halolight
diff --git a/‎fly.toml‎
Lines changed: 20 additions & 25 deletions b/‎fly.toml‎
Lines changed: 20 additions & 25 deletions
diff --git a/‎src/main/java/com/halolight/controller/CalendarController.java‎
Lines changed: 18 additions & 46 deletions b/‎src/main/java/com/halolight/controller/CalendarController.java‎
Lines changed: 18 additions & 46 deletions
diff --git a/‎src/main/java/com/halolight/controller/FolderController.java‎
Lines changed: 16 additions & 33 deletions b/‎src/main/java/com/halolight/controller/FolderController.java‎
Lines changed: 16 additions & 33 deletions
@@ -1,34 +1,29 @@
-# fly.toml app configuration file generated for halolight-api-java on 2025-12-09
-#
-# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
-#
-
-app = 'halolight-api-java'
-primary_region = 'hkg'
+app = "halolight-api-java"
+primary_region = "sjc"
 
 [build]
-  dockerfile = "Dockerfile"
 
 [env]
-  PORT = "8000"
+PORT = "8000"
+SPRING_PROFILES_ACTIVE = "prod"
 
 [http_service]
-  internal_port = 8000
-  force_https = true
-  auto_stop_machines = 'suspend'
-  auto_start_machines = true
-  min_machines_running = 1
-  processes = ['app']
+auto_start_machines = true
+auto_stop_machines = "suspend"
+force_https = true
+internal_port = 8000
+min_machines_running = 1
+processes = ["app"]
 
-  # Health check configuration
-  [[http_service.http_checks]]
-    grace_period = "10s"
-    interval = "30s"
-    method = "GET"
-    timeout = "5s"
-    path = "/actuator/health"
+[[http_service.checks]]
+grace_period = "60s"
+interval = "30s"
+method = "GET"
+path = "/actuator/health"
+protocol = "http"
+timeout = "10s"
 
 [[vm]]
-  memory = '1gb'
-  cpu_kind = 'shared'
-  cpus = 1
+cpu_kind = "shared"
+cpus = 1
+memory = "1gb"
@@ -1,6 +1,7 @@
 package com.halolight.controller;
 
 import com.halolight.dto.ApiResponse;
+import com.halolight.security.UserPrincipal;
 import com.halolight.service.CalendarService;
 import com.halolight.web.dto.calendar.CreateEventRequest;
 import com.halolight.web.dto.calendar.EventResponse;
@@ -19,7 +20,7 @@
 import org.springframework.format.annotation.DateTimeFormat;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.*;
 
 import java.time.Instant;
@@ -38,14 +39,13 @@ public class CalendarController {
     @Operation(summary = "Get all events", description = "Retrieve all calendar events for the current user with optional date range filter")
     @GetMapping
     public ResponseEntity<ApiResponse<List<EventResponse>>> getAllEvents(
-            Authentication authentication,
+            @AuthenticationPrincipal UserPrincipal user,
             @Parameter(description = "Start date (ISO-8601 format)")
             @RequestParam(required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Instant start,
             @Parameter(description = "End date (ISO-8601 format)")
             @RequestParam(required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE_TIME) Instant end
     ) {
-        String userId = getUserId(authentication);
-        List<EventResponse> events = calendarService.getAllEvents(userId, start, end);
+        List<EventResponse> events = calendarService.getAllEvents(user.getId(), start, end);
         return ResponseEntity.ok(ApiResponse.success(events));
     }
 
@@ -89,11 +89,10 @@ public ResponseEntity<ApiResponse<EventResponse>> getEventById(@PathVariable Str
     @Operation(summary = "Create event", description = "Create a new calendar event")
     @PostMapping
     public ResponseEntity<ApiResponse<EventResponse>> createEvent(
-            Authentication authentication,
+            @AuthenticationPrincipal UserPrincipal user,
             @Valid @RequestBody CreateEventRequest request
     ) {
-        String userId = getUserId(authentication);
-        EventResponse event = calendarService.createEvent(userId, request);
+        EventResponse event = calendarService.createEvent(user.getId(), request);
         return ResponseEntity.status(HttpStatus.CREATED)
                 .body(ApiResponse.success("Event created successfully", event));
     }
@@ -102,49 +101,45 @@ public ResponseEntity<ApiResponse<EventResponse>> createEvent(
     @PutMapping("/{id}")
     public ResponseEntity<ApiResponse<EventResponse>> updateEvent(
             @PathVariable String id,
-            Authentication authentication,
+            @AuthenticationPrincipal UserPrincipal user,
             @Valid @RequestBody UpdateEventRequest request
     ) {
-        String userId = getUserId(authentication);
-        EventResponse event = calendarService.updateEvent(id, userId, request);
+        EventResponse event = calendarService.updateEvent(id, user.getId(), request);
         return ResponseEntity.ok(ApiResponse.success("Event updated successfully", event));
     }
 
     @Operation(summary = "Delete event", description = "Delete a calendar event")
     @DeleteMapping("/{id}")
     public ResponseEntity<ApiResponse<Void>> deleteEvent(
             @PathVariable String id,
-            Authentication authentication
+            @AuthenticationPrincipal UserPrincipal user
     ) {
-        String userId = getUserId(authentication);
-        calendarService.deleteEvent(id, userId);
+        calendarService.deleteEvent(id, user.getId());
         return ResponseEntity.ok(ApiResponse.success("Event deleted successfully", null));
     }
 
     @Operation(summary = "Batch delete events", description = "Delete multiple calendar events")
     @PostMapping("/batch-delete")
     public ResponseEntity<ApiResponse<Void>> batchDeleteEvents(
-            Authentication authentication,
+            @AuthenticationPrincipal UserPrincipal user,
             @RequestBody Map<String, List<String>> body
     ) {
-        String userId = getUserId(authentication);
         List<String> ids = body.get("ids");
         if (ids == null || ids.isEmpty()) {
             return ResponseEntity.badRequest()
                     .body(ApiResponse.error("Event IDs are required"));
         }
-        calendarService.batchDeleteEvents(ids, userId);
+        calendarService.batchDeleteEvents(ids, user.getId());
         return ResponseEntity.ok(ApiResponse.success("Events deleted successfully", null));
     }
 
     @Operation(summary = "Reschedule event", description = "Reschedule a calendar event to a new time")
     @PatchMapping("/{id}/reschedule")
     public ResponseEntity<ApiResponse<EventResponse>> rescheduleEvent(
             @PathVariable String id,
-            Authentication authentication,
+            @AuthenticationPrincipal UserPrincipal user,
             @RequestBody Map<String, Instant> body
     ) {
-        String userId = getUserId(authentication);
         Instant newStart = body.get("start");
         Instant newEnd = body.get("end");
 
@@ -153,26 +148,25 @@ public ResponseEntity<ApiResponse<EventResponse>> rescheduleEvent(
                     .body(ApiResponse.error("Both start and end times are required"));
         }
 
-        EventResponse event = calendarService.rescheduleEvent(id, userId, newStart, newEnd);
+        EventResponse event = calendarService.rescheduleEvent(id, user.getId(), newStart, newEnd);
         return ResponseEntity.ok(ApiResponse.success("Event rescheduled successfully", event));
     }
 
     @Operation(summary = "Add attendees", description = "Add attendees to a calendar event")
     @PostMapping("/{id}/attendees")
     public ResponseEntity<ApiResponse<EventResponse>> addAttendees(
             @PathVariable String id,
-            Authentication authentication,
+            @AuthenticationPrincipal UserPrincipal user,
             @RequestBody Map<String, List<String>> body
     ) {
-        String userId = getUserId(authentication);
         List<String> attendeeIds = body.get("attendeeIds");
 
         if (attendeeIds == null || attendeeIds.isEmpty()) {
             return ResponseEntity.badRequest()
                     .body(ApiResponse.error("Attendee IDs are required"));
         }
 
-        EventResponse event = calendarService.addAttendees(id, userId, attendeeIds);
+        EventResponse event = calendarService.addAttendees(id, user.getId(), attendeeIds);
         return ResponseEntity.ok(ApiResponse.success("Attendees added successfully", event));
     }
 
@@ -181,10 +175,9 @@ public ResponseEntity<ApiResponse<EventResponse>> addAttendees(
     public ResponseEntity<ApiResponse<EventResponse>> removeAttendee(
             @PathVariable String id,
             @PathVariable String attendeeId,
-            Authentication authentication
+            @AuthenticationPrincipal UserPrincipal user
     ) {
-        String userId = getUserId(authentication);
-        EventResponse event = calendarService.removeAttendee(id, userId, attendeeId);
+        EventResponse event = calendarService.removeAttendee(id, user.getId(), attendeeId);
         return ResponseEntity.ok(ApiResponse.success("Attendee removed successfully", event));
     }
 
@@ -198,25 +191,4 @@ public ResponseEntity<ApiResponse<EventResponse>> updateAttendeeStatus(
         EventResponse event = calendarService.updateAttendeeStatus(id, userId, request.getStatus());
         return ResponseEntity.ok(ApiResponse.success("Attendee status updated successfully", event));
     }
-
-    /**
-     * Extract user ID from authentication.
-     * This assumes the authentication principal contains user information.
-     * Adjust based on your actual security configuration.
-     */
-    private String getUserId(Authentication authentication) {
-        // For now, we'll use the username as ID
-        // TODO: Update this based on your actual UserPrincipal implementation
-        // If UserPrincipal has been updated to use String id, use:
-        // return ((UserPrincipal) authentication.getPrincipal()).getId();
-
-        // Temporary solution - assumes username is the user ID or can be resolved
-        Object principal = authentication.getPrincipal();
-        if (principal instanceof String) {
-            return (String) principal;
-        }
-        // If you have a custom UserPrincipal, cast and get ID
-        // For now, using authentication name as fallback
-        return authentication.getName();
-    }
 }
@@ -1,6 +1,7 @@
 package com.halolight.controller;
 
 import com.halolight.dto.ApiResponse;
+import com.halolight.security.UserPrincipal;
 import com.halolight.service.FolderService;
 import com.halolight.web.dto.folder.CreateFolderRequest;
 import com.halolight.web.dto.folder.FolderResponse;
@@ -13,7 +14,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -34,97 +35,79 @@ public class FolderController {
     @Operation(summary = "Create folder", description = "Create a new folder")
     @PostMapping
     public ResponseEntity<ApiResponse<FolderResponse>> createFolder(
-            Authentication authentication,
+            @AuthenticationPrincipal UserPrincipal user,
             @Valid @RequestBody CreateFolderRequest request
     ) {
-        String userId = getUserId(authentication);
-        FolderResponse folder = folderService.createFolder(userId, request);
+        FolderResponse folder = folderService.createFolder(user.getId(), request);
         return ResponseEntity.status(HttpStatus.CREATED)
                 .body(ApiResponse.success("Folder created successfully", folder));
     }
 
     @Operation(summary = "Get folders", description = "Get list of folders with optional parent filter")
     @GetMapping
     public ResponseEntity<ApiResponse<List<FolderResponse>>> getFolders(
-            Authentication authentication,
+            @AuthenticationPrincipal UserPrincipal user,
             @Parameter(description = "Parent folder ID") @RequestParam(required = false) String parentId
     ) {
-        String userId = getUserId(authentication);
-        List<FolderResponse> folders = folderService.getFolders(userId, parentId);
+        List<FolderResponse> folders = folderService.getFolders(user.getId(), parentId);
         return ResponseEntity.ok(ApiResponse.success(folders));
     }
 
     @Operation(summary = "Get folder by ID", description = "Get folder details by ID")
     @GetMapping("/{id}")
     public ResponseEntity<ApiResponse<FolderResponse>> getFolderById(
             @PathVariable String id,
-            Authentication authentication
+            @AuthenticationPrincipal UserPrincipal user
     ) {
-        String userId = getUserId(authentication);
-        FolderResponse folder = folderService.getFolderById(id, userId);
+        FolderResponse folder = folderService.getFolderById(id, user.getId());
         return ResponseEntity.ok(ApiResponse.success(folder));
     }
 
     @Operation(summary = "Update folder", description = "Update folder name and/or parent")
     @PutMapping("/{id}")
     public ResponseEntity<ApiResponse<FolderResponse>> updateFolder(
             @PathVariable String id,
-            Authentication authentication,
+            @AuthenticationPrincipal UserPrincipal user,
             @Valid @RequestBody UpdateFolderRequest request
     ) {
-        String userId = getUserId(authentication);
-        FolderResponse folder = folderService.updateFolder(id, userId, request);
+        FolderResponse folder = folderService.updateFolder(id, user.getId(), request);
         return ResponseEntity.ok(ApiResponse.success("Folder updated successfully", folder));
     }
 
     @Operation(summary = "Rename folder", description = "Rename a folder")
     @PatchMapping("/{id}")
     public ResponseEntity<ApiResponse<FolderResponse>> renameFolder(
             @PathVariable String id,
-            Authentication authentication,
+            @AuthenticationPrincipal UserPrincipal user,
             @RequestBody Map<String, String> body
     ) {
-        String userId = getUserId(authentication);
         String newName = body.get("name");
 
         if (newName == null || newName.trim().isEmpty()) {
             return ResponseEntity.badRequest()
                     .body(ApiResponse.error("Folder name cannot be blank"));
         }
 
-        FolderResponse folder = folderService.renameFolder(id, userId, newName);
+        FolderResponse folder = folderService.renameFolder(id, user.getId(), newName);
         return ResponseEntity.ok(ApiResponse.success("Folder renamed successfully", folder));
     }
 
     @Operation(summary = "Delete folder", description = "Delete a folder (must be empty)")
     @DeleteMapping("/{id}")
     public ResponseEntity<ApiResponse<Void>> deleteFolder(
             @PathVariable String id,
-            Authentication authentication
+            @AuthenticationPrincipal UserPrincipal user
     ) {
-        String userId = getUserId(authentication);
-        folderService.deleteFolder(id, userId);
+        folderService.deleteFolder(id, user.getId());
         return ResponseEntity.ok(ApiResponse.success("Folder deleted successfully", null));
     }
 
     @Operation(summary = "Get folder tree", description = "Get hierarchical folder tree structure")
     @GetMapping("/tree")
     public ResponseEntity<ApiResponse<List<FolderService.FolderTreeNode>>> getFolderTree(
-            Authentication authentication
+            @AuthenticationPrincipal UserPrincipal user
     ) {
-        String userId = getUserId(authentication);
-        List<FolderService.FolderTreeNode> tree = folderService.getFolderTree(userId);
+        List<FolderService.FolderTreeNode> tree = folderService.getFolderTree(user.getId());
         return ResponseEntity.ok(ApiResponse.success(tree));
     }
-
-    /**
-     * Extract user ID from authentication
-     */
-    private String getUserId(Authentication authentication) {
-        Object principal = authentication.getPrincipal();
-        if (principal instanceof String) {
-            return (String) principal;
-        }
-        return authentication.getName();
-    }
 }