Lets-Play REST API

Secure, scalable CRUD operations with MongoDB persistence

---

📑 Contents

• Overview
• Architecture
• API Endpoints
• Authentication
• Getting Started
• Configuration
• Security Features
• Error Handling
• API Examples
• Development
• Contributing
• License
• Contact

🔍 Overview

Lets-Play REST API is a production-ready RESTFull service providing comprehensive user and product management. Built with Spring Boot and MongoDB, it enables high-performance CRUD operations with enterprise-grade security and JWT-based authentication.

Key Features:

• Full user management with role-based access control
• Product catalog with ownership tracking
• Token-based authentication using JWT
• Comprehensive error handling
• Rate limiting and CORS protection
• HTTPS and password encryption (BCrypt)

🏗 Architecture

The API follows a layered architecture:

                ┌─────────────────┐
┌─────────┐     │   Controllers   │     ┌──────────────┐
│ Client  │◄────┤                 ├────►│   Security   │
└─────────┘     └────────┬────────┘     │   Filters    │
                         ▼               └──────────────┘
                ┌─────────────────┐
                │    Services     │
                └────────┬────────┘
                         ▼
                ┌─────────────────┐     ┌──────────────┐
                │  Repositories   │◄────┤   MongoDB    │
                └─────────────────┘     └──────────────┘

Data Models

classDiagram
    User "1" -- "n" Product : Owns
    User : +String id
    User : +String name
    User : +String email
    User : +String password
    User : +String role
    Product : +String id
    Product : +String name
    Product : +String description
    Product : +Double price
    Product : +String userId

Loading

🔌 API Endpoints

User Management

Method	Endpoint	Description	Access
POST	/api/auth/register	Register new user	Public
POST	/api/auth/login	Authenticate user	Public
GET	/api/users	Get all users	Admin only
PUT	/api/users/{id}	Update user info	Admin or Self
DELETE	/api/users/{id}	Delete user	Admin or Self

Product Management

Method	Endpoint	Description	Access
GET	/api/products	List all products	Public
GET	/api/products/{id}	Get product by ID	Public
POST	/api/products	Create a product	Admin
PUT	/api/products/{id}	Update product	Admin or Owner
DELETE	/api/products/{id}	Delete product	Admin or Owner

🔐 Authentication

JWT-based authentication flow:

1. Login generates a token
2. Token structure:
   • Header: Algorithm & type
   • Payload: User ID, roles, expiration
   • Signature: Ensures integrity
3. Usage: Include in the header:

   Authorization: Bearer <token>

4. Expiration: Tokens are valid for 1 hour (configurable)

🚀 Getting Started

Prerequisites

• Java 17+
• MongoDB 5.0+
• Maven 3.8+

Installation

git clone https://learn.zone01dakar.sn/git/aliouniang/lets-play
cd lets-play
mvn clean package
java -jar target/lets-play.jar

Visit http://localhost:8080/api/

⚙️ Configuration

Use application.properties or environment variables:

# Server
server.port=8443
server.servlet.context-path=/api

# MongoDB
spring.data.mongodb.uri=${MONGODB_URI}
spring.data.mongodb.database=${DB_NAME}

# JWT
jwt.secret=${JWT_SECRET}
jwt.expiration=3,600,000 # 1 hour

# HTTPS
server.ssl.enabled=true
server.ssl.key-store=classpath:localhost.p12
server.ssl.key-store-password=${KEY_STORE_PASSWORD}
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=tomcat

🔒 Security Features

• BCrypt password hashing
• Input validation (anti-injection)
• HTTPS enforcement (prod)
• Role-based access control
• Rate limiting (100 req/min)
• CORS restrictions
• JWT-based session management

⚠️ Error Handling

Errors follow a standard format:

{
  "timestamp": "2023-05-14T15:32:18.456Z",
  "status": 400,
  "error": "Bad Request",
  "message": "Email address already in use",
  "path": "/api/auth/register"
}

Common Error Codes

Code	Description
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
409	Conflict (e.g., duplicate data)
422	Unprocessable Entity
429	Too Many Requests

📝 API Examples

Register

POST /api/auth/register
Content-Type: application/json

{
  "name": "John Doe",
  "email": "john@example.com",
  "password": "securePassword123"
}

Login

POST /api/auth/login
Content-Type: application/json

{
  "email": "john@example.com",
  "password": "securePassword123"
}

Create Product

POST /api/products
Authorization: Bearer 
Content-Type: application/json

{
  "name": "Premium Headphones",
  "description": "Noise cancelling bluetooth headphones",
  "price": 199.99
}

🛠 Development

Tech Stack

• Spring Boot 3.1.0
• MongoDB 6.0
• JWT Authentication
• Maven Build Tool

Project Structure

src/
├── main/
│   ├── java/com/yourcompany/api/
│   │   ├── config/
│   │   ├── controller/
│   │   ├── dto/
│   │   ├── exception/
│   │   ├── model/
│   │   ├── repository/
│   │   ├── security/
│   │   ├── service/
│   │   └── Application.java
│   └── resources/
│       ├── application.properties
│       └── logback.xml
└── test/

🤝 Contributing

1. Fork this repo
2. Create your branch: git checkout -b feature/feature-name
3. Commit your changes: git commit -m 'Add new feature'
4. Push your branch: git push origin feature/feature-name
5. Open a Pull Request

📄 License

Licensed under the MIT License.

📬 Contact

Built with ❤️ by Lino-Sn

• GitHub: @lino-smart
• Documentation: Spring Boot Reference Guide