Merge pull request #16 from lumijiez/security_branch_fix_jwt_roles

Security branch fix jwt roles

pom.xml

@@ -48,6 +48,27 @@
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.11.5</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.11.5</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>0.11.5</version>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.20</version>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
     <build>
         <plugins>

src/main/java/com/faf223/expensetrackerfaf/config/ApplicationConfig.java

@@ -0,0 +1,47 @@
+package com.faf223.expensetrackerfaf.config;
+
+import com.faf223.expensetrackerfaf.repository.CredentialRepository;
+import com.faf223.expensetrackerfaf.repository.UserRepository;
+import com.faf223.expensetrackerfaf.security.PersonDetails;
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@RequiredArgsConstructor
+public class ApplicationConfig {
+
+    private final UserRepository userRepository;
+    private final CredentialRepository credentialRepository;
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+        return username -> new PersonDetails(credentialRepository.findByEmail(username).orElseThrow((() -> new UsernameNotFoundException("User not found"))));
+    }
+
+    @Bean
+    public AuthenticationProvider authenticationProvider() {
+        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
+        authProvider.setUserDetailsService(userDetailsService());
+        authProvider.setPasswordEncoder(passwordEncoder());
+        return authProvider;
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
+        return config.getAuthenticationManager();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}

src/main/java/com/faf223/expensetrackerfaf/config/JwtAuthenticationFilter.java

@@ -0,0 +1,57 @@
+package com.faf223.expensetrackerfaf.config;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.lang.NonNull;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+    private final JwtService jwtService;
+    private final UserDetailsService userDetailsService;
+
+    @Override
+    protected void doFilterInternal(
+            @NonNull HttpServletRequest request,
+            @NonNull HttpServletResponse response,
+            @NonNull FilterChain filterChain
+    ) throws ServletException, IOException {
+        if (request.getServletPath().contains("/api/v1/auth")) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        final String authHeader = request.getHeader("Authorization");
+        final String jwt;
+        final String userEmail;
+        if (authHeader == null || !authHeader.startsWith("Bearer ")) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        jwt = authHeader.substring(7);
+        userEmail = jwtService.extractUsername(jwt);
+        if (userEmail != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+            UserDetails userDetails = this.userDetailsService.loadUserByUsername(userEmail);
+            if (jwtService.isTokenValid(jwt, userDetails)) {
+                UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
+                        userDetails, null, userDetails.getAuthorities());
+                authToken.setDetails(new WebAuthenticationDetailsSource()
+                        .buildDetails(request));
+                SecurityContextHolder.getContext().setAuthentication(authToken);
+            }
+        }
+        filterChain.doFilter(request, response);
+    }
+}

src/main/java/com/faf223/expensetrackerfaf/config/JwtService.java

@@ -0,0 +1,85 @@
+package com.faf223.expensetrackerfaf.config;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Service;
+
+import java.security.Key;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+
+@Service
+public class JwtService {
+
+    @Value("${application.security.jwt.secret-key}")
+    private String secretKey;
+    @Value("${application.security.jwt.expiration}")
+    private long jwtExpiration;
+    @Value("${application.security.jwt.refresh-token.expiration}")
+    private long refreshExpiration;
+
+    public String extractUsername(String token) {
+        return extractClaim(token, Claims::getSubject);
+    }
+
+    public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
+        final Claims claims = extractAllClaims(token);
+        return claimsResolver.apply(claims);
+    }
+
+    public String generateToken(UserDetails userDetails) {
+        return generateToken(new HashMap<>(), userDetails);
+    }
+
+    public String generateToken(
+            Map<String, Object> extraClaims,
+            UserDetails userDetails
+    ) {
+        return buildToken(extraClaims, userDetails, jwtExpiration);
+    }
+
+    private String buildToken(Map<String, Object> extraClaims, UserDetails userDetails, long expiration) {
+        return Jwts
+                .builder()
+                .setClaims(extraClaims)
+                .setSubject(userDetails.getUsername())
+                .setIssuedAt(new Date(System.currentTimeMillis()))
+                .setExpiration(new Date(System.currentTimeMillis() + expiration))
+                .signWith(getSignInKey(), SignatureAlgorithm.HS256)
+                .compact();
+    }
+
+    public boolean isTokenValid(String token, UserDetails userDetails) {
+        final String username = extractUsername(token);
+        return (username.equals(userDetails.getUsername())) && !isTokenExpired(token);
+    }
+
+    private boolean isTokenExpired(String token) {
+        return extractExpiration(token).before(new Date());
+    }
+
+    private Date extractExpiration(String token) {
+        return extractClaim(token, Claims::getExpiration);
+    }
+
+    private Claims extractAllClaims(String token) {
+        return Jwts
+                .parserBuilder()
+                .setSigningKey(getSignInKey())
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+    }
+
+    private Key getSignInKey() {
+        byte[] keyBytes = Decoders.BASE64.decode(secretKey);
+        return Keys.hmacShaKeyFor(keyBytes);
+    }
+}

src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java

@@ -0,0 +1,36 @@
+package com.faf223.expensetrackerfaf.config;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfiguration {
+
+    private final JwtAuthenticationFilter jwtAuthFilter;
+    private final AuthenticationProvider authenticationProvider;
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(csrf -> csrf.disable())
+                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/api/v1/auth/**").permitAll()
+                        .requestMatchers("/expenses").hasRole("ADMIN")
+                        .anyRequest().authenticated()
+                )
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authenticationProvider(authenticationProvider)
+                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class); // will be executed before UsernamePasswordAuthenticationFilter
+
+        return http.build();
+    }
+}

src/main/java/com/faf223/expensetrackerfaf/controller/ExpenseController.java

@@ -5,6 +5,7 @@ import com.faf223.expensetrackerfaf.dto.ExpenseDTO;
 import com.faf223.expensetrackerfaf.dto.mappers.ExpenseMapper;
 import com.faf223.expensetrackerfaf.model.Expense;
 import com.faf223.expensetrackerfaf.service.ExpenseService;
+import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.validation.BindingResult;
@@ -15,17 +16,12 @@ import java.util.stream.Collectors;
 
 @RestController
 @RequestMapping("/expenses")
+@RequiredArgsConstructor
 public class ExpenseController {
 
     private final ExpenseService expenseService;
     private final ExpenseMapper expenseMapper;
 
-    @Autowired
-    public ExpenseController(ExpenseService expenseService, ExpenseMapper expenseMapper) {
-        this.expenseService = expenseService;
-        this.expenseMapper = expenseMapper;
-    }
-
     @GetMapping()
     public ResponseEntity<List<ExpenseDTO>> getAllExpenses() {
         List<ExpenseDTO> expenses = expenseService.getExpenses().stream().map(expenseMapper::toDto).collect(Collectors.toList());
@@ -35,7 +31,7 @@ public class ExpenseController {
 
     @PostMapping()
     public ResponseEntity<ExpenseDTO> createNewExpense(@RequestBody ExpenseCreationDTO expenseDTO,
-                         BindingResult bindingResult) {
+                                                       BindingResult bindingResult) {
         Expense expense = expenseMapper.toExpense(expenseDTO);
         if (!bindingResult.hasErrors()) {
             expenseService.createOrUpdateExpense(expense);
@@ -47,7 +43,7 @@ public class ExpenseController {
 
     @PatchMapping()
     public ResponseEntity<ExpenseDTO> updateExpense(@RequestBody ExpenseCreationDTO expenseDTO,
-                                                 BindingResult bindingResult) {
+                                                    BindingResult bindingResult) {
         Expense expense = expenseMapper.toExpense(expenseDTO);
         if (!bindingResult.hasErrors()) {
             expenseService.createOrUpdateExpense(expense);

src/main/java/com/faf223/expensetrackerfaf/controller/IncomeController.java

@@ -5,6 +5,7 @@ import com.faf223.expensetrackerfaf.dto.IncomeDTO;
 import com.faf223.expensetrackerfaf.dto.mappers.IncomeMapper;
 import com.faf223.expensetrackerfaf.model.Income;
 import com.faf223.expensetrackerfaf.service.IncomeService;
+import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.validation.BindingResult;
@@ -15,17 +16,12 @@ import java.util.stream.Collectors;
 
 @RestController
 @RequestMapping("/incomes")
+@RequiredArgsConstructor
 public class IncomeController {
 
     private final IncomeService incomeService;
     private final IncomeMapper incomeMapper;
 
-    @Autowired
-    public IncomeController(IncomeService incomeService, IncomeMapper incomeMapper) {
-        this.incomeService = incomeService;
-        this.incomeMapper = incomeMapper;
-    }
-
     @GetMapping()
     public ResponseEntity<List<IncomeDTO>> getAllIncomes() {
         List<IncomeDTO> incomes = incomeService.getIncomes().stream().map(incomeMapper::toDto).collect(Collectors.toList());
@@ -35,7 +31,7 @@ public class IncomeController {
 
     @PostMapping()
     public ResponseEntity<IncomeDTO> createNewIncome(@RequestBody IncomeCreationDTO incomeDTO,
-                                                    BindingResult bindingResult) {
+                                                     BindingResult bindingResult) {
         Income income = incomeMapper.toIncome(incomeDTO);
         if (!bindingResult.hasErrors()) {
             incomeService.createOrUpdateIncome(income);
@@ -47,7 +43,7 @@ public class IncomeController {
 
     @PatchMapping()
     public ResponseEntity<IncomeDTO> updateIncome(@RequestBody IncomeCreationDTO incomeDTO,
-                                                 BindingResult bindingResult) {
+                                                  BindingResult bindingResult) {
         Income income = incomeMapper.toIncome(incomeDTO);
         if (!bindingResult.hasErrors()) {
             incomeService.createOrUpdateIncome(income);

src/main/java/com/faf223/expensetrackerfaf/controller/UserController.java

@@ -5,37 +5,23 @@ import com.faf223.expensetrackerfaf.dto.UserDTO;
 import com.faf223.expensetrackerfaf.dto.mappers.UserMapper;
 import com.faf223.expensetrackerfaf.model.User;
 import com.faf223.expensetrackerfaf.service.UserService;
+import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
 
-import java.util.List;
-import java.util.stream.Collectors;
-
 @RestController
 @RequestMapping("/users")
+@RequiredArgsConstructor
 public class UserController {
 
     private final UserService userService;
     private final UserMapper userMapper;
 
-    @Autowired
-    public UserController(UserService userService, UserMapper userMapper) {
-        this.userService = userService;
-        this.userMapper = userMapper;
-    }
-
-    @GetMapping()
-    public ResponseEntity<List<UserDTO>> getAllUsers() {
-        List<UserDTO> users = userService.getUsers().stream().map(userMapper::toDto).collect(Collectors.toList());
-        if (!users.isEmpty()) return ResponseEntity.ok(users);
-        else return ResponseEntity.notFound().build();
-    }
-
     @PostMapping()
     public ResponseEntity<UserDTO> createNewUser(@RequestBody UserCreationDTO userDTO,
-                                                  BindingResult bindingResult) {
+                                                 BindingResult bindingResult) {
         User user = userMapper.toUser(userDTO);
         if (!bindingResult.hasErrors()) {
             userService.createOrUpdateUser(user);
@@ -47,7 +33,7 @@ public class UserController {
 
     @PatchMapping()
     public ResponseEntity<UserDTO> updateUser(@RequestBody UserCreationDTO userDTO,
-                                               BindingResult bindingResult) {
+                                              BindingResult bindingResult) {
         User user = userMapper.toUser(userDTO);
         if (!bindingResult.hasErrors()) {
             userService.createOrUpdateUser(user);

src/main/java/com/faf223/expensetrackerfaf/controller/auth/AuthenticationController.java

@@ -0,0 +1,26 @@
+package com.faf223.expensetrackerfaf.controller.auth;
+
+import com.faf223.expensetrackerfaf.service.AuthenticationService;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequestMapping("api/v1/auth")
+public class AuthenticationController {
+
+    private final AuthenticationService service;
+
+    public AuthenticationController(AuthenticationService service) {
+        this.service = service;
+    }
+
+    @PostMapping("/register")
+    public ResponseEntity<AuthenticationResponse> register(@RequestBody RegisterRequest request) {
+        return ResponseEntity.ok(service.register(request));
+    }
+
+    @PostMapping("/authenticate")
+    public ResponseEntity<AuthenticationResponse> authenticate(@RequestBody AuthenticationRequest request) {
+        return ResponseEntity.ok(service.authenticate(request));
+    }
+}

src/main/java/com/faf223/expensetrackerfaf/controller/auth/AuthenticationRequest.java

@@ -0,0 +1,16 @@
+package com.faf223.expensetrackerfaf.controller.auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class AuthenticationRequest {
+
+    private String email;
+    private String password;
+}

src/main/java/com/faf223/expensetrackerfaf/controller/auth/AuthenticationResponse.java

@@ -0,0 +1,15 @@
+package com.faf223.expensetrackerfaf.controller.auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class AuthenticationResponse {
+
+    private String token;
+}

src/main/java/com/faf223/expensetrackerfaf/controller/auth/RegisterRequest.java

@@ -0,0 +1,22 @@
+package com.faf223.expensetrackerfaf.controller.auth;
+
+
+import com.faf223.expensetrackerfaf.model.Role;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class RegisterRequest {
+
+    private String firstname;  // Change field name to match JSON
+    private String lastname;   // Change field name to match JSON
+    private String username;   // Change field name to match JSON
+    private String email;      // Change field name to match JSON
+    private String password;
+    private Role role;
+}

src/main/java/com/faf223/expensetrackerfaf/dto/UserCreationDTO.java

@@ -6,8 +6,10 @@ import lombok.Data;
 @Data
 @AllArgsConstructor
 public class UserCreationDTO {
-    private String uuid;
+  
-    private String name;
+    private String firstname;
-    private String surname;
+    private String lastname;
     private String username;
+    private String email;
+    private String password;
 }

src/main/java/com/faf223/expensetrackerfaf/dto/UserDTO.java

@@ -6,8 +6,9 @@ import lombok.Data;
 @Data
 @AllArgsConstructor
 public class UserDTO {
-    private String uuid;
+
     private String name;
     private String surname;
     private String username;
+
 }

src/main/java/com/faf223/expensetrackerfaf/dto/mappers/UserMapper.java

@@ -10,21 +10,16 @@ import org.springframework.stereotype.Component;
 @Component
 public class UserMapper {
 
-    private final UserService userService;
-
-    @Autowired
-    public UserMapper(UserService userService) {
-        this.userService = userService;
-    }
-
     public UserDTO toDto(User user) {
-        return new UserDTO(user.getUuid(), user.getName(), user.getSurname(), user.getUsername());
+        return new UserDTO(user.getFirstName(), user.getLastName(), user.getUsername());
     }
 
     public User toUser(UserCreationDTO userDTO) {
-        User user = userService.getUserById(userDTO.getUuid());
+      
-        if(user == null) return new User(userDTO.getUuid(), userDTO.getName(),
+        User user = new User();
-                userDTO.getSurname(), userDTO.getUsername());
+        user.setFirstName(userDTO.getFirstname());
+        user.setLastName(userDTO.getLastname());
+        user.setUsername(userDTO.getUsername());
         return user;
     }
 

src/main/java/com/faf223/expensetrackerfaf/model/Credential.java

@@ -1,20 +1,35 @@
-package com.faf223.expensetrackerfaf.model;
+    package com.faf223.expensetrackerfaf.model;
 
-import jakarta.persistence.*;
+    import jakarta.persistence.*;
-import lombok.Data;
+    import lombok.AllArgsConstructor;
+    import lombok.Data;
+    import lombok.NoArgsConstructor;
 
-@Data
+    @Data
-@Entity(name = "credentials")
+    @Entity(name = "credentials")
-public class Credential {
+    @NoArgsConstructor
-    @Id
+    @AllArgsConstructor
-    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    public class Credential {
-    private Long credentialId;
+        @Id
+        @GeneratedValue(strategy = GenerationType.IDENTITY)
+        private Long credentialId;
 
-    @ManyToOne
+        @ManyToOne
-    @JoinColumn(name = "user_uuid")
+        @JoinColumn(name = "user_uuid")
-    private User user;
+        private User user;
 
-    private String email;
+        private String email;
-    private String password;
+        private String password;
-}
+
+        @Enumerated(EnumType.STRING)
+        private Role role;
+
+        public Credential(User user, String email, String password) {
+            this.user = user;
+            this.email = email;
+            this.password = password;
+
+            this.role = Role.ROLE_USER;
+        }
+    }
 

src/main/java/com/faf223/expensetrackerfaf/model/Expense.java

@@ -1,7 +1,9 @@
 package com.faf223.expensetrackerfaf.model;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import jakarta.persistence.*;
 import lombok.AllArgsConstructor;
 import lombok.Data;
+import lombok.ToString;
 import lombok.NoArgsConstructor;
 
 import java.math.BigDecimal;
@@ -16,8 +18,10 @@ public class Expense {
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long expenseId;
 
-    @ManyToOne
+    @ManyToOne()
     @JoinColumn(name = "user_uuid")
+    @ToString.Exclude
+    @JsonIgnore
     private User user;
 
     @ManyToOne

src/main/java/com/faf223/expensetrackerfaf/model/Income.java

@@ -1,10 +1,11 @@
 package com.faf223.expensetrackerfaf.model;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import jakarta.persistence.*;
 import lombok.AllArgsConstructor;
 import lombok.Data;
+import lombok.ToString;
 import lombok.NoArgsConstructor;
-
 import java.math.BigDecimal;
 import java.time.LocalDate;
 
@@ -19,6 +20,8 @@ public class Income {
 
     @ManyToOne
     @JoinColumn(name = "user_uuid")
+    @ToString.Exclude
+    @JsonIgnore
     private User user;
 
     @ManyToOne

src/main/java/com/faf223/expensetrackerfaf/model/Role.java

@@ -2,5 +2,5 @@
 package com.faf223.expensetrackerfaf.model;
 
 public enum Role {
-    UNREGISTERED, REGISTERED, ADMIN;
+    ROLE_USER, ROLE_ADMIN
 }

src/main/java/com/faf223/expensetrackerfaf/model/User.java

@@ -1,22 +1,39 @@
+
 package com.faf223.expensetrackerfaf.model;
 
-import jakarta.persistence.Column;
+import jakarta.persistence.*;
-import jakarta.persistence.Entity;
+import lombok.*;
-import jakarta.persistence.Id;
+
-import lombok.AllArgsConstructor;
+import java.util.List;
-import lombok.Data;
-import lombok.NoArgsConstructor;
 
-@Data
-@AllArgsConstructor
-@NoArgsConstructor
 @Entity(name = "users")
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
 public class User {
     @Id
-    @Column(table = "users", name = "user_uuid")
+    @Column(name = "user_uuid")
-    private String uuid;
+    @GeneratedValue(strategy = GenerationType.UUID)
+    private String userUuid;
 
-    private String name;
+    @Column(name = "name")
-    private String surname;
+    private String firstName;
+
+    @Column(name = "surname")
+    private String lastName;
+
+    @Column(name = "username")
     private String username;
+
+    @Transient
+    private String password;
+
+    @OneToMany(mappedBy = "user", fetch = FetchType.LAZY)
+    @ToString.Exclude
+    private List<Expense> expenses;
+
+    @OneToMany(mappedBy = "user", fetch = FetchType.LAZY)
+    @ToString.Exclude
+    private List<Income> incomes;
 }

src/main/java/com/faf223/expensetrackerfaf/repository/CredentialRepository.java

@@ -4,6 +4,9 @@ import com.faf223.expensetrackerfaf.model.Credential;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
+import java.util.Optional;
+
 @Repository
 public interface CredentialRepository extends JpaRepository<Credential, Long> {
+    Optional<Credential> findByEmail(String email);
 }

src/main/java/com/faf223/expensetrackerfaf/repository/ExpenseRepository.java

@@ -1,6 +1,7 @@
 package com.faf223.expensetrackerfaf.repository;
 
 import com.faf223.expensetrackerfaf.model.Expense;
+import com.faf223.expensetrackerfaf.model.User;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
@@ -8,5 +9,5 @@ import java.util.List;
 
 @Repository
 public interface ExpenseRepository extends JpaRepository<Expense, Long> {
-    List<Expense> findByUserUuid(String userUuid);
+    List<Expense> findByUser(User user);
 }

src/main/java/com/faf223/expensetrackerfaf/repository/IncomeRepository.java

@@ -1,6 +1,7 @@
 package com.faf223.expensetrackerfaf.repository;
 
 import com.faf223.expensetrackerfaf.model.Income;
+import com.faf223.expensetrackerfaf.model.User;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
@@ -8,5 +9,5 @@ import java.util.List;
 
 @Repository
 public interface IncomeRepository extends JpaRepository<Income, Long> {
-    List<Income> findByUserUuid(String userUuid);
+    List<Income> findByUser(User user);
 }

src/main/java/com/faf223/expensetrackerfaf/repository/UserRepository.java

@@ -2,8 +2,9 @@ package com.faf223.expensetrackerfaf.repository;
 
 import com.faf223.expensetrackerfaf.model.User;
 import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.stereotype.Repository;
 
-@Repository
+import java.util.Optional;
+
 public interface UserRepository extends JpaRepository<User, String> {
+    Optional<User> getUserByUserUuid(String userUuid);
 }

src/main/java/com/faf223/expensetrackerfaf/security/PersonDetails.java

@@ -1,40 +1,38 @@
 package com.faf223.expensetrackerfaf.security;
 
-import com.faf223.expensetrackerfaf.model.Role;
+import com.faf223.expensetrackerfaf.model.Credential;
-import jakarta.persistence.EnumType;
+import lombok.AllArgsConstructor;
-import jakarta.persistence.Enumerated;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 
 import java.util.Collection;
-import java.util.List;
+import java.util.Collections;
 
+@Data
+@Builder
+@NoArgsConstructor(force = true)
+@AllArgsConstructor
 public class PersonDetails implements UserDetails {
 
-    private final User user;
+    private final Credential credential;
-
-    @Enumerated(EnumType.STRING)
-    private Role role;
-
-    public PersonDetails(User user) {
-        this.user = user;
-    }
 
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {
-        return List.of(new SimpleGrantedAuthority(role.name()));
+        return Collections.singletonList(new SimpleGrantedAuthority(credential.getRole().toString()));
     }
 
     @Override
     public String getPassword() {
-        return user.getPassword();
+        return credential.getPassword();
     }
 
     @Override
     public String getUsername() {
-        return user.getUsername();
+        return credential.getEmail();
     }
 
     @Override

src/main/java/com/faf223/expensetrackerfaf/service/AuthenticationService.java

@@ -0,0 +1,58 @@
+package com.faf223.expensetrackerfaf.service;
+
+import com.faf223.expensetrackerfaf.config.JwtService;
+import com.faf223.expensetrackerfaf.controller.auth.AuthenticationRequest;
+import com.faf223.expensetrackerfaf.controller.auth.AuthenticationResponse;
+import com.faf223.expensetrackerfaf.controller.auth.RegisterRequest;
+import com.faf223.expensetrackerfaf.model.Credential;
+import com.faf223.expensetrackerfaf.model.User;
+import com.faf223.expensetrackerfaf.repository.CredentialRepository;
+import com.faf223.expensetrackerfaf.repository.UserRepository;
+import com.faf223.expensetrackerfaf.security.PersonDetails;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class AuthenticationService {
+
+    private final UserRepository userRepository;
+    private final CredentialRepository credentialRepository;
+    private final PasswordEncoder passwordEncoder;
+    private final JwtService jwtService;
+    private final AuthenticationManager authenticationManager;
+
+    public AuthenticationResponse register(RegisterRequest request) {
+
+        User user = User.builder()
+                .firstName(request.getFirstname())
+                .lastName(request.getLastname())
+                .username(request.getUsername())
+                .build();
+
+        userRepository.save(user);
+        Credential credential = new Credential(user, request.getEmail(), passwordEncoder.encode(request.getPassword()));
+        credentialRepository.save(credential);
+
+        String jwtToken = jwtService.generateToken(new PersonDetails(credential));
+        return AuthenticationResponse.builder()
+                .token(jwtToken)
+                .build();
+    }
+
+    public AuthenticationResponse authenticate(AuthenticationRequest request) {
+        authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(request.getEmail(), request.getPassword()));
+
+        Credential credential = credentialRepository.findByEmail(request.getEmail()).orElseThrow((() -> new UsernameNotFoundException("User not found")));
+
+        String jwtToken = jwtService.generateToken(new PersonDetails(credential));
+        return AuthenticationResponse.builder()
+                .token(jwtToken)
+                .build();
+    }
+
+}

src/main/java/com/faf223/expensetrackerfaf/service/ExpenseService.java

@@ -1,28 +1,36 @@
 package com.faf223.expensetrackerfaf.service;
 
 import com.faf223.expensetrackerfaf.model.Expense;
+import com.faf223.expensetrackerfaf.model.User;
 import com.faf223.expensetrackerfaf.repository.ExpenseRepository;
+import com.faf223.expensetrackerfaf.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import java.util.ArrayList;
 import java.util.List;
+import java.util.Optional;
 
 @Service
+@RequiredArgsConstructor
 public class ExpenseService {
 
     private final ExpenseRepository expenseRepository;
-
+    private final UserRepository userRepository;
-    @Autowired
-    public ExpenseService(ExpenseRepository expenseRepository) {
-        this.expenseRepository = expenseRepository;
-    }
 
     public void createOrUpdateExpense(Expense expense) {
         expenseRepository.save(expense);
     }
 
     public List<Expense> getExpensesByUserId(String userUuid) {
-        return expenseRepository.findByUserUuid(userUuid);
+
+        Optional<User> user = userRepository.getUserByUserUuid(userUuid);
+        if (user.isPresent()) {
+            return expenseRepository.findByUser(user.get());
+        }
+
+        return new ArrayList<>();
     }
 
     public List<Expense> getExpenses() {

src/main/java/com/faf223/expensetrackerfaf/service/IncomeService.java

@@ -1,21 +1,23 @@
 package com.faf223.expensetrackerfaf.service;
 
 import com.faf223.expensetrackerfaf.model.Income;
+import com.faf223.expensetrackerfaf.model.User;
 import com.faf223.expensetrackerfaf.repository.IncomeRepository;
+import com.faf223.expensetrackerfaf.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import java.util.ArrayList;
 import java.util.List;
+import java.util.Optional;
 
 @Service
+@RequiredArgsConstructor
 public class IncomeService {
 
     private final IncomeRepository incomeRepository;
-
+    private final UserRepository userRepository;
-    @Autowired
-    public IncomeService(IncomeRepository incomeRepository) {
-        this.incomeRepository = incomeRepository;
-    }
 
     public void createOrUpdateIncome(Income income) {
         incomeRepository.save(income);
@@ -26,7 +28,13 @@ public class IncomeService {
     }
 
     public List<Income> getIncomesByUserId(String userUuid) {
-        return incomeRepository.findByUserUuid(userUuid);
+
+        Optional<User> user = userRepository.getUserByUserUuid(userUuid);
+        if (user.isPresent()) {
+            return incomeRepository.findByUser(user.get());
+        }
+
+        return new ArrayList<>();
     }
 
     public Income getIncomeById(long id) {

src/main/java/com/faf223/expensetrackerfaf/service/UserService.java

@@ -2,21 +2,18 @@ package com.faf223.expensetrackerfaf.service;
 
 import com.faf223.expensetrackerfaf.model.User;
 import com.faf223.expensetrackerfaf.repository.UserRepository;
+import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
 
 @Service
+@RequiredArgsConstructor
 public class UserService {
 
     private final UserRepository userRepository;
 
-    @Autowired
-    public UserService(UserRepository userRepository) {
-        this.userRepository = userRepository;
-    }
-
     public void createOrUpdateUser(User user) {
         userRepository.save(user);
     }