Thatsaphorn Atchariyaphap
0759f23b22
1. Enhanced User Session Management & Logging CurrentSessionProvider (backend/server/src/main/java/dev/rheinsw/server/security/session/CurrentSessionProvider.java): - Added comprehensive null safety checks for JWT authentication - Implemented detailed logging for user session retrieval - Added validation for all required JWT claims (sub, preferred_username, email) - Enhanced error messages with specific validation failures UserSessionFilter (backend/server/src/main/java/dev/rheinsw/server/security/session/UserSessionFilter.java): - Replaced silent exception handling with proper logging - Added request context logging (method, URI) - Categorized different exception types for better debugging - Enhanced error visibility while maintaining non-blocking behavior UserService (backend/server/src/main/java/dev/rheinsw/server/security/user/UserService.java): - Added comprehensive null safety validations - Implemented detailed logging for user creation and lookup operations - Enhanced exception handling with proper error context - Added input validation for session data 2. Improved Controller Logging & Validation CustomerController (backend/server/src/main/java/dev/rheinsw/server/internal/customer/controller/CustomerController.java): - Added comprehensive logging for all user actions - Implemented input validation with @Valid annotations - Enhanced error handling with user context - Added null checks for path parameters ProjectController (backend/server/src/main/java/dev/rheinsw/server/internal/project/controller/ProjectController.java): - Similar logging and validation improvements - Added comprehensive user action tracking - Enhanced error handling with proper validation 3. Enhanced DTO Validation CreateCustomerDto (backend/server/src/main/java/dev/rheinsw/server/internal/customer/dtos/CreateCustomerDto.java): - Added Bean Validation annotations (@NotBlank, @Email, @Size) - Implemented comprehensive field validation - Added proper error messages in German CustomerValidationRequest & CreateCustomerProjectDto: Similar validation enhancements 4. Improved Exception Handling GlobalExceptionHandler (backend/common/src/main/java/dev/rheinsw/common/controller/exception/handler/GlobalExceptionHandler.java): - Added correlation IDs for better error tracking - Replaced unsafe error message exposure with secure error responses - Enhanced logging with proper log levels and context - Added specific handlers for validation errors and illegal arguments - Implemented structured error responses with correlation tracking ProjectUseCaseImpl (backend/server/src/main/java/dev/rheinsw/server/internal/project/usecase/ProjectUseCaseImpl.java): - Fixed null return issue (now throws exceptions instead) - Added comprehensive input validation - Enhanced error handling with proper exception types - Added detailed logging for all operations 5. Test Coverage & Quality Added comprehensive unit tests: - CurrentSessionProviderTest: 8 test cases covering all authentication scenarios - UserServiceTest: 7 test cases covering user creation and validation - ProjectUseCaseImplTest: 14 test cases covering project operations - Added test dependencies (spring-boot-starter-test, spring-security-test) 6. Frontend Compatibility Updated frontend error handling: - Enhanced validateCustomer.ts and addCustomer.ts to log correlation IDs - Maintained backward compatibility with existing error handling - Added debugging support for new correlation ID feature 7. Build & Deployment - ✅ Backend: Builds successfully with all tests passing - ✅ Frontend: Both frontend projects build successfully - ✅ Dependencies: Added necessary test dependencies - ✅ Validation: Bean Validation is properly configured and working 🔒 Security & Reliability Improvements 1. Authentication Security: Robust JWT validation with proper error handling 2. Input Validation: Comprehensive validation across all DTOs 3. Error Handling: Secure error responses that don't expose internal details 4. Null Safety: Extensive null checks throughout the codebase 5. Logging Security: No sensitive data logged, proper correlation IDs for debugging 📈 Monitoring & Debugging 1. Correlation IDs: Every error response includes a unique correlation ID 2. Structured Logging: Consistent logging patterns with user context 3. Request Tracing: User actions are logged with proper context 4. Error Classification: Different error types handled appropriately
49 lines
1.4 KiB
TypeScript
49 lines
1.4 KiB
TypeScript
import {CreateCustomerDto} from "@/services/customers/dtos/createCustomer.dto";
|
|
import {UUID} from "node:crypto";
|
|
|
|
export async function addCustomer(params: CreateCustomerDto): Promise<void> {
|
|
const {email, name, companyName, street, zip, city, phoneNumbers, notes} = params;
|
|
|
|
const payload: CreateCustomerDto = {
|
|
email,
|
|
name,
|
|
companyName,
|
|
street,
|
|
zip,
|
|
city,
|
|
phoneNumbers,
|
|
notes: notes.map(({text}) => ({text})),
|
|
};
|
|
|
|
const res = await fetch('/api/customers', {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
},
|
|
body: JSON.stringify(payload),
|
|
});
|
|
|
|
const contentType = res.headers.get("content-type") ?? "";
|
|
const isJson = contentType.includes("application/json");
|
|
|
|
const rawBody = isJson ? await res.json() : await res.text();
|
|
|
|
console.log(`[api /api/customers] Response:`, res.status, rawBody);
|
|
|
|
if (!res.ok) {
|
|
const errorMessage = isJson
|
|
? (rawBody?.message ?? rawBody?.errors?.join(", ")) ?? "Unbekannter Fehler"
|
|
: String(rawBody);
|
|
|
|
// Log correlation ID if available for debugging
|
|
if (isJson && rawBody?.correlationId) {
|
|
console.error(`[api /api/customers] Error occurred [${rawBody.correlationId}]:`, errorMessage);
|
|
}
|
|
|
|
throw new Error(errorMessage);
|
|
}
|
|
|
|
const response = rawBody as UUID;
|
|
console.log(response);
|
|
}
|