Gitlab-Migration/rheinsw-mono-repo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dev
rheinsw-mono-repo/backend/server/pom.xml
Thatsaphorn Atchariyaphap 0759f23b22 Backend Refactoring 
1. Enhanced User Session Management & Logging

  CurrentSessionProvider (backend/server/src/main/java/dev/rheinsw/server/security/session/CurrentSessionProvider.java):
  - Added comprehensive null safety checks for JWT authentication
  - Implemented detailed logging for user session retrieval
  - Added validation for all required JWT claims (sub, preferred_username, email)
  - Enhanced error messages with specific validation failures

  UserSessionFilter (backend/server/src/main/java/dev/rheinsw/server/security/session/UserSessionFilter.java):
  - Replaced silent exception handling with proper logging
  - Added request context logging (method, URI)
  - Categorized different exception types for better debugging
  - Enhanced error visibility while maintaining non-blocking behavior

  UserService (backend/server/src/main/java/dev/rheinsw/server/security/user/UserService.java):
  - Added comprehensive null safety validations
  - Implemented detailed logging for user creation and lookup operations
  - Enhanced exception handling with proper error context
  - Added input validation for session data

  2. Improved Controller Logging & Validation

  CustomerController (backend/server/src/main/java/dev/rheinsw/server/internal/customer/controller/CustomerController.java):
  - Added comprehensive logging for all user actions
  - Implemented input validation with @Valid annotations
  - Enhanced error handling with user context
  - Added null checks for path parameters

  ProjectController (backend/server/src/main/java/dev/rheinsw/server/internal/project/controller/ProjectController.java):
  - Similar logging and validation improvements
  - Added comprehensive user action tracking
  - Enhanced error handling with proper validation

  3. Enhanced DTO Validation

  CreateCustomerDto (backend/server/src/main/java/dev/rheinsw/server/internal/customer/dtos/CreateCustomerDto.java):
  - Added Bean Validation annotations (@NotBlank, @Email, @Size)
  - Implemented comprehensive field validation
  - Added proper error messages in German

  CustomerValidationRequest & CreateCustomerProjectDto: Similar validation enhancements

  4. Improved Exception Handling

  GlobalExceptionHandler (backend/common/src/main/java/dev/rheinsw/common/controller/exception/handler/GlobalExceptionHandler.java):
  - Added correlation IDs for better error tracking
  - Replaced unsafe error message exposure with secure error responses
  - Enhanced logging with proper log levels and context
  - Added specific handlers for validation errors and illegal arguments
  - Implemented structured error responses with correlation tracking

  ProjectUseCaseImpl (backend/server/src/main/java/dev/rheinsw/server/internal/project/usecase/ProjectUseCaseImpl.java):
  - Fixed null return issue (now throws exceptions instead)
  - Added comprehensive input validation
  - Enhanced error handling with proper exception types
  - Added detailed logging for all operations

  5. Test Coverage & Quality

  Added comprehensive unit tests:
  - CurrentSessionProviderTest: 8 test cases covering all authentication scenarios
  - UserServiceTest: 7 test cases covering user creation and validation
  - ProjectUseCaseImplTest: 14 test cases covering project operations
  - Added test dependencies (spring-boot-starter-test, spring-security-test)

  6. Frontend Compatibility

  Updated frontend error handling:
  - Enhanced validateCustomer.ts and addCustomer.ts to log correlation IDs
  - Maintained backward compatibility with existing error handling
  - Added debugging support for new correlation ID feature

  7. Build & Deployment

  -  Backend: Builds successfully with all tests passing
  -  Frontend: Both frontend projects build successfully
  -  Dependencies: Added necessary test dependencies
  -  Validation: Bean Validation is properly configured and working

  🔒 Security & Reliability Improvements

  1. Authentication Security: Robust JWT validation with proper error handling
  2. Input Validation: Comprehensive validation across all DTOs
  3. Error Handling: Secure error responses that don't expose internal details
  4. Null Safety: Extensive null checks throughout the codebase
  5. Logging Security: No sensitive data logged, proper correlation IDs for debugging

  📈 Monitoring & Debugging

  1. Correlation IDs: Every error response includes a unique correlation ID
  2. Structured Logging: Consistent logging patterns with user context
  3. Request Tracing: User actions are logged with proper context
  4. Error Classification: Different error types handled appropriately
2025-07-23 00:18:26 +02:00

144 lines
5.7 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>dev.rheinsw</groupId>
<artifactId>backend</artifactId>
<version>1.0.0</version>
</parent>
<groupId>dev.rheinsw.backend</groupId>
<artifactId>server</artifactId>
<properties>
<maven.compiler.source>21</maven.compiler.source>
<maven.compiler.target>21</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${maven.compiler.plugin.version}</version>
<configuration>
<source>${maven.compiler.source}</source>
<target>${maven.compiler.target}</target>
<annotationProcessorPaths>
<path>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${lombok.version}</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>3.6.0</version>
<executions>
<execution>
<id>copy-dependencies</id>
<phase>package</phase>
<goals>
<goal>copy-dependencies</goal>
</goals>
<configuration>
<outputDirectory>${project.build.directory}/libs</outputDirectory>
<includeScope>runtime</includeScope>
</configuration>
</execution>
</executions>
</plugin>
<!-- <plugin>-->
<!-- <groupId>org.springframework.boot</groupId>-->
<!-- <artifactId>spring-boot-maven-plugin</artifactId>-->
<!-- </plugin>-->
</plugins>
</build>
<dependencies>
<!-- Spring stuff -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mail</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- Tools -->
<!-- https://mvnrepository.com/artifact/org.projectlombok/lombok -->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${lombok.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jakarta.validation</groupId>
<artifactId>jakarta.validation-api</artifactId>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
</dependency>
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-database-postgresql</artifactId>
</dependency>
<!-- FIX: com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Java 8 date/time type `java.time.Instant` not supported by default: add Module "com.fasterxml.jackson.datatype:jackson-datatype-jsr310" to enable handling (through reference chain: java.util.ArrayList[0]->dev.rheinsw.server.customer.model.records.CustomerNote["createdAt"]) -->
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-jsr310</artifactId>
</dependency>
<dependency>
<groupId>com.vladmihalcea</groupId>
<artifactId>hibernate-types-60</artifactId> <!-- for Hibernate 6 -->
<version>2.21.1</version>
</dependency>
<dependency>
<groupId>dev.rheinsw</groupId>
<artifactId>common</artifactId>
<version>1.0.0</version>
<scope>compile</scope>
</dependency>
<!-- Test Dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
</project>
Reference in New Issue View Git Blame Copy Permalink