feat: Complete migration from Node.js/Express to Angular/Spring Boot

[devin-ai-integration]

feat: Complete migration from Node.js/Express to Angular/Spring Boot

Summary

This PR implements a complete technology stack migration from Node.js/Express to Spring Boot (backend) and Angular (frontend) for the RealWorld API application. The migration preserves the existing API contracts while replacing the underlying technology.

Backend (Spring Boot 3.2.0):

• JPA entities: User, Article, Comment, Tag with proper relationships (many-to-many for followers/favorites)
• Spring Data JPA repositories with custom queries
• JWT authentication using Spring Security with stateless session management
• REST controllers matching all original Express API endpoints
• Centralized error handling with @ControllerAdvice
• H2 in-memory database for development

Frontend (Angular 20):

• Services: AuthService, ArticleService, ProfileService, TagService
• Components: Login, Register, Home, ArticleList, ArticleDetail, ArticleEditor, Profile, Settings, Header, Footer
• HTTP interceptor for JWT token injection
• Routing with authentication guards

Deployment:

• Dockerfiles for both backend and frontend
• docker-compose.yml for orchestration
• nginx configuration for frontend serving and API proxying

Updates since last revision

Added comprehensive middleware integration tests to verify the Spring Security migration:

• SecurityMiddlewareIntegrationTest (19 new tests) covering:
  • JWT authentication: valid/invalid/missing tokens, Token vs Bearer prefix support
  • Public vs protected endpoint access verification
  • Error handling: 401, 403, 404, 422 response formats
  • CORS headers
• SecurityConfig fix: Now returns 401 Unauthorized (instead of 403) with correct JSON error format {"status": "error", "message": "missing authorization credentials"} matching the original Express behavior
• Fixed existing unit tests (AuthServiceTest, ArticleServiceTest) to use constructors instead of Lombok builders

Total tests: 32 (up from 13)

Review & Testing Checklist for Human

• Verify API contract compatibility: Test each endpoint to confirm response structures match the original Express API exactly (this is critical and not automatically verified)
• Test JWT authentication flow: Register a user, login, and verify protected endpoints work with the token
• Review SecurityConfig.java: Verify the public/protected endpoint configuration matches original Express middleware behavior
• Test the Angular frontend: Verify it connects to the backend and basic flows (login, view articles, create article) work
• Check error response formats: Verify 401, 403, 404, 422 responses match the original format

Recommended test plan:

1. Start the Spring Boot backend: cd backend && mvn spring-boot:run
2. Test API endpoints using curl or Postman against http://localhost:3000/api
3. Build and serve Angular frontend: cd frontend && npm install && npm start
4. Test the full user flow through the UI

Notes

• The original Node.js/Express code remains in the repo for reference
• Unit and integration tests cover AuthService, ArticleService, and security middleware (32 tests total)
• No database migration scripts included - uses H2 in-memory database
• Frontend components are functional but have minimal styling
• JWT secret defaults to "superSecret" (configurable via JWT_SECRET env var)

Link to Devin run: https://app.devin.ai/sessions/bd1ec1069b4d48d8bf7c797871771f80
Requested by: Arthur Poon (arthur.poon@cognition.ai) / @arthurkkp-cog

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[arthurkkp]

add some additional tests to verify the middleware was migrated correctly