source: AGENTS.md@ c1798da

Last change on this file since c1798da was 447c39f, checked in by Andrej <asumanovski@…>, 2 weeks ago

Improved UI and small fixes

  • Property mode set to 100644
File size: 6.2 KB
Line 
1# AGENTS.md — Agent onboarding for Trekr
2
3Checklist for an AI coding agent when working in this repo
4- [ ] Understand architecture: `frontend` (Vite + React) talking to `backend` (Spring Boot REST API).
5- [ ] Know how to run & iterate locally (frontend dev server + backend JVM with env vars/.env).
6- [ ] Token & auth contract: JWT format, Authorization: Bearer header, token stored by frontend at `localStorage:authToken`.
7- [ ] Data & DB locations: `db-scripts/` (migrations, triggers, views) and JPA entities under `backend/src/main/java/com/trekr/backend/entity`.
8
9Quick summary (one-liner)
10Trekr is a split repo: a Vite React frontend (calls `/api/*`) and a Spring Boot backend (Java 17, Spring Data JPA, Spring Security with JWT). Backend loads a `.env`/`env` file before boot and expects DB and JWT secrets via environment properties.
11
12Essential files & places to read first
13- `backend/src/main/java/com/trekr/backend/BackendApplication.java` — .env loader behavior and how system properties are set.
14- `backend/src/main/resources/application.properties` — key runtime properties (datasource, `jwt.secret`, JPA settings).
15- `backend/src/main/java/com/trekr/backend/config/SecurityConfig.java` — top-level security rules and CORS dev origins (`http://localhost:5173`).
16- `backend/src/main/java/com/trekr/backend/service/JwtService.java` — exact JWT payload (subject = userId, claims: `username`, `email`) and token validity.
17- `backend/src/main/java/com/trekr/backend/security/JwtAuthenticationFilter.java` — how the backend extracts and validates the Bearer token.
18- `backend/src/main/java/com/trekr/backend/config/LegacyPasswordEncoder.java` — password rules: supports BCrypt (new) and plaintext (legacy seeds).
19- `backend/src/main/java/com/trekr/backend/controller/*` and `.../service/*` — canonical pattern: controllers are thin HTTP layers delegating to services; DTOs under `dto/`.
20- `frontend/src/api/axios.js` and `frontend/src/utils/authSession.js` — axios interceptors, where tokens are read/written, dev API base (`import.meta.env.VITE_API_BASE_URL`).
21- `db-scripts/` — migrations (`migrations/`), triggers and views—use these as source of truth for DB shape/constraints.
22
23Run / build / dev commands
24- Backend (preferred for local dev):
25 - Start with a .env or `env` file in repo root or `backend/` (see `BackendApplication` search order). Example env keys used: `SPRING_DATASOURCE_URL`, `SPRING_DATASOURCE_USERNAME`, `SPRING_DATASOURCE_PASSWORD`, `JWT_SECRET`.
26 - Dev run (from repo root):
27
28 cd backend && ./mvnw spring-boot:run
29
30 - Package and run jar:
31
32 cd backend && ./mvnw package
33 java -jar target/backend-0.0.1-SNAPSHOT.jar
34
35 - Run tests / compile:
36
37 cd backend && ./mvnw test
38
39- Frontend (Vite + npm):
40
41 cd frontend && npm install
42 npm run dev # runs at :5173 by default (frontend dev)
43 npm run build # production bundle
44
45Key runtime contracts & examples
46- API prefix: frontend uses `VITE_API_BASE_URL` default `http://localhost:8080/api` and axios attaches `Authorization: Bearer <token>` header (see `frontend/src/api/axios.js`).
47- Login flow: POST `/api/auth/login` returns `AuthResponse` (see `backend/src/main/java/com/trekr/backend/dto/auth/AuthResponse.java` and `AuthController`).
48- JWT payload (verify when issuing tokens): subject = userId, claims `username` and `email` (see `JwtService.generateToken`).
49- Token storage: frontend keys: `authToken` and `authUser` in localStorage (see `authSession.js`).
50
51Project-specific conventions & notable patterns
52- Layering: `controller` -> `service` -> `repository` (Spring Data JPA). DTOs are collected in `dto/<domain>` and entities are in `entity/<domain>`.
53- Legacy seed convenience: `LegacyPasswordEncoder` accepts plain-text seeded passwords (non-bcrypt). When changing auth/seed data be careful to preserve compatibility.
54- .env handling: Backend intentionally loads `.env` or `env` from several locations before Spring starts and sets values as system properties (so Spring `${...}` placeholders resolve). Put development env variables in repo root `.env` or `backend/.env`.
55- Database: the repo contains SQL migrations and helpers in `db-scripts/` (migrations, triggers, views). Treat these as authoritative when changing JPA mappings and ensure migrations remain in sync.
56- CORS: dev origins are explicitly whitelisted in `SecurityConfig` for the Vite dev server. If adding a different frontend origin add it there.
57
58Integration & dependency notes
59- JDBC: production target is PostgreSQL (dependency present in `pom.xml`), but tests use H2 (test scope). The default `application.properties` disables automatic DDL by default — change `SPRING_JPA_HIBERNATE_DDL_AUTO` if you need schema auto-update.
60- JWT implementation uses `io.jsonwebtoken` (jjwt); signing key comes from `jwt.secret` (env `JWT_SECRET` or `JWT_CONFIG_SECRET`). The code pads a dev fallback to 32+ chars if secret is missing.
61- Dotenv: the backend sets system properties using `io.github.cdimascio.dotenv.Dotenv` before Spring starts — do not rely on Spring's property loading only for dev overrides that the app expects early.
62
63Debugging tips for agents
64- If a token-authenticated endpoint returns 401 in dev, check:
65 1) the frontend `authToken` is present and not expired (`authSession.isTokenExpired`).
66 2) backend logs (Spring Security DEBUG is enabled in `application.properties`).
67 3) CORS origins if calling from the browser dev server.
68- To reproduce DB-related bugs locally, prefer running Postgres (set `SPRING_DATASOURCE_URL`) or temporarily set `SPRING_JPA_HIBERNATE_DDL_AUTO=update` for quick iteration (but be cautious with managed DBs).
69
70Where to look for more context
71- `backend/HELP.md` — general pointers and links to Spring docs.
72- `db-scripts/` — migration and trigger logic (useful for understanding computed columns and constraints).
73- `frontend/src/pages/*` and `frontend/src/api/*` — real call sites showing which backend endpoints are used.
74
75If you need to make changes
76- Prefer small edits in the pattern used: update DTOs + services + controllers; update SQL migrations when the schema changes; update `frontend/src/api/axios.js` and `VITE_API_BASE_URL` if changing API paths.
77
78Done: create this file at repo root as `AGENTS.md` to guide future agents.
79
Note: See TracBrowser for help on using the repository browser.