spring-boot-backend

📁 kojder/photo-map-app 📅 Jan 24, 2026

总安装量

周安装量

#31582

全站排名

安装命令

npx skills add https://github.com/kojder/photo-map-app --skill spring-boot-backend

Agent 安装分布

opencode 5

gemini-cli 5

windsurf 4

claude-code 4

antigravity 4

kilo 3

Skill 文档

Spring Boot Backend Development – Photo Map MVP

Project Context

Stack: Spring Boot 3.2.11+, Java 17 LTS, PostgreSQL 15, Spring Security 6 (JWT stateless)

Core Features:

Authentication – JWT login/registration, BCrypt hashing
Photo Management – Upload with EXIF extraction, asynchronous processing, CRUD operations
User Scoping – Strict data isolation (users see only their own photos)
Admin API – User management (ADMIN role)

Key Constraints:

MVP scope – simple solutions preferred
Mikrus VPS – limited resources (synchronous API, async background processing)
User isolation CRITICAL – ALL queries MUST include userId filtering

Architecture Principles

Layered Architecture

Controller (HTTP only) â Service (business logic) â Repository (data access) â Database

User Scoping Pattern (CRITICAL)

All photo queries MUST include userId to enforce data isolation:

// â BAD: Security vulnerability - any user can access any photo
public Photo getPhoto(final Long photoId) {
    return photoRepository.findById(photoId).orElseThrow();
}

// â GOOD: User can only access their own photos
public Photo getPhoto(final Long photoId, final Long userId) {
    return photoRepository.findByIdAndUserId(photoId, userId)
        .orElseThrow(() -> new ResourceNotFoundException("Photo not found"));
}

Transaction Management

Use @Transactional on service methods
Read operations: @Transactional(readOnly = true)
Write operations: @Transactional (default)

For detailed architecture: See references/architecture.md for:

ALL 5 SOLID principles (SRP, OCP, LSP, ISP, DIP)
Design patterns (Constructor Injection, Static Factory Methods)
Service orchestration patterns

When to Use What

Code Quality

Use final keyword: Method params, local variables, injected dependencies â references/java-quality.md
Modern Java 17: Records for DTOs, Text Blocks for SQL, Stream.toList() â references/java-quality.md

Architecture

@Service: Business logic, orchestrates repositories â references/architecture.md
@Component: Utilities, non-business services
Records: Immutable response DTOs â references/rest-api-patterns.md
@Data classes: Request DTOs with validation â references/rest-api-patterns.md

Data Access

Derived queries: Simple queries (findByUserId) â references/jpa-patterns.md
@Query (JPQL): Complex queries with multiple conditions â references/jpa-patterns.md
Native SQL: Database-specific features, performance optimization â references/jpa-patterns.md

Async Processing

Spring Integration File: Photo upload processing â references/async-processing.md

Implementation Workflows

REST Endpoint Workflow

Step-by-step guide: templates/rest-endpoint-template.md

Quick checklist:

Create DTO (Record for response, @Data for request) â references/rest-api-patterns.md
Create/Update Entity with User relationship â references/jpa-patterns.md
Create Repository with user scoping methods â references/jpa-patterns.md
Implement Service with @Transactional â templates/service-template.md
Create Controller with proper HTTP status codes â references/rest-api-patterns.md

Complete examples: examples/photo-controller.java, examples/photo-service.java, examples/photo-repository.java

Service Implementation

Template: templates/service-template.md

Key rules:

Constructor injection with final fields (@RequiredArgsConstructor)
@Transactional(readOnly = true) for read operations
All methods MUST accept userId parameter (user scoping)
Throw ResourceNotFoundException when not found
Log at appropriate levels (debug, info, error)

Security & JWT

Complete patterns: references/security-jwt.md

Quick setup:

SecurityConfig: examples/security-config.java
JWT Token Provider: examples/jwt-token-provider.java
User Entity with UserDetails: examples/user-entity.java

Testing

Unit tests: Service layer with Mockito â references/testing.md Controller tests: MockMvc with @WebMvcTest â references/testing.md Coverage requirement: >70% for new code

Key Reminders

Security (CRITICAL)

â User scoping: ALL photo queries include userId
â JWT validation: Token signature & expiration checked on every request
â BCrypt passwords: Never store plain text
â DTOs only: Never expose entities to API

Performance

â @Transactional(readOnly = true) for queries
â Database indexes on user_id, frequently queried columns
â FetchType.LAZY for relationships
â NO premature optimization – keep simple for MVP

MVP Scope

â Implement only features from .ai/prd.md
â Synchronous processing for API, asynchronous for photo processing
â Simple solutions over complex ones
â NO features beyond MVP requirements

Quick Reference

File Structure for Feature

src/main/java/com/photomap/
âââ controller/   # {Resource}Controller.java
âââ service/      # {Resource}Service.java
âââ repository/   # {Resource}Repository.java
âââ model/        # {Resource}.java (Entity)
âââ dto/          # {Resource}Dto.java, {Resource}CreateRequest.java

Pattern Lookup

Need	Solution	Reference
REST endpoint	Follow layered architecture	`templates/rest-endpoint-template.md`
User scoping	findByIdAndUserId()	`references/jpa-patterns.md`
Validation	Bean Validation annotations	`references/validation.md`
Security	JWT + Spring Security	`references/security-jwt.md`
Async processing	Spring Integration File	`references/async-processing.md`
Testing	Mockito + MockMvc	`references/testing.md`
Database changes	Flyway migrations	`references/database-migrations.md`

Naming Conventions

Controller: {Resource}Controller (e.g., PhotoController)
Service: {Resource}Service (e.g., PhotoService)
Repository: {Resource}Repository (e.g., PhotoRepository)
Entity: {Resource} (e.g., Photo)
DTO: {Resource}Dto, {Resource}CreateRequest