From 0624e6bcc8c75afd6d0660c0481f32e0b44f7da0 Mon Sep 17 00:00:00 2001
From: androidlover5842 <androidlover5842@gmail.com>
Date: Sun, 1 Feb 2026 10:09:53 +0530
Subject: [PATCH] Fix Razorpay auth principal and document ops

---
 AGENTS.md                                                    | 4 ++++
 .../controller/RazorpayPaymentLinksController.kt             | 3 ++-
 .../trisolarisserver/controller/RazorpayQrPayments.kt        | 3 ++-
 .../controller/RazorpaySettingsController.kt                 | 5 +++--
 4 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/AGENTS.md b/AGENTS.md
index 85294a4..9e9733c 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -185,3 +185,7 @@ Notes / constraints
 - Super admin can create properties and assign users to properties.
 - Admin can assign ADMIN/MANAGER/STAFF/AGENT; Manager can assign STAFF/AGENT.
 - Agents can only see free rooms.
+
+Operational notes
+- Payment provider migrated: PayU removed; Razorpay now used for settings, QR, payment links, and webhooks.
+- Server access: SSH host alias `hotel` is available for server operations (e.g., `ssh hotel`). Use carefully; DB changes were done via `sudo -u postgres psql` on the server when needed.
diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayPaymentLinksController.kt b/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayPaymentLinksController.kt
index 4ed1572..2cfabef 100644
--- a/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayPaymentLinksController.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayPaymentLinksController.kt
@@ -16,6 +16,7 @@ import org.springframework.http.HttpHeaders
 import org.springframework.http.HttpMethod
 import org.springframework.http.MediaType
 import org.springframework.http.ResponseEntity
+import org.springframework.security.core.annotation.AuthenticationPrincipal
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestBody
@@ -44,7 +45,7 @@ class RazorpayPaymentLinksController(
         @PathVariable propertyId: UUID,
         @PathVariable bookingId: UUID,
         @RequestBody request: RazorpayPaymentLinkCreateRequest,
-        principal: MyPrincipal?
+        @AuthenticationPrincipal principal: MyPrincipal?
     ): RazorpayPaymentLinkCreateResponse {
         requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER, Role.STAFF)
         val booking = bookingRepo.findById(bookingId).orElseThrow {
diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayQrPayments.kt b/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayQrPayments.kt
index 7bcfef4..3b19dec 100644
--- a/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayQrPayments.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayQrPayments.kt
@@ -16,6 +16,7 @@ import org.springframework.http.HttpHeaders
 import org.springframework.http.HttpMethod
 import org.springframework.http.MediaType
 import org.springframework.http.ResponseEntity
+import org.springframework.security.core.annotation.AuthenticationPrincipal
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestBody
@@ -44,7 +45,7 @@ class RazorpayQrPayments(
         @PathVariable propertyId: UUID,
         @PathVariable bookingId: UUID,
         @RequestBody request: RazorpayQrGenerateRequest,
-        principal: MyPrincipal?
+        @AuthenticationPrincipal principal: MyPrincipal?
     ): RazorpayQrGenerateResponse {
         requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER, Role.STAFF)
         val booking = bookingRepo.findById(bookingId).orElseThrow {
diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/RazorpaySettingsController.kt b/src/main/kotlin/com/android/trisolarisserver/controller/RazorpaySettingsController.kt
index 0aa8b95..2d53142 100644
--- a/src/main/kotlin/com/android/trisolarisserver/controller/RazorpaySettingsController.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/RazorpaySettingsController.kt
@@ -16,6 +16,7 @@ import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 import org.springframework.web.server.ResponseStatusException
 import org.springframework.http.HttpStatus
+import org.springframework.security.core.annotation.AuthenticationPrincipal
 import java.time.OffsetDateTime
 import java.util.UUID
 
@@ -30,7 +31,7 @@ class RazorpaySettingsController(
     @GetMapping
     fun getSettings(
         @PathVariable propertyId: UUID,
-        principal: MyPrincipal?
+        @AuthenticationPrincipal principal: MyPrincipal?
     ): RazorpaySettingsResponse {
         requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER)
         val settings = settingsRepo.findByPropertyId(propertyId)
@@ -51,7 +52,7 @@ class RazorpaySettingsController(
     @PutMapping
     fun upsertSettings(
         @PathVariable propertyId: UUID,
-        principal: MyPrincipal?,
+        @AuthenticationPrincipal principal: MyPrincipal?,
         @RequestBody request: RazorpaySettingsUpsertRequest
     ): RazorpaySettingsResponse {
         requireRole(propertyAccess, propertyId, principal, Role.ADMIN)