Social-media-platforms

• This is a backend apis spring boot source code for confession social media system.

• Front-end: Angular 14 https://github.com/lebronjamesuit/social-media-angular14

• username/password: user1 / user1password

Deployment:

• AWS Elastic Beanstalk currently does not offer built-in HTTPS support. To address this, I've configured an AWS Load Balancer (Application Load Balancer) to seamlessly route incoming requests to the EC2 Beanstalk environment, handling both HTTPS traffic on port 443 and HTTP on port 80.

• I decided for the backend system, I've implemented SSL/TLS decryption using a self-signed certificate.

  https://lbconfessionapis-2012569758.eu-west-2.elb.amazonaws.com/swagger-ui/index.html

Amazon RDS

Instance: db.t3.micro
PostgreSQL 15.3-R2  

Features

• LRU (Least Recently Used) cache implementation on access O(1), modify O(n)
• User registration and login with JWT authentication
• Asymmetric keysRSA 2048, private key and public key
• Password encryption using BCrypt
• Role-based authorization with Spring Security
• Customized access denied handling
• Logout mechanism revoke tokens
• Refresh token.
• Swagger-UI and Open API 3.0
• Async mail service
• Cross-Origin Resource Sharing (CORS) basic configure

Technologies

• Java 11+
• Spring Boot 3.0
• Spring Security 6.0
• JSON Web Tokens (JWT) - nimbusds jwt
• Mapstruct, Lombok
• Postgresql

Spring Security + Oauth 2 Client combination flow chart.

Token management

• JSON Web Tokens format in this project

• Access tokens remain valid for a short period, usually less than 15 minutes, in order to maintain security.
• Refresh tokens, on the other hand, stay active for a longer duration, typically around one month.
• The front-end application (angular web app) automatically initiates a request for a new access token as soon as the current one expires.

Authorization

1. So it starts with the Client sending a login request to the server.
2. The server checks the credentials provided by the user, if the credentials are right, it creates a JSON Web Token (JWT).
3. It responds with a success message (HTTP Status 200) and the JWT.
4. The client uses this JWT in all the subsequent requests to the user, it provides this JWT as an Authorization header with Bearer authentication scheme.
5. When the server, receives a request against a secured endpoint, it checks the JWT and validates whether the token is generated and signed by the server or not.
6. If the validation is successful, the server responds accordingly to the client.