From 52225dd6d33191d9dd710f928e511b6d0cbb66c1 Mon Sep 17 00:00:00 2001
From: keke125 <admin@keke125.com>
Date: Wed, 20 Dec 2023 20:56:40 +0800
Subject: [PATCH] fix: Adjust JWT Token expiration to 24 hours and update
 security chain.

---
 .../ntou/auction/spring/security/JWTService.java     |  4 ++--
 .../spring/security/SecurityConfiguration.java       | 12 +++++-------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/main/java/ntou/auction/spring/security/JWTService.java b/src/main/java/ntou/auction/spring/security/JWTService.java
index 2a5e782..48cb9a2 100644
--- a/src/main/java/ntou/auction/spring/security/JWTService.java
+++ b/src/main/java/ntou/auction/spring/security/JWTService.java
@@ -38,8 +38,8 @@ public static String generateJWT(AuthRequest request) {
         authentication = authenticationManager.authenticate(authentication);
         UserDetails userDetails = (UserDetails) authentication.getPrincipal();
         // millisecond
-        // 2 minute
-        long expireTime = 2 * 60 * 1000;
+        // one day
+        long expireTime = 1440 * 60 * 1000;
         Date current = new Date();
         Date expiration = new Date(current.getTime() + expireTime);
 
diff --git a/src/main/java/ntou/auction/spring/security/SecurityConfiguration.java b/src/main/java/ntou/auction/spring/security/SecurityConfiguration.java
index 1bc613d..24264f3 100644
--- a/src/main/java/ntou/auction/spring/security/SecurityConfiguration.java
+++ b/src/main/java/ntou/auction/spring/security/SecurityConfiguration.java
@@ -70,15 +70,13 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .csrf(AbstractHttpConfigurer::disable)
                 .cors(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(authorize -> authorize
-                        .requestMatchers( "/api/v1/test/**").permitAll()
+                        .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                         .requestMatchers(HttpMethod.POST, "/api/v1/auth/log-in").permitAll()
                         .requestMatchers(HttpMethod.POST, "/api/v1/auth/sign-up").permitAll()
-                        .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
-                        .requestMatchers(HttpMethod.GET, "/api/v1/account/users/**").authenticated()
-                        .requestMatchers(HttpMethod.GET, "/api/v1/account/users").authenticated()
-                        .requestMatchers(HttpMethod.POST, "/api/v1/account/users").permitAll()
-                        .requestMatchers(HttpMethod.DELETE, "/api/v1/account/users/**").hasRole(String.valueOf(Role.ADMIN))
-                        .requestMatchers( HttpMethod.GET,"/api/v1/product/**").permitAll()
+                        .requestMatchers(HttpMethod.GET, "/api/v1/product/products").permitAll()
+                        .requestMatchers(HttpMethod.GET, "/api/v1/product/product/name").permitAll()
+                        .requestMatchers(HttpMethod.GET, "/api/v1/product/product/classification").permitAll()
+                        .requestMatchers(HttpMethod.GET, "/api/v1/product/{ID}").permitAll()
                         .anyRequest().authenticated())
                 .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class)
                 .sessionManagement((session) -> session