feat: security refactor, UI improvements, and project setup#16
Merged
Conversation
Security/auth: - Refactor JWT handling: add role extraction from token, simplify JwtAuthenticationFilter - Consolidate frontend Auth.jsx + Login.jsx components - Update SecurityConfig, AuthController, UserService, UserRepository Backend cleanup: - Remove unused EmbeddingModelConfig, RepositoryConfig, SpringContextUtil - Expand DatabaseInitializer with seed data - Update build.gradle.kts dependencies Frontend: - ViewRecipe now fetches a single recipe by ID with full detail display - Navigation uses React Router Link instead of plain anchors - Update RecipeList, UserHome, AIRecipeCustomization, LiveCookingClasses Project setup: - Add .githooks/pre-commit hook - Add client/.env.example and application.properties.example - Add RecipeValidationTest, update BiteByteApplicationTests - Update README and .gitignore Co-authored-by: Cursor <cursoragent@cursor.com>
There was a problem hiding this comment.
Pull request overview
This PR refactors authentication/authorization (JWT + roles), improves the React UI/routing, streamlines backend configuration/cleanup, and adds project setup helpers (example env/config + git hooks) to make local development safer and more reproducible.
Changes:
- Refactor Spring Security/JWT to extract roles from tokens, simplify the auth filter, and align role naming (
ROLE_*+hasRole('USER')). - Expand backend initialization with seed data and remove unused configuration/util classes.
- Improve frontend navigation and recipe views (React Router
Link, recipe detail-by-id fetch, endpoint updates), plus add example env/config + pre-commit guardrails.
Reviewed changes
Copilot reviewed 30 out of 33 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| src/test/java/com/main/bitebyte/recipe/RecipeValidationTest.java | Adds basic unit coverage for Recipe defaults. |
| src/test/java/com/main/bitebyte/BiteByteApplicationTests.java | Simplifies context boot test after config removals. |
| src/main/resources/application.properties.example | Adds a safe template for local Spring configuration. |
| src/main/java/com/main/bitebyte/util/SpringContextUtil.java | Removes static Spring context access utility. |
| src/main/java/com/main/bitebyte/user/UserService.java | Builds authorities from stored roles using ROLE_ prefix. |
| src/main/java/com/main/bitebyte/user/UserRepository.java | Removes @PostConstruct collection creation logic. |
| src/main/java/com/main/bitebyte/user/AuthController.java | Switches JWT config injection to JwtConfig and includes roles claim. |
| src/main/java/com/main/bitebyte/security/SecurityConfig.java | Updates request authorization rules and makes CORS configurable. |
| src/main/java/com/main/bitebyte/security/JwtUtils.java | Adds token → authorities extraction via roles claim. |
| src/main/java/com/main/bitebyte/security/JwtConfig.java | Updates JWT expiration type to long. |
| src/main/java/com/main/bitebyte/security/JwtAuthenticationFilter.java | Simplifies filter to delegate token validation/parsing to JwtUtils. |
| src/main/java/com/main/bitebyte/recipe/RecipeController.java | Aligns method security role checks and updates recipe update fields. |
| src/main/java/com/main/bitebyte/common/RepositoryConfig.java | Removes unused Mongo repository config class. |
| src/main/java/com/main/bitebyte/common/EmbeddingModelConfig.java | Removes unused embedding model configuration. |
| src/main/java/com/main/bitebyte/common/DatabaseInitializer.java | Adds seed users/recipes/live-class data and conditional vector-store reset. |
| src/main/java/com/main/bitebyte/BiteByteApplication.java | Tightens @EnableMongoRepositories base packages. |
| src/main/java/com/main/bitebyte/ai/AIRecipeCustomizationController.java | Adds safer fallback when AI response parsing fails. |
| README.md | Updates setup/run documentation and endpoint table. |
| package-lock.json | Adds a new root lockfile (separate from client/). |
| client/src/components/ViewRecipe.jsx | Fetches/display a single recipe by route param id. |
| client/src/components/UserHome.jsx | Uses Link and hides live-classes routes outside dev env. |
| client/src/components/RecipeList.jsx | Updates endpoint and improves recipe list cards. |
| client/src/components/RecipeList.css | Adds prep-time CSS class (UI styling). |
| client/src/components/Navigation.jsx | Uses React Router Link instead of anchor tags. |
| client/src/components/Login.jsx | Removes legacy login component (consolidation). |
| client/src/components/LiveCookingClasses.jsx | Updates endpoint and adds loading/error states. |
| client/src/components/Auth.jsx | Removes legacy auth component (consolidation). |
| client/src/components/AIRecipeCustomization.jsx | Updates recipe fetch endpoint to /api/recipes/all. |
| client/src/App.jsx | Makes Axios base URL configurable via VITE_API_URL. |
| client/.env.example | Adds frontend env template (VITE_API_URL, VITE_APP_ENV). |
| build.gradle.kts | Simplifies dependencies and adds .vscode/.env loading for bootRun. |
| .gitignore | Improves local secrets ignoring and allows committing application.properties.example. |
| .githooks/pre-commit | Adds pre-commit guard to block committing local application properties. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| .requestMatchers("/api/auth/**", "/api/recipes/public", "/api/recipes").permitAll() | ||
| .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() | ||
| .requestMatchers("/api/auth/**").permitAll() | ||
| .requestMatchers(HttpMethod.GET, "/api/recipes/all").permitAll() |
Comment on lines
+83
to
+86
| if ("admin123".equals(adminPassword)) { | ||
| logger.warn("Admin user is being seeded with the default password. " + | ||
| "Set app.admin.password in application.properties for production."); | ||
| } |
| <p><strong>Tags:</strong> {recipe.tags.join(', ')}</p> | ||
| )} | ||
| <p><strong>Difficulty:</strong> {recipe.difficulty}/5</p> | ||
| <p><strong>Total time:</strong> {recipe.preparationTime}h | <strong>Cook time:</strong> {recipe.cookingTime} min | <strong>Serves:</strong> {recipe.servings}</p> |
Comment on lines
49
to
+53
| @Autowired | ||
| JwtUtils jwtUtils; | ||
|
|
||
| @Value("${jwt.expiration.ms}") | ||
| private long jwtExpirationMs; | ||
|
|
||
| @Value("${jwt.secret}") | ||
| private String jwtSecret; | ||
| @Autowired | ||
| JwtConfig jwtConfig; |
Owner
Author
|
LGTM |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security/auth:
Backend cleanup:
Frontend:
Project setup: