Skip to content

Latest commit

 

History

History
85 lines (56 loc) · 3.59 KB

README.md

File metadata and controls

85 lines (56 loc) · 3.59 KB

D20-APP

A system allowing the rental of card games and trays without the need for an existing playroom in the city, where users can either make their own rental games and rent from other users. There's support for the following features:

  • Conventional email/username based registration with admin support
  • Conventional Login using Spring Security and generation of JWT token
  • Multiple device login and logout support
  • Support for password updation once logged in
  • Supports admin protected urls leveraging Spring security
  • Support to Add Games, Users, Ownerships and Loan (As Admin)
  • Support to Erase Games, Users, Ownerships and Loan (As Admin)
  • Conventional Gets for Games, Users, Ownerships and Loan

Swagger Docs

The project has been configured with a basic Swagger docket that exposes the commonly used API's along with the expected params. image image image image image


JWT

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

Spring Security and JWT Configuration

We will be configuring Spring Security and JWT for performing 2 operations-

  • Generating JWT — Expose a POST API with mapping /authenticate. On passing correct username and password it will generate a JSON Web Token(JWT)
  • Validating JWT — If user tries to access GET API with mapping /hello. It will allow access only if request has a valid JSON Web Token(JWT)

JSON Web Token Structure

A JWT consists of three parts separated by a dot.

header.payload.signature

The header consists of two different parts: the token type (in this case JWT), and the name of the hashing algorithm, HMAC SHA256 or RSA.

The payload contains what we call claims. Claims are entity attributes (in this case user) and metadata.

The signature verifies that the JWT sender is who they claim to be to ensure that the message has not changed during traffic. To create the signature, we use the Base64 encoded header, the Base64 encoded payload, and the algorithm specified in the header.


Access D20-APP

  1. Heroku Application

    You can run D20-app accessing the site -

    https://d20-app.herokuapp.com

Contribution

  • Please fork the project and adapt it to your use case.
  • Submit a pull request.
  • The project is in a nascent stage. As such any issues you find should be reported in the issues section.

Demo Screens

  1. Registering a user

image

  1. Logging in a valid user

image

  1. Logging in an invalid user

image

  1. Using the token in request Your Account info

image