Fix Razorpay auth principal and document ops

AGENTS.md

@@ -185,3 +185,7 @@ Notes / constraints
 - Super admin can create properties and assign users to properties.
 - Admin can assign ADMIN/MANAGER/STAFF/AGENT; Manager can assign STAFF/AGENT.
 - Agents can only see free rooms.
+
+Operational notes
+- Payment provider migrated: PayU removed; Razorpay now used for settings, QR, payment links, and webhooks.
+- Server access: SSH host alias `hotel` is available for server operations (e.g., `ssh hotel`). Use carefully; DB changes were done via `sudo -u postgres psql` on the server when needed.

src/main/kotlin/com/android/trisolarisserver/controller/RazorpayPaymentLinksController.kt

@@ -16,6 +16,7 @@ import org.springframework.http.HttpHeaders
 import org.springframework.http.HttpMethod
 import org.springframework.http.MediaType
 import org.springframework.http.ResponseEntity
+import org.springframework.security.core.annotation.AuthenticationPrincipal
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestBody
@@ -44,7 +45,7 @@ class RazorpayPaymentLinksController(
         @PathVariable propertyId: UUID,
         @PathVariable bookingId: UUID,
         @RequestBody request: RazorpayPaymentLinkCreateRequest,
-        principal: MyPrincipal?
+        @AuthenticationPrincipal principal: MyPrincipal?
     ): RazorpayPaymentLinkCreateResponse {
         requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER, Role.STAFF)
         val booking = bookingRepo.findById(bookingId).orElseThrow {

src/main/kotlin/com/android/trisolarisserver/controller/RazorpayQrPayments.kt

@@ -16,6 +16,7 @@ import org.springframework.http.HttpHeaders
 import org.springframework.http.HttpMethod
 import org.springframework.http.MediaType
 import org.springframework.http.ResponseEntity
+import org.springframework.security.core.annotation.AuthenticationPrincipal
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestBody
@@ -44,7 +45,7 @@ class RazorpayQrPayments(
         @PathVariable propertyId: UUID,
         @PathVariable bookingId: UUID,
         @RequestBody request: RazorpayQrGenerateRequest,
-        principal: MyPrincipal?
+        @AuthenticationPrincipal principal: MyPrincipal?
     ): RazorpayQrGenerateResponse {
         requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER, Role.STAFF)
         val booking = bookingRepo.findById(bookingId).orElseThrow {

src/main/kotlin/com/android/trisolarisserver/controller/RazorpaySettingsController.kt

@@ -16,6 +16,7 @@ import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 import org.springframework.web.server.ResponseStatusException
 import org.springframework.http.HttpStatus
+import org.springframework.security.core.annotation.AuthenticationPrincipal
 import java.time.OffsetDateTime
 import java.util.UUID
 
@@ -30,7 +31,7 @@ class RazorpaySettingsController(
     @GetMapping
     fun getSettings(
         @PathVariable propertyId: UUID,
-        principal: MyPrincipal?
+        @AuthenticationPrincipal principal: MyPrincipal?
     ): RazorpaySettingsResponse {
         requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER)
         val settings = settingsRepo.findByPropertyId(propertyId)
@@ -51,7 +52,7 @@ class RazorpaySettingsController(
     @PutMapping
     fun upsertSettings(
         @PathVariable propertyId: UUID,
-        principal: MyPrincipal?,
+        @AuthenticationPrincipal principal: MyPrincipal?,
         @RequestBody request: RazorpaySettingsUpsertRequest
     ): RazorpaySettingsResponse {
         requireRole(propertyAccess, propertyId, principal, Role.ADMIN)