From 2c337b8709555512b76a7139b117e724850689d9 Mon Sep 17 00:00:00 2001
From: androidlover5842 <androidlover5842@gmail.com>
Date: Mon, 26 Jan 2026 21:36:22 +0530
Subject: [PATCH] Return 401 for auth failures and log verify

---
 .../com/android/trisolarisserver/controller/Auth.kt       | 2 ++
 .../android/trisolarisserver/security/SecurityConfig.kt   | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/Auth.kt b/src/main/kotlin/com/android/trisolarisserver/controller/Auth.kt
index f3e7f1d..06263ac 100644
--- a/src/main/kotlin/com/android/trisolarisserver/controller/Auth.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/Auth.kt
@@ -80,10 +80,12 @@ class Auth(
         val decoded = try {
             FirebaseAuth.getInstance().verifyIdToken(token)
         } catch (ex: Exception) {
+            logger.warn("Auth verify failed: {}", ex.message)
             throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Invalid token")
         }
         val user = appUserRepo.findByFirebaseUid(decoded.uid)
             ?: throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not found")
+        logger.info("Auth verify resolved uid={}, userId={}", decoded.uid, user.id)
         return MyPrincipal(
             userId = user.id ?: throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "User id missing"),
             firebaseUid = decoded.uid
diff --git a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
index 42b30b0..6bcf9a9 100644
--- a/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/security/SecurityConfig.kt
@@ -7,6 +7,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+import org.springframework.security.web.authentication.HttpStatusEntryPoint
+import org.springframework.http.HttpStatus
 
 @Configuration(proxyBeanMethods = false)
 @EnableMethodSecurity
@@ -22,6 +24,12 @@ class SecurityConfig(
                 it.requestMatchers("/", "/health", "/auth/**").permitAll()
                 it.anyRequest().authenticated()
             }
+            .exceptionHandling {
+                it.authenticationEntryPoint(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
+                it.accessDeniedHandler { _, response, _ ->
+                    response.sendError(HttpStatus.UNAUTHORIZED.value(), "Unauthorized")
+                }
+            }
             .httpBasic { it.disable() }
             .formLogin { it.disable() }
             .addFilterBefore(firebaseAuthFilter, UsernamePasswordAuthenticationFilter::class.java)