fix: include userId in logout log, add dev-only warning for JWT secret

Agent-Logs-Url: https://github.com/vitorhugo-java/SpringBoot-JobApplyTracker/sessions/5f1775da-aadb-4d0a-8e9b-d95b9333e860

Co-authored-by: vitorhugo-java <65777252+vitorhugo-java@users.noreply.github.com>

Author: Copilot

backend/src/main/java/com/jobtracker/service/AuthService.java

@@ -13,6 +13,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
@@ -125,7 +127,9 @@ public MessageResponse resetPassword(ResetPasswordRequest request) {
     @Transactional
     public MessageResponse logout(LogoutRequest request) {
         refreshTokenService.revokeToken(request.refreshToken());
-        log.info("event=LOGOUT_SUCCESS");
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+        String userId = (auth != null && auth.isAuthenticated()) ? auth.getName() : "unknown";
+        log.info("event=LOGOUT_SUCCESS userId={}", userId);
         return new MessageResponse("Logged out successfully");
     }
 

docker-compose.yml

@@ -14,6 +14,7 @@ services:
       SPRING_DATASOURCE_URL: jdbc:mariadb://mariadb:3306/jobtracker?createDatabaseIfNotExist=true&characterEncoding=UTF-8&useUnicode=true
       SPRING_DATASOURCE_USERNAME: root
       SPRING_DATASOURCE_PASSWORD: root
+      # WARNING: Replace this secret before any production use. This value is for development only.
       JWT_SECRET: ChangeThisToAVeryLongSecretKeyForJWTTokensInDevelopment
       CORS_ALLOWED_ORIGINS: "http://localhost:3000,http://localhost:5173"
     depends_on: