DOCS REFORMATTED, ADDED User Profile

Author: AnanthaRajuC

README.md

@@ -16,6 +16,7 @@ Features include but not limited to:
 
 - [Authentication](documents/AUTHENTICATION.MD)  
 - [User Roles](documents/USER_ROLES.MD)   
+- [API](documents/API.md)  
 - [Internationalization (i18n)](documents/INTERNATIONALIZATION.MD) 
 
 <div align="center">
@@ -77,10 +78,8 @@ Features include but not limited to:
 - [Architecture](documents/ARCHITECTURE.md) 
 - [Installation](documents/INSTALLATION.MD)  
 - [Deployment](documents/DEPLOYMENT.md)  
-- [Explore Rest APIs](documents/APP_SECURITY_AND_API.md)  
-- [Security](documents/APP_SECURITY_AND_API.md)  
+- [Security](documents/API.md)  
 - [Testing API](documents/TESTING.MD)  
-- [Files and Directories Structure](documents/ARCHITECTURE.md)  
 - [Changelog](documents/CHANGELOG.md) 
 - [Code Coverage](documents/CODE_COVERAGE.MD) 
 - [Documentation](documents/DOCUMENTATION.MD) 

documents/API.md

@@ -0,0 +1,69 @@
+## API
+
+### API Rate Limiting
+
+|     Tier   | API Request Cap |  API Key Prefix  |
+|------------|-----------------|------------------|
+|FREE        |     25          |     `null`       |
+|BASIC       |     50          |     `PX001-`     |
+|PROFESSIONAL|     75          |     `BX001-`     |
+
+Rate Limiting header `X-api-key`
+
+[Bucket4j](https://github.com/vladimir-bukhtoyarov/bucket4j) - Rate limiting library based on token/leaky-bucket algorithm - Refer `io.github.anantharajuc.sbat.core_backend.api.rate_limiting` package
+
+### Preventing Brute Force Authentication Attempts
+
+A basic solution for preventing brute force authentication attempts using Spring Security is implemented. The app keeps a record of the number of failed attempts originating from a single IP address. If that particular IP goes over a set number of requests – it will be blocked for a set amount of time.
+
+Refer `io.github.anantharajuc.sbat.core_backend.security.user.authentication.LoginAttemptService`
+
+### Session Timeout
+
+If the application remains inactive for a specified period of time, the session will expire. The session after this period of time is considered invalid and the user has to login to the application again.
+
+This value **server.servlet.session.timeout** can be configured in **application.properties** file
+
+
+## Explore Rest APIs
+
+The app defines following CRUD APIs. **If localhost doesn't work, use 192.168.99.102**
+
+To enable SSL, toggle **server.ssl.enabled** to **true** and use the **https://** protocol in the URL instead of **http://**
+
+Since the SSL certificate is self signed, turn off the **SSL certificate verification** option while interacting with the URLs via **Postman**
+
+<img src="images\tools\postman-ssl-certificate-verification.PNG"/>
+
+### URLs
+
+|                   URL                  | Method |          Remarks       |
+|----------------------------------------|--------|------------------------|
+|`http://localhost:8080/index`           | GET    | Home Page              |
+|`http://localhost:8080/sbat/index`      | GET    | Home Page              |
+|`http://localhost:8080/sbat/about`      | GET    | About Page             |
+|`http://localhost:8080/sbat/tech-stack` | GET    | Technology Stack Table |
+|`http://localhost:8080/sbat/close`      | GET    | Close App via Actuator |
+|`http://localhost:8080/sbat/login`      | GET    | Login Page             |
+|`http://localhost:8080/sbat/error`      | GET    | Custom Error Page      |
+
+### Other URLs
+
+|                           URL                                  | Method |
+|----------------------------------------------------------------|--------|
+|`http://localhost:8080/api/generic-hello`                       |   GET  | 
+|`http://localhost:8080/api/personalized-hello/`                 |   GET  | 
+|`http://localhost:8080/api/personalized-hello?name=spring-boot` |   GET  | 
+|`http://localhost:8080/api/loggers`                             |   GET  | 
+
+### Actuator
+
+To monitor and manage your application
+
+|              URL                          |Method|
+|-------------------------------------------|------|
+|`http://localhost:8080/actuator/`          |  GET |
+|`http://localhost:8080/actuator/health`    |  GET |
+|`http://localhost:8080/actuator/info`      |  GET |
+|`http://localhost:8080/actuator/prometheus`|  GET |
+|`http://localhost:8080/actuator/httptrace` |  GET |

documents/APP_SECURITY_AND_API.md

@@ -13,6 +13,7 @@
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
+import lombok.ToString;
 import lombok.experimental.FieldDefaults;
 
 /**
@@ -29,6 +30,7 @@
 @AllArgsConstructor
 @NoArgsConstructor
 @FieldDefaults(level=AccessLevel.PRIVATE)
+@ToString
 public class Permission extends AuditEntity
 {
 	private static final long serialVersionUID = 1L;

src/main/java/io/github/anantharajuc/sbat/core_backend/security/user/model/Permission.java

@@ -20,6 +20,7 @@
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
+import lombok.ToString;
 import lombok.experimental.FieldDefaults;
 
 /**
@@ -36,6 +37,7 @@
 @AllArgsConstructor
 @NoArgsConstructor
 @FieldDefaults(level=AccessLevel.PRIVATE)
+@ToString
 public class Role extends AuditEntity
 {
 	private static final long serialVersionUID = 1L;

src/main/java/io/github/anantharajuc/sbat/core_backend/security/user/model/Role.java

@@ -24,6 +24,7 @@
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
+import lombok.ToString;
 import lombok.experimental.FieldDefaults;
 
 /**
@@ -40,6 +41,7 @@
 @AllArgsConstructor
 @NoArgsConstructor
 @FieldDefaults(level=AccessLevel.PRIVATE)
+@ToString
 public class User extends AuditEntity
 {
 	private static final long serialVersionUID = 1L;