REST API for EditaisGOV, a government procurement (bidding) platform. Handles authentication, tender (edital) management, and bid (lance) processing. Companion service for the EditaisGOV Frontend.
- Java 21
- Spring Boot 4.0.6 (Web MVC)
- MySQL
- JWT (jjwt) for stateless authentication
- Maven
Layered structure: controller -> service -> repository -> model. Authentication is stateless via JWT; user identity and role are extracted directly from the token payload (TokenService.extrairClaim), avoiding a database lookup on every request.
Roles: FORNECEDOR (supplier, places bids) and a buyer/admin role that creates and manages tenders.
| Method | Endpoint | Description |
|---|---|---|
| POST | /registrar |
Registers a new user |
| POST | /logar |
Authenticates a user and returns a JWT |
| GET | /verificar-email |
Checks if an email is already registered |
| GET | /verificar-nome |
Checks if a username is already taken |
All routes require an Authorization: Bearer <token> header.
| Method | Endpoint | Description |
|---|---|---|
| POST | /criar |
Creates a new tender |
| GET | / |
Lists tenders; ?urgente=true filters tenders closing within 48 hours |
| GET | /{id} |
Retrieves a single tender |
| PUT | /{id} |
Updates a tender |
| DELETE | /{id} |
Deletes a tender |
| POST | /{id}/lances |
Submits a bid on a tender |
| GET | /{id}/lances |
Lists bids on a tender |
| Method | Endpoint | Description |
|---|---|---|
| GET | /meus-lances |
Lists bids placed by the authenticated user |
| DELETE | /{id} |
Deletes a bid |
UserDTO — id, nome, email, senha (hashed), role.
EditalDTO — id, titulo, descricao, data_fechamento, status, vencedor.
LanceDTO — id, valor, data_lance (server-assigned), id_edital, id_usuario, nome_fornecedor, vencedor.
- JDK 21+
- Maven 3.9+
- MySQL 8
- Create the database and import the schema:
mysql -u root -p < dump.sql - Set the required environment variables (see below).
- Run the application:
./mvnw spring-boot:run
The API starts on http://localhost:8080.
| Variable | Description | Required |
|---|---|---|
JWT_SECRET |
Secret key used to sign JWTs | Yes |
Database connection details are currently hardcoded in
repository/Conexao.java(URL, username, and password), separate from the JPA/env-based configuration used elsewhere. This must be externalized before the credentials are committed to version control again — see the security note in the related repository.
biddingFrontEnd — Thymeleaf client consuming this API.