- Add book with name, author, and stock validation
- Update existing book information
- Delete book by ID
- Adjust book inventory stock
- Rename AdminDashBoardService to DashBoardService
- Remove hardcoded user seed data from SQL schema
- Add BookService interface and MyBatis-based implementation with fuzzy search
by title or author
- Add forbidden (403) response helper to Result template
- Upgrade auth failure log from info to warn level
- Reorganize BookController imports and restructure class
Remove the interceptor-based JWT auth and its WebConfig registration.
Introduce JwtPopulateFilter that silently extracts JWT claims into
request attributes without blocking unauthenticated requests. Update
DashBoardController to accept nullable username and RequireRoleAspect
to handle missing credentials with proper error messages.
- Add role inheritance where admin automatically has user permissions
- Update RequireRoleAspect to validate role hierarchy instead of exact match
- Expose /api/dashboard/get-all-books to unauthenticated guests
- Rename AdminDashBoardController to DashBoardController
- Enhance KDoc with role hierarchy rules and access control behavior
Closes: #126
- rename DashBoardController to AdminDashBoardController
- add AdminDashBoardService interface with getAllBooks and getAllBorrowRecords
- add GlobalExceptionHandler for unified Result error responses
- add RequireRole annotation and RequireRoleAspect for role-based auth
- fix BorrowRecord entity table name from book_record to borrow_record
- add Result.forbidden() factory method returning 403 responses
Add comprehensive API documentation to controller classes with planned
endpoint lists and path prefixes. Document security measures in auth
service implementation. Add field-level comments to Book entity.
Add descriptive KDoc comments to all REST controllers, service interfaces,
entity classes, and mappers to improve code readability and maintainability.
Include annotations for controller-level API documentation.
- Add JwtAuthInterceptor to validate JWT tokens on protected endpoints
- Register interceptor paths via WebConfig for /api/** routes
- Fix Result return type to support nullable values across auth flows
- Use constant-time comparison when user is not found to prevent
user enumeration via response timing
- Remove debug logging that could expose sensitive data
- Add AspectJ weaver dependency for AOP support
- Use constant-time comparison when user is not found to prevent
user enumeration via response timing
- Remove debug logging that could expose sensitive data
- Add AspectJ weaver dependency for AOP support
- Add JwtUtils for token generation and validation using jjwt
- Refactor AuthService.login to return User instead of Boolean
- Add jjwt dependencies and integrate JWT into login flow
- Externalize JWT secret, expiration, and log level as configurable env vars with defaults
- Run dummy hash when user is not found to prevent timing-based enumeration
- Extract and log real client IP on login requests
- Remove unused test files
- Reorder application config for clarity
- Replace stub with MyBatis-Plus user query and password matching
- Integrate kotlin-logging for structured logging across services
- Add custom Log utility replacing direct SLF4J usage
- Add kotlin-logging dependency to build configuration
- Add Result<T> generic response template for standardized API output
- Introduce UserLoginDTO with validation annotations for login requests
- Migrate AuthController to use DTO binding and return Result responses
- Update AuthService interface to accept UserLoginDTO and return Boolean
- Add Jackson configuration (snake_case, non-null, date format)
- Include jackson-module-kotlin and spring-boot-starter-validation deps
- Add initialization flow for the user02 common account
- Rename insertAdminUser to insertAdmin for consistency
- Rename insertCommonUser to insertUser01 to align with naming
- Add initialization flow for the user02 common account
- Rename insertAdminUser to insertAdmin for consistency
- Rename insertCommonUser to insertUser01 to align with naming
- Check if admin user already exists before inserting
- Improve log messages with descriptive output
- Move @Transactional annotation to run method
- Fix minor formatting inconsistency
- Register Argon2PasswordEncoder as a Spring bean
- Implement InitUserRunner to seed default users on startup
- Add spring-security-crypto and bouncycastle dependencies
- Include database schema initialization script
msksbr