This project is a backend for a blog application developed using Spring Boot. It incorporates Spring Security for authentication and authorization, utilizing JWT (JSON Web Tokens) for secure, stateless authentication. The application supports role-based access control, distinguishing between roles like ADMIN, MODERATOR and USER. It connects to a MySQL database by default but can also be configured to use an H2 in-memory database for development and testing purposes.

• RESTful API for managing blog posts, comments, and users.
• Secure user authentication using JWT.
• Role-based access control.
• Connection to MySQL and optional H2 database for easy testing.
• Comprehensive error handling and validation.

Before you can run this project, you will need:

• Java JDK 11 or later
• Maven 3.6 or later
• MySQL Server (Optional for production)

1. Install MySQL and start the MySQL service.

2. Create a database for the application:

   CREATE DATABASE blog_app;

3. Update src/main/resources/application.properties for MySQL:

   spring.datasource.url=jdbc:mysql://localhost:3306/blog_app
   spring.datasource.username=your_mysql_username
   spring.datasource.password=your_mysql_password

The application is configured to use MySQL in development. But H2 databases can also be easily implemented, you can access the H2 console at http://localhost:8080/h2-console with the JDBC URL set to jdbc:h2:mem:testdb.

Set your JWT secret and expiration time in src/main/resources/application.properties:

app.jwt.secret=your_secret_key
app.jwt.expiration-ms=86400000  # 24 hours

To run the application, use the following command from the root directory of the project:

mvn spring-boot:run

The following are the main endpoints provided by the blog application:

• POST /api/auth/signup - Register a new user.
• POST /api/auth/login - Authenticate a user and return a JWT.

• POST /api/home/posts - Create a new blog post (Admin and User).
• GET /api/home/posts - Retrieve all posts.

This application uses Spring Security to handle authentication and authorization. The security configuration is set up in com.example.blog.security.SecurityConfig. The configuration includes JWT authentication filter, which intercepts and processes the authentication token.