diff --git a/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java b/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java index 3c7dcc4..5352ffe 100644 --- a/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java +++ b/src/main/java/app/mealsmadeeasy/api/auth/AuthController.java @@ -1,6 +1,7 @@ package app.mealsmadeeasy.api.auth; import app.mealsmadeeasy.api.security.AuthToken; +import org.jetbrains.annotations.Nullable; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseCookie; @@ -11,7 +12,7 @@ import org.springframework.web.bind.annotation.*; @RequestMapping("/auth") public final class AuthController { - private static ResponseCookie getRefreshTokenCookie(String token, long maxAge) { + private static ResponseCookie getRefreshTokenCookie(@Nullable String token, long maxAge) { final ResponseCookie.ResponseCookieBuilder b = ResponseCookie.from("refresh-token") .httpOnly(true) .secure(true) @@ -57,18 +58,23 @@ public final class AuthController { @PostMapping("/refresh") public ResponseEntity refresh( - @CookieValue(value = "refresh-token") String oldRefreshToken + @CookieValue(value = "refresh-token", required = false) @Nullable String oldRefreshToken ) { - try { - final LoginDetails loginDetails = this.authService.refresh(oldRefreshToken); - return this.getLoginViewResponseEntity(loginDetails); - } catch (LoginException loginException) { - return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); + if (oldRefreshToken != null) { + try { + final LoginDetails loginDetails = this.authService.refresh(oldRefreshToken); + return this.getLoginViewResponseEntity(loginDetails); + } catch (LoginException loginException) { + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); + } } + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); } @PostMapping("/logout") - public ResponseEntity logout(@CookieValue(value = "refresh-token", required = false) String refreshToken) { + public ResponseEntity logout( + @CookieValue(value = "refresh-token", required = false) @Nullable String refreshToken + ) { if (refreshToken != null) { this.authService.logout(refreshToken); } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index e1865f3..e809717 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -5,8 +5,8 @@ spring.datasource.username=meals-made-easy-api-user spring.datasource.password=devpass spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver app.mealsmadeeasy.api.baseUrl=http://localhost:8080 -app.mealsmadeeasy.api.security.access-token-lifetime=10 -app.mealsmadeeasy.api.security.refresh-token-lifetime=120 +app.mealsmadeeasy.api.security.access-token-lifetime=60 +app.mealsmadeeasy.api.security.refresh-token-lifetime=3600 app.mealsmadeeasy.api.minio.endpoint=http://localhost:9000 app.mealsmadeeasy.api.minio.accessKey=minio-root app.mealsmadeeasy.api.minio.secretKey=test0123