Refactor AuthController to support both POST and GET methods for refresh token

2025-11-28 18:47:15 +01:00
parent 9e350ec2b5
commit 411c407a40
1 changed files with 18 additions and 4 deletions
--- a/api/src/main/java/fr/gameovergne/api/controller/auth/AuthController.java
+++ b/api/src/main/java/fr/gameovergne/api/controller/auth/AuthController.java
@@ -46,7 +46,7 @@ public class AuthController {
                .httpOnly(true)
                .secure(false) // true en prod
                .path("/")
-                .maxAge(0) // Expire immédiatement
+                .maxAge(0) // expire immédiatement
                .sameSite("Lax")
                .build();
        response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
@@ -65,8 +65,19 @@ public class AuthController {
                .orElse(ResponseEntity.notFound().build());
    }

+    // --------- REFRESH TOKEN : accepte POST et GET ---------
+
    @PostMapping("/refresh")
-    public ResponseEntity<AuthResponse> refresh(HttpServletRequest request, HttpServletResponse response) {
+    public ResponseEntity<AuthResponse> refreshPost(HttpServletRequest request, HttpServletResponse response) {
+        return handleRefresh(request, response);
+    }
+
+    @GetMapping("/refresh")
+    public ResponseEntity<AuthResponse> refreshGet(HttpServletRequest request, HttpServletResponse response) {
+        return handleRefresh(request, response);
+    }
+
+    private ResponseEntity<AuthResponse> handleRefresh(HttpServletRequest request, HttpServletResponse response) {
        String refreshToken = null;
        if (request.getCookies() != null) {
            refreshToken = Arrays.stream(request.getCookies())
@@ -75,17 +86,20 @@ public class AuthController {
                    .map(Cookie::getValue)
                    .orElse(null);
        }
+
        if (refreshToken == null) {
-            // Pas de cookie -> pas d'erreur réseau
+            // Pas de cookie -> on ne casse pas le front, juste 204
            return ResponseEntity.noContent().build();
        }

        return authService.refresh(refreshToken)
                .map(authResponse -> createAuthResponse(authResponse, response))
-                // Token inconnu/expiré -> pas d'erreur réseau non plus
+                // Token inconnu/expiré -> 204 aussi, pas d'erreur réseau
                .orElse(ResponseEntity.noContent().build());
    }

+    // --------- Utilitaire pour poser le cookie + réponse ---------
+
    private ResponseEntity<AuthResponse> createAuthResponse(AuthResponse authResponse, HttpServletResponse response) {
        ResponseCookie cookie = ResponseCookie.from("refreshToken", authResponse.refreshToken())
                .httpOnly(true)