Security: Implement UUID v7 for Resource Identification #78

[rifernun]

fix #78

Description

Currently, the system uses sequential identifiers (SERIAL / AUTO_INCREMENT) for database records. While functional, sequential IDs are predictable and can expose data volume metrics. Although the initial proposal suggested UUID v7, we implemented Snowflake IDs (64-bit) to provide non-predictability while maintaining superior storage efficiency and native BIGINT compatibility compared to 128-bit UUIDs.

Resolution (What was done)

• Snowflake Strategy: Implemented SnowflakeIdGenerator with a custom epoch to generate time-ordered, unique 64-bit identifiers.
• Hibernate Integration: Created SnowflakeIdentifierGenerator to allow the application to provide IDs automatically during entity persistence.
• Database Schema Migration: Refactored all primary and foreign keys across the project (Users, Items, Lists, etc.) from SERIAL to BIGINT and removed database-level sequences.
• Infrastructure Upgrade: Updated the PostgreSQL image to version 18 in docker-compose.yml to optimize indexing for the new ID format.

How to Test

1. Entity Creation: Perform a POST request to any resource (e.g., Create User or Create List).
2. Verification: Confirm that the generated ID is a large 64-bit integer (e.g., 123456789012345) instead of a small sequential number.
3. Logs: Check application logs to ensure the SnowflakeIdentifierGenerator is being invoked by Hibernate.

Acceptance Criteria

• Primary entities generate a Snowflake ID automatically upon creation.
• All database IDs and foreign keys are converted to BIGINT.
• Database indexes are optimized for time-ordered insertion (native B-tree behavior for Snowflake).
• System supports record retrieval via the new 64-bit IDs in the service layer.

[github-actions]

🤖 Hi @rifernun, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖🎉 Thank you for your contribution! Your pull request has been submitted successfully. A maintainer from the team will review it as soon as possible. We appreciate your support in making this project better!

[github-actions]

🤖 Hi @rifernun, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 I'm sorry @rifernun, but I was unable to process your request. Please see the logs for more details.

[omatheusmesmo]

Great job, well done @rifernun! Since this project isn't in production, we don't need to create a new Flyway script to change the ID type—we can just edit the original scripts. Could you please adjust this?

[github-actions]

🤖 Hi @rifernun, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 I'm sorry @rifernun, but I was unable to process your request. Please see the logs for more details.

[github-actions]

🤖 Hi @rifernun, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 I'm sorry @rifernun, but I was unable to process your request. Please see the logs for more details.

[github-actions]

🤖 Hi @rifernun, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 Hi @rifernun, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 I'm sorry @rifernun, but I was unable to process your request. Please see the logs for more details.

[omatheusmesmo]

Hello @rifernun ,

Great job on this PR! Implementing Snowflake IDs is a solid move for security and scalability. Here are a few tweaks needed to get this merged and running smoothly:

Required Changes (Action Needed)

1. PostgreSQL 18 Compatibility:

   • Both docker-compose.yml (root and backend folder) need to be updated. PostgreSQL 18 changed its internal directory structure. Please update the volume mapping from /var/lib/postgresql/data to /var/lib/postgresql. Without this, the database fails to start on several environments.
   • Ref: Postgres 18 Docker Changes

2. Code Formatting:

   • The build is currently failing style validation. Please run mvn net.revelc.code.formatter:formatter-maven-plugin:2.29.0:format in the backend folder to align SnowflakeIdGenerator.java with the project standards.

3. DTO Field Mapping Consistency:

   • RegisterUserDTO currently uses @JsonProperty("full_name"), but other parts of the system (like README and frontend) might expect fullName. Please double-check this to ensure registration doesn't fail due to null constraints (I encountered a 500 error during manual testing).

4. Issue Tracking:

   • Please add "fix #78" to your PR body. This ensures the original issue closes automatically upon merge.

Verification Summary

I’ve manually verified the core logic and it works as intended:

• Generated ID Example: 288774909243428864 (Confirmed 64-bit Snowflake).
• Database Schema: All 7 Flyway migrations (V1-V7) are applying correctly on a Postgres 18 instance with the volume fix applied.

Congratulations on the high-quality contribution! Once these points are addressed, we are good to go.

[github-actions]

🤖 Hi @rifernun, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 Hi @rifernun, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 I'm sorry @rifernun, but I was unable to process your request. Please see the logs for more details.

[github-actions]

🤖 Hi @rifernun, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 I'm sorry @rifernun, but I was unable to process your request. Please see the logs for more details.

[omatheusmesmo]

Great job! All requested changes have been addressed. The PostgreSQL 18 configuration is correct, Flyway migrations are updated to BIGINT, and code formatting is aligned with project standards. Ready to merge.

[omatheusmesmo]

@rifernun , great job, well done! 🎉 ☕