Authentication + Security

Implement signup/login, JWT issuance, and route protection in a production-friendly way.

auth-routes

1import com.jhanvi857.nioflow.auth.PasswordHasher;
2import com.jhanvi857.nioflow.auth.JwtProvider;
3
4app.post("/api/auth/signup", ctx -> {
5    SignupRequest req = ctx.body(SignupRequest.class);
6    String hash = PasswordHasher.hash(req.getPassword());
7    // save user + hash into repository
8    ctx.status(201).json(java.util.Map.of("message", "user created"));
9});
10
11app.post("/api/auth/login", ctx -> {
12    LoginRequest req = ctx.body(LoginRequest.class);
13    boolean ok = PasswordHasher.verify(req.getPassword(), storedHash);
14    if (!ok) {
15        ctx.status(401).json(java.util.Map.of("error", "Invalid credentials"));
16        return;
17    }
18    String token = JwtProvider.generateToken(userEmail, "USER");
19    ctx.status(200).json(java.util.Map.of("token", token));
20});

Protect Route Groups

protected-routes

1app.group("/api/tasks", tasks -> {
2    tasks.use(new com.jhanvi857.nioflow.middleware.AuthMiddleware());
3
4    tasks.get("/", taskController::list);
5    tasks.post("/", taskController::create);
6    tasks.get("/:id", taskController::get);
7    tasks.delete("/:id", taskController::delete);
8});

Security Baseline

env-security

1JWT_SECRET=replace-with-32-plus-char-secret
2NIOFLOW_CORS_ORIGIN=https://your-frontend.app
3NIOFLOW_ENABLE_DB=false
4NIOFLOW_EXPOSE_ERROR_DETAILS=false

Error Handling Policy

global-errors

1app.exception(IllegalArgumentException.class, (e, ctx) -> {
2    ctx.status(400).json(java.util.Map.of("error", "Bad Request"));
3});
4
5app.onError((err, ctx) -> {
6    ctx.status(500).json(java.util.Map.of("error", "Internal Server Error"));
7});

Authentication + Security

Signup + Login Flow

Protect Route Groups

Security Baseline

Error Handling Policy