/user-management-api

User management REST API built with Java and Spring framework, read README for more details ๐Ÿ™‚. In production at https://user-api-oldbot.herokuapp.com/

Primary LanguageJava

โ˜• What is this project?

Most applications need some type of user management API, a service to add new users, authenticate login, manage passwords, recover and reset, etc. So I'm building my own ๐Ÿ™‚

This project is a User Management REST API built with Spring Boot 2.6.4 and Java 11. I intend to use it in my own projects, and it's a way for me to practice what I study and learn about Java/Spring.

Currently, I'm using this API in my personal project OldBot.

Is the project finished?

The answer is no! Far from that! There are still lots of work to do related to this project, and I will keep working on it as way to learn and improve my Java/Spring knowledge.

Project technologies, functionalities and more

๐Ÿ’ป Security, Authentication and Authorization

Spring Security is responsible to manage Authentication and Authorization. When logging in, the user is authenticated in the database and receives an access token.

๐Ÿ”ด Json Web Token (JWT)

It uses JWT for Authorization, generating Json Web Tokens to be used in every request by the users.

All requests received are intercepted by Spring Security and validations are performed to check whether the access token provided in the request is valid.

The token configurations, such as expiration time, are set in the JWTAuthenticationFilter.java file.

๐Ÿ‘ฎโ€โ™‚ Spring Security and Roles

All the access for the API and it's routes are set in the SecurityConfiguration.java file.

Currently, there are only 2 main roles used in the project, they are:

  • USER: simple user, allowed to access only login and registration related routes.
  • ADMIN: has access and is allowed for everything.
๐Ÿ“ฎ Email Service

The email service uses Java Mail to send emails. The SMTP settings must be set in your application.properties file.

You can use MailDev to easily test email service in your local machine.

๐Ÿ‡ Asynchronous email sending with RabbitMQ

Since sending email is something that can take a few seconds and does not make much sense being synchronous, it's recommended to send emails asynchronously, to achieve that, one of the best solutions is RabbitMQ using messaging queues.

You can create your own instance of RabbitMQ using docker locally or, as I prefer, a cloud solution, and I recommend CloudAMQP. It has free plans for hobby/development , and it's very easy to use.

  • RabbitMQService.java is the Publisher which sends the messages to the queue.
  • EmailConsumer.java is the Subscriber which receives the queue messages and calls EmailService to send the emails.
๐Ÿ“ฆ Database

The project has 2 configured databases by default, MySQL and PostgreSQL.

MySQL I use in my local machine, and Postgre, since my application is deployed in Heroku , it's used there.

โœ…Tests

Most of the User related Controller and Service methods have unit testing. More tests will be implemented as the project goes on.

Another important pending work to do is implement integration tests, which I still need to learn how to implement.

๐Ÿš€ Work to do, improvements, intentions

There are still many things I have in mind for this project, things to implement, things to learn how to do, things to finish, etc. Here is a list of some of them separated in topics, I will be updating this list as I finish any item or think of new things to add.

General stuff
  • *๏ธโƒฃ Implement integration tests.
  • *๏ธโƒฃ Implement API call limitations with Bucket4J.
User
  • *๏ธโƒฃ Finish/fix the implementation of some tests with TODO comment.
  • *๏ธโƒฃ Implement change user email process, with emails confirmation, token, etc.
Email
  • *๏ธโƒฃ Replace the current email service with AWS Simple Email Service (Amazon SES).
  • *๏ธโƒฃ Implement unit tests.
Registration
  • *๏ธโƒฃ Implement unit tests.
Security
  • *๏ธโƒฃ Implement unit tests for Spring Security.