Changeset 0f3afae

Timestamp:

01/28/25 00:49:06 (3 months ago)

Author:

Nikola Jordanoski <nikolaj_koko@…>

Branches:

master

Children:

ac41d70

Parents:

bf28e50

Message:

Small security optimization

Location:

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo

Files:

• config/WebSecurityConfig.java (modified) (2 diffs)
• service/impl/JWTServiceImpl.java (modified) (1 diff)

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/config/WebSecurityConfig.java

@@ -4 +4 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.lang.NonNull;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
@@ -57 +58 @@
         return new WebMvcConfigurer() {
             @Override
-            public void addCorsMappings(CorsRegistry registry) {
-                registry.addMapping("/**")
+            public void addCorsMappings(@NonNull CorsRegistry registry) {
+                registry.addMapping("/api/**")
                         .allowedOrigins("http://localhost:5173")
-                        .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+                        .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD")
                         .allowedHeaders("*")
                         .allowCredentials(true);

ReserveNGo-backend/src/main/java/mk/ukim/finki/it/reservengo/service/impl/JWTServiceImpl.java

@@ -48 +48 @@
     @Override
     public String generateToken(User user) {
-        return Jwts.builder().setSubject(user.getUsername())
-                .claim("name", user.getFirstName())
+        return Jwts.builder()
+                .setSubject(user.getUsername())
                 .claim("role", user.getUserRole())
                 .claim("id", user.getId())