refactor(auth): change endpoint do auth/logout

renancvitor · renancvitor · commit 33f63e49b5e0 · 2026-03-01T16:14:44.000-03:00
diff --git a/src/main/java/com/github/renancvitor/inventory/application/authentication/controller/LogoutController.java b/src/main/java/com/github/renancvitor/inventory/application/authentication/controller/LogoutController.java
@@ -0,0 +1,33 @@
+package com.github.renancvitor.inventory.application.authentication.controller;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+
+@RestController
+@RequestMapping("/auth")
+@RequiredArgsConstructor
+public class LogoutController {
+
+    @PostMapping("/logout")
+    public ResponseEntity<Void> logout(HttpServletResponse response) {
+
+        Cookie cookie = new Cookie("access_token", null);
+        cookie.setHttpOnly(true);
+        cookie.setSecure(true);
+        cookie.setPath("/");
+        cookie.setMaxAge(0);
+
+        cookie.setAttribute("SameSite", "Lax");
+
+        response.addCookie(cookie);
+
+        return ResponseEntity.noContent().build();
+    }
+
+}
diff --git a/src/main/java/com/github/renancvitor/inventory/infra/security/SecurityConfiguration.java b/src/main/java/com/github/renancvitor/inventory/infra/security/SecurityConfiguration.java
@@ -40,6 +40,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
                         .requestMatchers("/actuator/**").permitAll()
                         .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
                         .requestMatchers(HttpMethod.POST, "/login").permitAll()
+                        .requestMatchers(HttpMethod.POST, "/auth/logout").permitAll()
                         .anyRequest().authenticated())
                 .addFilterBefore(securityFilter, UsernamePasswordAuthenticationFilter.class)
                 .build();
diff --git a/src/main/java/com/github/renancvitor/inventory/infra/security/SecurityFilter.java b/src/main/java/com/github/renancvitor/inventory/infra/security/SecurityFilter.java
@@ -32,6 +32,7 @@ protected boolean shouldNotFilter(HttpServletRequest request) {
 
         return request.getMethod().equals("OPTIONS")
                 || path.equals("/login")
+                || path.equals("/auth/logout")
                 || path.startsWith("/health")
                 || path.startsWith("/actuator")
                 || path.startsWith("/swagger-ui")
