Merge pull request #58 from Jalen-Stephens/39-bug-handle-io-exception-in-c2patoolinvoker-for-non-ai-images

39 bug handle io exception in c2patoolinvoker for non ai images

Author: Sulayb28

citations.md

@@ -3438,4 +3438,83 @@ Used AI to generate, correct, and integrate full Swagger/OpenAPI documentation a
 
 > Portions of this commit were generated with assistance from OpenAI ChatGPT (GPT-5) on November 13, 2025. All AI-generated content was reviewed, verified, and finalized by the development team.
 
----
+---
+
+### **Commit / Ticket Reference**
+
+* **Commit:** `[bug/doc] Fix C2PAToolInvoker Error and Repair Swagger UI  (#39)`
+* **Ticket:** `#39 — Handle IO Exception Error in C2paToolInvoker`
+* **NOTE:** `Also repaired Swagger UI so that it behaves correctly`
+* **Date:** November 19, 2025  
+* **Team Member:** Isaac Schmidt
+
+---
+
+### **AI Tool Information**
+
+* **Tool Used:** OpenAI ChatGPT (GPT-5)
+* **Access Method:** ChatGPT Web (.edu academic access)
+* **Configuration:** Default model settings
+* **Cost:** $0 (no paid API calls)
+
+---
+
+### **Purpose of AI Assistance**
+
+Used AI to diagnose and patch key backend issues affecting C2PA tool invocation and Swagger UI functionality. Assistance included:
+
+* Identifying the root cause of a `NullPointerException` in `C2paToolInvoker` and recommending a safe error-handling path that returns a clean “no C2PA data” response instead of storing erroneous error codes.
+* Debugging and fixing Swagger UI authentication behavior, ensuring Bearer tokens are passed correctly and endpoints load via `/v3/api-docs` and `/swagger-ui/index.html`.
+* Correcting misapplied annotations in `AuthController` (`@RequestBody` mix-up between Spring and Swagger) that caused JSON request bodies to deserialize into null fields.
+* Verifying DTO definitions (`RegisterRequest`, `LoginRequest`, `RefreshRequest`) and advising explicit JSON property annotations where necessary.
+* Walking through troubleshooting steps for Spring Security, confirming Swagger’s `Authorize` flow, and validating that uploads (`/api/images/upload`) correctly receive JWTs.
+* Ensuring folder structure, config classes, and OpenAPI definitions (`OpenApiConfig`) were properly wired and not interfering with request handling.
+
+---
+
+### **Prompts / Interaction Summary**
+
+* “Here’s the stack trace — why are email and password null during signup?”
+* “Why is Swagger UI not able to authorize file uploads?”
+* “Is my repository structure causing the Swagger issue?”
+* “Why does C2paToolInvoker throw a NullPointerException when the image has no manifest?”
+* “How do I fix @RequestBody so JSON actually binds to my DTO?”
+* “Write the assistance section in a copy-and-paste .md format.”
+
+---
+
+### **Resulting Artifacts**
+
+* Updated and corrected backend components:
+  * `C2paToolInvoker.java` logic for null-safe error handling.
+  * `AuthController.java` corrected to use Spring’s `@RequestBody`.
+  * `AuthProxyService.java` updated with proper null-safe `escape` logic and logging.
+  * `ImageController.java` verified for proper Swagger + Bearer token behavior.
+* Configuration fixes:
+  * `OpenApiConfig.java` corrected (`@SecurityScheme`, controller scan path).
+  * Validation of existing `SecurityConfig.java` for Swagger compatibility.
+* Swagger UI restored to full functionality:
+  * Correctly loads `/v3/api-docs`
+  * Accepts JWT via **Authorize**
+  * Allows image upload with bearer token
+  * Renders all secured endpoints normally
+
+---
+
+### **Verification**
+
+* Rebuilt project using:
+  ```bash
+  mvn clean spring-boot:run
+  ```
+* Confirmed:
+  * All /auth/* endpoints bind JSON correctly (no null DTO fields).
+  * /auth/signup successfully proxies to Supabase without internal 500s.
+  * C2PA analysis now returns a clean “no C2PA data” message when appropriate.
+  * Swagger UI loads configuration without 401 or “Failed to load remote configuration”.
+  * Bearer token added via Swagger’s Authorize correctly authenticates image uploads.
+  * Manual and log-based verification performed for C2PA execution paths and auth flow.
+
+### **Attribution Statement**
+
+Portions of this commit were generated with assistance from OpenAI ChatGPT (GPT-5) on November 19, 2025. All AI-generated recommendations and code were reviewed, tested, and validated by the development team prior to inclusion.

src/main/java/dev/coms4156/project/metadetect/c2pa/C2paToolInvoker.java

@@ -10,6 +10,8 @@
 public class C2paToolInvoker {
 
   private final String c2paToolPath;
+  public static final String NO_C2PA_MANIFEST_MESSAGE = 
+      "This image does not contain C2PA data (no C2PA manifest found).";
 
   public C2paToolInvoker(String c2paToolPath) {
     this.c2paToolPath = c2paToolPath;
@@ -43,11 +45,22 @@ public String extractManifest(File imageFile) throws IOException {
       String stderr = se.useDelimiter("\\A").hasNext() ? se.next() : "";
 
       if (exit != 0) {
+        // Special-case: images with *no* C2PA manifest. c2patool will
+        // typically return a non-zero exit code with a "no manifest found"
+        // message on stderr. We normalize that into a user-friendly message
+        // so callers can distinguish "no C2PA data" from a hard failure.
+        String lowerStderr = stderr == null ? "" : stderr.toLowerCase();
+        if (!lowerStderr.isBlank() && lowerStderr.contains("no claim found")) {
+          throw new IOException(NO_C2PA_MANIFEST_MESSAGE);
+        }
+        
+        // Any other non-zero exit is treated as an unexpected C2PA failure.
         String msg = "C2PA tool failed with exit code " + exit
             + (stderr.isBlank() ? "" : " | stderr: " + stderr);
         throw new IOException(msg);
       }
       return stdout; // should already be JSON from -d
+
     } catch (InterruptedException ie) {
       Thread.currentThread().interrupt();
       throw new IOException("C2PA tool execution was interrupted", ie);

src/main/java/dev/coms4156/project/metadetect/controller/AuthController.java

@@ -4,7 +4,6 @@
 import dev.coms4156.project.metadetect.service.AuthProxyService;
 import dev.coms4156.project.metadetect.service.UserService;
 import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
@@ -16,6 +15,7 @@
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 

src/main/java/dev/coms4156/project/metadetect/dto/Dtos.java

@@ -1,5 +1,6 @@
 package dev.coms4156.project.metadetect.dto;
 
+import com.fasterxml.jackson.annotation.JsonProperty; 
 import java.time.Instant;
 import java.time.OffsetDateTime;
 import java.util.List;
@@ -155,20 +156,32 @@ public record UpdateImageRequest(
   /**
    * Request body for registering a new user.
    */
-  public record RegisterRequest(String email, String password) { }
+  public record RegisterRequest(
+      @JsonProperty("email") String email,
+      @JsonProperty("password") String password
+  ) { }
 
   /**
    * Request body for logging in.
    */
-  public record LoginRequest(String email, String password) { }
+  public record LoginRequest(
+      @JsonProperty("email") String email,
+      @JsonProperty("password") String password
+  ) { }
 
   /**
    * Response returned after a successful login or registration.
    */
-  public record AuthResponse(String userId, String token) { }
+  public record AuthResponse(
+      @JsonProperty("userId") String userId,
+      @JsonProperty("token") String token
+  ) { }
 
   /**
    * Request body for obtaining a fresh access token.
    */
-  public record RefreshRequest(String refreshToken) { }
+  public record RefreshRequest(
+      @JsonProperty("refreshToken") String refreshToken
+  ) { }
+
 }

src/main/java/dev/coms4156/project/metadetect/service/AnalyzeService.java

@@ -6,6 +6,7 @@
 import dev.coms4156.project.metadetect.c2pa.C2paToolInvoker;
 import dev.coms4156.project.metadetect.dto.Dtos;
 import dev.coms4156.project.metadetect.model.AnalysisReport;
+import dev.coms4156.project.metadetect.model.AnalysisReport.ReportStatus;
 import dev.coms4156.project.metadetect.model.Image;
 import dev.coms4156.project.metadetect.repository.AnalysisReportRepository;
 import dev.coms4156.project.metadetect.service.errors.MissingStoragePathException;
@@ -204,30 +205,44 @@ private void runExtractionAndFinalize(UUID analysisId, String storagePath) {
       // 2) Run C2PA extraction
       String manifestJson = c2paToolInvoker.extractManifest(tempFile);
 
-      // 3) Mark COMPLETED
+      // 3) Mark COMPLETED (C2PA manifest present)
       markCompleted(analysisId, manifestJson, /*confidence*/ null);
 
-    } catch (Exception e) {
-      // Capture a compact error message for the persisted details JSON
-      String errMsg = truncate(e.toString(), 2000);
-
-      try {
-        var errorObj = new java.util.LinkedHashMap<String, Object>();
-        errorObj.put("error", errMsg);
-        String errorJson = objectMapper.writeValueAsString(errorObj);
-        markFailed(analysisId, errorJson);
-      } catch (Exception jsonEx) {
-        // Absolute fallback if JSON serialization fails
-        markFailed(analysisId, "{\"error\":\"" + escapeForJson(errMsg) + "\"}");
-      }
-    } finally {
-      // Best-effort cleanup of temp file
-      if (tempFile != null) {
+    } catch (IOException ioe) {
+      // Special-case: image has NO C2PA manifest
+      if (C2paToolInvoker.NO_C2PA_MANIFEST_MESSAGE.equals(ioe.getMessage())) {
         try {
-          Files.deleteIfExists(tempFile.toPath());
-        } catch (IOException ignored) {
-          // Non-fatal during cleanup
+          var noC2paObj = new java.util.LinkedHashMap<String, Object>();
+          noC2paObj.put("message", "This image does not contain C2PA data");
+          noC2paObj.put("hasC2pa", Boolean.FALSE);
+
+          String json = objectMapper.writeValueAsString(noC2paObj);
+
+          // Treat as a successfully completed analysis: no C2PA, but we can still
+          // continue with AI image analysis downstream.
+          markCompleted(analysisId, json, /*confidence*/ null);
+        } catch (Exception jsonEx) {
+          // If JSON building fails, still mark as COMPLETED with a simple message
+          markCompleted(
+              analysisId,
+              "{\"message\":\"This image does not contain C2PA data\",\"hasC2pa\":false}",
+              null
+          );
         }
+      } else {
+        // Any other IOException is a real failure
+        handleGenericFailure(analysisId, storagePath, ioe);
+      }
+
+    } catch (Exception e) {
+      // Non-IO exceptions: treat as failure as before
+      handleGenericFailure(analysisId, storagePath, e);
+
+    } finally {
+      // Best-effort cleanup of the temp file
+      if (tempFile != null && tempFile.exists()) {
+        //noinspection ResultOfMethodCallIgnored
+        tempFile.delete();
       }
     }
   }
@@ -334,4 +349,32 @@ static AnalysisReport pending(UUID imageId, Instant createdAt) {
       return ar;
     }
   }
+
+  /**
+   * Handles a generic failure during analysis by marking the analysis as FAILED
+   * and storing the error message in the details field.
+   *
+   * @param analysisId id of the analysis to mark
+   * @param storagePath storage path of the image being analyzed
+   * @param e the exception that caused the failure
+   */
+
+  private void handleGenericFailure(UUID analysisId, String storagePath, Exception e) {
+    String errMsg = truncate(e.toString(), 2000);
+  
+    try {
+      var errorObj = new java.util.LinkedHashMap<String, Object>();
+      errorObj.put("error", errMsg);
+      // optionally include more context:
+      // errorObj.put("storagePath", storagePath);
+      String errorJson = objectMapper.writeValueAsString(errorObj);
+      markFailed(analysisId, errorJson);
+    } catch (Exception jsonEx) {
+      // absolute fallback (escape dangerous chars)
+      markFailed(analysisId, "{\"error\":\"" + escapeForJson(errMsg) + "\"}");
+    }
+  }
+  
+
+
 }

src/main/java/dev/coms4156/project/metadetect/service/AuthProxyService.java

@@ -1,5 +1,7 @@
 package dev.coms4156.project.metadetect.service;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatusCode;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -23,6 +25,7 @@
 public class AuthProxyService {
 
   private final WebClient supabase;
+  private static final Logger log = LoggerFactory.getLogger(AuthProxyService.class);
 
   /**
    * Constructs a proxy service using a preconfigured WebClient that already
@@ -43,6 +46,8 @@ public AuthProxyService(WebClient supabaseWebClient) {
    */
   public ResponseEntity<String> signup(String email, String password) {
     String path = "/auth/v1/signup";
+    
+    log.info("signup email={}, passwordNull={}", email, password == null);
     return forwardJson(
       path,
       "{\"email\":\"" + escape(email)
@@ -142,8 +147,11 @@ public String getBody() {
    * performs final validation.
    */
   private static String escape(String s) {
-    return s
-      .replace("\\", "\\\\")
-      .replace("\"", "\\\"");
+    log.debug("escape called: input={}", s);
+    if (s == null) {
+      throw new IllegalArgumentException("value cannot be null");
+    }
+    return s.replace("\\", "\\\\")
+            .replace("\"", "\\\"");
   }
 }