added jwt auth to service

This commit is contained in:
2025-08-28 23:50:54 +02:00
parent 67752d689d
commit 61f5503bdb
14 changed files with 594 additions and 0 deletions

93
JWT_AUTH_README.md Normal file
View File

@@ -0,0 +1,93 @@
# JWT Authentication Implementation
This Spring Boot application now includes JWT-based authentication with user registration and login functionality.
## Features Added
- ✅ JWT token generation and validation
- ✅ User registration endpoint
- ✅ User login endpoint
- ✅ Protected endpoints requiring authentication
- ✅ Public endpoints accessible without authentication
- ✅ Password encryption using BCrypt
- ✅ User entity with Spring Security integration
## API Endpoints
### Public Endpoints (No Authentication Required)
- `GET /api/test/public` - Test public endpoint
- `POST /auth/register` - User registration
- `POST /auth/login` - User login
- `GET /auth/test` - Test authentication endpoints
### Protected Endpoints (Authentication Required)
- `GET /api/test/protected` - Test protected endpoint
- All other endpoints in the application
## Testing the Authentication
### 1. Register a New User
```bash
curl -X POST http://localhost:6950/auth/register \
-H "Content-Type: application/json" \
-d '{
"username": "testuser",
"password": "password123",
"email": "test@example.com",
"phone": "+263771234567",
"firstName": "Test",
"lastName": "User"
}'
```
### 2. Login with the User
```bash
curl -X POST http://localhost:6950/auth/login \
-H "Content-Type: application/json" \
-d '{
"username": "testuser",
"password": "password123"
}'
```
### 3. Access Protected Endpoint
```bash
curl -X GET http://localhost:6950/api/test/protected \
-H "Authorization: Bearer YOUR_JWT_TOKEN_HERE"
```
### 4. Test Public Endpoint
```bash
curl -X GET http://localhost:6950/api/test/public
```
## Configuration
The JWT configuration is in `application.properties`:
- `jwt.secret`: Secret key for signing JWT tokens
- `jwt.expiration`: Token expiration time in milliseconds (default: 24 hours)
## Security Features
- **Password Encryption**: All passwords are encrypted using BCrypt
- **JWT Tokens**: Stateless authentication using JSON Web Tokens
- **CORS Support**: Cross-origin requests are enabled for testing
- **Input Validation**: Request validation using Bean Validation annotations
- **Stateless Sessions**: No server-side session storage
- **Direct Password Validation**: Login uses direct password comparison for simplicity
## Database
The application will automatically create the `users` table when it starts up. The table includes:
- User credentials (username, password, email)
- Personal information (first name, last name)
- Account status flags
- Timestamps for creation and updates
## Notes
- In production, change the `jwt.secret` to a secure, randomly generated key
- The default JWT expiration is set to 24 hours
- All passwords must be at least 6 characters long
- Usernames and emails must be unique
- The application uses PostgreSQL as the database