Added H2 as a test-scoped dependency so @DataJpaTest has an embedded
database. Rewrote the test to save an entity and assert on the returned
ID rather than assuming a record exists at ID=1.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
RateLimitFilter (OncePerRequestFilter) enforces 60 req/min per
authenticated Google ID or client IP, using Bucket4j in-memory
token buckets. Filter is registered after BearerTokenAuthenticationFilter
in the production security chain. Added 4 unit tests covering
allow, block, per-IP isolation, and X-Forwarded-For preference.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Added AuthenticatedUserResolver injection and assertSelf guard to
getUser, getUserByGoogleId, and deleteUser endpoints. createUser
remains open for registration. Added 7 controller tests covering
validation failures and 403 enforcement.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Introduced CategoryService to manage standard categories.
- Updated ExpenseListController to set default categories when creating an expense list.
- Modified ExpenseChangeRequest and ExpenseInput to include category field.
- Enhanced DataInitializer to ensure standard categories are initialized.
Cedric