- Add role inheritance where admin automatically has user permissions
- Update RequireRoleAspect to validate role hierarchy instead of exact match
- Expose /api/dashboard/get-all-books to unauthenticated guests
- Rename AdminDashBoardController to DashBoardController
- Enhance KDoc with role hierarchy rules and access control behavior
Closes: #126
- rename DashBoardController to AdminDashBoardController
- add AdminDashBoardService interface with getAllBooks and getAllBorrowRecords
- add GlobalExceptionHandler for unified Result error responses
- add RequireRole annotation and RequireRoleAspect for role-based auth
- fix BorrowRecord entity table name from book_record to borrow_record
- add Result.forbidden() factory method returning 403 responses
Add comprehensive API documentation to controller classes with planned
endpoint lists and path prefixes. Document security measures in auth
service implementation. Add field-level comments to Book entity.
Add descriptive KDoc comments to all REST controllers, service interfaces,
entity classes, and mappers to improve code readability and maintainability.
Include annotations for controller-level API documentation.
- Add JwtAuthInterceptor to validate JWT tokens on protected endpoints
- Register interceptor paths via WebConfig for /api/** routes
- Fix Result return type to support nullable values across auth flows
- Use constant-time comparison when user is not found to prevent
user enumeration via response timing
- Remove debug logging that could expose sensitive data
- Add AspectJ weaver dependency for AOP support
- Use constant-time comparison when user is not found to prevent
user enumeration via response timing
- Remove debug logging that could expose sensitive data
- Add AspectJ weaver dependency for AOP support
- Add JwtUtils for token generation and validation using jjwt
- Refactor AuthService.login to return User instead of Boolean
- Add jjwt dependencies and integrate JWT into login flow
- Externalize JWT secret, expiration, and log level as configurable env vars with defaults
- Run dummy hash when user is not found to prevent timing-based enumeration
- Extract and log real client IP on login requests
- Remove unused test files
- Reorder application config for clarity
- Replace stub with MyBatis-Plus user query and password matching
- Integrate kotlin-logging for structured logging across services
- Add custom Log utility replacing direct SLF4J usage
- Add kotlin-logging dependency to build configuration
- Add Result<T> generic response template for standardized API output
- Introduce UserLoginDTO with validation annotations for login requests
- Migrate AuthController to use DTO binding and return Result responses
- Update AuthService interface to accept UserLoginDTO and return Boolean
- Add Jackson configuration (snake_case, non-null, date format)
- Include jackson-module-kotlin and spring-boot-starter-validation deps
- Add initialization flow for the user02 common account
- Rename insertAdminUser to insertAdmin for consistency
- Rename insertCommonUser to insertUser01 to align with naming
- Add initialization flow for the user02 common account
- Rename insertAdminUser to insertAdmin for consistency
- Rename insertCommonUser to insertUser01 to align with naming
- Check if admin user already exists before inserting
- Improve log messages with descriptive output
- Move @Transactional annotation to run method
- Fix minor formatting inconsistency
- Register Argon2PasswordEncoder as a Spring bean
- Implement InitUserRunner to seed default users on startup
- Add spring-security-crypto and bouncycastle dependencies
- Include database schema initialization script
msksbr