fix: fix create order

SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/configs/WebSecurityConfig.java

@@ -56,6 +56,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     String.format("%s/categories/**", apiPrefix),
                     String.format("%s/products/**", apiPrefix),
                     String.format("%s/product-images/**", apiPrefix),
+                    String.format("%s/forgot-password/**", apiPrefix),
+                    String.format("%s/orders-details/**", apiPrefix),
+                    String.format("%s/orders/**", apiPrefix),
                     "/error"
                 ).permitAll()
                 // Swagger UI with basic auth

SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/AuthController.java

@@ -123,7 +123,7 @@ public ResponseEntity<ApiResponse<UserResponse>> createUser(
         value = "custom.logout.requests",
         extraTags = {"uri", "/api/v1/users/logout"},
         description = "Track logout request count")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')")
     @PostMapping("/logout")
     public ResponseEntity<ApiResponse<Objects>> logout() throws Exception {
 
@@ -160,7 +160,7 @@ public ResponseEntity<ApiResponse<Objects>> logout() throws Exception {
     }
 
     @PutMapping("/verify/{otp}")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')")
     public ResponseEntity<ApiResponse<OtpResponse>> verifiedUser(
         @PathVariable int otp
     ) throws Exception {

SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/OrderController.java

@@ -87,7 +87,7 @@ public ResponseEntity<OrderPaginationResponse> getOrders(
     // this endpoint will search all order of user retrieve from token (some
     // condition)
     @GetMapping("/search-user-orders-by-keyword")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')")
     public ResponseEntity<OrderPaginationResponse> searchUserOrdersByKeyword(
         @RequestParam(defaultValue = "", required = false) String keyword,
         @RequestParam(defaultValue = "0") int page,
@@ -109,7 +109,7 @@ public ResponseEntity<OrderPaginationResponse> searchUserOrdersByKeyword(
 
     // GET http://localhost:8088/api/v1/orders/2
     @GetMapping("/{id}")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')")
     public ResponseEntity<?> getOrder(
         @Valid @PathVariable("id") Long orderId) {
         try {
@@ -215,7 +215,7 @@ public ResponseEntity<OrderPaginationResponse> getOrdersByKeyword(
     }
 
     @GetMapping("/user/{user_id}/get-active-sorted-orders")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')")
     public ResponseEntity<OrderPaginationResponse> getSortedOrder(
         @PathVariable("user_id") Long userId,
         @RequestParam("keyword") OrderStatus keyword,

SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/OrderDetailController.java

@@ -25,7 +25,7 @@
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
-@RequestMapping("${api.prefix}/orders_details")
+@RequestMapping("${api.prefix}/orders-details")
 @RequiredArgsConstructor
 public class OrderDetailController implements DTOConverter{
 
@@ -34,7 +34,7 @@ public class OrderDetailController implements DTOConverter{
 
     //Thêm mới 1 order detail
     @PostMapping("")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_STORE_OWNER', 'ROLE_STAFF')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_SHOP_OWNER', 'ROLE_STAFF')")
     public ResponseEntity<?> createOrderDetail(
         @Valid @RequestBody OrderDetailDTO orderDetailDTO) {
         try {
@@ -47,15 +47,15 @@ public ResponseEntity<?> createOrderDetail(
     }
 
     @GetMapping("/{id}")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')")
     public ResponseEntity<?> getOrderDetail(
         @Valid @PathVariable("id") Long id) throws DataNotFoundException {
         OrderDetail orderDetail = orderDetailService.getOrderDetail(id);
         return ResponseEntity.ok().body(this.fromOrderDetail(orderDetail));
     }
 
     @GetMapping("/order/{orderId}")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')")
     public ResponseEntity<?> getOrderDetails(
         @Valid @PathVariable("orderId") Long orderId
     ) {
@@ -68,7 +68,7 @@ public ResponseEntity<?> getOrderDetails(
     }
 
     @PutMapping("/{id}")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_STORE_OWNER', 'ROLE_STAFF')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_SHOP_OWNER', 'ROLE_STAFF')")
     @Operation(security = {@SecurityRequirement(name = "bearer-key")})
     public ResponseEntity<?> updateOrderDetail(
         @Valid @PathVariable("id") Long id,
@@ -83,7 +83,7 @@ public ResponseEntity<?> updateOrderDetail(
 
     @DeleteMapping("/{id}")
     @Operation(security = {@SecurityRequirement(name = "bearer-key")})
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_STORE_OWNER', 'ROLE_STAFF')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_SHOP_OWNER', 'ROLE_STAFF')")
     public ResponseEntity<?> deleteOrderDetail(
         @Valid @PathVariable("id") Long id) {
         orderDetailService.deleteById(id);

SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/UserController.java

@@ -65,7 +65,7 @@ public ResponseEntity<UserResponse> getUserById(
     }
 
     @PostMapping("/details")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')")
     public ResponseEntity<UserResponse> takeUserDetailsFromToken() throws Exception {
         UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext()
             .getAuthentication().getPrincipal();
@@ -76,7 +76,7 @@ public ResponseEntity<UserResponse> takeUserDetailsFromToken() throws Exception
     //     PUT: localhost:4000/api/v1/users/4/deposit/100
 //     Header: Authorization Bearer token
     @PutMapping("/{userId}/deposit/{payment}")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')")
     public ResponseEntity<String> deposit(
         @PathVariable long userId,
         @PathVariable long payment
@@ -92,7 +92,7 @@ public ResponseEntity<String> deposit(
     }
 
     @PutMapping("/details/{userId}")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')")
     public ResponseEntity<ApiResponse<UserResponse>> updateUserDetails(
         @PathVariable Long userId,
         @Valid @RequestBody UpdateUserDTO updatedUserDTO,
@@ -119,7 +119,7 @@ public ResponseEntity<ApiResponse<UserResponse>> updateUserDetails(
     }
 
     @PutMapping("/block/{userId}/{active}")
-    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')")
+    @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')")
     public ResponseEntity<String> blockOrEnable(
         @Valid @PathVariable long userId,
         @Valid @PathVariable int active

SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/dtos/request/CartItemDTO.java

@@ -3,8 +3,8 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 
 public record CartItemDTO(
-    @JsonProperty("koi_id")
-    Long koiId,
+    @JsonProperty("product_id")
+    Long productId,
     @JsonProperty("quantity")
     Integer quantity
 ) {}

SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/filters/JwtTokenFilter.java

@@ -176,6 +176,12 @@ private boolean isPublicEndpoint(String path, HttpServletRequest request) {
             log.info("Product Images endpoint - Is GET? {}", isGet);
             return isGet;
         }
+
+        if (path.startsWith(apiPrefix + "/forgot-password")) {
+            boolean isBypass = request.getMethod().equals("GET") || request.getMethod().equals("PUT");
+            log.info("Forgot Password endpoint - Is GET? {}", isBypass);
+            return isBypass;
+        }
 
         // Only allow GET requests for categories
         if (path.startsWith(apiPrefix + "/categories")) {

SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/services/order/OrderService.java

@@ -81,12 +81,12 @@ public Order createOrder(OrderDTO orderDTO) throws Exception {
             orderDetail.setOrder(order);
 
             // Lấy thông tin sản phẩm từ cartItemDTO
-            Long koiId = cartItemDTO.koiId();
+            Long id = cartItemDTO.productId();
             int quantity = cartItemDTO.quantity();
 
             // Tìm thông tin sản phẩm t cơ sở dữ liệu (hoặc sử dụng cache nếu cần)
-            Product product = productRepository.findById(koiId)
-                    .orElseThrow(() -> new DataNotFoundException("Product not found with id: " + koiId));
+            Product product = productRepository.findById(id)
+                    .orElseThrow(() -> new DataNotFoundException("Product not found with id: " + id));
 
             // Đặt thông tin cho OrderDetail
             orderDetail.setProduct(product);