RentRead is a RESTful API built using Spring Boot for managing an online book rental system. It supports user authentication, role-based authorization, book management, and rental workflows with MySQL persistence.
The application follows a layered architecture and is designed according to real-world backend best practices.
- Basic Authentication (email + password)
- Passwords encrypted using BCrypt
- Role-based access:
- ADMIN
- USER
- User registration (default role: USER)
- Admin registration
- User login using email and password
- Admin can:
- Create books
- Update books
- Delete books
- Users and Admins can:
- View all available books
- Users can rent books
- A user can have maximum 2 active rentals
- Users can return books
- Book availability updates automatically
- Centralized global exception handling
- Proper HTTP status codes (400, 401, 403, 404)
- Consistent error response structure
- Automated tests using MockMvc and Mockito
- All assessment test cases passing
- Java 17
- Spring Boot 3
- Spring Security (Basic Auth)
- Spring Data JPA
- Hibernate
- MySQL
- H2 Database (for tests)
- Lombok
- Gradle
src
├── main
│ ├── java/com/crio/rent_read
│ │ ├── config
│ │ ├── controller
│ │ ├── dto
│ │ ├── entity
│ │ ├── exception
│ │ ├── repository
│ │ ├── security
│ │ ├── service
│ │ ├── service/impl
│ │ └── util
│ └── resources
│ └── application.properties
└── test
└── java/com/crio/rent_read
spring.application.name=rent_read
server.port=8081
spring.datasource.url=jdbc:mysql://localhost:3306/test_db
spring.datasource.username=assessment
spring.datasource.password=redrum
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true./gradlew clean build./gradlew bootRunjava -jar build/libs/rent_read-0.0.1-SNAPSHOT.jarApplication runs on:
http://localhost:8081
POST /auth/signup
{
"email": "admin@rentread.com",
"password": "admin123456",
"firstName": "Admin",
"lastName": "User",
"role": "ADMIN"
}POST /auth/login
| Endpoint | Method | Access |
|---|---|---|
| /books | GET | USER, ADMIN |
| /books | POST | ADMIN |
| /books/{id} | PUT | ADMIN |
| /books/{id} | DELETE | ADMIN |
| Endpoint | Method | Description |
|---|---|---|
| /rentals/users/{userId}/books/{bookId} | POST | Rent a book |
| /rentals/active-rentals/users/{userId} | GET | Get active rentals |
| /rentals/{rentalId} | PUT | Return a book |
curl -X POST http://localhost:8081/auth/signup -H "Content-Type: application/json" -d '{"email":"admin@rentread.com","password":"admin123456","firstName":"Admin","lastName":"User","role":"ADMIN"}'curl -X POST http://localhost:8081/auth/signup -H "Content-Type: application/json" -d '{"email":"user.test@example.com","password":"user123456","firstName":"Test","lastName":"User"}'curl -X POST http://localhost:8081/auth/login -H "Content-Type: application/json" -d '{"email":"user.test@example.com","password":"user123456"}'curl -u admin@rentread.com:admin123456 -X POST http://localhost:8081/books -H "Content-Type: application/json" -d '{"title":"Test Book","author":"Author","genre":"FICTION","availabilityStatus":"AVAILABLE"}'curl -u user.test@example.com:user123456 -X POST http://localhost:8081/rentals/users/1/books/1{
"message": "User has already reached maximum book rental limit!",
"httpStatus": "BAD_REQUEST",
"localDateTime": "2025-03-10T21:10:53.9228473"
}- ✔ Authentication & Authorization implemented
- ✔ Role-based access control
- ✔ Rental limit enforced
- ✔ Centralized error handling
- ✔ Tests passing
- ✔ Clean layered architecture
- ✔ Ready for submission