$ CareerTrackApi

Microservice-based backend project focused on security and privacy for career tracking.

backend →frontend →

→Built a production-grade authentication system with JWT Refresh Token Rotation and Reuse Detection. When a refresh token is reused, the session is immediately terminated, proactively blocking potential session hijacking attempts.
→Developed a background cleanup service using Spring @Scheduled and custom Transaction Management (REQUIRES_NEW) to handle high-concurrency batch deletions of expired data. Security audit logs are retained separately with a 24-hour protection window against unauthorized deletion.
→User privacy is at the core of the system. Users have granular control over which data is processed and shared. Data from users who have disabled privacy sharing is strictly excluded from general statistics, trend analyses, and aggregate reports. Privacy preferences are enforced at every data processing step.
→No personal data is shared with third parties without explicit user consent. Upon receiving a deletion request, all user data is permanently purged once the security log retention period expires.
→Set up automated PostgreSQL backup infrastructure using Linux Bash scripts and Cron Jobs, including Gzip compression, data integrity verification, and a self-cleaning 7-day retention policy.
→Configured Kafka with SASL/SSL to encrypt all inter-service communication end-to-end. The Kafka module is designed as an independent unit — any service with completed YAML configuration can integrate seamlessly.
→Configured Nginx as a reverse proxy with custom security headers, port management, and IP-based rate limiting. All outbound traffic is routed through this layer.
→Database schema changes are managed with Flyway. All migrations are versioned and promoted to production in a controlled manner.

JavaSpring BootKafkaNginxPostgreSQLJWTDockerDevOps