Update users routes to match Ktor

api/src/main/java/com/wbrawner/twigs/config/SecurityConfig.java

@@ -80,7 +80,7 @@ public class SecurityConfig {
         return httpSecurity.authorizeHttpRequests((authz) -> {
                     try {
                         authz
-                                .requestMatchers("/users", "/users/login")
+                                .requestMatchers("/api/users/register", "/api/users/login")
                                 .permitAll()
                                 .anyRequest()
                                 .authenticated()
@@ -110,8 +110,7 @@ public class SecurityConfig {
                                 })
                                 .and()
                                 .csrf()
-                                .ignoringRequestMatchers("/users", "/users/login")
-                                .and()
+                                .disable()
                                 .addFilter(new TokenAuthenticationFilter(authenticationManager))
                                 .sessionManagement()
                                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

api/src/main/java/com/wbrawner/twigs/session/SessionResponse.java

@@ -3,18 +3,25 @@ package com.wbrawner.twigs.session;
 import java.util.Date;
 
 public class SessionResponse {
+    private final String userId;
+
     private final String token;
     private final String expiration;
 
     public SessionResponse(Session session) {
-        this(session.getToken(), session.getExpiration());
+        this(session.getUserId(), session.getToken(), session.getExpiration());
     }
 
-    public SessionResponse(String token, Date expiration) {
+    public SessionResponse(String userId, String token, Date expiration) {
+        this.userId = userId;
         this.token = token;
         this.expiration = expiration.toInstant().toString();
     }
 
+    public String getUserId() {
+        return userId;
+    }
+
     public String getToken() {
         return token;
     }

api/src/main/java/com/wbrawner/twigs/user/UserController.java

@@ -26,7 +26,7 @@ import java.util.stream.Collectors;
 import static com.wbrawner.twigs.Utils.getCurrentUser;
 
 @RestController
-@RequestMapping("/users")
+@RequestMapping("/api/users")
 @Transactional
 public class UserController {
     private final BudgetRepository budgetRepository;
@@ -117,7 +117,7 @@ public class UserController {
     }
 
     @PostMapping(
-            path = "",
+            path = "/register",
             consumes = {MediaType.APPLICATION_JSON_VALUE},
             produces = {MediaType.APPLICATION_JSON_VALUE}
     )
@@ -143,8 +143,9 @@ public class UserController {
             consumes = {MediaType.APPLICATION_JSON_VALUE},
             produces = {MediaType.APPLICATION_JSON_VALUE}
     )
-    ResponseEntity<Object> updateUser(@PathVariable Long id, @RequestBody UpdateUserRequest request) {
-        if (!getCurrentUser().getId().equals(id)) {
+    ResponseEntity<Object> updateUser(@PathVariable String id, @RequestBody UpdateUserRequest request) {
+        var currentUser = getCurrentUser();
+        if (currentUser == null || !currentUser.getId().equals(id)) {
             return ResponseEntity.status(403).build();
         }
         var user = userRepository.findById(getCurrentUser().getId()).orElse(null);
@@ -174,7 +175,8 @@ public class UserController {
 
     @DeleteMapping(path = "/{id}", produces = {MediaType.TEXT_PLAIN_VALUE})
     ResponseEntity<Void> deleteUser(@PathVariable String id) {
-        if (!getCurrentUser().getId().equals(id)) {
+        var currentUser = getCurrentUser();
+        if (currentUser == null || !currentUser.getId().equals(id)) {
             return ResponseEntity.status(403).build();
         }
         userRepository.deleteById(id);