User Registration Flow - Sequence Diagram

[poksyy]

This discussion provides a detailed sequence diagram of the user registration process in our system. The registration process ensures that users are properly validated, stored in the database, and receive a JWT token for authentication.

1️⃣ User submits a registration request

A user initiates the registration process by sending a POST /api/auth/register request with:

• Username (must be unique)
• Email (must be valid and unique)
• Password (must be strong and securely stored)

2️⃣ AuthController receives the request and validates the input data

The request first reaches AuthController, which serves as the entry point for authentication.
The request body is mapped to a DTO (UserRegisterRequest) that includes annotations like @notblank and @Email to validate fields.

✅ Why use a DTO (Data Transfer Object) instead of the model?
Separation of Concerns: Keeps the internal model hidden from external layers like controllers.
Input Validation: Ensures valid data with annotations before processing.
Data Control: Allows selective exposure of fields and avoids sending sensitive information.
Flexibility: Changes in the model don't affect the API's data handling.

✅ Why use annotations for validation instead of relying solely on GlobalExceptions?
Early Validation: Annotations perform validation at the field level before the data is processed, reducing the need for error handling after the fact.
Cleaner Code: By using annotations directly in the DTO, validation logic is kept declarative and concise, avoiding extra logic in the service or controller layers.
Prevention of Bad Data: Ensures that only valid data is sent to the database or further services, preventing errors earlier in the process.

3️⃣ UserService checks if the user already exists and hashes the password

The business logic of user registration happens in UserService.
It first checks if a user with the given email or username already exists by querying the database through UserRepository.
If the user does not exist, the password is hashed using BCryptPasswordEncoder to prevent storing raw passwords.

4️⃣ UserRepository saves the new user to the database

Once validation and password hashing are complete, UserRepository (which extends JpaRepository) saves the new user entity in the database.
This step persists the user’s information permanently.

5️⃣ JwtService generates a JWT token for authentication

After successfully registering the user, we need to authenticate them immediately.
JwtService generates a JWT token, which includes user details and an expiration time.
This token will be required for subsequent API requests to verify the user’s identity.

6️⃣ Response is sent back to the user with the generated token

The AuthController returns a response containing:

• The JWT token (to be used for authentication).
• Optionally, basic user details (e.g., username, email).

The frontend or mobile app can now store this token and include it in Authorization headers for future requests.

[poksyy]

Implementation issue #18 .