- Restricted public auth endpoints to only /login and /register in SecurityConfig
- Added contentLength header and improved error response in FileController download API
- Refactored JwtService to load secret key and expiration from application properties
- Improved signing key handling using Base64 decoding
- Updated RefreshTokenRepository with @Transactional @Modifying delete query
- Ensured proper refresh token cleanup with flush() in RefreshTokenService
- Annotated refresh token methods with @Transactional for consistency
- Changed file upload logic to:
- Generate random AES key per file
- Encrypt AES key using user's RSA public key
- Store encrypted AES key, IV, and salt in FileMetadata entity
- Changed file download logic to:
- Decrypt AES key using user's RSA private key (encrypted with password-derived AES)
- Use decrypted AES key and IV to decrypt file contents from HDFS
- Modified FileMetadata entity:
- Changed `encryptedKey` to @Lob byte[] to support large encrypted AES keys
- Updated User entity:
- Encrypted private RSA key with password-derived AES
- Stored associated salt and IV for decryption
- Updated AuthenticationService:
- Generate RSA keypair during sign-up
- Encrypt and store private key with AES (salt, IV)
- Create user folder in HDFS upon registration
- Updated FileService:
- Rewrote upload and download logic to support hybrid encryption
- Handled key wrapping and unwrapping securely
- Added logging for upload/download events
- Fixed FileController upload to remove password from endpoint
- Password now only required during download for private key decryption
- Updated EncryptionUtil and RSAKeyUtil:
- Added RSA OAEP support and helper methods
- Added AES key generation, encryption, decryption utilities
FILE UPLOAD AND ENCRYPTION WORKS! TESTED USING HEXDUMP.
- Replaced direct encryption logic in FileController with FileService delegation
- Added JWT-based username extraction in file operations
- Updated FileMetadata entity to include `uploadedAt` field and removed redundant getters/setters
- Refactored EncryptionUtil:
- Switched to AES-CBC with PBKDF2 key derivation
- Removed RSA-based encryption logic
- Added salt and IV generation helpers
- Changed JwtAuthenticationFilter to fetch user by username (not email)
- Renamed method in FileMetadataRepository to match new parameter order
FILE UPLOAD NOW WORKS! TESTED USING CURL.
- Implemented a new registration endpoint in AuthController to handle user sign-ups.
- Integrated AuthenticationService to save the user and create a corresponding HDFS directory for the user upon registration.
- Updated User entity to return the username instead of email in getUsername method.
- Updated pom.xml: removed redundant tags, grouped dependencies, added scopes, and upgraded plugins
- Enhanced RegisterUserDto with validation annotations and added missing fields (username, fullname)
- Updated User entity with builder constructor and removed redundant getters/setters
- Completed FileMetadata entity with Lombok and required setters/getters
- Improved HDFSConfig with correct annotation and clearer exception message
- Adjusted HTTP to HTTPS redirect port (8085 -> 8443)
- Allowed /actuator/** in SecurityConfig and disabled deprecated XSS protection
- Skipped JWT filter for /api/auth and /actuator paths
- Refactored AuthenticationService to use builder pattern and RSA key injection
- Fixed application.properties for static MySQL connection (removed ${MYSQL_PASSWORD})
- Added explicit getter/setter methods in User entity for use with service layer
- Implemented standard getters/setters in SignupRequest DTO
- Replaced incorrect imports from models.User to entity.User across services and repository
- Rewrote AuthController to inject all dependencies via constructor
- Fixed token refresh/login logic and added rate limiter and blacklist support
- Implemented getters in LoginRequest DTO
- Updated User model to implement UserDetails and extend entity.User
- Switched HDFScontroller to use entity.User instead of models.User
- Rewrote HDFSConfig to include static getHDFS() method and secure config via env vars
- Simplified JwtService, added overload for entity.User, and fixed key handling
- Enforced alphanumeric-only usernames using regex validation.
- Passwords must be >= 8 chars and checked against haveibeenpwned.com.
- Improved SignupRequest DTO with validation annotations.
- Implemented UserService to handle password validation and encoding.
SonaliChaudhari
Kshitij
