Fix/token

src/main/java/api/educai/controllers/UserController.java

@@ -49,8 +49,12 @@ public ResponseEntity<AuthDTO> authUser(@RequestBody @Valid LoginDTO loginDTO, H
         cookie.setMaxAge(15 * 24 * 60 * 60); // Expires in 15 days
         cookie.setSecure(true);
         cookie.setHttpOnly(true);
+        cookie.setPath("/");
+
+        String cookieHeader = String.format("refreshToken=%s; Max-Age=%d; Path=%s; Secure; HttpOnly; SameSite=strict",
+                authDTO.getRefreshToken(), cookie.getMaxAge(), cookie.getPath());
+        response.setHeader("Set-Cookie", cookieHeader);
 
-        response.addCookie(cookie);
         return status(200).body(authDTO);
     }
 
@@ -100,7 +104,7 @@ public ResponseEntity<List<? extends ClassroomInfoDTO>> getUserClassrooms(HttpSe
     @PostMapping("/logoff")
     public ResponseEntity<Void> logoff(
             HttpServletRequest request,
-            @CookieValue(name = "refreshToken") @NotBlank String refreshToken,
+            @CookieValue(name = "refreshToken") String refreshToken,
             HttpServletResponse response
     ) {
         ObjectId userId = (ObjectId) request.getAttribute("userId");
@@ -112,8 +116,16 @@ public ResponseEntity<Void> logoff(
 
         Cookie cookie = new Cookie("refreshToken", null);
         cookie.setMaxAge(0);
+        cookie.setSecure(true);
+        cookie.setHttpOnly(true);
+        cookie.setPath("/");
+
         response.addCookie(cookie);
 
+        String cookieHeader = String.format("refreshToken=; Max-Age=0; Path=%s; Secure; HttpOnly; SameSite=Strict",
+                cookie.getPath());
+        response.addHeader("Set-Cookie", cookieHeader);
+
         return status(200).build();
     }
 

src/main/java/api/educai/services/token/RefreshToken.java

@@ -13,9 +13,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
-import java.time.Instant;
-import java.time.LocalDateTime;
-import java.time.ZoneOffset;
+import java.time.*;
 import java.util.Date;
 import java.util.Optional;
 
@@ -30,7 +28,9 @@ public class RefreshToken implements IToken {
     @Override
     public String getToken(UserDetailsDTO user) {
         try {
-            Instant exp = LocalDateTime.now().plusDays(15).toInstant(ZoneOffset.of("-03:00")); //Expires in 15 days
+            ZoneId zoneId = ZoneId.of("America/Sao_Paulo");
+            ZonedDateTime zonedDateTime = ZonedDateTime.now(zoneId).plusDays(15); //Expires in 15 days
+            Instant exp = zonedDateTime.toInstant();
 
             return JWT.create()
                     .withClaim("id", user.getId().toString())

src/main/java/api/educai/services/token/Token.java

@@ -14,9 +14,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
-import java.time.Instant;
-import java.time.LocalDateTime;
-import java.time.ZoneOffset;
+import java.time.*;
 import java.util.Date;
 import java.util.Optional;
 
@@ -30,7 +28,9 @@ public class Token implements IToken{
     @Override
     public String getToken(UserDetailsDTO user) {
         try {
-            Instant exp = LocalDateTime.now().plusMinutes(15).toInstant(ZoneOffset.of("-03:00")); //Expires in 15 minutes
+            ZoneId zoneId = ZoneId.of("America/Sao_Paulo");
+            ZonedDateTime zonedDateTime = ZonedDateTime.now(zoneId).plusMinutes(15); //Expires in 15 minutes
+            Instant exp = zonedDateTime.toInstant();
 
             return JWT.create()
                     .withIssuer("educ.ai-api")