Package com.glowmart.shop_management.controller

Class UserController

java.lang.Object
com.glowmart.shop_management.controller.UserController
@RestController @RequestMapping("/api/user") public class UserController extends Object
REST controller for managing user operations.

This controller provides endpoints for user registration, authentication, token refresh, logout, and user retrieval. It delegates business logic to the UserService, handles authentication via Spring Security's AuthenticationManager, and manages token generation and validation using JwtUtil and RefreshTokenService.

Available Endpoints:

  • POST /api/user/{role}/sign-up – Register a new user with a given role.
  • POST /api/user/login – Authenticate a user and issue JWT access/refresh tokens.
  • POST /api/user/refresh – Refresh the access token using a valid refresh token.
  • POST /api/user/logout – Invalidate a refresh token to log out the user.
  • GET /api/user/user-list – Retrieve a paginated list of users using keyset pagination.

Exception handling is performed at the controller level, returning appropriate HTTP status codes such as 400 Bad Request, 401 Unauthorized, 404 Not Found, or 409 Conflict depending on the error.

  • Constructor Details

    • UserController

      public UserController()

  • Method Details

    • createUser

      @PostMapping("/{role}/sign-up") public org.springframework.http.ResponseEntity<?> createUser(@PathVariable("role") String role, @RequestBody UserDto userDto)
      Create or registeration a new user.
      Parameters:
      role - Role of user.
      userDto - Data of user.
      Returns:
      ResponseEntity with a message indicating success or failure.

    • login

      @PostMapping("/login") public org.springframework.http.ResponseEntity<AuthResponse> login(@RequestParam String email, @RequestParam String password)
      Login a user.
      Parameters:
      email - User's email.
      password - User's password.
      Returns:
      A JWT token if authentication is successful.

    • refresh

      @PostMapping("/refresh") public org.springframework.http.ResponseEntity<AuthResponse> refresh(@RequestParam String refreshToken)
      Refresh the user's access token using a valid refresh token.

      This endpoint validates the provided refresh token. If the token is valid and not expired, a new access token is generated and returned to the client. The refresh token itself remains unchanged and can be reused until it expires or is revoked.

      Parameters:
      refreshToken - the refresh token previously issued to the user
      Returns:
      a response containing a new access token and the existing refresh token if valid, or an unauthorized response if the refresh token is invalid or expired

    • logout

      @PostMapping("/logout") public org.springframework.http.ResponseEntity<String> logout(@RequestParam String refreshToken)
      Log out a user by invalidating their refresh token.

      This endpoint revokes the provided refresh token, preventing it from being used to obtain new access tokens. After logout, the user must log in again to receive fresh tokens. Any existing access tokens will remain valid until they expire, unless additional blacklist checks are implemented.

      Parameters:
      refreshToken - the refresh token to invalidate
      Returns:
      a response indicating that the user has been logged out successfully

    • getUsersKeyset

      @GetMapping("/user-list") public List<UserDto> getUsersKeyset(@RequestParam(defaultValue="0") Long lastId, @RequestParam(defaultValue="100") int size)
      Retrieves a paginated list of users using keyset pagination. Returns users whose IDs are greater than the specified lastId.
      Parameters:
      lastId - The last user ID from the previous page (default is 0).
      size - The maximum number of users to return (default is 10).
      Returns:
      A list of UserDto objects representing the next page of users.

    • updateUserById

      @PutMapping("/update/{id}") public org.springframework.http.ResponseEntity<?> updateUserById(@PathVariable("id") String id, @RequestParam String email, @RequestParam String name, @RequestParam String phone)
      Updates the information of a user account identified by the given ID.

      This endpoint allows an authenticated user to update their own account details, including email, name, and phone number. The operation is restricted to the account owner only—authorization is enforced by comparing the email in the JWT token with the email of the user retrieved from the database.

      Parameters:
      id - the unique identifier of the user to be updated (must match the authenticated user's ID)
      email - the new email address to update
      name - the new name to update
      phone - the new phone number to update
      Returns:
      a ResponseEntity indicating the result of the update operation:
      • 200 OK if the update is successful
      • 403 FORBIDDEN if the authenticated user is not the account owner
      • 400 BAD REQUEST if the input data is invalid
      • 404 NOT FOUND if the user does not exist
      • 409 CONFLICT if the update causes a duplicate conflict
      • 500 INTERNAL SERVER ERROR for unexpected errors