fix: refine JwtAuthenticationFilter to properly handle auth endpoints and CORS preflight requests

Author: Skywalker690

server/src/main/java/com/incial/crm/security/JwtAuthenticationFilter.java

@@ -28,7 +28,18 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
     @Override
     protected boolean shouldNotFilter(HttpServletRequest request) {
-        return request.getServletPath().startsWith("/api/v1/auth/");
+
+        // Allow auth endpoints
+        if (request.getServletPath().startsWith("/api/v1/auth/")) {
+            return true;
+        }
+
+        // Allow CORS preflight
+        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+            return true;
+        }
+
+        return false;
     }
 
     @Override
@@ -38,12 +49,6 @@ protected void doFilterInternal(
             FilterChain filterChain
     ) throws ServletException, IOException {
 
-        // Skip CORS preflight
-        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
-            filterChain.doFilter(request, response);
-            return;
-        }
-
         String authHeader = request.getHeader("Authorization");
 
         if (authHeader == null || !authHeader.startsWith("Bearer ")) {
@@ -90,9 +95,8 @@ protected void doFilterInternal(
             );
 
             SecurityContextHolder.getContext().setAuthentication(authentication);
-
         }
 
         filterChain.doFilter(request, response);
     }
-}
+}