Employee Task & Incident Management System β Clean REST API built with Spring Boot 3, JWT Authentication, and PostgreSQL.
TaskFlow API is a backend system for managing tasks and operational incidents within an organization. It demonstrates Spring Boot development practices including layered architecture, JWT security, JPA auditing, dynamic querying, and containerized deployment.
Built to showcase:
- Clean, maintainable Spring Boot architecture.
- Stateless JWT-based authentication with role-based access control (RBAC).
- Production patterns: global exception handling, API response wrapping, and entity auditing.
- DevOps-ready deployment using Docker, Docker Compose, and CI/CD pipelines via GitHub Actions.
git clone https://github.com/joel8779/taskflow-api.git
cd taskflow-api
cp .env.example .env
docker-compose up --buildAPI is live at: http://localhost:8080
Swagger UI: http://localhost:8080/swagger-ui.html
src/main/java/com/taskflow/api/
βββ controller/ # REST controllers β HTTP layer only
β βββ AuthController # POST /auth/register, /auth/login
β βββ TaskController # Full CRUD + dashboard stats
β βββ CommentController # Comments & history endpoints
β βββ UserController # User management
βββ service/ # Business logic layer (interfaces + impls)
β βββ AuthService
β βββ TaskService
β βββ CommentService
βββ repository/ # Spring Data JPA repositories + Specifications
βββ entity/ # JPA entities with audit fields
β βββ BaseEntity # createdAt, updatedAt, createdBy, updatedBy
β βββ User
β βββ Task
β βββ Comment
β βββ TaskHistory
βββ dto/
β βββ request/ # Validated inbound DTOs
β βββ response/ # Outbound DTOs (ApiResponse<T> wrapper)
βββ security/ # JWT filter, utils, UserPrincipal
βββ config/ # SecurityConfig, OpenApiConfig, AuditConfig
βββ exception/ # Global exception handler + custom exceptions
βββ util/ # MapperUtil (entity β DTO)
All protected endpoints require a JWT Bearer token:
Authorization: Bearer <your-jwt-token>Roles:
| Role | Capabilities |
|---|---|
| ADMIN | Full access β delete tasks, manage users, modify roles, view all data. |
| USER | Create/update tasks, comment, view assigned work. |
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/auth/register |
Register new user account. |
| POST | /api/v1/auth/login |
Authenticate and receive JWT token. |
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /api/v1/tasks |
β | List tasks (paginated, filterable). |
| POST | /api/v1/tasks |
β | Create new task or incident. |
| GET | /api/v1/tasks/{id} |
β | Get task details. |
| PUT | /api/v1/tasks/{id} |
β | Full update of task contents. |
| PATCH | /api/v1/tasks/{id}/status |
β | Status transition check. |
| DELETE | /api/v1/tasks/{id} |
π ADMIN | Delete task from records. |
| GET | /api/v1/tasks/dashboard/stats |
β | Aggregated task dashboard statistics. |
?status=OPEN&priority=HIGH&type=INCIDENT&assigneeId=3&search=login&page=0&size=20&sort=createdAt,desc
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/tasks/{id}/comments |
Add new comment. |
| GET | /api/v1/tasks/{id}/comments |
Get comments list (paginated). |
| DELETE | /api/v1/tasks/comments/{id} |
Delete a comment. |
| GET | /api/v1/tasks/{id}/history |
Retrieve full field-level audit trail. |
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /api/v1/users/me |
β | Current user profile. |
| GET | /api/v1/users |
π ADMIN | Get all users list. |
| PATCH | /api/v1/users/{id}/role |
π ADMIN | Change user role privileges. |
User (1) ββ< Task (reporter/assignee)
Task (1) ββ< Comment
Task (1) ββ< TaskHistory (audit trail)
- Task States:
OPEN β IN_PROGRESS β UNDER_REVIEW β RESOLVED β CLOSED - Priority Levels:
LOW | MEDIUM | HIGH | CRITICAL - Task Types:
TASK | INCIDENT | BUG | FEATURE
| Layer | Technology | Description |
|---|---|---|
| Language | Java 17 | Core programming runtime. |
| Framework | Spring Boot 3.2.3 | Layered backend routing context. |
| Security | Spring Security + JWT | Header token checking via jjwt library. |
| Persistence | Spring Data JPA + Hibernate | Mappings to relational database tables. |
| Database | PostgreSQL 16 | Production-grade datastore. |
| Documentation | SpringDoc OpenAPI 3 | Automatic endpoint swagger-ui documentation. |
| DevOps | Docker & Docker Compose | Multi-container environment settings. |
| CI/CD | GitHub Actions | Build validation workflows. |
- Java 17+ installed.
- Maven 3.8+ installed.
- PostgreSQL 14+ running.
- Create PostgreSQL database:
psql -U postgres -c "CREATE DATABASE taskflow_db;" psql -U postgres -c "CREATE USER taskflow_user WITH PASSWORD 'taskflow_pass';" psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE taskflow_db TO taskflow_user;"
- Run database seeds:
psql -U taskflow_user -d taskflow_db -f docs/schema.sql psql -U taskflow_user -d taskflow_db -f docs/data.sql
- Configure environment file:
cp .env.example .env # Edit .env with your local credentials - Start the Spring Boot application:
mvn spring-boot:run
# Execute all unit tests
mvn test
# Run build package verification
mvn verifyAll responses are wrapped in a consistent envelope:
{
"success": true,
"message": "Task created successfully",
"data": { ... },
"timestamp": "2026-06-03T10:30:00"
}- Stateless JWT Authentication: Removed server session state constraints to make backend nodes horizontally scalable.
- JPA Specification Pattern: Composable, type-safe dynamic queries without writing messy string concatenations.
- Global Exception Handling: Integrated standard ControllerAdvice handlers to keep controllers clean of try-catch blocks.
- JPA Auditing: Declared a base class containing auditing annotations to write creation and update timestamps automatically.
- Audit Logs: Change logs are recorded in a dedicated table to save full history records of task field modifications.
MIT License β see LICENSE for details.