lionsdev/mic-after-work-server-impl-quarkus-main
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactoring - Bonne version améliorée

Browse Source
This commit is contained in:
dahoud
2026-02-05 16:30:20 +00:00
parent dd4dbe111e
commit 2a794523b6
20 changed files with 2327 additions and 620 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/main/resources/application.properties
View File

@@ -35,15 +35,34 @@ smallrye.jwt.new-token.lifespan=${JWT_LIFESPAN:86400}
smallrye.jwt.new-token.issuer=afterwork
# ====================================================================
# JWT Validation (SmallRye JWT)
# JWT Configuration (SmallRye JWT)
# ====================================================================
# Clé secrète pour vérifier les tokens (doit correspondre à afterwork.jwt.secret)
mp.jwt.verify.publickey.algorithm=HS256
# Algorithme de signature/vérification (symétrique HS256)
smallrye.jwt.verify.algorithm=HS256
smallrye.jwt.sign.key.location=
mp.jwt.verify.issuer=afterwork
# Clé secrète inline (Base64 encodée) - générée dynamiquement via JwtService
smallrye.jwt.verify.key.location=
# Clé secrète pour vérifier les tokens HS256 (même valeur que afterwork.jwt.secret)
# SmallRye JWT supporte les clés symétriques via cette propriété
smallrye.jwt.verify.key.location=META-INF/jwt-secret.key
# Activer la propagation du token pour @RolesAllowed
quarkus.smallrye-jwt.blocking-authentication=true
# ====================================================================
# Sécurité HTTP - Permissions par chemin
# ====================================================================
# Endpoints publics (sans authentification requise)
quarkus.http.auth.permission.public.paths=/afterwork/users/register,/afterwork/users/authenticate,/afterwork/users/forgot-password,/afterwork/users/reset-password,/afterwork/q/*,/afterwork/openapi,/afterwork/webhooks/*
quarkus.http.auth.permission.public.policy=permit
# Endpoints admin (SUPER_ADMIN ou ADMIN requis)
quarkus.http.auth.permission.admin.paths=/afterwork/admin/*
quarkus.http.auth.permission.admin.policy=authenticated
quarkus.http.auth.permission.admin.roles=SUPER_ADMIN,ADMIN
# Tous les autres endpoints requièrent une authentification
quarkus.http.auth.permission.authenticated.paths=/afterwork/*
quarkus.http.auth.permission.authenticated.policy=authenticated
# ====================================================================
# Wave API (paiement droits d'accès établissements)