationEntryPoint authenticationEntryPoint
+    ) {
         this.authenticationProvider = authenticationProvider;
         this.jwtAuthenticationFilter = jwtAuthenticationFilter;
         this.authenticationEntryPoint = authenticationEntryPoint;
     }
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
-        httpSecurity.csrf().disable()
+        httpSecurity
+                .csrf().disable()
                 .cors(Customizer.withDefaults())
                 .authorizeHttpRequests()
-                .requestMatchers(HttpMethod.POST, "/api/v1/customers", "/api/v1/auth/login")
+                .requestMatchers(
+                        HttpMethod.POST,
+                        "/api/v1/customers",
+                        "/api/v1/auth/login"
+                )
                 .permitAll()
                 .anyRequest()
                 .authenticated()
@@ -40,14 +50,13 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 .and()
                 .authenticationProvider(authenticationProvider)
-                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(
+                        jwtAuthenticationFilter,
+                        UsernamePasswordAuthenticationFilter.class
+                )
                 .exceptionHandling()
                 .authenticationEntryPoint(authenticationEntryPoint);
 
-        try {
-            return httpSecurity.build();
-        } catch (Exception e) {
-            throw new RuntimeException(e);
-        }
+        return httpSecurity.build();
     }
 }