feat: implement auditing and logging enhancements with new exception handling and context management

Author: mjabascal10

backend/Dockerfile

@@ -1,4 +1,4 @@
-FROM eclipse-temurin:11
+FROM --platform=linux/amd64 eclipse-temurin:11
 
 ADD target/utmstack.war ./
 

backend/pom.xml

@@ -48,6 +48,7 @@
         <jaxb-runtime.version>2.3.3</jaxb-runtime.version>
         <archunit-junit5.version>0.21.0</archunit-junit5.version>
         <mapstruct.version>1.4.2.Final</mapstruct.version>
+        <lombok.version>1.18.34</lombok.version>
         <!-- Plugin versions -->
         <maven-clean-plugin.version>3.1.0</maven-clean-plugin.version>
         <maven-site-plugin.version>3.9.1</maven-site-plugin.version>
@@ -160,6 +161,12 @@
             <version>${mapstruct.version}</version>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>${lombok.version}</version>
+            <scope>provided</scope>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-configuration-processor</artifactId>
@@ -466,6 +473,11 @@
                                 <artifactId>spring-boot-configuration-processor</artifactId>
                                 <version>${spring-boot.version}</version>
                             </path>
+                            <path>
+                                <groupId>org.projectlombok</groupId>
+                                <artifactId>lombok</artifactId>
+                                <version>${lombok.version}</version>
+                            </path>
                             <path>
                                 <groupId>org.mapstruct</groupId>
                                 <artifactId>mapstruct-processor</artifactId>

backend/src/main/java/com/park/utmstack/advice/GlobalExceptionHandler.java

@@ -0,0 +1,68 @@
+package com.park.utmstack.advice;
+
+
+import com.park.utmstack.security.TooMuchLoginAttemptsException;
+import com.park.utmstack.service.application_events.ApplicationEventService;
+import com.park.utmstack.util.UtilResponse;
+import com.park.utmstack.util.exceptions.IncidentAlertConflictException;
+import com.park.utmstack.util.exceptions.NoAlertsProvidedException;
+import com.park.utmstack.util.exceptions.TfaVerificationException;
+import com.park.utmstack.util.exceptions.TooManyRequestsException;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.NoSuchElementException;
+
+@Slf4j
+@RestControllerAdvice
+@RequiredArgsConstructor
+public class GlobalExceptionHandler {
+
+    private final ApplicationEventService applicationEventService;
+
+    @ExceptionHandler(TfaVerificationException.class)
+    public ResponseEntity<?> TfaVerificationException(TfaVerificationException e, HttpServletRequest request) {
+        return UtilResponse.buildErrorResponse(HttpStatus.PRECONDITION_FAILED, e.getMessage());
+    }
+
+    @ExceptionHandler(BadCredentialsException.class)
+    public ResponseEntity<?> handleForbidden(BadCredentialsException e, HttpServletRequest request) {
+        return UtilResponse.buildUnauthorizedResponse(e.getMessage());
+    }
+
+    @ExceptionHandler(TooMuchLoginAttemptsException.class)
+    public ResponseEntity<?> handleTooManyLoginAttempts(TooMuchLoginAttemptsException e, HttpServletRequest request) {
+        return UtilResponse.buildLockedResponse(e.getMessage());
+    }
+
+    @ExceptionHandler(NoSuchElementException.class)
+    public ResponseEntity<?> handleNotFound(NoSuchElementException e, HttpServletRequest request) {
+        return UtilResponse.buildNotFoundResponse(e.getMessage());
+    }
+
+    @ExceptionHandler(TooManyRequestsException.class)
+    public ResponseEntity<?> handleTooManyRequests(TooManyRequestsException e, HttpServletRequest request) {
+        return UtilResponse.buildErrorResponse(HttpStatus.TOO_MANY_REQUESTS, e.getMessage());
+    }
+
+    @ExceptionHandler({NoAlertsProvidedException.class})
+    public ResponseEntity<?> handleNoAlertsProvided(Exception e, HttpServletRequest request) {
+        return UtilResponse.buildErrorResponse(HttpStatus.BAD_REQUEST, e.getMessage());
+    }
+
+    @ExceptionHandler(IncidentAlertConflictException.class)
+    public ResponseEntity<?> handleConflict(IncidentAlertConflictException e, HttpServletRequest request) {
+        return UtilResponse.buildErrorResponse(HttpStatus.CONFLICT, e.getMessage());
+    }
+
+    @ExceptionHandler(Exception.class)
+    public ResponseEntity<?> handleGenericException(Exception e, HttpServletRequest request) {
+        return UtilResponse.buildInternalServerErrorResponse(e.getMessage());
+    }
+}

backend/src/main/java/com/park/utmstack/aop/logging/AuditEvent.java

@@ -0,0 +1,19 @@
+package com.park.utmstack.aop.logging;
+
+import com.park.utmstack.domain.application_events.enums.ApplicationEventType;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface AuditEvent {
+    ApplicationEventType attemptType();
+    String attemptMessage();
+
+    ApplicationEventType successType();
+    String successMessage();
+}
+

backend/src/main/java/com/park/utmstack/aop/logging/Loggable.java

@@ -0,0 +1,13 @@
+package com.park.utmstack.aop.logging;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface Loggable {
+}
+
+

backend/src/main/java/com/park/utmstack/aop/logging/NoLogException.java

@@ -0,0 +1,11 @@
+package com.park.utmstack.aop.logging;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface NoLogException {}
+

backend/src/main/java/com/park/utmstack/aop/logging/impl/AuditAspect.java

@@ -0,0 +1,90 @@
+package com.park.utmstack.aop.logging.impl;
+
+import com.park.utmstack.aop.logging.AuditEvent;
+import com.park.utmstack.aop.logging.NoLogException;
+import com.park.utmstack.domain.application_events.enums.ApplicationEventType;
+import com.park.utmstack.domain.shared_types.ApplicationLayer;
+import com.park.utmstack.loggin.LogContextBuilder;
+import com.park.utmstack.service.application_events.ApplicationEventService;
+import com.park.utmstack.service.dto.auditable.AuditableDTO;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import net.logstash.logback.argument.StructuredArguments;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.slf4j.MDC;
+import org.springframework.stereotype.Component;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+import static com.park.utmstack.config.Constants.*;
+
+@Aspect
+@Component
+@Slf4j
+@RequiredArgsConstructor
+public class AuditAspect {
+
+    private final ApplicationEventService applicationEventService;
+    private final LogContextBuilder logContextBuilder;
+
+    @Around("@annotation(auditEvent)")
+    public Object logAuditEvent(ProceedingJoinPoint joinPoint, AuditEvent auditEvent) throws Throwable {
+        return handleAudit(joinPoint, auditEvent.attemptType(), auditEvent.successType(),
+                auditEvent.attemptMessage(), auditEvent.successMessage());
+    }
+
+    private Object handleAudit(ProceedingJoinPoint joinPoint,
+                               ApplicationEventType attemptType,
+                               ApplicationEventType successType,
+                               String attemptMessage,
+                               String successMessage) throws Throwable {
+
+        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
+        String context = signature.getDeclaringType().getSimpleName() + "." + signature.getMethod().getName();
+        String traceId = UUID.randomUUID().toString();
+
+        MDC.put(TRACE_ID_KEY, traceId);
+        MDC.put(CONTEXT_KEY, context);
+
+        Map<String, Object> extra = extractAuditData(joinPoint.getArgs());
+
+        extra.put(LAYER_KEY, ApplicationLayer.CONTROLLER.getValue());
+
+        try {
+            applicationEventService.createEvent(attemptMessage, attemptType, extra);
+
+            Object result = joinPoint.proceed();
+
+            if (successType != ApplicationEventType.UNDEFINED) {
+                applicationEventService.createEvent(successMessage, successType, extra);
+            }
+
+            return result;
+
+        } catch (Exception e) {
+            if (!e.getClass().isAnnotationPresent(NoLogException.class)) {
+                String msg = String.format("%s: %s", context, e.getMessage());
+                log.error(msg, e, StructuredArguments.keyValue("args", logContextBuilder.buildArgs(e)));
+            }
+
+            throw e;
+        }
+    }
+
+    private Map<String, Object> extractAuditData(Object[] args) {
+        Map<String, Object> extra = new HashMap<>();
+        for (Object arg : args) {
+            if (arg instanceof AuditableDTO) {
+                AuditableDTO auditable = (AuditableDTO) arg;
+                extra.putAll(auditable.toAuditMap());
+            }
+        }
+        return extra;
+    }
+}
+

backend/src/main/java/com/park/utmstack/aop/logging/impl/LoggingMethodAspect.java

@@ -0,0 +1,39 @@
+package com.park.utmstack.aop.logging.impl;
+
+import com.park.utmstack.config.Constants;
+import com.park.utmstack.loggin.LogContextBuilder;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import net.logstash.logback.argument.StructuredArguments;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.slf4j.MDC;
+import org.springframework.stereotype.Component;
+
+@Aspect
+@Component
+@RequiredArgsConstructor
+@Slf4j
+public class LoggingMethodAspect {
+    private final LogContextBuilder logContextBuilder;
+
+    @Around("@annotation(com.park.utmstack.aop.logging.Loggable)")
+    public Object logExecution(ProceedingJoinPoint joinPoint) throws Throwable {
+        String traceId = MDC.get(Constants.TRACE_ID_KEY);
+        String methodName = joinPoint.getSignature().toShortString();
+        long start = System.currentTimeMillis();
+
+        try {
+            Object result = joinPoint.proceed();
+            long duration = System.currentTimeMillis() - start;
+            String msg = String.format("Method %s executed successfully in %sms", methodName, duration);
+            log.info( msg, StructuredArguments.keyValue("args", logContextBuilder.buildArgs(methodName, String.valueOf(duration))));
+            return result;
+        } catch (Exception ex) {
+            String msg = String.format("%s Method %s failed: 5s", traceId, methodName);
+            log.error(msg, ex, StructuredArguments.keyValue("args", logContextBuilder.buildArgs(ex)));
+            throw ex;
+        }
+    }
+}

backend/src/main/java/com/park/utmstack/config/Constants.java

@@ -124,6 +124,23 @@ public final class Constants {
     public static final String FRONT_BASE_URL = "https://10.21.199.3";
     public static final String PDF_SERVICE_URL = "http://web-pdf:8080/generate-pdf";
 
+    // ----------------------------------------------------------------------------------
+    // Defines the index pattern for querying Elasticsearch statistics indexes.
+    // ----------------------------------------------------------------------------------
+    public static final String STATISTICS_INDEX_PATTERN = "v11-statistics-*";
+
+    // Logging
+    public static final String TRACE_ID_KEY = "traceId";
+    public static final String CONTEXT_KEY = "context";
+    public static final String USERNAME_KEY = "username";
+    public static final String METHOD_KEY = "method";
+    public static final String PATH_KEY = "path";
+    public static final String REMOTE_ADDR_KEY = "remoteAddr";
+    public static final String DURATION_KEY = "duration";
+    public static final String CAUSE_KEY = "cause";
+    public static final String LAYER_KEY = "layer";
+
+
     private Constants() {
     }
 }

backend/src/main/java/com/park/utmstack/config/LoggingConfiguration.java

@@ -3,8 +3,11 @@
 import ch.qos.logback.classic.LoggerContext;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.park.utmstack.loggin.filter.MdcCleanupFilter;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import tech.jhipster.config.JHipsterProperties;
 
@@ -45,4 +48,13 @@ public LoggingConfiguration(
             addContextListener(context, customFields, loggingProperties);
         }
     }
+
+    @Bean
+    public FilterRegistrationBean<MdcCleanupFilter> mdcCleanupFilter() {
+        FilterRegistrationBean<MdcCleanupFilter> registrationBean = new FilterRegistrationBean<>();
+        registrationBean.setFilter(new MdcCleanupFilter());
+        registrationBean.setOrder(Integer.MAX_VALUE);
+        registrationBean.addUrlPatterns("/*");
+        return registrationBean;
+    }
 }