📋 Changelog

All notable changes to Springular are documented here.

The format is based on Keep a Changelog.

[Unreleased]

Spec Doc Product Specification: Complete product documentation for version control for AI-generated systems
- Product vision, business strategy, and market analysis
- Epic breakdown and solution architecture
- UX vision and Cursor integration strategy
- Working HTML prototype (prototype-instant-preview.html)
- Git history analysis proving the paradigm shift (205 commits, 71% specs)

Dev/Prod Separation: Clear separation with consistent naming (application.yml = dev, application-prod.yml = prod)
Production Spring Profile: Explicit application-prod.yml with devtools disabled, ddl-auto: validate, minimal logging
Frontend Runtime Config: ConfigService with APP_INITIALIZER for runtime configuration loading
Docker Production Setup: docker-compose.yml with port 80, prod profile, runtime Stripe key injection.
Profile-Based Logging: logback-spring.xml with verbose dev logging, minimal prod logging
Docker Entrypoint: Runtime config generation from environment variables (no rebuild needed for config changes)

Dependency Injection: @AllArgsConstructor → @RequiredArgsConstructor with final fields (5 classes)
Transaction Management: Added @Transactional to state-changing methods in RefreshTokenService
Exception Handling: New PaymentProcessingException, JwtException handler
Null Safety: Added parameter validation in UserServiceImpl
Code Cleanup: Removed unused updateExistingOAuthUser() method and dead constant
Frontend: Fixed error message display (Description → message) in auth components

CORS: Configurable origin patterns with credentials support
CSRF: Cookie-based protection with Angular interceptor integration
JWT: Comprehensive token validation with proper error handling
Rate Limiting: Bucket4j-based limiting on auth endpoints (10 req/min default)
Password: Minimum 12 character length validation

application-prod.yml - Production Spring profile configuration
ConfigService - Runtime configuration loader for frontend
AppConfig interface - Type-safe configuration definition
docker-entrypoint.sh - Generates runtime config from environment variables
docker-compose.yml - Docker Compose configuration for all environments
RateLimitService - Token bucket rate limiting using Bucket4j
RateLimitHeaders - Constants for rate limit HTTP headers
RateLimitProperties - Configurable rate limit settings
GlobalExceptionHandler - Centralized exception handling with @RestControllerAdvice
ResourceNotFoundException - Standard 404 exception
TooManyRequestsException - Rate limit 429 exception
ErrorResponse - Consistent error response DTO
ValidPassword - Custom password validation annotation
PasswordValidator - Password length validation (12+ chars)
application-dev.yml - Development profile configuration
Spring Boot Actuator for health/metrics endpoints
Bucket4j dependency for rate limiting
Jackson JSR310 for Java 8+ date/time serialization
Checkstyle configuration for code quality

main.ts - Added APP_INITIALIZER for ConfigService (standalone bootstrap)
Dockerfile (client) - Added entrypoint script for runtime config generation
logback-spring.xml - Profile-based logging (!prod = verbose, prod = minimal)
docker-compose.yml - Added dev header comment for clarity
WebSecurityConfig - CORS with origin patterns, CSRF with cookie tokens
JwtTokenProvider - Added validateToken() method with comprehensive error handling
JwtTokenAuthenticationFilter - Uses provider's validation method
AuthenticationController - Rate limiting on login/register, validation annotations
AuthenticationServiceImpl - Fixed @Transactional annotations, safe Optional handling
SignupRequest - Added @ValidPassword annotation
LoginRequest - Added @Email annotation
AppWebUtils - Added getClientIP() utility method
auth.interceptor.ts - CSRF token header for state-changing requests
environment.prod.ts - Fixed apiUrl for nginx proxy (empty string)