REST API monitoring service app with JWT-token based Authentication/Authorization
- Service implemented, delivered and working according to the requirements
- Total time spent approx. ~20...30 hours (can't figure out on exact time, few days in a raw, couple of hours per day)
- Some extras, like Swagger (not specified, but nice to have) might be added, but haven't because of lack of time
- Testing (Unit/Integration) is missing, because of lack of time, but can be added as well
- All endpoints / logic were manually tested/verified to meet the requirements/specification
This repo contains:
- Spring Boot Web app, with Maven, Lombok, etc.
- Spring Boot Data JPA starter
- Using MySQL
- Spring Boot Security (JWT-token)
- REST API - controllers/services/repositories/models for:
- Services (CRUD)
- Authentication
- Pooling config & logic - to get service's state
- Unit / Integration tests are missing (despite everything was manually tested and meet the requirements)
- Swagger integration for documenting REST API - nice to have, missing, because of lack of the time available
- Application design/implementation might be improved (I know there is a space for improvements)
- Primitive front-end, sometimes too basic logic, usage of hardcoded values (environment variables must be used instead)
- Some extra-features (sorting, filtering, validation) has to be implemented / improved
- Too much time was focused on security (RBAC, JWT, config, etc.) and approaches I weren't used at the end
- For temporary use - database schema is updatable, according to configuration setting, to make it easier, faster and more flexible to add and update new / existing entities
- Front-End in general - spent too much time on designing and developing of that part
- Breaks and context switching during implementing (family, work, etc.)
- Security / Auth + Docker integration took some time
- Tried to add swagger and websockets, but finally went on with another approach
- Spent some time on this document :)
Prerequisites: Docker (installed and running), Java 11, Git and Maven
- Clone repo: https://github.com/Taraskin/monitoring:
git clone https://github.com/Taraskin/monitoring.git - Navigate to project directory and run:
- to verify it is builds
cd monitoring mvn clean install - Start DB instance (Dockerized*)
- Run generated JAR-file:
java -jar target/service-monitoring-0.0.1-SNAPSHOT.jar
- You can also run the app from the IDE
- Register user by using REST endpoint:
POST /auth/register- see more details below - Navigate to http://localhost:8080, login with registered user credentials, try to add new service(s) for monitoring
P.S. MySQL in Docker *
application.yml already contains connection information to this DB.
docker-compose up -d-
Auth
/api/authPOST /auth/register- register new user- Payload:
- where the role is one of
{ "username": "User_Name", "password": "User_Pass", "roles": ["ROLE_ADMIN"] }ROLE_ADMINorROLE_USER
- Payload:
-
POST /auth/login- user login- Payload:
{ "username": "User_Name", "password": "User_Pass" }
- Payload:
Note ROLE_ADMIN and ROLE_USER automatically added on the app's first run
Note User's passwords stored in the database hashed / encrypted: $2a$10$Rzgjgy9eZ3wJdG4lIAC1r.2PjCaDgqcjtET.R2NIqaaqKRSt5omza
Note Security JWT tokens (must be present in request header for protected endpoints) have configurable expiration time - see next section in application.yml:
# Security Configuration
security:
jwt:
secret: SomeSecretKey
expirationMs: 3600000 # 1000 * 60 * 60 = 3600000 ms (1 hour)- every expired token has to be refreshed by using /api/auth/login endpoint
- Service
/api/services- full CRUD-
GET /api/services- get all services -
GET /api/services/{ID}- get service by ID -
POST /api/servicesadd a new service, per user- Payload:
{ "name": "Service Name", "url": "Service URL" }
- Payload:
-
PUT /api/servicesupdate service, allowed only for users withADMINrole- Payload:
{ "id": 42, "name": "Service Name (Updated)", "url": "Service URL (Updated)" }
- Payload:
-
DELETE /api/services/{ID}delete the service by ID, allowed only owner, withADMINrole
-