refactor(auth): simplify AuthController and remove unused code

Author: OtavioXimarelli

src/main/java/com/otavio/aifoodapp/controller/AuthController.java

@@ -3,13 +3,9 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
-import java.util.concurrent.ConcurrentHashMap;
 
-import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -20,42 +16,28 @@
 import com.otavio.aifoodapp.dto.UserDTO;
 import com.otavio.aifoodapp.model.User;
 import com.otavio.aifoodapp.repository.UserRepository;
-import com.otavio.aifoodapp.security.TokenService;
-import com.otavio.aifoodapp.service.FoodItemService;
 
-import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import jakarta.servlet.http.HttpSession;
 import lombok.extern.slf4j.Slf4j;
 
 /**
- * Controlador consolidado para autenticação
- * Combina funcionalidades de status, login, logout e gerenciamento de tokens
+ * Standard OAuth2 Authentication Controller
+ * Uses Spring Security OAuth2 without custom token handling
  */
 @RestController
 @RequestMapping("/api/auth")
 @Slf4j
 public class AuthController {
 
-    private final FoodItemService foodItemService;
-    private final TokenService tokenService;
     private final UserRepository userRepository;
 
-    // Cache para controlar a frequência de verificações por sessão
-    private final Map<String, Long> lastStatusChecks = new ConcurrentHashMap<>();
-    private static final long STATUS_CHECK_THROTTLE_MS = 2000; // 2 segundos
-    
-    public AuthController(FoodItemService foodItemService, TokenService tokenService, UserRepository userRepository) {
-        this.foodItemService = foodItemService;
-        this.tokenService = tokenService;
+    public AuthController(UserRepository userRepository) {
         this.userRepository = userRepository;
     }
 
-    
     /**
-     * Verificar informações do usuário atual
-     * Endpoint alternativo para obter dados do usuário autenticado
+     * Get current authenticated user information
      */
     @GetMapping("/me")
     public ResponseEntity<UserDTO> getCurrentUser(Authentication authentication) {
@@ -84,7 +66,7 @@ public ResponseEntity<UserDTO> getCurrentUser(Authentication authentication) {
     }
 
     /**
-     * Endpoint para logout
+     * Logout endpoint
      */
     @PostMapping("/logout")
     public ResponseEntity<Map<String, String>> logout(HttpServletRequest request,
@@ -99,7 +81,7 @@ public ResponseEntity<Map<String, String>> logout(HttpServletRequest request,
     }
 
     /**
-     * Endpoint para obter URL de login do Google
+     * Get Google OAuth2 login URL
      */
     @GetMapping("/login/google")
     public ResponseEntity<Map<String, String>> getGoogleLoginUrl() {
@@ -110,189 +92,35 @@ public ResponseEntity<Map<String, String>> getGoogleLoginUrl() {
     }
 
     /**
-     * Verificar se o usuário está autenticado e retornar detalhes
-     * Usado pelo frontend para verificar autenticação persistente
+     * Check authentication status
      */
     @GetMapping("/status")
-    public ResponseEntity<?> authStatus(HttpServletRequest request) {
-        log.info("=== AUTH STATUS CHECK ===");
-        log.info("Request URI: {}, Method: {}", request.getRequestURI(), request.getMethod());
-        log.info("Remote IP: {}, User-Agent: {}", request.getRemoteAddr(), request.getHeader("User-Agent"));
-        log.info("Host: {}, Origin: {}, Referer: {}", 
-                request.getHeader("Host"), 
-                request.getHeader("Origin"), 
-                request.getHeader("Referer"));
+    public ResponseEntity<Map<String, Object>> authStatus(Authentication authentication) {
+        log.debug("Checking authentication status");
+
+        if (authentication != null && authentication.isAuthenticated() &&
+            !"anonymousUser".equals(authentication.getPrincipal())) {
+
+            log.debug("User is authenticated: {}", authentication.getName());
+
+            if (authentication.getPrincipal() instanceof OAuth2User oauth2User) {
+                String email = oauth2User.getAttribute("email");
+                String name = oauth2User.getAttribute("name");
+                String picture = oauth2User.getAttribute("picture");
 
-        try {
-            // Get session ID or IP if no session exists
-            HttpSession session = request.getSession(false);
-            String sessionId = session != null ? session.getId() : request.getRemoteAddr();
-            
-            // Check request frequency for this endpoint
-            long now = System.currentTimeMillis();
-            Long lastCheck = lastStatusChecks.get(sessionId);
-            
-            // If last check was too recent, return 429 Too Many Requests
-            if (lastCheck != null && now - lastCheck < STATUS_CHECK_THROTTLE_MS) {
-                log.warn("Too many requests to /api/auth/status from {}", sessionId);
-                return ResponseEntity.status(HttpStatus.TOO_MANY_REQUESTS)
-                        .body(Map.of("error", "Too many requests. Please wait."));
-            }
-            
-            // Update last check timestamp
-            lastStatusChecks.put(sessionId, now);
-            
-            // Limit cache size (remove old entries with 1% probability)
-            if (lastStatusChecks.size() > 1000 && Math.random() < 0.01) {
-                cleanOldEntries();
-            }
-            
-            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-            
-            // Debug session information
-            log.debug("Auth status check with session ID: {}", sessionId);
-            log.debug("Request URI: {}, Method: {}", request.getRequestURI(), request.getMethod());
-            log.debug("User-Agent: {}", request.getHeader("User-Agent"));
-            log.debug("Origin: {}", request.getHeader("Origin"));
-            log.debug("Referer: {}", request.getHeader("Referer"));
-            
-            // Check cookies for diagnostics
-            Cookie[] cookies = request.getCookies();
-            if (cookies == null) {
-                log.debug("No cookies present in status request");
-            } else {
-                boolean foundJsessionId = false;
-                for (Cookie cookie : cookies) {
-                    if ("JSESSIONID".equals(cookie.getName())) {
-                        foundJsessionId = true;
-                        log.debug("JSESSIONID cookie found: domain={}, path={}, maxAge={}, secure={}, httpOnly={}",
-                                cookie.getDomain() != null ? cookie.getDomain() : "default",
-                                cookie.getPath(),
-                                cookie.getMaxAge(),
-                                cookie.getSecure(),
-                                cookie.isHttpOnly());
-                    }
-                }
-                if (!foundJsessionId) {
-                    log.warn("JSESSIONID cookie not found in status request");
-                }
-            }
-            
-            // Create session if it doesn't exist to ensure we have a valid session for all requests
-            if (session == null) {
-                session = request.getSession(true);
-                log.debug("Created new session for auth status check: {}", session.getId());
-            }
-            
-            if (auth != null && auth.isAuthenticated() && !"anonymousUser".equals(auth.getPrincipal())) {
-                log.info("User is authenticated as: {}", auth.getName());
-                
-                try {
-                    // Ensure security context is in session
-                    session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
-                    
-                    // Get current user info from service
-                    User user = foodItemService.getUserForTesting();
-                    if (user != null) {
-                        log.debug("Successfully retrieved user details for: {}", user.getEmail());
-                        return ResponseEntity.ok(Map.of(
-                            "authenticated", true,
-                            "user", Map.of(
-                                "id", user.getId(),
-                                "name", user.getFirstName() != null && user.getLastName() != null ? 
-                                       user.getFirstName() + " " + user.getLastName() : user.getEmail(),
-                                "email", user.getEmail(),
-                                "picture", user.getProfilePicture() != null ? user.getProfilePicture() : ""
-                            ),
-                            "sessionId", session.getId(),
-                            "sessionCreatedAt", new java.util.Date(session.getCreationTime()).toString()
-                        ));
-                    } else {
-                        log.warn("User object is null for authenticated user: {}", auth.getName());
-                        return ResponseEntity.ok(Map.of(
-                            "authenticated", true,
-                            "sessionId", session.getId(),
-                            "error", "User details unavailable",
-                            "message", "Session is authenticated but user details cannot be retrieved"
-                        ));
-                    }
-                } catch (NullPointerException e) {
-                    log.error("NullPointerException in auth status check", e);
-                    // Return basic authentication info without user details
-                    return ResponseEntity.ok(Map.of(
-                        "authenticated", true,
-                        "sessionId", session.getId(),
-                        "error", "User details unavailable",
-                        "message", "Session is authenticated but user details cannot be retrieved"
-                    ));
-                } catch (Exception e) {
-                    log.error("Error getting user details: {}", e.getMessage(), e);
-                    return ResponseEntity.ok(Map.of(
-                        "authenticated", true,
-                        "sessionId", session.getId(),
-                        "error", "Error fetching user details",
-                        "message", e.getMessage()
-                    ));
-                }
-            } else {
-                log.debug("User is not authenticated. Auth: {}", auth);
-            }
-            
-            return ResponseEntity.ok(Map.of(
-                "authenticated", false,
-                "sessionId", sessionId
-            ));
-        } catch (Exception e) {
-            log.error("Unexpected error in auth status endpoint", e);
-            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
-                .body(Map.of(
-                    "error", "Internal server error",
-                    "message", e.getMessage(),
-                    "path", request.getRequestURI()
-                ));
-        }
-    }
-    
-    /**
-     * Manually trigger token refresh if needed
-     * This can be called by the frontend to ensure tokens are valid
-     * @param request the HTTP request
-     * @return Success status of the refresh operation
-     */
-    @PostMapping("/refresh")
-    public ResponseEntity<?> refreshToken(HttpServletRequest request) {
-        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-        
-        if (auth instanceof OAuth2AuthenticationToken oauth2Auth) {
-            try {
-                boolean refreshed = tokenService.refreshAccessTokenIfNeeded(oauth2Auth);
-                return ResponseEntity.ok(Map.of(
-                    "success", refreshed,
-                    "message", refreshed ? "Token refreshed successfully" : "Token refresh not needed"
-                ));
-            } catch (Exception e) {
-                log.error("Error refreshing token", e);
                 return ResponseEntity.ok(Map.of(
-                    "success", false,
-                    "message", "Error refreshing token: " + e.getMessage()
+                    "authenticated", true,
+                    "user", Map.of(
+                        "email", email != null ? email : "",
+                        "name", name != null ? name : "",
+                        "picture", picture != null ? picture : ""
+                    )
                 ));
             }
+            
+            return ResponseEntity.ok(Map.of("authenticated", true));
         }
-        
-        return ResponseEntity.ok(Map.of(
-            "success", false,
-            "message", "Not an OAuth2 authentication"
-        ));
-    }
-    
-    /**
-     * Limpa entradas antigas do cache de verificações de status
-     */
-    private void cleanOldEntries() {
-        long currentTime = System.currentTimeMillis();
-        long threshold = currentTime - (STATUS_CHECK_THROTTLE_MS * 10); // 10x o tempo de throttle
-        
-        lastStatusChecks.entrySet().removeIf(entry -> entry.getValue() < threshold);
-        log.debug("Cache de verificações de status limpo. Tamanho atual: {}", lastStatusChecks.size());
+
+        return ResponseEntity.ok(Map.of("authenticated", false));
     }
 }

src/main/java/com/otavio/aifoodapp/controller/CustomErrorController.java

@@ -43,6 +43,14 @@ public Object handleError(HttpServletRequest request) {
 
         log.error("Error occurred: {} - {}, Path: {}", statusCode, errorMsg, path);
 
+        // Always log stacktrace if exception is present
+        if (exception != null && exception instanceof Throwable) {
+            StringWriter sw = new StringWriter();
+            PrintWriter pw = new PrintWriter(sw);
+            ((Throwable) exception).printStackTrace(pw);
+            log.error("Exception stacktrace:\n{}", sw.toString());
+        }
+
         // Verificar se a requisição está relacionada ao OAuth2
         if (path != null && 
             (path.contains("/oauth2/") || 

src/main/java/com/otavio/aifoodapp/controller/GlobalExceptionHandler.java

@@ -14,7 +14,7 @@
 import org.springframework.web.context.request.WebRequest;
 import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
 
-import com.otavio.aifoodapp.exception.UsernameOrPasswordInvalidExcpetion;
+import com.otavio.aifoodapp.exception.UsernameOrPasswordInvalidException;
 
 import lombok.extern.slf4j.Slf4j;
 
@@ -47,9 +47,9 @@ public ResponseEntity<Map<String, Object>> handleNotFoundException(UsernameNotFo
     /**
      * Tratar exceções de usuário/senha inválidos
      */
-    @ExceptionHandler(UsernameOrPasswordInvalidExcpetion.class)
+    @ExceptionHandler(UsernameOrPasswordInvalidException.class)
     @ResponseStatus(HttpStatus.UNAUTHORIZED)
-    public ResponseEntity<Map<String, Object>> handleUsernameOrPasswordInvalidException(UsernameOrPasswordInvalidExcpetion ex, WebRequest request) {
+    public ResponseEntity<Map<String, Object>> handleUsernameOrPasswordInvalidException(UsernameOrPasswordInvalidException ex, WebRequest request) {
         log.warn("Invalid credentials: {}", ex.getMessage());
 
         return ResponseEntity
@@ -65,19 +65,16 @@ public ResponseEntity<Map<String, Object>> handleUsernameOrPasswordInvalidExcept
     /**
      * Tratar exceções de validação de argumentos
      */
-    @ExceptionHandler(MethodArgumentNotValidException.class)
-    @ResponseStatus(HttpStatus.BAD_REQUEST)
-    public ResponseEntity<Map<String, Object>> handleArgumentNotValidException(MethodArgumentNotValidException ex, WebRequest request) {
+    @Override
+    protected ResponseEntity<Object> handleMethodArgumentNotValid(MethodArgumentNotValidException ex, org.springframework.http.HttpHeaders headers, org.springframework.http.HttpStatusCode status, WebRequest request) {
         log.warn("Validation failed: {}", ex.getMessage());
-        
         Map<String, String> fieldErrors = new HashMap<>();
         ex.getBindingResult().getAllErrors().forEach((error) -> {
             FieldError fieldError = (FieldError) error;
             fieldErrors.put(fieldError.getField(), fieldError.getDefaultMessage());
         });
-
         return ResponseEntity
-                .status(HttpStatus.BAD_REQUEST)
+                .status(org.springframework.http.HttpStatus.BAD_REQUEST)
                 .body(Map.of(
                     "error", "validation_failed",
                     "message", "Request validation failed",

src/main/java/com/otavio/aifoodapp/exception/UsernameOrPasswordInvalidExcpetion.java

@@ -59,4 +59,24 @@ public class FoodItem {
     @ManyToOne(fetch = FetchType.LAZY)
     @JoinColumn(name = "user_id")
     private User user;
+
+    public void setUser(User user) {
+        this.user = user;
+    }
+
+    public User getUser() {
+        return user;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public void setTags(List<String> tags) {
+        this.tags = tags;
+    }
+
+    public void setFoodGroup(FoodGroup foodGroup) {
+        this.foodGroup = foodGroup;
+    }
 }