A secure banking platform built with Spring Boot and Next.js, implementing industry-standard authentication, authorization, and transaction management.
🚀 Live Demo: Currently undergoing a migration to AWS. ( ETA : not known )
➡️ View full Architecture & Flow Analysis
(All diagrams are included in this document)
Backend: Spring Boot 4.0.1 (Java 21)
Frontend: Next.js 16.1.1 with React 19
Database: PostgreSQL
Authentication: JWT with token versioning
Migrations: Flyway
- Spring Boot (Web, Data JPA, Security, Validation)
- PostgreSQL
- Flyway (Database Migration Management)
- Spring Security with JWT
- Spring Boot Actuator
- Lombok
- Maven
- Testcontainers (Testing)
- OpenAPI/Swagger Documentation
- Next.js 16 with App Router
- React 19 with React Compiler
- TypeScript
- Tailwind CSS 4
- Axios
- Lucide React Icons
- User Authentication: JWT-based authentication with token versioning
- Authorization: Role-based access control (USER, ADMIN)
- Account Management: User registration, login, profile management
- Transaction Processing: Deposits, withdrawals, and transfers
- Database Migrations: Automated schema versioning with Flyway
- API Documentation: Interactive API docs via OpenAPI/Swagger
- Health Monitoring: Spring Boot Actuator endpoints
- Security:
- Token versioning for forced logout
- Rate limiting with Bucket4j
- Secure password hashing with BCrypt
- Request queue management
- CORS configuration
- Modern UI: Responsive design with Tailwind CSS
- Java 21+
- Node.js 20+
- PostgreSQL
- Maven (or use included wrapper)
- Clone the repository:
git clone https://github.com/SleepyStack/Vaulta.git
cd Vaulta- Configure database connection in
src/main/resources/application.properties:
spring.datasource.url=jdbc:postgresql://localhost:5432/vaulta
spring.datasource. username=your_username
spring.datasource. password=your_password
# Flyway Configuration (Optional - uses defaults if not specified)
spring.flyway.enabled=true
spring.flyway. baseline-on-migrate=true
spring.flyway.locations=classpath:db/migrationNote: It is recommended to use a .env file with the dotenv-java dependency (already included in pom.xml) to manage environment variables rather than hard-coding credentials.
- Build and run:
./mvnw clean install
./mvnw spring-boot:runThe backend will start on http://localhost:8080
Database Migrations: Flyway will automatically run migrations on startup, creating the necessary schema from files in src/main/resources/db/migration/.
- Navigate to frontend directory:
cd frontend- Install dependencies:
npm install- Create
.env. local:
NEXT_PUBLIC_API_URL=http://localhost:8080- Run development server:
npm run devThe frontend will start on http://localhost:3000
This project uses Flyway for database schema versioning and migrations.
Migration scripts are located in src/main/resources/db/migration/:
V1__init_schema.sql- Initial database schema with tables for users, accounts, and transactions
- Automatic Execution: Migrations run automatically on application startup
- Version Control: Database schema changes are tracked and versioned
- Rollback Safety: Flyway ensures migrations are applied in order and prevents conflicts
- Custom Types: PostgreSQL ENUM types for account types, statuses, roles, and transaction types
To add a new migration:
- Create a new SQL file in
src/main/resources/db/migration/ - Follow the naming convention:
V{version}__{description}.sql(e.g.,V2__add_user_preferences.sql) - Flyway will automatically detect and apply the migration on next startup
POST /api/auth/register- User registrationPOST /api/auth/login- User loginPOST /api/auth/refresh- Token refreshPOST /api/auth/logout- User logout
GET /api/user/profile- Get user profilePATCH /api/user/profile- Update profile
POST /api/transactions/deposit- Deposit fundsPOST /api/transactions/withdraw- Withdraw fundsPOST /api/transactions/transfer- Transfer fundsGET /api/transactions/history- Transaction history
Access interactive API documentation at http://localhost:8080/swagger-ui. html when running locally.
Vaulta/
├── src/
│ ├── main/
│ │ ├── java/com/github/sleepystack/vaulta/
│ │ │ ├── config/ # Security & app configuration
│ │ │ ├── controller/ # REST controllers
│ │ │ ├── entity/ # JPA entities
│ │ │ ├── repository/ # Data repositories
│ │ │ ├── service/ # Business logic
│ │ │ ├── security/ # Security components
│ │ │ ├── dto/ # Data transfer objects
│ │ │ └── util/ # Utility classes
│ │ └── resources/
│ │ ├── db/
│ │ │ └── migration/ # Flyway migration scripts
│ │ └── application.properties
│ └── test/ # Unit & integration tests
├── frontend/
│ ├── src/
│ │ ├── app/ # Next.js app router pages
│ │ ├── components/ # React components
│ │ ├── lib/ # API client & utilities
│ │ └── types/ # TypeScript types
│ └── public/ # Static assets
└── pom.xml
./mvnw testThe test suite includes integration tests with Testcontainers for PostgreSQL.
cd frontend
npm run lint./mvnw clean package
java -jar target/Vaulta-0.0.1-SNAPSHOT.jarcd frontend
npm run build
npm startThe application will be containerized and deployed to a cloud platform with the following components:
- Dockerized Spring Boot backend
- Dockerized Next.js frontend
- PostgreSQL database
- Automated Flyway migrations on deployment
- JWT tokens stored in localStorage (client-side)
- Token versioning prevents unauthorized access after logout
- CORS configured for cross-origin requests
- Rate limiting on sensitive endpoints with Bucket4j
- Password encryption with BCrypt
- Request queue management to prevent API abuse
- Database migrations managed securely through Flyway
- Soft delete implementation for data retention
- Deployed as a single-node application; no horizontal scaling or multi-instance coordination
- Transaction safety is enforced using database-level ACID guarantees and
@Transactionalboundaries; no cross-node concurrency handling required in the current architecture - Rate limiting implemented using Bucket4j with request queueing to handle controlled bursts; not adaptive to dynamic traffic patterns
- JWT tokens are stored in
localStoragefor simplicity in the demo; HttpOnly cookies would be preferred for higher-security production environments - Centralized logging implemented using SLF4J with Logback; no distributed tracing or log aggregation
- No dedicated audit logging, alerting, or fraud detection subsystem
- Cloud infrastructure intentionally kept minimal (Railway + Vercel) to prioritize application correctness over infrastructure complexity; AWS-based deployment planned as a future learning extension
Configure the following in application.properties or via environment variables:
| Variable | Description | Default |
|---|---|---|
spring.datasource.url |
PostgreSQL connection URL | - |
spring.datasource.username |
Database username | - |
spring.datasource.password |
Database password | - |
spring.flyway.enabled |
Enable Flyway migrations | true |
| Variable | Description | Default |
|---|---|---|
NEXT_PUBLIC_API_URL |
Backend API URL | http://localhost:8080 |
A super admin account is automatically created on first run:
- Email:
admin@vaulta.com - Password:
Admin123!
Built with resources from:
- Spring Boot - Framework foundation
- Laur Spilca - YouTube - Security architecture guidance
This project is licensed under the MIT License.
See the LICENSE file for details.
SleepyStack
GitHub Profile
Version: 0.0.1-SNAPSHOT
Last Updated: 2026-01-07