(TP-77) feat: add cookies handling

Kattsyn · Kattsyn · commit cc8b1f16aa14 · 2025-05-02T16:37:38.000+03:00
diff --git a/rentplace/src/main/java/kattsyn/dev/rentplace/configs/SecurityConfig.java b/rentplace/src/main/java/kattsyn/dev/rentplace/configs/SecurityConfig.java
@@ -9,6 +9,7 @@
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -65,6 +66,7 @@ public void init() {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
+                .cors(Customizer.withDefaults())
                 .csrf(CsrfConfigurer::disable)
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(
diff --git a/rentplace/src/main/java/kattsyn/dev/rentplace/controllers/AuthController.java b/rentplace/src/main/java/kattsyn/dev/rentplace/controllers/AuthController.java
@@ -3,6 +3,8 @@
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.security.auth.message.AuthException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
 import kattsyn.dev.rentplace.dtos.CodeRequest;
 import kattsyn.dev.rentplace.dtos.JwtRequest;
 import kattsyn.dev.rentplace.dtos.JwtResponse;
@@ -11,10 +13,7 @@
 import kattsyn.dev.rentplace.services.VerificationCodeService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 @RestController
 @RequestMapping("${api.path}/auth")
@@ -40,9 +39,21 @@ public ResponseEntity<JwtResponse> login(@RequestBody CodeRequest codeRequest) {
             description = "Получает email и код с почты. Возвращает JWT токены"
     )
     @PostMapping("/login")
-    public ResponseEntity<JwtResponse> login(@RequestBody JwtRequest authRequest) throws AuthException {
-        final JwtResponse token = authService.login(authRequest);
-        return ResponseEntity.ok(token);
+    public ResponseEntity<JwtResponse> login(@RequestBody JwtRequest authRequest,
+                                             HttpServletResponse response) throws AuthException {
+        JwtResponse tokens = authService.login(authRequest);
+
+        // Настройка cookie для refresh token
+        Cookie refreshTokenCookie = new Cookie("refreshToken", tokens.getRefreshToken());
+        refreshTokenCookie.setHttpOnly(true);
+        refreshTokenCookie.setSecure(true); // Для HTTPS
+        refreshTokenCookie.setPath("/");
+        refreshTokenCookie.setMaxAge(30 * 24 * 60 * 60); // 30 дней
+
+        response.addCookie(refreshTokenCookie);
+
+        return ResponseEntity.ok()
+                .body(new JwtResponse(tokens.getAccessToken(), null));
     }
 
     @Operation(
@@ -60,9 +71,18 @@ public ResponseEntity<JwtResponse> getNewAccessToken(@RequestBody RefreshJwtRequ
             description = "Принимает еще не истекший RefreshToken и возвращает новый, продленный."
     )
     @PostMapping("/refresh")
-    public ResponseEntity<JwtResponse> getNewRefreshToken(@RequestBody RefreshJwtRequest request) throws AuthException {
-        final JwtResponse token = authService.refresh(request.getRefreshToken());
-        return ResponseEntity.ok(token);
+    public ResponseEntity<JwtResponse> refresh(@CookieValue(name = "refreshToken") String refreshToken, HttpServletResponse response) throws AuthException {
+        JwtResponse jwtResponse = authService.refresh(refreshToken);
+
+        Cookie refreshCookie = new Cookie("refreshToken", jwtResponse.getRefreshToken());
+        refreshCookie.setHttpOnly(true);
+        refreshCookie.setSecure(true);
+        refreshCookie.setPath("/");
+        refreshCookie.setMaxAge(30 * 24 * 60 * 60);
+        response.addCookie(refreshCookie);
+
+        return ResponseEntity.ok()
+                .body(new JwtResponse(jwtResponse.getAccessToken(), null));
     }
 
 }
