fix: SameSite=None para cookies cross-origin + logs debug

Author: HernandoJunior

close

@@ -0,0 +1,39 @@
+16cde75 (HEAD -> dev, origin/dev) change token do httpOnly
+c004418 add return cpf in dto
+b3565fa add feature to atualize cpd administrador
+ce2df11 add dates to control page carteira
+17ad20a put supervisor to make the sale
+c474973 change controller venda
+61e9995 Merge branch 'dev' of github.com:HernandoJunior/api-java-spring-virtus into dev
+408f59d change value comissao
+e00667a Create README.md
+692d519 add file jar
+8db711b change security config
+0c85985 change file to .jar
+5305445 change .war to .jar
+51fcc04 test new route
+d077db5 add route test
+a82c32b change bug vendas
+7bd3b4a add files
+0265b0f add config files
+1fd480a Update SecurityConfig.java
+75812b9 Update deploy.yml
+0a795b5 Update SecurityConfig.java
+454eef4 Merge branch 'dev' of github.com:HernandoJunior/api-java-spring-virtus into dev
+c1d1b98 change config deploy.yml
+1764b88 Update deploy.yml
+d293816 Update deploy.yml
+121263d Adiciona pipeline de deploy automático para branch dev
+c91e656 Adiciona pipeline de deploy automático para branch dev
+6cbf349 add new files
+8c32704 final project
+620fd74 final project
+60d0c06 add token to all users
+f76fed0 add token to all users
+a6424c3 ädd files atualized/ service, controller, dtos
+33fd50a att project
+d132894 add import config
+d0120ae actualy project
+8823e7c project att
+8cf2c92 add new files
+10a7a9e add project github

src/main/java/com/virtusconsultoria/configsecurity/SecurityConfig.java

@@ -1,3 +1,4 @@
+// src/main/java/com/virtusconsultoria/configsecurity/SecurityConfig.java
 package com.virtusconsultoria.configsecurity;
 
 import com.virtusconsultoria.service.AuthorizationService;
@@ -44,8 +45,7 @@ public SecurityFilterChain filtrarCadeiaDeSeguranca(HttpSecurity httpSecurity) t
                 .authorizeHttpRequests(authorize -> authorize
                         // --- Rotas Públicas ---
                         .requestMatchers(HttpMethod.POST, "/auth/login").permitAll()
-                        // Adicionar rota de reset de senha aqui quando for criada
-                        // .requestMatchers(HttpMethod.POST, "/auth/reset-senha").permitAll()
+                        .requestMatchers(HttpMethod.POST, "/auth/refresh").permitAll()
                         .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
 
                         // --- Rotas do USER (Colaborador) ---
@@ -65,7 +65,7 @@ public SecurityFilterChain filtrarCadeiaDeSeguranca(HttpSecurity httpSecurity) t
                         .requestMatchers("/carteiras/**").hasAnyRole("SUPERVISOR", "ADMIN")
                         .requestMatchers("/relatorios/**").hasAnyRole("SUPERVISOR", "ADMIN")
                         .requestMatchers("/metas/**").hasAnyRole("SUPERVISOR", "ADMIN")
-                        .requestMatchers(HttpMethod.POST, "/clientes/upload").hasAnyRole("SUPERVISOR", "ADMIN") // Apenas Admin importa planilhas
+                        .requestMatchers(HttpMethod.POST, "/clientes/upload").hasAnyRole("SUPERVISOR", "ADMIN")
 
                         // --- Rotas Exclusivas do ADMIN ---
                         .requestMatchers("/usuarios/**").hasRole("ADMIN")
@@ -78,9 +78,7 @@ public SecurityFilterChain filtrarCadeiaDeSeguranca(HttpSecurity httpSecurity) t
                         .requestMatchers(HttpMethod.GET, "/propostas/**").authenticated()
                         .requestMatchers(HttpMethod.GET, "/clientes/**").authenticated()
 
-                        // SecurityConfig.java
-                        .requestMatchers(HttpMethod.POST, "/auth/login").permitAll()
-                        .requestMatchers(HttpMethod.POST, "/auth/refresh").permitAll()
+                        // Auth endpoints
                         .requestMatchers(HttpMethod.GET, "/auth/me").authenticated()
                         .requestMatchers(HttpMethod.POST, "/auth/logout").authenticated()
 
@@ -111,22 +109,26 @@ public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
 
-
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
+
         configuration.setAllowedOrigins(Arrays.asList(
                 "http://localhost:5173",
                 "http://localhost:8081",
                 "http://localhost:8080",
-                "https://front-end-virtus.vercel.app"
+                "https://front-end-virtus.vercel.app",
+                "https://front-end-virtus.vercel.app/"
         ));
+
         configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
         configuration.setAllowedHeaders(Arrays.asList("*"));
-        configuration.setAllowCredentials(true); // CRUCIAL para cookies
+        configuration.setAllowCredentials(true); // ✅ CRÍTICO
+
+        configuration.setExposedHeaders(Arrays.asList("Set-Cookie"));
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);
         return source;
     }
-}
+}

src/main/java/com/virtusconsultoria/configsecurity/VerificarToken.java

@@ -33,23 +33,58 @@ protected void doFilterInternal(
             HttpServletResponse response,
             FilterChain filterChain) throws ServletException, IOException {
 
-        String token = recuperarTokenDoCookie(request);
+        String token = recuperarToken(request);
+
+        System.out.println("=== FILTRO DE TOKEN ===");
+        System.out.println("URL: " + request.getRequestURL());
+        System.out.println("Método: " + request.getMethod());
+        System.out.println("Origin: " + request.getHeader("Origin"));
+        System.out.println("Token encontrado: " + (token != null ? "SIM" : "NÃO"));
+
+        if (request.getCookies() != null) {
+            System.out.println("Cookies recebidos:");
+            for (Cookie c : request.getCookies()) {
+                System.out.println("  - " + c.getName() + " = " + c.getValue().substring(0, Math.min(20, c.getValue().length())) + "...");
+            }
+        } else {
+            System.out.println("⚠️ Nenhum cookie recebido!");
+        }
 
         if (token != null) {
             String login = tokenService.validarAccessToken(token);
+            System.out.println("Token válido para: " + login);
 
             if (login != null) {
                 UserDetails user = authorizationService.loadUserByUsername(login);
                 var authentication = new UsernamePasswordAuthenticationToken(
                         user, null, user.getAuthorities()
                 );
                 SecurityContextHolder.getContext().setAuthentication(authentication);
+                System.out.println("✅ Usuário autenticado: " + login);
+            } else {
+                System.err.println("❌ Token inválido ou expirado");
             }
         }
 
+        System.out.println("========================");
+
         filterChain.doFilter(request, response);
     }
 
+    private String recuperarToken(HttpServletRequest request) {
+        String tokenDoCookie = recuperarTokenDoCookie(request);
+        if (tokenDoCookie != null) {
+            return tokenDoCookie;
+        }
+
+        String authHeader = request.getHeader("Authorization");
+        if (authHeader != null && authHeader.startsWith("Bearer ")) {
+            return authHeader.substring(7);
+        }
+
+        return null;
+    }
+
     private String recuperarTokenDoCookie(HttpServletRequest request) {
         Cookie[] cookies = request.getCookies();
         if (cookies != null) {

src/main/java/com/virtusconsultoria/controllers/AuthenticationController.java

@@ -64,6 +64,12 @@ public ResponseEntity<LoginUserResponse> login(
         response.addCookie(accessCookie);
         response.addCookie(refreshCookie);
 
+        // 🔍 DEBUG - Remover após resolver
+        System.out.println("=== LOGIN REALIZADO ===");
+        System.out.println("Email: " + loginDto.email());
+        System.out.println("Access Token: " + accessToken.substring(0, 20) + "...");
+        System.out.println("Cookies adicionados");
+
         // Retorna dados públicos do usuário
         Object userResponseDto = montarUserResponse(auth.getPrincipal());
 
@@ -126,13 +132,14 @@ public ResponseEntity<?> getCurrentUser(Authentication authentication) {
         return ResponseEntity.ok(Map.of("user", userResponseDto));
     }
 
+    // 🔥 MUDANÇAS AQUI - LINHA 136
     private Cookie criarCookie(String nome, String valor, int maxAge) {
         Cookie cookie = new Cookie(nome, valor);
         cookie.setHttpOnly(true);
-        cookie.setSecure(true); // HTTPS apenas em produção
+        cookie.setSecure(true); // ✅ HTTPS obrigatório
         cookie.setPath("/");
         cookie.setMaxAge(maxAge);
-        cookie.setAttribute("SameSite", "Strict");
+        cookie.setAttribute("SameSite", "None");
         return cookie;
     }
 

src/main/java/com/virtusconsultoria/dtos/supervisor/SupervisorColaboradorDto.java

@@ -0,0 +1,28 @@
+package com.virtusconsultoria.dtos.supervisor;
+
+import com.virtusconsultoria.model.Colaborador;
+import com.virtusconsultoria.model.ColaboradorRole;
+
+public record SupervisorColaboradorDto(
+        Long id,
+        String nome,
+        String email,
+        String cpf,
+        ColaboradorRole role,
+        String telefone,
+        String regimeContratacao
+) {
+    public SupervisorColaboradorDto(Colaborador colaborador) {
+        this(
+                colaborador.getID_COLABORADOR(),
+                colaborador.getNome(),
+                colaborador.getEmail(),
+                colaborador.getCpf(),
+                colaborador.getRole(),
+                colaborador.getTelefone(),
+                colaborador.getRegimeContratacao() != null
+                        ? colaborador.getRegimeContratacao().name()
+                        : null
+        );
+    }
+}

src/main/java/com/virtusconsultoria/dtos/supervisor/SupervisorResponseDto.java

@@ -6,6 +6,7 @@
 
 import java.math.BigDecimal;
 import java.util.List;
+import java.util.stream.Collectors;
 
 public record SupervisorResponseDto(
         Long ID_SUPERVISOR,
@@ -16,7 +17,7 @@ public record SupervisorResponseDto(
         BigDecimal meta,
         ColaboradorRole role,
         String telefone,
-        List<Colaborador> colaboradores
+        List<SupervisorColaboradorDto> colaboradores
 ) {
     public SupervisorResponseDto(Supervisor supervisor){
         this(
@@ -28,7 +29,12 @@ public SupervisorResponseDto(Supervisor supervisor){
                 supervisor.getMeta(),
                 supervisor.getRole(),
                 supervisor.getTelefone(),
-                supervisor.getColaboradores()
+                supervisor.getColaboradores() != null
+                        ? supervisor.getColaboradores()
+                        .stream()
+                        .map(SupervisorColaboradorDto::new)
+                        .collect(Collectors.toList())
+                        : List.of()
         );
     }
 }

src/main/java/com/virtusconsultoria/repository/SupervisorRepository.java

@@ -18,4 +18,7 @@ public interface SupervisorRepository extends JpaRepository<Supervisor, Long > {
 
     @Query("SELECT s FROM Supervisor s LEFT JOIN FETCH s.colaboradores WHERE s.ID_SUPERVISOR = :id")
     Optional<Supervisor> findByIdWithColaboradores(@Param("id") Long id);
-}
+
+    @Query("SELECT DISTINCT s FROM Supervisor s LEFT JOIN FETCH s.colaboradores")
+    List<Supervisor> findAllWithColaboradores();
+}

src/main/java/com/virtusconsultoria/service/SupervisorService.java

@@ -6,12 +6,9 @@
 import com.virtusconsultoria.model.ColaboradorRole;
 import com.virtusconsultoria.model.Supervisor;
 import com.virtusconsultoria.repository.SupervisorRepository;
-import org.apache.poi.hssf.record.RecordInputStream;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.crypto.bcrypt.BCrypt;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -50,9 +47,10 @@ public SupervisorResponseDto cadastrarSupervisor(SupervisorCreateDto supervisorC
 
     @Transactional
     public ResponseEntity<String> delSupervisor(Long id){
-        Optional<Supervisor> supervisorOptional = supervisorRepository.findById(id);
+        // ✅ MODIFICADO: usa findByIdWithColaboradores
+        Optional<Supervisor> supervisorOptional = supervisorRepository.findByIdWithColaboradores(id);
         if (supervisorOptional.isEmpty()){
-          throw new RuntimeException("Nao foi possivel deletar o supervisor");
+            throw new RuntimeException("Nao foi possivel deletar o supervisor");
         } else {
             supervisorRepository.delete(supervisorOptional.get());
             return ResponseEntity.ok("Supervisor deletado com sucesso");
@@ -61,15 +59,15 @@ public ResponseEntity<String> delSupervisor(Long id){
 
     @Transactional
     public List<SupervisorResponseDto> listarSupervisor(){
-        return supervisorRepository.findAll()
+        return supervisorRepository.findAllWithColaboradores()
                 .stream()
                 .map(SupervisorResponseDto::new)
                 .toList();
     }
 
     @Transactional
     public SupervisorResponseDto buscarSupervisor(Long id){
-        Optional<Supervisor> supervisorOptional = supervisorRepository.findById(id);
+        Optional<Supervisor> supervisorOptional = supervisorRepository.findByIdWithColaboradores(id);
 
         if (supervisorOptional.isEmpty()){
             throw new RuntimeException("Supervisor nao encontrado");
@@ -82,7 +80,8 @@ public SupervisorResponseDto buscarSupervisor(Long id){
 
     @Transactional
     public SupervisorResponseDto atualizarSupervisor(Long id, SupervisorAtualizarDto supervisorAtualizarDto){
-        Optional<Supervisor> supervisorOptional = supervisorRepository.findById(id);
+        // ✅ MODIFICADO: usa findByIdWithColaboradores
+        Optional<Supervisor> supervisorOptional = supervisorRepository.findByIdWithColaboradores(id);
 
         if (supervisorOptional.isEmpty()){
             throw new RuntimeException("Supervisor nao encontrado na atualizacao");
@@ -100,4 +99,4 @@ public SupervisorResponseDto atualizarSupervisor(Long id, SupervisorAtualizarDto
 
         return new SupervisorResponseDto(supervisorAtualizado);
     }
-}
+}