Conversation
Owner
Author
|
cc: @matheusandre1 |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR implements user authentication and authorization to ensure users can only access their own data. The changes add JWT-based authentication on both frontend and backend, with user ID validation across API endpoints.
Key Changes:
- Added Angular HTTP interceptor to attach JWT tokens to API requests
- Implemented backend authorization checks using JWT claims to filter data by authenticated user ID
- Updated AI service to use user-specific context for balance queries
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| timeless-api/src/main/webui/src/app/token.interceptor.ts | New HTTP interceptor to attach JWT Bearer tokens to requests (except sign-in/sign-out endpoints) |
| timeless-api/src/main/webui/src/app/token.interceptor.spec.ts | Basic test suite for the token interceptor |
| timeless-api/src/main/webui/src/app/timeless-api.service.ts | Removed debug console.log statement |
| timeless-api/src/main/webui/src/app/app.config.ts | Registered the token interceptor in the HTTP client configuration |
| timeless-api/src/main/resources/application.properties | Enabled SQL logging for dev environment |
| timeless-api/src/main/java/dev/matheuscruz/presentation/UserResource.java | Added JWT claim injection and user authorization checks, but with implementation issues |
| timeless-api/src/main/java/dev/matheuscruz/presentation/SignInResource.java | Added @permitAll annotation to allow unauthenticated access |
| timeless-api/src/main/java/dev/matheuscruz/presentation/RecordResource.java | Added @RolesAllowed, JWT claim injection, and user-scoped queries for records |
| timeless-api/src/main/java/dev/matheuscruz/presentation/MessageResource.java | Updated AI service call to pass user ID for context |
| timeless-api/src/main/java/dev/matheuscruz/infra/queue/SQS.java | Updated AI service call to include user ID parameter |
| timeless-api/src/main/java/dev/matheuscruz/infra/ai/tools/GetBalanceTool.java | Modified to accept user ID parameter for user-specific balance queries |
| timeless-api/src/main/java/dev/matheuscruz/infra/ai/TextAiService.java | Updated prompt and method signature to include user ID variable |
| timeless-api/src/main/java/dev/matheuscruz/domain/RecordRepository.java | Updated query method to filter records by user ID |
| site/index.html | Updated call-to-action button text from "Join the Waitlist" to "Register Now" |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #36