Log out users automatically when their JWT expires.

Previously an expired token left the frontend in a stuck state: the router guard only checked token presence (never the exp claim), so the user could still navigate to protected pages, and every API call then failed with a generic Swedish "Kunde inte hämta…" message while the header kept showing the logged-in UI. There was no global response interceptor, and the backend returned an ambiguous 403 (no body) for unauthenticated requests because no AuthenticationEntryPoint was configured, making 403 mean both "no/invalid token" and "forbidden". Backend: - Add an AuthenticationEntryPoint in SecurityConfig that returns 401 with a Swedish {"message": ...} ErrorResponse body for unauthenticated/expired-token requests, and an AccessDeniedHandler returning 403 with the same body shape for genuine authorization failures. This makes 401 = not authenticated/expired and 403 = authenticated but forbidden, the standard REST convention. - Make JwtService(String, long) constructor public so integration tests can mint expired tokens (was package-private). - Update the 6 no-auth controller tests from 403 to 401 (OrderControllerTest, AdminControllerTest, PaymentControllerTest, AuthControllerTest change-password/change-email) and assert the message body exists; keep shouldReturn403ForNonAdminUser as 403. - Add OrderControllerTest.shouldReturn401WithSwedishMessageWhenTokenExpired (expired JWT via TTL -1000ms) and shouldReturn401WithMessageWhenNoAuthHeader. Frontend: - Add isTokenExpired() to utils/jwt.ts using the previously-unused exp claim, and expose it on the auth store. - Add a global 401 interceptor in api/client.ts: on a 401 from any non-/auth/ endpoint, call auth.logout() and redirect to /logga-in?redirect=<currentPath>. Skip /auth/ so wrong-password 401s on login/change-password stay handled locally. Add isSessionExpired and isForbidden helpers for per-page catch blocks. - Harden the router guard to reject tokens whose exp is in the past (logout + redirect to login with ?redirect=), and let expired-token users open /logga-in and /registrera instead of bouncing to home. - Refactor the generic-error catch blocks on OrdersPage, EditOrderPage, ComposePage, PaymentRedirect, useAdminOrders, and useAdminOrderActions to skip the generic Swedish message on 401 (handled globally) while preserving wrong-password 401 handling on change-pw/email pages. Tests: - New frontend/src/__tests__/client.spec.ts covering 401 -> logout + redirect, 401 from /auth/ -> no logout, 403 -> no logout, no-token 401 -> no redirect, and isSessionExpired/isForbidden helpers. - Add authStore.spec.ts cases for isTokenExpired (no token, past exp, future exp, missing exp, after logout). - Add Router.spec.ts cases for expired-token redirects, token clearing, future-exp access, and guest pages not bouncing expired users. - Add OrdersPage.spec.ts case asserting 401 triggers no generic error and the global logout/redirect. - New E2E expired-token.spec.ts (Docker) covering both the router-guard expired-token redirect and the API-401 redirect, with logged-out header and cleared localStorage assertions. - Mock the API in two pre-existing fake-JWT E2E tests (auth-guards admin access, header-auth logout redirect) that broke because the backend now correctly 401s their unsigned test-sig tokens. Verified with ./gradlew check (frontend lint + 267 unit tests, backend tests + coverage, Flyway, 92 E2E tests in Docker) and ./gradlew coverage; all coverage thresholds maintained (jwt.ts at 100%).
2026-06-17 12:07:46 +02:00
5 changed files with 4 additions and 196 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,66 +1,6 @@
 # Exclude everything that isn't strictly needed to build or run the dev images.
 # The dev Dockerfiles COPY source subpaths (frontend/, backend/, gradlew,
 # settings.gradle, etc.), so without this the image would bloat with docs,
 # scripts, git history, etc.
 # Build artifacts and caches (mounted as named volumes at runtime)
 .gradle
 backend/build
 frontend/dist
 frontend/coverage
 frontend/node_modules
 backend/.gradle
 # Test outputs
 **/build/test-results
 **/build/reports
 **/coverage
 **/.pytest_cache
 frontend/playwright-report
 frontend/test-results
 # Local config and secrets
 .env
 .env.*
 !.env.example
 **/application-local.yml
 # VCS and editor state
 .git
-.gitignore
+frontend/node_modules
-.gitattributes
+backend/build
 .github
 .forgejo
 .idea
 .vscode
 *.iml
 .DS_Store
 # Documentation (not needed at runtime)
 README.md
 REQUIREMENTS.md
 AGENTS.md
 CODING_GUIDELINES.md
 docs/
 # Ops scripts (not needed at runtime)
 scripts/
 # Test source dirs that aren't built into runtime artifacts
 frontend/src/__tests__
 backend/src/test
 # Docker metadata — Dockerfiles, .dockerignore, and compose files are not
 # needed inside the running image. Keep docker/*.conf and docker/entrypoint.sh
 # because frontend.prod.Dockerfile copies them into the production nginx image.
 docker/*.Dockerfile
 Dockerfile*
 .dockerignore
 docker-compose*.yml
 # Misc
 *.log
 logs/
 tmp/
 *.bak
 *.tmp
--- a/AGENTS.md
+++ b/AGENTS.md
@ -170,16 +170,11 @@ export STRIPE_SECRET_KEY=sk_test_fake STRIPE_WEBHOOK_SECRET=whsec_fake STRIPE_PR
 ./gradlew check
 ```
-This runs frontend lint, frontend unit tests, backend tests, coverage
+This runs frontend lint, frontend unit tests (242), backend tests (163), coverage
-thresholds, Flyway checks, and **all E2E tests in Docker**. **Do not commit or
+thresholds, Flyway checks, and **all 90 E2E tests in Docker**. **Do not commit or
 push if this fails.** Optional local guard: `./scripts/install-pre-commit-hook.sh`
 (runs the same `check` on every `git commit`).
 **Note for agents:** The pre-commit hook runs the full `./gradlew check` which
 takes ~3.5 minutes. If your tool enforces a default timeout (e.g. 120 s on
 agent tool calls), increase it to ≥300 000 ms, or use `--no-verify` and run
 `./gradlew check` manually before committing.
 ### Frontend (Vue.js 3)
 - `<script setup>` with Composition API only. Never Options API.
 - File naming: PascalCase for pages/components, camelCase (`useXxx`) for composables.
--- a/docker-compose.dev-bindless.yml
+++ b/docker-compose.dev-bindless.yml
@ -1,106 +0,0 @@
 # Bindless dev stack — standalone variant of docker-compose.yml.
 #
 # Why this exists as a standalone file (not an override):
 # Docker Compose merges `volumes:` by list concatenation, not by entry
 # replacement, so an override can't drop the bind mounts from the base file —
 # only append to them. A standalone file lets us redefine services with only
 # the volumes we want.
 #
 # Usage:
 #   docker compose -f docker-compose.dev-bindless.yml up -d --build
 #
 # Use this when the Docker daemon can't bind-mount the host repo correctly:
 #   - Docker-in-Docker setups (e.g. this Hermes sandbox)
 #   - rootless Docker with restricted mount paths
 #   - Some CI runners
 #
 # For normal local dev, use docker-compose.yml — it bind-mounts the repo for
 # Vite HMR and gradle bootRun hot reload.
 #
 # Trade-off vs. the bind-mounted dev compose:
 #   - The image is "frozen" at build time. Editing source on the host does not
 #     affect the running container. Edit + rebuild + restart, or run
 #     `docker compose up -d --build` after changes.
 #   - All source lives inside the image (docker/backend.Dockerfile and
 #     docker/frontend.Dockerfile COPY it in at build time).
 #
 # What you still get:
 #   - Gradle caches in named volumes (.gradle, backend/build, gradle-cache)
 #     so dependency downloads persist between `up` cycles.
 #   - Postgres data persists across `down` (via the pgdata volume).
 services:
  postgres:
    image: postgres:16
    container_name: bilhej-postgres
    ports:
      - "5432:5432"
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
      interval: 5s
      timeout: 5s
      retries: 5
  mailpit:
    image: ghcr.io/axllent/mailpit:v1.28
    container_name: bilhej-mailpit
    ports:
      - "1025:1025"
      - "8025:8025"
  backend:
    image: bilhej-backend-dev
    build:
      dockerfile: docker/backend.Dockerfile
      context: .
    container_name: bilhej-backend
    ports:
      - "8080:8080"
    environment:
      SPRING_PROFILES_ACTIVE: docker
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      JWT_SECRET: ${JWT_SECRET}
      SWISH_NUMBER: ${SWISH_NUMBER}
      STRIPE_SECRET_KEY: ${STRIPE_SECRET_KEY}
      STRIPE_WEBHOOK_SECRET: ${STRIPE_WEBHOOK_SECRET}
      STRIPE_PRICE_ID: ${STRIPE_PRICE_ID}
      APP_PUBLIC_BASE_URL: ${APP_PUBLIC_BASE_URL:-http://localhost:3000}
      MAIL_HOST: mailpit
      MAIL_PORT: "1025"
      MAIL_USERNAME: ""
      MAIL_PASSWORD: ""
      MAIL_FROM: ${MAIL_FROM:-noreply@bilhej.se}
    depends_on:
      postgres:
        condition: service_healthy
      mailpit:
        condition: service_started
    volumes:
      - backend-gradle-project:/app/.gradle
      - backend-build:/app/backend/build
      - gradle-cache:/root/.gradle
  frontend:
    image: bilhej-frontend-dev
    build:
      dockerfile: docker/frontend.Dockerfile
      context: .
    container_name: bilhej-frontend
    ports:
      - "3000:3000"
    depends_on:
      - backend
 volumes:
  pgdata:
  gradle-cache:
  backend-gradle-project:
  backend-build:
--- a/docker/backend.Dockerfile
+++ b/docker/backend.Dockerfile
@ -1,15 +1,3 @@
 FROM eclipse-temurin:21-jdk
 WORKDIR /app
 # Copy build configuration and wrapper first so this layer caches well.
 COPY gradlew settings.gradle build.gradle ./
 COPY gradle/ gradle/
 RUN chmod +x gradlew
 # Copy backend module. The dev compose overlays this with a host bind mount
 # for live source changes; if the bind mount is absent (DinD, CI, k8s) the
 # image is still self-contained and `gradlew :backend:bootRun` will work.
 COPY backend/ backend/
 EXPOSE 8080
 ENTRYPOINT ["./gradlew", ":backend:bootRun", "--no-daemon"]
--- a/docker/frontend.Dockerfile
+++ b/docker/frontend.Dockerfile
@ -1,16 +1,7 @@
 FROM node:24-alpine
 WORKDIR /app
 # Install dependencies first so this layer caches independently of source changes.
 COPY frontend/package.json frontend/package-lock.json ./
 RUN npm install
 # Copy the rest of the frontend. The dev compose overlays individual paths
 # (./frontend/src, ./frontend/public, ./frontend/index.html) with host bind
 # mounts for live reload; if those bind mounts are absent (DinD, CI, k8s)
 # the image is still self-contained and `npm run dev` will serve from the
 # COPY'd files.
 COPY frontend/ .
 EXPOSE 3000
 CMD ["npm", "run", "dev", "--", "--host", "0.0.0.0"]