Skip to content

feat: security refactor, UI improvements, and project setup#16

Merged
rbola merged 1 commit into
mainfrom
feat/security-and-ui-improvements
Jun 4, 2026
Merged

feat: security refactor, UI improvements, and project setup#16
rbola merged 1 commit into
mainfrom
feat/security-and-ui-improvements

Conversation

@rbola

@rbola rbola commented Jun 4, 2026

Copy link
Copy Markdown
Owner

Security/auth:

  • Refactor JWT handling: add role extraction from token, simplify JwtAuthenticationFilter
  • Consolidate frontend Auth.jsx + Login.jsx components
  • Update SecurityConfig, AuthController, UserService, UserRepository

Backend cleanup:

  • Remove unused EmbeddingModelConfig, RepositoryConfig, SpringContextUtil
  • Expand DatabaseInitializer with seed data
  • Update build.gradle.kts dependencies

Frontend:

  • ViewRecipe now fetches a single recipe by ID with full detail display
  • Navigation uses React Router Link instead of plain anchors
  • Update RecipeList, UserHome, AIRecipeCustomization, LiveCookingClasses

Project setup:

  • Add .githooks/pre-commit hook
  • Add client/.env.example and application.properties.example
  • Add RecipeValidationTest, update BiteByteApplicationTests
  • Update README and .gitignore

Security/auth:
- Refactor JWT handling: add role extraction from token, simplify JwtAuthenticationFilter
- Consolidate frontend Auth.jsx + Login.jsx components
- Update SecurityConfig, AuthController, UserService, UserRepository

Backend cleanup:
- Remove unused EmbeddingModelConfig, RepositoryConfig, SpringContextUtil
- Expand DatabaseInitializer with seed data
- Update build.gradle.kts dependencies

Frontend:
- ViewRecipe now fetches a single recipe by ID with full detail display
- Navigation uses React Router Link instead of plain anchors
- Update RecipeList, UserHome, AIRecipeCustomization, LiveCookingClasses

Project setup:
- Add .githooks/pre-commit hook
- Add client/.env.example and application.properties.example
- Add RecipeValidationTest, update BiteByteApplicationTests
- Update README and .gitignore

Co-authored-by: Cursor <cursoragent@cursor.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors authentication/authorization (JWT + roles), improves the React UI/routing, streamlines backend configuration/cleanup, and adds project setup helpers (example env/config + git hooks) to make local development safer and more reproducible.

Changes:

  • Refactor Spring Security/JWT to extract roles from tokens, simplify the auth filter, and align role naming (ROLE_* + hasRole('USER')).
  • Expand backend initialization with seed data and remove unused configuration/util classes.
  • Improve frontend navigation and recipe views (React Router Link, recipe detail-by-id fetch, endpoint updates), plus add example env/config + pre-commit guardrails.

Reviewed changes

Copilot reviewed 30 out of 33 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
src/test/java/com/main/bitebyte/recipe/RecipeValidationTest.java Adds basic unit coverage for Recipe defaults.
src/test/java/com/main/bitebyte/BiteByteApplicationTests.java Simplifies context boot test after config removals.
src/main/resources/application.properties.example Adds a safe template for local Spring configuration.
src/main/java/com/main/bitebyte/util/SpringContextUtil.java Removes static Spring context access utility.
src/main/java/com/main/bitebyte/user/UserService.java Builds authorities from stored roles using ROLE_ prefix.
src/main/java/com/main/bitebyte/user/UserRepository.java Removes @PostConstruct collection creation logic.
src/main/java/com/main/bitebyte/user/AuthController.java Switches JWT config injection to JwtConfig and includes roles claim.
src/main/java/com/main/bitebyte/security/SecurityConfig.java Updates request authorization rules and makes CORS configurable.
src/main/java/com/main/bitebyte/security/JwtUtils.java Adds token → authorities extraction via roles claim.
src/main/java/com/main/bitebyte/security/JwtConfig.java Updates JWT expiration type to long.
src/main/java/com/main/bitebyte/security/JwtAuthenticationFilter.java Simplifies filter to delegate token validation/parsing to JwtUtils.
src/main/java/com/main/bitebyte/recipe/RecipeController.java Aligns method security role checks and updates recipe update fields.
src/main/java/com/main/bitebyte/common/RepositoryConfig.java Removes unused Mongo repository config class.
src/main/java/com/main/bitebyte/common/EmbeddingModelConfig.java Removes unused embedding model configuration.
src/main/java/com/main/bitebyte/common/DatabaseInitializer.java Adds seed users/recipes/live-class data and conditional vector-store reset.
src/main/java/com/main/bitebyte/BiteByteApplication.java Tightens @EnableMongoRepositories base packages.
src/main/java/com/main/bitebyte/ai/AIRecipeCustomizationController.java Adds safer fallback when AI response parsing fails.
README.md Updates setup/run documentation and endpoint table.
package-lock.json Adds a new root lockfile (separate from client/).
client/src/components/ViewRecipe.jsx Fetches/display a single recipe by route param id.
client/src/components/UserHome.jsx Uses Link and hides live-classes routes outside dev env.
client/src/components/RecipeList.jsx Updates endpoint and improves recipe list cards.
client/src/components/RecipeList.css Adds prep-time CSS class (UI styling).
client/src/components/Navigation.jsx Uses React Router Link instead of anchor tags.
client/src/components/Login.jsx Removes legacy login component (consolidation).
client/src/components/LiveCookingClasses.jsx Updates endpoint and adds loading/error states.
client/src/components/Auth.jsx Removes legacy auth component (consolidation).
client/src/components/AIRecipeCustomization.jsx Updates recipe fetch endpoint to /api/recipes/all.
client/src/App.jsx Makes Axios base URL configurable via VITE_API_URL.
client/.env.example Adds frontend env template (VITE_API_URL, VITE_APP_ENV).
build.gradle.kts Simplifies dependencies and adds .vscode/.env loading for bootRun.
.gitignore Improves local secrets ignoring and allows committing application.properties.example.
.githooks/pre-commit Adds pre-commit guard to block committing local application properties.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.requestMatchers("/api/auth/**", "/api/recipes/public", "/api/recipes").permitAll()
.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers("/api/auth/**").permitAll()
.requestMatchers(HttpMethod.GET, "/api/recipes/all").permitAll()
Comment on lines +83 to +86
if ("admin123".equals(adminPassword)) {
logger.warn("Admin user is being seeded with the default password. " +
"Set app.admin.password in application.properties for production.");
}
<p><strong>Tags:</strong> {recipe.tags.join(', ')}</p>
)}
<p><strong>Difficulty:</strong> {recipe.difficulty}/5</p>
<p><strong>Total time:</strong> {recipe.preparationTime}h &nbsp;|&nbsp; <strong>Cook time:</strong> {recipe.cookingTime} min &nbsp;|&nbsp; <strong>Serves:</strong> {recipe.servings}</p>
Comment on lines 49 to +53
@Autowired
JwtUtils jwtUtils;

@Value("${jwt.expiration.ms}")
private long jwtExpirationMs;

@Value("${jwt.secret}")
private String jwtSecret;
@Autowired
JwtConfig jwtConfig;
Comment thread src/main/java/com/main/bitebyte/recipe/RecipeController.java
@rbola

rbola commented Jun 4, 2026

Copy link
Copy Markdown
Owner Author

LGTM

@rbola rbola closed this Jun 4, 2026
@rbola rbola reopened this Jun 4, 2026
@rbola rbola merged commit c9d1085 into main Jun 4, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants