Contents

INTRODUCTION...........................................................................................................................2
KEY FEATURES...........................................................................................................................2
TECHNOLOGIES USED.............................................................................................................2
GETTING STARTED....................................................................................................................2
Prerequisites.................................................................................................................................2
PROJECT STRUCTURE................................................................................................................2
Directory structure.......................................................................................................................2
Class and Method Overview........................................................................................................4
Naming Strategy......................................................................................................................4
Entity Relation Diagram..........................................................................................................4
Classes Overview.....................................................................................................................4
Method Overview....................................................................................................................6
API Documentation.........................................................................................................................6
Security..........................................................................................................................................10
Authentication and Authorization..............................................................................................10
Data Security..................................................................................................................................11
Error Handling:..............................................................................................................................11
Error Messages:.........................................................................................................................11
TESTING.......................................................................................................................................12
Test Cases:.................................................................................................................................12
Authentication Tests:.................................................................................................................12
File Management Tests:.............................................................................................................12
Error Handling Tests:.................................................................................................................12
Test Data:...................................................................................................................................13

INTRODUCTION
The File Management System Backend is designed to provide a robust platform for managing
files through CRUD operations. This system is built using Spring Boot, incorporating various
technologies to ensure security, performance, and maintainability.
KEY FEATURES
 Create, Read, Update, and Delete (CRUD) operations for files.
 Secure authentication and authorization mechanisms.
 Integration with a relational database using Spring Data JPA.
 Logging and error handling for better maintainability.

TECHNOLOGIES USED
 Spring Boot: Framework for building Java-based enterprise applications.
 Spring Data JPA: Provides a convenient way to interact with a relational database.
 Spring Security: For implementing authentication and authorization.
 JUnit and Mockito: For unit and integration testing.
 Log back: Logging framework for capturing application logs.
 MySQL: For saving data.

GETTING STARTED
Prerequisites
 Java JDK 8 or later
 Maven
 Your preferred IDE (IntelliJ, Eclipse, etc.)

PROJECT STRUCTURE
Directory structure
The structure and naming of classes and directories must be stable for avoiding merge request
errors in git repository and misunderstanding between developer team members. Structure is
going to be developed as:
Components:

 Controllers: Handle incoming requests, manage the flow of data, and communicate with
the service layer.
 Data: Contains entities representing data models, data transfer objects (DTOs), and
database repositories.
 Exception Handling: Deals with error handling and custom exceptions.
 Mapper: Responsible for mapping data between different layers, such as mapping DTOs
to entities.
 Security: Manages security aspects, including authentication and authorization.
 Service: Implements business logic, with interfaces defining the contract between the
presentation and data layers.
 Util: Contains utility classes that provide common functionality across the application.

Class and Method Overview

Naming Strategy
In accordance with established naming conventions and a structured approach, the names of
classes are derived from their corresponding database table names. The following naming
convention is adhered to:
Class Naming Format: <TableName>Entity, <TableName>Repository, <TableName>Service,
etc.
Example: UserEntity, UserRepository, UserService.
This systematic approach ensures clarity and consistency in naming across the software
architecture.
Entity Relation Diagram

Classes Overview
The ERD illustrates the connections and associations between key entities, facilitating a
comprehensive understanding of the database structure.
Entity Classes

 To facilitate interaction with the database, the software employs three main entity classes:
UserEntity
 FolderEntity
 DocumentEntity

DTO Classes
DTO (Data Transfer Object) classes serve as an interface for seamless data exchange between
layers within the software architecture:

 UserDTO
 FolderDTO
 DocumentDTO
 LoginDTO
Repository Classes
Repository classes serve as the interface for database operations. The following repository
classes are employed:

 UserRepository
 FolderRepository
 DocumentRepository

Service Classes
To orchestrate the interaction between repositories and implement business logic, service classes
are employed:

 UserService
 FolderService
 DocumentService

Controller Classes
For exposing functionalities through APIs, the software employs controller classes:

 UserController
 FolderController
 DocumentController

These classes collectively form a structured and modular system, aligning with best practices in
software design.

Method Overview
UserService:

 LoginDTO login (String email, String password): generates jwt bearer token for
authentication and authorization.
 Void register (UserDTO userDTO): registers user and saves data to database.

DocumentService:

 DocumentDTO getDocumentById (Long id): gets data of a document by ID.

 DocumentDTO addOrUpdateDocument (DocumentDTO documentDTO): adds or
document to database.
 Void deleteDocumentById (Long id): deletes document from database by ID.

FolderService:
  List<FolderDTO> getAllFoldersAndDocuments (): returns all folders and documents.
 FolderDTO addOrUpdateFolder (FolderDTO folderDTO): adds or updates folder in
database.
 deleteFolderById (Long id): deletes folder from database.

API Documentation
Base URL: http://localhost:8080
Endpoints:
1. Register
 Endpoint: /auth/register
 Method: POST
 Description: registering user
 Request Body:
{
“name”: name of the user,
“surname”: surname of the user,
“email”: email of the user,
“password”: password of the user
}
Response: “204 No Content”
2. Login
 Endpoint: /auth/login
 Method: POST
 Description: logging in user
 Request Param:
String username, String password

Response:
{
“token”: Bearer token,
“userId”: id of the user
}

3. Get Document By ID
 Endpoint: /doc/document/{id}
 Method: GET
 Description: getting document by id
 Path variable:
id: ID of the document

Response:
{
“id”: id of the document
“name”: name of the document,
“path”: path of the document
}

4. Add Document
 Endpoint: /doc/document
 Method: POST
 Description: adding document to database
 Request Body:
{
“name”: name of the document,
“path”: path of the document
}
Request Param:
id: ID of the parent folder.

Response:
{
“id”: id of the document
“name”: name of the document,
“path”: path of the document
}

5. Update Document
 Endpoint: /doc/document
 Method: PUT
 Description: updating document in database
 Request Body:
{
“id”: id of the document
“name”: name of the document,
“path”: path of the document
}
Request Param:
 id: ID of the parent folder.
Response:
{
“id”: id of the document
“name”: name of the document,
“path”: path of the document
}

6. Delete Document By ID
 Endpoint: /doc/document
 Method: Delete
 Description: deleting document from database
 Path variable:

Id: ID of the document needed to be deleted

Response: “204 No Content”

7. Get All Folders and Files

 Endpoint: /folder/folders
 Method: GET
 Description: getting all folders

Response:
[
{
“id”: id of the folder”,
“name”: name of the folder,
“parentFolder”: its parent folder,
“childFolders”: its child folders,
“documents”: documents inside the folder
}
]

8. Add Folder
 Endpoint: /folder/folder
 Method: POST
 Description: adding folder to database
 Request Body:
 {
“name”: name of the folder
}
Request Param:
folderId: ID of the parent folder, userId: ID of the user
Response:
{
“id”: id of the folder”,
“name”: name of the folder,
“parentFolder”: its parent folder,
“childFolders”: its child folders,
“documents”: documents inside the folder
}
9. Update Folder
 Endpoint: /folder/folder
 Method: PUT
 Description: updating folder in database
 Request Body:
{
“id”: id of the folder”,
“name”: name of the folder,

}
Request Param:
folderId: ID of the parent folder, userId: ID of the user
Response:
{
“id”: id of the folder”,
“name”: name of the folder,
“parentFolder”: its parent folder,
“childFolders”: its child folders,
“documents”: documents inside the folder
}

10. Delete Folder By ID

 Endpoint: /folder/folder
 Method: DELETE
 Description: registering user
 Path variable:
id: ID of the folder should be deleted.
Response: “204 No Content”

Security
Authentication and Authorization
The software employs a token-based authentication system for user access. Upon successful
login, users receive a JWT (JSON Web Token), which is then included in the header of
subsequent requests, which allow them to use the APIs that they have gained access to.

Data Security
Sensitive data, such as user passwords, is securely hashed using industry-standard encryption
algorithms before storage, which further enhances data security.

Error Handling:
Error Messages:
The software provides meaningful error messages to facilitate troubleshooting. HTTP status
codes are used to indicate the nature of the issue, and additional details are included in the
response body.
1. HTTP status code 500:
 {
“error”: “Not Found Exception”,
“message”: “The requested data is not in the database.”
}

 {

“error”: “Data Parsing Exception”,

“message”: “Error occurred while parsing data between DTO and entity
class object.”
}

 {
 “error”: “JSON Parsing Exception”,
“message”: “Error occurred while parsing JSON from request body.”
}
2. HTTP status code 400:
 {
"error": "Invalid Request",
"message": "The request body is missing required parameters."
}
3. HTTP status code 401:
 {

"error": "Unauthorized",
"message": "Invalid or expired token. Please log in again."
}

TESTING
Test Cases:
The test suite includes both unit tests and integration tests to ensure the reliability and
correctness of the software. Test cases cover various scenarios related to authentication, file
management operations, error handling, and security.

Authentication Tests:
Test Case 1: Verify successful user registration.
Test Case 2: Validate user login and token generation.
Test Case 3: Ensure proper handling of invalid login credentials.

File Management Tests:

Test Case 4: Test the creation of a new document.
Test Case 5: Verify the retrieval of a document by ID.
Test Case 6: Test updating the details of an existing document.
Test Case 7: Test deletion of a document by ID.
Test Case 8: Verify the retrieval of all folders and documents.
Test Case 9: Test the creation of a new folder.
Test Case 10: Test updating the details of an existing folder.
Test Case 11: Test deletion of a folder by ID.

Error Handling Tests:

Test Case 12: Verify the correct error response for missing request parameters.
Test Case 13: Ensure proper handling of unauthorized access.
Test Case 14: Test the response for attempting to access non-existing data.
Test Case 15: Validate error response for invalid JSON in the request body.

Test Data:
For testing purposes, the system provides a set of sample data with predefined user accounts,
documents, and folders. The sample data includes various scenarios covering different user roles
and access permissions. Developers can use this data to simulate real-world scenarios and verify
the correct functioning of the software.
Test Environment: Java Version: JDK 17
Build Tool: Gradle
Testing Framework: JUnit and Mockito
Database: MySQL (Ensure the test database is properly configured and isolated for testing
purposes.)