- Use constant-time comparison when user is not found to prevent
user enumeration via response timing
- Remove debug logging that could expose sensitive data
- Add AspectJ weaver dependency for AOP support
- Use constant-time comparison when user is not found to prevent
user enumeration via response timing
- Remove debug logging that could expose sensitive data
- Add AspectJ weaver dependency for AOP support
- Add JwtUtils for token generation and validation using jjwt
- Refactor AuthService.login to return User instead of Boolean
- Add jjwt dependencies and integrate JWT into login flow
- Externalize JWT secret, expiration, and log level as configurable env vars with defaults
- Run dummy hash when user is not found to prevent timing-based enumeration
- Extract and log real client IP on login requests
- Remove unused test files
- Reorder application config for clarity
- Replace stub with MyBatis-Plus user query and password matching
- Integrate kotlin-logging for structured logging across services
- Add custom Log utility replacing direct SLF4J usage
- Add kotlin-logging dependency to build configuration
- Add Result<T> generic response template for standardized API output
- Introduce UserLoginDTO with validation annotations for login requests
- Migrate AuthController to use DTO binding and return Result responses
- Update AuthService interface to accept UserLoginDTO and return Boolean
- Add Jackson configuration (snake_case, non-null, date format)
- Include jackson-module-kotlin and spring-boot-starter-validation deps
- Add initialization flow for the user02 common account
- Rename insertAdminUser to insertAdmin for consistency
- Rename insertCommonUser to insertUser01 to align with naming
- Add initialization flow for the user02 common account
- Rename insertAdminUser to insertAdmin for consistency
- Rename insertCommonUser to insertUser01 to align with naming
- Check if admin user already exists before inserting
- Improve log messages with descriptive output
- Move @Transactional annotation to run method
- Fix minor formatting inconsistency
- Register Argon2PasswordEncoder as a Spring bean
- Implement InitUserRunner to seed default users on startup
- Add spring-security-crypto and bouncycastle dependencies
- Include database schema initialization script
msksbr