Skip to content

design.md

Latest commit

 

History

History
199 lines (157 loc) · 7.58 KB

design.md

File metadata and controls

199 lines (157 loc) · 7.58 KB

JournalApp Technical Documentation

1. About the Project

JournalApp is a secure End-to-End Encrypted (E2EE) journaling application developed with Spring Boot. It provides a user-friendly interface for users to manage their journal entries, ensuring confidentiality using modern security techniques. This project also demonstrates the power and flexibility of using Spring Boot for enterprise application development.

Key Features:

  • End-to-End Encryption (E2EE) ensures the privacy of user entries.
  • Scalable architecture using Spring Boot.
  • Secure authentication and authorization using JWT (JSON Web Tokens).
  • Data storage using NoSQL database MongoDB for high performance and schema flexibility.
  • Integration with Redis for efficient caching and reduced latency.
  • Supports microservices architecture with lightweight Docker containers for deployment.

2. Repository Structure

Below is an overview of the repository structure and key modules:

Directory/Files Purpose
src/main/java/me/kunalkayal/journalApp/entity/ Contains entity classes like UserEntity and JournalEntity used for database interaction.
src/main/java/me/kunalkayal/journalApp/services/ Implements business logic for managing user and journal entries.
src/main/java/me/kunalkayal/journalApp/config/ Handles security settings, like role-based access control and filters.
src/main/java/me/kunalkayal/journalApp/utills/ Provides utilities such as JWT token management.
src/main/java/me/kunalkayal/journalApp/repository/ Contains repository interfaces that abstract database operations using MongoRepository.
Dockerfile Configures the application for containerized deployment.

3. Core Technologies Used

This application makes use of several modern tools and frameworks:

1. Spring Boot

  • Purpose: Framework for rapid development of web applications.
  • How it’s used:
    • Dependency injection simplifies coding requirements.
    • Handles web requests (Controllers) and data layers (Services and Repositories).

2. Spring Security

  • Purpose: Secures the application by enforcing access controls.
  • How it’s used:
    • Role-based access controls for /admin, /user, and /journal routes.
    • Stateless JWT token authentication for session management.

3. JWT (JSON Web Token)

  • Purpose: Secures API endpoints and provides stateless user authentication.
  • Key Benefits:
    • Encodes user-specific data (username, roles) in signed tokens.
    • Eliminates server-side session storage, allowing API to scale efficiently.
  • How it works in the app:
    • JwtUtil class generates, validates, and parses tokens to retrieve authentication information.

4. MongoDB

  • Purpose: NoSQL database used for storing user and journal data.
  • Why it’s used:
    • Schema-less design provides flexibility for storing journal and user data.
    • High performance and scalability for modern apps.
  • Sample Utilization:
    • Repositories such as userRepo and journalRepo extend MongoRepository to handle CRUD operations.

5. Redis

  • Purpose: In-memory data structure store used for caching.
  • How it’s used in JournalApp:
    • Stores frequently accessed data (e.g., weather response data) to reduce load on external APIs.
    • Improves application performance by minimizing latency.

6. Docker

  • Purpose: Used to containerize the application for deployment.
  • How it’s used:
    • Creates a lightweight, portable runtime environment using Dockerfiles.
    • Ensures environment consistency across development and production.

4. Module Overview

User Management (src/main/java/me/kunalkayal/journalApp/entity/UserEntity)

This module handles the representation of user-related data, such as credentials and roles.

  • Attributes:
    • username (String, unique): The user's unique identifier.
    • password (String, encrypted): The user's secure password stored using Spring Security’s BCryptPasswordEncoder.
    • roles (List): Role-based access (e.g., "USER", "ADMIN").

Journal Management (src/main/java/me/kunalkayal/journalApp/services/EntryService.java)

Operations for creating, retrieving, updating, and deleting journal entries.

  • Functions:
    • addJournal(JournalEntity journal): Allows an authenticated user to add a new journal entry.
    • getUsersJournals(): Retrieves journal entries belonging to the logged-in user.
    • deleteJournalById(ObjectId id): Deletes a specific journal entry securely.

SecurityConfig (src/main/java/me/kunalkayal/journalApp/config)

Responsible for securing API endpoints.

  • Enforces JWT authentication for non-public API routes.
  • Uses @EnableWebSecurity for implementing Spring Security.

5. Authentication Workflow (Using JWT)

  1. Sign-up Endpoint:

    • User data such as username and password are collected.
    • Passwords are hashed before saving in the database.

  2. Login Endpoint:

    • Accepts username/password credentials.
    • Issues a signed JWT token upon successful authentication.

  3. Token Validation:

    • JWT tokens are sent with each API request via the Authorization header.
    • The JwtFilter extracts the token, validates the signature, and sets the user's authentication context.

6. Key Components & Code Highlights

JWT Helper Class (JwtUtil)

  • Generates and validates tokens.
public String generateToken(String username) {
    Map<String, Object> claims = new HashMap<>();
    return Jwts.builder()
        .setClaims(claims)
        .setSubject(username)
        .setIssuedAt(new Date(System.currentTimeMillis()))
        .setExpiration(new Date(System.currentTimeMillis() + TOKEN_VALIDITY))
        .signWith(key, SignatureAlgorithm.HS256)
        .compact();
}

Redis Integration (Caching Weather Data)

  • Stores weather data in Redis for quick retrieval.
body = redisService.get(city, WeatherPOJO.class);
if (body == null) {
    ResponseEntity<WeatherPOJO> response = restTemplate.exchange(apiUrl, HttpMethod.GET, null, WeatherPOJO.class);
    redisService.set(city, response.getBody(), 300L);
}

Dockerfile Example

  • Multi-stage builds optimize the final Docker image size.
# Build stage
FROM maven:3.8.5-openjdk-17 AS build
COPY . .
RUN mvn clean package -DskipTests

# Deployment stage
FROM openjdk:17.0.1-jdk-slim
COPY --from=build /target/journalApp-0.0.1-SNAPSHOT.jar journalApp.jar
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "journalApp.jar"]

7. Installation and Usage

Prerequisites:

  • Java JDK 8+ installed.
  • MongoDB configured and running.

Installation:

  1. Clone the repository: 
    git clone https://github.com/kunalkayal/JournalApp.git
cd JournalApp
  2. Build the project: 
    mvn clean install

Run the Application:

mvn spring-boot:run

Access the app at http://localhost:8080.

8. Contribution Guidelines

Contributions are welcome! To contribute:

  1. Fork the repository to your GitHub account.
  2. Clone and make changes to your local environment.
  3. Submit a pull request detailing your changes.

Final Notes

JournalApp utilizes a modern tech stack with a focus on scalability and security. Its design demonstrates efficient use of JWT for token authentication, MongoDB for scalable data storage, and Redis for caching frequently accessed data. Further enhancements can include:

  • Testing tools (e.g., Mockito).
  • API versioning for backward compatibility.