implement authentication and user management features

2025-09-24 11:29:48 +02:00
parent f2b4f9d3e6
commit 3d2b3f7324
26 changed files with 1537 additions and 0 deletions
--- a/api/src/main/java/fr/gameovergne/api/GameOvergneApplication.java
+++ b/api/src/main/java/fr/gameovergne/api/GameOvergneApplication.java
@@ -0,0 +1,13 @@
+package fr.gameovergne.api;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class GameOvergneApplication {
+
+	public static void main(String[] args) {
+		SpringApplication.run(GameOvergneApplication.class, args);
+	}
+
+}
--- a/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
+++ b/api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
@@ -0,0 +1,86 @@
+package fr.gameovergne.api.config;
+
+import fr.gameovergne.api.service.security.JpaUserDetailsService;
+import fr.gameovergne.api.service.security.filter.JwtAuthFilter;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@EnableWebSecurity
+@EnableMethodSecurity
+public class SecurityConfig {
+
+    private final JwtAuthFilter jwtAuthFilter;
+    private final JpaUserDetailsService userDetailsService;
+
+    public SecurityConfig(JwtAuthFilter jwtAuthFilter, JpaUserDetailsService userDetailsService) {
+        this.jwtAuthFilter = jwtAuthFilter;
+        this.userDetailsService = userDetailsService;
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests(authz -> authz
+                        .requestMatchers("/api/auth/**").permitAll()
+                        .requestMatchers("/api/users/**").authenticated()
+                        .anyRequest().permitAll()
+                )
+
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authenticationProvider(authenticationProvider())
+                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
+
+                .httpBasic(AbstractHttpConfigurer::disable)
+                .formLogin(AbstractHttpConfigurer::disable);
+        return http.build();
+    }
+
+    @Bean
+    public WebMvcConfigurer corsConfigurer() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/**")
+                        .allowedOrigins("http://localhost:4200", "http://127.0.0.1:4200") // Ton front
+                        .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+                        .allowedHeaders("*")
+                        .allowCredentials(true);
+            }
+        };
+    }
+
+    @Bean
+    public AuthenticationProvider authenticationProvider() {
+        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
+        authProvider.setUserDetailsService(userDetailsService);
+        authProvider.setPasswordEncoder(passwordEncoder());
+        return authProvider;
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
+        return config.getAuthenticationManager();
+    }
+}
--- a/api/src/main/java/fr/gameovergne/api/controller/auth/AuthController.java
+++ b/api/src/main/java/fr/gameovergne/api/controller/auth/AuthController.java
@@ -0,0 +1,108 @@
+package fr.gameovergne.api.controller.auth;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import fr.gameovergne.api.dto.auth.AuthResponse;
+import fr.gameovergne.api.dto.user.UserDTO;
+import fr.gameovergne.api.dto.auth.AuthRequest;
+import fr.gameovergne.api.mapper.user.UserMapper;
+import fr.gameovergne.api.service.auth.AuthService;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.ResponseCookie;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.Arrays;
+
+@RestController
+@RequestMapping("/api/auth")
+public class AuthController {
+
+    private final AuthService authService;
+
+    public AuthController(AuthService authService) {
+        this.authService = authService;
+    }
+
+    @PostMapping("/register")
+    public ResponseEntity<AuthResponse> register(@RequestBody UserDTO dto) {
+        System.out.println("Registering: " + dto);
+        return authService.register(UserMapper.fromDto(dto))
+                .map((ResponseEntity::ok))
+                .orElse(ResponseEntity.badRequest().build());
+    }
+
+    @PostMapping("/login")
+    public ResponseEntity<AuthResponse> authenticate(@RequestBody AuthRequest request, HttpServletResponse response) {
+        System.out.println("Authenticating: " + request);
+        return authService.authenticate(request)
+                .map(authResponse -> createAuthResponse(authResponse, response))
+                .orElse(ResponseEntity.badRequest().build());
+    }
+
+    @GetMapping("/logout")
+    public ResponseEntity<Void> logout(HttpServletResponse response) {
+        // Supprime le cookie de refresh token
+        ResponseCookie cookie = ResponseCookie.from("refreshToken", "")
+                .httpOnly(true)
+                .secure(false) // true en prod
+                .path("/")
+                .maxAge(0) // Expire immédiatement
+                .sameSite("Lax")
+                .build();
+        response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
+        return ResponseEntity.ok().build();
+    }
+
+    @GetMapping("/me")
+    public ResponseEntity<UserDTO> getCurrentUser(HttpServletRequest request) {
+        String username = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : null;
+        if (username == null) {
+            return ResponseEntity.status(401).build(); // Unauthorized
+        }
+
+        return authService.getCurrentUser(username)
+                .map(user -> ResponseEntity.ok(UserMapper.toDto(user)))
+                .orElse(ResponseEntity.notFound().build());
+    }
+
+    @PostMapping("/refresh")
+    public ResponseEntity<AuthResponse> refresh(HttpServletRequest request, HttpServletResponse response) {
+        String refreshToken = null;
+        if (request.getCookies() != null) {
+            refreshToken = Arrays.stream(request.getCookies())
+                    .filter(c -> "refreshToken".equals(c.getName()))
+                    .findFirst()
+                    .map(Cookie::getValue)
+                    .orElse(null);
+        }
+        if (refreshToken == null) {
+            // Pas de cookie -> pas d'erreur réseau
+            return ResponseEntity.noContent().build();
+        }
+
+        return authService.refresh(refreshToken)
+                .map(authResponse -> createAuthResponse(authResponse, response))
+                // Token inconnu/expiré -> pas d'erreur réseau non plus
+                .orElse(ResponseEntity.noContent().build());
+    }
+
+    private ResponseEntity<AuthResponse> createAuthResponse(AuthResponse authResponse, HttpServletResponse response) {
+        ResponseCookie cookie = ResponseCookie.from("refreshToken", authResponse.refreshToken())
+                .httpOnly(true)
+                .secure(false) // true en prod
+                .path("/")
+                .maxAge(60 * 60 * 24 * 7) // 7 jours
+                .sameSite("Lax")
+                .build();
+        response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
+
+        // Ne pas renvoyer le refresh token dans le body
+        return ResponseEntity.ok(new AuthResponse(
+                authResponse.username(),
+                authResponse.accessToken(),
+                null
+        ));
+    }
+}
--- a/api/src/main/java/fr/gameovergne/api/controller/user/UserController.java
+++ b/api/src/main/java/fr/gameovergne/api/controller/user/UserController.java
@@ -0,0 +1,54 @@
+package fr.gameovergne.api.controller.user;
+
+import fr.gameovergne.api.model.user.User;
+import fr.gameovergne.api.service.user.UserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/users")
+public class UserController {
+
+    private final UserService userService;
+
+    @Autowired
+    public UserController(UserService userService) {
+        this.userService = userService;
+    }
+
+    @GetMapping
+    public List<User> getAllUsers() {
+        return userService.getAllUsers();
+    }
+
+    @GetMapping("/{id}")
+    public ResponseEntity<User> getUserById(@PathVariable Long id) {
+        return userService.getUserById(id)
+                .map(ResponseEntity::ok)
+                .orElse(ResponseEntity.notFound().build());
+    }
+
+    @PostMapping
+    public void saveUser(@RequestBody User user) {
+        userService.saveUser(user);
+    }
+
+    @PutMapping("/{id}")
+    public ResponseEntity<User> updateUser(@PathVariable Long id, @RequestBody User user) {
+        return userService.getUserById(id)
+                .map(existingUser -> userService.updateUser(user)
+                        .map(ResponseEntity::ok)
+                        .orElse(ResponseEntity.notFound().build()))
+                .orElse(ResponseEntity.notFound().build());
+    }
+
+    @DeleteMapping("/{id}")
+    public ResponseEntity<User> deleteUserById(@PathVariable Long id) {
+        return userService.deleteUserById(id)
+                .map(user -> ResponseEntity.ok().body(user))
+                .orElse(ResponseEntity.notFound().build());
+    }
+}
--- a/api/src/main/java/fr/gameovergne/api/dto/auth/AuthRequest.java
+++ b/api/src/main/java/fr/gameovergne/api/dto/auth/AuthRequest.java
@@ -0,0 +1,6 @@
+package fr.gameovergne.api.dto.auth;
+
+public record AuthRequest(
+        String username,
+        String password
+) {}
--- a/api/src/main/java/fr/gameovergne/api/dto/auth/AuthResponse.java
+++ b/api/src/main/java/fr/gameovergne/api/dto/auth/AuthResponse.java
@@ -0,0 +1,7 @@
+package fr.gameovergne.api.dto.auth;
+
+public record AuthResponse(
+        String username,
+        String accessToken,
+        String refreshToken
+) {}
--- a/api/src/main/java/fr/gameovergne/api/dto/user/UserDTO.java
+++ b/api/src/main/java/fr/gameovergne/api/dto/user/UserDTO.java
@@ -0,0 +1,17 @@
+package fr.gameovergne.api.dto.user;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class UserDTO {
+    private String firstName;
+    private String lastName;
+    private String username;
+    private String email;
+    private String password; // Note: In a real application, avoid sending passwords in DTOs
+    private String role;
+}
--- a/api/src/main/java/fr/gameovergne/api/mapper/user/UserMapper.java
+++ b/api/src/main/java/fr/gameovergne/api/mapper/user/UserMapper.java
@@ -0,0 +1,29 @@
+package fr.gameovergne.api.mapper.user;
+
+import fr.gameovergne.api.dto.user.UserDTO;
+import fr.gameovergne.api.model.user.Role;
+import fr.gameovergne.api.model.user.User;
+
+public class UserMapper {
+
+    public static User fromDto(UserDTO userDTO) {
+        User user = new User();
+        user.setFirstName(userDTO.getFirstName());
+        user.setLastName(userDTO.getLastName());
+        user.setUsername(userDTO.getUsername());
+        user.setEmail(userDTO.getEmail());
+        user.setPassword(userDTO.getPassword());
+        user.setRole(Role.valueOf(userDTO.getRole() != null ? userDTO.getRole() : "USER"));
+        return user;
+    }
+
+    public static UserDTO toDto(User user) {
+        UserDTO userDTO = new UserDTO();
+        userDTO.setFirstName(user.getFirstName());
+        userDTO.setLastName(user.getLastName());
+        userDTO.setUsername(user.getUsername());
+        userDTO.setEmail(user.getEmail());
+        userDTO.setRole(user.getRole() != null ? user.getRole().getDisplayName() : null);
+        return userDTO;
+    }
+}
--- a/api/src/main/java/fr/gameovergne/api/model/security/Token.java
+++ b/api/src/main/java/fr/gameovergne/api/model/security/Token.java
@@ -0,0 +1,33 @@
+package fr.gameovergne.api.model.security;
+
+import com.fasterxml.jackson.annotation.JsonBackReference;
+import fr.gameovergne.api.model.user.User;
+import jakarta.persistence.*;
+import jakarta.validation.constraints.NotNull;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.Date;
+
+@Entity
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+@Table(name = "tokens")
+public class Token {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @NotNull
+    private String value;
+
+    private Date expirationDate;
+
+    @OneToOne
+    @JoinColumn(name = "user_id", referencedColumnName = "id")
+    @JsonBackReference
+    private User user;
+}
--- a/api/src/main/java/fr/gameovergne/api/model/user/Role.java
+++ b/api/src/main/java/fr/gameovergne/api/model/user/Role.java
@@ -0,0 +1,15 @@
+package fr.gameovergne.api.model.user;
+
+import lombok.Getter;
+
+@Getter
+public enum Role {
+    USER("User"),
+    ADMIN("Administrator");
+
+    private final String displayName;
+
+    Role(String displayName) {
+        this.displayName = displayName;
+    }
+}
--- a/api/src/main/java/fr/gameovergne/api/model/user/User.java
+++ b/api/src/main/java/fr/gameovergne/api/model/user/User.java
@@ -0,0 +1,63 @@
+package fr.gameovergne.api.model.user;
+
+import com.fasterxml.jackson.annotation.JsonManagedReference;
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import fr.gameovergne.api.model.security.Token;
+import jakarta.persistence.*;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.List;
+
+@Entity
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+@Table(name = "users")
+public class User implements UserDetails {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @NotBlank
+    @Column(length = 50, nullable = false)
+    private String firstName;
+
+    @NotBlank
+    @Column(length = 50, nullable = false)
+    private String lastName;
+
+    @NotBlank
+    @Column(length = 50, unique = true, nullable = false)
+    private String username;
+
+    @Email
+    @NotBlank
+    @Column(length = 100, unique = true, nullable = false)
+    private String email;
+
+    @NotBlank
+    @Column(length = 120, nullable = false)
+    private String password;
+
+    @NotNull
+    @Enumerated(EnumType.STRING)
+    private Role role = Role.USER;
+
+    @OneToOne(mappedBy = "user")
+    @JsonManagedReference
+    private Token token;
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return List.of(new SimpleGrantedAuthority(Role.USER.name()));
+    }
+}
--- a/api/src/main/java/fr/gameovergne/api/repository/security/TokenRepository.java
+++ b/api/src/main/java/fr/gameovergne/api/repository/security/TokenRepository.java
@@ -0,0 +1,12 @@
+package fr.gameovergne.api.repository.security;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+import fr.gameovergne.api.model.security.Token;
+
+import java.util.Optional;
+
+@Repository
+public interface TokenRepository extends JpaRepository<Token, Long> {
+    Optional<Token> findByValue(String value);
+}
--- a/api/src/main/java/fr/gameovergne/api/repository/user/UserRepository.java
+++ b/api/src/main/java/fr/gameovergne/api/repository/user/UserRepository.java
@@ -0,0 +1,12 @@
+package fr.gameovergne.api.repository.user;
+
+import fr.gameovergne.api.model.user.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.Optional;
+
+@Repository
+public interface UserRepository extends JpaRepository<User, Long> {
+    Optional<User> findByUsername(String username);
+}
--- a/api/src/main/java/fr/gameovergne/api/service/auth/AuthService.java
+++ b/api/src/main/java/fr/gameovergne/api/service/auth/AuthService.java
@@ -0,0 +1,131 @@
+package fr.gameovergne.api.service.auth;
+
+import jakarta.transaction.Transactional;
+import lombok.RequiredArgsConstructor;
+import fr.gameovergne.api.dto.auth.AuthRequest;
+import fr.gameovergne.api.dto.auth.AuthResponse;
+import fr.gameovergne.api.model.user.User;
+import fr.gameovergne.api.model.security.Token;
+import fr.gameovergne.api.repository.user.UserRepository;
+import fr.gameovergne.api.repository.security.TokenRepository;
+import fr.gameovergne.api.service.security.JpaUserDetailsService;
+import fr.gameovergne.api.service.security.JwtService;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+import java.util.Date;
+import java.util.Optional;
+
+@Service
+@RequiredArgsConstructor
+public class AuthService {
+
+    private final AuthenticationManager authenticationManager;
+    private final JwtService jwtService;
+    private final JpaUserDetailsService userDetailsService;
+    private final TokenRepository tokenRepository;
+    private final UserRepository userRepository;
+    private final PasswordEncoder passwordEncoder;
+
+    private final int REFRESH_TOKEN_EXPIRATION_TIME = 1000 * 60 * 60 * 24 * 7; // 7 jours
+
+    public Optional<AuthResponse> register(User user) {
+        String username = user.getUsername();
+
+        if (userRepository.findByUsername(username).isPresent()) {
+            System.err.println("User already exists: " + username);
+            return Optional.empty();
+        }
+
+        user.setPassword(passwordEncoder.encode(user.getPassword()));
+        userDetailsService.registerNewUser(user);
+
+        return Optional.of(new AuthResponse(username, null, null));
+    }
+
+    @Transactional
+    public Optional<AuthResponse> authenticate(AuthRequest request) {
+        String accessToken = jwtService.generateToken(request.username());
+
+        UserDetails userDetails = userDetailsService.loadUserByUsername(request.username());
+
+        User user = userRepository.findByUsername(userDetails.getUsername())
+                .orElseThrow(() -> new RuntimeException("User not found: " + userDetails.getUsername()));
+
+        Token token = user.getToken() != null
+                ? tokenRepository.findById(user.getToken().getId()).orElse(null)
+                : null;
+
+        if (token == null || isRefreshTokenExpired(token)) {
+            System.out.println("[Authenticate] Refresh token absent ou expiré pour user: " + user.getUsername());
+            token = generateNewRefreshToken(user);
+        }
+
+        authenticationManager.authenticate(
+                new UsernamePasswordAuthenticationToken(request.username(), request.password())
+        );
+        return Optional.of(new AuthResponse(
+                user.getUsername(),
+                accessToken,
+                token.getValue()
+        ));
+    }
+
+    @Transactional
+    public Optional<User> getCurrentUser(String username) {
+        return userRepository.findByUsername(username)
+                .map(user -> {
+                    if (user.getToken() != null && isRefreshTokenExpired(user.getToken())) {
+                        System.out.println("[AuthService] Refresh token expired for user: " + user.getUsername());
+                        user.setToken(null);
+                        userRepository.save(user);
+                    }
+                    return user;
+                });
+    }
+
+    @Transactional
+    public Optional<AuthResponse> refresh(String refreshTokenValue) {
+        Token savedToken = tokenRepository.findByValue(refreshTokenValue)
+                .orElseThrow(() -> new RuntimeException("Refresh token not found: " + refreshTokenValue));
+
+        User user = savedToken.getUser();
+
+        if (isRefreshTokenExpired(savedToken)) {
+            return Optional.empty();
+        }
+
+        String newAccessToken = jwtService.generateToken(user.getUsername());
+        return Optional.of(new AuthResponse(
+                user.getUsername(),
+                newAccessToken,
+                refreshTokenValue
+        ));
+    }
+
+    private Token generateNewRefreshToken(User user) {
+        if (user.getToken() != null && tokenRepository.findById(user.getToken().getId()).isPresent()) {
+            System.out.println("[AuthService] Deleting existing refresh token for user: " + user.getUsername());
+            tokenRepository.delete(user.getToken());
+            user.setToken(null);
+            userRepository.save(user);
+            tokenRepository.flush();
+        }
+
+        Token newToken = new Token();
+        newToken.setUser(user);
+        newToken.setValue(jwtService.generateToken(user.getUsername()));
+        newToken.setExpirationDate(new Date(System.currentTimeMillis() + REFRESH_TOKEN_EXPIRATION_TIME));
+        tokenRepository.save(newToken);
+        user.setToken(newToken);
+        userRepository.save(user);
+        return newToken;
+    }
+
+    private boolean isRefreshTokenExpired(Token token) {
+        return token.getExpirationDate().getTime() < System.currentTimeMillis();
+    }
+}
--- a/api/src/main/java/fr/gameovergne/api/service/security/JpaUserDetailsService.java
+++ b/api/src/main/java/fr/gameovergne/api/service/security/JpaUserDetailsService.java
@@ -0,0 +1,31 @@
+package fr.gameovergne.api.service.security;
+
+import fr.gameovergne.api.model.user.User;
+import fr.gameovergne.api.repository.user.UserRepository;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+@Service
+public class JpaUserDetailsService implements UserDetailsService {
+
+    private final UserRepository userRepository;
+
+    public JpaUserDetailsService(UserRepository userRepository) {
+        this.userRepository = userRepository;
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        return userRepository.findByUsername(username)
+                .orElseThrow(() -> new UsernameNotFoundException("User not found: " + username));
+    }
+
+    public void registerNewUser(User user) {
+        if (userRepository.findByUsername(user.getUsername()).isPresent()) {
+            throw new IllegalArgumentException("Username already exists: " + user.getUsername());
+        }
+        userRepository.save(user);
+    }
+}
--- a/api/src/main/java/fr/gameovergne/api/service/security/JwtService.java
+++ b/api/src/main/java/fr/gameovergne/api/service/security/JwtService.java
@@ -0,0 +1,65 @@
+package fr.gameovergne.api.service.security;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Service;
+
+import java.security.Key;
+import java.util.Base64;
+import java.util.Date;
+import java.util.function.Function;
+
+@Service
+public class JwtService {
+
+    private static final long EXPIRATION_TIME = 1000 * 60 * 10; // 10min
+
+    private final Key signingKey;
+
+    public JwtService(@Value("${jwt.secret}") String secret) {
+        this.signingKey = Keys.hmacShaKeyFor(Base64.getDecoder().decode(secret));
+    }
+
+    public String generateToken(String username) {
+        return Jwts.builder()
+                .setSubject(username)
+                .setIssuedAt(new Date())
+                .setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
+                .signWith(signingKey, SignatureAlgorithm.HS256)
+                .compact();
+    }
+
+    public Claims extractAllClaims(String token) {
+        return Jwts.parserBuilder()
+                .setSigningKey(signingKey)
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+    }
+
+    public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
+        final Claims claims = extractAllClaims(token);
+        return claimsResolver.apply(claims);
+    }
+
+    public String extractUsername(String token) {
+        return extractClaim(token, Claims::getSubject);
+    }
+
+    private Date extractExpiration(String token) {
+        return extractClaim(token, Claims::getExpiration);
+    }
+
+    private boolean isTokenExpired(String token) {
+        return extractExpiration(token).before(new Date());
+    }
+
+    public boolean isTokenValid(String token, UserDetails userDetails) {
+        final String username = extractUsername(token);
+        return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
+    }
+}
--- a/api/src/main/java/fr/gameovergne/api/service/security/TokenService.java
+++ b/api/src/main/java/fr/gameovergne/api/service/security/TokenService.java
@@ -0,0 +1,51 @@
+package fr.gameovergne.api.service.security;
+
+import fr.gameovergne.api.model.security.Token;
+import fr.gameovergne.api.repository.security.TokenRepository;
+import jakarta.transaction.Transactional;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+import java.util.Optional;
+
+@Service
+public class TokenService {
+
+    private final TokenRepository tokenRepository;
+
+    @Autowired
+    public TokenService(TokenRepository tokenRepository) {
+        this.tokenRepository = tokenRepository;
+    }
+
+    @Transactional
+    public void saveToken(Token token) {
+        if (token.getId() == null) {
+            tokenRepository.save(token);
+        }
+    }
+
+    public Optional<Token> getTokenById(Long id) {
+        return tokenRepository.findById(id);
+    }
+
+    public List<Token> getAllTokens() {
+        return tokenRepository.findAll();
+    }
+
+    @Transactional
+    public Optional<Token> updateToken(Token token) {
+        return tokenRepository.findById(token.getId()).map(existingToken -> {
+            existingToken.setValue(token.getValue());
+            return tokenRepository.save(existingToken);
+        });
+    }
+
+    @Transactional
+    public Optional<Token> deleteTokenById(Long id) {
+        Optional<Token> token = tokenRepository.findById(id);
+        token.ifPresent(tokenRepository::delete);
+        return token;
+    }
+}
--- a/api/src/main/java/fr/gameovergne/api/service/security/filter/JwtAuthFilter.java
+++ b/api/src/main/java/fr/gameovergne/api/service/security/filter/JwtAuthFilter.java
@@ -0,0 +1,65 @@
+package fr.gameovergne.api.service.security.filter;
+
+import fr.gameovergne.api.service.security.JpaUserDetailsService;
+import fr.gameovergne.api.service.security.JwtService;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+public class JwtAuthFilter extends OncePerRequestFilter {
+    private final JwtService jwtService;
+    private final JpaUserDetailsService userDetailsService;
+
+    public JwtAuthFilter(JwtService jwtService, JpaUserDetailsService userDetailsService) {
+        this.jwtService = jwtService;
+        this.userDetailsService = userDetailsService;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request,
+                                    HttpServletResponse response,
+                                    FilterChain filterChain
+    ) throws ServletException, IOException {
+
+        final String authHeader = request.getHeader("Authorization");
+
+        if (authHeader == null || !authHeader.startsWith("Bearer ")) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        final String jwt = authHeader.substring(7);
+
+        final String username = jwtService.extractUsername(jwt);
+
+        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+
+            UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
+
+            if (jwtService.isTokenValid(jwt, userDetails)) {
+
+                UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
+                        userDetails,
+                        null,
+                        userDetails.getAuthorities()
+                );
+
+                authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+
+                SecurityContextHolder.getContext().setAuthentication(authToken);
+            }
+        }
+
+        filterChain.doFilter(request, response);
+    }
+}
--- a/api/src/main/java/fr/gameovergne/api/service/user/UserService.java
+++ b/api/src/main/java/fr/gameovergne/api/service/user/UserService.java
@@ -0,0 +1,55 @@
+package fr.gameovergne.api.service.user;
+
+import fr.gameovergne.api.model.user.User;
+import fr.gameovergne.api.repository.user.UserRepository;
+import jakarta.transaction.Transactional;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+import java.util.Optional;
+
+@Service
+public class UserService {
+
+    private final UserRepository userRepository;
+
+    @Autowired
+    public UserService(UserRepository userRepository) {
+        this.userRepository = userRepository;
+    }
+
+    @Transactional
+    public void saveUser(User user) {
+        if (user.getId() == null) {
+            userRepository.save(user);
+        }
+    }
+
+    public Optional<User> getUserById(Long id) {
+        return userRepository.findById(id);
+    }
+
+    public List<User> getAllUsers() {
+        return userRepository.findAll();
+    }
+
+    @Transactional
+    public Optional<User> updateUser(User user) {
+        return userRepository.findById(user.getId()).map(existingUser -> {
+            existingUser.setFirstName(user.getFirstName());
+            existingUser.setLastName(user.getLastName());
+            existingUser.setEmail(user.getEmail());
+            existingUser.setUsername(user.getUsername());
+            existingUser.setPassword(user.getPassword());
+            return userRepository.save(existingUser);
+        });
+    }
+
+    @Transactional
+    public Optional<User> deleteUserById(Long id) {
+        Optional<User> user = userRepository.findById(id);
+        user.ifPresent(userRepository::delete);
+        return user;
+    }
+}
--- a/api/src/main/resources/application.properties
+++ b/api/src/main/resources/application.properties
@@ -0,0 +1,13 @@
+spring.application.name=api
+
+server.port=3000
+
+spring.datasource.url=jdbc:mysql://192.168.20.112:3306/gameovergne_app?useSSL=false&allowPublicKeyRetrieval=true
+spring.datasource.username=gameovergne
+spring.datasource.password=gameovergne
+
+spring.jpa.hibernate.ddl-auto=update
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL8Dialect
+spring.jpa.show-sql=true
+
+jwt.secret=a23ac96ce968bf13099d99410b951dd498118851bdfc996a3f844bd68b1b2afd