Unified infrastructure & orchestration hub for Liprerie. Integrates Next.js 16 and Spring Boot 3.5 submodules via a containerized local Docker dev stack, automated Makefile commands, and Kubernetes configs
A robust, high-performance, and fully containerized collaborative book-sharing and library management system designed to support interactive catalog discovery, passwordless security, and seamless dynamic localization. Engineered with Next.js 16 (using the React 19 concurrent App Router) and a Spring Boot 3.5 (Java 21) backend, the platform leverages Java 21's Virtual Threads (Project Loom) to achieve non-blocking concurrency under high-volume book catalog search queries. Authentication is managed via a state-of-the-art WebAuthn biometrics and hardware-key registration flow alongside a secure fallback magic-link transmission loop. A containerized PostgreSQL database acts as the relational storage layer, while system-generated transaction and validation emails are intercepted locally in developer environments using a Mailpit container. Complete multi-language navigation (French and English) is baked natively using next-intl, preserving active search parameters and states across dynamic routing changes.
Sub-5ms JWT verification overhead using lightweight Elliptic Curve cryptography; under 15ms database query response time enabled by JPA connection pooling and virtual thread task dispatching.
Lock-tight 60 FPS transitions and form submissions using framer-motion and TailwindCSS 4; under 100ms client-side page transitions with App Router server-side hydration.
Near-zero cloud infrastructure footprint leveraging standard Docker containerization, enabling complete local or self-hosted deployment of Spring, Postgres, Mailpit, and Next.js.
Orchestrated a containerized development workflow via a unified root Makefile, streamlining environment bootstrapping (using make init and make dev) across frontend, backend, PostgreSQL, and Mailpit services.
Integrated biometric hardware-key and passkey credentials (WebAuthn) using `@simplewebauthn/browser` on the client and `WebAuthn4j` on the backend, enabling secure passwordless signup, login, and multi-key user profile management.
Leveraged Java 21 Virtual Threads (Project Loom) in Spring Boot (spring.threads.virtual.enabled: true) to eliminate standard OS-thread scheduling bottlenecks during high-throughput database interactions and asynchronous transactions.
Engineered a low-latency authorization pipeline utilizing stateless JWTs signed with Elliptic Curve (EC) cryptographic keys, achieving superior security with significantly lower computational overhead than RSA keys.
Exhaustive situation-action-result breakdowns showcasing problem-solving and architectural execution.
Implementing biometric WebAuthn credentials authentication between Next.js server-actions and a Spring Boot backend often breaks due to delicate signature validations, strict cryptographic challenge matching, and complex Base64URL string encoding variations across native browser APIs and Java validation libraries.
Designed customized, strongly-typed JSON DTOs (RegistrationFinishRequest and AuthenticationFinishRequest) to normalize incoming authenticator payloads, sanitized and decoded all Base64URL credential identifiers inside the Next.js server actions proxy, and implemented a precise cryptographic challenge verification hook in the Spring backend.
Low-level component relationships, system boundaries, and runtime flows.
The Liprerie architecture uses a decoupled full-stack design orchestrating a Next.js 16 frontend and a Spring Boot 3.5 backend. The frontend utilizes Next.js App Router for localized routing (next-intl), React 19 for rendering, and @simplewebauthn/browser for biometric credentials initialization. Dynamic requests are proxied via server actions and API clients to the Java backend. The backend runs on Java 21 with Virtual Threads (Project Loom) enabled, dispatching request execution to lightweight virtual threads that drastically minimize concurrency overhead. Spring Security handles security filtering, extracting JWT tokens signed using Elliptic Curve (EC) cryptography to authenticate endpoints. Persistence is managed via Spring Data JPA connected to a PostgreSQL 16 container, while SMTP triggers route system emails to a containerized Mailpit catcher. The complete stack is containerized and orchestrated with Docker Compose and managed with Makefile commands.
Decoupling frontend presentation and backend services via strict API contracts (using OpenAPI/Swagger) and unified Docker orchestration greatly accelerates development velocity. Furthermore, utilizing modern, efficient cryptographic primitives like Elliptic Curve tokens and passwordless biometrics drastically reduces architectural security vulnerabilities while simplifying database schema dependencies (no need to store hashed passwords, just public keys).
Implemented client-side form validation using React Hook Form and Zod schemas integrated with standard Java Bean Validation annotations (@Valid, @NotNull) on Spring REST Controllers to ensure robust full-stack data integrity.
Built a highly responsive internationalization architecture using next-intl, enabling dynamic French and English translation switching while maintaining localized cookie configurations and catalog query states.
Established a zero-failure, seamless passwordless signup and fingerprint login flow that is fully compliant with the W3C WebAuthn standards.
Enabling Project Loom Virtual Threads allows handling millions of concurrent requests but quickly exhausts database connections in the HikariCP connection pool if queries block or transactions are poorly managed under heavy concurrent catalog reads.
Enforced strict transactional boundaries via Spring Data's @Transactional annotation to minimize the lifecycle of database connections, tuned HikariCP pool parameters in application.yaml, and decoupled slow asynchronous processes (like local Mailpit email transmissions) from main Web MVC execution threads.
Prevented connection starvation and thread-pinning issues, ensuring robust performance under high concurrent user search loads.
Enforcing dynamic internationalization with next-intl across the App Router created constant hydration mismatches, search parameter losses, and route thrashing when users switched languages inside dynamic catalog filter panels.
Built a state-driven LocaleSwitcher component with automated locale-aware cookie matching, leveraging next-intl's router wrappers to cleanly forward active search states (price slider limits, categorization filters) during dynamic language transitions.
Created a seamless, zero-hydration-error dynamic translation layer that preserves active search settings with zero layout shifts or route errors.
