mirror of
https://github.com/s-frick/effigenix.git
synced 2026-03-28 10:09:35 +01:00
05878b1ce9
Address all 18 findings from security code review (5 critical, 7 medium, 6 low): Domain: make User and Role immutable with wither-pattern, add status transition guards (ACTIVE->LOCKED, LOCKED->ACTIVE, ACTIVE|LOCKED->INACTIVE, INACTIVE->ACTIVE) Application: enforce authorization via AuthorizationPort in all use cases, add input validation, introduce LockUserCommand/UnlockUserCommand/RemoveRoleCommand, fix audit event on password change failure (K5), use flatMap/mapError chains Infrastructure: JWT blacklist with TTL and scheduled cleanup, login rate limiting (5 attempts/15min), configurable CORS, generic error messages, conditional Swagger, seed data context restriction Tests: unit tests for all 10 use cases, adapted domain and integration tests |
||
|---|---|---|
| .. | ||
| docs | ||
| src | ||
| .factorypath | ||
| CLAUDE.md | ||
| INTEGRATION_TESTS_SUMMARY.md | ||
| pom.xml | ||
| README.md | ||
| TEST_FILES_INDEX.md | ||
| TEST_SUMMARY.md | ||
| TESTING_GUIDE.md | ||
| TODO.md | ||
| UNIT_TESTS_README.md | ||
Effigenix Backend
Java Spring Boot Backend für das Effigenix ERP-System.
Schnellstart
# 1. PostgreSQL starten (Docker)
docker run --name effigenix-postgres \
-e POSTGRES_DB=effigenix \
-e POSTGRES_USER=effigenix \
-e POSTGRES_PASSWORD=effigenix \
-p 5432:5432 \
-d postgres:15
# 2. Bauen & starten
mvn spring-boot:run
Ohne Datenbank (Stub-Modus – nur API-Docs):
mvn spring-boot:run
# Warnung im Log: "⚠️ Keine Datenbankverbindung – Stub-Modus aktiv"
# OpenAPI-Spec: http://localhost:8080/api-docs
API-Dokumentation (mit laufender DB):
- Swagger UI: http://localhost:8080/swagger-ui.html
- OpenAPI JSON: http://localhost:8080/api-docs
Build
# Kompilieren + Tests
mvn clean install
# Nur starten (ohne Tests)
mvn spring-boot:run
# Mit Profil
mvn spring-boot:run -Dspring-boot.run.profiles=dev
Architektur
DDD + Clean Architecture. Einweg-Abhängigkeit: domain → application → infrastructure.
de.effigenix/
├── domain/ # Reine Geschäftslogik – keine Framework-Deps
│ ├── usermanagement/
│ └── masterdata/
├── application/ # Use Cases, Commands, DTOs
│ ├── usermanagement/
│ └── masterdata/
├── infrastructure/ # Spring, JPA, REST, Security, Audit
│ ├── config/
│ ├── security/
│ ├── audit/
│ ├── stub/ # Stub-Beans für no-db-Profil
│ ├── usermanagement/
│ └── masterdata/
└── shared/ # Shared Kernel (Result<E,T>, AuthorizationPort, Action)
Liquibase-Migrationen: src/main/resources/db/changelog/
User Management
Vordefinierte Rollen
| Rolle | Zielgruppe |
|---|---|
ADMIN |
Systemadministrator (alle Rechte) |
PRODUCTION_MANAGER |
Leiter Produktion |
PRODUCTION_WORKER |
Produktionsmitarbeiter |
QUALITY_MANAGER |
Qualitätsbeauftragter |
QUALITY_INSPECTOR |
QM-Mitarbeiter |
PROCUREMENT_MANAGER |
Einkaufsleiter |
WAREHOUSE_WORKER |
Lagermitarbeiter |
SALES_MANAGER |
Verkaufsleiter |
SALES_STAFF |
Verkaufsmitarbeiter |
AuthorizationPort
// Typsichere, fachliche Authorization – kein direkter Zugriff auf User/Roles
authPort.assertCan(ProductionAction.RECIPE_WRITE);
authPort.assertCan(SalesAction.ORDER_READ, orderId);
Tests
mvn test # Unit Tests
mvn verify # + Integration Tests
mvn clean verify jacoco:report # Test Coverage
Dokumentation
- Quick Start – Docker, Seed-Daten, lokale Entwicklung
- User Management – Referenz-BC, JWT, Audit