Cedric/XpenselyServer
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases 5 Wiki Activity
100 Commits 2 Branches 5 Tags
40b8f45de80219478a22782788805cea3d597075
Commit Graph

100 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Cedric 40b8f45de8 ci: test with Java 21 runner image
Build and Deploy Spring Boot Server / build (push) Failing after 1m2s
Details
2026-05-10 22:15:16 +02:00
Cedric b221d07b48 ci: use ubuntu-java17 runner image, remove setup-java step
Build and Deploy Spring Boot Server / build (push) Failing after 2m22s
Details
2026-05-10 22:08:23 +02:00
Cedric 0e63b6e4e6 ci: fix mvnw executable permission
Build and Deploy Spring Boot Server / build (push) Has been cancelled
Details
2026-05-10 22:07:30 +02:00
Cedric 4a04c85fe8 ci: use Maven wrapper instead of mvn to fix command not found on Gitea runner
Build and Deploy Spring Boot Server / build (push) Failing after 4m43s
Details
2026-05-10 21:40:25 +02:00
Cedric b8e2c9114d chore: merge main into dev, keep clean docker-compose from main
Build and Deploy Spring Boot Server / build (push) Failing after 9m2s
Details
2026-05-10 21:29:11 +02:00
Cedric 0876eecf50 ci: improve dev pipeline with Dokploy webhook and Docker layer caching 2026-05-10 21:27:28 +02:00
Cedric 5549691d50 ci: test pipeline 2026-05-10 21:24:18 +02:00
Cedric 46c8df45d6 ci: test pipeline 2026-05-10 21:24:10 +02:00
Cedric 50d274f36a chore: resolve merge conflicts, keep Spring Boot 4.0.6 version 
Kept our version over remote (security hardening PR #12) for all conflicts:
- pom.xml: Spring Boot 4.0.6 vs 3.4.1, new test deps
- SecurityConfig: new csrf/package API for SB4
- GlobalExceptionHandler: full handler set with SLF4J logging
- AppUserController/ExpenseListController: clean delegation to GlobalExceptionHandler
- Test files: SB4 package paths, extra test coverage

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-10 20:29:49 +02:00
Cedric ba4f365f06 chore: merge feature/security-hardening into main 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-10 20:25:12 +02:00
Cedric a5e5824a44 docs: write recent changes section 2026-05-10 20:18:58 +02:00
Cedric 7189e4fb08 docs: write error handling section 2026-05-10 20:18:28 +02:00
Cedric 2782823c3d docs: write data models section 2026-05-10 20:17:55 +02:00
Cedric ddf64305a5 docs: write expense lists endpoint section 2026-05-10 20:17:22 +02:00
Cedric 2b84ed0de8 docs: write home and users endpoint sections 2026-05-10 20:14:22 +02:00
Cedric 18e740bb73 docs: write rate limiting section 2026-05-10 20:13:58 +02:00
Cedric 9b93cd97a6 docs: write authentication section 2026-05-09 23:56:14 +02:00
Cedric 8fb1820bc7 docs: write API overview section 2026-05-09 23:50:42 +02:00
Cedric 9c35bb8435 docs: scaffold API.md with section headings 2026-05-09 23:49:56 +02:00
Cedric 3d456f2f81 Bugfixes 2026-05-09 23:04:27 +02:00
Cedric b1324e3048 test: add jsonPath field assertions to create validation tests 2026-05-06 14:40:11 +02:00
Cedric 8b96433b1a feat: add CreateExpenseListRequest DTO with validation to POST /create endpoint 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-05 17:28:47 +02:00
Cedric 19c7e1915f security hardening (#12) 
Reviewed-on: #12
Co-authored-by: Cedric Hornberger <ceddi.hornberger@gmx.de>
Co-committed-by: Cedric Hornberger <ceddi.hornberger@gmx.de>
 2026-05-05 17:13:53 +02:00
Cedric f0de751da4 fix: centralise error handling in GlobalExceptionHandler, add SLF4J logging, remove HTTP 417 and e.printStackTrace() 
- Expand GlobalExceptionHandler with handlers for ResourceNotFoundException (404),
  UsernameAlreadyExistsException (409), ResponseStatusException (pass-through),
  RuntimeException (500), and generic Exception (500); add SLF4J logging
- Remove all bare try/catch blocks and e.printStackTrace() calls from
  ExpenseListController; add SLF4J logger field
- Add test: create_returns500_onUnexpectedServiceError

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-05 17:11:37 +02:00
Cedric 9b95741292 fix: add /docs/superpowers to .gitignore 2026-05-05 17:00:01 +02:00
Cedric 2bd229cc5e Remove docs from tracking 2026-05-05 16:59:35 +02:00
Cedric 797d482ebf fix: use ResourceNotFoundException for not-found cases in updateExpense, IllegalArgumentException for ownership mismatch in deleteCustomCategory 2026-05-05 16:55:01 +02:00
Cedric 906b60d264 fix: single-param JPQL queries, ResourceNotFoundException throughout ExpenseListService, remove addExpenseToList loop 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-05 16:40:31 +02:00
Cedric 68783cc892 fix: throw ResourceNotFoundException instead of returning null, replace full-table-scan list queries with JPQL 2026-05-05 15:20:46 +02:00
Cedric 9c91da9f30 test: fix ExpenseListRepositoryTest with H2 and proper save-then-find pattern 
Added H2 as a test-scoped dependency so @DataJpaTest has an embedded
database. Rewrote the test to save an entity and assert on the returned
ID rather than assuming a record exists at ID=1.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-05 11:23:51 +02:00
Cedric 024b3880e7 security: add per-user/IP rate limiting via Bucket4j 
RateLimitFilter (OncePerRequestFilter) enforces 60 req/min per
authenticated Google ID or client IP, using Bucket4j in-memory
token buckets. Filter is registered after BearerTokenAuthenticationFilter
in the production security chain. Added 4 unit tests covering
allow, block, per-IP isolation, and X-Forwarded-For preference.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-05 11:19:42 +02:00
Cedric 457efab452 security: enforce JWT-based authorization on AppUserController 
Added AuthenticatedUserResolver injection and assertSelf guard to
getUser, getUserByGoogleId, and deleteUser endpoints. createUser
remains open for registration. Added 7 controller tests covering
validation failures and 403 enforcement.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-05 11:13:05 +02:00
Cedric 95688e5111 test: add unit tests for AuthenticatedUserResolver 2026-05-05 10:03:35 +02:00
Cedric bb2a4d70b2 feat: add ExpenseListController validation and authorization tests 2026-05-04 22:46:29 +02:00
Cedric a948bca2fc feat: add GlobalExceptionHandler, @Valid to user creation, AuthenticatedUserResolver stub, and rewrite ExpenseListController with authorization 2026-05-04 22:44:37 +02:00
Cedric 3bea06fead feat: add Bean Validation annotations to request models 2026-05-04 22:36:20 +02:00
Cedric b7db35defe build: add spring-boot-starter-validation and bucket4j-core 2026-05-04 22:34:10 +02:00
Cedric efe84942ff docs: add security hardening implementation plan 
8-task TDD plan covering input validation, JWT-based authorization
enforcement, and Bucket4j rate limiting.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-04 22:22:54 +02:00
Cedric e3b8917bfc docs: add security hardening design spec 
Covers input validation, JWT-based authorization enforcement, and
per-user rate limiting via Bucket4j.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-04 21:58:20 +02:00
Cedric 229a6a8a43 docker-compose.yml aktualisiert 2026-03-04 15:16:11 +01:00
Cedric 76e878ff5c docker-compose.yml aktualisiert 2026-02-04 20:25:38 +01:00
Cedric 477a5c3c70 dockerfile aktualisiert 2026-02-04 15:31:16 +01:00
Cedric 7bac694357 docker-compose.yml aktualisiert 2026-02-04 15:29:55 +01:00
Cedric f8407db3ac docker-compose.yml aktualisiert 2026-02-04 15:27:51 +01:00
Cedric 374d91f0c9 dockerfile aktualisiert 2026-02-04 15:18:40 +01:00
Cedric 8f17e8d8a8 dockerfile aktualisiert 2026-02-04 15:15:53 +01:00
Cedric 8c8eccb35e dockerfile aktualisiert 2026-02-04 15:13:23 +01:00
Cedric 3656ccc941 dockerfile aktualisiert 2026-02-04 15:07:41 +01:00
Cedric e9851ffea4 dockerfile update 2026-02-04 15:05:44 +01:00
Cedric 38b5e0f740 Merge pull request 'Vps update' (#11) from Vps-new-infrastructure into main 
Reviewed-on: #11
 2026-02-04 14:56:13 +01:00