androidlover5842/TrisolarisServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Return 401 for auth failures and log verify
All checks were successful
build-and-deploy / build-deploy (push) Successful in 27s
Details

Browse Source
This commit is contained in:
androidlover5842
2026-01-26 21:36:22 +05:30
parent 7ec8d6d350
commit 2c337b8709
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/kotlin/com/android/trisolarisserver/controller/Auth.kt
View File

@@ -80,10 +80,12 @@ class Auth(
val decoded = try { val decoded = try {
FirebaseAuth.getInstance().verifyIdToken(token) FirebaseAuth.getInstance().verifyIdToken(token)
} catch (ex: Exception) { } catch (ex: Exception) {
logger.warn("Auth verify failed: {}", ex.message)
throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Invalid token") throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Invalid token")
} }
val user = appUserRepo.findByFirebaseUid(decoded.uid) val user = appUserRepo.findByFirebaseUid(decoded.uid)
?: throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not found") ?: throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not found")
logger.info("Auth verify resolved uid={}, userId={}", decoded.uid, user.id)
return MyPrincipal( return MyPrincipal(
userId = user.id ?: throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "User id missing"), userId = user.id ?: throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "User id missing"),
firebaseUid = decoded.uid firebaseUid = decoded.uid

8
src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
View File

@@ -7,6 +7,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.http.SessionCreationPolicy import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.web.SecurityFilterChain import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
import org.springframework.security.web.authentication.HttpStatusEntryPoint
import org.springframework.http.HttpStatus
@Configuration(proxyBeanMethods = false) @Configuration(proxyBeanMethods = false)
@EnableMethodSecurity @EnableMethodSecurity
@@ -22,6 +24,12 @@ class SecurityConfig(
it.requestMatchers("/", "/health", "/auth/**").permitAll() it.requestMatchers("/", "/health", "/auth/**").permitAll()
it.anyRequest().authenticated() it.anyRequest().authenticated()
} }
.exceptionHandling {
it.authenticationEntryPoint(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
it.accessDeniedHandler { _, response, _ ->
response.sendError(HttpStatus.UNAUTHORIZED.value(), "Unauthorized")
}
}
.httpBasic { it.disable() } .httpBasic { it.disable() }
.formLogin { it.disable() } .formLogin { it.disable() }
.addFilterBefore(firebaseAuthFilter, UsernamePasswordAuthenticationFilter::class.java) .addFilterBefore(firebaseAuthFilter, UsernamePasswordAuthenticationFilter::class.java)