A modern platform for credit analysis and approval, featuring traditional and social login, a microservices architecture, asynchronous communication via RabbitMQ, PDF generation, AWS S3 integration, and much more.
Ideal for simulating a real-world credit system with a robust, scalable, and secure architecture.
-
user-service: Handles user registration, authentication, social login, proposal submission, and access to proposal history.
-
proposal-service: Receives submitted proposals, stores them with user information and a status of "PENDING", then forwards them for analysis.
-
credit-analysis-service: Analyzes proposals based on the user's CPF and a randomly generated score. Returns the analyzed proposal with the status updated to "APPROVED" or "REJECTED".
-
notification-service: Sends emails regarding proposal status, user validation links, and links to download receipts.
-
documentation-service: Generates PDF receipts for "APPROVED" proposals, uploads them to AWS S3, and sends the download link to the notification-service.
-
Tests: Includes 244 unit and integration tests, with 100% code coverage.
- 🔐 User registration and authentication (traditional and social login with Google)
On the first Google login, only the user's email and a default password are stored in the database.
A temporary validation link is sent via email, allowing the user to complete missing data (name, CPF, password, and income) to become a valid user. - 📧 Email notifications for validation, proposal status, and document download (via JavaMail)
- 📄 PDF receipt generation for approved proposals
- ☁️ Integration with AWS S3 for uploading and retrieving receipts
- 🔁 Asynchronous communication between services via RabbitMQ
- 🌐 Synchronous REST communication between services via WebClient + OAuth2 (Client Credentials)
- 🧠 Automated credit analysis with random score logic
- 🧾 Account deletion request flow: users must submit a reason; administrators receive a notification and decide whether to approve the deletion
- ⛔ Security filters to block access from unvalidated users
- 🔄 Temporary links with expiration (10 minutes) for email validation.
- 🔄 Temporary links with expiration (1 hour) for receipt download.
- ⏱️ Rate limiting: only one proposal submission every 24 hours
- ♻️ PDF regeneration and re-sending if the link has expired
- 💥 Circuit Breaker and fallback mechanism for service resilience (using Resilience4j)
- 📑 API documentation with OpenAPI and Swagger UI
- 📊 Application monitoring with Prometheus and Grafana
- 🐳 Dockerized services and deployment via Docker Hub
- Spring Boot, Spring Security, OAuth2 (Resource & Auth Server), JWT
- Jakarta Bean Validation, MapStruct, Thymeleaf
- RabbitMQ (Async), WebFlux + WebClient (Sync)
- AWS S3, JavaMailSender
- SpringDoc OpenAPI, Spring Boot Actuator, Micrometer, Prometheus, Grafana
- JUnit, Mockito, TestContainers, WireMock, REST Assured
- Resilience4j (Circuit Breaker, Fallback), Design Patterns (Factory, Strategy, Builder, etc.)
The project applies well-known design patterns to improve maintainability, testability, and scalability:
- Factory
- Strategy
- Singleton
- Builder
- TDD (Test-Driven Development)
- BDD (Behavior-Driven Development)
To run this system locally, you need Docker and MySQL Workbench. No manual dependency installation is required — all services run via Docker Compose.
Download and use this docker-compose.yml file:Docker file
GOOGLE_CLIENTGOOGLE_SECRET
ACCESS_KEYSECRET_KEY
EMAILEMAIL_PASSWORD→ This must be an "App Password", not your regular email password.
Then, navigate to the folder containing the file and run:
docker-compose up Open MySQL Workbench and create two separate connections:
- Connection 1:
localhost:3307→ User DB - Connection 2:
localhost:3308→ Proposal DB
(Username and password for both:root)
Now, insert the following values manually:
| Id | Name |
|---|---|
| 1 | ADMIN |
| 2 | USER |
| ClientId | ClientSecret | Scope |
|---|---|---|
| userserviceclient | $2a$10$KJz93hA5eQ9re6RIeXZwl.eqFb5au6//25IRdw19f/T9bsa5WpFR2 |
ADMIN |
Once everything is set up, open the API documentation:
Murillo Marques
A LinkedIn post demonstrates the main flow of this API — feel free to check it out: LinkedIn Post