InstiMaster is a sophisticated backend application designed for the efficient management of institutes. It offers a comprehensive set of REST APIs to facilitate the complete lifecycle of institutes, encompassing Create, Read, Update, and Delete (CRUD) operations. With a robust login system and access control mechanisms based on user roles, InstiMaster ensures secure operations. Security features include protection against potential attacks such as Cross-Site Scripting (XSS) through the implementation of security tools like JSON Web Token (JWT), Cross-Site Request Forgery (CSRF), and Cross-Origin Resource Sharing (CORS). The application seamlessly integrates with PostgreSQL 16 as its backend database.
-
GetCSRF
- Endpoint:
/getCSRF - Description: Retrieves the CSRF token for secure transactions.
- Endpoint:
-
CreateUser
- Endpoint:
/createUser - Description: Creates a new user account.
- Endpoint:
-
Login
- Endpoint:
/login - Description: Handles user login, providing a JWT for user context. Raises a UserNotFoundException if the user is not found.
- Endpoint:
-
CreateInstitute
- Endpoint:
/createInstitute - Description: Adds a new institute to the database.
- Endpoint:
-
GetInstitutes
- Endpoint:
/getInstitutes - Description: Retrieves a list of all institutes from the database.
- Endpoint:
-
GetInstituteById
- Endpoint:
/getInstituteById/{id} - Description: Retrieves detailed information about an institute based on its ID.
- Endpoint:
-
UpdateInstitute
- Endpoint:
/updateInstitute/{id} - Description: Updates the details of an existing institute. Raises an InstituteNotFoundException if the institute is not found.
- Endpoint:
-
DeleteInstitute
- Endpoint:
/deleteInstitute/{id} - Description: Removes an institute from the database.
- Endpoint:
-
Java 17
- The required version for running the application.
-
Spring Boot 3.2.2
- A powerful framework for creating REST APIs.
-
Spring Web
- A component facilitating REST API creation.
-
Spring Security
- Ensures application security through the implementation of CSRF, JWT, and CORS.
-
PostgreSQL 16
- The chosen backend database for data storage.
-
SpringBoot Validation
- Ensures validation of input data.
-
Hibernate ORM
- Manages input validation and SQL manipulation.
-
Mockito, JUnit5
- Utilized for unit testing purposes.
-
Spring TestContainers
- A tool for facilitating integration tests.
-
Lombok
- A code generation tool enhancing code readability and maintainability.
-
OpenApi/Swagger
- Generates comprehensive API documentation.
-
Docker
- Enables containerization of the application, streamlining deployment.
-
Additional Dependencies
- GSON, Apache HttpClient, BeanUtils.
- Clone the Repository
git clone <repository_url>
- Navigate to the Project Directory
cd InstiMaster - Run docker compose
docker-compose up
The appThe application will be accessible upon the successful execution of the above steps. For detailed API documentation, refer to the Swagger documentation generated by the application.
Application URL: https://localhost:8080
Swagger Documentation URL: https://localhost:8080/swagger-ui/index.html#/
Note: Ensure that Docker and Docker Compose are installed on your machine before running the application.
Enhance the CSRF token configuration for improved security. Consider implementing additional measures such as:
-
Token Rotation: Implement a strategy for rotating CSRF tokens periodically to minimize the risk associated with token leakage or misuse.
-
Custom Headers: Consider using custom headers for CSRF tokens instead of relying solely on cookies. This can provide an extra layer of security against certain types of attacks.
Enable localization features to cater to a broader audience. This involves:
-
Internationalization (i18n): Implement internationalization support to allow the application to be presented in multiple languages. Utilize resource bundles or externalized messages for dynamic content.
-
Localization Settings: Provide user-specific localization settings, allowing users to choose their preferred language within the application.
Enhance the development environment and workflow by implementing the following practices:
-
Environment Configuration: Establish distinct configurations for development, testing, and production environments to ensure consistency and minimize issues during deployment.
-
Continuous Integration/Continuous Deployment (CI/CD): Implement CI/CD pipelines to automate testing and deployment processes, facilitating faster and more reliable releases.
-
Development Database Seeding: Develop a mechanism for easily seeding development databases with sample data to facilitate testing and development.
Optimize Swagger integration for better API documentation and usability:
-
Detailed Endpoint Descriptions: Enhance Swagger documentation with detailed descriptions, examples, and request/response models to provide comprehensive information about each API endpoint.
-
Grouping and Tagging: Group and tag API endpoints based on functionality or module, making it easier for users to navigate and understand the API structure.
-
Interactive Documentation: Incorporate interactive features into Swagger UI, allowing users to make API requests directly from the documentation for a more hands-on experience.
-
Security Definitions: Clearly define and document security requirements for each API endpoint, including authentication mechanisms, within the Swagger documentation.
-
Access Control via Proxy: We can create a User Proxy and then based on the roles that the user is having, we can restrict access to specific functionality.
By implementing these improvements, we can enhance the security, accessibility, and overall development experience of the InstiMaster application.