Contents

INTRODUCTION ......................................................................................................... 2
KEY FEATURES .......................................................................................................... 2
TECHNOLOGIES USED .............................................................................................. 2
GETTING STARTED .................................................................................................... 2
Prerequisites ............................................................................................................. 2
PROJECT STRUCTURE ................................................................................................... 2
Directory structure .................................................................................................... 2
Class and Method Overview ....................................................................................... 4
Naming Strategy..................................................................................................... 4
Entity Relation Diagram .......................................................................................... 4
Classes Overview ................................................................................................... 4
Method Overview ................................................................................................... 6
API Documentation ....................................................................................................... 7
Security ...................................................................................................................... 11
Authentication and Authorization ............................................................................. 11
Data Security .............................................................................................................. 11
Error Handling:............................................................................................................ 11
Error Messages: ....................................................................................................... 11
TESTING ..................................................................................................................... 12
Test Cases: ............................................................................................................. 12
Authentication Tests: ............................................................................................... 12
File Management Tests:............................................................................................ 13
Error Handling Tests: ................................................................................................ 13
Test Data: ................................................................................................................ 13
INTRODUCTION
The File Management System Backend is designed to provide a robust platform for
managing files through CRUD operations. This system is built using Spring Boot,
incorporating various technologies to ensure security, performance, and maintainability.

KEY FEATURES
• Create, Read, Update, and Delete (CRUD) operations for files.
• Secure authentication and authorization mechanisms.
• Integration with a relational database using Spring Data JPA.
• Logging and error handling for better maintainability.

TECHNOLOGIES USED
• Spring Boot: Framework for building Java-based enterprise applications.
• Spring Data JPA: Provides a convenient way to interact with a relational database.
• Spring Security: For implementing authentication and authorization.
• JUnit and Mockito: For unit and integration testing.
• Log back: Logging framework for capturing application logs.
• MySQL: For saving data.

GETTING STARTED
Prerequisites
• Java JDK 8 or later
• Maven
• Your preferred IDE (IntelliJ, Eclipse, etc.)

PROJECT STRUCTURE
Directory structure
The structure and naming of classes and directories must be stable for avoiding merge
request errors in git repository and misunderstanding between developer team members.
Structure is going to be developed as:
Components:

• Controllers: Handle incoming requests, manage the flow of data, and communicate
with the service layer.
• Data: Contains entities representing data models, data transfer objects (DTOs), and
database repositories.
• Exception Handling: Deals with error handling and custom exceptions.
• Mapper: Responsible for mapping data between different layers, such as mapping
DTOs to entities.
• Security: Manages security aspects, including authentication and authorization.
• Service: Implements business logic, with interfaces defining the contract between
the presentation and data layers.
• Util: Contains utility classes that provide common functionality across the
application.

Class and Method Overview

Naming Strategy
In accordance with established naming conventions and a structured approach, the
names of classes are derived from their corresponding database table names. The
following naming convention is adhered to:

Class Naming Format: <TableName(Singular)>Entity, <TableName(Singular)>Repository,

<TableName(Singular)>Service, etc.

Example: UserEntity, UserRepository, UserService.

This systematic approach ensures clarity and consistency in naming across the software
architecture.

Entity Relation Diagram

Classes Overview
The ERD illustrates the connections and associations between key entities, facilitating a
comprehensive understanding of the database structure.
Entity Classes

To facilitate interaction with the database, the software employs three main entity classes:

• UserEntity
• FolderEntity
• DocumentEntity

DTO Classes

DTO (Data Transfer Object) classes serve as an interface for seamless data exchange
between layers within the software architecture:

• UserDTO
• FolderDTO
• DocumentDTO
• LoginDTO

Repository Classes

Repository classes serve as the interface for database operations. The following repository
classes are employed:

• UserRepository
 • FolderRepository
• DocumentRepository

Service Classes

To orchestrate the interaction between repositories and implement business logic, service
classes are employed:

• UserService
• FolderService
• DocumentService

Controller Classes

For exposing functionalities through APIs, the software employs controller classes:

• UserController
• FolderController
• DocumentController

These classes collectively form a structured and modular system, aligning with best
practices in software design.

Method Overview
UserService:

• LoginDTO login (String email, String password): generates jwt bearer token for
authentication and authorization.
• Void register (UserDTO userDTO): registers user and saves data to database.

DocumentService:

• DocumentDTO getDocumentById (Long id): gets data of a document by ID.

• DocumentDTO addOrUpdateDocument (DocumentDTO documentDTO): adds or
document to database.
• Void deleteDocumentById (Long id): deletes document from database by ID.

FolderService:

• List<FolderDTO> getAllFoldersAndDocuments (): returns all folders and documents.

• FolderDTO addOrUpdateFolder (FolderDTO folderDTO): adds or updates folder in
database.
• deleteFolderById (Long id): deletes folder from database.
API Documentation
Base URL: http://localhost:8080

Endpoints:

1. Register
• Endpoint: /auth/register
• Method: POST
• Description: registering user
• Request Body:
{
“name”: name of the user,
“surname”: surname of the user,
“email”: email of the user,
“password”: password of the user,
“phoneNumber”: phone number of the user,
“username”: username of the user
}
Response: “204 No Content”
2. Login
• Endpoint: /auth/login
• Method: POST
• Description: logging in user
• Request Param:
String username, String password

Response:
{
“token”: Bearer token,
“userId”: id of the user
}

3. Get Document By ID
• Endpoint: /doc/document/{id}
• Method: GET
• Description: getting document by id
• Path variable:
 id: ID of the document

Response:
{
“id”: id of the document
“name”: name of the document,
“content”: content of the document
}

4. Add Document
• Endpoint: /doc/document
• Method: POST
• Description: adding document to database
• Request Body:
{
“name”: name of the document,
“content”: content of the document
}
Request Param:
id: ID of the parent folder.

Response:
{
“id”: id of the document
“name”: name of the document,
“content”: content of the document
}

5. Update Document
• Endpoint: /doc/document
• Method: PUT
• Description: updating document in database
• Request Body:
{
“id”: id of the document
“name”: name of the document,
“content”: content of the document
 }
Request Param:
id: ID of the parent folder.
Response:
{
“id”: id of the document
“name”: name of the document,
“content”: content of the document
}

6. Delete Document By ID
• Endpoint: /doc/document
• Method: Delete
• Description: deleting document from database
• Path variable:

Id: ID of the document needed to be deleted

Response: “204 No Content”

7. Get All Folders and Files

• Endpoint: /folder/folders
• Method: GET
• Description: getting all folders

Response:
[
{
“id”: id of the folder”,
“name”: name of the folder,
“childFolders”: its child folders,
“documents”: documents inside the folder (without content)
}
]

8. Add Folder
• Endpoint: /folder/folder
• Method: POST
• Description: adding folder to database
• Request Body:
{
“name”: name of the folder
}
Request Param:
folderId: ID of the parent folder, userId: ID of the user
Response:
{
“id”: id of the folder”,
“name”: name of the folder,
“childFolders”: its child folders,
“documents”: documents inside the folder (without content)

9. Update Folder
• Endpoint: /folder/folder
• Method: PUT
• Description: updating folder in database
• Request Body:
{
“id”: id of the folder”,
“name”: name of the folder,

}
Request Param:
folderId: ID of the parent folder, userId: ID of the user
Response:
{
“id”: id of the folder”,
“name”: name of the folder,
“childFolders”: its child folders,
“documents”: documents inside the folder (without content)

10. Delete Folder By ID

 • Endpoint: /folder/folder
• Method: DELETE
• Description: registering user
Path variable:
id: ID of the folder should be deleted.
Response: “204 No Content”

Security
Authentication and Authorization
The software employs a token-based authentication system for user access. Upon
successful login, users receive a JWT (JSON Web Token), which is then included in the
header of subsequent requests, which allow them to use the APIs that they have gained
access to.

Data Security
Sensitive data, such as user passwords, is securely hashed using industry-standard
encryption algorithms before storage, which further enhances data security.

Error Handling:
Error Messages:
The software provides meaningful error messages to facilitate troubleshooting. HTTP status
codes are used to indicate the nature of the issue, and additional details are included in the
response body.

1. HTTP status code 500:

• {
“error”: “Not Found Exception”,
“message”: “The requested data is not in the database.”

• {

“error”: “Data Parsing Exception”,

 “message”: “Error occurred while parsing data between DTO and
entity class object.”

• {

“error”: “JSON Parsing Exception”,

“message”: “Error occurred while parsing JSON from request body.”

2. HTTP status code 400:

• {
"error": "Invalid Request",
"message": "The request body is missing required parameters."

3. HTTP status code 401:

• {

"error": "Unauthorized",

"message": "Invalid or expired token. Please log in again."

TESTING
Test Cases:
The test suite includes both unit tests and integration tests to ensure the reliability and
correctness of the software. Test cases cover various scenarios related to authentication,
file management operations, error handling, and security.

Authentication Tests:
Test Case 1: Verify successful user registration.

Test Case 2: Validate user login and token generation.

Test Case 3: Ensure proper handling of invalid login credentials.

File Management Tests:
Test Case 4: Test the creation of a new document.

Test Case 5: Verify the retrieval of a document by ID.

Test Case 6: Test updating the details of an existing document.

Test Case 7: Test deletion of a document by ID.

Test Case 8: Verify the retrieval of all folders and documents.

Test Case 9: Test the creation of a new folder.

Test Case 10: Test updating the details of an existing folder.

Test Case 11: Test deletion of a folder by ID.

Error Handling Tests:

Test Case 12: Verify the correct error response for missing request parameters.

Test Case 13: Ensure proper handling of unauthorized access.

Test Case 14: Test the response for attempting to access non-existing data.

Test Case 15: Validate error response for invalid JSON in the request body.

Test Data:
For testing purposes, the system provides a set of sample data with predefined user
accounts, documents, and folders. The sample data includes various scenarios covering
different user roles and access permissions. Developers can use this data to simulate real-
world scenarios and verify the correct functioning of the software.

Test Environment: Java Version: JDK 17

Build Tool: Gradle

Testing Framework: JUnit and Mockito

Database: MySQL (Ensure the test database is properly configured and isolated for testing
purposes.)