Merge branch 'dev'

Author: vitorhugo-java

.gitignore

@@ -1,73 +1,75 @@
-HELP.md
-target/
-!.mvn/wrapper/maven-wrapper.jar
-!**/src/main/**/target/
-!**/src/test/**/target/
-
-### STS ###
-.apt_generated
-.classpath
-.factorypath
-.project
-.settings
-.springBeans
-.sts4-cache
-
-### IntelliJ IDEA ###
-.idea
-*.iws
-*.iml
-*.ipr
-
-### NetBeans ###
-/nbproject/private/
-/nbbuild/
-/dist/
-/nbdist/
-/.nb-gradle/
-build/
-!**/src/main/**/build/
-!**/src/test/**/build/
-
-### VS Code ###
-.vscode/
-
-# dependencies
-frontend/node_modules
-frontend/.pnp
-frontend/.pnp.js
-
-# testing
-frontend/coverage
-
-# production
-frontend/build
-
-# misc
-frontend/.DS_Store
-frontend/.env.local
-frontend/.env.development.local
-frontend/.env.test.local
-frontend/.env.production.local
-
-frontend/npm-debug.log*
-frontend/yarn-debug.log*
-frontend/yarn-error.log*
-
-### Others ###
-
-backend/src/main/resources/application.properties
-/imageDB
-/frontend
-frontend/build.zip
-
-.console.sql
-
-# Ignore Gradle project-specific cache directory
-.gradle
-
-# Ignore Gradle build output directory
-build
-
-docker\.env
-\.env
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+# dependencies
+frontend/node_modules
+frontend/.pnp
+frontend/.pnp.js
+
+# testing
+frontend/coverage
+
+# production
+frontend/build
+
+# misc
+frontend/.DS_Store
+frontend/.env.local
+frontend/.env.development.local
+frontend/.env.test.local
+frontend/.env.production.local
+
+frontend/npm-debug.log*
+frontend/yarn-debug.log*
+frontend/yarn-error.log*
+
+### Others ###
+
+backend/src/main/resources/application.properties
+/imageDB
+/frontend
+frontend/build.zip
+
+.console.sql
+
+# Ignore Gradle project-specific cache directory
+.gradle
+
+# Ignore Gradle build output directory
+build
+
+docker\.env
+\.env
+bin/
+

AUTH_COOKIE_FIX.md

@@ -0,0 +1,55 @@
+# Authentication Cookie Fix
+
+## Problem
+The login GraphQL query was returning the JWT in the response body but not setting the `Set-Cookie` header, causing the browser to never store an auth cookie. This resulted in subsequent `isLogged` queries returning UNAUTHORIZED.
+
+## Root Cause
+- Spring Boot 3.3 with virtual threads enabled (`spring.threads.virtual.enabled=true`)
+- GraphQL operations execute on virtual threads via Spring GraphQL's reactive execution model
+- `RequestContextHolder.getRequestAttributes()` returns `null` in virtual thread context
+- The code in `UserController.login` that attempted to set cookies via `HttpServletResponse` was never executed
+
+## Solution
+Removed the `RequestContextHolder` usage from `UserController.login` and `UserController.doLogoutUser`. 
+
+The application now relies solely on `GraphQlCookieInterceptor` which:
+- Operates at the web layer (not within virtual thread context)
+- Intercepts all GraphQL responses
+- For `login` operations: extracts the JWT token from response data and adds `Set-Cookie` header
+- For `logout` operations: adds a clear cookie header
+- Properly handles cross-origin requests with correct `SameSite` and `Secure` attributes
+
+## Changes Made
+- **src/main/java/com/espacogeek/geek/controllers/UserController.java**
+  - Removed `RequestContextHolder` usage from `doLoginUser` method (GraphQL operation: `login`)
+  - Removed `RequestContextHolder` usage from `doLogoutUser` method (GraphQL operation: `logout`)
+  - Removed unused imports: `HttpHeaders`, `ResponseCookie`, `RequestContextHolder`, `ServletRequestAttributes`, `HttpServletRequest`, `HttpServletResponse`
+
+## How It Works Now
+1. User calls `login` GraphQL query with credentials
+2. `UserController.doLoginUser` authenticates and returns JWT token in response data
+3. `GraphQlCookieInterceptor` intercepts the response
+4. Interceptor extracts token from `response.getData().get("login")`
+5. Interceptor adds `Set-Cookie` header to `response.getResponseHeaders()`
+6. Browser receives both token in body and Set-Cookie header
+
+## Testing
+All existing tests pass, including:
+- `LoginQueryTest` - validates login functionality
+- All user-related tests
+
+## Configuration
+Cookie behavior is configured in `application.properties`:
+```properties
+security.jwt.cookie-name=EG_AUTH
+security.jwt.cookie-path=/
+security.jwt.same-site-when-same-site=Lax
+security.jwt.expiration-ms=604800000
+```
+
+CORS must allow credentials:
+```properties
+spring.mvc.cors.allowed-origins=http://localhost:3000
+```
+
+Frontend must use `credentials: 'include'` in fetch requests.

GRAPHQL_GUIDE.md

@@ -0,0 +1,176 @@
+# GraphQL API Guide
+
+## Accessing GraphiQL
+
+GraphiQL is an interactive GraphQL IDE that allows you to explore and test the API.
+
+### Local Development
+Once the application is running, access GraphiQL at:
+```
+http://localhost:8080/graphiql
+```
+
+### GraphQL Endpoint
+The GraphQL API endpoint is:
+```
+http://localhost:8080/api
+```
+
+## Using GraphiQL
+
+### 1. Exploring the Schema
+- Click the "Docs" button on the right side of GraphiQL to browse all available queries and mutations
+- The schema includes detailed descriptions and examples for each operation
+- Use auto-complete (Ctrl+Space) to discover fields and operations
+
+### 2. Example Queries
+
+#### Search for TV Series
+```graphql
+query {
+  tvserie(name: "Breaking Bad") {
+    content {
+      id
+      name
+      about
+      cover
+      genre {
+        name
+      }
+    }
+    totalElements
+  }
+}
+```
+
+#### Search for Games
+```graphql
+query {
+  game(name: "The Last of Us", page: 0, size: 10) {
+    content {
+      id
+      name
+      about
+      cover
+      genre {
+        name
+      }
+    }
+    totalPages
+    totalElements
+  }
+}
+```
+
+#### Get Daily Quote Artwork
+```graphql
+query {
+  dailyQuoteArtwork {
+    quote
+    author
+    urlArtwork
+  }
+}
+```
+
+### 3. Authentication
+
+Most mutations require authentication. First, login to get a JWT token:
+
+```graphql
+query {
+  login(email: "user@example.com", password: "yourpassword")
+}
+```
+
+Then, add the token to the HTTP Headers in GraphiQL:
+```json
+{
+  "Authorization": "Bearer YOUR_JWT_TOKEN_HERE"
+}
+```
+
+### 4. Example Mutations
+
+#### Create a New User (No authentication required)
+```graphql
+mutation {
+  createUser(credentials: {
+    username: "johndoe"
+    email: "john@example.com"
+    password: "securepassword123"
+  })
+}
+```
+
+#### Change Password (Requires authentication)
+```graphql
+mutation {
+  editPassword(
+    actualPassword: "currentpassword"
+    newPassword: "newsecurepassword"
+  )
+}
+```
+
+#### Update Username (Requires authentication)
+```graphql
+mutation {
+  editUsername(
+    password: "yourpassword"
+    newUsername: "newusername"
+  )
+}
+```
+
+## Tips
+
+1. **Use Variables**: For cleaner queries, use GraphQL variables:
+   ```graphql
+   query SearchGame($name: String!, $page: Int, $size: Int) {
+     game(name: $name, page: $page, size: $size) {
+       content {
+         id
+         name
+       }
+     }
+   }
+   ```
+   Variables panel:
+   ```json
+   {
+     "name": "The Last of Us",
+     "page": 0,
+     "size": 10
+   }
+   ```
+
+2. **Request Only What You Need**: GraphQL allows you to specify exactly which fields you want, reducing data transfer.
+
+3. **Explore Nested Fields**: Use the Docs panel to discover all available nested fields in types like Media, Genre, etc.
+
+4. **Format Your Queries**: Use the "Prettify" button to auto-format your GraphQL queries.
+
+## Troubleshooting
+
+### GraphiQL is not accessible
+- Ensure the application is running
+- Check that you're accessing the correct URL: `http://localhost:8080/graphiql`
+- Verify the port number matches your configuration
+
+### Authentication errors
+- Make sure you've included the JWT token in the Authorization header
+- Verify the token is still valid (tokens may expire)
+- Check that you're using the format: `Bearer YOUR_TOKEN`
+
+### Database errors
+- Ensure MySQL database is running and accessible
+- Verify environment variables are set correctly:
+  - `SPRING_DATASOURCE_URL`
+  - `SPRING_DATASOURCE_USERNAME`
+  - `SPRING_DATASOURCE_PASSWORD`
+
+## Additional Resources
+
+- [GraphQL Official Documentation](https://graphql.org/learn/)
+- [Spring for GraphQL Documentation](https://docs.spring.io/spring-graphql/reference/)