Add main entry point for Spring
This commit is contained in:
@@ -0,0 +1,53 @@
|
|||||||
|
/**
|
||||||
|
* NotesVaultApplication.java
|
||||||
|
*
|
||||||
|
* Entry point for the Secure Notes Vault API. Bootstraps the Spring Boot application,
|
||||||
|
* enables JPA auditing for automatic timestamp management, and emits a startup warning
|
||||||
|
* if the JWT secret is still set to the insecure development default.
|
||||||
|
*/
|
||||||
|
package com.seanstarkey.notesvault;
|
||||||
|
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
import org.springframework.boot.SpringApplication;
|
||||||
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
import org.springframework.context.event.EventListener;
|
||||||
|
import org.springframework.boot.context.event.ApplicationReadyEvent;
|
||||||
|
import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Root Spring Boot application class. Enables JPA auditing so that {@code @CreatedDate}
|
||||||
|
* and {@code @LastModifiedDate} annotations on entities are populated automatically.
|
||||||
|
*/
|
||||||
|
@SpringBootApplication
|
||||||
|
@EnableJpaAuditing
|
||||||
|
public class NotesVaultApplication {
|
||||||
|
|
||||||
|
private static final Logger log = LoggerFactory.getLogger(NotesVaultApplication.class);
|
||||||
|
private static final String INSECURE_DEFAULT = "dev-secret-change-me-do-not-use-in-production";
|
||||||
|
|
||||||
|
@Value("${app.jwt.secret}")
|
||||||
|
private String jwtSecret;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Application entry point. Delegates to Spring Boot to bootstrap the context.
|
||||||
|
*
|
||||||
|
* @param args command-line arguments passed to the JVM
|
||||||
|
*/
|
||||||
|
public static void main(String[] args) {
|
||||||
|
SpringApplication.run(NotesVaultApplication.class, args);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fires after the application context is fully started. Logs a WARN-level message if
|
||||||
|
* the JWT secret has not been overridden from the insecure development default, so that
|
||||||
|
* operators are alerted before the application is exposed to traffic.
|
||||||
|
*/
|
||||||
|
@EventListener(ApplicationReadyEvent.class)
|
||||||
|
public void warnIfInsecureSecret() {
|
||||||
|
if (INSECURE_DEFAULT.equals(jwtSecret)) {
|
||||||
|
log.warn("SECURITY WARNING: JWT_SECRET is using the insecure default — do not use in production");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user