From 5f7a0f2c7a14db53e258a668122df64e04e71815 Mon Sep 17 00:00:00 2001
From: axel <axel@gmail.com>
Date: Tue, 26 May 2026 20:22:43 -0300
Subject: [PATCH] fix: corrige erro de permissao no login

- Adiciona try-catch no loadUserByUsername do FiltroJwt para
  evitar 500 quando token referencia usuario deletado
- Expande shouldNotFilter para pular endpoints publicos e imagens
- Corrige login.html para limpar tokens expirados antes de
  redirecionar ao calendario, prevenindo redirect loop
---
 .../agendaestudantil/filtro/FiltroJwt.java    | 26 ++++++++++++++-----
 src/main/resources/static/login.html          | 23 ++++++++++++++--
 2 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/src/main/java/com/agendaestudantil/filtro/FiltroJwt.java b/src/main/java/com/agendaestudantil/filtro/FiltroJwt.java
index 744901c..4302fdd 100644
--- a/src/main/java/com/agendaestudantil/filtro/FiltroJwt.java
+++ b/src/main/java/com/agendaestudantil/filtro/FiltroJwt.java
@@ -5,6 +5,8 @@ import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -17,6 +19,8 @@ import java.io.IOException;
 @Component
 public class FiltroJwt extends OncePerRequestFilter {
 
+    private static final Logger log = LoggerFactory.getLogger(FiltroJwt.class);
+
     private final UtilJwt utilJwt;
     private final UserDetailsService userDetailsService;
 
@@ -30,8 +34,11 @@ public class FiltroJwt extends OncePerRequestFilter {
         String path = request.getRequestURI();
         return path.equals("/") || path.equals("/index.html") || path.equals("/favicon.ico")
                 || path.startsWith("/static/") || path.startsWith("/css/") || path.startsWith("/js/") 
-                || path.startsWith("/img/") || path.endsWith(".css") || path.endsWith(".js") 
-                || path.endsWith(".ico") || path.endsWith(".html");
+                || path.startsWith("/img/") || path.startsWith("/imagens/")
+                || path.startsWith("/api/estudantes/login") || path.startsWith("/api/estudantes/cadastro")
+                || path.endsWith(".css") || path.endsWith(".js") 
+                || path.endsWith(".ico") || path.endsWith(".html") || path.endsWith(".png")
+                || path.endsWith(".svg");
     }
 
     @Override
@@ -50,13 +57,18 @@ public class FiltroJwt extends OncePerRequestFilter {
             estudanteId = utilJwt.getEstudanteIdFromToken(token);
 
             if (SecurityContextHolder.getContext().getAuthentication() == null) {
-                UserDetails userDetails = userDetailsService.loadUserByUsername(estudanteId);
-                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
-                        userDetails, null, userDetails.getAuthorities());
-                SecurityContextHolder.getContext().setAuthentication(authentication);
+                try {
+                    UserDetails userDetails = userDetailsService.loadUserByUsername(estudanteId);
+                    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
+                            userDetails, null, userDetails.getAuthorities());
+                    SecurityContextHolder.getContext().setAuthentication(authentication);
+                } catch (Exception e) {
+                    log.warn("Falha ao carregar usuario do token (id={}): {}", estudanteId, e.getMessage());
+                    SecurityContextHolder.clearContext();
+                }
             }
         }
 
         filterChain.doFilter(request, response);
     }
-}
\ No newline at end of file
+}
diff --git a/src/main/resources/static/login.html b/src/main/resources/static/login.html
index da92ed1..918d478 100644
--- a/src/main/resources/static/login.html
+++ b/src/main/resources/static/login.html
@@ -40,13 +40,32 @@
         (function () {
             const params = new URLSearchParams(window.location.search);
             if (params.get('sessao') === 'expirada') {
+                localStorage.removeItem('fa_token');
+                localStorage.removeItem('fa_user');
                 const erroEl = document.getElementById('mensagem-erro');
                 erroEl.textContent = 'Sua sessao expirou. Faca login novamente.';
                 erroEl.style.display = 'block';
+                return;
             }
 
-            if (localStorage.getItem('fa_token')) {
-                window.location.href = 'calendario.html';
+            const token = localStorage.getItem('fa_token');
+            if (token && token.split('.').length === 3) {
+                try {
+                    const payload = JSON.parse(atob(token.split('.')[1]));
+                    if (payload.exp && Date.now() >= payload.exp * 1000) {
+                        localStorage.removeItem('fa_token');
+                        localStorage.removeItem('fa_user');
+                    } else {
+                        window.location.href = 'calendario.html';
+                        return;
+                    }
+                } catch {
+                    localStorage.removeItem('fa_token');
+                    localStorage.removeItem('fa_user');
+                }
+            } else if (token) {
+                localStorage.removeItem('fa_token');
+                localStorage.removeItem('fa_user');
             }
         })();