nikosath / card-app Goto Github PK

A demo app that allows users to create and manage tasks in the form of cards:

• Application users are identified uniquely by their mail address, have a role (Member or Admin) and use a password to authenticate themselves before accessing cards
  • Members have access to cards they created
  • Admins have access to all cards

https://github.dev/nikosath/card-app

1. ./gradlew bootJar
2. docker compose up

The server port is set to 28852. Thanks to SpringDoc OpenAPI, the API JSON is available at http://localhost:28852/api-docs . A basic UI for trying out the API will be available later on at http://localhost:28852/swagger-ui/index.html .

• POST /token: Use Basic Auth to retrieve a JWT token needed for using the CardController operations below. For testing purposes the [username / password] pairs for three dummy users have been hardcoded in method 'userDetailsService' from SecurityConfig. These are:
  • [email protected] / memberPass1
  • [email protected] / memberPass2
  • [email protected] / adminPass1

Use the token from AuthController as a bearer token to access the following operations. Example header: Authorization: Bearer {token}. With the current application.properties, no data is kept between app restarts.

• GET /cards: Retrieves all cards.
• GET /cards/search: Searches for cards based on given parameters.
• POST /cards: Creates a new card.
• GET /cards/{cardName}: Retrieves a card by its name.
• PUT /cards/{cardName}: Updates a card by its name.
• DELETE /cards/{cardName}: Deletes a card by its name.

• Retrieve user data for each request from a distributed cache (e.g. Redis)
• Add database indexing
• Improve integration with SpringDoc OpenAPI.
• Add proper IT tests with separated use cases and unit tests for each app layer.
• Don't use email as username.
• Consider making @Entity retrieval lazy.
• Exclude lazy loaded fields from Lombok.
• Add bean validation annotations to all @Entity.
• Consider making UserContext a spring bean.