StayEase

🏨 Hotel Booking Aggregator – Backend Service

A secure, role-based backend service built using Spring Boot and Gradle with MySQL to manage hotel listings and room bookings for a hotel management aggregator platform. The application exposes RESTful APIs secured with JWT-based authentication and enforces strict role-based authorization and business rules to prevent overbooking and ensure data integrity.

This project follows a clean layered architecture and incorporates production-ready practices such as validation, centralized error handling, logging, and unit testing.

📌 1. Problem Statement

The goal of this project is to design and implement a backend service for a simplified hotel room booking system that:

Allows users to register and authenticate securely
Enables customers to browse hotels and book rooms
Allows hotel managers to update hotel details and cancel bookings
Restricts hotel creation and deletion to administrators
Prevents overbooking by tracking available rooms
Enforces booking date validation rules
Secures APIs using JWT and role-based access control

The system assumes:

Only one type of room
All bookings are for two guests
Check-in and check-out handling is managed by another service

🧰 2. Technology Stack & Rationale

Technology	Purpose
Java 17	Backend programming language
Spring Boot (3.3.3)	Framework for building RESTful APIs
Spring Security	Authentication & authorization
JWT (io.jsonwebtoken:0.11.5)	Stateless authentication
MySQL	Relational database for persistent storage
Spring Data JPA	ORM and database abstraction
BCrypt	Secure password hashing
Gradle	Build and dependency management
JUnit 5 & Mockito	Unit and integration testing
SLF4J / Logback	Logging

Why Gradle? Gradle provides efficient build automation, dependency management, and incremental compilation for faster builds, especially in Spring Boot projects.

Why MySQL? MySQL provides strong transactional guarantees and relational integrity, making it suitable for booking systems where consistency and accuracy are critical.

🧭 3. High-Level Design (HLD)

Client (Postman / Frontend)
        ↓
Controller Layer
        ↓
Service Layer
        ↓
Repository Layer
        ↓
MySQL Database

Layer Responsibilities

Controller Layer Handles HTTP requests, request validation, and response mapping
Service Layer Contains core business logic such as booking rules, room availability checks, and date validation
Repository Layer Manages database operations using Spring Data JPA
Security Layer Implements JWT authentication and role-based access control

👥 4. User Roles & Authorization

Role	Description
USER	Can browse hotels and create bookings
HOTEL_MANAGER	Can update hotel details and cancel bookings
ADMIN	Can create and delete hotels

Access Control Summary

Action	USER	HOTEL_MANAGER	ADMIN
Register / Login	✅	✅	✅
Browse Hotels	✅	✅	✅
Create Hotel	❌	❌	✅
Update Hotel	❌	✅	❌
Delete Hotel	❌	❌	✅
Create Booking	✅	❌	❌
Cancel Booking	❌	✅	❌

🌟 5. Key Features

🔐 User Management

User registration and login
Passwords securely hashed using BCrypt
JWT token generation on successful authentication
Default role assignment to USER

🏨 Hotel Management

Public access to browse available hotels
Admin-only hotel creation and deletion
Hotel manager-only updates
Tracks total and available rooms

📅 Booking Management

Customers can book one room per request
Prevents overbooking using available room count
Only managers can cancel bookings
Date validation:
- Check-in must be a future date
- Check-out must be after check-in
- Date format: YYYY-MM-DD

🛡️ Security

Stateless JWT-based authentication
Role-based endpoint protection
Separation of public and private endpoints

⚠️ Validation & Error Handling

Centralized exception handling
Meaningful HTTP status codes (400, 401, 403, 404)
Graceful error messages

🧪 Testing

Unit tests using JUnit and Mockito
Controller tests using MockMvc
Coverage for authentication, booking logic, and authorization rules

📡 6. API Documentation

Base URL

http://localhost:8081

Authentication APIs

Method	Endpoint
POST	/api/users/register
POST	/api/users/login

Hotel APIs

Method	Endpoint	Access
GET	/api/hotels	Public
POST	/api/hotels	ADMIN
PUT	/api/hotels/{hotelId}	HOTEL_MANAGER
DELETE	/api/hotels/{hotelId}	ADMIN

Booking APIs

Method	Endpoint	Access
POST	/api/bookings/{hotelId}	USER
GET	/api/bookings/{bookingId}	Authenticated
DELETE	/api/bookings/{bookingId}	HOTEL_MANAGER

💻 7. Local Setup & Running the Application

📦 Prerequisites

Java 17+
MySQL running locally
Gradle installed

🔧 Setup Steps

# Clone the repository
git clone <your-github-repo-url>
cd hotel-booking-aggregator

# Configure database
# Update application.properties or application.yml with MySQL credentials

# Build the project
./gradlew clean build

# Run the application
./gradlew bootRun

🌐 Access

http://localhost:8081

📝 8. Logging & Monitoring

Uses SLF4J with Logback
Logs request flow, business operations, and errors
Helpful for debugging and production monitoring

🚀 9. Future Enhancements

Multiple room types per hotel
Pricing and payment integration
Booking history for users
Pagination and filtering for hotels
Swagger / OpenAPI documentation
Dockerization and CI/CD pipeline
Cloud deployment (AWS / GCP)

📬 10. Contributions & Support

Contributions, issues, and feature requests are welcome. Feel free to open an issue or submit a pull request.

Maintained by: Shushant Rishav