Merge branch 'dev' into inventory

Author: lanhlungboiz045

backend/src/main/java/com/smalltrend/controller/AuditLogController.java

@@ -51,10 +51,10 @@ public ResponseEntity<AuditLogPageResponse> getAuditLogs(
             @RequestParam(required = false) String ipAddress,
             @RequestParam(required = false) String traceId,
             @RequestParam(required = false) String source,
-            @RequestParam(defaultValue = "0") Integer page,
-            @RequestParam(defaultValue = "50") Integer size,
-            @RequestParam(defaultValue = "createdAt") String sortBy,
-            @RequestParam(defaultValue = "DESC") String sortDirection
+            @RequestParam(value = "page", defaultValue = "0") Integer page,
+            @RequestParam(value = "size", defaultValue = "50") Integer size,
+            @RequestParam(value = "sortBy", defaultValue = "createdAt") String sortBy,
+            @RequestParam(value = "sortDirection", defaultValue = "DESC") String sortDirection
     ) {
         AuditLogFilterRequest filter = AuditLogFilterRequest.builder()
                 .fromDateTime(fromDateTime)

backend/src/main/java/com/smalltrend/controller/AuthController.java

@@ -2,8 +2,11 @@
 
 import com.smalltrend.dto.auth.AuthRequest;
 import com.smalltrend.dto.auth.AuthResponse;
+import com.smalltrend.dto.auth.ForgotPasswordOtpRequest;
+import com.smalltrend.dto.auth.ResetPasswordOtpRequest;
 import com.smalltrend.dto.common.MessageResponse;
 import com.smalltrend.entity.User;
+import com.smalltrend.service.PasswordResetOtpService;
 import com.smalltrend.service.UserService;
 import com.smalltrend.validation.UserManagementValidator;
 import jakarta.validation.Valid;
@@ -30,6 +33,7 @@
 public class AuthController {
 
     private final UserService userService;
+    private final PasswordResetOtpService passwordResetOtpService;
     private final AuthenticationManager authenticationManager;
     private final UserManagementValidator validator;
 
@@ -143,4 +147,41 @@ public ResponseEntity<?> validateToken() {
                     .body(new MessageResponse("Token không hợp lệ"));
         }
     }
+
+    @PostMapping("/forgot-password/otp")
+    public ResponseEntity<?> requestPasswordOtp(@Valid @RequestBody ForgotPasswordOtpRequest request) {
+        try {
+            passwordResetOtpService.requestOtp(request.getEmail());
+            return ResponseEntity.ok(new MessageResponse("OTP da duoc gui den email"));
+        } catch (RuntimeException ex) {
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST)
+                    .body(new MessageResponse(ex.getMessage()));
+        } catch (Exception ex) {
+            log.error("Request password OTP error for email {}", request.getEmail(), ex);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+                    .body(new MessageResponse("Khong the gui OTP, vui long thu lai sau"));
+        }
+    }
+
+    @PostMapping("/forgot-password/reset")
+    public ResponseEntity<?> resetPasswordWithOtp(@Valid @RequestBody ResetPasswordOtpRequest request) {
+        try {
+            passwordResetOtpService.resetPassword(
+                    request.getEmail(),
+                    request.getOtp(),
+                    request.getNewPassword(),
+                    request.getConfirmPassword());
+            return ResponseEntity.ok(new MessageResponse("Dat lai mat khau thanh cong"));
+        } catch (IllegalArgumentException ex) {
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST)
+                    .body(new MessageResponse(ex.getMessage()));
+        } catch (RuntimeException ex) {
+            return ResponseEntity.status(HttpStatus.BAD_REQUEST)
+                    .body(new MessageResponse(ex.getMessage()));
+        } catch (Exception ex) {
+            log.error("Reset password by OTP failed for email {}", request.getEmail(), ex);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+                    .body(new MessageResponse("Khong the dat lai mat khau, vui long thu lai sau"));
+        }
+    }
 }

backend/src/main/java/com/smalltrend/controller/CRM/CustomerController.java

@@ -20,6 +20,7 @@ public class CustomerController {
     private final CustomerService customerService;
 
     @GetMapping("/customers")
+    @PreAuthorize("hasAnyAuthority('ADMIN','ROLE_ADMIN','MANAGER','ROLE_MANAGER')")
     public ResponseEntity<List<CustomerResponse>> getAllCustomers() {
         List<CustomerResponse> customers = customerService.getAllCustomers();
         return ResponseEntity.ok(customers);

backend/src/main/java/com/smalltrend/controller/ReportController.java

@@ -54,8 +54,8 @@ public ResponseEntity<ReportDTO> generateReport(
     @GetMapping("/history")
     @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<ReportPageResponse> getReportHistory(
-            @RequestParam(defaultValue = "0") int page,
-            @RequestParam(defaultValue = "10") int size,
+            @RequestParam(value = "page", defaultValue = "0") int page,
+            @RequestParam(value = "size", defaultValue = "10") int size,
             Authentication authentication) {
         String userEmail = authentication.getName();
         ReportPageResponse response = reportService.getReportHistory(userEmail, page, size);
@@ -68,8 +68,8 @@ public ResponseEntity<ReportPageResponse> getReportHistory(
     @GetMapping("/all")
     @PreAuthorize("hasRole('ADMIN')")
     public ResponseEntity<ReportPageResponse> getAllReports(
-            @RequestParam(defaultValue = "0") int page,
-            @RequestParam(defaultValue = "10") int size) {
+            @RequestParam(value = "page", defaultValue = "0") int page,
+            @RequestParam(value = "size", defaultValue = "10") int size) {
         ReportPageResponse response = reportService.getAllReports(page, size);
         return ResponseEntity.ok(response);
     }

backend/src/main/java/com/smalltrend/controller/SaleOrderController.java

@@ -25,23 +25,23 @@ public class SaleOrderController {
     @GetMapping
     @PreAuthorize("hasAnyRole('ADMIN', 'MANAGER', 'CASHIER', 'SALES_STAFF')")
     public ResponseEntity<?> list(
-            @RequestParam(required = false) String status,
-            @RequestParam(required = false) Integer cashierId,
-            @RequestParam(required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate fromDate,
-            @RequestParam(required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate toDate) {
+            @RequestParam(value = "status", required = false) String status,
+            @RequestParam(value = "cashierId", required = false) Integer cashierId,
+            @RequestParam(value = "fromDate", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate fromDate,
+            @RequestParam(value = "toDate", required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate toDate) {
         List<OrderResponse> responses = saleOrderService.listOrders(status, cashierId, fromDate, toDate);
         return ResponseEntity.ok(responses);
     }
 
     @GetMapping("/{id}")
     @PreAuthorize("hasAnyRole('ADMIN', 'MANAGER', 'CASHIER', 'SALES_STAFF')")
-    public ResponseEntity<?> getById(@PathVariable Integer id) {
+    public ResponseEntity<?> getById(@PathVariable("id") Integer id) {
         return ResponseEntity.ok(saleOrderService.getById(id));
     }
 
     @GetMapping("/code/{orderCode}")
     @PreAuthorize("hasAnyRole('ADMIN', 'MANAGER', 'CASHIER', 'SALES_STAFF')")
-    public ResponseEntity<?> getByCode(@PathVariable String orderCode) {
+    public ResponseEntity<?> getByCode(@PathVariable("orderCode") String orderCode) {
         return ResponseEntity.ok(saleOrderService.getByOrderCode(orderCode));
     }
 
@@ -53,26 +53,26 @@ public ResponseEntity<?> create(@RequestBody OrderRequest request) {
 
     @PutMapping("/{id}")
     @PreAuthorize("hasAnyRole('ADMIN', 'MANAGER', 'CASHIER')")
-    public ResponseEntity<?> update(@PathVariable Integer id, @RequestBody OrderRequest request) {
+    public ResponseEntity<?> update(@PathVariable("id") Integer id, @RequestBody OrderRequest request) {
         return ResponseEntity.ok(saleOrderService.update(id, request));
     }
 
     @PatchMapping("/{id}/status")
     @PreAuthorize("hasAnyRole('ADMIN', 'MANAGER', 'CASHIER')")
-    public ResponseEntity<?> updateStatus(@PathVariable Integer id, @RequestBody OrderStatusUpdateRequest request) {
+    public ResponseEntity<?> updateStatus(@PathVariable("id") Integer id, @RequestBody OrderStatusUpdateRequest request) {
         return ResponseEntity.ok(saleOrderService.updateStatus(id, request));
     }
 
     @DeleteMapping("/{id}")
     @PreAuthorize("hasAnyRole('ADMIN', 'MANAGER')")
-    public ResponseEntity<?> delete(@PathVariable Integer id) {
+    public ResponseEntity<?> delete(@PathVariable("id") Integer id) {
         saleOrderService.delete(id);
         return ResponseEntity.ok(new MessageResponse("Sale order deleted"));
     }
 
     @GetMapping("/{id}/history")
     @PreAuthorize("hasAnyRole('ADMIN', 'MANAGER', 'CASHIER', 'SALES_STAFF')")
-    public ResponseEntity<?> listHistory(@PathVariable Integer id) {
+    public ResponseEntity<?> listHistory(@PathVariable("id") Integer id) {
         List<OrderStatusHistoryResponse> responses = saleOrderService.listHistory(id);
         return ResponseEntity.ok(responses);
     }

backend/src/main/java/com/smalltrend/controller/products/ProductComboController.java

@@ -28,7 +28,7 @@ public ResponseEntity<List<ProductComboResponse>> getAll() {
 
     // Lấy thông tin chi tiết một combo theo ID
     @GetMapping("/{id}")
-    public ResponseEntity<ProductComboResponse> getById(@PathVariable Integer id) {
+    public ResponseEntity<ProductComboResponse> getById(@PathVariable("id") Integer id) {
         return ResponseEntity.ok(productComboService.getComboById(id));
     }
 
@@ -40,21 +40,21 @@ public ResponseEntity<ProductComboResponse> create(@RequestBody CreateProductCom
 
     // Cập nhật thông tin của một combo hiện có
     @PutMapping("/{id}")
-    public ResponseEntity<ProductComboResponse> update(@PathVariable Integer id,
+    public ResponseEntity<ProductComboResponse> update(@PathVariable("id") Integer id,
             @RequestBody CreateProductComboRequest request) {
         return ResponseEntity.ok(productComboService.updateCombo(id, request));
     }
 
     // Bật/Tắt trạng thái hoạt động (mở bán/ngừng bán) của combo
     @PutMapping("/{id}/toggle-status")
-    public ResponseEntity<String> toggleStatus(@PathVariable Integer id) {
+    public ResponseEntity<String> toggleStatus(@PathVariable("id") Integer id) {
         productComboService.toggleStatus(id);
         return ResponseEntity.ok("Đã thay đổi trạng thái combo");
     }
 
     // Xóa một combo theo ID
     @DeleteMapping("/{id}")
-    public ResponseEntity<String> delete(@PathVariable Integer id) {
+    public ResponseEntity<String> delete(@PathVariable("id") Integer id) {
         productComboService.deleteCombo(id);
         return ResponseEntity.ok("Đã xóa combo thành công");
     }