Refactor BFF Package Structure #64

stne3960 · 2026-01-11T14:33:14+01:00

stne3960 commented

2026-01-11 14:33:14 +01:00

This PR

Reorganizes BFF codebase into a cleaner layered architecture with separate packages for config, controller, dto/response, and service
Upgrades Spring Boot from 3.4.4 to 4.0.1 (includes Spring Security 7 and Jackson 3)
Enables CSRF protection for the SPA frontend
Adds Accept-Language header support in frontend

Package restructuring:

Move configuration classes (BackendApiConfiguration, FrontendConfiguration) to bff.config
Move controllers (ProfileController, TestController) to bff.controller
Move DTOs to bff.dto.response and rename Profile to ProfileResponse
Extract ProfileService into new bff.service package
Extract security configuration from main class into dedicated SecurityConfiguration

Security improvements:

Enable CSRF protection with csrf.spa() for Single Page Application support
Add PUT and DELETE to allowed CORS methods
Add X-XSRF-TOKEN to allowed headers

Frontend middleware:

Add includeCsrfToken middleware to automatically include CSRF tokens in POST/PUT/DELETE requests
Add includeAcceptLanguage middleware to send browser language preferences (uses navigator language before profile is fetched)

Other:

Minor code formatting improvements (checkstyle will be separate PR)

This PR - Reorganizes BFF codebase into a cleaner layered architecture with separate packages for config, controller, dto/response, and service - Upgrades Spring Boot from 3.4.4 to 4.0.1 (includes Spring Security 7 and Jackson 3) - Enables CSRF protection for the SPA frontend - Adds Accept-Language header support in frontend Package restructuring: - Move configuration classes (BackendApiConfiguration, FrontendConfiguration) to bff.config - Move controllers (ProfileController, TestController) to bff.controller - Move DTOs to bff.dto.response and rename Profile to ProfileResponse - Extract ProfileService into new bff.service package - Extract security configuration from main class into dedicated SecurityConfiguration Security improvements: - Enable CSRF protection with csrf.spa() for Single Page Application support - Add PUT and DELETE to allowed CORS methods - Add X-XSRF-TOKEN to allowed headers Frontend middleware: - Add includeCsrfToken middleware to automatically include CSRF tokens in POST/PUT/DELETE requests - Add includeAcceptLanguage middleware to send browser language preferences (uses navigator language before profile is fetched) Other: - Minor code formatting improvements (checkstyle will be separate PR)

stne3960 added 12 commits 2026-01-11 14:33:16 +01:00

Upgrade Spring Boot from 3.4.4 to 4.0.1 95349340cc

Move BackendApiConfiguration to config package a0a392760d

Move FrontendConfiguration to config package fb1ee3b440

Extract SecurityConfiguration with CSRF SPA and updated CORS a0313dd745

Add CSRF and Accept-Language middleware to frontend a6b675d9a5

Move TestController to controller package 2c7c23ab9c

Move ProfileController and extract ProfileService d1735c12cb

Move Profile to ProfileResponse DTO efc0c70103

Remove frontend package-info 67d9a518e6

Code formatting in login package 58fe9b07d0

Add null-safety annotations to new packages 37489895b9