Skip to content

Phase 1: Core Backend Setup (User Auth & JWT)#1

Open
sbafsk wants to merge 1 commit intomainfrom
phase-1
Open

Phase 1: Core Backend Setup (User Auth & JWT)#1
sbafsk wants to merge 1 commit intomainfrom
phase-1

Conversation

@sbafsk
Copy link
Collaborator

@sbafsk sbafsk commented Dec 1, 2025

Phase 1: Core Backend Setup

This PR implements the complete authentication system with JWT, user/role management, and Spring Security configuration.

🎯 Components Implemented

Entities:

  • User entity with full profile fields
  • Role entity with 6 role types
  • Many-to-many User-Role relationship

Authentication & Security:

  • JWT authentication (1h access tokens, 7d refresh tokens)
  • Spring Security configuration with CORS
  • BCrypt password hashing (strength 12)
  • Token generation and validation

API Endpoints:

  • POST /api/v1/auth/register - Public registration
  • POST /api/v1/auth/login - Public login
  • GET /api/v1/auth/me - Get current user (authenticated)

Database:

  • Flyway migrations V1 (schema) and V2 (seed roles)
  • Optimized indexes

📊 Files Changed

22 files added:

  • 3 entities (User, Role + relationship)
  • 4 DTOs (LoginRequest, RegisterRequest, JwtResponse, UserResponse)
  • 2 repositories
  • 1 service (AuthService)
  • 1 controller (AuthController)
  • 3 security components (JwtTokenProvider, Filter, UserDetailsService)
  • 2 configs (JwtConfig, SecurityConfig)
  • 3 exceptions
  • 2 Flyway migrations

✅ Checklist

  • User & Role entities
  • JWT authentication
  • Spring Security configuration
  • Database migrations
  • Exception handling
  • Bean Validation

📝 Testing

After merge, test:

  1. Register new user
  2. Login and obtain JWT
  3. Access protected /auth/me endpoint

Ready for review and merge to main

@sbafsk @claude
feat: implement Phase 1 - Core Backend Setup (User Auth & JWT)
2e9dee3 
Implement complete authentication system with JWT, user/role management, and Spring Security configuration.

## Components Implemented

### Entities
- User entity with full fields (email, password, firstName, lastName, phone, userType, active)
- Role entity with RoleName enum (6 roles: USER, MEMBER, STUDENT, INSTRUCTOR, ADMIN, SUPER_ADMIN)
- Many-to-many relationship between User and Role

### Security & Authentication
- JWT stateless authentication with access tokens (1h) and refresh tokens (7 days)
- JwtTokenProvider for token generation and validation
- JwtAuthenticationFilter for request interception
- UserDetailsServiceImpl for Spring Security integration
- SecurityConfig with CORS, BCrypt (strength 12), and endpoint protection
- JwtConfig for externalized JWT configuration

### API Endpoints
- POST /api/v1/auth/register - Public user registration
- POST /api/v1/auth/login - Public login
- GET /api/v1/auth/me - Get current user (authenticated)

### DTOs
- LoginRequest, RegisterRequest with Bean Validation
- JwtResponse with tokens and user info
- UserResponse without sensitive data

### Services
- AuthService for registration, login, token generation, and user retrieval

### Database
- Flyway migrations V1 (schema) and V2 (seed roles)
- Tables: users, roles, user_roles
- Indexes for optimization

### Exception Handling
- GlobalExceptionHandler for centralized error handling
- Custom exceptions: UserNotFoundException, EmailAlreadyExistsException
- Proper HTTP status codes and error responses

## Technical Details
- Package structure: uy.supap
- Password validation: min 8 chars, uppercase, lowercase, number, special char
- Email and phone validation
- CORS configured for localhost:3000 and supap.uy

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sbafsk

Comments