Merge pull request #35 from TP-RENTPLACE/feature/(TP-77)-add-auth-module

(TP-77) feat: change Cookie to ResponseCookie and add method samesite()

Author: Kattsyn

rentplace/src/main/java/kattsyn/dev/rentplace/controllers/AuthController.java

@@ -3,7 +3,6 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.security.auth.message.AuthException;
-import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletResponse;
 import kattsyn.dev.rentplace.dtos.CodeRequest;
 import kattsyn.dev.rentplace.dtos.JwtRequest;
@@ -12,9 +11,13 @@
 import kattsyn.dev.rentplace.services.AuthService;
 import kattsyn.dev.rentplace.services.VerificationCodeService;
 import lombok.RequiredArgsConstructor;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
+import java.time.Duration;
+
 @RestController
 @RequestMapping("${api.path}/auth")
 @RequiredArgsConstructor
@@ -43,6 +46,17 @@ public ResponseEntity<JwtResponse> login(@RequestBody JwtRequest authRequest,
                                              HttpServletResponse response) throws AuthException {
         JwtResponse tokens = authService.login(authRequest);
 
+        ResponseCookie refreshCookie = ResponseCookie.from("refreshToken", tokens.getRefreshToken())
+                .httpOnly(true)
+                .secure(true) // обязательно для SameSite=None
+                .sameSite("None") // <== вот это ключевое
+                .path("/")
+                .maxAge(Duration.ofDays(30)) // чтобы не исчезала
+                .build();
+
+        response.addHeader(HttpHeaders.SET_COOKIE, refreshCookie.toString());
+
+        /*
         // Настройка cookie для refresh token
         Cookie refreshTokenCookie = new Cookie("refreshToken", tokens.getRefreshToken());
         refreshTokenCookie.setHttpOnly(true);
@@ -52,6 +66,8 @@ public ResponseEntity<JwtResponse> login(@RequestBody JwtRequest authRequest,
 
         response.addCookie(refreshTokenCookie);
 
+         */
+
         return ResponseEntity.ok()
                 .body(new JwtResponse(tokens.getAccessToken(), null));
     }
@@ -74,13 +90,27 @@ public ResponseEntity<JwtResponse> getNewAccessToken(@RequestBody RefreshJwtRequ
     public ResponseEntity<JwtResponse> refresh(@CookieValue(name = "refreshToken") String refreshToken, HttpServletResponse response) throws AuthException {
         JwtResponse jwtResponse = authService.refresh(refreshToken);
 
+        /*
         Cookie refreshCookie = new Cookie("refreshToken", jwtResponse.getRefreshToken());
         refreshCookie.setHttpOnly(true);
         refreshCookie.setSecure(true);
         refreshCookie.setPath("/");
         refreshCookie.setMaxAge(30 * 24 * 60 * 60);
         response.addCookie(refreshCookie);
 
+         */
+
+        ResponseCookie refreshCookie = ResponseCookie.from("refreshToken", jwtResponse.getRefreshToken())
+                .httpOnly(true)
+                .secure(true)
+                .sameSite("None")
+                .path("/")
+                .maxAge(Duration.ofDays(30))
+                .build();
+
+        response.addHeader(HttpHeaders.SET_COOKIE, refreshCookie.toString());
+
+
         return ResponseEntity.ok()
                 .body(new JwtResponse(jwtResponse.getAccessToken(), null));
     }