fix(bug): change the way that jwt is recovered

src/main/java/auth/api/config/JWTService.java

@@ -14,6 +14,8 @@
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Date;
+import java.util.Set;
+import java.util.stream.Collectors;
 
 
 @Service
@@ -32,14 +34,14 @@ public void init() {
 
     }
 
-    public String generateToken(String username, String role) {
+    public String generateToken(String username, Set<UserRoles> roles) {
         Instant now = Instant.now();
 
         Instant expireAt = now.plus(Duration.ofDays(expiration));
 
         String token = Jwts.builder()
                 .setSubject(username)
-                .claim("role", role)
+                .claim("roles", roles.stream().map(UserRoles::name).collect(Collectors.joining(",")))
                 .setIssuedAt(new Date())
                 .setExpiration(Date.from(expireAt))
                 .signWith(key)

src/main/java/auth/api/model/user/UserAuthenticationDTO.java

@@ -1,11 +1,13 @@
 package auth.api.model.user;
 
+import jakarta.validation.constraints.*;
+
 import java.util.*;
 
 public class UserAuthenticationDTO {
     private String username;
     private String password;
-    private UserRoles roles;
+    private Set<UserRoles> roles;
 
     // Getters
     public String getUsername() {
@@ -17,7 +19,7 @@ public String getPassword() {
     }
 
     public Set<UserRoles> getRoles() {
-        return Collections.singleton(roles);
+        return roles;
     }
 
     // Setters
@@ -29,7 +31,7 @@ public void setPassword(String password) {
         this.password = password;
     }
 
-    public void setRoles(UserRoles roles) {
+    public void setRoles(Set<UserRoles> roles) {
         this.roles = roles;
     }
 }

src/main/java/auth/api/model/user/Users.java

@@ -27,7 +27,7 @@ public class Users {
 
     public String getPassword() { return password; }
 
-    public String getRoles() { return roles.toString(); }
+    public Set<UserRoles> getRoles() { return roles; }
 
     // Setters
     public void setUsername(String username) { this.username = username; }

src/main/java/auth/api/services/UserService.java

@@ -31,7 +31,7 @@ public UserService(UserRepository userRepository, PasswordEncoder passwordEncode
 
 
     public ResponseEntity<?> registerUser(@Valid @RequestBody UserAuthenticationDTO registerDTO) {
-        if (registerDTO.getPassword() == null || registerDTO.getPassword().isEmpty()) {
+        if (registerDTO.getPassword() == null || registerDTO.getPassword().isBlank()) {
             return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("O campo 'password' é obrigatório.");
         }
 
@@ -59,17 +59,18 @@ public ResponseEntity<?> registerUser(@Valid @RequestBody UserAuthenticationDTO
     public ResponseEntity<?> login(@RequestBody UserAuthenticationDTO loginDTO) {
         var userExists = userRepository.findByUsername(loginDTO.getUsername());
 
-        if (userExists.isEmpty()) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Usuário não encontrado");
+        if (userExists.isEmpty()) {
+          return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Usuário não encontrado");
+        }
 
         Users user = userExists.get();
 
-        if (!passwordEncoder.matches(loginDTO.getPassword(), user.getPassword())) return  ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Usuário e senha não autorizados.");
-
+        if (!passwordEncoder.matches(loginDTO.getPassword(), user.getPassword())) {
+          return  ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Usuário e senha não autorizados.");
+        }
 
         String token = jwtService.generateToken(user.getUsername(), user.getRoles());
 
-
-
         return ResponseEntity.status(HttpStatus.OK).body(new TokenDTO(token));
     }