A secure, role-based blogging platform backend built with Spring Boot. Features include JWT authentication, user role hierarchy, and full CRUD operations for posts, comments, and likes.

• Register & login with JWT authentication

• Secure password hashing using BCrypt

• Role-based access: VIEWER, AUTHOR, MOD, ADMIN

• Users can:

  • Create, update, delete their posts
  • Comment on and like posts
  • View posts, comments, and own data

• Moderators can delete any post or comment

• Admins can manage users (ban, delete, assign roles)

• Global exception handling with descriptive error messages

• Clean DTO ↔ Entity mapping using MapStruct

• Interactive Swagger UI for API testing and documentation

risspecct-blog-platform-backend/
├── Controllers/
├── Entities/
├── Dtos/
├── Services/
├── Repositories/
├── Filters/
├── Security/
├── Exceptions/
├── Mappers/
├── Enums/
├── postman/
├── src/main/resources/

• POST /register – Register new user
• POST /login – Authenticate and get JWT

• GET / – View own profile
• PUT / – Update own profile
• DELETE / – Delete own account
• GET /comments – Get own comments
• GET /all – (Admin) View all users

• POST / – (Author) Add post
• GET /{id} – View specific post
• PUT /{id} – (Author) Update own post
• DELETE /{id} – (Author) Delete own post
• GET /users/me/posts – View own posts
• GET /users/{userId}/posts – View posts by user

• POST / – Add comment
• GET / – Get all comments on a post
• GET /{id} – Get single comment
• PUT /{id} – Update own comment
• DELETE /{id} – Delete own comment

• POST /like – Like a post
• GET /likes – Get like count
• DELETE /like – Remove like

• PUT /users/roles/{userId} – Assign roles
• PUT /users/ban/{userId} – Ban/unban user
• DELETE /users/delete/{userId} – Delete user

• DELETE /delete/posts/{postId} – Delete any post
• DELETE /delete/comments/{commentId} – Delete any comment

• Stateless JWT authentication
• Role hierarchy: ADMIN > MOD > AUTHOR > VIEWER
• @PreAuthorize annotations on secured routes
• Custom exception handler for clean error responses

• Java 21
• Spring Boot 3.4+
• Spring Security
• Spring Data JPA (Hibernate)
• MySQL 8+
• JWT (jjwt)
• MapStruct
• Lombok

• Swagger UI: http://localhost:8080/swagger-ui/index.html
• OpenAPI JSON: http://localhost:8080/v3/api-docs
• Shortcut: Access via /docs redirect

Use the “Authorize” button and provide Bearer <JWT> to test secured endpoints.

• Java 21+
• Maven
• MySQL 8+

git clone https://github.com/your-username/risspecct-blog-platform-backend.git
cd risspecct-blog-platform-backend
cp src/main/resources/application.properties.example src/main/resources/application.properties
# edit DB and JWT settings in application.properties
./mvnw spring-boot:run

This project includes a comprehensive test suite for both the service and controller layers, using:

• JUnit 5
• Mockito
• Spring Security Test

All tests run against an in-memory H2 database, ensuring they are:

• Fast
• Isolated
• Do not affect your local MySQL data

@ExtendWith(MockitoExtension.class)
Used for service-layer testing to verify business logic without loading the Spring context.

@WebMvcTest
Used for controller-layer testing to verify:

• Security rules (@PreAuthorize)
• Role hierarchy
• Request validation (@Valid)
• Global exception handling

Located at: postman/blog-platform-api.postman_collection.json

1. Import into Postman
2. Use /users/login to retrieve a JWT
3. JWT auto-assigned to {{token}} for all requests

This project is licensed under the MIT License.

Pull requests are welcome. For major changes, please open an issue first to discuss what you’d like to change.