total project restructure

.dockerignore

@@ -23,7 +23,6 @@ deploy/
 *.log
 
 # Environment files
-deploy/.env
 *.env
 
 # Documentation

.gitignore

@@ -31,5 +31,5 @@ build/
 
 ### VS Code ###
 .vscode/
-/deploy/.env
-.env
+.env
+deploy/.env

Dockerfile

@@ -9,6 +9,7 @@ FROM eclipse-temurin:21-jre-alpine
 WORKDIR /app
 COPY --from=build /app/target/*.jar app.jar
 COPY --from=build /app/src/main/resources/db/changelog /app/resources/db/changelog
+COPY --from=build /app/src/main/resources/templates /app/resources/templates
 
 EXPOSE 6091
 ENTRYPOINT ["java", "-jar", "app.jar"]

deploy/.env.example

@@ -4,23 +4,18 @@ DATASOURCE_USERNAME=commercifyapp
 DATASOURCE_PASSWORD=password123!
 STRIPE_SECRET_TEST_KEY=
 STRIPE_WEBHOOK_SECRET=
+STRIPE_WEBHOOK_ENDPOINT=https://<insert_host>/api/v2/payments/webhooks/stripe/callback
 JWT_SECRET_KEY=
 ADMIN_EMAIL=admin@commercify.app
-ADMIN_PASSWORD=commercifyadmin123!
+ADMIN_PASSWORD=admin
 MOBILEPAY_CLIENT_ID=
 MOBILEPAY_CLIENT_SECRET=
 MOBILEPAY_SUBSCRIPTION_KEY=
 MOBILEPAY_MERCHANT_ID=
-MOBILEPAY_API_URL=https://apitest.vipps.no
+MOBILEPAY_API_URL=
 MOBILEPAY_SYSTEM_NAME=Commercify
-# used for outgoing emails
-MAIL_HOST=smtp.gmail.com
-MAIL_PORT=587
+MOBILEPAY_WEBHOOK_CALLBACK=https://<insert_host>/api/v2/payments/webhooks/mobilepay/callback
 MAIL_USERNAME=
 MAIL_PASSWORD=
-# used for email confirmation token (WIP)
-FRONTEND_URL=http://localhost:3000
-# The email address that will receive new order notifications emails
-ORDER_EMAIL_RECEIVER=
-# used for mobilepay webhook callback
-BACKEND_HOST=
+MAIL_HOST=smtp.ethereal.email
+MAIL_PORT=587

deploy/docker-compose.yml

@@ -29,6 +29,8 @@ services:
       - SPRING_DATASOURCE_URL=${DATASOURCE_URL}
       - SPRING_DATASOURCE_USERNAME=${DATASOURCE_USERNAME}
       - SPRING_DATASOURCE_PASSWORD=${DATASOURCE_PASSWORD}
+      - STRIPE_SECRET_TEST_KEY=${STRIPE_SECRET_TEST_KEY}
+      - STRIPE_WEBHOOK_SECRET=${STRIPE_WEBHOOK_SECRET}
       - JWT_SECRET_KEY=${JWT_SECRET_KEY}
       - ADMIN_EMAIL=${ADMIN_EMAIL}
       - ADMIN_PASSWORD=${ADMIN_PASSWORD}
@@ -38,15 +40,11 @@ services:
       - MOBILEPAY_SUBSCRIPTION_KEY=${MOBILEPAY_SUBSCRIPTION_KEY}
       - MOBILEPAY_API_URL=${MOBILEPAY_API_URL}
       - MOBILEPAY_SYSTEM_NAME=${MOBILEPAY_SYSTEM_NAME}
-      - STRIPE_SECRET_TEST_KEY=${STRIPE_SECRET_TEST_KEY}
-      - STRIPE_WEBHOOK_SECRET=${STRIPE_WEBHOOK_SECRET}
-      - MAIL_USERNAME=${MAIL_USERNAME}
-      - MAIL_PASSWORD=${MAIL_PASSWORD}
+      - MOBILEPAY_WEBHOOK_CALLBACK=${MOBILEPAY_WEBHOOK_CALLBACK}
       - MAIL_HOST=${MAIL_HOST}
       - MAIL_PORT=${MAIL_PORT}
-      - ORDER_EMAIL_RECEIVER=${ORDER_EMAIL_RECEIVER}
-      - FRONTEND_URL=${FRONTEND_URL}
-      - BACKEND_HOST=${BACKEND_HOST}
+      - MAIL_USERNAME=${MAIL_USERNAME}
+      - MAIL_PASSWORD=${MAIL_PASSWORD}
     depends_on:
       mysql:
         condition: service_healthy

example.env

@@ -0,0 +1,20 @@
+DATASOURCE_URL=jdbc:mysql://localhost/commercifydb?createDatabaseIfNotExist=true
+DATASOURCE_USERNAME=
+DATASOURCE_PASSWORD=
+STRIPE_SECRET_TEST_KEY=
+STRIPE_WEBHOOK_SECRET=
+JWT_SECRET_KEY=7581e8477a88733917bc3b48f683a827935a492a0bd976a59429a72f28c71fd3
+ADMIN_EMAIL=<a valid email, order notification are sent here>
+ADMIN_PASSWORD=commercifyadmin123!
+ADMIN_ORDER_DASHBOARD=https://<admin dashboard>/admin/orders
+MOBILEPAY_CLIENT_ID=
+MOBILEPAY_CLIENT_SECRET=
+MOBILEPAY_SUBSCRIPTION_KEY=
+MOBILEPAY_MERCHANT_ID=
+MOBILEPAY_API_URL=
+MOBILEPAY_SYSTEM_NAME=
+MOBILEPAY_WEBHOOK_CALLBACK=https://<publicdomain>/api/v2/payments/webhooks/mobilepay/callback
+MAIL_HOST=smtp.gmail.com
+MAIL_PORT=
+MAIL_USERNAME=
+MAIL_PASSWORD=

pom.xml

@@ -102,7 +102,7 @@
         <dependency>
             <groupId>com.stripe</groupId>
             <artifactId>stripe-java</artifactId>
-            <version>26.11.0</version>
+            <version>28.3.0</version>
             <scope>compile</scope>
         </dependency>
         <dependency>
@@ -154,6 +154,10 @@
             <groupId>org.thymeleaf.extras</groupId>
             <artifactId>thymeleaf-extras-springsecurity6</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
     </dependencies>
 
     <build>
@@ -172,7 +176,28 @@
                     </excludes>
                 </configuration>
             </plugin>
+
+            <plugin>
+                <groupId>cz.habarta.typescript-generator</groupId>
+                <artifactId>typescript-generator-maven-plugin</artifactId>
+                <version>3.2.1263</version>
+                <executions>
+                    <execution>
+                        <id>generate</id>
+                        <goals>
+                            <goal>generate</goal>
+                        </goals>
+                        <phase>process-classes</phase>
+                    </execution>
+                </executions>
+                <configuration>
+                    <jsonLibrary>jackson2</jsonLibrary>
+                    <outputKind>module</outputKind>
+                    <classPatterns>
+                        <pattern>com.zenfulcode.commercify.api.**.dto.**</pattern>
+                    </classPatterns>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
-
 </project>

src/main/java/com/zenfulcode/commercify/commercify/CommercifyApplication.java → src/main/java/com/zenfulcode/commercify/CommercifyApplication.java

@@ -1,12 +1,18 @@
-package com.zenfulcode.commercify.commercify;
+package com.zenfulcode.commercify;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.web.client.RestTemplate;
 
 @SpringBootApplication
 public class CommercifyApplication {
     public static void main(String[] args) {
         SpringApplication.run(CommercifyApplication.class, args);
     }
-}
 
+    @Bean
+    public RestTemplate restTemplate() {
+        return new RestTemplate();
+    }
+}

src/main/java/com/zenfulcode/commercify/api/auth/AuthController.java

@@ -0,0 +1,82 @@
+package com.zenfulcode.commercify.api.auth;
+
+import com.zenfulcode.commercify.api.auth.dto.request.LoginRequest;
+import com.zenfulcode.commercify.api.auth.dto.request.RefreshTokenRequest;
+import com.zenfulcode.commercify.api.auth.dto.request.RegisterRequest;
+import com.zenfulcode.commercify.api.auth.dto.response.AuthResponse;
+import com.zenfulcode.commercify.api.auth.dto.response.NextAuthResponse;
+import com.zenfulcode.commercify.auth.application.service.AuthenticationApplicationService;
+import com.zenfulcode.commercify.auth.application.service.AuthenticationResult;
+import com.zenfulcode.commercify.auth.domain.exception.InvalidAuthenticationException;
+import com.zenfulcode.commercify.auth.domain.model.AuthenticatedUser;
+import com.zenfulcode.commercify.shared.interfaces.ApiResponse;
+import com.zenfulcode.commercify.user.application.service.UserApplicationService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+@Slf4j
+@RestController
+@RequestMapping("/api/v2/auth")
+@RequiredArgsConstructor
+public class AuthController {
+    private final AuthenticationApplicationService authService;
+    private final UserApplicationService userService;
+
+    @PostMapping("/nextauth")
+    public ResponseEntity<ApiResponse<NextAuthResponse>> nextAuthSignIn(@RequestBody LoginRequest request) {
+        log.info("Next auth request: {}", request);
+
+        // Authenticate through the application service
+        AuthenticationResult result = authService.authenticate(request.toCommand());
+
+        // Create and return the NextAuth response
+        return ResponseEntity.ok(ApiResponse.success(NextAuthResponse.from(result)));
+    }
+
+    @GetMapping("/session")
+    public ResponseEntity<ApiResponse<NextAuthResponse>> validateSession(@RequestHeader("Authorization") String authHeader) {
+        try {
+            // Extract token using a domain service method
+            String token = authService.extractTokenFromHeader(authHeader).orElseThrow(() -> new InvalidAuthenticationException("Invalid authorization header"));
+
+            // Validate token through the application service
+            AuthenticatedUser user = authService.validateAccessToken(token);
+
+            // Create and return the NextAuth session response
+            return ResponseEntity.ok(ApiResponse.success(NextAuthResponse.fromUser(user)));
+        } catch (InvalidAuthenticationException e) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+        }
+    }
+
+    @PostMapping("/signin")
+    public ResponseEntity<ApiResponse<AuthResponse>> login(@RequestBody LoginRequest request) {
+        AuthenticationResult result = authService.authenticate(request.toCommand());
+
+        AuthResponse response = AuthResponse.from(result);
+        return ResponseEntity.ok(ApiResponse.success(response));
+    }
+
+    @PostMapping("/signup")
+    public ResponseEntity<ApiResponse<AuthResponse>> register(@RequestBody RegisterRequest request) {
+
+        userService.registerUser(request.firstName(), request.lastName(), request.email(), request.password(), request.phone());
+
+        // Authenticate the newly registered user
+        AuthenticationResult result = authService.authenticate(new LoginRequest(request.email(), request.password(), false).toCommand());
+
+        AuthResponse response = AuthResponse.from(result);
+        return ResponseEntity.ok(ApiResponse.success(response));
+    }
+
+    @PostMapping("/refresh")
+    public ResponseEntity<ApiResponse<AuthResponse>> refreshToken(@RequestBody RefreshTokenRequest request) {
+
+        AuthenticationResult result = authService.refreshToken(request.refreshToken());
+        AuthResponse response = AuthResponse.from(result);
+        return ResponseEntity.ok(ApiResponse.success(response));
+    }
+}

src/main/java/com/zenfulcode/commercify/api/auth/dto/request/LoginRequest.java

@@ -0,0 +1,13 @@
+package com.zenfulcode.commercify.api.auth.dto.request;
+
+import com.zenfulcode.commercify.auth.application.command.LoginCommand;
+
+public record LoginRequest(
+        String email,
+        String password,
+        Boolean isGuest
+) {
+    public LoginCommand toCommand() {
+        return new LoginCommand(email, password, isGuest != null && isGuest);
+    }
+}

src/main/java/com/zenfulcode/commercify/api/auth/dto/request/RefreshTokenRequest.java

@@ -0,0 +1,6 @@
+package com.zenfulcode.commercify.api.auth.dto.request;
+
+public record RefreshTokenRequest(
+        String refreshToken
+) {
+}

src/main/java/com/zenfulcode/commercify/api/auth/dto/request/RegisterRequest.java

@@ -0,0 +1,10 @@
+package com.zenfulcode.commercify.api.auth.dto.request;
+
+public record RegisterRequest(
+        String firstName,
+        String lastName,
+        String email,
+        String password,
+        String phone
+) {
+}

src/main/java/com/zenfulcode/commercify/api/auth/dto/response/AuthResponse.java

@@ -0,0 +1,33 @@
+package com.zenfulcode.commercify.api.auth.dto.response;
+
+import com.zenfulcode.commercify.auth.application.service.AuthenticationResult;
+import com.zenfulcode.commercify.auth.domain.model.UserRole;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+
+public record AuthResponse(
+        String accessToken,
+        String refreshToken,
+        String tokenType,
+        String userId,
+        String username,
+        String email,
+        Set<String> roles
+) {
+    public static AuthResponse from(AuthenticationResult result) {
+        Set<String> roles = result.user().getRoles().stream()
+                .map(UserRole::name)
+                .collect(Collectors.toSet());
+
+        return new AuthResponse(
+                result.accessToken(),
+                result.refreshToken(),
+                "Bearer",
+                result.user().getUserId().toString(),
+                result.user().getUsername(),
+                result.user().getEmail(),
+                roles
+        );
+    }
+}

src/main/java/com/zenfulcode/commercify/api/auth/dto/response/NextAuthResponse.java

@@ -0,0 +1,39 @@
+package com.zenfulcode.commercify.api.auth.dto.response;
+
+import com.zenfulcode.commercify.auth.application.service.AuthenticationResult;
+import com.zenfulcode.commercify.auth.domain.model.AuthenticatedUser;
+import com.zenfulcode.commercify.auth.domain.model.UserRole;
+
+import java.util.Set;
+
+public record NextAuthResponse(
+        String id,
+        String name,
+        String email,
+        String accessToken,
+        String refreshToken,
+        Set<UserRole> roles
+) {
+    public static NextAuthResponse from(AuthenticationResult result) {
+        AuthenticatedUser user = result.user();
+        return new NextAuthResponse(
+                user.getUserId().toString(),
+                user.getUsername(),
+                user.getEmail(),
+                result.accessToken(),
+                result.refreshToken(),
+                user.getRoles()
+        );
+    }
+
+    public static NextAuthResponse fromUser(AuthenticatedUser user) {
+        return new NextAuthResponse(
+                user.getUserId().toString(),
+                user.getUsername(),
+                user.getEmail(),
+                null,
+                null,
+                user.getRoles()
+        );
+    }
+}