refactor: improve security configurations and error handling in authe…

src/main/java/com/security/config/auth/AuthorizationServerConfig.java

@@ -1,6 +1,7 @@
 package com.security.config.auth;
 
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -25,11 +26,14 @@ public class AuthorizationServerConfig {
     private final AuthProperties authProperties;
     private final PasswordEncoder passwordEncoder;
 
+    @Value("${gateway.secret}")
+    private String GATEWAY_SECRET;
+
     @Bean
     public RegisteredClientRepository registeredClientRepository() {
         RegisteredClient.Builder clientBuilder = RegisteredClient.withId(UUID.randomUUID().toString())
                 .clientId("gateway-client")
-                .clientSecret(passwordEncoder.encode("gateway-secret"))
+                .clientSecret(passwordEncoder.encode(GATEWAY_SECRET))
                 .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                 .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST)
                 .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)

src/main/java/com/security/config/auth/SecurityConfig.java

@@ -10,7 +10,6 @@
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -25,6 +24,7 @@
 import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -100,7 +100,9 @@ public SecurityFilterChain defaultSecurityFilterChain(
                 .oauth2ResourceServer(oauth2ResourceServer ->
                         oauth2ResourceServer.jwt(Customizer.withDefaults())
                 )
-                .csrf(AbstractHttpConfigurer::disable)
+                .csrf(csrf-> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
+                        .ignoringRequestMatchers("/auth/register")
+                )
                 .build();
     }
 

src/main/java/com/security/controllers/AuthController.java

@@ -33,7 +33,7 @@ public class AuthController {
 
     private final AuthService authService;
     private final CookieService cookieService;
-//    private final LoginResponseService loginResponseService;
+
 
     @Operation(summary = "Iniciar sesión con email", description = "Autentica un usuario y establece cookies seguras")
     @PostMapping("/login")
@@ -102,11 +102,12 @@ public ResponseEntity<AuthResponseDTO> logout(
             cookieService.clearTokenCookies(response);
             return ResponseEntity.ok(new AuthResponseDTO(true, "Sesión cerrada exitosamente", Instant.now()));
 
-        } catch (
-                Exception e) {
+        } catch (Exception e) {
             log.error("Logout failed", e);
             cookieService.clearTokenCookies(response);
-            return ResponseEntity.ok(new AuthResponseDTO(false, "Error al cerrar sesion", Instant.now()));
+            return ResponseEntity
+                    .status(HttpStatus.INTERNAL_SERVER_ERROR)
+                    .body(new AuthResponseDTO(false, "Error al cerrar sesión", Instant.now()));
         }
     }