marcel/mealprep
1
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
32bfcd5c162519a6f3010787420cb2dd5921a351
mealprep/backend/src/main/java/com/recipeapp/auth/AuthController.java
Marcel Raddatz 0b182a33fd refactor(auth): extract authenticateInSession to AuthService 
Remove duplicated private authenticateInSession from AuthController and
HouseholdController. Add a single public implementation on AuthService
with session fixation protection built in. HouseholdController now
injects AuthService and passes role "user" for invite-accepted accounts.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 22:24:58 +02:00

67 lines
2.4 KiB
Java
Raw Blame History

package com.recipeapp.auth;
import com.recipeapp.auth.dto.*;
import com.recipeapp.common.ApiResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import jakarta.validation.Valid;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.security.Principal;
@RestController
@RequestMapping("/v1/auth")
public class AuthController {
private final AuthService authService;
public AuthController(AuthService authService) {
this.authService = authService;
}
@PostMapping("/signup")
public ResponseEntity<ApiResponse<UserResponse>> signup(
@Valid @RequestBody SignupRequest request,
HttpServletRequest httpRequest) {
UserResponse user = authService.signup(request);
authService.authenticateInSession(user.email(), "user", httpRequest);
return ResponseEntity.status(HttpStatus.CREATED).body(ApiResponse.success(user));
}
@PostMapping("/login")
public ResponseEntity<ApiResponse<UserResponse>> login(
@Valid @RequestBody LoginRequest request,
HttpServletRequest httpRequest) {
UserResponse user = authService.login(request);
authService.authenticateInSession(user.email(), user.systemRole() != null ? user.systemRole() : "user", httpRequest);
return ResponseEntity.ok(ApiResponse.success(user));
}
@PostMapping("/logout")
public ResponseEntity<Void> logout(HttpServletRequest httpRequest) {
HttpSession session = httpRequest.getSession(false);
if (session != null) {
session.invalidate();
}
SecurityContextHolder.clearContext();
return ResponseEntity.noContent().build();
}
@GetMapping("/me")
public ResponseEntity<ApiResponse<UserResponse>> me(Principal principal) {
UserResponse user = authService.getCurrentUser(principal.getName());
return ResponseEntity.ok(ApiResponse.success(user));
}
@PatchMapping("/me")
public ResponseEntity<ApiResponse<UserResponse>> updateProfile(
Principal principal,
@Valid @RequestBody UpdateProfileRequest request) {
UserResponse user = authService.updateProfile(principal.getName(), request);
return ResponseEntity.ok(ApiResponse.success(user));
}
}
Reference in New Issue View Git Blame Copy Permalink