Adjusts on module authenticatior

2025-12-16 20:45:24 +00:00 · 2025-12-16 20:45:24 +00:00 · ef8c2e8ca0
commit ef8c2e8ca0
parent ba691f850f
4 changed files with 67 additions and 33 deletions
--- a/auth-service-api/build.gradle
+++ b/auth-service-api/build.gradle
@ -1,6 +1,6 @@
 plugins {
 	id 'java'
-	id 'org.springframework.boot' version '3.5.8'
+	id 'org.springframework.boot' version '3.3.5'
 	id 'io.spring.dependency-management' version '1.1.7'
 	id 'org.graalvm.buildtools.native' version '0.10.6'
 }
--- a/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/configs/SecurityConfig.java
+++ b/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/configs/SecurityConfig.java
@ -0,0 +1,48 @@
+package br.com.rayankonecny.authserviceapi.configs;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+@Configuration
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+
+        http
+            .authorizeHttpRequests(auth -> auth
+                // AUTH
+                .requestMatchers("/auth/login").permitAll()
+
+                // SWAGGER / OPENAPI
+                .requestMatchers(
+                    "/v3/api-docs/**",
+                    "/swagger-ui/**",
+                    "/swagger-ui.html",
+                    "/swagger-ui/index.html"
+                ).permitAll()
+
+                // TODO o resto protegido
+                .anyRequest().authenticated()
+            )
+
+            // API pura → sem Basic
+            .httpBasic(httpBasic -> httpBasic.disable())
+
+            // Stateless (JWT)
+            .csrf(csrf -> csrf.disable())
+
+            // Sem sessão
+            .sessionManagement(session ->
+                session.sessionCreationPolicy(
+                    org.springframework.security.config.http.SessionCreationPolicy.STATELESS
+                )
+            );
+
+        return http.build();
+    }
+}
--- a/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/controllers/exceptions/ControllerExceptionHandler.java
+++ b/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/controllers/exceptions/ControllerExceptionHandler.java
@ -11,7 +11,6 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
 import jakarta.servlet.http.HttpServletRequest;

 import br.com.rayankonecny.hdcommoslib.models.exceptions.ValidationException;
-import br.com.rayankonecny.hdcommoslib.models.exceptions.ResourceNotFoundException;
 import br.com.rayankonecny.hdcommoslib.models.exceptions.StandardError;

 import static java.time.LocalDateTime.now;
@ -24,20 +23,30 @@ import java.util.ArrayList;
 public class ControllerExceptionHandler {

  @ExceptionHandler(UsernameNotFoundException.class)
-  ResponseEntity<StandardError> handleNotFoundException(final ResourceNotFoundException ex,
-      final HttpServletRequest request) {
+  ResponseEntity<StandardError> handleNotFoundException(final UsernameNotFoundException ex, final HttpServletRequest request) {
+
    return ResponseEntity.status(NOT_FOUND).body(

-        StandardError.builder().timestamp(now()).status(NOT_FOUND.value()).error(NOT_FOUND.getReasonPhrase())
-            .message(ex.getMessage()).path(request.getRequestURI()).build());
+        StandardError.builder()
+                    .timestamp(now())
+                    .status(NOT_FOUND.value())
+                    .error(NOT_FOUND.getReasonPhrase())
+                    .message(ex.getMessage())
+                    .path(request.getRequestURI())
+                    .build());
  }

  @ExceptionHandler(MethodArgumentNotValidException.class)
-  ResponseEntity<StandardError> handleMethodArgumentNotValidException(final MethodArgumentNotValidException ex,
-      final HttpServletRequest request) {
+  ResponseEntity<StandardError> handleMethodArgumentNotValidException(final MethodArgumentNotValidException ex, final HttpServletRequest request) {

-    var error = ValidationException.builder().timestamp(now()).status(BAD_REQUEST.value()).error("Validation Exception")
-        .message("Exception in validation attributes").path(request.getRequestURI()).errors(new ArrayList<>()).build();
+      var error = ValidationException.builder()
+                                    .timestamp(now())
+                                    .status(BAD_REQUEST.value())
+                                    .error("Validation Exception")
+          .message("Exception in validation attributes")
+          .path(request.getRequestURI())
+          .errors(new ArrayList<>())
+          .build();

    for (FieldError fieldError : ex.getBindingResult().getFieldErrors()) {
      error.addError(fieldError.getField(), fieldError.getDefaultMessage());
--- a/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/utils/JwtKeyProvider.java
+++ b/auth-service-api/src/main/java/br/com/rayankonecny/authserviceapi/utils/JwtKeyProvider.java
@ -1,23 +0,0 @@
-package br.com.rayankonecny.authserviceapi.utils;
-
-import io.jsonwebtoken.security.Keys;
-
-import javax.crypto.SecretKey;
-import java.util.Base64;
-
-public final class JwtKeyProvider {
-
-  // 🔥 REGRA DE OURO:
-  // Isso NÃO deve ficar hardcoded em produção.
-  // Use ENV VAR, Vault, Kubernetes Secret, etc.
-  private static final String BASE64_SECRET = "c3VwZXItc2VndXJhLWNoYXZlLWp3dC1jb20tMzItYnl0ZXM=";
-
-  private JwtKeyProvider() {
-    // evita instância acidental
-  }
-
-  public static SecretKey getKey() {
-    byte[] keyBytes = Base64.getDecoder().decode(BASE64_SECRET);
-    return Keys.hmacShaKeyFor(keyBytes);
-  }
-}