Posts

What Two paths: controller exceptions vs pre-controller (filters/interceptors) exceptions. Single response shape via GlobalExceptionHandler for both paths. Flow (who catches what): Controller throws → handled by @ControllerAdvice methods. Filter/interceptor throws → not handled by @ControllerAdvice unless you forward via HandlerExceptionResolver. Why Consistency: avoid container default error pages/messages. Control: send structured GenericResponse with proper HTTP codes. How Global handler (GlobalExceptionHandler): @ControllerAdvice class GlobalExceptionHandler { @ExceptionHandler(UnAuthorizedExceptionThrowable::class) fun handleUnauthorized(ex: UnAuthorizedExceptionThrowable, req: WebRequest): ResponseEntity<GenericResponse<Nothing>> { val body = GenericResponse<Nothing>( responseType = ResponseType.FAIL, message = ex.errorMessage, code = ex.code, type = ex.errorMessage ) return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(body) } @ExceptionHandler(Exception::class) fun handleGeneric(ex: Exception, req: WebRequest) = ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body( GenericResponse<Nothing>( responseType = ResponseType.ERROR, message = ex.message ?: "Internal server error", code = HttpStatus.INTERNAL_SERVER_ERROR.value(), type = "Internal server error" ) ) } Explanation: ...

What FolderSync is an Android app that syncs local folders to S3-compatible storage. This guide sets up a private S3 bucket with a scoped IAM user and maps it to your device’s camera folder for automatic, private photo backup. You need an AWS account to start. Why Own your data: No Big Tech gallery lock-in. Reliability: S3 durability + Intelligent-Tiering for cost control. Simplicity: No self-hosted NAS, static IP, RAID, or server maintenance. How Step 1: Create S3 bucket (Region: us-east-1 recommended) ...

What CORS blocks non-whitelisted origins in AppSecurityConfig. JWT is validated for protected endpoints in JwtAuthenticationFilter using AuthenticationManagerJWT. API tiers restrict access even with a valid token; higher tiers grant access to more endpoints. Flow (request lifecycle): Incoming request → CORS applied → non-whitelisted origins blocked. Public/No-Auth endpoints bypass JWT checks. Protected endpoints → JWT extracted and validated. Tier authorization matched against requested API tier. On success, controller executes; on failure, error is routed to global handler. Why Prevent misuse from unwanted domains via strict CORS. Reject bad tokens: expired, blocked, reused/refresh-misuse. Enforce progression: open → tier 4 → tier 3 → tier 2 → tier 1 as business rules demand. How CORS configuration (AppSecurityConfig.corsConfigurationSource()): @Bean fun corsConfigurationSource(): CorsConfigurationSource { val configuration = CorsConfiguration() configuration.allowedOrigins = listOf( "http://localhost:3000", "https://yourdomain.com" ) configuration.allowedMethods = listOf("GET","POST","PUT","DELETE","OPTIONS","PATCH") configuration.allowedHeaders = listOf( "Authorization","Content-Type","X-Requested-With","Accept","Origin", KeywordsAndConstants.HEADER_TRACKING_ID, KeywordsAndConstants.HEADER_API_KEY, KeywordsAndConstants.HEADER_OTP, KeywordsAndConstants.HEADER_AUTH_TOKEN ) configuration.allowCredentials = true configuration.exposedHeaders = listOf( KeywordsAndConstants.HEADER_TRACKING_ID, KeywordsAndConstants.HEADER_API_TIER ) val source = UrlBasedCorsConfigurationSource() source.registerCorsConfiguration("/**", configuration) return source } Explanation: ...

Series links: Part 1/5 - Introduction Part 2/5 - Database Planning Part 3/5 - AWS Setup Part 4/5 - Backend APIs Part 5/5 - Frontend (you are here) What A small, fast web app that helps you add transactions with bills and later search/export them. Why Quick to use on phone or laptop. No heavy frameworks needed; it’s plain HTML/CSS/JS so you can host it anywhere. How Get the code Frontend source: https://github.com/sagarnayak/expense-tracking-public Pages you’ll see ...

Series links: Part 1/5 - Introduction Part 2/5 - Database Planning Part 3/5 - AWS Setup Part 4/5 - Backend APIs (you are here) Part 5/5 - Frontend What A tiny set of APIs to save entries with files, search them, get suggestions, and export CSV. Why Clear, stable contracts make the frontend simple. You can implement these endpoints in any backend framework. How Use your own domain names. The example hostnames below are placeholders. ...