vincentguillet/gameovergne-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor AuthController to support both POST and GET methods for refresh token

Browse Source
This commit is contained in:
Vincent Guillet
2025-11-28 18:47:15 +01:00
parent 9e350ec2b5
commit 411c407a40
1 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
api/src/main/java/fr/gameovergne/api/controller/auth/AuthController.java
View File

@@ -46,7 +46,7 @@ public class AuthController {
.httpOnly(true) .httpOnly(true)
.secure(false) // true en prod .secure(false) // true en prod
.path("/") .path("/")
.maxAge(0) // Expire immédiatement .maxAge(0) // expire immédiatement
.sameSite("Lax") .sameSite("Lax")
.build(); .build();
response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString()); response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
@@ -65,8 +65,19 @@ public class AuthController {
.orElse(ResponseEntity.notFound().build()); .orElse(ResponseEntity.notFound().build());
} }
// --------- REFRESH TOKEN : accepte POST et GET ---------
@PostMapping("/refresh") @PostMapping("/refresh")
public ResponseEntity<AuthResponse> refresh(HttpServletRequest request, HttpServletResponse response) { public ResponseEntity<AuthResponse> refreshPost(HttpServletRequest request, HttpServletResponse response) {
return handleRefresh(request, response);
}
@GetMapping("/refresh")
public ResponseEntity<AuthResponse> refreshGet(HttpServletRequest request, HttpServletResponse response) {
return handleRefresh(request, response);
}
private ResponseEntity<AuthResponse> handleRefresh(HttpServletRequest request, HttpServletResponse response) {
String refreshToken = null; String refreshToken = null;
if (request.getCookies() != null) { if (request.getCookies() != null) {
refreshToken = Arrays.stream(request.getCookies()) refreshToken = Arrays.stream(request.getCookies())
@@ -75,17 +86,20 @@ public class AuthController {
.map(Cookie::getValue) .map(Cookie::getValue)
.orElse(null); .orElse(null);
} }
if (refreshToken == null) { if (refreshToken == null) {
// Pas de cookie -> pas d'erreur réseau // Pas de cookie -> on ne casse pas le front, juste 204
return ResponseEntity.noContent().build(); return ResponseEntity.noContent().build();
} }
return authService.refresh(refreshToken) return authService.refresh(refreshToken)
.map(authResponse -> createAuthResponse(authResponse, response)) .map(authResponse -> createAuthResponse(authResponse, response))
// Token inconnu/expiré -> pas d'erreur réseau non plus // Token inconnu/expiré -> 204 aussi, pas d'erreur réseau
.orElse(ResponseEntity.noContent().build()); .orElse(ResponseEntity.noContent().build());
} }
// --------- Utilitaire pour poser le cookie + réponse ---------
private ResponseEntity<AuthResponse> createAuthResponse(AuthResponse authResponse, HttpServletResponse response) { private ResponseEntity<AuthResponse> createAuthResponse(AuthResponse authResponse, HttpServletResponse response) {
ResponseCookie cookie = ResponseCookie.from("refreshToken", authResponse.refreshToken()) ResponseCookie cookie = ResponseCookie.from("refreshToken", authResponse.refreshToken())
.httpOnly(true) .httpOnly(true)