diff --git a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/configs/WebSecurityConfig.java b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/configs/WebSecurityConfig.java index 35539b5..0abcfd5 100644 --- a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/configs/WebSecurityConfig.java +++ b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/configs/WebSecurityConfig.java @@ -56,6 +56,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { String.format("%s/categories/**", apiPrefix), String.format("%s/products/**", apiPrefix), String.format("%s/product-images/**", apiPrefix), + String.format("%s/forgot-password/**", apiPrefix), + String.format("%s/orders-details/**", apiPrefix), + String.format("%s/orders/**", apiPrefix), "/error" ).permitAll() // Swagger UI with basic auth diff --git a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/AuthController.java b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/AuthController.java index 2c7ef58..0e597c5 100644 --- a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/AuthController.java +++ b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/AuthController.java @@ -123,7 +123,7 @@ public ResponseEntity> createUser( value = "custom.logout.requests", extraTags = {"uri", "/api/v1/users/logout"}, description = "Track logout request count") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')") @PostMapping("/logout") public ResponseEntity> logout() throws Exception { @@ -160,7 +160,7 @@ public ResponseEntity> logout() throws Exception { } @PutMapping("/verify/{otp}") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')") public ResponseEntity> verifiedUser( @PathVariable int otp ) throws Exception { diff --git a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/OrderController.java b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/OrderController.java index d9038d8..7da9eb8 100755 --- a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/OrderController.java +++ b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/OrderController.java @@ -87,7 +87,7 @@ public ResponseEntity getOrders( // this endpoint will search all order of user retrieve from token (some // condition) @GetMapping("/search-user-orders-by-keyword") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')") public ResponseEntity searchUserOrdersByKeyword( @RequestParam(defaultValue = "", required = false) String keyword, @RequestParam(defaultValue = "0") int page, @@ -109,7 +109,7 @@ public ResponseEntity searchUserOrdersByKeyword( // GET http://localhost:8088/api/v1/orders/2 @GetMapping("/{id}") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')") public ResponseEntity getOrder( @Valid @PathVariable("id") Long orderId) { try { @@ -215,7 +215,7 @@ public ResponseEntity getOrdersByKeyword( } @GetMapping("/user/{user_id}/get-active-sorted-orders") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')") public ResponseEntity getSortedOrder( @PathVariable("user_id") Long userId, @RequestParam("keyword") OrderStatus keyword, diff --git a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/OrderDetailController.java b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/OrderDetailController.java index 9b97b32..e41e8c2 100755 --- a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/OrderDetailController.java +++ b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/OrderDetailController.java @@ -25,7 +25,7 @@ import org.springframework.web.bind.annotation.RestController; @RestController -@RequestMapping("${api.prefix}/orders_details") +@RequestMapping("${api.prefix}/orders-details") @RequiredArgsConstructor public class OrderDetailController implements DTOConverter{ @@ -34,7 +34,7 @@ public class OrderDetailController implements DTOConverter{ //Thêm mới 1 order detail @PostMapping("") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_STORE_OWNER', 'ROLE_STAFF')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_SHOP_OWNER', 'ROLE_STAFF')") public ResponseEntity createOrderDetail( @Valid @RequestBody OrderDetailDTO orderDetailDTO) { try { @@ -47,7 +47,7 @@ public ResponseEntity createOrderDetail( } @GetMapping("/{id}") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')") public ResponseEntity getOrderDetail( @Valid @PathVariable("id") Long id) throws DataNotFoundException { OrderDetail orderDetail = orderDetailService.getOrderDetail(id); @@ -55,7 +55,7 @@ public ResponseEntity getOrderDetail( } @GetMapping("/order/{orderId}") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')") public ResponseEntity getOrderDetails( @Valid @PathVariable("orderId") Long orderId ) { @@ -68,7 +68,7 @@ public ResponseEntity getOrderDetails( } @PutMapping("/{id}") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_STORE_OWNER', 'ROLE_STAFF')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_SHOP_OWNER', 'ROLE_STAFF')") @Operation(security = {@SecurityRequirement(name = "bearer-key")}) public ResponseEntity updateOrderDetail( @Valid @PathVariable("id") Long id, @@ -83,7 +83,7 @@ public ResponseEntity updateOrderDetail( @DeleteMapping("/{id}") @Operation(security = {@SecurityRequirement(name = "bearer-key")}) - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_STORE_OWNER', 'ROLE_STAFF')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_SHOP_OWNER', 'ROLE_STAFF')") public ResponseEntity deleteOrderDetail( @Valid @PathVariable("id") Long id) { orderDetailService.deleteById(id); diff --git a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/UserController.java b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/UserController.java index 5c12ce1..f8302c0 100644 --- a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/UserController.java +++ b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/controllers/UserController.java @@ -65,7 +65,7 @@ public ResponseEntity getUserById( } @PostMapping("/details") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')") public ResponseEntity takeUserDetailsFromToken() throws Exception { UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext() .getAuthentication().getPrincipal(); @@ -76,7 +76,7 @@ public ResponseEntity takeUserDetailsFromToken() throws Exception // PUT: localhost:4000/api/v1/users/4/deposit/100 // Header: Authorization Bearer token @PutMapping("/{userId}/deposit/{payment}") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')") public ResponseEntity deposit( @PathVariable long userId, @PathVariable long payment @@ -92,7 +92,7 @@ public ResponseEntity deposit( } @PutMapping("/details/{userId}") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')") public ResponseEntity> updateUserDetails( @PathVariable Long userId, @Valid @RequestBody UpdateUserDTO updatedUserDTO, @@ -119,7 +119,7 @@ public ResponseEntity> updateUserDetails( } @PutMapping("/block/{userId}/{active}") - @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_STORE_OWNER')") + @PreAuthorize("hasAnyRole('ROLE_MANAGER', 'ROLE_MEMBER', 'ROLE_STAFF', 'ROLE_SHOP_OWNER')") public ResponseEntity blockOrEnable( @Valid @PathVariable long userId, @Valid @PathVariable int active diff --git a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/dtos/request/CartItemDTO.java b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/dtos/request/CartItemDTO.java index 36a4cf8..34ae66a 100755 --- a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/dtos/request/CartItemDTO.java +++ b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/dtos/request/CartItemDTO.java @@ -3,8 +3,8 @@ import com.fasterxml.jackson.annotation.JsonProperty; public record CartItemDTO( - @JsonProperty("koi_id") - Long koiId, + @JsonProperty("product_id") + Long productId, @JsonProperty("quantity") Integer quantity ) {} diff --git a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/filters/JwtTokenFilter.java b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/filters/JwtTokenFilter.java index ebee985..6cd1d48 100755 --- a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/filters/JwtTokenFilter.java +++ b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/filters/JwtTokenFilter.java @@ -176,6 +176,12 @@ private boolean isPublicEndpoint(String path, HttpServletRequest request) { log.info("Product Images endpoint - Is GET? {}", isGet); return isGet; } + + if (path.startsWith(apiPrefix + "/forgot-password")) { + boolean isBypass = request.getMethod().equals("GET") || request.getMethod().equals("PUT"); + log.info("Forgot Password endpoint - Is GET? {}", isBypass); + return isBypass; + } // Only allow GET requests for categories if (path.startsWith(apiPrefix + "/categories")) { diff --git a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/services/order/OrderService.java b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/services/order/OrderService.java index 2bc1a25..55f2503 100644 --- a/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/services/order/OrderService.java +++ b/SPCServer/springboot/src/main/java/com/lcaohoanq/shoppe/services/order/OrderService.java @@ -81,12 +81,12 @@ public Order createOrder(OrderDTO orderDTO) throws Exception { orderDetail.setOrder(order); // Lấy thông tin sản phẩm từ cartItemDTO - Long koiId = cartItemDTO.koiId(); + Long id = cartItemDTO.productId(); int quantity = cartItemDTO.quantity(); // Tìm thông tin sản phẩm t cơ sở dữ liệu (hoặc sử dụng cache nếu cần) - Product product = productRepository.findById(koiId) - .orElseThrow(() -> new DataNotFoundException("Product not found with id: " + koiId)); + Product product = productRepository.findById(id) + .orElseThrow(() -> new DataNotFoundException("Product not found with id: " + id)); // Đặt thông tin cho OrderDetail orderDetail.setProduct(product);