Auth Service in Spring Boot

sorry i forgot to devlog. basically just been trying to ship this thing and ran into some issues bc i cant give demo credentials. so i made a special endpoint at /auth/demo-register which is only accessible when running in dev mode. i also added per-route security/role filtering and endpoints to update users. and refactoring in general. here’s a pic with the new endpoints.

dockerized it and updated the README like 4 times. i found a cool way to build it so that the built dependencies are cached automatically by docker. also made a .env that the docker-compose.yml and spring boot app use. made the secret key configurable as well, instead of resetting every launch.

started prepping to ship this project. i needed a web demo tho so i used a dependency called springdoc-openapi that sets it everything up for me. had some trouble with the ui though so i had to add some config and change the main controller. i’m probably going to dockerize the whole thing next and host it on my rpi for the demo

added a initialization endpoint so that an admin can be created when the service first starts. had to make this bc only admins have permissions to create users but when the service first starts and there are no admins, its otherwise impossible to create an admin, which results in a weird permission paradox. the initialization endpoint only works when there’s no admins already in the db. i also added a README, finally.

took me like 30 minutes to switch from h2 to postgres. it was so stupid bc i put a colon instead of a slash in the database url. i was just running a postgres docker container on my rpi instead of the laptop im using. eventually i should make a docker-compose.yml to include the db. it was surprisingly easy to switch databases, all you need to do is change the url name and add the postgres driver as a dependency.

added jwt auth filter. basically it just extracts stuff like roles from the jwt and passes it on as SecurityContext and in my SecurityConfig i can use methods like .hasRole() on specific URIs. i also included claims in the jwt so that it contains id, username, roles, etc. and it also has specific extract methods but i might combine those into one that returns a User.

its now hashing passwords with Bcrypt. here’s a picture of me using the h2 console to check what the passwords stored as

renamed the project to auth-service. i also implemented the login and verify endpoints using jwts. i also started using postman for the first time to test my api, since im on windows and used to ssh into my rpi just to use curl. im still not hashing passwords yet lol. heres a picture of my postman flow that i used to test

started by watching Mosh’s spring boot tutorial. dont really know how im supposed to use some of that stuff though. got started with creating a database with spring jpa. just using h2 for now, i’ll switch to postgres later or something. all i did was get the repository and basic crud working and user methods working. ran into a small issue with spring security automatically asking for authentication at every endpoint. next i need to create jwt auth, and use the security filter stuff provided by spring security to block certain endpoints. then i’ll create roles and make the verify endpoint