A demo app that allows users to create and manage tasks in the form of cards:
- Application users are identified uniquely by their mail address, have a role (Member or Admin) and use a password to
authenticate themselves before accessing cards
- Members have access to cards they created
- Admins have access to all cards
https://github.dev/nikosath/card-app
- ./gradlew bootJar
- docker compose up
The server port is set to 28852. Thanks to SpringDoc OpenAPI, the API JSON is available at http://localhost:28852/api-docs . A basic UI for trying out the API will be available later on at http://localhost:28852/swagger-ui/index.html .
POST /token
: Use Basic Auth to retrieve a JWT token needed for using the CardController operations below. For testing purposes the [username / password] pairs for three dummy users have been hardcoded in method 'userDetailsService' from SecurityConfig. These are:[email protected] / memberPass1
[email protected] / memberPass2
[email protected] / adminPass1
Use the token from AuthController as a bearer token to access the following operations.
Example header: Authorization: Bearer {token}
.
With the current application.properties, no data is kept between app restarts.
GET /cards
: Retrieves all cards.GET /cards/search
: Searches for cards based on given parameters.POST /cards
: Creates a new card.GET /cards/{cardName}
: Retrieves a card by its name.PUT /cards/{cardName}
: Updates a card by its name.DELETE /cards/{cardName}
: Deletes a card by its name.
- Retrieve user data for each request from a distributed cache (e.g. Redis)
- Add database indexing
- Improve integration with SpringDoc OpenAPI.
- Add proper IT tests with separated use cases and unit tests for each app layer.
- Don't use email as username.
- Consider making @Entity retrieval lazy.
- Exclude lazy loaded fields from Lombok.
- Add bean validation annotations to all @Entity.
- Consider making UserContext a spring bean.