- configure global CORS policy allowing all origins, headers, and methods
- register CorsFilter bean for cross-origin request handling
- bump version to v0.1f
- Add deploy.sh for automated Docker build and push to private registry
- Lowercase Docker image name to comply with registry requirements
- Update README with concrete Docker run examples and configuration
- Integrate Docker Spring Boot application plugin for containerization
- Bump project version to 0.1
- Include MIT license and project README
- Ignore IDE configuration files in version control
- Remove unused IpExtractor and HttpServletRequest from
admin controllers
- Remove unused log import from service implementations
- Reorganize and alphabetize imports
- Update class-level doc comments for consistency
- Add ApiResult.badRequest() and ApiResult.notFound() helper methods
- Replace generic ApiResult.error() with appropriate status-specific calls
- Add ApiResultStatusAdvice for consistent response status handling
- Add KDoc comments to admin controller and service methods
- Replace `Result` with `ApiResult` across admin book/borrow modules
- Change return type from `Result<Any?>` to `ApiResult<String>`
- Reformat multi-arg log statements for readability
- Add list, search, detail, borrow, and return endpoints to BorrowController
- Implement service methods with MyBatis Plus queries and validation
- Introduce MyBorrowVo response wrapper for borrow records
- Add JwtPopulateAspect for populating userId from JWT claims
- add userId parameter to generateToken and include it in JWT claims
- extract userId from token in JwtPopulateFilter and set as request attribute
- inject IpExtractor and JwtUtils into AuthController for token generation
- Change returnBook signature to accept recordId only, reducing coupling
- Improve Javadoc comments across controller, service, and implementation
- Clean up imports and reformat class structure in impl
Closes: #125
- Add borrowBook and returnBook method stubs to AdminBorrowService
- Pass userId parameter to BorrowService methods for context enrichment
- Add KDoc comments to service interfaces and implementations
Replace the simple \"get all borrows\" endpoint with a search-based
approach supporting queries by book name, author, username, and role.
- Change endpoint from GET /getall to GET /search?query=xxx
- Add search service implementation using QueryWrapper with LIKE
predicates across Book, User, and BorrowRecord tables
- Use kotlinx-coroutines for parallel async data fetching per result
- Add kotlinx-coroutines-core and kotlinx-coroutines-reactor deps
- Add getAllBorrows, getOneBorrow, searchBorrows, and returnBook endpoints
- Implement AdminBorrowServiceImpl with join-based record queries
- Add getAllBooks endpoint to BookController
- Include role validation, IP extraction, and audit logging
- Add AdminBorrowServiceImpl with search and getAllBorrows stubs
- Add BorrowServiceImpl with borrow record query stubs
- Add getAllBooks and getAllBorrows to service interfaces
- Mark dashboard components for future service decomposition
- Add BorrowService and AdminBorrowService interfaces
- Add BorrowInfoDto for borrow record data transfer
- Rename UserLoginDTO to UserLoginDto for naming consistency
- Update dashboard to use structured borrow record mapping
- Add book with name, author, and stock validation
- Update existing book information
- Delete book by ID
- Adjust book inventory stock
- Rename AdminDashBoardService to DashBoardService
- Remove hardcoded user seed data from SQL schema
- Add BookService interface and MyBatis-based implementation with fuzzy search
by title or author
- Add forbidden (403) response helper to Result template
- Upgrade auth failure log from info to warn level
- Reorganize BookController imports and restructure class
Remove the interceptor-based JWT auth and its WebConfig registration.
Introduce JwtPopulateFilter that silently extracts JWT claims into
request attributes without blocking unauthenticated requests. Update
DashBoardController to accept nullable username and RequireRoleAspect
to handle missing credentials with proper error messages.
- Add role inheritance where admin automatically has user permissions
- Update RequireRoleAspect to validate role hierarchy instead of exact match
- Expose /api/dashboard/get-all-books to unauthenticated guests
- Rename AdminDashBoardController to DashBoardController
- Enhance KDoc with role hierarchy rules and access control behavior
Closes: #126
- rename DashBoardController to AdminDashBoardController
- add AdminDashBoardService interface with getAllBooks and getAllBorrowRecords
- add GlobalExceptionHandler for unified Result error responses
- add RequireRole annotation and RequireRoleAspect for role-based auth
- fix BorrowRecord entity table name from book_record to borrow_record
- add Result.forbidden() factory method returning 403 responses
Add comprehensive API documentation to controller classes with planned
endpoint lists and path prefixes. Document security measures in auth
service implementation. Add field-level comments to Book entity.
Add descriptive KDoc comments to all REST controllers, service interfaces,
entity classes, and mappers to improve code readability and maintainability.
Include annotations for controller-level API documentation.
- Add JwtAuthInterceptor to validate JWT tokens on protected endpoints
- Register interceptor paths via WebConfig for /api/** routes
- Fix Result return type to support nullable values across auth flows
- Use constant-time comparison when user is not found to prevent
user enumeration via response timing
- Remove debug logging that could expose sensitive data
- Add AspectJ weaver dependency for AOP support
- Use constant-time comparison when user is not found to prevent
user enumeration via response timing
- Remove debug logging that could expose sensitive data
- Add AspectJ weaver dependency for AOP support
- Add JwtUtils for token generation and validation using jjwt
- Refactor AuthService.login to return User instead of Boolean
- Add jjwt dependencies and integrate JWT into login flow
- Externalize JWT secret, expiration, and log level as configurable env vars with defaults
- Run dummy hash when user is not found to prevent timing-based enumeration
- Extract and log real client IP on login requests
- Remove unused test files
- Reorder application config for clarity
- Replace stub with MyBatis-Plus user query and password matching
- Integrate kotlin-logging for structured logging across services
- Add custom Log utility replacing direct SLF4J usage
- Add kotlin-logging dependency to build configuration
- Add Result<T> generic response template for standardized API output
- Introduce UserLoginDTO with validation annotations for login requests
- Migrate AuthController to use DTO binding and return Result responses
- Update AuthService interface to accept UserLoginDTO and return Boolean
- Add Jackson configuration (snake_case, non-null, date format)
- Include jackson-module-kotlin and spring-boot-starter-validation deps
- Add initialization flow for the user02 common account
- Rename insertAdminUser to insertAdmin for consistency
- Rename insertCommonUser to insertUser01 to align with naming
- Add initialization flow for the user02 common account
- Rename insertAdminUser to insertAdmin for consistency
- Rename insertCommonUser to insertUser01 to align with naming
- Check if admin user already exists before inserting
- Improve log messages with descriptive output
- Move @Transactional annotation to run method
- Fix minor formatting inconsistency
- Register Argon2PasswordEncoder as a Spring bean
- Implement InitUserRunner to seed default users on startup
- Add spring-security-crypto and bouncycastle dependencies
- Include database schema initialization script
msksbr