Forfafa Spring Boot Development Assistant

Provides expert guidance for working with Forfafa, a Spring Boot-based OAuth user registration system built with Kotlin and Java 21.

Project Context

Forfafa is a production-ready OAuth authentication service supporting Naver and Kakao providers with JWT authentication. It follows Domain-Driven Design (DDD) principles with clean architecture, using PostgreSQL as the primary database and TestContainers for integration testing.

**Technology Stack:**

Language: Kotlin (Spring Boot 3.5.3)

Runtime: Java 21

Database: PostgreSQL with TestContainers

Security: Spring Security with JWT

OAuth: WebClient for provider integrations

Testing: JUnit 5, MockK, TestContainers

Instructions

1. Project Setup and Environment

When setting up or troubleshooting the development environment:

1. **Initial Setup:**

- Run `./scripts/local-setup.sh` for complete Docker and environment setup

- Copy `.env.example` to `.env` and configure OAuth credentials

- Verify services with `./scripts/health-check.sh`

2. **Required Environment Variables:**

- `NAVER_CLIENT_ID`, `NAVER_CLIENT_SECRET`: Naver OAuth credentials

- `KAKAO_CLIENT_ID`, `KAKAO_CLIENT_SECRET`: Kakao OAuth credentials

- `JWT_SECRET`: Secure key for JWT signing (critical for production)

- Database credentials: `SPRING_DATASOURCE_URL`, `SPRING_DATASOURCE_USERNAME`, `SPRING_DATASOURCE_PASSWORD`

3. **Health Checks:**

- Check OAuth provider status: `GET /api/auth/oauth/status`

- Verify database connectivity before running application

2. Development Commands

**Build and Run:**

```bash

./gradlew bootRun # Run application locally

./gradlew build # Build JAR

./gradlew clean build # Clean build

```

**Docker Operations:**

```bash

docker-compose up --build # Start local development

docker-compose up --build -d # Start detached

docker-compose logs -f app # View logs

docker-compose down # Stop services

docker-compose -f docker-compose.prod.yml up --build -d # Production

```

**Database Management:**

```bash

Connect to PostgreSQL

docker-compose exec postgres psql -U forfafa_user -d forfafa

Manual schema execution (if needed)

docker-compose exec postgres psql -U forfafa_user -d forfafa < src/main/resources/schema.sql

```

3. Architecture Understanding

**Package Structure (Layered Architecture):**

`presentation/`: REST controllers and DTOs

- Handle HTTP requests/responses

- Define API contracts with DTOs

- Global exception handling

`application/`: Application services and orchestration

- `oauth/`: OAuth authentication service

- `user/`: User registration service

- Domain events for decoupled communication

`domain/`: Core business logic

- `oauth/`: OAuth value objects and entities (OAuthAccount, OAuthProfile, OAuthProvider)

- `user/`: User aggregate root with value objects (User, Email, UserId)

- Repository interfaces (persistence contracts)

`infrastructure/`: Technical implementations

- `oauth/`: OAuth client implementations (Naver/Kakao WebClient)

- `persistence/`: JPA entities and repository implementations

- `security/`: JWT token provider and authentication filter

**Key Design Patterns:**

Domain-Driven Design: Rich domain models with encapsulated business logic

Repository Pattern: Interfaces in domain layer, implementations in infrastructure

Factory Pattern: `OAuthClientFactory` for provider-specific clients

Event-Driven: Domain events (`UserRegisteredEvent`, `OAuthAccountLinkedEvent`)

Value Objects: `Email`, `UserId` for type safety and validation

4. OAuth Flow Implementation

When working with OAuth authentication:

1. **OAuth Flow Steps:**

- Client requests OAuth URL: `GET /api/auth/oauth/{provider}`

- User authenticates with provider

- Provider redirects to callback with authorization code

- Application exchanges code for access token

- Application fetches user profile from provider

- User created/updated, JWT issued

2. **OAuth Configuration:**

- Redirect URIs must exactly match provider dashboard configuration

- Check provider status before testing flows

- Use `OAuthClientFactory` for provider-specific implementations

5. Testing Strategy

**Test Structure:**

**Unit Tests**: Domain objects, value objects, services

- `UserTest`, `EmailTest`, `OAuthAccountTest`

- `OAuthAuthenticationServiceTest`, `UserRegistrationServiceTest`

- `JwtTokenProviderTest`, `NaverOAuthClientTest`

**Integration Tests**: End-to-end with TestContainers

- `JwtSecurityIntegrationTest`: JWT authentication flow

- `OAuthFlowIntegrationTest`: Complete OAuth authentication

- `OAuthErrorScenariosIntegrationTest`: Error handling

- `OAuthPerformanceIntegrationTest`: Performance benchmarks

**Running Tests:**

```bash

./gradlew test # All tests

./gradlew test --tests "*Integration*" # Integration tests only

./gradlew test --tests "*Unit*" # Unit tests only

./gradlew test --tests "JwtSecurityIntegrationTest" # Specific test

./gradlew test --tests "*Performance*" # Performance tests

```

**Kotlin Test Conventions:**

Use descriptive backtick function names

MockK for Kotlin-friendly mocking

TestContainers for PostgreSQL integration

Separate test configurations: `application-test.yml`, `application-integration-test.yml`

6. Kotlin Development Patterns

**Code Conventions:**

Rich domain models with behavior in entities

Data classes for immutable value objects (`Email`, `UserId`)

Leverage Kotlin null safety throughout

Extension functions for domain logic and utilities

Data classes preferred for DTOs and value containers

**Architecture Patterns:**

Repository interfaces in domain layer, implementations in infrastructure

Factory pattern for provider-specific OAuth clients

Domain events for decoupled communication

Custom exception hierarchy per layer (domain, application, infrastructure)

**Key Files for Architecture:**

`src/main/kotlin/com/forfafa/forfafa/domain/`: Core business logic

`src/main/kotlin/com/forfafa/forfafa/application/`: Application services and events

`src/main/kotlin/com/forfafa/forfafa/infrastructure/`: Technical implementations

`src/main/kotlin/com/forfafa/forfafa/presentation/`: REST controllers and DTOs

7. Security and JWT

**Security Architecture:**

JWT-based authentication with stateless sessions

Spring Security filter chain with custom JWT authentication filter

Secure OAuth2 flow with token exchange

Configurable JWT secret and expiration (default: 24 hours)

**Important Security Notes:**

Use secure `JWT_SECRET` in production (never commit to repository)

OAuth redirect URIs must match provider configuration exactly

Database schema managed via `schema.sql` - no Hibernate auto-DDL in production

8. Best Practices

When working with the codebase:

1. **Always verify OAuth configuration status before testing flows**

2. **Use provided scripts for environment setup** (`./scripts/local-setup.sh`)

3. **Follow DDD principles**: Keep business logic in domain layer

4. **Use Kotlin idioms**: Data classes, null safety, extension functions

5. **Write tests in Kotlin** with descriptive backtick function names

6. **Check health endpoints** before troubleshooting issues

7. **Review domain events** for understanding business workflows

8. **Consult repository interfaces** in domain layer for persistence contracts

Example Usage

**Setting up development environment:**

```bash

Clone repository and navigate to project

cd forfafa

Copy environment template

cp .env.example .env

Edit .env with OAuth credentials (required)

Run complete setup

./scripts/local-setup.sh

Verify all services are healthy

./scripts/health-check.sh

Run application

./gradlew bootRun

```

**Testing OAuth flow:**

```bash

Check OAuth provider configuration

curl http://localhost:8080/api/auth/oauth/status

Run OAuth integration tests

./gradlew test --tests "OAuthFlowIntegrationTest"

Run all integration tests

./gradlew test --tests "*Integration*"

```

**Adding a new OAuth provider:**

1. Create provider-specific client in `infrastructure/oauth/`

2. Implement `OAuthClient` interface

3. Register in `OAuthClientFactory`

4. Add provider credentials to `.env` and configuration

5. Write integration tests for the new provider

Constraints

Always use Kotlin for new code following existing conventions

Follow DDD principles: domain logic belongs in domain layer

Use MockK for testing (not Mockito directly)

Never commit `.env` file or secrets to repository

Database schema changes must be applied via `schema.sql`

OAuth redirect URIs must match provider dashboard configuration exactly

JWT tokens expire after 24 hours (configurable, but update documentation if changed)

Use TestContainers for integration tests requiring database access

Forfafa Spring Boot Development Assistant

Forfafa Spring Boot Development Assistant

Project Context

Instructions

1. Project Setup and Environment

2. Development Commands

Connect to PostgreSQL

Manual schema execution (if needed)

3. Architecture Understanding

4. OAuth Flow Implementation

5. Testing Strategy

6. Kotlin Development Patterns

7. Security and JWT

8. Best Practices

Example Usage

Clone repository and navigate to project

Copy environment template

Edit .env with OAuth credentials (required)

Run complete setup

Verify all services are healthy

Run application

Check OAuth provider configuration

Run OAuth integration tests

Run all integration tests

Constraints

Reviews (0)