feat: add Docker, OpenAPI docs, logging and Prometheus observability

Agent-Logs-Url: https://github.com/vitorhugo-java/SpringBoot-JobApplyTracker/sessions/5f1775da-aadb-4d0a-8e9b-d95b9333e860

Co-authored-by: vitorhugo-java <65777252+vitorhugo-java@users.noreply.github.com>

Author: Copilot

Dockerfile

@@ -0,0 +1,52 @@
+# ============================================================
+# Stage 1: Build
+# ============================================================
+FROM eclipse-temurin:21-jdk-alpine AS build
+
+# Install Maven
+RUN apk add --no-cache maven
+
+WORKDIR /workspace
+
+# Copy POM first to cache dependency layer
+COPY backend/pom.xml .
+
+# Download dependencies (cached unless pom.xml changes)
+RUN mvn dependency:go-offline -B --no-transfer-progress
+
+# Copy source code and build the fat JAR, skipping tests
+COPY backend/src src
+RUN mvn package -DskipTests -B --no-transfer-progress
+
+# ============================================================
+# Stage 2: Runtime
+# ============================================================
+FROM eclipse-temurin:21-jre-alpine AS runtime
+
+# Create a non-root user for security
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup
+
+WORKDIR /app
+
+# Copy the built JAR from the build stage
+COPY --from=build /workspace/target/*.jar app.jar
+
+# Ensure the app directory is owned by the non-root user
+RUN chown -R appuser:appgroup /app
+
+USER appuser
+
+# Expose application port
+EXPOSE 8080
+
+# Health check – relies on Spring Actuator
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
+  CMD wget -qO- http://localhost:8080/actuator/health || exit 1
+
+# JVM tuning flags for containers (respects cgroup memory limits)
+ENV JAVA_OPTS="-XX:+UseContainerSupport \
+               -XX:MaxRAMPercentage=75.0 \
+               -XX:+ExitOnOutOfMemoryError \
+               -Djava.security.egd=file:/dev/./urandom"
+
+ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar app.jar"]

backend/pom.xml

@@ -84,6 +84,18 @@
             <version>2.5.0</version>
         </dependency>
 
+        <!-- Actuator -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+        </dependency>
+
+        <!-- Micrometer Prometheus Registry -->
+        <dependency>
+            <groupId>io.micrometer</groupId>
+            <artifactId>micrometer-registry-prometheus</artifactId>
+        </dependency>
+
         <!-- Test -->
         <dependency>
             <groupId>org.springframework.boot</groupId>

backend/src/main/java/com/jobtracker/config/OpenApiConfig.java

@@ -16,8 +16,8 @@ public OpenAPI openAPI() {
         final String securitySchemeName = "bearerAuth";
         return new OpenAPI()
                 .info(new Info()
-                        .title("Job Tracker API")
-                        .description("REST API for Job Application Tracker PWA")
+                        .title("Job Apply Tracker API")
+                        .description("API for tracking job applications")
                         .version("1.0.0"))
                 .addSecurityItem(new SecurityRequirement().addList(securitySchemeName))
                 .components(new Components()

backend/src/main/java/com/jobtracker/config/RequestLoggingFilter.java

@@ -0,0 +1,48 @@
+package com.jobtracker.config;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.lang.NonNull;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+public class RequestLoggingFilter extends OncePerRequestFilter {
+
+    private static final Logger log = LoggerFactory.getLogger(RequestLoggingFilter.class);
+
+    @Override
+    protected void doFilterInternal(@NonNull HttpServletRequest request,
+                                    @NonNull HttpServletResponse response,
+                                    @NonNull FilterChain filterChain) throws ServletException, IOException {
+        long start = System.currentTimeMillis();
+        try {
+            filterChain.doFilter(request, response);
+        } finally {
+            long duration = System.currentTimeMillis() - start;
+            String userId = resolveUserId();
+            log.info("method={} path={} status={} duration={}ms userId={}",
+                    request.getMethod(),
+                    request.getRequestURI(),
+                    response.getStatus(),
+                    duration,
+                    userId);
+        }
+    }
+
+    private String resolveUserId() {
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        if (auth != null && auth.isAuthenticated() && !"anonymousUser".equals(auth.getPrincipal())) {
+            return auth.getName();
+        }
+        return "anonymous";
+    }
+}

backend/src/main/java/com/jobtracker/config/SecurityConfig.java

@@ -18,10 +18,13 @@ public class SecurityConfig {
 
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
     private final CorsConfig corsConfig;
+    private final RequestLoggingFilter requestLoggingFilter;
 
-    public SecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter, CorsConfig corsConfig) {
+    public SecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter, CorsConfig corsConfig,
+                          RequestLoggingFilter requestLoggingFilter) {
         this.jwtAuthenticationFilter = jwtAuthenticationFilter;
         this.corsConfig = corsConfig;
+        this.requestLoggingFilter = requestLoggingFilter;
     }
 
     @Bean
@@ -36,9 +39,11 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                                 "/api/auth/refresh", "/api/auth/forgot-password",
                                 "/api/auth/reset-password").permitAll()
                         .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
+                        .requestMatchers("/actuator/health", "/actuator/info", "/actuator/prometheus").permitAll()
                         .anyRequest().authenticated()
                 )
-                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(requestLoggingFilter, JwtAuthenticationFilter.class);
 
         return http.build();
     }

backend/src/main/java/com/jobtracker/controller/ApplicationController.java

@@ -2,6 +2,12 @@
 
 import com.jobtracker.dto.application.*;
 import com.jobtracker.service.ApplicationService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
 import org.springframework.format.annotation.DateTimeFormat;
 import org.springframework.http.HttpStatus;
@@ -12,6 +18,7 @@
 import java.util.List;
 import java.util.Map;
 
+@Tag(name = "Applications", description = "Job application management endpoints")
 @RestController
 @RequestMapping("/api/applications")
 public class ApplicationController {
@@ -22,60 +29,140 @@ public ApplicationController(ApplicationService applicationService) {
         this.applicationService = applicationService;
     }
 
+    @Operation(
+        summary = "Create a job application",
+        description = "Creates a new job application for the authenticated user",
+        responses = {
+            @ApiResponse(responseCode = "201", description = "Application created",
+                content = @Content(schema = @Schema(implementation = ApplicationResponse.class))),
+            @ApiResponse(responseCode = "400", description = "Validation error")
+        }
+    )
     @PostMapping
     public ResponseEntity<ApplicationResponse> create(@Valid @RequestBody ApplicationRequest request) {
         return ResponseEntity.status(HttpStatus.CREATED).body(applicationService.create(request));
     }
 
+    @Operation(
+        summary = "Get application by ID",
+        description = "Returns a single job application owned by the authenticated user",
+        responses = {
+            @ApiResponse(responseCode = "200", description = "Application found",
+                content = @Content(schema = @Schema(implementation = ApplicationResponse.class))),
+            @ApiResponse(responseCode = "404", description = "Application not found")
+        }
+    )
     @GetMapping("/{id}")
-    public ResponseEntity<ApplicationResponse> getById(@PathVariable Long id) {
+    public ResponseEntity<ApplicationResponse> getById(
+            @Parameter(description = "Application ID", required = true) @PathVariable Long id) {
         return ResponseEntity.ok(applicationService.getById(id));
     }
 
+    @Operation(
+        summary = "Update a job application",
+        description = "Replaces all fields of an existing job application",
+        responses = {
+            @ApiResponse(responseCode = "200", description = "Application updated",
+                content = @Content(schema = @Schema(implementation = ApplicationResponse.class))),
+            @ApiResponse(responseCode = "400", description = "Validation error"),
+            @ApiResponse(responseCode = "404", description = "Application not found")
+        }
+    )
     @PutMapping("/{id}")
-    public ResponseEntity<ApplicationResponse> update(@PathVariable Long id,
-                                                       @Valid @RequestBody ApplicationRequest request) {
+    public ResponseEntity<ApplicationResponse> update(
+            @Parameter(description = "Application ID", required = true) @PathVariable Long id,
+            @Valid @RequestBody ApplicationRequest request) {
         return ResponseEntity.ok(applicationService.update(id, request));
     }
 
+    @Operation(
+        summary = "Update application status",
+        description = "Partially updates only the status field of an application",
+        responses = {
+            @ApiResponse(responseCode = "200", description = "Status updated",
+                content = @Content(schema = @Schema(implementation = ApplicationResponse.class))),
+            @ApiResponse(responseCode = "404", description = "Application not found")
+        }
+    )
     @PatchMapping("/{id}/status")
-    public ResponseEntity<ApplicationResponse> updateStatus(@PathVariable Long id,
-                                                             @Valid @RequestBody UpdateStatusRequest request) {
+    public ResponseEntity<ApplicationResponse> updateStatus(
+            @Parameter(description = "Application ID", required = true) @PathVariable Long id,
+            @Valid @RequestBody UpdateStatusRequest request) {
         return ResponseEntity.ok(applicationService.updateStatus(id, request));
     }
 
+    @Operation(
+        summary = "Update recruiter DM reminder",
+        description = "Enables or disables the recruiter DM reminder for an application",
+        responses = {
+            @ApiResponse(responseCode = "200", description = "Reminder updated",
+                content = @Content(schema = @Schema(implementation = ApplicationResponse.class))),
+            @ApiResponse(responseCode = "404", description = "Application not found")
+        }
+    )
     @PatchMapping("/{id}/reminder")
-    public ResponseEntity<ApplicationResponse> updateReminder(@PathVariable Long id,
-                                                               @Valid @RequestBody UpdateReminderRequest request) {
+    public ResponseEntity<ApplicationResponse> updateReminder(
+            @Parameter(description = "Application ID", required = true) @PathVariable Long id,
+            @Valid @RequestBody UpdateReminderRequest request) {
         return ResponseEntity.ok(applicationService.updateReminder(id, request));
     }
 
+    @Operation(
+        summary = "Delete a job application",
+        responses = {
+            @ApiResponse(responseCode = "200", description = "Application deleted"),
+            @ApiResponse(responseCode = "404", description = "Application not found")
+        }
+    )
     @DeleteMapping("/{id}")
-    public ResponseEntity<Map<String, String>> delete(@PathVariable Long id) {
+    public ResponseEntity<Map<String, String>> delete(
+            @Parameter(description = "Application ID", required = true) @PathVariable Long id) {
         applicationService.delete(id);
         return ResponseEntity.ok(Map.of("message", "Application deleted successfully"));
     }
 
+    @Operation(
+        summary = "List job applications",
+        description = "Returns a paginated, filterable list of job applications for the authenticated user",
+        responses = {
+            @ApiResponse(responseCode = "200", description = "Page of applications",
+                content = @Content(schema = @Schema(implementation = ApplicationPageResponse.class)))
+        }
+    )
     @GetMapping
     public ResponseEntity<ApplicationPageResponse> getAll(
-            @RequestParam(required = false) String status,
-            @RequestParam(required = false) String recruiterName,
-            @RequestParam(required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate applicationDateFrom,
-            @RequestParam(required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate applicationDateTo,
-            @RequestParam(required = false) Boolean interviewScheduled,
-            @RequestParam(required = false) Boolean recruiterDmReminderEnabled,
-            @RequestParam(defaultValue = "0") int page,
-            @RequestParam(defaultValue = "10") int size,
-            @RequestParam(required = false) String sort) {
+            @Parameter(description = "Filter by status") @RequestParam(required = false) String status,
+            @Parameter(description = "Filter by recruiter name") @RequestParam(required = false) String recruiterName,
+            @Parameter(description = "Filter from date (yyyy-MM-dd)") @RequestParam(required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate applicationDateFrom,
+            @Parameter(description = "Filter to date (yyyy-MM-dd)") @RequestParam(required = false) @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate applicationDateTo,
+            @Parameter(description = "Filter by interview scheduled flag") @RequestParam(required = false) Boolean interviewScheduled,
+            @Parameter(description = "Filter by recruiter DM reminder flag") @RequestParam(required = false) Boolean recruiterDmReminderEnabled,
+            @Parameter(description = "Page number (0-based)") @RequestParam(defaultValue = "0") int page,
+            @Parameter(description = "Page size") @RequestParam(defaultValue = "10") int size,
+            @Parameter(description = "Sort field") @RequestParam(required = false) String sort) {
         return ResponseEntity.ok(applicationService.getAll(status, recruiterName, applicationDateFrom,
                 applicationDateTo, interviewScheduled, recruiterDmReminderEnabled, page, size, sort));
     }
 
+    @Operation(
+        summary = "Get upcoming applications",
+        description = "Returns applications with upcoming next-step dates",
+        responses = {
+            @ApiResponse(responseCode = "200", description = "List of upcoming applications")
+        }
+    )
     @GetMapping("/upcoming")
     public ResponseEntity<List<ApplicationResponse>> getUpcoming() {
         return ResponseEntity.ok(applicationService.getUpcoming());
     }
 
+    @Operation(
+        summary = "Get overdue applications",
+        description = "Returns applications whose next-step date has already passed",
+        responses = {
+            @ApiResponse(responseCode = "200", description = "List of overdue applications")
+        }
+    )
     @GetMapping("/overdue")
     public ResponseEntity<List<ApplicationResponse>> getOverdue() {
         return ResponseEntity.ok(applicationService.getOverdue());