From f966b5c8e22b9a4cbc5d751f4efb70c23369026c Mon Sep 17 00:00:00 2001
From: Leonardo <leomeireles55@hotmail.com>
Date: Sun, 19 Jan 2025 22:08:40 -0300
Subject: [PATCH] Enhance CORS configuration and add PUT/PATCH restrictions for
 admin roles in SecurityConfiguration

---
 .../qualitylabpro/configs/security/CorsConfig.java        | 8 +++++---
 .../configs/security/SecurityConfiguration.java           | 2 ++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/main/java/leonardo/labutilities/qualitylabpro/configs/security/CorsConfig.java b/src/main/java/leonardo/labutilities/qualitylabpro/configs/security/CorsConfig.java
index 2dc1db56..b5969f55 100644
--- a/src/main/java/leonardo/labutilities/qualitylabpro/configs/security/CorsConfig.java
+++ b/src/main/java/leonardo/labutilities/qualitylabpro/configs/security/CorsConfig.java
@@ -10,9 +10,11 @@ public class CorsConfig implements WebMvcConfigurer {
 
 	@Override
 	public void addCorsMappings(@NonNull CorsRegistry registry) {
-		registry.addMapping("/**").allowedOrigins(
-				"http://localhost:3000, https://quality-lab-pro.vercel.app, https://68.183.141.155, https://68.183.141.155, https://leomeireles-dev.xyz, https://leomeireles-dev.xyz")
-				.allowedMethods("GET", "POST").allowedHeaders("*").allowCredentials(true)
+		registry.addMapping("/**")
+				.allowedOrigins("http://localhost:3000", "https://quality-lab-pro.vercel.app",
+						"https://68.183.141.155", "https://leomeireles-dev.xyz")
+				.allowedMethods("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD")
+				.allowedHeaders("*").exposedHeaders("Authorization").allowCredentials(true)
 				.maxAge(3600);
 	}
 }
diff --git a/src/main/java/leonardo/labutilities/qualitylabpro/configs/security/SecurityConfiguration.java b/src/main/java/leonardo/labutilities/qualitylabpro/configs/security/SecurityConfiguration.java
index b0bbe12f..0031f4d4 100644
--- a/src/main/java/leonardo/labutilities/qualitylabpro/configs/security/SecurityConfiguration.java
+++ b/src/main/java/leonardo/labutilities/qualitylabpro/configs/security/SecurityConfiguration.java
@@ -49,6 +49,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
 					// Add PUT and PATCH restrictions for admin
 					req.requestMatchers(HttpMethod.PUT, "/generic-analytics/**").hasRole("ADMIN");
+
 					req.requestMatchers(HttpMethod.PUT, "/biochemistry-analytics/**")
 							.hasRole("ADMIN");
 					req.requestMatchers(HttpMethod.PUT, "/hematology-analytics/**")
@@ -57,6 +58,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 							.hasRole("ADMIN");
 
 					req.requestMatchers(HttpMethod.PATCH, "/generic-analytics/**").hasRole("ADMIN");
+
 					req.requestMatchers(HttpMethod.PATCH, "/biochemistry-analytics/**")
 							.hasRole("ADMIN");
 					req.requestMatchers(HttpMethod.PATCH, "/hematology-analytics/**")