A secure, reliable and easy to configure job status tracker API.
This Spring Boot application allows clients to organize job applications in a sorted fashion, optimized for quick retrieval and modification. Furthermore, certain API routes add a more social feel to the application, wherein users can check out trending companies that other applicants apply to. There is a full authentication workflow using JSON Web Tokens (JWT) that will be used as a filter through Spring Security. Redis is also used for caching repeated database queries (PostgreSQL) and AWS S3 is used for storing user media.
Follow these steps for configuring and running the application.
- Install all dependencies using the
pom.xml
file (I've used Maven). - Create a
.env
file inside the root directory. If you choose not to create an environment file, you can directly set the following environment variables through your IDE:DB_URI
: The URI of your database (I'm using PostgreSQL)DB_USERNAME
: The username of your DBDB_PASSWORD
: The password of your DBJWT_SECRET
: A hexadecimal 256-bit secret that will be used for JWTsS3_ACCESS_KEY
: The access key of your S3 bucketS3_SECRET_KEY
: The secret key of your S3 bucketS3_BUCKET_NAME
: The name of your S3 bucket
- If you change the name of the above environment variables,
make sure to update the
/src/main/resources/application.yml
file with these changes. - Run the application.
There are three unprotected (i.e, unsecured) endpoints, that will not be passed through the security filter. These are:
GET /api/v1/user
: A test route. Returns "Hello World!"POST /api/v1/user/auth/register
: Registration route. ReturnsEmailAlreadyExistsException
for a reused email. Otherwise, returns a ResponseEntity object with a status code201
.POST /api/v1/user/auth/login
: ReturnsIncorrectCredentialsException
for wrong usernames/passwords. Otherwise, returns status code200
.
The following endpoints are secured through the security filter chain, and each request must have a valid bearer token in its 'Authentication' header:
POST /api/v1/user/profile-picture
: Accepts a multipart file with a maximum size of 1MB for profile picture. ReturnsIOException
for any processing operations, otherwise a status code201
.GET /api/v1/user/profile-picture
: Fetch user's profile picture. ReturnsIOException
for any processing operations, otherwise a status code200
.POST /api/v1/application/new
: Accepts an ApplicationDto object. Creates a new application associated with the user fetched from the security context holder and returns a status code201
.GET /api/v1/application/all/{pageNumber}
: Returns a list of all applications of the specified page number, and if none found, returns an empty list. Note that the service function for this route is cached with Redis.PUT /api/v1/application/edit/{applicationId}
: Accepts the ID of the application to be edited as the path variable, and the application as the request body. If application isn't found, returnsApplicationNotFoundException
, otherwise returns201
.DELETE /api/v1/application/${applicationId}
: Deletes an application with the specified ID. If application isn't found, returnsApplicationNotFoundException
, otherwise returns204
.GET /api/v1/application?company-name={name}
: Finds all applications of the authenticated user whose company names start with the specified company name. Returns an empty list for no applications found, with status code200
.GET /api/v1/application/social?page={}
: Finds the most recent applications with the status "Applied" according to the page number. Returns200
.