Skip to content

README.md

Latest commit

 

History

History
311 lines (254 loc) · 5.44 KB

README.md

File metadata and controls

311 lines (254 loc) · 5.44 KB

🏨 StayEase – Hotel Room Booking REST API

StayEase is a backend service built with Java and Spring Boot that provides REST APIs for managing hotels and room bookings in a hotel aggregator platform.

The application supports JWT-based authentication, role-based access control (RBAC), and uses MySQL for persistent storage.

Tech Stack

  • Java
  • Spring Boot
  • Spring Security
  • JWT Authentication
  • MySQL
  • JPA / Hibernate
  • Gradle

Key Features

  • User registration and login with JWT authentication
  • Role-based access control (ADMIN, HOTEL_MANAGER, USER)
  • Hotel listing and management APIs
  • Room booking creation and cancellation
  • Layered architecture (Controller → Service → Repository)

📌 High-Level Architecture

Client (Postman / Curl / Frontend)
        |
        v
Controller Layer  →  Service Layer  →  Repository Layer  →  MySQL DB
        |
        v
   Security Layer (JWT + Roles)

🧩 Folder Structure (Detailed)

src/main/java/com/takehome/stayease
│
├── controller
│   ├── AuthController.java
│   ├── HotelController.java
│   └── BookingController.java
│
├── service
│   ├── UserService.java
│   ├── HotelService.java
│   ├── BookingService.java
│   └── Impl
│       ├── UserServiceImpl.java
│       ├── HotelServiceImpl.java
│       └── BookingServiceImpl.java
│
├── repository
│   ├── UserRepository.java
│   ├── HotelRepository.java
│   └── BookingRepository.java
│
├── entity
│   ├── User.java
│   ├── Hotel.java
│   └── Booking.java
│
├── dto
│   ├── auth
│   │   ├── SignupRequest.java
│   │   ├── LoginRequest.java
│   │   └── AuthResponse.java
│   │
│   ├── hotel
│   │   ├── CreateHotelRequest.java
│   │   ├── UpdateHotelRequest.java
│   │   └── HotelResponse.java
│   │
│   └── booking
│       ├── CreateBookingRequest.java
│       └── BookingResponse.java
│
├── security
│   ├── SecurityConfig.java
│   ├── JwtUtil.java
│   ├── JwtAuthenticationFilter.java
│   ├── CustomUserDetails.java
│   └── CustomUserDetailsService.java
│
├── exception
│   └── GlobalExceptionHandler.java
│
└── StayEaseApplication.java

🔐 Role-Based Access Control (RBAC)

Role Permissions
USER View hotels, create booking
HOTEL_MANAGER Update hotels, cancel bookings
ADMIN Create hotels, delete hotels

Role Enforcement

Implemented using:

@PreAuthorize("hasRole('ADMIN')")
@PreAuthorize("hasRole('HOTEL_MANAGER')")
@PreAuthorize("hasRole('USER')")

JWT token contains role information and is validated on every request.

🔑 Authentication Flow (JWT)

  1. User registers or logs in
  2. Server validates credentials
  3. JWT token is generated
  4. Client sends token in header: 
    Authorization: Bearer <JWT_TOKEN>
  5. JWT filter validates token and sets security context

📡 API Endpoints (Detailed)

👤 User APIs

Register User (Public)

POST /api/users/register
{
  "email": "user@test.com",
  "password": "Test@1234",
  "firstName": "John",
  "lastName": "Doe",
  "role": "USER"
}

Response:

{ "token": "jwt-token" }

Login User (Public)

POST /api/users/login
{
  "email": "user@test.com",
  "password": "Test@1234"
}

Response:

{ "token": "jwt-token" }

🏨 Hotel APIs

Get All Hotels (Public)

GET /api/hotels

Create Hotel (Admin)

POST /api/hotels
Authorization: Bearer <ADMIN_TOKEN>
{
  "name": "StayEase Hotel",
  "location": "Pune",
  "description": "Business Hotel",
  "totalRooms": 10,
  "availableRooms": 10
}

Update Hotel (Hotel Manager)

PUT /api/hotels/{hotelId}
Authorization: Bearer <MANAGER_TOKEN>
{
  "availableRooms": 15
}

Delete Hotel (Admin)

DELETE /api/hotels/{hotelId}
Authorization: Bearer <ADMIN_TOKEN>

📅 Booking APIs

Create Booking (User)

POST /api/bookings/{hotelId}
Authorization: Bearer <USER_TOKEN>
{
  "checkInDate": "2026-02-20",
  "checkOutDate": "2026-02-22"
}

Response:

{
  "bookingId": 1,
  "hotelId": 2,
  "checkInDate": "2026-02-20",
  "checkOutDate": "2026-02-22"
}

Get Booking Details

GET /api/bookings/{bookingId}
Authorization: Bearer <USER_TOKEN>

Cancel Booking (Hotel Manager)

DELETE /api/bookings/{bookingId}
Authorization: Bearer <MANAGER_TOKEN>

⚠️ Business Rules Enforced

  • Check-in date must be future date
  • Check-out date must be after check-in
  • No overbooking allowed
  • Customers cannot cancel bookings
  • Only managers can cancel bookings

🧪 Testing Strategy

  • Controller-level unit tests
  • MockMvc + Mockito
  • Security filters disabled during tests
  • No real DB used in tests

Run tests:

./gradlew test

▶️ Run the Application

./gradlew clean bootRun

App runs on:

http://localhost:8081

📦 Build JAR

./gradlew clean bootJar
java -jar build/libs/stayease-0.0.1-SNAPSHOT.jar