notkshitij/SkycrateBackend
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactor JWT config and enhance security, improve file download, and fix refresh token cleanup

Browse Source 
- Restricted public auth endpoints to only /login and /register in SecurityConfig
- Added contentLength header and improved error response in FileController download API
- Refactored JwtService to load secret key and expiration from application properties
- Improved signing key handling using Base64 decoding
- Updated RefreshTokenRepository with @Transactional @Modifying delete query
- Ensured proper refresh token cleanup with flush() in RefreshTokenService
- Annotated refresh token methods with @Transactional for consistency
This commit is contained in:
K
2025-07-03 16:59:29 +05:30
parent 3920ec7fbd
commit c5ff741f8c
5 changed files with 27 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/main/java/com/skycrate/backend/skycrateBackend/config/SecurityConfig.java
+1 -1
View File
@@ -29,7 +29,7 @@ public class SecurityConfig {
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/auth/**", "/actuator/**").permitAll()
.requestMatchers("/api/auth/login", "/api/auth/register", "/actuator/**").permitAll()
.requestMatchers(HttpMethod.GET, "/public/**").permitAll()
.anyRequest().authenticated()
)