Skip to main content

User Account Service

Overview

The User Account Service handles registration, login, logout, and other authentication/authorization features, providing JWT token-based authentication and session management using ElastiCache.

ItemDetails
LanguageJava 17
FrameworkSpring Boot 3.2
DatabaseAurora PostgreSQL (Global Database)
CacheElastiCache (Valkey/Redis)
Namespacemall-user-account
Port8080
Health Check/actuator/health

Architecture

API Endpoints

MethodPathDescriptionAuth Required
POST/api/v1/auth/registerRegisterX
POST/api/v1/auth/loginLoginX
POST/api/v1/auth/logoutLogoutO
GET/api/v1/auth/meGet current user infoO

Register

POST /api/v1/auth/register

Request:

{
"email": "user@example.com",
"password": "securePassword123",
"name": "John Doe"
}

Validation:

  • email: Required, email format
  • password: Required, minimum 8 characters
  • name: Required

Response (201 Created):

{
"id": "550e8400-e29b-41d4-a716-446655440000",
"email": "user@example.com",
"name": "John Doe",
"role": "USER",
"active": true,
"createdAt": "2024-01-15T10:30:00Z"
}

Login

POST /api/v1/auth/login

Request:

{
"email": "user@example.com",
"password": "securePassword123"
}

Response (200 OK):

{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"tokenType": "Bearer",
"expiresIn": 3600,
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"email": "user@example.com",
"name": "John Doe",
"role": "USER",
"active": true,
"createdAt": "2024-01-15T10:30:00Z"
}
}

Logout

POST /api/v1/auth/logout

Header:

Authorization: Bearer <token>

Response (204 No Content)

Get Current User Info

GET /api/v1/auth/me

Header:

Authorization: Bearer <token>

Response (200 OK):

{
"id": "550e8400-e29b-41d4-a716-446655440000",
"email": "user@example.com",
"name": "John Doe",
"role": "USER",
"active": true,
"createdAt": "2024-01-15T10:30:00Z"
}

Data Models

User Entity

@Entity
@Table(name = "users")
public class User {
public enum Role {
USER, SELLER, ADMIN
}

@Id
@GeneratedValue(strategy = GenerationType.UUID)
private UUID id;

@Column(unique = true, nullable = false)
private String email;

@Column(name = "password_hash", nullable = false)
private String passwordHash;

@Column(nullable = false)
private String name;

@Enumerated(EnumType.STRING)
@Column(nullable = false)
private Role role = Role.USER;

@Column(nullable = false)
private boolean active = true;

@Column(name = "created_at", nullable = false, updatable = false)
private Instant createdAt;

@Column(name = "updated_at", nullable = false)
private Instant updatedAt;
}

User Roles

RoleDescription
USERRegular user
SELLERSeller
ADMINAdministrator

Database Schema

CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
email VARCHAR(255) UNIQUE NOT NULL,
password_hash VARCHAR(255) NOT NULL,
name VARCHAR(255) NOT NULL,
role VARCHAR(50) NOT NULL DEFAULT 'USER',
active BOOLEAN NOT NULL DEFAULT true,
created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
);

CREATE UNIQUE INDEX idx_users_email ON users(email);
CREATE INDEX idx_users_role ON users(role);
CREATE INDEX idx_users_active ON users(active);

Events (Kafka)

Published Topics

Topic NameEventDescription
user.registereduser.registeredPublished on registration
user.loginuser.loginPublished on login

user.registered Payload

{
"eventType": "user.registered",
"userId": "550e8400-e29b-41d4-a716-446655440000",
"email": "user@example.com",
"name": "John Doe",
"role": "USER",
"timestamp": "2024-01-15T10:30:00Z"
}

user.login Payload

{
"eventType": "user.login",
"userId": "550e8400-e29b-41d4-a716-446655440000",
"email": "user@example.com",
"timestamp": "2024-01-15T11:00:00Z"
}

Environment Variables

VariableDescriptionDefault
SPRING_DATASOURCE_URLAurora PostgreSQL connection URL-
SPRING_DATASOURCE_USERNAMEDB username-
SPRING_DATASOURCE_PASSWORDDB password-
SPRING_REDIS_HOSTElastiCache host-
SPRING_REDIS_PORTElastiCache port6379
SPRING_KAFKA_BOOTSTRAP_SERVERSKafka broker address-
JWT_SECRETJWT signing secret-
JWT_EXPIRATIONJWT expiration time (seconds)3600
SERVER_PORTService port8080

Service Dependencies

Session Management

Session management using ElastiCache:

Authentication Flow

  1. Registration: Hash password and save, publish welcome email event
  2. Login: Verify password, issue JWT token, store session
  3. Authenticated Request: Verify JWT, check session
  4. Logout: Delete session, invalidate token

Security Settings

  • Password: BCrypt hashing (strength 12)
  • JWT: HMAC-SHA256 signature
  • Session: ElastiCache TTL-based automatic expiration
  • HTTPS: TLS 1.3 required

Error Handling

HTTP Status CodeErrorDescription
400ValidationExceptionInput validation failure
401UnauthorizedExceptionAuthentication failure (invalid credentials)
403ForbiddenExceptionPermission denied
409DuplicateEmailExceptionAlready registered email