create-backlist 6.1.6 → 6.1.8

package/src/templates/java-spring/partials/ApplicationSeeder.java.ejs

@@ -4,21 +4,43 @@ package <%= group %>.<%= projectName %>;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
+
 import <%= group %>.<%= projectName %>.model.User;
 import <%= group %>.<%= projectName %>.repository.UserRepository;
+
 import org.springframework.security.crypto.password.PasswordEncoder;
 
 @Configuration
 public class ApplicationSeeder {
+
   @Bean
-  CommandLineRunner seed(UserRepository userRepository, PasswordEncoder encoder) {
+  CommandLineRunner seed(UserRepository userRepository, PasswordEncoder encoder, Environment env) {
     return args -> {
-      if (userRepository.findByEmail("admin@example.com").isEmpty()) {
-        User admin = new User();
-        admin.setName("Admin");
-        admin.setEmail("admin@example.com");
-        admin.setPassword(encoder.encode("admin123"));
-        userRepository.save(admin);
+
+      // Enable/disable seeding via env (default: false)
+      boolean enabled = Boolean.parseBoolean(env.getProperty("SEED_ENABLED", "false"));
+      if (!enabled) return;
+
+      String email = env.getProperty("ADMIN_EMAIL", "admin@example.com");
+      String password = env.getProperty("ADMIN_PASSWORD", "admin123");
+      String name = env.getProperty("ADMIN_NAME", "Admin");
+
+      try {
+        if (userRepository.findByEmail(email).isEmpty()) {
+          User admin = new User();
+          admin.setName(name);
+          admin.setEmail(email);
+          admin.setPassword(encoder.encode(password));
+
+          userRepository.save(admin);
+
+          System.out.println("[Seeder] Admin user created: " + email);
+        } else {
+          System.out.println("[Seeder] Admin already exists: " + email);
+        }
+      } catch (Exception e) {
+        System.out.println("[Seeder] Seeding failed: " + e.getMessage());
       }
     };
   }

package/src/templates/java-spring/partials/AuthController.java.ejs

@@ -4,6 +4,7 @@ package <%= group %>.<%= projectName %>.controller;
 import <%= group %>.<%= projectName %>.model.User;
 import <%= group %>.<%= projectName %>.repository.UserRepository;
 import <%= group %>.<%= projectName %>.security.JwtService;
+
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -21,29 +22,59 @@ public class AuthController {
   private final JwtService jwt;
 
   public AuthController(UserRepository repo, PasswordEncoder encoder, JwtService jwt) {
-    this.repo = repo; this.encoder = encoder; this.jwt = jwt;
+    this.repo = repo;
+    this.encoder = encoder;
+    this.jwt = jwt;
   }
 
+  public record RegisterRequest(String name, String email, String password) {}
+  public record LoginRequest(String email, String password) {}
+  public record TokenResponse(String token) {}
+  public record ErrorResponse(String message) {}
+
   @PostMapping("/register")
-  public ResponseEntity<?> register(@RequestBody User req) {
-    if (repo.findByEmail(req.getEmail()).isPresent()) {
-      return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("User already exists");
+  public ResponseEntity<?> register(@RequestBody RegisterRequest req) {
+    if (req == null || isBlank(req.email()) || isBlank(req.password()) || isBlank(req.name())) {
+      return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorResponse("name, email, password are required"));
+    }
+
+    if (repo.findByEmail(req.email()).isPresent()) {
+      // better than 400: conflict
+      return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse("User already exists"));
     }
-    req.setPassword(encoder.encode(req.getPassword()));
-    repo.save(req);
-    String token = jwt.generateToken(req.getEmail());
+
+    User user = new User();
+    user.setName(req.name());
+    user.setEmail(req.email());
+    user.setPassword(encoder.encode(req.password()));
+
+    repo.save(user);
+
+    String token = jwt.generateToken(user.getEmail());
     return ResponseEntity.status(HttpStatus.CREATED).body(new TokenResponse(token));
   }
 
   @PostMapping("/login")
-  public ResponseEntity<?> login(@RequestBody User req) {
-    Optional<User> current = repo.findByEmail(req.getEmail());
-    if (current.isEmpty()) return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid credentials");
-    if (!encoder.matches(req.getPassword(), current.get().getPassword()))
-      return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("Invalid credentials");
-    String token = jwt.generateToken(req.getEmail());
+  public ResponseEntity<?> login(@RequestBody LoginRequest req) {
+    if (req == null || isBlank(req.email()) || isBlank(req.password())) {
+      return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorResponse("email and password are required"));
+    }
+
+    Optional<User> current = repo.findByEmail(req.email());
+    if (current.isEmpty()) {
+      // better than 400: unauthorized
+      return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(new ErrorResponse("Invalid credentials"));
+    }
+
+    if (!encoder.matches(req.password(), current.get().getPassword())) {
+      return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(new ErrorResponse("Invalid credentials"));
+    }
+
+    String token = jwt.generateToken(current.get().getEmail());
     return ResponseEntity.ok(new TokenResponse(token));
   }
 
-  public record TokenResponse(String token) {}
+  private boolean isBlank(String s) {
+    return s == null || s.trim().isEmpty();
+  }
 }

package/src/templates/java-spring/partials/Controller.java.ejs

@@ -4,37 +4,51 @@ package <%= group %>.<%= projectName %>.controller;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
+
 import java.util.List;
-import java.util.Optional;
+
 import <%= group %>.<%= projectName %>.service.<%= controllerName %>Service;
 import <%= group %>.<%= projectName %>.model.<%= controllerName %>;
 
 @RestController
-@RequestMapping("/api/<%= controllerName.toLowerCase() %>s")
+@RequestMapping("/api/<%= controllerName.toLowerCase() %>")
 @CrossOrigin(origins = "*")
 public class <%= controllerName %>Controller {
+
   private final <%= controllerName %>Service service;
-  public <%= controllerName %>Controller(<%= controllerName %>Service service) { this.service = service; }
 
-  @GetMapping public List<<%= controllerName %>> all() { return service.findAll(); }
+  public <%= controllerName %>Controller(<%= controllerName %>Service service) {
+    this.service = service;
+  }
+
+  @GetMapping
+  public ResponseEntity<List<<%= controllerName %>>> all() {
+    return ResponseEntity.ok(service.findAll());
+  }
 
   @GetMapping("/{id}")
-  public ResponseEntity<<%= controllerName %>> one(@PathVariable Long id) {
-    return service.findById(id).map(ResponseEntity::ok).orElse(ResponseEntity.notFound().build());
+  public ResponseEntity<<%= controllerName %>> one(@PathVariable String id) {
+    return service.findById(id)
+      .map(ResponseEntity::ok)
+      .orElse(ResponseEntity.notFound().build());
   }
 
   @PostMapping
   public ResponseEntity<<%= controllerName %>> create(@RequestBody <%= controllerName %> m) {
-    return new ResponseEntity<>(service.create(m), HttpStatus.CREATED);
+    return ResponseEntity.status(HttpStatus.CREATED).body(service.create(m));
   }
 
   @PutMapping("/{id}")
-  public ResponseEntity<<%= controllerName %>> update(@PathVariable Long id, @RequestBody <%= controllerName %> m) {
-    return service.update(id, m).map(ResponseEntity::ok).orElse(ResponseEntity.notFound().build());
+  public ResponseEntity<<%= controllerName %>> update(@PathVariable String id, @RequestBody <%= controllerName %> m) {
+    return service.update(id, m)
+      .map(ResponseEntity::ok)
+      .orElse(ResponseEntity.notFound().build());
   }
 
   @DeleteMapping("/{id}")
-  public ResponseEntity<Void> delete(@PathVariable Long id) {
-    return service.delete(id) ? ResponseEntity.noContent().build() : ResponseEntity.notFound().build();
+  public ResponseEntity<Void> delete(@PathVariable String id) {
+    return service.delete(id)
+      ? ResponseEntity.noContent().build()
+      : ResponseEntity.notFound().build();
   }
 }

package/src/templates/java-spring/partials/Dockerfile.ejs

@@ -1,11 +1,33 @@
-# Auto-generated by create-backlist
+# Auto-generated by create-backlist (Spring Boot)
+
+# ---- Build Stage ----
 FROM eclipse-temurin:21-jdk AS build
 WORKDIR /app
-COPY . .
+
+# Copy Maven wrapper + pom first for better layer caching
+COPY mvnw .
+COPY .mvn .mvn
+COPY pom.xml .
+
+# Download deps (cached)
+RUN ./mvnw -q -DskipTests dependency:go-offline
+
+# Copy source and build
+COPY src src
 RUN ./mvnw -q -DskipTests package
 
+# ---- Runtime Stage ----
 FROM eclipse-temurin:21-jre
 WORKDIR /app
+
+ENV JAVA_OPTS=""
+ENV SPRING_PROFILES_ACTIVE=default
+
 COPY --from=build /app/target/*.jar app.jar
+
 EXPOSE 8080
-ENTRYPOINT ["java", "-jar", "app.jar"]
+
+# Optional healthcheck (requires wget/curl; omit if base image lacks it)
+# HEALTHCHECK --interval=30s --timeout=3s --start-period=15s --retries=3 CMD wget -qO- http://localhost:8080/actuator/health || exit 1
+
+ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar app.jar"]

package/src/templates/java-spring/partials/Entity.java.ejs

@@ -4,12 +4,37 @@ package <%= group %>.<%= projectName %>.model;
 import jakarta.persistence.*;
 import lombok.Data;
 
+import java.time.Instant;
+
 @Data
 @Entity
+@Table(name = "<%= modelName.toLowerCase() %>")
 public class <%= modelName %> {
-  @Id @GeneratedValue(strategy = GenerationType.IDENTITY)
+
+  @Id
+  @GeneratedValue(strategy = GenerationType.IDENTITY)
   private Long id;
-  <% model.fields.forEach(f => { %>
-  private <%= f.type === 'Number' ? 'Integer' : (f.type === 'Boolean' ? 'Boolean' : 'String') %> <%= f.name %>;
+
+  <% model.fields.forEach(f => { 
+      const n = String(f.name || '').toLowerCase();
+      let t = 'String';
+      if (f.type === 'Number') t = 'Integer';
+      if (f.type === 'Boolean') t = 'Boolean';
+      // heuristic: money-like fields -> BigDecimal
+      if (f.type === 'Number' && (n.includes('price') || n.includes('amount') || n.includes('total'))) t = 'java.math.BigDecimal';
+  %>
+  @Column(name = "<%= f.name %>"<% if (f.isUnique) { %>, unique = true<% } %><% if (n.includes('email')) { %>, nullable = false<% } %>)
+  private <%= t %> <%= f.name %>;
   <% }) %>
+
+  @Column(nullable = false, updatable = false)
+  private Instant createdAt = Instant.now();
+
+  @Column(nullable = false)
+  private Instant updatedAt = Instant.now();
+
+  @PreUpdate
+  public void onUpdate() {
+    this.updatedAt = Instant.now();
+  }
 }

package/src/templates/java-spring/partials/JwtAuthFilter.java.ejs

@@ -5,10 +5,12 @@ import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
+
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 
@@ -28,16 +30,48 @@ public class JwtAuthFilter extends OncePerRequestFilter {
   @Override
   protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
       throws ServletException, IOException {
+
+    // Skip if already authenticated
+    if (SecurityContextHolder.getContext().getAuthentication() != null) {
+      chain.doFilter(request, response);
+      return;
+    }
+
     String header = request.getHeader("Authorization");
+
     if (header != null && header.startsWith("Bearer ")) {
-      String token = header.substring(7);
-      try {
-        String subject = jwtService.validateAndGetSubject(token);
-        UserDetails ud = uds.loadUserByUsername(subject);
-        var auth = new UsernamePasswordAuthenticationToken(ud, null, ud.getAuthorities());
-        SecurityContextHolder.getContext().setAuthentication(auth);
-      } catch (Exception ignored) {}
+      String token = header.substring(7).trim();
+
+      if (!token.isEmpty()) {
+        try {
+          String subject = jwtService.validateAndGetSubject(token); // usually email/username
+
+          UserDetails ud = uds.loadUserByUsername(subject);
+
+          var auth = new UsernamePasswordAuthenticationToken(
+              ud,
+              null,
+              ud.getAuthorities()
+          );
+          auth.setDetails(new org.springframework.security.web.authentication.WebAuthenticationDetailsSource()
+              .buildDetails(request));
+
+          SecurityContextHolder.getContext().setAuthentication(auth);
+
+        } catch (Exception ex) {
+          // Invalid token -> do not authenticate; proceed as anonymous
+          // (Optionally you could log here)
+        }
+      }
     }
+
     chain.doFilter(request, response);
   }
+
+  @Override
+  protected boolean shouldNotFilter(HttpServletRequest request) {
+    // Don't run filter for auth endpoints (optional)
+    String path = request.getServletPath();
+    return path != null && path.startsWith("/api/auth");
+  }
 }

package/src/templates/java-spring/partials/JwtService.java.ejs

@@ -1,30 +1,65 @@
 // Auto-generated by create-backlist
 package <%= group %>.<%= projectName %>.security;
 
-import io.jsonwebtoken.*;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.JwtException;
+import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.Keys;
+
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
+import java.nio.charset.StandardCharsets;
 import java.security.Key;
 import java.util.Date;
 
 @Service
 public class JwtService {
-  private final Key key = Keys.hmacShaKeyFor(System.getenv("JWT_SECRET") != null
-          ? System.getenv("JWT_SECRET").getBytes()
-          : "change_this_dev_secret_change_this_dev_secret".getBytes());
 
-  public String generateToken(String userId) {
+  private final Key key;
+  private final long expiresInMs;
+
+  public JwtService(
+      @Value("${JWT_SECRET:change_this_dev_secret_change_this_dev_secret}") String secret,
+      @Value("${JWT_EXPIRES_IN_MS:18000000}") long expiresInMs // default 5h
+  ) {
+    // HS256 requires a sufficiently long secret (>= 32 bytes recommended)
+    byte[] bytes = secret.getBytes(StandardCharsets.UTF_8);
+    if (bytes.length < 32) {
+      // pad (dev fallback). Better: set a proper secret in env.
+      byte[] padded = new byte[32];
+      System.arraycopy(bytes, 0, padded, 0, bytes.length);
+      for (int i = bytes.length; i < 32; i++) padded[i] = (byte) 'x';
+      bytes = padded;
+    }
+    this.key = Keys.hmacShaKeyFor(bytes);
+    this.expiresInMs = expiresInMs;
+  }
+
+  /**
+   * subject should be a stable identifier (email or userId)
+   */
+  public String generateToken(String subject) {
+    long now = System.currentTimeMillis();
     return Jwts.builder()
-      .setSubject(userId)
-      .setIssuedAt(new Date())
-      .setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 5))
-      .signWith(key, SignatureAlgorithm.HS256)
-      .compact();
+        .setSubject(subject)
+        .setIssuedAt(new Date(now))
+        .setExpiration(new Date(now + expiresInMs))
+        .signWith(key, SignatureAlgorithm.HS256)
+        .compact();
   }
 
   public String validateAndGetSubject(String token) {
-    return Jwts.parserBuilder().setSigningKey(key).build()
-      .parseClaimsJws(token).getBody().getSubject();
+    try {
+      return Jwts.parserBuilder()
+          .setSigningKey(key)
+          .build()
+          .parseClaimsJws(token)
+          .getBody()
+          .getSubject();
+    } catch (JwtException ex) {
+      // signature invalid / expired / malformed
+      throw new IllegalArgumentException("Invalid JWT token");
+    }
   }
 }

package/src/templates/java-spring/partials/Repository.java.ejs

@@ -3,7 +3,14 @@ package <%= group %>.<%= projectName %>.repository;
 
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
+
 import <%= group %>.<%= projectName %>.model.<%= modelName %>;
 
 @Repository
-public interface <%= modelName %>Repository extends JpaRepository<<%= modelName %>, Long> {}
+public interface <%= modelName %>Repository extends JpaRepository<<%= modelName %>, Long> {
+
+  // Add common query methods here if needed.
+  // Example:
+  // Optional<<%= modelName %>> findByEmail(String email);
+
+}

package/src/templates/java-spring/partials/Service.java.ejs

@@ -2,27 +2,51 @@
 package <%= group %>.<%= projectName %>.service;
 
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
 import java.util.List;
 import java.util.Optional;
+
 import <%= group %>.<%= projectName %>.repository.<%= modelName %>Repository;
 import <%= group %>.<%= projectName %>.model.<%= modelName %>;
 
 @Service
+@Transactional
 public class <%= modelName %>Service {
+
   private final <%= modelName %>Repository repo;
-  public <%= modelName %>Service(<%= modelName %>Repository repo) { this.repo = repo; }
 
-  public List<<%= modelName %>> findAll() { return repo.findAll(); }
-  public Optional<<%= modelName %>> findById(Long id) { return repo.findById(id); }
-  public <%= modelName %> create(<%= modelName %> m) { return repo.save(m); }
+  public <%= modelName %>Service(<%= modelName %>Repository repo) {
+    this.repo = repo;
+  }
+
+  @Transactional(readOnly = true)
+  public List<<%= modelName %>> findAll() {
+    return repo.findAll();
+  }
+
+  @Transactional(readOnly = true)
+  public Optional<<%= modelName %>> findById(Long id) {
+    return repo.findById(id);
+  }
+
+  public <%= modelName %> create(<%= modelName %> m) {
+    // Ensure ID is not set by client
+    m.setId(null);
+    return repo.save(m);
+  }
+
   public Optional<<%= modelName %>> update(Long id, <%= modelName %> m) {
     return repo.findById(id).map(existing -> {
-      <% model.fields.forEach(f => { %>
-      existing.set<%= f.name.charAt(0).toUpperCase() + f.name.slice(1) %>(m.get<%= f.name.charAt(0).toUpperCase() + f.name.slice(1) %>());
+      <% (model.fields || []).forEach(f => { 
+           const cap = f.name.charAt(0).toUpperCase() + f.name.slice(1);
+      %>
+      existing.set<%= cap %>(m.get<%= cap %>());
       <% }) %>
       return repo.save(existing);
     });
   }
+
   public boolean delete(Long id) {
     if (!repo.existsById(id)) return false;
     repo.deleteById(id);

package/src/templates/java-spring/partials/User.java.ejs

@@ -4,17 +4,40 @@ package <%= group %>.<%= projectName %>.model;
 import jakarta.persistence.*;
 import lombok.Data;
 
+import java.time.Instant;
+
 @Data
 @Entity
-@Table(name="users")
+@Table(
+  name = "users",
+  indexes = {
+    @Index(name = "idx_users_email", columnList = "email", unique = true)
+  }
+)
 public class User {
-  @Id @GeneratedValue(strategy = GenerationType.IDENTITY)
+
+  @Id
+  @GeneratedValue(strategy = GenerationType.IDENTITY)
   private Long id;
 
+  @Column(nullable = false)
   private String name;
 
-  @Column(unique = true)
+  @Column(nullable = false, unique = true)
   private String email;
 
+  // Never expose this field in API responses
+  @Column(nullable = false)
   private String password;
+
+  @Column(nullable = false, updatable = false)
+  private Instant createdAt = Instant.now();
+
+  @Column(nullable = false)
+  private Instant updatedAt = Instant.now();
+
+  @PreUpdate
+  public void onUpdate() {
+    this.updatedAt = Instant.now();
+  }
 }

package/src/templates/java-spring/partials/UserDetailsServiceImpl.java.ejs

@@ -3,12 +3,12 @@ package <%= group %>.<%= projectName %>.security;
 
 import <%= group %>.<%= projectName %>.model.User;
 import <%= group %>.<%= projectName %>.repository.UserRepository;
+
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
 import org.springframework.stereotype.Service;
-import org.springframework.security.core.userdetails.User.UserBuilder;
-import org.springframework.security.core.userdetails.User.*;
 
 @Service
 public class UserDetailsServiceImpl implements UserDetailsService {
@@ -21,7 +21,13 @@ public class UserDetailsServiceImpl implements UserDetailsService {
 
   @Override
   public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
-    User u = repo.findByEmail(email).orElseThrow(() -> new UsernameNotFoundException("Not found"));
-    return withUsername(u.getEmail()).password(u.getPassword()).authorities("USER").build();
+    User u = repo.findByEmail(email)
+      .orElseThrow(() -> new UsernameNotFoundException("User not found"));
+
+    return org.springframework.security.core.userdetails.User
+      .withUsername(u.getEmail())
+      .password(u.getPassword())
+      .authorities("ROLE_USER")
+      .build();
   }
 }

package/src/templates/java-spring/partials/UserRepository.java.ejs

@@ -2,11 +2,17 @@
 package <%= group %>.<%= projectName %>.repository;
 
 import java.util.Optional;
+
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
+
 import <%= group %>.<%= projectName %>.model.User;
 
 @Repository
 public interface UserRepository extends JpaRepository<User, Long> {
+
   Optional<User> findByEmail(String email);
+
+  boolean existsByEmail(String email);
+
 }

package/src/templates/java-spring/partials/docker-compose.yml.ejs

@@ -1,7 +1,9 @@
 version: '3.8'
+
 services:
   db:
     image: postgres:16-alpine
+    container_name: <%= projectName %>-db
     environment:
       POSTGRES_USER: ${DB_USER:-postgres}
       POSTGRES_PASSWORD: ${DB_PASSWORD:-password}
@@ -10,18 +12,38 @@ services:
       - "5432:5432"
     volumes:
       - pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-postgres} -d ${DB_NAME:-<%= projectName %>}"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+    restart: unless-stopped
 
   app:
     build: .
+    container_name: <%= projectName %>-app
     depends_on:
-      - db
+      db:
+        condition: service_healthy
     environment:
-      - JWT_SECRET=${JWT_SECRET:-change_me_long_secret}
-      - SPRING_DATASOURCE_URL=jdbc:postgresql://db:5432/${DB_NAME:-<%= projectName %>}
-      - SPRING_DATASOURCE_USERNAME=${DB_USER:-postgres}
-      - SPRING_DATASOURCE_PASSWORD=${DB_PASSWORD:-password}
+      # Spring datasource
+      SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/${DB_NAME:-<%= projectName %>}
+      SPRING_DATASOURCE_USERNAME: ${DB_USER:-postgres}
+      SPRING_DATASOURCE_PASSWORD: ${DB_PASSWORD:-password}
+
+      # JPA defaults (optional but useful)
+      SPRING_JPA_HIBERNATE_DDL_AUTO: update
+      SPRING_JPA_SHOW_SQL: "true"
+
+      # JWT (only needed if auth is enabled)
+      JWT_SECRET: ${JWT_SECRET:-change_me_long_secret}
+      JWT_EXPIRES_IN: ${JWT_EXPIRES_IN:-5h}
+
+      # CORS (optional)
+      CORS_ORIGIN: ${CORS_ORIGIN:-*}
     ports:
       - "8080:8080"
+    restart: unless-stopped
 
 volumes:
   pgdata: