Skip to content

Authentication done backend complete scan the file qodana and i will proceed to frontend #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
BEASTSHRIRAM merged 3 commits into from
Jan 22, 2026
Merged

Authentication done backend complete scan the file qodana and i will proceed to frontend #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
805b768
Merge pull request #1 from BEASTSHRIRAM/qodana-automation-124503966
BEASTSHRIRAM Jan 21, 2026
8d388bd
Authentication done using Keycloak finally and synchronisation of key…
BEASTSHRIRAM Jan 22, 2026
abd4118
Aw:::Wq
BEASTSHRIRAM Jan 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .idea/compiler.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .idea/encodings.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions .idea/misc.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion beastxfit/src/main/java/com/fitness/beastxfit/dto/RegisterRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ public class RegisterRequest {
@NotBlank(message ="Email is required")
@Email(message ="Invalid email format")
private String email;

private String KeycloakId;
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The field name uses inconsistent casing. It's defined as "KeycloakId" with a capital 'K', which violates Java naming conventions where field names should start with a lowercase letter. Change this to "keycloakId" to follow standard Java conventions and maintain consistency with the User entity field naming.

Suggested change
private String KeycloakId;
private String keycloakId;

Copilot uses AI. Check for mistakes.
@NotBlank(message="Passsword is required")
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The validation message contains a typo. "Passsword" has three 's' characters instead of two. The message should read "Password is required".

Suggested change
@NotBlank(message="Passsword is required")
@NotBlank(message="Password is required")

Copilot uses AI. Check for mistakes.
@Size(min = 6,message = "password must have 6 characters ")
private String password;
Expand Down
2 changes: 1 addition & 1 deletion beastxfit/src/main/java/com/fitness/beastxfit/dto/UserResponse.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
package com.fitness.beastxfit.dto;

import com.fitness.beastxfit.model.UserRole;

Check warning on line 3 in beastxfit/src/main/java/com/fitness/beastxfit/dto/UserResponse.java

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Unused import 

Unused import `import com.fitness.beastxfit.model.UserRole;`
import jakarta.persistence.Column;

Check warning on line 4 in beastxfit/src/main/java/com/fitness/beastxfit/dto/UserResponse.java

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Unused import 

Unused import `import jakarta.persistence.Column;`
import jakarta.persistence.EnumType;

Check warning on line 5 in beastxfit/src/main/java/com/fitness/beastxfit/dto/UserResponse.java

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Unused import 

Unused import `import jakarta.persistence.EnumType;`
import jakarta.persistence.Enumerated;

Check warning on line 6 in beastxfit/src/main/java/com/fitness/beastxfit/dto/UserResponse.java

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Unused import 

Unused import `import jakarta.persistence.Enumerated;`
import lombok.Data;
import org.hibernate.annotations.CreationTimestamp;

Check warning on line 8 in beastxfit/src/main/java/com/fitness/beastxfit/dto/UserResponse.java

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Unused import 

Unused import `import org.hibernate.annotations.CreationTimestamp;`
import org.hibernate.annotations.UpdateTimestamp;

Check warning on line 9 in beastxfit/src/main/java/com/fitness/beastxfit/dto/UserResponse.java

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Unused import 

Unused import `import org.hibernate.annotations.UpdateTimestamp;`

import java.time.LocalDateTime;

@Data
public class UserResponse {
private String id;

private String keyCloakId;
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The field name uses inconsistent casing. It's defined as "keyCloakId" with a capital 'C' in the middle. This is inconsistent with the User entity field "keycloakId" (line 19 in User.java) and violates standard camelCase naming. Change to "keycloakId" for consistency.

Suggested change
private String keyCloakId;
private String keycloakId;

Copilot uses AI. Check for mistakes.
private String email;
private String password;
private String firstName;
Expand Down
2 changes: 2 additions & 0 deletions beastxfit/src/main/java/com/fitness/beastxfit/model/User.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ public class User {
@GeneratedValue(strategy = GenerationType.UUID)
private String id;

private String keycloakId;

@Column(unique = true)
private String email;

Expand Down
6 changes: 6 additions & 0 deletions beastxfit/src/main/java/com/fitness/beastxfit/repository/UserRepository.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
package com.fitness.beastxfit.repository;

import com.fitness.beastxfit.model.User;
import jakarta.validation.constraints.Email;

Check warning on line 4 in beastxfit/src/main/java/com/fitness/beastxfit/repository/UserRepository.java

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Unused import 

Unused import `import jakarta.validation.constraints.Email;`
import jakarta.validation.constraints.NotBlank;

Check warning on line 5 in beastxfit/src/main/java/com/fitness/beastxfit/repository/UserRepository.java

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Unused import 

Unused import `import jakarta.validation.constraints.NotBlank;`
Comment on lines +4 to +5
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unused imports are present. The @Email and @notblank constraint annotations are imported from jakarta.validation.constraints but are not used in the UserRepository interface. Remove these unused imports.

Suggested change
import jakarta.validation.constraints.Email;
import jakarta.validation.constraints.NotBlank;

Copilot uses AI. Check for mistakes.
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;

@Repository
public interface UserRepository extends JpaRepository<User, String> {
Boolean existsByEmail(String email);

Boolean existsByKeycloakId(String userId);

User findByEmail( String email);
}
17 changes: 15 additions & 2 deletions beastxfit/src/main/java/com/fitness/beastxfit/services/UserService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,19 +15,30 @@
private final UserRepository repository;
public UserResponse register(RegisterRequest request) {
if (repository.existsByEmail(request.getEmail())){
throw new RuntimeException(" Email already exist");
User existingUser =repository.findByEmail(request.getEmail());
UserResponse userResponse = new UserResponse();

Check notice on line 19 in beastxfit/src/main/java/com/fitness/beastxfit/services/UserService.java

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Duplicated code fragment 

Duplicated code
userResponse.setId(existingUser.getId());
userResponse.setPassword(existingUser.getPassword());
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The UserResponse includes a password field which creates a security vulnerability. Passwords should never be exposed in API responses. Remove the password field from the response object.

Copilot uses AI. Check for mistakes.
userResponse.setFirstName(existingUser.getFirstName());
userResponse.setLastName(existingUser.getLastName());
userResponse.setEmail(existingUser.getEmail());
userResponse.setCreatedAt(existingUser.getCreatedAt());
userResponse.setUpdatedAt(existingUser.getUpdatedAt());
return userResponse;
Comment on lines 17 to +27
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The register method returns the existing user including their password when the email already exists, instead of throwing an error. This is problematic because: 1) It exposes existing user data including passwords, which is a security risk. 2) It changes the semantic meaning of "register" - registration should fail if a user already exists. 3) This behavior is inconsistent with typical registration flows. Consider either throwing an exception with a clear message that the email is already registered, or if this is intentional sync behavior, rename the method and ensure passwords are not returned.

Copilot uses AI. Check for mistakes.
}

User user=new User();
user.setEmail(request.getEmail());
user.setKeycloakId(request.getKeycloakId());
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The getKeycloakId() method is being called but the field name in RegisterRequest is defined as "KeycloakId" with a capital 'K'. Lombok will generate the getter as getKeycloakId() based on proper Java bean conventions, which should work. However, this relies on Lombok's correction of the improper field name. Fix the field name to "keycloakId" in RegisterRequest.java to avoid potential issues.

Copilot uses AI. Check for mistakes.
user.setFirstName(request.getFirstName());
user.setLastName(request.getLastName());
user.setPassword((request.getPassword()));

User savedUser =repository.save(user);
UserResponse userResponse = new UserResponse();

Check notice on line 38 in beastxfit/src/main/java/com/fitness/beastxfit/services/UserService.java

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Method can be extracted 

It's possible to extract method returning 'userResponse' from a long surrounding method
userResponse.setId(savedUser.getId());
userResponse.setPassword(savedUser.getPassword());
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The UserResponse includes a password field which creates a security vulnerability. Passwords should never be exposed in API responses. Remove the password field from the response object.

Copilot uses AI. Check for mistakes.
userResponse.setKeyCloakId(savedUser.getKeycloakId());
Copy link

Copilot AI Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The setKeyCloakId() method is being called but the UserResponse field is defined as "keyCloakId" with non-standard casing. While Lombok will generate setKeyCloakId() matching the field name, this is inconsistent with the User entity which uses "keycloakId". Standardize the field name to "keycloakId" throughout the codebase.

Suggested change
userResponse.setKeyCloakId(savedUser.getKeycloakId());
userResponse.setKeycloakId(savedUser.getKeycloakId());

Copilot uses AI. Check for mistakes.
userResponse.setFirstName(savedUser.getFirstName());
userResponse.setLastName(savedUser.getLastName());
userResponse.setEmail(savedUser.getEmail());
Expand All @@ -52,6 +63,8 @@

public Boolean existByUserId(String userId) {
log.info("Calling User service for {}",userId);
return repository.existsById(userId);
return repository.existsByKeycloakId(userId);
}


}
1 change: 0 additions & 1 deletion configserver/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,10 @@
<spring-cloud.version>2025.0.1</spring-cloud.version>
</properties>
<dependencies>
<dependency>

Check notice on line 34 in configserver/pom.xml

View workflow job for this annotation

GitHub Actions / Qodana for JVM

Vulnerable declared dependency 

Provides transitive vulnerable dependency maven:net.i2p.crypto:eddsa:0.3.0

* [CVE-2020-36843](https://www.mend.io/vulnerability-database/CVE-2020-36843?utm_source=JetBrains) 4.3 Insufficient Information

Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency>

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
Expand Down
34 changes: 34 additions & 0 deletions configserver/src/main/resources/config/gateway-service.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
eureka:
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka/

spring:
application:
name: gateway-service
security:
oauth2:
resourceserver:
jwt:
jwk-set-uri: http://localhost:8181/realms/fitness/protocol/openid-connect/certs

cloud:
gateway:
routes:
- id: beastxfit
uri: lb://BEASTXFIT
predicates:
- Path=/api/users/**

- id: activity-service
uri: lb://ACTIVITY-SERVICE
predicates:
- Path=/api/activities/**

- id: ai-service
uri: lb://AI-SERVICE
predicates:
- Path=/api/recommendations/**

server:
port: 8080
2 changes: 2 additions & 0 deletions gateway/.gitattributes
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
/mvnw text eol=lf
*.cmd text eol=crlf
33 changes: 33 additions & 0 deletions gateway/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
HELP.md
target/
.mvn/wrapper/maven-wrapper.jar
!**/src/main/**/target/
!**/src/test/**/target/

### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache

### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr

### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
build/
!**/src/main/**/build/
!**/src/test/**/build/

### VS Code ###
.vscode/
3 changes: 3 additions & 0 deletions gateway/.mvn/wrapper/maven-wrapper.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
wrapperVersion=3.3.4
distributionType=only-script
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.12/apache-maven-3.9.12-bin.zip
Loading
Loading