SamuelDouay
diff --git a/‎src/main/java/fr/github/vera/filters/AuthorizationFilter.java‎
Lines changed: 5 additions & 19 deletions b/‎src/main/java/fr/github/vera/filters/AuthorizationFilter.java‎
Lines changed: 5 additions & 19 deletions
diff --git a/‎src/main/java/fr/github/vera/filters/CookieAuthFilter.java‎
Lines changed: 1 addition & 4 deletions b/‎src/main/java/fr/github/vera/filters/CookieAuthFilter.java‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎src/main/java/fr/github/vera/filters/CorsFilter.java‎
Lines changed: 65 additions & 246 deletions b/‎src/main/java/fr/github/vera/filters/CorsFilter.java‎
Lines changed: 65 additions & 246 deletions
diff --git a/‎src/main/java/fr/github/vera/filters/CsrfFilter.java‎
Lines changed: 18 additions & 24 deletions b/‎src/main/java/fr/github/vera/filters/CsrfFilter.java‎
Lines changed: 18 additions & 24 deletions
diff --git a/‎src/main/java/fr/github/vera/filters/JwtAuthFilter.java‎
Lines changed: 1 addition & 8 deletions b/‎src/main/java/fr/github/vera/filters/JwtAuthFilter.java‎
Lines changed: 1 addition & 8 deletions
@@ -12,8 +12,6 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
-import java.lang.reflect.Method;
-
 @Secured
 @Provider
 @Priority(Priorities.AUTHORIZATION)
@@ -51,23 +49,11 @@ public void filter(ContainerRequestContext requestContext) {
     }
 
     private Secured getSecuredAnnotation() {
-        // Vérifier d'abord sur la méthode
-        Method method = resourceInfo.getResourceMethod();
-        if (method != null) {
-            Secured methodAnnotation = method.getAnnotation(Secured.class);
-            if (methodAnnotation != null) {
-                return methodAnnotation;
-            }
-        }
+        Secured methodAnnotation = resourceInfo.getResourceMethod()
+                .getAnnotation(Secured.class);
 
-        // Vérifier sur la classe
-        Class<?> resourceClass = resourceInfo.getResourceClass();
-        if (resourceClass != null) {
-            Secured classAnnotation = resourceClass.getAnnotation(Secured.class);
-            if (classAnnotation != null) {
-                return classAnnotation;
-            }
-        }
-        return null;
+        return methodAnnotation != null ? methodAnnotation
+                : resourceInfo.getResourceClass()
+                .getAnnotation(Secured.class);
     }
 }
@@ -23,13 +23,12 @@ public class CookieAuthFilter implements ContainerRequestFilter {
 
     @Override
     public void filter(ContainerRequestContext requestContext) throws IOException {
-        // Si le header Authorization existe déjà, ne rien faire
+
         if (requestContext.getHeaders().containsKey(AUTH_HEADER)) {
             logger.debug("Header Authorization déjà présent - skip CookieAuthFilter");
             return;
         }
 
-        // Vérifier si c'est un client web
         String clientType = requestContext.getHeaderString(CLIENT_TYPE_HEADER);
         boolean isWebClient = WEB_CLIENT.equalsIgnoreCase(clientType);
 
@@ -38,11 +37,9 @@ public void filter(ContainerRequestContext requestContext) throws IOException {
             return;
         }
 
-        // Extraire le token du cookie (seulement pour les clients web)
         Cookie authCookie = requestContext.getCookies().get(AUTH_COOKIE_NAME);
 
         if (authCookie != null && authCookie.getValue() != null && !authCookie.getValue().isEmpty()) {
-            // Ajouter le token dans le header Authorization
             requestContext.getHeaders().add(AUTH_HEADER, "Bearer " + authCookie.getValue());
             logger.debug("Token extrait du cookie et ajouté au header");
         } else {
 
@@ -2,16 +2,15 @@
 
 import jakarta.annotation.Priority;
 import jakarta.ws.rs.Priorities;
-import jakarta.ws.rs.container.ContainerRequestContext;
-import jakarta.ws.rs.container.ContainerRequestFilter;
-import jakarta.ws.rs.container.ContainerResponseContext;
-import jakarta.ws.rs.container.ContainerResponseFilter;
+import jakarta.ws.rs.container.*;
+import jakarta.ws.rs.core.Context;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.ext.Provider;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
 import java.io.IOException;
+import java.lang.reflect.Method;
 import java.security.SecureRandom;
 import java.util.Base64;
 import java.util.Map;
@@ -25,33 +24,23 @@ public class CsrfFilter implements ContainerRequestFilter, ContainerResponseFilt
     private static final String CSRF_TOKEN_HEADER = "X-CSRF-Token";
     private static final String CLIENT_TYPE_HEADER = "X-Client-Type";
     private static final String WEB_CLIENT = "web";
-
-    // Stockage en mémoire (session utilisateur -> token)
     private static final Map<String, String> tokenStore = new ConcurrentHashMap<>();
 
+
+    @Context
+    private ResourceInfo resourceInfo;
+
     @Override
     public void filter(ContainerRequestContext requestContext) throws IOException {
         String method = requestContext.getMethod();
         String path = requestContext.getUriInfo().getPath();
 
-        // Méthodes sûres : pas besoin de vérifier CSRF
-        if ("GET".equals(method) || "HEAD".equals(method) || "OPTIONS".equals(method)) {
-            return;
-        }
-
-        // Endpoints publics - pas de CSRF
-        if (path.startsWith("auth/login") ||
-                path.startsWith("auth/register") ||
-                path.startsWith("auth/refresh") ||
-                path.startsWith("auth/forgot-password") ||
-                path.startsWith("auth/reset-password") ||
-                path.equals("health")) {
+        if ("GET".equals(method) || "HEAD".equals(method) || "OPTIONS".equals(method) || isPublicEndpoint()) {
             return;
         }
 
-        // 🔥 Vérifier si c'est un client web
         if (!isWebClient(requestContext)) {
-            logger.debug("Client API (Postman) - skip CSRF pour {} {}", method, path);
+            logger.debug("Client API - non web  - skip CSRF pour {} {}", method, path);
             return;
         }
 
@@ -62,7 +51,6 @@ public void filter(ContainerRequestContext requestContext) throws IOException {
             return;
         }
 
-        // Vérifier le token CSRF
         String csrfToken = requestContext.getHeaderString(CSRF_TOKEN_HEADER);
         String storedToken = tokenStore.get(sessionId);
 
@@ -79,8 +67,6 @@ public void filter(ContainerRequestContext requestContext) throws IOException {
     @Override
     public void filter(ContainerRequestContext requestContext,
                        ContainerResponseContext responseContext) throws IOException {
-
-        // 🔥 Générer token CSRF SEULEMENT pour les clients web
         if ("GET".equals(requestContext.getMethod()) && isWebClient(requestContext)) {
             String sessionId = getSessionId(requestContext);
             if (sessionId != null) {
@@ -99,7 +85,6 @@ private boolean isWebClient(ContainerRequestContext requestContext) {
     }
 
     private String getSessionId(ContainerRequestContext request) {
-        // Utiliser le token JWT comme session ID
         String authHeader = request.getHeaderString("Authorization");
         if (authHeader != null && authHeader.startsWith("Bearer ")) {
             String jwtToken = authHeader.substring(7);
@@ -114,4 +99,13 @@ private String generateToken() {
         random.nextBytes(bytes);
         return Base64.getUrlEncoder().withoutPadding().encodeToString(bytes);
     }
+
+    private boolean isPublicEndpoint() {
+        Method method = resourceInfo.getResourceMethod();
+        Class<?> resourceClass = resourceInfo.getResourceClass();
+        if (method != null && method.isAnnotationPresent(Public.class)) {
+            return true;
+        }
+        return resourceClass != null && resourceClass.isAnnotationPresent(Public.class);
+    }
 }
@@ -31,7 +31,6 @@ public void filter(ContainerRequestContext requestContext) {
             return;
         }
 
-        // Extraire le token JWT
         String authHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
         if (authHeader == null || !authHeader.startsWith("Bearer ")) {
             abortWithUnauthorized(requestContext, "Token JWT manquant");
@@ -53,10 +52,9 @@ public void filter(ContainerRequestContext requestContext) {
             Boolean isAdmin = claims.get("isAdmin", Boolean.class);
 
             if (isAdmin == null) {
-                isAdmin = false; // Valeur par défaut si non présent
+                isAdmin = false;
             }
 
-            // Définir le contexte de sécurité
             requestContext.setSecurityContext(createSecurityContext(email, isAdmin));
 
         } catch (Exception e) {
@@ -73,13 +71,9 @@ private boolean isTokenBlacklisted(String token) {
     private boolean isPublicEndpoint() {
         Method method = resourceInfo.getResourceMethod();
         Class<?> resourceClass = resourceInfo.getResourceClass();
-
-        // Vérifier l'annotation sur la méthode
         if (method != null && method.isAnnotationPresent(Public.class)) {
             return true;
         }
-
-        // Vérifier l'annotation sur la classe
         return resourceClass != null && resourceClass.isAnnotationPresent(Public.class);
     }
 
@@ -100,7 +94,6 @@ public boolean isUserInRole(String role) {
                 if ("admin".equals(role)) {
                     return isAdmin;
                 }
-                // Pour "user", tous les utilisateurs authentifiés sont considérés comme users
                 return "user".equals(role);
             }
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,6 @@ public void filter(ContainerRequestContext requestContext) {`
`31`	`31`	`return;`
`32`	`32`	`}`
`33`	`33`
`34`		`- // Extraire le token JWT`
`35`	`34`	`String authHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);`
`36`	`35`	`if (authHeader == null \|\| !authHeader.startsWith("Bearer ")) {`
`37`	`36`	`abortWithUnauthorized(requestContext, "Token JWT manquant");`
`@@ -53,10 +52,9 @@ public void filter(ContainerRequestContext requestContext) {`
`53`	`52`	`Boolean isAdmin = claims.get("isAdmin", Boolean.class);`
`54`	`53`
`55`	`54`	`if (isAdmin == null) {`
`56`		`- isAdmin = false; // Valeur par défaut si non présent`
	`55`	`+ isAdmin = false;`
`57`	`56`	`}`
`58`	`57`
`59`		`- // Définir le contexte de sécurité`
`60`	`58`	`requestContext.setSecurityContext(createSecurityContext(email, isAdmin));`
`61`	`59`
`62`	`60`	`} catch (Exception e) {`
`@@ -73,13 +71,9 @@ private boolean isTokenBlacklisted(String token) {`
`73`	`71`	`private boolean isPublicEndpoint() {`
`74`	`72`	`Method method = resourceInfo.getResourceMethod();`
`75`	`73`	`Class<?> resourceClass = resourceInfo.getResourceClass();`
`76`		`-`
`77`		`- // Vérifier l'annotation sur la méthode`
`78`	`74`	`if (method != null && method.isAnnotationPresent(Public.class)) {`
`79`	`75`	`return true;`
`80`	`76`	`}`
`81`		`-`
`82`		`- // Vérifier l'annotation sur la classe`
`83`	`77`	`return resourceClass != null && resourceClass.isAnnotationPresent(Public.class);`
`84`	`78`	`}`
`85`	`79`
`@@ -100,7 +94,6 @@ public boolean isUserInRole(String role) {`
`100`	`94`	`if ("admin".equals(role)) {`
`101`	`95`	`return isAdmin;`
`102`	`96`	`}`
`103`		`- // Pour "user", tous les utilisateurs authentifiés sont considérés comme users`
`104`	`97`	`return "user".equals(role);`
`105`	`98`	`}`
`106`	`99`