Skip to content

Add authentication endpoint #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
OtavioXimarelli wants to merge 26 commits into from
Closed

Add authentication endpoint #14

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
44b7dab
feat: change ID generation strategy to UUID for User entity
OtavioXimarelli Jun 2, 2025
2e59fa4
feat: enhance security configuration with stateless session managemen…
OtavioXimarelli Jun 2, 2025
f1362f3
feat: add AuthenticationDTO for user login and password encapsulation
OtavioXimarelli Jun 2, 2025
5ba2dab
feat: add AuthenticationController for user login functionality
OtavioXimarelli Jun 2, 2025
2794d25
feat: change ID generation strategy to IDENTITY and add constructor t…
OtavioXimarelli Jun 3, 2025
853ceae
feat: add RegisterDTO for user registration data encapsulation
OtavioXimarelli Jun 3, 2025
7ff4ab7
feat: add user registration endpoint to AuthenticationController
OtavioXimarelli Jun 4, 2025
f2f13f5
feat: configure CORS and update security settings for authentication …
OtavioXimarelli Jun 4, 2025
678bd58
fix: improve code formatting and readability in User class
OtavioXimarelli Jun 4, 2025
1fe7d62
fix: reorder import statements for improved clarity in UserRepository
OtavioXimarelli Jun 4, 2025
16eb749
fix: enhance security configuration for authentication endpoints
OtavioXimarelli Jun 5, 2025
54c13b6
fix: remove unused CORS configuration class
OtavioXimarelli Jun 5, 2025
6625f11
fix: remove unused CORS imports from SecurityConfig
OtavioXimarelli Jun 5, 2025
6577982
fix: specify generic type for ResponseEntity in AuthenticationControl…
OtavioXimarelli Jun 5, 2025
8237ca6
fix: update application.properties for add logging level for security
OtavioXimarelli Jun 5, 2025
847fa97
chore: reorganize pom.xml for better structure and readability
OtavioXimarelli Jun 9, 2025
3d834ca
fix: update application.properties to use environment variables for s…
OtavioXimarelli Jun 9, 2025
43e1404
fix: update JWT secret property in application.properties for better …
OtavioXimarelli Jun 9, 2025
fc1c33a
fix: load environment variables using Dotenv in AiFoodAppApplication
OtavioXimarelli Jun 9, 2025
fdfbead
feat: implement TokenService for JWT generation and validation
OtavioXimarelli Jun 9, 2025
27580bd
feat: add SecurityFilter to handle JWT authentication and user valida…
OtavioXimarelli Jun 9, 2025
b51fda7
feat: refactor SecurityConfig to move to security package and integra…
OtavioXimarelli Jun 9, 2025
678200a
feat: add LoginResponseDTO for handling login response data
OtavioXimarelli Jun 9, 2025
4689df1
feat: update AuthenticationController to include JWT token generation…
OtavioXimarelli Jun 9, 2025
dbdd6a0
feat: enhance dotenv configuration to set multiple system properties …
OtavioXimarelli Jun 9, 2025
6a431e1
feat: update README to reflect user authentication and Spring Securit…
OtavioXimarelli Jun 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 18 additions & 2 deletions src/main/java/com/otavio/aifoodapp/config/SecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,13 @@

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
Expand All @@ -16,8 +20,20 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
return httpSecurity
.csrf(csrf -> csrf.disable())
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.build();
.authorizeHttpRequests(authorize -> authorize
.anyRequest().authenticated()
)
.build();


}
}

@Bean
public AuthenticationManager authenticationManagerBean(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();

}

@Bean
public PasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}
}
28 changes: 28 additions & 0 deletions src/main/java/com/otavio/aifoodapp/controller/AuthenticationController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package com.otavio.aifoodapp.controller;

import com.otavio.aifoodapp.dto.AuthenticationDTO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.validation.Valid;

@RestController
@RequestMapping("/api/auth")
public class AuthenticationController {
@Autowired
private AuthenticationManager authenticationManager;
Copy link

@sourcery-ai sourcery-ai bot Jun 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: Prefira a injeção de construtor em vez da injeção de campo

Isso melhora a testabilidade e torna as dependências explícitas.

Suggested change
public class AuthenticationController {
@Autowired
private AuthenticationManager authenticationManager;
public class AuthenticationController {
private final AuthenticationManager authenticationManager;
public AuthenticationController(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
Original comment in English

suggestion: Prefer constructor injection over field injection

It improves testability and makes dependencies explicit.

Suggested change
public class AuthenticationController {
@Autowired
private AuthenticationManager authenticationManager;
public class AuthenticationController {
private final AuthenticationManager authenticationManager;
public AuthenticationController(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}


@PostMapping("/login")
public ResponseEntity login(@RequestBody @Valid AuthenticationDTO data) {
var usernamePassword = new UsernamePasswordAuthenticationToken(data.login(), data.password());
var auth = this.authenticationManager.authenticate(usernamePassword);

return ResponseEntity.ok(auth);
Copy link

@sourcery-ai sourcery-ai bot Jun 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚨 issue (security): Evite retornar o objeto Authentication completo na resposta

Retorne apenas os dados de autenticação necessários, como um token JWT ou um DTO mínimo, para evitar expor detalhes de segurança internos.

Original comment in English

🚨 issue (security): Avoid returning full Authentication object in response

Return only the necessary authentication data, such as a JWT token or a minimal DTO, to avoid exposing internal security details.

}
Copy link

@sourcery-ai sourcery-ai bot Jun 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: Especifique um tipo genérico para ResponseEntity

Usar um tipo específico como ResponseEntity<Authentication> ou um DTO personalizado melhora a segurança de tipo e evita tipos brutos.

Suggested change
@PostMapping("/login")
public ResponseEntity login(@RequestBody @Valid AuthenticationDTO data) {
var usernamePassword = new UsernamePasswordAuthenticationToken(data.login(), data.password());
var auth = this.authenticationManager.authenticate(usernamePassword);
return ResponseEntity.ok(auth);
}
@PostMapping("/login")
public ResponseEntity<Authentication> login(@RequestBody @Valid AuthenticationDTO data) {
var usernamePassword = new UsernamePasswordAuthenticationToken(data.login(), data.password());
var auth = this.authenticationManager.authenticate(usernamePassword);
return ResponseEntity.ok(auth);
}
Original comment in English

suggestion: Specify a generic type for ResponseEntity

Using a specific type like ResponseEntity<Authentication> or a custom DTO enhances type safety and avoids raw types.

Suggested change
@PostMapping("/login")
public ResponseEntity login(@RequestBody @Valid AuthenticationDTO data) {
var usernamePassword = new UsernamePasswordAuthenticationToken(data.login(), data.password());
var auth = this.authenticationManager.authenticate(usernamePassword);
return ResponseEntity.ok(auth);
}
@PostMapping("/login")
public ResponseEntity<Authentication> login(@RequestBody @Valid AuthenticationDTO data) {
var usernamePassword = new UsernamePasswordAuthenticationToken(data.login(), data.password());
var auth = this.authenticationManager.authenticate(usernamePassword);
return ResponseEntity.ok(auth);
}

}
4 changes: 4 additions & 0 deletions src/main/java/com/otavio/aifoodapp/dto/AuthenticationDTO.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
package com.otavio.aifoodapp.dto;

public record AuthenticationDTO(String login, String password) {
}
2 changes: 1 addition & 1 deletion src/main/java/com/otavio/aifoodapp/model/User.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ public class User implements UserDetails {


@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@GeneratedValue(strategy = GenerationType.UUID)
private Long id;

@Column(unique = true, nullable = false)
Expand Down