Library Management System | Spring Backend

CoolLib — Distributed Library Core API

Spring Boot 3.4 PostgreSQL JWT Security Kotlin

A high-performance backend ecosystem engineered with Clean Architecture. It implements a strict separation between JPA Entities and DTOs, serving as the central orchestration hub for both Android (Kotlin) and iOS (SwiftUI) clients.

Source Code API Security

Project Overview

CoolLib Backend is a robust RESTful service built with Spring Boot 3.4 and Kotlin. Beyond standard CRUD operations, it manages complex business logic layers to ensure data consistency, security, and seamless synchronization across the mobile ecosystem.

Key Technical Wins

Layered Architecture

Strictly follows the Controller-Service-Repository pattern, ensuring complete decoupling between business logic and data access layers.

Secure Sessions

Integrated Spring Security with JWT (JSON Web Tokens) to provide a stateless authentication mechanism tailored for mobile clients.

Persistence Layer

Leverages PostgreSQL and Spring Data JPA, ensuring the atomicity of borrowing operations through @Transactional services.

Performance Optimization

Reduced network overhead via DTO Projections and optimized database indexing for high-speed book searches.

System Architecture

Architecture Design

graph TD A[CoolLib Android Jetpack Compose] B[CoolLib iOS SwiftUI + SwiftData] C{Restful API Spring MVC + JWT} D[Business Logic Book Service Layer] E[Data Access Spring Data JPA] F[(Persistence PostgreSQL)] A --> C B --> C C --> D D --> E E --> F style A fill:#3DDC84,stroke:#2eb26a,stroke-width:2px,color:#fff style B fill:#5AC8FA,stroke:#3fa7d6,stroke-width:2px,color:#fff style C fill:#6DB33F,stroke:#5a9234,stroke-width:2px,color:#fff style D fill:#4CAF50,stroke:#3d8b40,stroke-width:1px,color:#fff style E fill:#388E3C,stroke:#2e7031,stroke-width:1px,color:#fff style F fill:#336791,stroke:#264e6e,stroke-width:2px,color:#fff linkStyle default stroke:#8B4513,stroke-width:1.5px

*The backend follows a strict Stateless pattern.*

Authentication Flow

JWT Authentication Flow

sequenceDiagram autonumber participant Mobile as Mobile App participant Spring as Spring Boot API participant JWT as JwtProvider participant DB as PostgreSQL Note over Mobile, DB: 1. Login & Token Generation Mobile->>Spring: POST /api/auth/login Spring->>DB: Validate Credentials (BCrypt) DB-->>Spring: User Found & Matches Spring->>JWT: Generate Claims (UserID, Role) JWT-->>Spring: Return Signed JWT Spring-->>Mobile: 200 OK (Access Token) Note over Mobile, DB: 2. Authorized Request (Stateless) Mobile->>Spring: POST /api/loan (Header: Bearer <token>) Spring->>JWT: Validate Signature & Claims JWT-->>Spring: Token Valid (User: Ryan) Spring->>DB: Execute Loan Books Business DB-->>Spring: Return Data

*The security layer uses a OncePerRequestFilter to intercept and validate JWTs.*

Tech Stack

Core Framework: Spring Boot 3.4, Kotlin (JVM 17), Maven
Security: JWT, Spring Security, BCrypt Password Hashing
Data Management: PostgreSQL, Spring Data JPA, Hibernate ORM
Standards: RESTful API Design, Docker-Ready Deployment

Core Features

Identity Management

Advanced Search

Transaction Logic

Standardized Responses

Method	Endpoint	Description
POST	`/api/v1/auth/login`	Verify credentials and issue a JWT Access Token.
POST	`/api/v1/borrow/scan`	Process borrowing via Barcode/ISBN scan. In Dev
GET	`/api/v1/stats/loans`	Fetch aggregate data of active loans and trends. Planned
GET	`/api/v1/users/profile`	Retrieve identity claims from the decrypted JWT payload.
GET	`/api/v1/auth/validate`	Check if the current token is expired or blacklisted.

Method	Endpoint	Description
GET	`/api/v1/books/search`	Multi-criteria filtering by Title, Author, Publisher, and Year.
GET	`/api/v1/books/fuzzy`	Fuzzy search using Levenshtein Distance or partial matching logic. In Dev
GET	`/api/v1/books/recommend`	Content-based filtering using User Borrowing History. Planned
GET	`/api/v1/books/isbn/{isbn}`	Direct lookup via 10 or 13-digit International Standard Book Number.

Transaction Processing Pipeline

ACID SECURE

Identity Authorization
Extract userId & roles from JWT claims.
Concurrency Locking
Execute SELECT FOR UPDATE to prevent race conditions.
Business Validation
Verify stock availability and user borrow limits.

                                Atomic Commit

                                Persist LoanRecord & update Inventory.
                            

Managed by Spring @Transactional logic.

book_dto_response.json

Large Content Handling

To optimize network bandwidth for mobile clients, long descriptions are truncated in search results and fully loaded only via the /details endpoint.

{
  "status": "SUCCESS",
  "data": {
    "id": 262,
    "isbn": "9780099590088",
    "title": "Sapiens: A Brief History of Humankind",
    "author": "Yuval Noah Harari",
    "publisher": "Vintage",
    "year": 2011,
    "available": true,
    "description": "// [Omitted: 2,500+ characters of content] ..."
  },
  "_metadata": {
    "content_length": 2541,
    "truncated": true
  }
}

Performance Win: This partial loading strategy reduces the average payload size by 85% for book catalog browsing on mobile devices.

Mobile Connectivity

Both Android and iOS clients interact with this backend through standard REST endpoints.

Required Header:


                    Authorization: Bearer <token>

MENU