feat: Implement refresh token functionality and update JWT handling

- Added RefreshTokenRequest DTO for handling refresh token requests.
- Updated AuthResponse to include refresh token.
- Implemented refreshToken method in UserService to generate new access and refresh tokens.
- Enhanced JwtUtil to support refresh token generation and validation.
- Updated application.properties to include refresh token expiration configuration.
- Modified AuthController to handle refresh token endpoint.
- Added tests for refresh token validation and handling in JwtUtilTest.
- Updated WorkShiftAssignmentService to ensure no overlapping assignments.
- Added unit tests for WorkShiftAssignmentService to validate assignment creation logic.

Author: xukki241

backend/src/main/java/com/smalltrend/controller/AuthController.java

@@ -3,6 +3,7 @@
 import com.smalltrend.dto.auth.AuthRequest;
 import com.smalltrend.dto.auth.AuthResponse;
 import com.smalltrend.dto.auth.ForgotPasswordOtpRequest;
+import com.smalltrend.dto.auth.RefreshTokenRequest;
 import com.smalltrend.dto.auth.ResetPasswordOtpRequest;
 import com.smalltrend.dto.common.MessageResponse;
 import com.smalltrend.entity.User;
@@ -103,6 +104,18 @@ public ResponseEntity<?> logout() {
         }
     }
 
+    @PostMapping("/refresh")
+    public ResponseEntity<?> refreshToken(@Valid @RequestBody RefreshTokenRequest request) {
+        try {
+            AuthResponse response = userService.refreshToken(request.getRefreshToken());
+            return ResponseEntity.ok(response);
+        } catch (Exception e) {
+            log.warn("Refresh token failed: {}", e.getMessage());
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                    .body(new MessageResponse("Refresh token không hợp lệ hoặc đã hết hạn"));
+        }
+    }
+
     @GetMapping("/me")
     public ResponseEntity<?> getCurrentUser() {
         try {

backend/src/main/java/com/smalltrend/dto/auth/AuthResponse.java

@@ -12,6 +12,7 @@
 public class AuthResponse {
 
     private String token;
+    private String refreshToken;
     @lombok.Builder.Default
     private String type = "Bearer";
     private Integer userId;

backend/src/main/java/com/smalltrend/dto/auth/RefreshTokenRequest.java

@@ -0,0 +1,17 @@
+package com.smalltrend.dto.auth;
+
+import jakarta.validation.constraints.NotBlank;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class RefreshTokenRequest {
+
+    @NotBlank(message = "Refresh token is required")
+    private String refreshToken;
+}

backend/src/main/java/com/smalltrend/repository/WorkShiftAssignmentRepository.java

@@ -19,5 +19,7 @@ public interface WorkShiftAssignmentRepository extends JpaRepository<WorkShiftAs
 
     List<WorkShiftAssignment> findByUserIdAndShiftDateBetweenAndDeletedFalse(Integer userId, LocalDate startDate, LocalDate endDate);
 
+    List<WorkShiftAssignment> findByUserIdAndShiftDateAndDeletedFalse(Integer userId, LocalDate shiftDate);
+
     boolean existsByUserIdAndWorkShiftIdAndShiftDateAndDeletedFalse(Integer userId, Integer workShiftId, LocalDate shiftDate);
 }

backend/src/main/java/com/smalltrend/service/ShiftWorkforceService.java

@@ -77,7 +77,7 @@ public List<AttendanceResponse> listAttendance(LocalDate date, LocalDate startDa
             LocalDate shiftDate = assignment.getShiftDate();
 
             Attendance attendance = attendanceMap.get(key(user.getId(), shiftDate));
-            String attendanceStatus = resolveAttendanceStatus(attendance, assignment, today, now);
+            String attendanceStatus = resolveAttendanceStatusForMonitoring(attendance, assignment, today, now);
 
             if (status != null && !status.trim().isEmpty() && !"ALL".equalsIgnoreCase(status)) {
                 if (!attendanceStatus.equalsIgnoreCase(status.trim())) {
@@ -129,14 +129,21 @@ public AttendanceResponse upsertAttendance(AttendanceUpsertRequest request) {
         attendance.setDate(request.getDate());
         attendance.setTimeIn(request.getTimeIn());
         attendance.setTimeOut(request.getTimeOut());
-        attendance.setStatus(normalizeStatus(request.getStatus()));
 
         WorkShiftAssignment assignment = assignmentRepository
                 .findByUserIdAndShiftDateBetweenAndDeletedFalse(user.getId(), request.getDate(), request.getDate())
                 .stream()
                 .findFirst()
                 .orElse(null);
 
+        validateAttendanceTimeline(request.getTimeIn(), request.getTimeOut(), assignment);
+
+        attendance.setStatus(resolveAttendanceStatusForUpsert(request.getStatus(), request.getTimeIn(), request.getTimeOut(), assignment));
+
+        if (request.getTimeOut() != null && !shouldMarkAssignmentCompleted(attendance)) {
+            attendance.setStatus("PRESENT");
+        }
+
         if (assignment != null && assignment.getWorkShift() != null) {
             WorkShift shift = assignment.getWorkShift();
             attendance.setAssignmentIdSnapshot(assignment.getId());
@@ -253,7 +260,7 @@ public PayrollSummaryResponse buildPayrollSummary(String month,
             acc.totalShifts += 1;
 
             Attendance attendance = attendanceMap.get(key(user.getId(), assignment.getShiftDate()));
-            String attendanceStatus = resolveAttendanceStatus(attendance, assignment, today, now);
+            String attendanceStatus = resolveAttendanceStatusForPayroll(attendance, assignment, today, now);
 
             if ("ABSENT".equals(attendanceStatus)) {
                 acc.absentShifts += 1;
@@ -688,7 +695,7 @@ private boolean shouldMarkAssignmentCompleted(Attendance attendance) {
         return "PRESENT".equals(normalized) || "LATE".equals(normalized);
     }
 
-    private String resolveAttendanceStatus(Attendance attendance,
+    private String resolveAttendanceStatusForPayroll(Attendance attendance,
             WorkShiftAssignment assignment,
             LocalDate today,
             LocalTime now) {
@@ -712,6 +719,114 @@ private String resolveAttendanceStatus(Attendance attendance,
         return "PENDING";
     }
 
+    private String resolveAttendanceStatusForMonitoring(Attendance attendance,
+            WorkShiftAssignment assignment,
+            LocalDate today,
+            LocalTime now) {
+        if (attendance != null) {
+            String normalizedStatus = normalizeStatus(attendance.getStatus());
+            if (!"PENDING".equals(normalizedStatus)) {
+                return normalizedStatus;
+            }
+
+            if (attendance.getTimeIn() != null && attendance.getTimeOut() == null
+                    && hasShiftEnded(assignment, today, now)) {
+                return "MISSING_CLOCK_OUT";
+            }
+
+            if (hasShiftEndedWithoutCheckIn(attendance.getTimeIn(), assignment, today, now)) {
+                return "ABSENT";
+            }
+
+            return "PENDING";
+        }
+
+        if (hasShiftEndedWithoutCheckIn(null, assignment, today, now)) {
+            return "ABSENT";
+        }
+
+        return "PENDING";
+    }
+
+    private String resolveAttendanceStatusForUpsert(String requestedStatus,
+            LocalTime timeIn,
+            LocalTime timeOut,
+            WorkShiftAssignment assignment) {
+        if (requestedStatus != null && !requestedStatus.isBlank()) {
+            return normalizeStatus(requestedStatus);
+        }
+
+        if (timeIn == null) {
+            return "PENDING";
+        }
+
+        if (timeOut == null) {
+            return "PENDING";
+        }
+
+        WorkShift shift = assignment != null ? assignment.getWorkShift() : null;
+        if (shift == null || shift.getStartTime() == null) {
+            return "PRESENT";
+        }
+
+        LocalTime graceCutoff = shift.getStartTime().plusMinutes(Optional.ofNullable(shift.getGracePeroidMinutes()).orElse(0));
+        if (timeIn.isAfter(graceCutoff)) {
+            return "LATE";
+        }
+
+        return "PRESENT";
+    }
+
+    private void validateAttendanceTimeline(LocalTime timeIn,
+            LocalTime timeOut,
+            WorkShiftAssignment assignment) {
+        if (timeOut != null && timeIn == null) {
+            throw new RuntimeException("Không thể rời ca khi chưa chấm công vào ca");
+        }
+
+        if (timeIn != null && timeOut != null && timeOut.equals(timeIn)) {
+            throw new RuntimeException("Giờ vào ca và rời ca không được trùng nhau");
+        }
+
+        if (timeIn == null || timeOut == null || assignment == null || assignment.getWorkShift() == null) {
+            return;
+        }
+
+        WorkShift shift = assignment.getWorkShift();
+        LocalTime shiftStart = shift.getStartTime();
+        LocalTime shiftEnd = shift.getEndTime();
+
+        if (shiftStart == null || shiftEnd == null) {
+            return;
+        }
+
+        boolean overnight = !shiftEnd.isAfter(shiftStart);
+        if (!overnight && timeOut.isBefore(timeIn)) {
+            throw new RuntimeException("Giờ rời ca không hợp lệ: phải sau giờ vào ca");
+        }
+    }
+
+    private boolean hasShiftEnded(WorkShiftAssignment assignment,
+            LocalDate today,
+            LocalTime now) {
+        if (assignment == null || assignment.getShiftDate() == null || assignment.getWorkShift() == null) {
+            return false;
+        }
+
+        WorkShift shift = assignment.getWorkShift();
+        if (shift.getEndTime() == null) {
+            return false;
+        }
+
+        LocalDateTime shiftEndDateTime = LocalDateTime.of(assignment.getShiftDate(), shift.getEndTime());
+        if (shift.getStartTime() != null && !shift.getEndTime().isAfter(shift.getStartTime())) {
+            shiftEndDateTime = shiftEndDateTime.plusDays(1);
+        }
+
+        LocalDateTime nowDateTime = LocalDateTime.of(today, now);
+        return !nowDateTime.isBefore(shiftEndDateTime);
+    }
+
     private boolean hasShiftEndedWithoutCheckIn(LocalTime checkIn,
             WorkShiftAssignment assignment,
             LocalDate today,

backend/src/main/java/com/smalltrend/service/UserService.java

@@ -153,9 +153,11 @@ public AuthResponse register(RegisterRequest request) {
 
         // Generate JWT token
         String token = jwtUtil.generateToken(savedUser.getUsername());
+        String refreshToken = jwtUtil.generateRefreshToken(savedUser.getUsername());
 
         return AuthResponse.builder()
                 .token(token)
+                .refreshToken(refreshToken)
                 .type("Bearer")
                 .userId(savedUser.getId())
                 .username(savedUser.getUsername())
@@ -172,9 +174,36 @@ public AuthResponse login(String username) {
                 .map(UserCredential::getUser)
                 .orElseThrow(() -> new UsernameNotFoundException("User not found")));
         String token = jwtUtil.generateToken(username);
+        String refreshToken = jwtUtil.generateRefreshToken(username);
 
         return AuthResponse.builder()
                 .token(token)
+                .refreshToken(refreshToken)
+                .type("Bearer")
+                .userId(user.getId())
+                .username(user.getUsername())
+                .fullName(user.getFullName())
+                .email(user.getEmail())
+                .role(user.getRole() != null ? user.getRole().getName().toUpperCase() : "ROLE_USER")
+                .avatarUrl(user.getAvatarUrl())
+                .build();
+    }
+
+    public AuthResponse refreshToken(String refreshToken) {
+        String username = jwtUtil.extractUsername(refreshToken);
+        UserDetails userDetails = loadUserByUsername(username);
+
+        if (!jwtUtil.validateRefreshToken(refreshToken, userDetails)) {
+            throw new RuntimeException("Refresh token không hợp lệ hoặc đã hết hạn");
+        }
+
+        User user = getCurrentUser(username);
+        String newAccessToken = jwtUtil.generateToken(username);
+        String newRefreshToken = jwtUtil.generateRefreshToken(username);
+
+        return AuthResponse.builder()
+                .token(newAccessToken)
+                .refreshToken(newRefreshToken)
                 .type("Bearer")
                 .userId(user.getId())
                 .username(user.getUsername())