Updating documentation

backend/Backend/src/main/java/com/securehealth/backend/config/RequestLoggingFilter.java

@@ -16,12 +16,33 @@
 
 import java.io.IOException;
 
+/**
+ * Filter that logs incoming HTTP requests and their corresponding responses for auditing purposes.
+ * <p>
+ * This filter intercepts requests, processes them, and logs key details such as URI, status code, 
+ * authenticated user, IP address, and user agent into the {@link AuditLogRepository}.
+ * </p>
+ */
 @Component
 public class RequestLoggingFilter extends OncePerRequestFilter {
 
     @Autowired
     private AuditLogRepository auditLogRepository;
 
+    /**
+     * Filters incoming requests to log relevant details for authenticated users.
+     * <p>
+     * It captures the request start time, proceed with the filter chain, then calculates the
+     * duration and status code. If the user is authenticated and the request is not an auth 
+     * endpoint, it saves an audit log entry.
+     * </p>
+     *
+     * @param request     the {@link HttpServletRequest} object
+     * @param response    the {@link HttpServletResponse} object
+     * @param filterChain the {@link FilterChain} for further filter execution
+     * @throws ServletException if a servlet-specific error occurs
+     * @throws IOException      if an I/O error occurs during processing
+     */
     @Override
     protected void doFilterInternal(HttpServletRequest request,
                                     HttpServletResponse response,

backend/Backend/src/main/java/com/securehealth/backend/config/SecurityConfig.java

@@ -26,6 +26,14 @@
 
 import java.util.List;
 
+/**
+ * Configuration class for Spring Security.
+ * <p>
+ * This class defines the security filter chain, password encoding, CORS configuration, 
+ * and authorization rules for the application. It also integrates JWT-based authentication
+ * and provides custom handling for unauthorized and forbidden access attempts.
+ * </p>
+ */
 @Configuration
 @EnableWebSecurity
 @EnableMethodSecurity
@@ -40,11 +48,28 @@ public class SecurityConfig {
     @Value("${app.cors.allowed-origins:http://localhost:3000}")
     private String allowedOrigins;
 
+    /**
+     * Defines the {@link PasswordEncoder} bean using the Argon2 algorithm.
+     *
+     * @return an {@link Argon2PasswordEncoder} instance
+     */
     @Bean
     public PasswordEncoder passwordEncoder() {
         return new Argon2PasswordEncoder(16, 32, 1, 4096, 3);
     }
 
+    /**
+     * Configures the {@link SecurityFilterChain} for the application.
+     * <p>
+     * This method defines CSRF protection, session management, CORS settings, 
+     * request authorization, and custom exception handling for authentication and access denial.
+     * It also adds the {@link JwtAuthenticationFilter} before the standard username/password filter.
+     * </p>
+     *
+     * @param http the {@link HttpSecurity} object to configure
+     * @return the configured {@link SecurityFilterChain}
+     * @throws Exception if an error occurs during configuration
+     */
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
@@ -88,6 +113,12 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         return http.build();
     }
 
+    /**
+     * Saves a security log entry for unauthorized or forbidden access attempts.
+     *
+     * @param action  the security action being logged (e.g., "UNAUTHORIZED_ACCESS")
+     * @param request the {@link HttpServletRequest} associated with the attempt
+     */
     private void saveSecurityLog(String action, HttpServletRequest request) {
         try {
             AuditLog log = new AuditLog(
@@ -105,6 +136,15 @@ private void saveSecurityLog(String action, HttpServletRequest request) {
         }
     }
 
+    /**
+     * Configures the CORS (Cross-Origin Resource Sharing) settings.
+     * <p>
+     * This method specifies allowed origins, methods, headers, and credential support 
+     * based on application properties and standard requirements.
+     * </p>
+     *
+     * @return a {@link CorsConfigurationSource} for use in the security filter chain
+     */
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();

backend/Backend/src/main/java/com/securehealth/backend/config/WebConfig.java

@@ -5,12 +5,28 @@
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+/**
+ * General web configuration for the application.
+ * <p>
+ * This class implements {@link WebMvcConfigurer} to customize Spring MVC settings,
+ * specifically for CORS mappings to allow frontend access.
+ * </p>
+ */
 @Configuration
 public class WebConfig implements WebMvcConfigurer {
 
     @Value("${app.cors.allowed-origins:http://localhost:3000}")
     private String allowedOrigins;
 
+    /**
+     * Configures CORS mappings for the application.
+     * <p>
+     * It enables global CORS configuration, allowing specified origins, methods, 
+     * and headers, and supports credentials with a defined max age for pre-flight requests.
+     * </p>
+     *
+     * @param registry the {@link CorsRegistry} to add mappings to
+     */
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         String[] origins = allowedOrigins.split(",");

backend/Backend/src/main/java/com/securehealth/backend/controller/AdminController.java

@@ -16,6 +16,13 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+/**
+ * REST controller for administrative operations.
+ * <p>
+ * This controller provides endpoints for managing system metrics, appointments, 
+ * staff members, and patients. Access is restricted to users with ADMIN authority.
+ * </p>
+ */
 @RestController
 @RequestMapping("/api/admin")
 public class AdminController {

backend/Backend/src/main/java/com/securehealth/backend/controller/CatalogController.java

@@ -9,7 +9,11 @@
 import java.util.Map;
 
 /**
- * Controller to provide static/mock data for frontend dropdowns.
+ * REST controller for providing static or mock catalog data.
+ * <p>
+ * This controller exposes endpoints for frontend dropdowns, such as medications, 
+ * test types, prescription protocols, conditions, and hospital departments.
+ * </p>
  */
 @RestController
 @RequestMapping("/api")

backend/Backend/src/main/java/com/securehealth/backend/controller/ConsentController.java

@@ -10,6 +10,13 @@
 
 import java.util.Map;
 
+/**
+ * REST controller for managing patient consents.
+ * <p>
+ * This controller provides endpoints for patients to list their consents, 
+ * grant new ones, and revoke existing ones. Access is restricted to users with PATIENT authority.
+ * </p>
+ */
 @RestController
 @RequestMapping("/api/consent")
 @PreAuthorize("hasAuthority('PATIENT')")

backend/Backend/src/main/java/com/securehealth/backend/controller/DoctorController.java

@@ -11,6 +11,13 @@
 
 import java.util.List;
 
+/**
+ * REST controller for managing doctor-related operations.
+ * <p>
+ * Provides endpoints for retrieving lists of doctors, searching by specialty or department,
+ * updating doctor profiles, and retrieving lists of patients assigned to a doctor.
+ * </p>
+ */
 @RestController
 @RequestMapping("/api/doctors")
 public class DoctorController {

backend/Backend/src/main/java/com/securehealth/backend/controller/FileUploadController.java

@@ -10,6 +10,13 @@
 
 import java.util.Map;
 
+/**
+ * REST controller for handling file uploads and downloads.
+ * <p>
+ * This controller provides endpoints for uploading files (which are encrypted at rest)
+ * and retrieving/decrypting them.
+ * </p>
+ */
 @RestController
 @RequestMapping("/api/files")
 public class FileUploadController {

backend/Backend/src/main/java/com/securehealth/backend/controller/LabResultController.java

@@ -14,6 +14,13 @@
 
 import java.util.List;
 
+/**
+ * REST controller for managing lab test results.
+ * <p>
+ * Provides endpoints for retrieving lab results by patient, creating new lab tests,
+ * and listing pending tests for lab technicians.
+ * </p>
+ */
 @RestController
 @RequestMapping("/api/lab-results")
 public class LabResultController {

backend/Backend/src/main/java/com/securehealth/backend/controller/LabTechnicianController.java

@@ -9,6 +9,13 @@
 
 import java.util.Map;
 
+/**
+ * REST controller for lab technician dashboard and order management.
+ * <p>
+ * Provides endpoints for lab technicians to view their dashboard, manage test orders,
+ * update order status, and upload results. Access is restricted to users with LAB_TECHNICIAN authority.
+ * </p>
+ */
 @RestController
 @RequestMapping("/api/lab-technician")
 @PreAuthorize("hasAuthority('LAB_TECHNICIAN')")

backend/Backend/src/main/java/com/securehealth/backend/controller/MedicalRecordController.java

@@ -14,6 +14,13 @@
 
 import java.util.List;
 
+/**
+ * REST controller for managing medical records.
+ * <p>
+ * Provides endpoints for retrieving medical records by patient, creating new records
+ * (restricted to doctors), and deleting records (restricted to admins).
+ * </p>
+ */
 @RestController
 @RequestMapping("/api/medical-records")
 public class MedicalRecordController {

backend/Backend/src/main/java/com/securehealth/backend/controller/NurseController.java

@@ -9,6 +9,13 @@
 
 import java.util.Map;
 
+/**
+ * REST controller for nurse-related operations.
+ * <p>
+ * Provides endpoints for nurses to view their dashboard, assigned patients, tasks,
+ * and manage handover notes. Access is restricted to users with NURSE authority.
+ * </p>
+ */
 @RestController
 @RequestMapping("/api/nurse")
 @PreAuthorize("hasAuthority('NURSE')")

backend/Backend/src/main/java/com/securehealth/backend/controller/PatientController.java

@@ -14,6 +14,13 @@
 
 import java.util.List;
 
+/**
+ * REST controller for managing patient profiles.
+ * <p>
+ * Provides endpoints for listing all patients (with pagination), retrieving own profile,
+ * creating/updating patient information, and searching by ID.
+ * </p>
+ */
 @RestController
 @RequestMapping("/api/patients")
 public class PatientController {

backend/Backend/src/main/java/com/securehealth/backend/controller/PrescriptionController.java

@@ -14,6 +14,13 @@
 
 import java.util.List;
 
+/**
+ * REST controller for managing prescriptions.
+ * <p>
+ * Provides endpoints for retrieving prescriptions by patient, creating new prescriptions,
+ * refilling existing ones, and deleting records.
+ * </p>
+ */
 @RestController
 @RequestMapping("/api/prescriptions")
 public class PrescriptionController {

backend/Backend/src/main/java/com/securehealth/backend/controller/VitalSignController.java

@@ -14,6 +14,13 @@
 
 import java.util.List;
 
+/**
+ * REST controller for managing patient vital signs.
+ * <p>
+ * Provides endpoints for retrieving vital signs history, getting the latest readings,
+ * and recording new vital signs (restricted to authorized personnel).
+ * </p>
+ */
 @RestController
 @RequestMapping("/api/vital-signs")
 public class VitalSignController {

backend/Backend/src/main/java/com/securehealth/backend/dto/AdminMetricsDTO.java

@@ -2,6 +2,13 @@
 
 import lombok.Data;
 
+/**
+ * Data Transfer Object for administrative dashboard metrics.
+ * <p>
+ * Contains aggregated counts for patients, doctors, today's appointments, 
+ * and pending appointment approvals.
+ * </p>
+ */
 @Data
 public class AdminMetricsDTO {
     private long totalPatients;

backend/Backend/src/main/java/com/securehealth/backend/dto/AppointmentDTO.java

@@ -3,6 +3,13 @@
 import java.time.LocalDateTime;
 import com.securehealth.backend.model.AppointmentStatus;
 
+/**
+ * Data Transfer Object representing an appointment's details.
+ * <p>
+ * Used for transferring appointment information between the server and the client,
+ * including doctor and patient names, date, status, and reason for the visit.
+ * </p>
+ */
 @Data
 public class AppointmentDTO {
     private Long appointmentId;

backend/Backend/src/main/java/com/securehealth/backend/dto/AppointmentRequest.java

@@ -6,6 +6,13 @@
 import lombok.Data;
 import java.time.LocalDateTime;
 
+/**
+ * Data Transfer Object for creating a new appointment request.
+ * <p>
+ * This DTO is used by patients to submit appointment bookings, requiring 
+ * a doctor ID, a future appointment date, and a reason for the visit.
+ * </p>
+ */
 @Data
 public class AppointmentRequest {
     @NotNull(message = "Doctor ID is required")

backend/Backend/src/main/java/com/securehealth/backend/dto/DoctorDTO.java

@@ -5,6 +5,13 @@
 import java.time.DayOfWeek;
 import java.util.List;
 
+/**
+ * Data Transfer Object representing a doctor's profile information.
+ * <p>
+ * Includes basic details like name and contact information, as well as 
+ * professional details like specialty, department, and working schedule.
+ * </p>
+ */
 @Data
 public class DoctorDTO {
     private Long id; 

backend/Backend/src/main/java/com/securehealth/backend/dto/LabTestDTO.java

@@ -2,6 +2,13 @@
 import lombok.Data;
 import java.time.LocalDateTime;
 
+/**
+ * Data Transfer Object representing the details of a lab test.
+ * <p>
+ * Contains comprehensive information about a lab test, including patient details, 
+ * the ordering doctor, test results, status, and associated files.
+ * </p>
+ */
 @Data
 public class LabTestDTO {
     private Long testId;

backend/Backend/src/main/java/com/securehealth/backend/dto/LabTestRequest.java

@@ -4,6 +4,13 @@
 import jakarta.validation.constraints.NotNull;
 import lombok.Data;
 
+/**
+ * Data Transfer Object for creating or updating a lab test request.
+ * <p>
+ * Used to specify the patient, test name, category, and initial results or remarks 
+ * when ordering or recording a lab test.
+ * </p>
+ */
 @Data
 public class LabTestRequest {
     @NotNull(message = "Patient ID is required")

backend/Backend/src/main/java/com/securehealth/backend/dto/LoginRequest.java

@@ -8,7 +8,11 @@
 import lombok.NoArgsConstructor;  // [NEW] Generates empty constructor
 
 /**
- * DTO for login requests.
+ * Data Transfer Object for login requests.
+ * <p>
+ * This DTO is used by users to provide their credentials (email and password)
+ * for authentication. It includes validation constraints to ensure data integrity.
+ * </p>
  */
 @Data
 @NoArgsConstructor  // Fixes "The constructor LoginRequest() is undefined"