From ef8c2e8ca051fad09301706f922ee7f6bbaa017d Mon Sep 17 00:00:00 2001
From: rayankonecny <rayanvix@gmail.com>
Date: Tue, 16 Dec 2025 20:45:24 +0000
Subject: [PATCH] Adjusts on module authenticatior

---
 auth-service-api/build.gradle                 |  2 +-
 .../configs/SecurityConfig.java               | 48 +++++++++++++++++++
 .../ControllerExceptionHandler.java           | 27 +++++++----
 .../authserviceapi/utils/JwtKeyProvider.java  | 23 ---------
 4 files changed, 67 insertions(+), 33 deletions(-)
 create mode 100644 auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/configs/SecurityConfig.java
 delete mode 100644 auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/utils/JwtKeyProvider.java

diff --git a/auth-service-api/build.gradle b/auth-service-api/build.gradle
index 1f8b32c..976c35d 100644
--- a/auth-service-api/build.gradle
+++ b/auth-service-api/build.gradle
@@ -1,6 +1,6 @@
 plugins {
 	id 'java'
-	id 'org.springframework.boot' version '3.5.8'
+	id 'org.springframework.boot' version '3.3.5'
 	id 'io.spring.dependency-management' version '1.1.7'
 	id 'org.graalvm.buildtools.native' version '0.10.6'
 }
diff --git a/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/configs/SecurityConfig.java b/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/configs/SecurityConfig.java
new file mode 100644
index 0000000..3771c36
--- /dev/null
+++ b/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/configs/SecurityConfig.java
@@ -0,0 +1,48 @@
+package br.com.rayankonecny.authserviceapi.configs;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+@Configuration
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+
+        http
+            .authorizeHttpRequests(auth -> auth
+                // AUTH
+                .requestMatchers("/auth/login").permitAll()
+
+                // SWAGGER / OPENAPI
+                .requestMatchers(
+                    "/v3/api-docs/**",
+                    "/swagger-ui/**",
+                    "/swagger-ui.html",
+                    "/swagger-ui/index.html"
+                ).permitAll()
+
+                // TODO o resto protegido
+                .anyRequest().authenticated()
+            )
+
+            // API pura → sem Basic
+            .httpBasic(httpBasic -> httpBasic.disable())
+
+            // Stateless (JWT)
+            .csrf(csrf -> csrf.disable())
+
+            // Sem sessão
+            .sessionManagement(session ->
+                session.sessionCreationPolicy(
+                    org.springframework.security.config.http.SessionCreationPolicy.STATELESS
+                )
+            );
+
+        return http.build();
+    }
+}
diff --git a/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/controllers/exceptions/ControllerExceptionHandler.java b/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/controllers/exceptions/ControllerExceptionHandler.java
index c9ec3f8..a6cf2f9 100644
--- a/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/controllers/exceptions/ControllerExceptionHandler.java
+++ b/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/controllers/exceptions/ControllerExceptionHandler.java
@@ -11,7 +11,6 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
 import jakarta.servlet.http.HttpServletRequest;
 
 import br.com.rayankonecny.hdcommoslib.models.exceptions.ValidationException;
-import br.com.rayankonecny.hdcommoslib.models.exceptions.ResourceNotFoundException;
 import br.com.rayankonecny.hdcommoslib.models.exceptions.StandardError;
 
 import static java.time.LocalDateTime.now;
@@ -24,20 +23,30 @@ import java.util.ArrayList;
 public class ControllerExceptionHandler {
 
   @ExceptionHandler(UsernameNotFoundException.class)
-  ResponseEntity<StandardError> handleNotFoundException(final ResourceNotFoundException ex,
-      final HttpServletRequest request) {
+  ResponseEntity<StandardError> handleNotFoundException(final UsernameNotFoundException ex, final HttpServletRequest request) {
+
     return ResponseEntity.status(NOT_FOUND).body(
 
-        StandardError.builder().timestamp(now()).status(NOT_FOUND.value()).error(NOT_FOUND.getReasonPhrase())
-            .message(ex.getMessage()).path(request.getRequestURI()).build());
+        StandardError.builder()
+                    .timestamp(now())
+                    .status(NOT_FOUND.value())
+                    .error(NOT_FOUND.getReasonPhrase())
+                    .message(ex.getMessage())
+                    .path(request.getRequestURI())
+                    .build());
   }
 
   @ExceptionHandler(MethodArgumentNotValidException.class)
-  ResponseEntity<StandardError> handleMethodArgumentNotValidException(final MethodArgumentNotValidException ex,
-      final HttpServletRequest request) {
+  ResponseEntity<StandardError> handleMethodArgumentNotValidException(final MethodArgumentNotValidException ex, final HttpServletRequest request) {
 
-    var error = ValidationException.builder().timestamp(now()).status(BAD_REQUEST.value()).error("Validation Exception")
-        .message("Exception in validation attributes").path(request.getRequestURI()).errors(new ArrayList<>()).build();
+      var error = ValidationException.builder()
+                                    .timestamp(now())
+                                    .status(BAD_REQUEST.value())
+                                    .error("Validation Exception")
+          .message("Exception in validation attributes")
+          .path(request.getRequestURI())
+          .errors(new ArrayList<>())
+          .build();
 
     for (FieldError fieldError : ex.getBindingResult().getFieldErrors()) {
       error.addError(fieldError.getField(), fieldError.getDefaultMessage());
diff --git a/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/utils/JwtKeyProvider.java b/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/utils/JwtKeyProvider.java
deleted file mode 100644
index 11eba14..0000000
--- a/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/utils/JwtKeyProvider.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package br.com.rayankonecny.authserviceapi.utils;
-
-import io.jsonwebtoken.security.Keys;
-
-import javax.crypto.SecretKey;
-import java.util.Base64;
-
-public final class JwtKeyProvider {
-
-  // 🔥 REGRA DE OURO:
-  // Isso NÃO deve ficar hardcoded em produção.
-  // Use ENV VAR, Vault, Kubernetes Secret, etc.
-  private static final String BASE64_SECRET = "c3VwZXItc2VndXJhLWNoYXZlLWp3dC1jb20tMzItYnl0ZXM=";
-
-  private JwtKeyProvider() {
-    // evita instância acidental
-  }
-
-  public static SecretKey getKey() {
-    byte[] keyBytes = Base64.getDecoder().decode(BASE64_SECRET);
-    return Keys.hmacShaKeyFor(keyBytes);
-  }
-}