add better logging

Author: while1618

backend/spring-boot/pom.xml

@@ -49,10 +49,7 @@
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-actuator</artifactId>
     </dependency>
-    <dependency>
-      <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-aspectj</artifactId>
-    </dependency>
+
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-data-jpa</artifactId>

backend/spring-boot/src/main/java/org/bugzkit/api/admin/service/impl/UserServiceImpl.java

@@ -2,6 +2,7 @@
 
 import java.util.HashSet;
 import java.util.Set;
+import lombok.extern.slf4j.Slf4j;
 import org.bugzkit.api.admin.payload.request.PatchUserRequest;
 import org.bugzkit.api.admin.payload.request.UserRequest;
 import org.bugzkit.api.admin.service.UserService;
@@ -24,6 +25,7 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+@Slf4j
 @Service("adminUserService")
 @PreAuthorize("hasAuthority('ADMIN')")
 public class UserServiceImpl implements UserService {
@@ -49,10 +51,14 @@ public UserServiceImpl(
   @Override
   @Transactional
   public UserDTO create(UserRequest userRequest) {
-    if (userRepository.existsByUsername(userRequest.username()))
+    if (userRepository.existsByUsername(userRequest.username())) {
+      log.warn("Admin user creation failed: username '{}' already exists", userRequest.username());
       throw new ConflictException("user.usernameExists");
-    if (userRepository.existsByEmail(userRequest.email()))
+    }
+    if (userRepository.existsByEmail(userRequest.email())) {
+      log.warn("Admin user creation failed: email '{}' already exists", userRequest.email());
       throw new ConflictException("user.emailExists");
+    }
     final var user =
         User.builder()
             .username(userRequest.username())
@@ -62,7 +68,9 @@ public UserDTO create(UserRequest userRequest) {
             .lock(userRequest.lock())
             .roles(new HashSet<>(roleRepository.findAllByNameIn(userRequest.roleNames())))
             .build();
-    return UserMapper.INSTANCE.userToAdminUserDTO(userRepository.save(user));
+    final var saved = userRepository.save(user);
+    log.info("Admin created user '{}' (id={})", saved.getUsername(), saved.getId());
+    return UserMapper.INSTANCE.userToAdminUserDTO(saved);
   }
 
   /*
@@ -87,7 +95,11 @@ public UserDTO findById(Long id) {
     return userRepository
         .findWithRolesById(id)
         .map(UserMapper.INSTANCE::userToAdminUserDTO)
-        .orElseThrow(() -> new ResourceNotFoundException("user.notFound"));
+        .orElseThrow(
+            () -> {
+              log.warn("Admin user lookup failed: no user found with id '{}'", id);
+              return new ResourceNotFoundException("user.notFound");
+            });
   }
 
   @Override
@@ -96,7 +108,11 @@ public UserDTO update(Long id, UserRequest userRequest) {
     final var user =
         userRepository
             .findWithRolesById(id)
-            .orElseThrow(() -> new ResourceNotFoundException("user.notFound"));
+            .orElseThrow(
+                () -> {
+                  log.warn("Admin user update failed: no user found with id '{}'", id);
+                  return new ResourceNotFoundException("user.notFound");
+                });
 
     setUsername(user, userRequest.username());
     setEmail(user, userRequest.email());
@@ -108,7 +124,9 @@ public UserDTO update(Long id, UserRequest userRequest) {
       setRoles(user, userRequest.roleNames());
     }
 
-    return UserMapper.INSTANCE.userToAdminUserDTO(userRepository.save(user));
+    final var updated = userRepository.save(user);
+    log.info("Admin updated user '{}' (id={})", updated.getUsername(), id);
+    return UserMapper.INSTANCE.userToAdminUserDTO(updated);
   }
 
   @Override
@@ -117,7 +135,11 @@ public UserDTO patch(Long id, PatchUserRequest patchUserRequest) {
     final var user =
         userRepository
             .findWithRolesById(id)
-            .orElseThrow(() -> new ResourceNotFoundException("user.notFound"));
+            .orElseThrow(
+                () -> {
+                  log.warn("Admin user patch failed: no user found with id '{}'", id);
+                  return new ResourceNotFoundException("user.notFound");
+                });
 
     if (patchUserRequest.username() != null) setUsername(user, patchUserRequest.username());
     if (patchUserRequest.email() != null) setEmail(user, patchUserRequest.email());
@@ -129,7 +151,9 @@ public UserDTO patch(Long id, PatchUserRequest patchUserRequest) {
       if (patchUserRequest.roleNames() != null) setRoles(user, patchUserRequest.roleNames());
     }
 
-    return UserMapper.INSTANCE.userToAdminUserDTO(userRepository.save(user));
+    final var updated = userRepository.save(user);
+    log.info("Admin patched user '{}' (id={})", updated.getUsername(), id);
+    return UserMapper.INSTANCE.userToAdminUserDTO(updated);
   }
 
   private boolean isSelf(Long id) {
@@ -143,16 +167,19 @@ private void deleteAuthTokens(Long userId) {
 
   private void setUsername(User user, String username) {
     if (username.equals(user.getUsername())) return;
-    if (userRepository.existsByUsername(username))
+    if (userRepository.existsByUsername(username)) {
+      log.warn("Admin user update failed: username '{}' already exists", username);
       throw new ConflictException("user.usernameExists");
-
+    }
     user.setUsername(username);
   }
 
   private void setEmail(User user, String email) {
     if (email.equals(user.getEmail())) return;
-    if (userRepository.existsByEmail(email)) throw new ConflictException("user.emailExists");
-
+    if (userRepository.existsByEmail(email)) {
+      log.warn("Admin user update failed: email '{}' already exists", email);
+      throw new ConflictException("user.emailExists");
+    }
     user.setEmail(email);
   }
 
@@ -161,36 +188,56 @@ private void setPassword(User user, String password) {
       return;
 
     user.setPassword(bCryptPasswordEncoder.encode(password));
-    if (user.getId() != null) deleteAuthTokens(user.getId());
+    if (user.getId() != null) {
+      deleteAuthTokens(user.getId());
+      log.info(
+          "Password changed for user '{}' (id={}), all tokens invalidated",
+          user.getUsername(),
+          user.getId());
+    }
   }
 
   private void setActive(User user, Boolean active) {
     if (user.getActive().equals(active)) return;
-
     user.setActive(active);
-    if (Boolean.FALSE.equals(active)) deleteAuthTokens(user.getId());
+    if (Boolean.FALSE.equals(active)) {
+      deleteAuthTokens(user.getId());
+      log.info(
+          "User '{}' (id={}) deactivated, all tokens invalidated",
+          user.getUsername(),
+          user.getId());
+    }
   }
 
   private void setLock(User user, Boolean lock) {
     if (user.getLock().equals(lock)) return;
-
     user.setLock(lock);
-    if (Boolean.TRUE.equals(lock)) deleteAuthTokens(user.getId());
+    if (Boolean.TRUE.equals(lock)) {
+      deleteAuthTokens(user.getId());
+      log.info(
+          "User '{}' (id={}) locked, all tokens invalidated", user.getUsername(), user.getId());
+    }
   }
 
   private void setRoles(User user, Set<RoleName> roleNames) {
-    if (roleNames.isEmpty()) throw new BadRequestException("user.rolesEmpty");
-
+    if (roleNames.isEmpty()) {
+      log.warn("Admin role update failed for user '{}': role list is empty", user.getId());
+      throw new BadRequestException("user.rolesEmpty");
+    }
     final var roles = new HashSet<>(roleRepository.findAllByNameIn(roleNames));
     if (user.getRoles().equals(roles)) return;
-
     user.setRoles(roles);
     deleteAuthTokens(user.getId());
+    log.info(
+        "Roles updated for user '{}' (id={}), all tokens invalidated",
+        user.getUsername(),
+        user.getId());
   }
 
   @Override
   public void delete(Long id) {
     deleteAuthTokens(id);
     userRepository.deleteById(id);
+    log.info("Admin deleted user with id '{}'", id);
   }
 }

backend/spring-boot/src/main/java/org/bugzkit/api/auth/controller/AuthController.java

@@ -18,7 +18,7 @@
 import org.bugzkit.api.auth.util.AuthUtil;
 import org.bugzkit.api.auth.util.JwtUtil;
 import org.bugzkit.api.shared.constants.Path;
-import org.bugzkit.api.shared.ratelimit.RateLimit;
+import org.bugzkit.api.shared.interceptor.RateLimit;
 import org.bugzkit.api.user.payload.dto.UserDTO;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpHeaders;

backend/spring-boot/src/main/java/org/bugzkit/api/auth/oauth2/OAuth2SuccessHandler.java

@@ -66,7 +66,8 @@ public void onAuthenticationSuccess(
     response.addHeader(HttpHeaders.SET_COOKIE, accessTokenCookie.toString());
     response.addHeader(HttpHeaders.SET_COOKIE, refreshTokenCookie.toString());
     response.sendRedirect(uiUrl);
-    log.info("OAuth finished");
+    log.info(
+        "OAuth2 login successful for user '{}' on device '{}'", userPrincipal.getId(), deviceId);
     MDC.clear();
   }
 }

backend/spring-boot/src/main/java/org/bugzkit/api/auth/oauth2/OAuth2UserService.java

@@ -30,17 +30,20 @@ public OAuth2UserService(UserRepository userRepository, RoleRepository roleRepos
   @Override
   public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
     MDC.put("REQUEST_ID", UUID.randomUUID().toString());
-    log.info("OAuth called");
     final var oAuthUser = super.loadUser(userRequest);
     final String email = oAuthUser.getAttribute("email");
     final boolean emailVerified = Boolean.TRUE.equals(oAuthUser.getAttribute("email_verified"));
     if (!emailVerified) throw new DisabledException("user.notActive");
-    final var user = userRepository.findWithRolesByEmail(email).orElseGet(() -> createUser(email));
+    final var provider = userRequest.getClientRegistration().getRegistrationId();
+    final var user =
+        userRepository.findWithRolesByEmail(email).orElseGet(() -> createUser(email, provider));
     if (user.getUsername() == null) user.setUsername(email);
+    log.info("OAuth2 login via '{}' for '{}'", provider, email);
     return new OAuth2UserPrincipal(UserPrincipal.create(user), oAuthUser.getAttributes());
   }
 
-  private User createUser(String email) {
+  private User createUser(String email, String provider) {
+    log.info("Provisioning new OAuth2 user via '{}' for '{}'", provider, email);
     final var roles =
         roleRepository
             .findByName(RoleName.USER)

backend/spring-boot/src/main/java/org/bugzkit/api/auth/service/impl/AccessTokenServiceImpl.java

@@ -4,6 +4,7 @@
 import java.time.Instant;
 import java.util.Set;
 import java.util.UUID;
+import lombok.extern.slf4j.Slf4j;
 import org.bugzkit.api.auth.redis.model.AccessTokenBlacklist;
 import org.bugzkit.api.auth.redis.model.UserBlacklist;
 import org.bugzkit.api.auth.redis.repository.AccessTokenBlacklistRepository;
@@ -16,6 +17,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
+@Slf4j
 @Service
 public class AccessTokenServiceImpl implements AccessTokenService {
   private static final JwtPurpose PURPOSE = JwtPurpose.ACCESS_TOKEN;
@@ -59,22 +61,27 @@ private void verifyToken(String token) {
     try {
       JwtUtil.verify(token, secret, PURPOSE);
     } catch (RuntimeException e) {
+      log.warn("Access token verification failed: {}", e.getMessage());
       throw new UnauthorizedException("auth.tokenInvalid");
     }
   }
 
   private void isInAccessTokenBlacklist(String token) {
-    if (accessTokenBlacklistRepository.existsById(JwtUtil.getJwtId(token)))
+    if (accessTokenBlacklistRepository.existsById(JwtUtil.getJwtId(token))) {
+      log.warn("Access token '{}' is blacklisted", JwtUtil.getJwtId(token));
       throw new UnauthorizedException("auth.tokenInvalid");
+    }
   }
 
   private void isInUserBlacklist(String token) {
     final var userId = JwtUtil.getUserId(token);
     final var issuedAt = JwtUtil.getIssuedAt(token);
     final var userInBlacklist = userBlacklistRepository.findById(userId);
     if (userInBlacklist.isEmpty()) return;
-    if (issuedAt.isBefore(userInBlacklist.get().getUpdatedAt()))
+    if (issuedAt.isBefore(userInBlacklist.get().getUpdatedAt())) {
+      log.warn("Access token for user '{}' was issued before the user blacklist entry", userId);
       throw new UnauthorizedException("auth.tokenInvalid");
+    }
   }
 
   @Override