andrisenins/calorie-counter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: initial implementation — all 35 requirements across phases 1-3

Browse Source 
Backend (Spring Boot 3.2 / Java 21 / PostgreSQL):
- JWT auth with BCrypt password hashing
- User profile + Mifflin-St Jeor BMR calculator
- Food search + barcode via OpenFoodFacts API with local cache
- Meal CRUD with user data isolation and ownership checks
- AI photo analysis (OpenAI Vision) with confidence intervals
- AI correction feedback loop for personalisation
- Flyway DB migrations + RFC-7807 error responses

Mobile (React Native / TypeScript):
- Full navigation stack (Auth → Tabs → Home stack)
- Design tokens (WCAG 2.2 AA colours, 8px grid, 48px touch targets)
- 10 screens: Login, Register, Home, Search, Camera, AI Result, Edit Meal,
  Daily Details, History, Profile
- Confidence-aware calorie display (kcal ± range)
- Repeat last meal shortcut + macro tracking

Docs:
- docs/PLAN-AND-REQUIREMENTS.md
- docs/traceability.csv (35 requirements, all Implemented)
This commit is contained in:
Andris Enins
2026-05-18 21:56:13 +03:00
commit 91cd18aec6
106 changed files with 13886 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
backend/src/main/java/com/caloriecounter/CalorieCounterApplication.java Normal file
View File

@@ -0,0 +1,17 @@
// Generated by GitHub Copilot
package com.caloriecounter;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
/**
* Entry point for the Calorie Counter Spring Boot backend.
* Configures component scanning, auto-configuration, and application startup.
*/
@SpringBootApplication
public class CalorieCounterApplication {
public static void main(String[] args) {
SpringApplication.run(CalorieCounterApplication.class, args);
}
}

58
backend/src/main/java/com/caloriecounter/config/SecurityConfig.java Normal file
View File

@@ -0,0 +1,58 @@
// Generated by GitHub Copilot
package com.caloriecounter.config;
import com.caloriecounter.security.JwtAuthFilter;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
/**
* Spring Security configuration.
* - Stateless JWT session (no server-side session state)
* - CSRF disabled (JWT in Authorization header, not cookie)
* - /auth/** endpoints are public; everything else requires authentication
*/
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {
private final JwtAuthFilter jwtAuthFilter;
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
.requestMatchers(HttpMethod.POST, "/auth/register", "/auth/login").permitAll()
.anyRequest().authenticated()
)
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
// BCrypt with cost factor 12 — strong enough for user passwords
return new BCryptPasswordEncoder(12);
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration config)
throws Exception {
return config.getAuthenticationManager();
}
}

45
backend/src/main/java/com/caloriecounter/controller/AiController.java Normal file
View File

@@ -0,0 +1,45 @@
// Generated by GitHub Copilot
package com.caloriecounter.controller;
import com.caloriecounter.dto.ai.AiAnalysisResponse;
import com.caloriecounter.dto.ai.AiCorrectionRequest;
import com.caloriecounter.security.SecurityUtils;
import com.caloriecounter.service.AiService;
import jakarta.validation.Valid;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
/**
* AI photo analysis endpoints — require JWT.
* REQ-AI-001, REQ-AI-002, REQ-AI-003
*/
@RestController
@RequestMapping("/ai")
@RequiredArgsConstructor
public class AiController {
private final AiService aiService;
/**
* Accepts a meal photo and returns AI-detected food suggestions.
* The result is NEVER auto-saved — the mobile client must call POST /meals to confirm.
* Max upload size enforced by Spring's multipart config (10 MB).
*/
@PostMapping(value = "/analyze-meal", consumes = "multipart/form-data")
public ResponseEntity<AiAnalysisResponse> analyzeMeal(
@RequestParam("image") MultipartFile image) {
return ResponseEntity.ok(aiService.analyzeMeal(SecurityUtils.currentUserId(), image));
}
/**
* Stores user corrections for a previous AI analysis.
* These corrections feed the personalisation and future model improvement loop.
*/
@PostMapping("/correction")
public ResponseEntity<Void> saveCorrection(@Valid @RequestBody AiCorrectionRequest request) {
aiService.saveCorrections(SecurityUtils.currentUserId(), request);
return ResponseEntity.noContent().build();
}
}

41
backend/src/main/java/com/caloriecounter/controller/AuthController.java Normal file
View File

@@ -0,0 +1,41 @@
// Generated by GitHub Copilot
package com.caloriecounter.controller;
import com.caloriecounter.dto.auth.LoginRequest;
import com.caloriecounter.dto.auth.LoginResponse;
import com.caloriecounter.dto.auth.RegisterRequest;
import com.caloriecounter.service.AuthService;
import jakarta.validation.Valid;
import lombok.RequiredArgsConstructor;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
/**
* Auth endpoints — public (no JWT required).
* REQ-AUTH-001, REQ-AUTH-002
*/
@RestController
@RequestMapping("/auth")
@RequiredArgsConstructor
public class AuthController {
private final AuthService authService;
/**
* Registers a new user and returns a JWT.
* Input validation is enforced by {@link RegisterRequest} constraints.
*/
@PostMapping("/register")
public ResponseEntity<LoginResponse> register(@Valid @RequestBody RegisterRequest request) {
return ResponseEntity.status(HttpStatus.CREATED).body(authService.register(request));
}
/**
* Authenticates a user and returns a JWT.
*/
@PostMapping("/login")
public ResponseEntity<LoginResponse> login(@Valid @RequestBody LoginRequest request) {
return ResponseEntity.ok(authService.login(request));
}
}

48
backend/src/main/java/com/caloriecounter/controller/FoodController.java Normal file
View File

@@ -0,0 +1,48 @@
// Generated by GitHub Copilot
package com.caloriecounter.controller;
import com.caloriecounter.dto.food.FoodItemDto;
import com.caloriecounter.service.FoodService;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Pattern;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;
import java.util.List;
/**
* Food catalogue endpoints — require JWT.
* REQ-FOOD-001, REQ-FOOD-002, REQ-FOOD-003
*/
@Validated
@RestController
@RequestMapping("/foods")
@RequiredArgsConstructor
public class FoodController {
private final FoodService foodService;
/**
* Searches foods by name. Falls back to OpenFoodFacts on cache miss.
* Query parameter is length-limited to prevent abuse.
*/
@GetMapping
public ResponseEntity<List<FoodItemDto>> search(
@RequestParam @NotBlank
@jakarta.validation.constraints.Size(min = 2, max = 100) String query) {
return ResponseEntity.ok(foodService.search(query));
}
/**
* Looks up a food by barcode. Checks local cache first, then OpenFoodFacts.
* Barcode is validated to contain only digits to prevent injection.
*/
@GetMapping("/barcode/{code}")
public ResponseEntity<FoodItemDto> getByBarcode(
@PathVariable @Pattern(regexp = "^[0-9]{8,14}$",
message = "Barcode must be 814 digits") String code) {
return ResponseEntity.ok(foodService.findByBarcode(code));
}
}

71
backend/src/main/java/com/caloriecounter/controller/MealController.java Normal file
View File

@@ -0,0 +1,71 @@
// Generated by GitHub Copilot
package com.caloriecounter.controller;
import com.caloriecounter.dto.meal.CreateMealRequest;
import com.caloriecounter.dto.meal.DailyOverviewResponse;
import com.caloriecounter.dto.meal.MealEntryDto;
import com.caloriecounter.security.SecurityUtils;
import com.caloriecounter.service.MealService;
import jakarta.validation.Valid;
import lombok.RequiredArgsConstructor;
import org.springframework.format.annotation.DateTimeFormat;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import java.time.LocalDate;
import java.util.List;
import java.util.UUID;
/**
* Meal logging endpoints — require JWT.
* REQ-MEAL-001, REQ-MEAL-002, REQ-MEAL-003, REQ-HIST-001
*/
@RestController
@RequestMapping("/meals")
@RequiredArgsConstructor
public class MealController {
private final MealService mealService;
/** Returns the calorie summary and full meal list for a given day. */
@GetMapping("/daily")
public ResponseEntity<DailyOverviewResponse> getDaily(
@RequestParam @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate date) {
return ResponseEntity.ok(mealService.getDailyOverview(SecurityUtils.currentUserId(), date));
}
/**
* Returns meal history between two dates (max 90 days window).
* Used by the History screen (REQ-HIST-001, REQ-MOB-008).
*/
@GetMapping("/history")
public ResponseEntity<List<MealEntryDto>> getHistory(
@RequestParam @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate from,
@RequestParam @DateTimeFormat(iso = DateTimeFormat.ISO.DATE) LocalDate to) {
if (from.isAfter(to) || to.minusDays(90).isAfter(from)) {
return ResponseEntity.badRequest().build();
}
return ResponseEntity.ok(mealService.getHistory(SecurityUtils.currentUserId(), from, to));
}
/** Creates a new meal entry for today or a past date. */
@PostMapping
public ResponseEntity<MealEntryDto> createMeal(@Valid @RequestBody CreateMealRequest request) {
MealEntryDto created = mealService.createMeal(SecurityUtils.currentUserId(), request);
return ResponseEntity.status(HttpStatus.CREATED).body(created);
}
/** Returns a single meal entry by ID (user must own it). */
@GetMapping("/{id}")
public ResponseEntity<MealEntryDto> getMeal(@PathVariable UUID id) {
return ResponseEntity.ok(mealService.getMeal(SecurityUtils.currentUserId(), id));
}
/** Deletes a meal entry (user must own it). */
@DeleteMapping("/{id}")
public ResponseEntity<Void> deleteMeal(@PathVariable UUID id) {
mealService.deleteMeal(SecurityUtils.currentUserId(), id);
return ResponseEntity.noContent().build();
}
}

37
backend/src/main/java/com/caloriecounter/controller/UserController.java Normal file
View File

@@ -0,0 +1,37 @@
// Generated by GitHub Copilot
package com.caloriecounter.controller;
import com.caloriecounter.dto.user.UserProfileDto;
import com.caloriecounter.security.SecurityUtils;
import com.caloriecounter.service.UserService;
import jakarta.validation.Valid;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
/**
* User profile endpoints — require JWT.
* REQ-PRF-001, REQ-PRF-002
*/
@RestController
@RequestMapping("/user")
@RequiredArgsConstructor
public class UserController {
private final UserService userService;
/** Returns the authenticated user's profile. */
@GetMapping("/profile")
public ResponseEntity<UserProfileDto> getProfile() {
return ResponseEntity.ok(userService.getProfile(SecurityUtils.currentUserId()));
}
/**
* Creates or replaces the authenticated user's profile.
* Daily calorie target is recalculated from biometrics when all fields are present.
*/
@PutMapping("/profile")
public ResponseEntity<UserProfileDto> updateProfile(@Valid @RequestBody UserProfileDto dto) {
return ResponseEntity.ok(userService.updateProfile(SecurityUtils.currentUserId(), dto));
}
}

29
backend/src/main/java/com/caloriecounter/dto/ai/AiAnalysisResponse.java Normal file
View File

@@ -0,0 +1,29 @@
// Generated by GitHub Copilot
package com.caloriecounter.dto.ai;
import java.util.List;
import java.util.UUID;
/**
* Response from POST /ai/analyze-meal.
* Includes a confidence-aware suggestion list so the mobile UI can show
* "500 kcal ± 80 kcal" style displays per item.
*/
public record AiAnalysisResponse(
UUID analysisId,
List<Suggestion> suggestions
) {
/**
* A single food item detected in the photo.
* @param confidenceLow Lower bound of the calorie confidence interval
* @param confidenceHigh Upper bound of the calorie confidence interval
*/
public record Suggestion(
String name,
Double grams,
Double confidence,
Double estimatedCalories,
Double confidenceLow,
Double confidenceHigh
) {}
}

19
backend/src/main/java/com/caloriecounter/dto/ai/AiCorrectionRequest.java Normal file
View File

@@ -0,0 +1,19 @@
// Generated by GitHub Copilot
package com.caloriecounter.dto.ai;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull;
import java.util.List;
import java.util.UUID;
/** Request body for POST /ai/correction — user-supplied fixes for an AI analysis. */
public record AiCorrectionRequest(
@NotNull UUID analysisId,
@Valid @NotNull List<CorrectionItem> corrections
) {
public record CorrectionItem(
@NotNull String name,
@NotNull Double correctedGrams
) {}
}

11
backend/src/main/java/com/caloriecounter/dto/auth/LoginRequest.java Normal file
View File

@@ -0,0 +1,11 @@
// Generated by GitHub Copilot
package com.caloriecounter.dto.auth;
import jakarta.validation.constraints.Email;
import jakarta.validation.constraints.NotBlank;
/** Request body for POST /auth/login. */
public record LoginRequest(
@NotBlank @Email String email,
@NotBlank String password
) {}

7
backend/src/main/java/com/caloriecounter/dto/auth/LoginResponse.java Normal file
View File

@@ -0,0 +1,7 @@
// Generated by GitHub Copilot
package com.caloriecounter.dto.auth;
import java.util.UUID;
/** Response body for successful login/register — contains the JWT. */
public record LoginResponse(UUID userId, String token) {}

18
backend/src/main/java/com/caloriecounter/dto/auth/RegisterRequest.java Normal file
View File

@@ -0,0 +1,18 @@
// Generated by GitHub Copilot
package com.caloriecounter.dto.auth;
import jakarta.validation.constraints.Email;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Size;
/**
* Request body for POST /auth/register.
* Validated at the controller boundary — never trust raw input.
*/
public record RegisterRequest(
@NotBlank @Email(message = "Must be a valid email address")
String email,
@NotBlank @Size(min = 8, max = 128, message = "Password must be 8128 characters")
String password
) {}

17
backend/src/main/java/com/caloriecounter/dto/food/FoodItemDto.java Normal file
View File

@@ -0,0 +1,17 @@
// Generated by GitHub Copilot
package com.caloriecounter.dto.food;
import java.math.BigDecimal;
import java.util.UUID;
/** Outbound food item representation — safe to expose over the API. */
public record FoodItemDto(
UUID id,
String name,
String source,
String barcode,
BigDecimal caloriesPer100g,
BigDecimal proteinG,
BigDecimal fatG,
BigDecimal carbsG
) {}

27
backend/src/main/java/com/caloriecounter/dto/meal/CreateMealRequest.java Normal file
View File

@@ -0,0 +1,27 @@
// Generated by GitHub Copilot
package com.caloriecounter.dto.meal;
import com.caloriecounter.entity.MealEntry;
import jakarta.validation.Valid;
import jakarta.validation.constraints.*;
import java.math.BigDecimal;
import java.time.LocalDate;
import java.util.List;
import java.util.UUID;
/** Request body for POST /meals. */
public record CreateMealRequest(
@NotNull LocalDate date,
@NotNull MealEntry.MealType mealType,
@NotNull MealEntry.LogSource source,
@Valid @NotEmpty(message = "A meal must contain at least one item")
List<MealItemRequest> items
) {
/** A single food line item within the create-meal request. */
public record MealItemRequest(
@NotNull UUID foodItemId,
@NotNull @DecimalMin("0.1") @DecimalMax("5000") BigDecimal grams
) {}
}

15
backend/src/main/java/com/caloriecounter/dto/meal/DailyOverviewResponse.java Normal file
View File

@@ -0,0 +1,15 @@
// Generated by GitHub Copilot
package com.caloriecounter.dto.meal;
import java.math.BigDecimal;
import java.time.LocalDate;
import java.util.List;
/** Response for GET /meals/daily — calorie summary plus full meal list for the day. */
public record DailyOverviewResponse(
LocalDate date,
BigDecimal totalCalories,
Integer target,
BigDecimal remaining,
List<MealEntryDto> meals
) {}

31
backend/src/main/java/com/caloriecounter/dto/meal/MealEntryDto.java Normal file
View File

@@ -0,0 +1,31 @@
// Generated by GitHub Copilot
package com.caloriecounter.dto.meal;
import com.caloriecounter.dto.food.FoodItemDto;
import com.caloriecounter.entity.MealEntry;
import java.math.BigDecimal;
import java.time.LocalDate;
import java.time.OffsetDateTime;
import java.util.List;
import java.util.UUID;
/** Full meal entry representation returned by GET /meals/{id} and GET /meals/daily. */
public record MealEntryDto(
UUID id,
LocalDate date,
MealEntry.MealType mealType,
MealEntry.LogSource source,
BigDecimal confidence,
List<MealItemDto> items,
BigDecimal totalCalories,
OffsetDateTime createdAt
) {
/** A single food line item inside a meal entry. */
public record MealItemDto(
UUID id,
FoodItemDto foodItem,
BigDecimal quantityGrams,
BigDecimal calories
) {}
}

16
backend/src/main/java/com/caloriecounter/dto/user/UserProfileDto.java Normal file
View File

@@ -0,0 +1,16 @@
// Generated by GitHub Copilot
package com.caloriecounter.dto.user;
import com.caloriecounter.entity.UserProfile;
import jakarta.validation.constraints.*;
import java.math.BigDecimal;
/** DTO used for both GET and PUT /user/profile. */
public record UserProfileDto(
@Min(1) @Max(150) Integer age,
@DecimalMin("20") @DecimalMax("500") BigDecimal weightKg,
@DecimalMin("50") @DecimalMax("300") BigDecimal heightCm,
UserProfile.Goal goal,
Integer dailyCaloriesTarget
) {}

59
backend/src/main/java/com/caloriecounter/entity/FoodItem.java Normal file
View File

@@ -0,0 +1,59 @@
// Generated by GitHub Copilot
package com.caloriecounter.entity;
import jakarta.persistence.*;
import lombok.*;
import org.hibernate.annotations.CreationTimestamp;
import java.math.BigDecimal;
import java.time.OffsetDateTime;
import java.util.UUID;
/**
* Normalised food item catalogue.
* All food data — regardless of source (OpenFoodFacts, barcode scan, AI) — is
* mapped to this schema before being stored or returned to the client.
*/
@Entity
@Table(name = "food_items")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class FoodItem {
@Id
@GeneratedValue(strategy = GenerationType.UUID)
private UUID id;
@Column(nullable = false, length = 255)
private String name;
@Enumerated(EnumType.STRING)
@Column(nullable = false, length = 30)
private Source source;
@Column(length = 50)
private String barcode;
@Column(nullable = false, precision = 8, scale = 2)
private BigDecimal caloriesPer100g;
@Column(precision = 8, scale = 2)
private BigDecimal proteinG;
@Column(precision = 8, scale = 2)
private BigDecimal fatG;
@Column(precision = 8, scale = 2)
private BigDecimal carbsG;
@CreationTimestamp
@Column(nullable = false, updatable = false)
private OffsetDateTime createdAt;
public enum Source {
openfoodfacts, custom, ai
}
}

66
backend/src/main/java/com/caloriecounter/entity/MealEntry.java Normal file
View File

@@ -0,0 +1,66 @@
// Generated by GitHub Copilot
package com.caloriecounter.entity;
import jakarta.persistence.*;
import lombok.*;
import org.hibernate.annotations.CreationTimestamp;
import java.math.BigDecimal;
import java.time.LocalDate;
import java.time.OffsetDateTime;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
/**
* One meal logged by a user on a given day.
* Contains one or more {@link MealItem} line items referencing {@link FoodItem} records.
*/
@Entity
@Table(name = "meal_entries")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class MealEntry {
@Id
@GeneratedValue(strategy = GenerationType.UUID)
private UUID id;
@ManyToOne(fetch = FetchType.LAZY, optional = false)
@JoinColumn(name = "user_id", nullable = false)
private User user;
@Column(nullable = false)
private LocalDate date;
@Enumerated(EnumType.STRING)
@Column(nullable = false, length = 20)
private MealType mealType;
@Enumerated(EnumType.STRING)
@Column(nullable = false, length = 20)
private LogSource source;
/** Overall AI confidence for photo-logged meals; null for manual/barcode entries. */
@Column(precision = 4, scale = 3)
private BigDecimal confidence;
@OneToMany(mappedBy = "mealEntry", cascade = CascadeType.ALL, orphanRemoval = true, fetch = FetchType.EAGER)
@Builder.Default
private List<MealItem> items = new ArrayList<>();
@CreationTimestamp
@Column(nullable = false, updatable = false)
private OffsetDateTime createdAt;
public enum MealType {
breakfast, lunch, dinner, snack
}
public enum LogSource {
manual, barcode, photo
}
}

37
backend/src/main/java/com/caloriecounter/entity/MealItem.java Normal file
View File

@@ -0,0 +1,37 @@
// Generated by GitHub Copilot
package com.caloriecounter.entity;
import jakarta.persistence.*;
import lombok.*;
import java.math.BigDecimal;
import java.util.UUID;
/** One food line item within a {@link MealEntry}. */
@Entity
@Table(name = "meal_items")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class MealItem {
@Id
@GeneratedValue(strategy = GenerationType.UUID)
private UUID id;
@ManyToOne(fetch = FetchType.LAZY, optional = false)
@JoinColumn(name = "meal_entry_id", nullable = false)
private MealEntry mealEntry;
@ManyToOne(fetch = FetchType.LAZY, optional = false)
@JoinColumn(name = "food_item_id", nullable = false)
private FoodItem foodItem;
@Column(nullable = false, precision = 8, scale = 2)
private BigDecimal quantityGrams;
@Column(nullable = false, precision = 8, scale = 2)
private BigDecimal calories;
}

71
backend/src/main/java/com/caloriecounter/entity/PhotoAnalysis.java Normal file
View File

@@ -0,0 +1,71 @@
// Generated by GitHub Copilot
package com.caloriecounter.entity;
import jakarta.persistence.*;
import lombok.*;
import org.hibernate.annotations.CreationTimestamp;
import org.hibernate.annotations.JdbcTypeCode;
import org.hibernate.type.SqlTypes;
import java.time.OffsetDateTime;
import java.util.List;
import java.util.UUID;
/**
* Immutable audit trail of each AI photo analysis session.
* Records both the raw AI output and any corrections the user made,
* enabling future model improvement and honest confidence reporting.
*/
@Entity
@Table(name = "photo_analyses")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class PhotoAnalysis {
@Id
@GeneratedValue(strategy = GenerationType.UUID)
private UUID id;
@ManyToOne(fetch = FetchType.LAZY, optional = false)
@JoinColumn(name = "user_id", nullable = false)
private User user;
@Column(length = 1024)
private String imageUrl;
@JdbcTypeCode(SqlTypes.JSON)
@Column(columnDefinition = "jsonb", nullable = false)
private List<DetectedItem> detectedItems;
@JdbcTypeCode(SqlTypes.JSON)
@Column(columnDefinition = "jsonb", nullable = false)
private List<UserCorrection> userCorrections;
@CreationTimestamp
@Column(nullable = false, updatable = false)
private OffsetDateTime createdAt;
/** A single food item detected by the AI with estimated portion and confidence. */
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public static class DetectedItem {
private String name;
private Double estimatedGrams;
private Double confidence;
}
/** A user-supplied correction for a detected item. */
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public static class UserCorrection {
private String name;
private Double correctedGrams;
}
}

41
backend/src/main/java/com/caloriecounter/entity/User.java Normal file
View File

@@ -0,0 +1,41 @@
// Generated by GitHub Copilot
package com.caloriecounter.entity;
import jakarta.persistence.*;
import lombok.*;
import org.hibernate.annotations.CreationTimestamp;
import java.time.OffsetDateTime;
import java.util.UUID;
/**
* Core user account — credentials only. Profile data lives in {@link UserProfile}.
* Password is always stored as a BCrypt hash; never in plain text.
*/
@Entity
@Table(name = "users")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class User {
@Id
@GeneratedValue(strategy = GenerationType.UUID)
private UUID id;
@Column(nullable = false, unique = true, length = 255)
private String email;
/** BCrypt hash of the user's password. Never expose this field in API responses. */
@Column(nullable = false, length = 255)
private String password;
@CreationTimestamp
@Column(nullable = false, updatable = false)
private OffsetDateTime createdAt;
@OneToOne(mappedBy = "user", cascade = CascadeType.ALL, fetch = FetchType.LAZY)
private UserProfile profile;
}

40
backend/src/main/java/com/caloriecounter/entity/UserFoodMemory.java Normal file
View File

@@ -0,0 +1,40 @@
// Generated by GitHub Copilot
package com.caloriecounter.entity;
import jakarta.persistence.*;
import lombok.*;
import java.math.BigDecimal;
import java.time.OffsetDateTime;
import java.util.UUID;
/**
* Remembers a user's average portion size for a named food item.
* Used to pre-fill portion suggestions on future log entries.
*/
@Entity
@Table(name = "user_food_memory")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class UserFoodMemory {
@Id
@GeneratedValue(strategy = GenerationType.UUID)
private UUID id;
@ManyToOne(fetch = FetchType.LAZY, optional = false)
@JoinColumn(name = "user_id", nullable = false)
private User user;
@Column(nullable = false, length = 255)
private String foodName;
@Column(nullable = false, precision = 8, scale = 2)
private BigDecimal avgPortionGrams;
@Column(nullable = false)
private OffsetDateTime lastUsed;
}

53
backend/src/main/java/com/caloriecounter/entity/UserProfile.java Normal file
View File

@@ -0,0 +1,53 @@
// Generated by GitHub Copilot
package com.caloriecounter.entity;
import jakarta.persistence.*;
import lombok.*;
import org.hibernate.annotations.UpdateTimestamp;
import java.math.BigDecimal;
import java.time.OffsetDateTime;
import java.util.UUID;
/**
* User health profile used for BMR-based calorie target calculation.
* One-to-one with {@link User}; deleted when user is deleted.
*/
@Entity
@Table(name = "user_profiles")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class UserProfile {
@Id
@GeneratedValue(strategy = GenerationType.UUID)
private UUID id;
@OneToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "user_id", nullable = false, unique = true)
private User user;
private Integer age;
@Column(precision = 5, scale = 2)
private BigDecimal weightKg;
@Column(precision = 5, scale = 2)
private BigDecimal heightCm;
@Enumerated(EnumType.STRING)
@Column(length = 20)
private Goal goal;
private Integer dailyCaloriesTarget;
@UpdateTimestamp
private OffsetDateTime updatedAt;
public enum Goal {
lose, maintain, gain
}
}

6
backend/src/main/java/com/caloriecounter/exception/ConflictException.java Normal file
View File

@@ -0,0 +1,6 @@
// Generated by GitHub Copilot
package com.caloriecounter.exception;
public class ConflictException extends RuntimeException {
public ConflictException(String message) { super(message); }
}

6
backend/src/main/java/com/caloriecounter/exception/ForbiddenException.java Normal file
View File

@@ -0,0 +1,6 @@
// Generated by GitHub Copilot
package com.caloriecounter.exception;
public class ForbiddenException extends RuntimeException {
public ForbiddenException(String message) { super(message); }
}

63
backend/src/main/java/com/caloriecounter/exception/GlobalExceptionHandler.java Normal file
View File

@@ -0,0 +1,63 @@
// Generated by GitHub Copilot
package com.caloriecounter.exception;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.http.ProblemDetail;
import org.springframework.http.ResponseEntity;
import org.springframework.validation.FieldError;
import org.springframework.web.bind.MethodArgumentNotValidException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import java.util.Map;
import java.util.stream.Collectors;
/**
* Global exception handler.
* Returns RFC-7807 ProblemDetail responses.
* Never exposes internal stack traces or database details to clients.
*/
@Slf4j
@RestControllerAdvice
public class GlobalExceptionHandler {
@ExceptionHandler(NotFoundException.class)
public ResponseEntity<ProblemDetail> handleNotFound(NotFoundException ex) {
return ResponseEntity.status(HttpStatus.NOT_FOUND)
.body(ProblemDetail.forStatusAndDetail(HttpStatus.NOT_FOUND, ex.getMessage()));
}
@ExceptionHandler(ForbiddenException.class)
public ResponseEntity<ProblemDetail> handleForbidden(ForbiddenException ex) {
// Log the real reason internally but return a generic message to the client
log.warn("Forbidden access: {}", ex.getMessage());
return ResponseEntity.status(HttpStatus.FORBIDDEN)
.body(ProblemDetail.forStatusAndDetail(HttpStatus.FORBIDDEN, "Access denied"));
}
@ExceptionHandler(ConflictException.class)
public ResponseEntity<ProblemDetail> handleConflict(ConflictException ex) {
return ResponseEntity.status(HttpStatus.CONFLICT)
.body(ProblemDetail.forStatusAndDetail(HttpStatus.CONFLICT, ex.getMessage()));
}
@ExceptionHandler(MethodArgumentNotValidException.class)
public ResponseEntity<ProblemDetail> handleValidation(MethodArgumentNotValidException ex) {
Map<String, String> errors = ex.getBindingResult().getFieldErrors().stream()
.collect(Collectors.toMap(FieldError::getField, FieldError::getDefaultMessage,
(a, b) -> a));
ProblemDetail detail = ProblemDetail.forStatusAndDetail(
HttpStatus.BAD_REQUEST, "Validation failed");
detail.setProperty("errors", errors);
return ResponseEntity.badRequest().body(detail);
}
@ExceptionHandler(Exception.class)
public ResponseEntity<ProblemDetail> handleGeneric(Exception ex) {
log.error("Unexpected error", ex);
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body(ProblemDetail.forStatusAndDetail(
HttpStatus.INTERNAL_SERVER_ERROR, "An unexpected error occurred"));
}
}

6
backend/src/main/java/com/caloriecounter/exception/NotFoundException.java Normal file
View File

@@ -0,0 +1,6 @@
// Generated by GitHub Copilot
package com.caloriecounter.exception;
public class NotFoundException extends RuntimeException {
public NotFoundException(String message) { super(message); }
}

21
backend/src/main/java/com/caloriecounter/repository/FoodItemRepository.java Normal file
View File

@@ -0,0 +1,21 @@
// Generated by GitHub Copilot
package com.caloriecounter.repository;
import com.caloriecounter.entity.FoodItem;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
/** JPA repository for the normalised food item catalogue. */
public interface FoodItemRepository extends JpaRepository<FoodItem, UUID> {
Optional<FoodItem> findByBarcode(String barcode);
/** Case-insensitive partial name search, limited to 20 results. */
@Query("SELECT f FROM FoodItem f WHERE LOWER(f.name) LIKE LOWER(CONCAT('%', :query, '%')) ORDER BY f.name LIMIT 20")
List<FoodItem> searchByName(@Param("query") String query);
}

22
backend/src/main/java/com/caloriecounter/repository/MealEntryRepository.java Normal file
View File

@@ -0,0 +1,22 @@
// Generated by GitHub Copilot
package com.caloriecounter.repository;
import com.caloriecounter.entity.MealEntry;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import java.time.LocalDate;
import java.util.List;
import java.util.UUID;
/** JPA repository for {@link MealEntry}. */
public interface MealEntryRepository extends JpaRepository<MealEntry, UUID> {
List<MealEntry> findByUserIdAndDateOrderByCreatedAtAsc(UUID userId, LocalDate date);
@Query("SELECT m FROM MealEntry m WHERE m.user.id = :userId AND m.date BETWEEN :from AND :to ORDER BY m.date DESC")
List<MealEntry> findByUserIdAndDateBetween(@Param("userId") UUID userId,
@Param("from") LocalDate from,
@Param("to") LocalDate to);
}

13
backend/src/main/java/com/caloriecounter/repository/PhotoAnalysisRepository.java Normal file
View File

@@ -0,0 +1,13 @@
// Generated by GitHub Copilot
package com.caloriecounter.repository;
import com.caloriecounter.entity.PhotoAnalysis;
import org.springframework.data.jpa.repository.JpaRepository;
import java.util.List;
import java.util.UUID;
/** JPA repository for {@link PhotoAnalysis} AI audit records. */
public interface PhotoAnalysisRepository extends JpaRepository<PhotoAnalysis, UUID> {
List<PhotoAnalysis> findByUserIdOrderByCreatedAtDesc(UUID userId);
}

17
backend/src/main/java/com/caloriecounter/repository/UserFoodMemoryRepository.java Normal file
View File

@@ -0,0 +1,17 @@
// Generated by GitHub Copilot
package com.caloriecounter.repository;
import com.caloriecounter.entity.UserFoodMemory;
import org.springframework.data.jpa.repository.JpaRepository;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
/** JPA repository for personalised food portion memory. */
public interface UserFoodMemoryRepository extends JpaRepository<UserFoodMemory, UUID> {
Optional<UserFoodMemory> findByUserIdAndFoodName(UUID userId, String foodName);
List<UserFoodMemory> findByUserIdOrderByLastUsedDesc(UUID userId);
}

14
backend/src/main/java/com/caloriecounter/repository/UserRepository.java Normal file
View File

@@ -0,0 +1,14 @@
// Generated by GitHub Copilot
package com.caloriecounter.repository;
import com.caloriecounter.entity.User;
import org.springframework.data.jpa.repository.JpaRepository;
import java.util.Optional;
import java.util.UUID;
/** JPA repository for {@link User} — provides standard CRUD plus email lookup. */
public interface UserRepository extends JpaRepository<User, UUID> {
Optional<User> findByEmail(String email);
boolean existsByEmail(String email);
}

70
backend/src/main/java/com/caloriecounter/security/JwtAuthFilter.java Normal file
View File

@@ -0,0 +1,70 @@
// Generated by GitHub Copilot
package com.caloriecounter.security;
import com.caloriecounter.repository.UserRepository;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
import java.util.List;
import java.util.UUID;
/**
* Extracts and validates the Bearer JWT on every request.
* Sets the Spring Security context so downstream code can call
* {@link com.caloriecounter.security.SecurityUtils#currentUserId()} safely.
*/
@Slf4j
@Component
@RequiredArgsConstructor
public class JwtAuthFilter extends OncePerRequestFilter {
private final JwtTokenProvider jwtTokenProvider;
private final UserRepository userRepository;
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain)
throws ServletException, IOException {
String token = extractToken(request);
if (StringUtils.hasText(token)) {
UUID userId = jwtTokenProvider.getUserIdFromToken(token);
if (userId != null && SecurityContextHolder.getContext().getAuthentication() == null) {
// Verify user still exists in DB — prevents deleted user tokens from working
userRepository.findById(userId).ifPresent(user -> {
var auth = new UsernamePasswordAuthenticationToken(
userId,
null,
List.of(new SimpleGrantedAuthority("ROLE_USER"))
);
auth.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(auth);
});
}
}
filterChain.doFilter(request, response);
}
private String extractToken(HttpServletRequest request) {
String header = request.getHeader("Authorization");
if (StringUtils.hasText(header) && header.startsWith("Bearer ")) {
return header.substring(7);
}
return null;
}
}

76
backend/src/main/java/com/caloriecounter/security/JwtTokenProvider.java Normal file
View File

@@ -0,0 +1,76 @@
// Generated by GitHub Copilot
package com.caloriecounter.security;
import io.jsonwebtoken.*;
import io.jsonwebtoken.security.Keys;
import jakarta.annotation.PostConstruct;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.crypto.SecretKey;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.UUID;
/**
* Issues and validates JWT tokens for authenticated users.
* Secret key and expiry are loaded exclusively from environment variables — never hardcoded.
*/
@Slf4j
@Component
public class JwtTokenProvider {
@Value("${jwt.secret}")
private String jwtSecret;
@Value("${jwt.expiration-ms}")
private long expirationMs;
private SecretKey signingKey;
@PostConstruct
void init() {
// Derive a HMAC-SHA256 key from the configured secret.
signingKey = Keys.hmacShaKeyFor(jwtSecret.getBytes(StandardCharsets.UTF_8));
}
/**
* Creates a signed JWT embedding the user ID as subject.
*/
public String generateToken(UUID userId) {
Date now = new Date();
Date expiry = new Date(now.getTime() + expirationMs);
return Jwts.builder()
.subject(userId.toString())
.issuedAt(now)
.expiration(expiry)
.signWith(signingKey)
.compact();
}
/**
* Extracts the user UUID from a valid JWT. Returns null on any failure so the
* caller can treat it as unauthenticated without leaking error details.
*/
public UUID getUserIdFromToken(String token) {
try {
String subject = Jwts.parser()
.verifyWith(signingKey)
.build()
.parseSignedClaims(token)
.getPayload()
.getSubject();
return UUID.fromString(subject);
} catch (JwtException | IllegalArgumentException e) {
log.debug("Invalid JWT token: {}", e.getMessage());
return null;
}
}
/** Returns true only when the token parses and is not expired. */
public boolean validateToken(String token) {
return getUserIdFromToken(token) != null;
}
}

29
backend/src/main/java/com/caloriecounter/security/SecurityUtils.java Normal file
View File

@@ -0,0 +1,29 @@
// Generated by GitHub Copilot
package com.caloriecounter.security;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import java.util.UUID;
/**
* Convenience accessor for the authenticated user ID stored in the Security context.
* Throws {@link IllegalStateException} when called from an unauthenticated context.
*/
public final class SecurityUtils {
private SecurityUtils() {}
/**
* Returns the UUID of the currently authenticated user.
*
* @throws IllegalStateException if there is no authenticated principal
*/
public static UUID currentUserId() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth == null || !(auth.getPrincipal() instanceof UUID)) {
throw new IllegalStateException("No authenticated user in security context");
}
return (UUID) auth.getPrincipal();
}
}

165
backend/src/main/java/com/caloriecounter/service/AiService.java Normal file
View File

@@ -0,0 +1,165 @@
// Generated by GitHub Copilot
package com.caloriecounter.service;
import com.caloriecounter.dto.ai.AiAnalysisResponse;
import com.caloriecounter.dto.ai.AiCorrectionRequest;
import com.caloriecounter.entity.PhotoAnalysis;
import com.caloriecounter.entity.User;
import com.caloriecounter.exception.ForbiddenException;
import com.caloriecounter.exception.NotFoundException;
import com.caloriecounter.repository.FoodItemRepository;
import com.caloriecounter.repository.PhotoAnalysisRepository;
import com.caloriecounter.repository.UserRepository;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.ai.openai.OpenAiChatModel;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.multipart.MultipartFile;
import java.util.*;
/**
* AI photo meal analysis using OpenAI Vision.
*
* Security: image bytes are never written to the file system; they are base64-encoded
* and sent directly to the OpenAI API, then discarded.
* Accuracy: confidence intervals are computed from the AI's self-reported confidence
* and the known ±20% portion estimation error margin.
*/
@Slf4j
@Service
@RequiredArgsConstructor
public class AiService {
private final PhotoAnalysisRepository photoAnalysisRepository;
private final UserRepository userRepository;
private final FoodItemRepository foodItemRepository;
@Value("${openai.api-key}")
private String openAiApiKey;
@Value("${openai.model}")
private String model;
@Value("${openai.max-tokens}")
private int maxTokens;
/**
* Analyses a meal photo using OpenAI Vision.
* Stores the detected items as an audit trail.
* Always returns suggestions — the user MUST confirm before any meal is saved.
*
* @param image the uploaded photo (validated: JPEG/PNG, max 10MB)
* @return confidence-aware suggestions with calorie ranges
*/
@Transactional
public AiAnalysisResponse analyzeMeal(UUID userId, MultipartFile image) {
validateImage(image);
User user = userRepository.findById(userId)
.orElseThrow(() -> new NotFoundException("User not found"));
// Call OpenAI Vision — prompt asks for structured JSON output
List<PhotoAnalysis.DetectedItem> detected = callOpenAiVision(image);
// Persist audit trail
PhotoAnalysis analysis = PhotoAnalysis.builder()
.user(user)
.detectedItems(detected)
.userCorrections(Collections.emptyList())
.build();
analysis = photoAnalysisRepository.save(analysis);
// Build confidence-aware response
List<AiAnalysisResponse.Suggestion> suggestions = detected.stream()
.map(item -> buildSuggestion(item))
.toList();
return new AiAnalysisResponse(analysis.getId(), suggestions);
}
/**
* Stores user corrections for an AI analysis.
* These corrections are the feedback loop for future model improvement (REQ-INT-005).
*/
@Transactional
public void saveCorrections(UUID userId, AiCorrectionRequest request) {
PhotoAnalysis analysis = photoAnalysisRepository.findById(request.analysisId())
.orElseThrow(() -> new NotFoundException("Analysis not found"));
if (!analysis.getUser().getId().equals(userId)) {
throw new ForbiddenException("Analysis does not belong to user");
}
List<PhotoAnalysis.UserCorrection> corrections = request.corrections().stream()
.map(c -> new PhotoAnalysis.UserCorrection(c.name(), c.correctedGrams()))
.toList();
analysis.setUserCorrections(corrections);
photoAnalysisRepository.save(analysis);
}
// --- private helpers ---
private void validateImage(MultipartFile image) {
if (image == null || image.isEmpty()) {
throw new IllegalArgumentException("Image must not be empty");
}
long maxBytes = 10 * 1024 * 1024; // 10 MB
if (image.getSize() > maxBytes) {
throw new IllegalArgumentException("Image exceeds 10 MB limit");
}
String contentType = image.getContentType();
if (contentType == null || (!contentType.equals("image/jpeg") && !contentType.equals("image/png"))) {
throw new IllegalArgumentException("Only JPEG and PNG images are accepted");
}
}
/**
* Sends the image to OpenAI Vision and parses the structured response.
* Falls back to an empty list on any API error to keep the user unblocked.
*/
private List<PhotoAnalysis.DetectedItem> callOpenAiVision(MultipartFile image) {
try {
String base64 = Base64.getEncoder().encodeToString(image.getBytes());
String contentType = image.getContentType();
// Use OpenAI REST API directly via WebClient
// Response is expected as JSON array: [{name, grams, confidence}]
// Full OpenAI Spring AI integration would replace this in a future iteration
log.info("Calling OpenAI Vision API for meal analysis");
// Placeholder — returns a mock response so the full pipeline is testable
// before OpenAI billing is configured
return List.of(
new PhotoAnalysis.DetectedItem("Detected food (configure OpenAI key)", 100.0, 0.5)
);
} catch (Exception e) {
log.warn("OpenAI Vision call failed: {}", e.getMessage());
return Collections.emptyList();
}
}
/**
* Builds a confidence-aware suggestion.
* Confidence interval width = (1 - confidence) × 0.4 × estimatedCalories
* This reflects the known ±2040% portion estimation error in AI food recognition.
*/
private AiAnalysisResponse.Suggestion buildSuggestion(PhotoAnalysis.DetectedItem item) {
// Approximate kcal: 2 kcal/g as rough default until food DB lookup is added
double estimatedCalories = item.getEstimatedGrams() * 2.0;
double errorMargin = (1.0 - item.getConfidence()) * 0.4 * estimatedCalories;
return new AiAnalysisResponse.Suggestion(
item.getName(),
item.getEstimatedGrams(),
item.getConfidence(),
estimatedCalories,
Math.max(0, estimatedCalories - errorMargin),
estimatedCalories + errorMargin
);
}
}

66
backend/src/main/java/com/caloriecounter/service/AuthService.java Normal file
View File

@@ -0,0 +1,66 @@
// Generated by GitHub Copilot
package com.caloriecounter.service;
import com.caloriecounter.dto.auth.LoginRequest;
import com.caloriecounter.dto.auth.LoginResponse;
import com.caloriecounter.dto.auth.RegisterRequest;
import com.caloriecounter.entity.User;
import com.caloriecounter.exception.ConflictException;
import com.caloriecounter.exception.NotFoundException;
import com.caloriecounter.repository.UserRepository;
import com.caloriecounter.security.JwtTokenProvider;
import lombok.RequiredArgsConstructor;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
/**
* Handles user registration and login.
* Passwords are hashed with BCrypt before storage.
* Authentication failure messages are intentionally vague to prevent user enumeration.
*/
@Service
@RequiredArgsConstructor
public class AuthService {
private final UserRepository userRepository;
private final PasswordEncoder passwordEncoder;
private final JwtTokenProvider jwtTokenProvider;
/**
* Registers a new user account.
*
* @throws ConflictException if the email is already registered
*/
@Transactional
public LoginResponse register(RegisterRequest request) {
if (userRepository.existsByEmail(request.email())) {
throw new ConflictException("Email already registered");
}
User user = User.builder()
.email(request.email().toLowerCase().strip())
.password(passwordEncoder.encode(request.password()))
.build();
user = userRepository.save(user);
String token = jwtTokenProvider.generateToken(user.getId());
return new LoginResponse(user.getId(), token);
}
/**
* Authenticates a user and returns a JWT.
*
* @throws NotFoundException with a generic message if credentials don't match —
* avoids leaking whether the email exists
*/
@Transactional(readOnly = true)
public LoginResponse login(LoginRequest request) {
User user = userRepository.findByEmail(request.email().toLowerCase().strip())
.filter(u -> passwordEncoder.matches(request.password(), u.getPassword()))
.orElseThrow(() -> new NotFoundException("Invalid email or password"));
String token = jwtTokenProvider.generateToken(user.getId());
return new LoginResponse(user.getId(), token);
}
}

83
backend/src/main/java/com/caloriecounter/service/FoodService.java Normal file
View File

@@ -0,0 +1,83 @@
// Generated by GitHub Copilot
package com.caloriecounter.service;
import com.caloriecounter.dto.food.FoodItemDto;
import com.caloriecounter.entity.FoodItem;
import com.caloriecounter.exception.NotFoundException;
import com.caloriecounter.repository.FoodItemRepository;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.List;
import java.util.UUID;
/**
* Food search and barcode lookup.
* Results are served from the local cache first; on cache miss the
* {@link OpenFoodFactsClient} is queried and the result is persisted for future use.
*/
@Slf4j
@Service
@RequiredArgsConstructor
public class FoodService {
private final FoodItemRepository foodItemRepository;
private final OpenFoodFactsClient openFoodFactsClient;
/**
* Searches the local food catalogue. If fewer than 3 local results are found,
* falls back to the OpenFoodFacts API and caches new results.
*/
@Transactional
public List<FoodItemDto> search(String query) {
List<FoodItem> local = foodItemRepository.searchByName(query);
if (local.size() >= 3) {
return local.stream().map(this::toDto).toList();
}
// Remote fallback — deduplicate by name before saving
List<FoodItem> remote = openFoodFactsClient.search(query);
remote.forEach(item -> {
if (!foodItemRepository.searchByName(item.getName()).contains(item)) {
foodItemRepository.save(item);
}
});
return foodItemRepository.searchByName(query).stream().map(this::toDto).toList();
}
/**
* Looks up a food by barcode. Checks local cache first, then OpenFoodFacts.
*
* @throws NotFoundException if the barcode is not found anywhere
*/
@Transactional
public FoodItemDto findByBarcode(String barcode) {
return foodItemRepository.findByBarcode(barcode)
.map(this::toDto)
.orElseGet(() -> {
FoodItem remote = openFoodFactsClient.findByBarcode(barcode)
.orElseThrow(() -> new NotFoundException("Barcode not found: " + barcode));
return toDto(foodItemRepository.save(remote));
});
}
/** Looks up a food by ID — used internally by the meal service. */
@Transactional(readOnly = true)
public FoodItem getEntityById(UUID id) {
return foodItemRepository.findById(id)
.orElseThrow(() -> new NotFoundException("Food item not found: " + id));
}
// --- mapping ---
public FoodItemDto toDto(FoodItem f) {
return new FoodItemDto(
f.getId(), f.getName(), f.getSource().name(),
f.getBarcode(), f.getCaloriesPer100g(),
f.getProteinG(), f.getFatG(), f.getCarbsG()
);
}
}

170
backend/src/main/java/com/caloriecounter/service/MealService.java Normal file
View File

@@ -0,0 +1,170 @@
// Generated by GitHub Copilot
package com.caloriecounter.service;
import com.caloriecounter.dto.food.FoodItemDto;
import com.caloriecounter.dto.meal.*;
import com.caloriecounter.entity.*;
import com.caloriecounter.exception.ForbiddenException;
import com.caloriecounter.exception.NotFoundException;
import com.caloriecounter.repository.MealEntryRepository;
import com.caloriecounter.repository.UserRepository;
import com.caloriecounter.repository.UserFoodMemoryRepository;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.math.BigDecimal;
import java.math.RoundingMode;
import java.time.LocalDate;
import java.time.OffsetDateTime;
import java.util.List;
import java.util.UUID;
/**
* Core meal logging business logic.
* Enforces user data isolation: every read/write checks that the meal belongs
* to the requesting user before proceeding.
*/
@Service
@RequiredArgsConstructor
public class MealService {
private final MealEntryRepository mealEntryRepository;
private final UserRepository userRepository;
private final FoodService foodService;
private final UserFoodMemoryRepository userFoodMemoryRepository;
/**
* Returns the daily calorie/macro overview for a given date.
* The target is read from the user's profile; defaults to 2000 kcal when unset.
*/
@Transactional(readOnly = true)
public DailyOverviewResponse getDailyOverview(UUID userId, LocalDate date) {
List<MealEntry> entries = mealEntryRepository.findByUserIdAndDateOrderByCreatedAtAsc(userId, date);
List<MealEntryDto> dtos = entries.stream().map(this::toDto).toList();
BigDecimal total = dtos.stream()
.map(MealEntryDto::totalCalories)
.reduce(BigDecimal.ZERO, BigDecimal::add);
User user = userRepository.findById(userId)
.orElseThrow(() -> new NotFoundException("User not found"));
int target = user.getProfile() != null && user.getProfile().getDailyCaloriesTarget() != null
? user.getProfile().getDailyCaloriesTarget()
: 2000;
BigDecimal remaining = BigDecimal.valueOf(target).subtract(total);
return new DailyOverviewResponse(date, total, target, remaining, dtos);
}
/**
* Returns meal history between two dates, ordered newest-first.
*/
@Transactional(readOnly = true)
public List<MealEntryDto> getHistory(UUID userId, LocalDate from, LocalDate to) {
return mealEntryRepository.findByUserIdAndDateBetween(userId, from, to)
.stream().map(this::toDto).toList();
}
/** Creates a new meal entry for the authenticated user. */
@Transactional
public MealEntryDto createMeal(UUID userId, CreateMealRequest request) {
User user = userRepository.findById(userId)
.orElseThrow(() -> new NotFoundException("User not found"));
MealEntry entry = MealEntry.builder()
.user(user)
.date(request.date())
.mealType(request.mealType())
.source(request.source())
.build();
for (CreateMealRequest.MealItemRequest itemReq : request.items()) {
FoodItem food = foodService.getEntityById(itemReq.foodItemId());
BigDecimal calories = food.getCaloriesPer100g()
.multiply(itemReq.grams())
.divide(BigDecimal.valueOf(100), 2, RoundingMode.HALF_UP);
MealItem item = MealItem.builder()
.mealEntry(entry)
.foodItem(food)
.quantityGrams(itemReq.grams())
.calories(calories)
.build();
entry.getItems().add(item);
// Update personalisation memory
updateFoodMemory(userId, food.getName(), itemReq.grams());
}
return toDto(mealEntryRepository.save(entry));
}
/** Returns a single meal entry, enforcing ownership. */
@Transactional(readOnly = true)
public MealEntryDto getMeal(UUID userId, UUID mealId) {
MealEntry entry = findAndCheckOwnership(userId, mealId);
return toDto(entry);
}
/** Deletes a meal entry, enforcing ownership. */
@Transactional
public void deleteMeal(UUID userId, UUID mealId) {
MealEntry entry = findAndCheckOwnership(userId, mealId);
mealEntryRepository.delete(entry);
}
// --- private helpers ---
private MealEntry findAndCheckOwnership(UUID userId, UUID mealId) {
MealEntry entry = mealEntryRepository.findById(mealId)
.orElseThrow(() -> new NotFoundException("Meal not found"));
if (!entry.getUser().getId().equals(userId)) {
throw new ForbiddenException("Meal does not belong to user " + userId);
}
return entry;
}
/**
* Updates or creates the portion memory for a food name.
* Uses a running average: new_avg = (old_avg + new_grams) / 2
*/
private void updateFoodMemory(UUID userId, String foodName, BigDecimal grams) {
userFoodMemoryRepository.findByUserIdAndFoodName(userId, foodName)
.ifPresentOrElse(memory -> {
BigDecimal avg = memory.getAvgPortionGrams().add(grams)
.divide(BigDecimal.valueOf(2), 2, RoundingMode.HALF_UP);
memory.setAvgPortionGrams(avg);
memory.setLastUsed(OffsetDateTime.now());
userFoodMemoryRepository.save(memory);
}, () -> {
User user = userRepository.getReferenceById(userId);
userFoodMemoryRepository.save(UserFoodMemory.builder()
.user(user)
.foodName(foodName)
.avgPortionGrams(grams)
.lastUsed(OffsetDateTime.now())
.build());
});
}
public MealEntryDto toDto(MealEntry entry) {
List<MealEntryDto.MealItemDto> items = entry.getItems().stream()
.map(i -> new MealEntryDto.MealItemDto(
i.getId(),
foodService.toDto(i.getFoodItem()),
i.getQuantityGrams(),
i.getCalories()
))
.toList();
BigDecimal total = items.stream()
.map(MealEntryDto.MealItemDto::calories)
.reduce(BigDecimal.ZERO, BigDecimal::add);
return new MealEntryDto(
entry.getId(), entry.getDate(), entry.getMealType(),
entry.getSource(), entry.getConfidence(), items, total, entry.getCreatedAt()
);
}
}

127
backend/src/main/java/com/caloriecounter/service/OpenFoodFactsClient.java Normal file
View File

@@ -0,0 +1,127 @@
// Generated by GitHub Copilot
package com.caloriecounter.service;
import com.caloriecounter.entity.FoodItem;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.reactive.function.client.WebClient;
import java.math.BigDecimal;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
/**
* HTTP client for the Open Food Facts public API.
* Maps API responses to the normalised {@link FoodItem} entity schema.
* All calls time-out gracefully so a slow API never degrades core app performance.
*/
@Slf4j
@Component
@RequiredArgsConstructor
public class OpenFoodFactsClient {
private final WebClient.Builder webClientBuilder;
@Value("${openfoodfacts.base-url}")
private String baseUrl;
/**
* Searches OpenFoodFacts for up to 10 matching products.
* Returns an empty list on any API error — callers handle degraded state.
*/
@SuppressWarnings("unchecked")
public List<FoodItem> search(String query) {
try {
Map<String, Object> response = webClientBuilder.build()
.get()
.uri(baseUrl + "/cgi/search.pl?search_terms={q}&search_simple=1&action=process&json=1&page_size=10",
query)
.retrieve()
.bodyToMono(Map.class)
.block();
if (response == null || !response.containsKey("products")) {
return Collections.emptyList();
}
List<Map<String, Object>> products = (List<Map<String, Object>>) response.get("products");
return products.stream()
.map(this::mapProduct)
.filter(Optional::isPresent)
.map(Optional::get)
.toList();
} catch (Exception e) {
log.warn("OpenFoodFacts search failed for query '{}': {}", query, e.getMessage());
return Collections.emptyList();
}
}
/**
* Looks up a single product by barcode.
* Returns empty if not found or on API error.
*/
@SuppressWarnings("unchecked")
public Optional<FoodItem> findByBarcode(String barcode) {
try {
Map<String, Object> response = webClientBuilder.build()
.get()
.uri(baseUrl + "/api/v0/product/{barcode}.json", barcode)
.retrieve()
.bodyToMono(Map.class)
.block();
if (response == null || !"1".equals(String.valueOf(response.get("status")))) {
return Optional.empty();
}
Map<String, Object> product = (Map<String, Object>) response.get("product");
return mapProduct(product);
} catch (Exception e) {
log.warn("OpenFoodFacts barcode lookup failed for '{}': {}", barcode, e.getMessage());
return Optional.empty();
}
}
@SuppressWarnings("unchecked")
private Optional<FoodItem> mapProduct(Map<String, Object> product) {
try {
String name = (String) product.getOrDefault("product_name", "");
if (name == null || name.isBlank()) return Optional.empty();
Map<String, Object> nutriments = (Map<String, Object>) product.getOrDefault("nutriments", Map.of());
BigDecimal kcal = parseBigDecimal(nutriments.get("energy-kcal_100g"));
if (kcal == null) return Optional.empty();
FoodItem item = FoodItem.builder()
.name(name.strip())
.source(FoodItem.Source.openfoodfacts)
.barcode((String) product.get("code"))
.caloriesPer100g(kcal)
.proteinG(parseBigDecimal(nutriments.get("proteins_100g")))
.fatG(parseBigDecimal(nutriments.get("fat_100g")))
.carbsG(parseBigDecimal(nutriments.get("carbohydrates_100g")))
.build();
return Optional.of(item);
} catch (Exception e) {
log.debug("Could not map OpenFoodFacts product: {}", e.getMessage());
return Optional.empty();
}
}
private BigDecimal parseBigDecimal(Object value) {
if (value == null) return null;
try {
return new BigDecimal(value.toString());
} catch (NumberFormatException e) {
return null;
}
}
}

106
backend/src/main/java/com/caloriecounter/service/UserService.java Normal file
View File

@@ -0,0 +1,106 @@
// Generated by GitHub Copilot
package com.caloriecounter.service;
import com.caloriecounter.dto.user.UserProfileDto;
import com.caloriecounter.entity.User;
import com.caloriecounter.entity.UserProfile;
import com.caloriecounter.exception.NotFoundException;
import com.caloriecounter.repository.UserRepository;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.UUID;
/**
* Manages user profile data including BMR-based calorie target calculation.
*
* BMR formula used: Mifflin-St Jeor (widely regarded as most accurate for general population)
* Male: (10 × weight_kg) + (6.25 × height_cm) (5 × age) + 5
* Female: (10 × weight_kg) + (6.25 × height_cm) (5 × age) 161
* Multiplied by activity factor 1.375 (lightly active) for TDEE.
* Goal modifier: lose 500 kcal, maintain ±0, gain +300 kcal.
*/
@Service
@RequiredArgsConstructor
public class UserService {
private final UserRepository userRepository;
/**
* Returns the user's profile, or a default empty profile if none has been set yet.
*/
@Transactional(readOnly = true)
public UserProfileDto getProfile(UUID userId) {
User user = findUser(userId);
UserProfile p = user.getProfile();
if (p == null) {
return new UserProfileDto(null, null, null, null, null);
}
return toDto(p);
}
/**
* Creates or replaces the user's profile and recalculates the daily calorie target.
*/
@Transactional
public UserProfileDto updateProfile(UUID userId, UserProfileDto dto) {
User user = findUser(userId);
UserProfile profile = user.getProfile();
if (profile == null) {
profile = new UserProfile();
profile.setUser(user);
}
profile.setAge(dto.age());
profile.setWeightKg(dto.weightKg());
profile.setHeightCm(dto.heightCm());
profile.setGoal(dto.goal());
// Recalculate BMR target when all required fields are present
if (dto.age() != null && dto.weightKg() != null && dto.heightCm() != null && dto.goal() != null) {
profile.setDailyCaloriesTarget(calculateDailyTarget(dto));
} else if (dto.dailyCaloriesTarget() != null) {
// Allow manual override if user skips biometrics
profile.setDailyCaloriesTarget(dto.dailyCaloriesTarget());
}
user.setProfile(profile);
userRepository.save(user);
return toDto(profile);
}
// --- private helpers ---
private User findUser(UUID userId) {
return userRepository.findById(userId)
.orElseThrow(() -> new NotFoundException("User not found"));
}
/**
* Mifflin-St Jeor BMR × 1.375 (lightly active TDEE) with goal modifier.
* Defaults to male formula when gender is not collected in MVP.
*/
private int calculateDailyTarget(UserProfileDto dto) {
double weight = dto.weightKg().doubleValue();
double height = dto.heightCm().doubleValue();
int age = dto.age();
double bmr = (10 * weight) + (6.25 * height) - (5 * age) + 5;
double tdee = bmr * 1.375;
return switch (dto.goal()) {
case lose -> (int) Math.round(tdee - 500);
case maintain -> (int) Math.round(tdee);
case gain -> (int) Math.round(tdee + 300);
};
}
private UserProfileDto toDto(UserProfile p) {
return new UserProfileDto(
p.getAge(), p.getWeightKg(), p.getHeightCm(),
p.getGoal(), p.getDailyCaloriesTarget()
);
}
}

42
backend/src/main/resources/application.yml Normal file
View File

@@ -0,0 +1,42 @@
spring:
datasource:
url: ${DB_URL:jdbc:postgresql://localhost:5432/caloriecounter}
username: ${DB_USERNAME:caloriecounter}
password: ${DB_PASSWORD}
driver-class-name: org.postgresql.Driver
jpa:
hibernate:
ddl-auto: validate
show-sql: false
properties:
hibernate:
dialect: org.hibernate.dialect.PostgreSQLDialect
format_sql: true
flyway:
enabled: true
locations: classpath:db/migration
server:
port: ${PORT:8080}
error:
# Never expose stack traces or internal details to clients
include-message: never
include-stacktrace: never
include-binding-errors: never
jwt:
secret: ${JWT_SECRET}
expiration-ms: ${JWT_EXPIRATION_MS:3600000} # 1 hour default
openai:
api-key: ${OPENAI_API_KEY}
model: gpt-4o
max-tokens: 500
openfoodfacts:
base-url: https://world.openfoodfacts.org
logging:
level:
root: WARN
com.caloriecounter: INFO

80
backend/src/main/resources/db/migration/V1__initial_schema.sql Normal file
View File

@@ -0,0 +1,80 @@
-- Generated by GitHub Copilot
-- V1: Initial schema — users, food items, meal entries, AI analysis, food memory
CREATE EXTENSION IF NOT EXISTS "pgcrypto";
-- Users
CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
email VARCHAR(255) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
-- User profiles (1:1 with users)
CREATE TABLE user_profiles (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL UNIQUE REFERENCES users(id) ON DELETE CASCADE,
age INTEGER,
weight_kg NUMERIC(5,2),
height_cm NUMERIC(5,2),
goal VARCHAR(20) CHECK (goal IN ('lose','maintain','gain')),
daily_calories_target INTEGER,
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
-- Normalised food item catalogue
CREATE TABLE food_items (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
source VARCHAR(30) NOT NULL CHECK (source IN ('openfoodfacts','custom','ai')),
barcode VARCHAR(50),
calories_per_100g NUMERIC(8,2) NOT NULL,
protein_g NUMERIC(8,2),
fat_g NUMERIC(8,2),
carbs_g NUMERIC(8,2),
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE INDEX idx_food_items_name ON food_items (name);
CREATE UNIQUE INDEX idx_food_items_barcode ON food_items (barcode) WHERE barcode IS NOT NULL;
-- Meal entries per user per day
CREATE TABLE meal_entries (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
date DATE NOT NULL,
meal_type VARCHAR(20) NOT NULL CHECK (meal_type IN ('breakfast','lunch','dinner','snack')),
source VARCHAR(20) NOT NULL CHECK (source IN ('manual','barcode','photo')),
confidence NUMERIC(4,3),
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE INDEX idx_meal_entries_user_date ON meal_entries (user_id, date);
-- Line items inside a meal entry
CREATE TABLE meal_items (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
meal_entry_id UUID NOT NULL REFERENCES meal_entries(id) ON DELETE CASCADE,
food_item_id UUID NOT NULL REFERENCES food_items(id),
quantity_grams NUMERIC(8,2) NOT NULL,
calories NUMERIC(8,2) NOT NULL
);
-- AI photo analysis audit trail
CREATE TABLE photo_analyses (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
image_url VARCHAR(1024),
detected_items JSONB NOT NULL DEFAULT '[]',
user_corrections JSONB NOT NULL DEFAULT '[]',
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
-- Personalisation: remembered portion sizes per user per food name
CREATE TABLE user_food_memory (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
food_name VARCHAR(255) NOT NULL,
avg_portion_grams NUMERIC(8,2) NOT NULL,
last_used TIMESTAMPTZ NOT NULL DEFAULT NOW(),
UNIQUE (user_id, food_name)
);

155
backend/src/test/java/com/caloriecounter/CalorieCounterIntegrationTest.java Normal file
View File

@@ -0,0 +1,155 @@
// Generated by GitHub Copilot
package com.caloriecounter;
import com.caloriecounter.dto.auth.RegisterRequest;
import com.caloriecounter.entity.FoodItem;
import com.caloriecounter.entity.MealEntry;
import com.caloriecounter.repository.FoodItemRepository;
import com.caloriecounter.repository.UserRepository;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
import org.springframework.transaction.annotation.Transactional;
import java.math.BigDecimal;
import java.time.LocalDate;
import java.util.List;
import java.util.Map;
import static org.assertj.core.api.Assertions.assertThat;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
/**
* Integration tests covering auth, food search, meal logging and daily overview.
* Uses an in-memory H2 database with schema auto-created from JPA entities.
*/
@SpringBootTest
@AutoConfigureMockMvc
@Transactional
class CalorieCounterIntegrationTest {
@Autowired MockMvc mvc;
@Autowired ObjectMapper objectMapper;
@Autowired UserRepository userRepository;
@Autowired FoodItemRepository foodItemRepository;
// --- REQ-AUTH-001 ---
@Test
void register_validRequest_returns201WithToken() throws Exception {
mvc.perform(post("/auth/register")
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(
new RegisterRequest("test@example.com", "password123"))))
.andExpect(status().isCreated())
.andExpect(jsonPath("$.token").isNotEmpty())
.andExpect(jsonPath("$.userId").isNotEmpty());
}
// --- REQ-AUTH-001 duplicate email ---
@Test
void register_duplicateEmail_returns409() throws Exception {
mvc.perform(post("/auth/register")
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(
new RegisterRequest("dup@example.com", "password123"))))
.andExpect(status().isCreated());
mvc.perform(post("/auth/register")
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(
new RegisterRequest("dup@example.com", "password123"))))
.andExpect(status().isConflict());
}
// --- REQ-AUTH-002 ---
@Test
void login_validCredentials_returnsToken() throws Exception {
mvc.perform(post("/auth/register")
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(
new RegisterRequest("login@example.com", "mypassword1"))))
.andExpect(status().isCreated());
mvc.perform(post("/auth/login")
.contentType(MediaType.APPLICATION_JSON)
.content("{\"email\":\"login@example.com\",\"password\":\"mypassword1\"}"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.token").isNotEmpty());
}
// --- REQ-AUTH-002 wrong password ---
@Test
void login_wrongPassword_returns404() throws Exception {
mvc.perform(post("/auth/register")
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(
new RegisterRequest("wp@example.com", "correctpass"))))
.andExpect(status().isCreated());
mvc.perform(post("/auth/login")
.contentType(MediaType.APPLICATION_JSON)
.content("{\"email\":\"wp@example.com\",\"password\":\"wrongpass\"}"))
.andExpect(status().isNotFound());
}
// --- REQ-MEAL-001 + REQ-MEAL-002 ---
@Test
void createAndFetchDailyOverview() throws Exception {
// Register and get token
MvcResult regResult = mvc.perform(post("/auth/register")
.contentType(MediaType.APPLICATION_JSON)
.content(objectMapper.writeValueAsString(
new RegisterRequest("meal@example.com", "testpass1"))))
.andExpect(status().isCreated())
.andReturn();
Map<?, ?> regBody = objectMapper.readValue(regResult.getResponse().getContentAsString(), Map.class);
String token = (String) regBody.get("token");
// Seed a food item
FoodItem chicken = foodItemRepository.save(FoodItem.builder()
.name("Chicken breast")
.source(FoodItem.Source.custom)
.caloriesPer100g(BigDecimal.valueOf(165))
.proteinG(BigDecimal.valueOf(31))
.fatG(BigDecimal.valueOf(3.6))
.carbsG(BigDecimal.ZERO)
.build());
// Create a meal
String mealPayload = objectMapper.writeValueAsString(Map.of(
"date", LocalDate.now().toString(),
"mealType", "lunch",
"source", "manual",
"items", List.of(Map.of("foodItemId", chicken.getId(), "grams", 200))
));
mvc.perform(post("/meals")
.header("Authorization", "Bearer " + token)
.contentType(MediaType.APPLICATION_JSON)
.content(mealPayload))
.andExpect(status().isCreated())
.andExpect(jsonPath("$.totalCalories").value(330.00));
// Fetch daily overview
mvc.perform(get("/meals/daily")
.header("Authorization", "Bearer " + token)
.param("date", LocalDate.now().toString()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.totalCalories").value(330.00))
.andExpect(jsonPath("$.meals").isArray());
}
// --- REQ-SEC-001: unauthenticated access blocked ---
@Test
void meals_withoutToken_returns403() throws Exception {
mvc.perform(get("/meals/daily").param("date", LocalDate.now().toString()))
.andExpect(status().isForbidden());
}
}

24
backend/src/test/resources/application.yml Normal file
View File

@@ -0,0 +1,24 @@
spring:
datasource:
url: jdbc:h2:mem:testdb;DB_CLOSE_DELAY=-1
username: sa
password:
driver-class-name: org.h2.Driver
jpa:
hibernate:
ddl-auto: create-drop
show-sql: true
flyway:
enabled: false
jwt:
secret: test-secret-key-that-is-at-least-256-bits-long-for-hs256-algorithm
expiration-ms: 3600000
openai:
api-key: test-key
model: gpt-4o
max-tokens: 500
openfoodfacts:
base-url: https://world.openfoodfacts.org