Scienvera Writeup Part 2
Part 2 - The Real Deal
So. As I said, it is full manual. When i talked to professors, (huge thank you all btw) i realised i can improve it. So i started to “actually build an application”, with sudden urge to rewrite. Why?
If you didnt see the security flaw i mentioned, basically if I give someone a permission, it is stored on that JWT until the time ends. So if user turns out malicious, i literally can not do anything for lifetime of JWT unless i shutdown whole system. This is bad, because JWT is designed to be persistent and un modifiable. Entire validation of JWT is checking the signature and validity, not actually checking their permissions, authority etc..
Two choices:
One, i create a system with redis that can store the JWT tokens, validate it for me, and most importantly REVOKE whichever JWT i want, also creating tokens for refreshing the JWT instead of asking credentials every 5 minutes.
Or two, i rely on outside authentication providers completely.
I am stubborn, but i did not have the experience to write an industry standard authentication and authorization system all by myself. So i decided to use Kinde to help me with this journey.
Rewrite! (Fresh Start)
How many times i have rewritten the project? Its okay, I really learned so much about Spring, so nice experience.
Okay fresh start. Now i am thinking big!
My plan now:
- Different spring applications for different functions.
- Something to link up these.
- Spring Gateway to route.
- React website.
- A robust user database.
- Potentially load balance? (idk what that was back then but sounded cool)
- Leave the security to Kinde.
- Oh, and payment system (this sucks).
Modules for Starters
I started learning docker, and switched from one application monolith onto multiple modules. With that, i can access other modules using port. Convenient, for now.
I separated the user service, and the searcher applications.
Docker hub sucks, like what do you mean only 1 private container?? I switched to GitLab for container registry.
I didn’t do load balance, just small rest templates. Modules, check.
Spring Gateway
That shit was rough. Like where do you even find the information about them? Dont tell me spring docs, google not enough info. ESPECIALLY OAUTH. So i did trial error style on gateway, and eventually i got a rough configuration. Now i can access modules from one port.
Security, Database & Kinde
Now this is interesting. As always, i didnt find anything about Spring with Kinde. Why??!?! Like am I the only one who actually uses the spring for back end?? After weeks of debugging, i finally did a security checks with oauth provider for Spring gateway, and separate checks for each module to prevent gateway bypass. It took me some time to implement the Kinde Management API too.
I linked the Kinde with my user database and i changed the structure, so i no longer hold sensitive info.
Aaaand, kubernetes.
Alright, i manage to do great with docker and almost finished. I used JMS container for message queues, vectorized postgresql and mysql for databases and articles, gateway for routing i am pretty much done. But, somethings missing.
Load balance, SSL, internal security, external security, replicas for down, high availability, backups.. WHAT??
So i wanted to learn kubernetes, hard way.
Installed kubernetes with minikube to my linux, and read the kubernetes docs (yes i still hate videos). Spend a solid month learning the basics and i am pretty much confident with my skills now. It was surprisingly fun. I guess we switch to cloud? I AM BIOENGINEER STUDENT HOW DID IT TURN LIKE THIS HAHA
Did i tell you i know nothing about front end?
Yeah… I do not have money fountain to have someone code it for me. i guess… i learn that too? THIS SHIT IS NOT FINISHING.
Yeah.. i learned basic react, and started using Mantine UI for my lack of imagination. Oh, i learned javascript and a little bit typescript too.
This took me a month to write. I learned basic css, react, js and ts. A lot, eh?
Final Product & Conclusion
Phew.. Lots of tears, lots of sweat. Lots of learning and lots of hard work. Finally done.
This was by far my biggest and proudest projects that i have ever built. I have learned so much about how to build an SaaS, use GitLab CI/CD, create your own infrastructure with Kubernetes and docker, implement basic security system with JWT, as well as OAuth systems, messing with ML features, basic front end stuff, cloudflare protections, and most importantly: Spring experience.
I really want to work back end related jobs, especially with Java and Spring, and maybe some infra building with Kubernetes. So this project is INVALUABLE for me.
Thank you all for reading, and if you have an opportunity for me, lets talk! HAHA