todo.txt

CURRENT:
- users who not confirmed emails cannot login to the app


TODO:

### features:
- implement Sorting for todos
- create a separate table for emails and a quartz job for sending emails
- handle case when user loging in using GitHub and has the same email as the user registered via registration form
- add feature to allow the user to make payments
- add SSL (TSL ?) certificate so it is possible to connect to the server via https.
- replace gmail smtp server (use a free layer of a smtp server provider)
- https://spring.io/guides/tutorials/react-and-spring-data-rest/
- Add swagger ?
- add search
- deploy the server using jenkins

### testing:
- Add profiles for testing and production ?
- Write tests for TagService
- Write tests for TodoService
- Write tests for UserService
- Validation tests for DTOs ?

DONE:
- converters for converting from entity to resource and back like in RP
- Write integration tests for TodoController
- Write integration tests for TagController
- Create DTOs for entities to separate Controller layer from Service layer
- Write integration tests for UserController (4h)
- Write integration tests for AuthController (40h)
- add Tag entity (a todo_ can have multiple tags, different todos can have the same tag for one user)
- add Tag owner permission
- Pageable for the todo_ endpoint
- implement mark _todo as done endpoint
- implement userUpdate endpoint
-- validation for RQ (using hiber validation) and response with all errors to display on UI
- login validation
- registration validation
- user info update validation
- Write down possible permissions required for the app (right now and in future)
     --Apparently there will be a lot of security levels (registered users, registered but
     not confirmed emails)
     -- What if i will need to add some more permissions or detail existing
     -- The solution should be flexible and easy to use (what if i will store permission in DB
     and will add them to the JWT token and read them from the token after that (not from the db)) ?
    Required permissions:
        1. TODO_OWNER
        2. USER_OWNER
        3. ADMIN (in the future)
    I did not try to make the permission list flexible because this app does not need this.
    If I needed to implement a flexible permission list it would require storing roles in the db
- how to store passwords ? can i create a separate properties file just for sensitive info ?
-- just do not commit files with properties
- populate the exceptionMap responses to default Spring's exceptions (1h)
-- only few exceptions were covered
- username/email/password registration with email confirmation (4h)
- refactor controllers and move all logic to services (1h)
--how to not pass ResponseEntity from the service layer ???? - answer is to handle all exceptions in a separate place
- custom exception handler to handle exceptions and translate them to HTTP status codes (16h)
-- what is better ControllerAdvice or DefaultHandlerExceptionResolver with reconfiguring
all spring exception handling (pros and cons) - answer is that controller advice can handle all exception
so I guess follow the KISS principle
- populate database with default data on creation (e.g users, todos)(2h)
- OAuth2 support for github (40h)
- update JWT token payload so it contains username not userId(30m)
- GWT token authentication (16h)
- Role based security (find tutorial and ways to implement (User and Admin)) (10h)
    Using PermissionEvaluator and logic taken from ReportPortal
- add support of cyrillic symbols (prod db didn't have UTF-8 encoding)
- add logging to file to preserve logs from the app
- find docs and tutorials on how to login using REST
- Implement basic authentication
- replace my own filter for CORS with a config provided from Spring


OTHER:
- cache for get requests (Hibernate second level cache?)
- how to easily switch between local database creds ?
- move to PostgresSQL server
- server returns an html page when GET this url http://localhost:8080/error