75 lines
1.6 KiB
Markdown
75 lines
1.6 KiB
Markdown
# Secure Software Design API
|
|
|
|
A Spring Boot REST API demonstrating secure software design principles with token-based authentication and authorization.
|
|
|
|
## Features
|
|
|
|
- Token-based authentication
|
|
- Role-based access control (RBAC)
|
|
- BCrypt password hashing
|
|
- HTTPS/SSL support
|
|
- Security headers (CSP, HSTS, X-Frame-Options)
|
|
- Input validation
|
|
- Centralized exception handling
|
|
|
|
## Prerequisites
|
|
|
|
- Java 21
|
|
- PostgreSQL
|
|
- Maven
|
|
|
|
## Configuration
|
|
|
|
Create a `.env` file based on `.env.example`:
|
|
|
|
```
|
|
DB_URL=jdbc:postgresql://localhost:5432/your_database
|
|
DB_USER=your_username
|
|
DB_PASSWORD=your_password
|
|
SSL_KEYSTORE_PASSWORD=your_keystore_password
|
|
SSL_ENABLED=true
|
|
PORT=8443
|
|
```
|
|
|
|
## Build & Run
|
|
|
|
```bash
|
|
# Build
|
|
./mvnw clean package
|
|
|
|
# Run
|
|
./mvnw spring-boot:run
|
|
```
|
|
|
|
The API runs on `https://localhost:8443` by default.
|
|
|
|
## API Endpoints
|
|
|
|
### Public
|
|
|
|
| Method | Endpoint | Description |
|
|
|--------|----------|-------------|
|
|
| POST | `/auth/login` | Authenticate user |
|
|
| GET | `/health` | Health check |
|
|
|
|
### Protected
|
|
|
|
| Method | Endpoint | Description |
|
|
|--------|----------|-------------|
|
|
| GET | `/users/me` | Get current user profile |
|
|
| POST | `/users/create` | Create new user (Admin only) |
|
|
| POST | `/users/logout` | Logout and invalidate tokens |
|
|
|
|
## Project Structure
|
|
|
|
```
|
|
src/main/java/com/api/main/
|
|
├── controllers/ # REST endpoints
|
|
├── services/ # Business logic
|
|
├── entities/ # JPA entities
|
|
├── repositories/ # Data access
|
|
├── security/ # Security configuration
|
|
├── dto/ # Data transfer objects
|
|
└── config/ # App configuration
|
|
```
|