fix: update JwtService to handle default expiration and add tests for token generation

Reviewed-on: #8

.gitea/workflows/build.yml

@@ -1,38 +1,185 @@
 name: Build And Publish Production Image
 
 on:
-  pull_request_review:
-    types: [submitted]
+  push:
+    branches:
+      - main
 
 jobs:
   build:
     name: Build And Publish Production Image
-    if: github.event.review.state == 'approved' && github.event.pull_request.base.ref == 'main'
     runs-on: ubuntu-latest
     env:
-      REGISTRY: gitea.lab
+      REGISTRY: gitea.lab:80
       IMAGE_NAME: sancho41/condado-newsletter
+      REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
+      REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
     steps:
       - uses: actions/checkout@v4
         with:
           github-server-url: http://gitea.lab
-          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Verify Docker CLI
         run: docker version
 
+      - name: Log in to Docker Hub (optional)
+        if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
+        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login docker.io -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
+
       - name: Build all-in-one image
         run: docker build -t condado-newsletter:latest -f Dockerfile.allinone .
 
-      - name: Log in to Gitea container registry
-        run: echo "${{ secrets.GITEA_REGISTRY_PASSWORD }}" | docker login ${REGISTRY} -u "${{ secrets.GITEA_REGISTRY_USERNAME }}" --password-stdin
-
-      - name: Tag registry images
+      - name: Tag
         run: |
           docker tag condado-newsletter:latest ${REGISTRY}/${IMAGE_NAME}:latest
           docker tag condado-newsletter:latest ${REGISTRY}/${IMAGE_NAME}:${{ github.sha }}
 
-      - name: Push registry images
+      - name: Deploy stack via Portainer API
+        env:
+          STACK_NAME: codado-newsletter-stack
+          PORTAINER_URL: http://portainer.lab/  
+          PORTAINER_API_KEY: ${{ secrets.PORTAINER_API_KEY }}
+          PORTAINER_ENDPOINT_ID: ${{ secrets.PORTAINER_ENDPOINT_ID }}
         run: |
-          docker push ${REGISTRY}/${IMAGE_NAME}:latest
-          docker push ${REGISTRY}/${IMAGE_NAME}:${{ github.sha }}
+          set -u
+          set +e
+
+          PORTAINER_BASE_URL=$(printf '%s' "${PORTAINER_URL}" | sed -E 's/[[:space:]]+$//; s#/*$##')
+
+          echo "Portainer deploy debug"
+          echo "PORTAINER_URL=${PORTAINER_URL}"
+          echo "PORTAINER_BASE_URL=${PORTAINER_BASE_URL}"
+          echo "STACK_NAME=${STACK_NAME}"
+          echo "PORTAINER_ENDPOINT_ID=${PORTAINER_ENDPOINT_ID}"
+          echo "HTTP_PROXY=${HTTP_PROXY:-<empty>}"
+          echo "HTTPS_PROXY=${HTTPS_PROXY:-<empty>}"
+          echo "NO_PROXY=${NO_PROXY:-<empty>}"
+
+          echo "Current runner network info:"
+          if command -v ip >/dev/null 2>&1; then
+            ip -4 addr show || true
+            ip route || true
+          else
+            hostname -I || true
+          fi
+
+          PORTAINER_HOST=$(printf '%s' "${PORTAINER_BASE_URL}" | sed -E 's#^[a-zA-Z]+://##; s#/.*$##; s/:.*$//')
+          echo "Resolved host target: ${PORTAINER_HOST}"
+
+          PORTAINER_IP=""
+          ACTIVE_PORTAINER_BASE_URL="${PORTAINER_BASE_URL}"
+
+          if command -v getent >/dev/null 2>&1; then
+            echo "Host lookup (getent):"
+            getent hosts "${PORTAINER_HOST}" || true
+            PORTAINER_IP=$(getent hosts "${PORTAINER_HOST}" | awk 'NR==1{print $1}')
+            if [ -n "${PORTAINER_IP}" ]; then
+              PORTAINER_IP_BASE_URL="${PORTAINER_BASE_URL/${PORTAINER_HOST}/${PORTAINER_IP}}"
+              echo "Portainer IP fallback URL: ${PORTAINER_IP_BASE_URL}"
+            fi
+          fi
+
+          STACKS_BODY=$(mktemp)
+          STACKS_ERR=$(mktemp)
+
+          STACKS_HTTP_CODE=$(curl -sS \
+            --noproxy "*" \
+            -o "${STACKS_BODY}" \
+            -w "%{http_code}" \
+            "${ACTIVE_PORTAINER_BASE_URL}/api/stacks" \
+            -H "X-API-Key: ${PORTAINER_API_KEY}" \
+            2>"${STACKS_ERR}")
+          STACKS_CURL_EXIT=$?
+
+          if [ "${STACKS_CURL_EXIT}" -eq 6 ] && [ -n "${PORTAINER_IP:-}" ]; then
+            echo "Retrying GET /api/stacks with IP fallback due to DNS failure"
+            STACKS_HTTP_CODE=$(curl -sS \
+              --noproxy "*" \
+              -o "${STACKS_BODY}" \
+              -w "%{http_code}" \
+              "${PORTAINER_IP_BASE_URL}/api/stacks" \
+              -H "X-API-Key: ${PORTAINER_API_KEY}" \
+              2>"${STACKS_ERR}")
+            STACKS_CURL_EXIT=$?
+            if [ "${STACKS_CURL_EXIT}" -eq 0 ]; then
+              ACTIVE_PORTAINER_BASE_URL="${PORTAINER_IP_BASE_URL}"
+            fi
+          fi
+
+          echo "GET /api/stacks curl exit: ${STACKS_CURL_EXIT}"
+          echo "GET /api/stacks http code: ${STACKS_HTTP_CODE}"
+          echo "GET /api/stacks stderr:"
+          cat "${STACKS_ERR}" || true
+          echo "GET /api/stacks response (sanitized):"
+          jq -r '.[] | "Id=\(.Id) Name=\(.Name) EndpointId=\(.EndpointId)"' "${STACKS_BODY}" || true
+
+          if [ "${STACKS_CURL_EXIT}" -ne 0 ]; then
+            echo "Failed to reach Portainer API while listing stacks."
+            exit "${STACKS_CURL_EXIT}"
+          fi
+
+          if [ "${STACKS_HTTP_CODE}" -lt 200 ] || [ "${STACKS_HTTP_CODE}" -ge 300 ]; then
+            echo "Portainer returned a non-success status for stack listing."
+            exit 1
+          fi
+
+          STACK_ID=$(jq -r --arg stack_name "${STACK_NAME}" '.[] | select(.Name == $stack_name) | .Id' "${STACKS_BODY}" | head -n 1)
+
+          APPLY_BODY=$(mktemp)
+          APPLY_ERR=$(mktemp)
+
+          if [ -n "${STACK_ID}" ]; then
+            echo "Existing stack found with id=${STACK_ID}; sending update request"
+
+            PAYLOAD=$(jq -n \
+              --rawfile stack_file docker-compose.prod.yml \
+              '{StackFileContent: $stack_file, Env: [], Prune: false, PullImage: false}')
+
+            APPLY_HTTP_CODE=$(curl -sS -X PUT \
+              --noproxy "*" \
+              -o "${APPLY_BODY}" \
+              -w "%{http_code}" \
+              "${ACTIVE_PORTAINER_BASE_URL}/api/stacks/${STACK_ID}?endpointId=${PORTAINER_ENDPOINT_ID}" \
+              -H "X-API-Key: ${PORTAINER_API_KEY}" \
+              -H "Content-Type: application/json" \
+              -d "${PAYLOAD}" \
+              2>"${APPLY_ERR}")
+            APPLY_CURL_EXIT=$?
+          else
+            echo "Stack not found; sending create request"
+
+            PAYLOAD=$(jq -n \
+              --arg name "${STACK_NAME}" \
+              --rawfile stack_file docker-compose.prod.yml \
+              '{Name: $name, StackFileContent: $stack_file, Env: [], FromAppTemplate: false}')
+
+            APPLY_HTTP_CODE=$(curl -sS -X POST \
+              --noproxy "*" \
+              -o "${APPLY_BODY}" \
+              -w "%{http_code}" \
+              "${ACTIVE_PORTAINER_BASE_URL}/api/stacks/create/standalone/string?endpointId=${PORTAINER_ENDPOINT_ID}" \
+              -H "X-API-Key: ${PORTAINER_API_KEY}" \
+              -H "Content-Type: application/json" \
+              -d "${PAYLOAD}" \
+              2>"${APPLY_ERR}")
+            APPLY_CURL_EXIT=$?
+          fi
+
+          echo "Apply curl exit: ${APPLY_CURL_EXIT}"
+          echo "Apply http code: ${APPLY_HTTP_CODE}"
+          echo "Apply stderr:"
+          cat "${APPLY_ERR}" || true
+          echo "Apply response body:"
+          cat "${APPLY_BODY}" || true
+
+          if [ "${APPLY_CURL_EXIT}" -ne 0 ]; then
+            echo "Failed to reach Portainer API while applying stack changes."
+            exit "${APPLY_CURL_EXIT}"
+          fi
+
+          if [ "${APPLY_HTTP_CODE}" -lt 200 ] || [ "${APPLY_HTTP_CODE}" -ge 300 ]; then
+            echo "Portainer returned a non-success status while applying stack changes."
+            exit 1
+          fi
+
+          echo "Portainer deploy step completed successfully"

.github/workflows/ci.yml

@@ -1,57 +0,0 @@
-name: CI
-
-on:
-  pull_request:
-    branches: ["develop"]
-
-jobs:
-  backend-test:
-    name: Backend Tests
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: backend
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up JDK 21
-        uses: actions/setup-java@v4
-        with:
-          java-version: "21"
-          distribution: temurin
-          cache: gradle
-
-      - name: Make Gradle wrapper executable
-        run: chmod +x gradlew
-
-      - name: Run tests
-        run: ./gradlew test --no-daemon
-
-      - name: Upload test results
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: backend-test-results
-          path: backend/build/reports/tests/
-
-  frontend-test:
-    name: Frontend Tests
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: frontend
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Node 20
-        uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-          cache: npm
-          cache-dependency-path: frontend/package-lock.json
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Run tests
-        run: npm run test

backend/src/main/kotlin/com/condado/newsletter/service/JwtService.kt

@@ -14,8 +14,10 @@ import java.util.Date
 @Service
 class JwtService(
     @Value("\${app.jwt.secret}") val secret: String,
-    @Value("\${app.jwt.expiration-ms}") val expirationMs: Long
+    @Value("\${app.jwt.expiration-ms:86400000}") expirationMsRaw: String
 ) {
+    private val expirationMs: Long = expirationMsRaw.toLongOrNull() ?: 86400000L
+
     private val signingKey by lazy {
         Keys.hmacShaKeyFor(secret.toByteArray(Charsets.UTF_8))
     }

backend/src/test/kotlin/com/condado/newsletter/service/AuthServiceTest.kt

@@ -40,7 +40,7 @@ class AuthServiceTest {
     fun should_returnValidClaims_when_jwtTokenParsed() {
         val realJwtService = JwtService(
             secret = "test-secret-key-for-testing-only-must-be-at-least-32-characters",
-            expirationMs = 86400000L
+            expirationMsRaw = "86400000"
         )
         val token = realJwtService.generateToken()
 
@@ -51,7 +51,7 @@ class AuthServiceTest {
     fun should_returnFalse_when_expiredTokenValidated() {
         val realJwtService = JwtService(
             secret = "test-secret-key-for-testing-only-must-be-at-least-32-characters",
-            expirationMs = 1L
+            expirationMsRaw = "1"
         )
         val token = realJwtService.generateToken()
 

backend/src/test/kotlin/com/condado/newsletter/service/JwtServiceTest.kt

@@ -0,0 +1,26 @@
+package com.condado.newsletter.service
+
+import io.jsonwebtoken.Jwts
+import io.jsonwebtoken.security.Keys
+import org.junit.jupiter.api.Assertions.assertTrue
+import org.junit.jupiter.api.Test
+
+class JwtServiceTest {
+
+    private val secret = "12345678901234567890123456789012"
+
+    @Test
+    fun should_generate_token_when_expiration_is_empty() {
+        val jwtService = JwtService(secret, "")
+
+        val token = jwtService.generateToken()
+
+        val claims = Jwts.parser()
+            .verifyWith(Keys.hmacShaKeyFor(secret.toByteArray(Charsets.UTF_8)))
+            .build()
+            .parseSignedClaims(token)
+            .payload
+
+        assertTrue(claims.expiration.after(claims.issuedAt))
+    }
+}

docker-compose.prod.yml

@@ -1,6 +1,6 @@
 services:
   condado-newsletter:
-    image: gitea.lab/sancho41/condado-newsletter:latest
+    image: gitea.lab:80/sancho41/condado-newsletter:latest
     container_name: condado-newsletter
     restart: unless-stopped
     environment:
@@ -9,7 +9,7 @@ services:
       SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD}
       APP_PASSWORD: ${APP_PASSWORD}
       JWT_SECRET: ${JWT_SECRET}
-      JWT_EXPIRATION_MS: ${JWT_EXPIRATION_MS}
+      JWT_EXPIRATION_MS: ${JWT_EXPIRATION_MS:-86400000}
       MAIL_HOST: ${MAIL_HOST}
       MAIL_PORT: ${MAIL_PORT}
       MAIL_USERNAME: ${MAIL_USERNAME}
@@ -34,8 +34,8 @@ services:
       - "homepage.group=Hyperlink"
       - "homepage.name=Condado Newsletter"
       - "homepage.description=Automated newsletter generator using AI"
-      - "homepage.logo=https://raw.githubusercontent.com/celtinha/condado-newsletter/main/docs/logo.png"
-      - "homepage.url=http://condado-newsletter.lab"
+      - "homepage.logo=claude-dark.png"
+      - "homepage.href=http://condado-newsletter.lab"
 
 volumes:
   postgres-data:

docker-compose.yml

@@ -4,14 +4,13 @@ services:
   postgres:
     image: postgres:16-alpine
     restart: unless-stopped
+    container_name: condado-newsletter-postgres
     environment:
       POSTGRES_DB: condado
       POSTGRES_USER: ${SPRING_DATASOURCE_USERNAME}
       POSTGRES_PASSWORD: ${SPRING_DATASOURCE_PASSWORD}
     volumes:
       - postgres-data:/var/lib/postgresql/data
-    networks:
-      - condado-net
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U ${SPRING_DATASOURCE_USERNAME} -d condado"]
       interval: 10s
@@ -20,6 +19,7 @@ services:
 
   # ── Backend (Spring Boot) ────────────────────────────────────────────────────
   backend:
+    container_name: condado-newsletter-backend
     build:
       context: ./backend
       dockerfile: Dockerfile
@@ -29,7 +29,7 @@ services:
         condition: service_healthy
     environment:
       SPRING_PROFILES_ACTIVE: dev
-      SPRING_DATASOURCE_URL: ${SPRING_DATASOURCE_URL}
+      SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/condado
       SPRING_DATASOURCE_USERNAME: ${SPRING_DATASOURCE_USERNAME}
       SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD}
       APP_PASSWORD: ${APP_PASSWORD}
@@ -50,36 +50,42 @@ services:
     extra_hosts:
       - "celtinha.desktop:host-gateway"
       - "host.docker.internal:host-gateway"
-    networks:
-      - condado-net
 
   # ── Frontend + Nginx ─────────────────────────────────────────────────────────
   nginx:
+    container_name: condado-newsletter-frontend
     build:
       context: ./frontend
       dockerfile: Dockerfile
       args:
         VITE_API_BASE_URL: ${VITE_API_BASE_URL}
     restart: unless-stopped
-    ports:
-      - "80:80"
     depends_on:
       - backend
     networks:
-      - condado-net
+      - traefik
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.condado.rule=Host(`condado-newsletter.lab`)"
+      - "traefik.http.services.condado.loadbalancer.server.port=80"
+      - "homepage.group=Hyperlink"
+      - "homepage.name=Condado Newsletter"
+      - "homepage.description=Automated newsletter generator using AI"  
+      - "homepage.logo=claude-dark.png"
+      - "homepage.href=http://condado-newsletter.lab"
 
   # ── Mailhog (DEV ONLY — SMTP trap) ───────────────────────────────────────────
   mailhog:
+    container_name: condado-newsletter-mailhog
     image: mailhog/mailhog:latest
     restart: unless-stopped
     ports:
       - "8025:8025"
-    networks:
-      - condado-net
 
 volumes:
   postgres-data:
 
 networks:
-  condado-net:
-    driver: bridge
+  traefik:
+    external: true
+    name: traefik

docker/entrypoint.sh

@@ -27,6 +27,22 @@ mkdir -p /var/log/supervisor
 export SPRING_DATASOURCE_URL=${SPRING_DATASOURCE_URL:-jdbc:postgresql://localhost:5432/${APP_DB_NAME}}
 export SPRING_DATASOURCE_USERNAME=${SPRING_DATASOURCE_USERNAME:-${APP_DB_USER}}
 export SPRING_DATASOURCE_PASSWORD=${SPRING_DATASOURCE_PASSWORD:-${APP_DB_PASSWORD}}
+export JWT_EXPIRATION_MS=${JWT_EXPIRATION_MS:-86400000}
+
+# ── Log all Spring Boot environment variables for debugging ──────────────────
+echo "========================================"
+echo "Spring Boot Configuration:"
+echo "========================================"
+echo "SPRING_DATASOURCE_URL=${SPRING_DATASOURCE_URL}"
+echo "SPRING_DATASOURCE_USERNAME=${SPRING_DATASOURCE_USERNAME}"
+echo "SPRING_DATASOURCE_PASSWORD=${SPRING_DATASOURCE_PASSWORD}"
+echo "JWT_EXPIRATION_MS=${JWT_EXPIRATION_MS}"
+echo "JAVA_OPTS=${JAVA_OPTS:-not set}"
+echo "OPENAI_API_KEY=${OPENAI_API_KEY:-not set}"
+echo "========================================"
 
 # ── Start all services via supervisord ───────────────────────────────────────
+# Export unbuffered output for both Python and Java
+export PYTHONUNBUFFERED=1
+export JAVA_OPTS="${JAVA_OPTS} -Dfile.encoding=UTF-8 -Djava.awt.headless=true"
 exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf

docker/supervisord.conf

@@ -1,27 +1,36 @@
 [supervisord]
 nodaemon=true
-logfile=/var/log/supervisor/supervisord.log
+silent=false
+logfile=/dev/stdout
+logfile_maxbytes=0
 pidfile=/var/run/supervisord.pid
+loglevel=info
 
 [program:postgres]
 command=/usr/lib/postgresql/16/bin/postgres -D /var/lib/postgresql/data
 user=postgres
 autostart=true
 autorestart=true
-stdout_logfile=/var/log/supervisor/postgres.log
-stderr_logfile=/var/log/supervisor/postgres.err.log
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
 
 [program:backend]
-command=java -jar /app/app.jar
+ command=java -Dspring.output.ansi.enabled=always -Dlogging.level.root=DEBUG -jar /app/app.jar
 autostart=true
 autorestart=true
 startsecs=15
-stdout_logfile=/var/log/supervisor/backend.log
-stderr_logfile=/var/log/supervisor/backend.err.log
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
 
 [program:nginx]
 command=/usr/sbin/nginx -g "daemon off;"
 autostart=true
 autorestart=true
-stdout_logfile=/var/log/supervisor/nginx.log
-stderr_logfile=/var/log/supervisor/nginx.err.log
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0

nginx/nginx.allinone.conf

@@ -15,6 +15,9 @@ http {
     gzip_types    text/plain text/css application/json application/javascript
                   text/xml application/xml application/xml+rss text/javascript;
 
+    access_log /dev/stdout;
+    error_log  /dev/stderr;
+
     server {
         listen 80;
         server_name _;