# Backend & Infrastructure

#####   


##### <span style="white-space: pre-wrap;">This page covers the core parts of the backend whicih works with </span>**Spring Boot.**

##### Consider taking a proper look at the SpringBoot's documentation. It is not hard, most of the backend code are basic spring boot elements and concepts

##### [https://docs.spring.io/spring-boot/index.html](https://docs.spring.io/spring-boot/index.html)

## 1. Technical Core

- **Language/Framework:**<span style="white-space: pre-wrap;"> Java 21 (Eclipse Temurin) using Spring Boot 3.4.0.</span>
- **Build System:**<span style="white-space: pre-wrap;"> Gradle. The project is built inside the container using </span>`<span class="editor-theme-code">./gradlew build</span>`.
- **API Port:**<span style="white-space: pre-wrap;"> The backend runs internally on port </span>`<span class="editor-theme-code">8081</span>`.

## 2. The Bootstrap Logic (Admin Seeder)

<span style="white-space: pre-wrap;">We have a custom safety mechanism called </span>`<span class="editor-theme-code">AdminUserSeeder.java</span>`.

- **The Purpose:**<span style="white-space: pre-wrap;"> If the database is fresh (0 users), the app will automatically create a "Super User."</span>
- **Requirement:**<span style="white-space: pre-wrap;"> You </span>**must**<span style="white-space: pre-wrap;"> provide </span>`<span class="editor-theme-code">ADMIN_USER</span>`<span style="white-space: pre-wrap;"> and </span>`<span class="editor-theme-code">ADMIN_PASS</span>`<span style="white-space: pre-wrap;"> environment variables in your </span>`<span class="editor-theme-code">.env</span>`<span style="white-space: pre-wrap;"> file for the first startup.</span>
- **Behavior:**<span style="white-space: pre-wrap;"> If an admin already exists in the </span>`<span class="editor-theme-code">admin_users</span>`<span style="white-space: pre-wrap;"> table, this seeder does nothing.</span>

## 3. Security &amp; Session Management

We use a hybrid security model to ensure the team can always access the dashboard.

- **Google OAuth 2.0:**<span style="white-space: pre-wrap;"> Primary login for team members. Emails must be whitelisted in the Google Cloud Console.</span>
- **Spring Session (JDBC):**<span style="white-space: pre-wrap;"> Unlike standard apps, we store sessions in the </span>**PostgreSQL database**<span style="white-space: pre-wrap;"> (table: </span>`<span class="editor-theme-code">SPRING_SESSION</span>`).
    - **Benefit:**<span style="white-space: pre-wrap;"> If the backend container restarts or updates, users are </span>**not**<span style="white-space: pre-wrap;"> logged out.</span>
- **Cookie Policy:**<span style="white-space: pre-wrap;"> </span>`<span class="editor-theme-code">SameSite=Lax</span>`<span style="white-space: pre-wrap;"> and </span>`<span class="editor-theme-code">HttpOnly</span>`<span style="white-space: pre-wrap;"> are enabled.</span>
    - **Note:**<span style="white-space: pre-wrap;"> In full production with HTTPS, </span>`<span class="editor-theme-code">server.servlet.session.cookie.secure</span>`<span style="white-space: pre-wrap;"> should be set to </span>`<span class="editor-theme-code">true</span>`.

## 4. Database &amp; Persistence

<span style="white-space: pre-wrap;">We use </span>**PostgreSQL 15**<span style="white-space: pre-wrap;"> as our source of truth.</span>

- **JPA/Hibernate:**<span style="white-space: pre-wrap;"> Configured with </span>`<span class="editor-theme-code">ddl-auto: update</span>`. This automatically creates tables based on Java Entities.
- **File Uploads:**<span style="white-space: pre-wrap;"> News images and team photos are stored in </span>`<span class="editor-theme-code">/app/uploads</span>`.
- **Volumes:**<span style="white-space: pre-wrap;"> To ensure data isn't lost when containers stop, we use two named volumes:</span>
    - `<span class="editor-theme-code">postgres_data</span>`: For all SQL records.
    - `<span class="editor-theme-code">uploads_data</span>`: For all physical images.