Modern e-commerce platform backend built with Spring Boot 3, featuring JWT authentication, comprehensive API documentation, automated CI/CD, and production-ready infrastructure.
- Features
- Technology Stack
- Architecture
- Prerequisites
- Quick Start
- Docker Setup
- API Documentation
- Development
- Testing
- Database Migrations
- CI/CD Pipeline
- Project Structure
- Contributing
- License
- π JWT Authentication - Secure user registration and login with access/refresh tokens
- ποΈ Product Catalog - CRUD operations, search, filtering, and pagination
- π¦ Order Management - Complete order lifecycle with status tracking
- π³ Payment Processing - Multiple payment methods (PayPal, Credit Card, Bank Transfer)
- π€ User Profiles - Profile management with last login tracking
- π CI/CD Pipeline - Automated testing, building, and Docker image publishing via GitHub Actions
- π³ Docker Support - Multi-stage Dockerfile and Docker Compose for local development
- π Code Quality - Qodana static analysis and JaCoCo code coverage
- π Security Scanning - CodeQL vulnerability detection
- π Database Versioning - Liquibase migrations for schema management
- π°οΈ Audit Trail - Hibernate Envers for entity change tracking
- π Interactive API Docs - Swagger/OpenAPI 3.0 with try-it-out functionality
- π― Exception Handling - Global error handling with consistent JSON responses
- β Input Validation - Bean validation with detailed error messages
- π Hot Reload - Spring Boot DevTools for rapid development
- Java 17 - LTS version with modern language features
- Spring Boot 3.5.9 - Latest Spring Boot 3 with native support
- Spring Security 6 - OAuth2 resource server with JWT
- PostgreSQL 16 - Primary database (production)
- H2 Database - In-memory database (testing)
- Spring Data JPA - Data access with Hibernate 6
- Liquibase - Database migration management
- Hibernate Envers - Entity auditing and versioning
- Redis 7 - Distributed caching (planned)
- HikariCP - High-performance JDBC connection pooling
- JUnit 5 - Unit testing framework
- Mockito - Mocking framework for isolated tests
- Testcontainers - Integration testing with real databases
- JaCoCo - Code coverage analysis
- Swagger/OpenAPI 3.0 - Interactive API documentation
- MapStruct - Type-safe bean mapping
- Lombok - Boilerplate code reduction
- Qodana - JetBrains code quality analysis
- Docker - Containerization with multi-stage builds
- Docker Compose - Local multi-service orchestration
- GitHub Actions - CI/CD automation
- Maven - Dependency management and build tool
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Client Applications β
β (Web Browser, Mobile App, Third-party) β
ββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β HTTPS
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β API Gateway (Future) β
β Load Balancer + Rate Limiting β
ββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Spring Boot Backend β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Controllers β β Services β β Repositories β β
β β (REST API) ββ β (Business ββ β (Data β β
β β β β Logic) β β Access) β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β β β β
β βΌ βΌ βΌ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Spring Security (JWT Filter) β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββΌββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββ βββββββββββββββ ββββββββββββββββ
β PostgreSQL β β Redis β β External β
β Database β β (Cache) β β Payment β
β β β β β Gateway β
βββββββββββββββ βββββββββββββββ ββββββββββββββββ
βββββββββββββββ ββββββββββββββββ βββββββββββββββ
β User β β Order β β Payment β
βββββββββββββββ€ ββββββββββββββββ€ βββββββββββββββ€
β id (UUID) βββββββββ<β user_id βββββββββ>β order_id β
β email β 1:N β id (UUID) β 1:1 β id (UUID) β
β password β β status β β amount β
β firstName β β totalPrice β β method β
β lastName β β orderDate β β status β
β role β ββββββββ¬ββββββββ β txnId β
βββββββββββββββ β βββββββββββββββ
β β
β β 1:N
β 1:N βΌ
β ββββββββββββββββ
β β OrderItem β
β ββββββββββββββββ€
β β order_id β
β β product_id βββββ
β β quantity β β
β β unitPrice β β N:1
β ββββββββββββββββ β
β β
βΌ βΌ
βββββββββββββββ ββββββββββββββββ
β Token β β Product β
βββββββββββββββ€ ββββββββββββββββ€
β user_id β β id (UUID) β
β token β β title β
β type β β description β
β expired β β price β
β revoked β β stock β
βββββββββββββββ β category β
β imageUrl β
ββββββββββββββββ
1. Client Request
β
βΌ
2. JWT Authentication Filter
β
ββ Valid Token? β> Yes β> Extract User ββ
β β
ββ No β> Return 401 Unauthorized β
βΌ
3. Controller (REST Endpoint)
β
ββ @Valid Request? β> Yes β> Continue βββ
β β
ββ No β> Return 400 Bad Request β
βΌ
4. Service Layer (Business Logic)
β
ββ Business Rules OK? β> Yes β> Continue ββ
β β
ββ No β> Throw BusinessException β
βΌ
5. Repository Layer (Data Access)
β
ββ Entity Found? β> Yes β> Return Data ββββ
β β
ββ No β> Throw ResourceNotFoundException β
βΌ
6. Mapper (DTO Conversion)
β
βΌ
7. Response to Client (JSON)
Before you begin, ensure you have the following installed:
- Java 17 or higher (Download)
- Maven 3.9+ (Download)
- Docker & Docker Compose (Download)
- Git (Download)
Optional:
- PostgreSQL 16 (if running without Docker)
- Redis 7 (for caching, planned feature)
- IntelliJ IDEA or VS Code with Java extensions
git clone https://github.com/ecomera-ecosystem/ecomera-backend.git
cd ecomera-backend# Copy environment template
cp .env.docker.example .env.docker
# Edit .env.docker with your values (database password, JWT secret, etc.)
nano .env.docker
# Start all services (PostgreSQL, Redis, pgAdmin, Backend)
docker-compose up --build
# Or run in background
docker-compose up -d --buildAccess the application:
- API: http://localhost:8080
- Swagger UI: http://localhost:8080/swagger-ui/index.html
- pgAdmin: http://localhost:5050 (admin@ecomera.local / admin)
# Install dependencies and build
mvn clean install
# Run the application
mvn spring-boot:run
# Or run the JAR
java -jar target/ecomera-0.1.0.jarDefault configuration uses H2 in-memory database - perfect for quick testing!
# Start all services
make up
# Start in background
make up-d
# View logs
make logs
# Stop all services
make down
# Restart everything
make restart
# Clean up (remove volumes)
make clean
# Database shell
make db-shell
# Redis CLI
make redis-cli
# Backend container shell
make backend-shell# Build and start
docker-compose up --build
# Stop services
docker-compose down
# View running containers
docker-compose ps
# View logs
docker-compose logs -f backend
# Execute command in backend container
docker exec -it ecomera-backend shCreate .env.docker from template:
# Database
DB_URL=jdbc:postgresql://postgres:5432/ecomera
DB_USER=postgres
DB_PASS=your_secure_password
# JWT
JWT_SECRET_KEY=your_base64_secret_key
JWT_EXPIRATION_TIME=3600000
REFRESH_EXPIRATION_TIME=604800000
# Redis
REDIS_HOST=redis
REDIS_PORT=6379Open your browser and navigate to:
http://localhost:8080/swagger-ui/index.html
- Register a new user:
POST /api/v1/auth/register
Content-Type: application/json
{
"firstname": "John",
"lastname": "Doe",
"email": "john.doe@example.com",
"password": "SecurePass123!",
"role": "USER"
}- Login to get JWT token:
POST /api/v1/auth/authenticate
Content-Type: application/json
{
"email": "john.doe@example.com",
"password": "SecurePass123!"
}Response:
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}- Use token in subsequent requests:
GET /api/v1/auth/me
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| Authentication | |||
| POST | /api/v1/auth/register |
Register new user | β |
| POST | /api/v1/auth/authenticate |
Login user | β |
| GET | /api/v1/auth/me |
Get current user | β |
| POST | /api/v1/auth/refresh-token |
Refresh access token | β |
| Products | |||
| GET | /api/v1/products |
List all products | β |
| GET | /api/v1/products/{id} |
Get product by ID | β |
| POST | /api/v1/products |
Create product | β Admin |
| PUT | /api/v1/products/{id} |
Update product | β Admin |
| DELETE | /api/v1/products/{id} |
Delete product | β Admin |
| GET | /api/v1/products/search |
Search products | β |
| GET | /api/v1/products/category/{category} |
Filter by category | β |
| Orders | |||
| POST | /api/v1/orders |
Create order | β |
| GET | /api/v1/orders |
List all orders | β Admin |
| GET | /api/v1/orders/{id} |
Get order details | β |
| GET | /api/v1/orders/user/{userId} |
Get user orders | β |
| PUT | /api/v1/orders/{id}/status |
Update order status | β Admin |
| Payments | |||
| POST | /api/v1/payments |
Create payment | β |
| GET | /api/v1/payments/{id} |
Get payment details | β |
| PUT | /api/v1/payments/{id} |
Update payment | β Admin |
# Development mode with hot reload
mvn spring-boot:run
# With custom profile
mvn spring-boot:run -Dspring-boot.run.profiles=dev
# Debug mode
mvn spring-boot:run -Dspring-boot.run.jvmArguments="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005"# Clean and build
mvn clean install
# Skip tests
mvn clean install -DskipTests
# Build Docker image
docker build -t ecomera-backend:latest .# Format code (if using Spotless)
mvn spotless:apply
# Check formatting
mvn spotless:check# Unit + Integration tests
mvn test
# With coverage report
mvn clean verify
# View coverage report
open target/site/jacoco/index.htmlUnit Tests:
# Run only unit tests
mvn test -Dtest="*Test"Integration Tests:
# Run only integration tests
mvn test -Dtest="*IT"Code Coverage:
- Target: 70% line coverage
- Current: ~0% (work in progress)
- Tool: JaCoCo + Codecov
# Apply pending migrations
mvn liquibase:update
# Rollback last changeset
mvn liquibase:rollback -Dliquibase.rollbackCount=1
# View migration history
mvn liquibase:history
# Generate database documentation
mvn liquibase:dbDoc
open target/liquibase-docs/index.html
# Validate changelogs
mvn liquibase:validate
# Tag current state
mvn liquibase:tag -Dliquibase.tag=v0.1.0
# Rollback to tag
mvn liquibase:rollback -Dliquibase.rollbackTag=v0.1.0Located in src/main/resources/db/changelog/changes/
changes/
βββ v0.1.0/
βββ 001-create-users-table.xml
βββ 002-create-tokens-table.xml
βββ 003-create-products-table.xml
βββ 004-create-orders-table.xml
βββ 005-create-order-items-table.xml
βββ 006-create-payments-table.xml
Backend CI (backend-ci.yml)
- Triggers: Push/PR to
masterordevelopment - Steps:
- Checkout code
- Set up JDK 17
- Build with Maven
- Run tests
- Upload coverage to Codecov
- Upload test results
Qodana Code Quality (qodana.yml)
- Static code analysis
- Code quality checks
- Security vulnerability scanning
- Coverage thresholds (50% fresh, 40% total)
CodeQL Security (codeql.yml)
- Security vulnerability detection
- Automatic PR comments on issues
- Sarif report generation
Docker Release (docker-release.yml)
- Triggers: Push to
master, tagsv*.*.* - Steps:
- Build multi-stage Docker image
- Tag with version and
latest - Push to Docker Hub
- Cache layers for faster builds
Auto Labeler (labeler.yml)
- Automatically labels PRs/issues
- Based on file patterns and keywords
- Syncs label definitions
Check current build status:
ecomera-backend/
βββ .github/
β βββ workflows/ # GitHub Actions CI/CD
β βββ labels.yml # Label definitions
β βββ labeler.yml # Auto-labeling rules
βββ docs/ # Documentation
β βββ LIQUIBASE.md # Database migration guide
βββ src/
β βββ main/
β β βββ java/com/youssef/ecomera/
β β β βββ auth/ # Authentication module
β β β β βββ controller/
β β β β βββ dto/
β β β β βββ entity/
β β β β βββ repository/
β β β β βββ security/ # JWT, filters
β β β β βββ service/
β β β βββ common/ # Shared components
β β β β βββ audit/
β β β β βββ entity/ # BaseEntity
β β β β βββ exception/ # Global exception handling
β β β βββ config/ # Spring configuration
β β β β βββ OpenApiConfig.java
β β β β βββ SecurityConfig.java
β β β β βββ AuditConfig.java
β β β βββ domain/ # Business domains
β β β β βββ order/
β β β β βββ payment/
β β β β βββ product/
β β β βββ user/ # User module
β β βββ resources/
β β βββ db/changelog/ # Liquibase migrations
β β βββ application.properties
β β βββ liquibase.properties.template
β βββ test/ # Test files
βββ target/ # Build output
βββ .env.docker.example # Docker environment template
βββ .gitignore
βββ docker-compose.yml # Multi-service orchestration
βββ Dockerfile # Multi-stage build
βββ Makefile # Development shortcuts
βββ pom.xml # Maven configuration
βββ README.md
We welcome contributions! Please follow these guidelines:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'feat: add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
We follow Conventional Commits:
feat(auth): add user profile endpoint
fix(jwt): resolve expiration bug
docs(api): update API documentation
refactor(order): simplify service logic
test(payment): add unit tests
chore(deps): update dependencies
- Follow Google Java Style Guide
- Use Lombok for boilerplate reduction
- Write meaningful commit messages
- Add tests for new features
- Update documentation
- Tests pass locally (
mvn test) - Code follows project style
- Documentation updated
- No merge conflicts
- Meaningful commit messages
- Swagger annotations added for new endpoints
This project is licensed under the MIT License - see the LICENSE file for details.
MIT License
Copyright (c) 2026 Youssef Ammari
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Author: Youssef Ammari
Email: youssef.ammari.795@gmail.com
GitHub: @Ammari-Youssef
- π API Documentation
- π Report Bug
- π‘ Request Feature
- π¬ Discussions
- Refactor mappers with BaseMapper pattern
- Add DTO validation across all controllers
- Enable Redis caching for product catalog
- Fix Qodana code quality warnings
- Increase test coverage to 70%
- Add Cart & CartItem entities
- Implement checkout workflow
- Write integration tests
- Add product search with Elasticsearch
- Add monitoring (Prometheus + Grafana)
- Implement rate limiting
- Add API versioning
- Performance optimization
- Migrate to microservices architecture
- Add Kafka for event-driven communication
- Kubernetes deployment
- GraphQL API alongside REST
- Spring Boot - Application framework
- Liquibase - Database migration tool
- Swagger - API documentation
- Docker - Containerization platform
- JetBrains Qodana - Code quality platform
β If you find this project helpful, please consider giving it a star!
Built with β€οΈ by Youssef Ammari