running finally..

pom.xml

@@ -1,22 +1,28 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
+
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
         <version>3.4.3</version>
-        <relativePath/> <!-- lookup parent from repository -->
+        <relativePath/>
     </parent>
+
     <groupId>group.goforward</groupId>
     <artifactId>ballistic</artifactId>
     <version>0.0.1-SNAPSHOT</version>
     <name>ballistic</name>
     <description>Ballistic Builder API</description>
+
     <url/>
+
     <licenses>
         <license/>
     </licenses>
+
     <developers>
         <developer>
             <name>Don Strawsburg</name>
@@ -29,69 +35,101 @@
             <organization>Forward Group, LLC</organization>
         </developer>
     </developers>
+
     <scm>
         <connection></connection>
         <developerConnection>scm:git:https://gitea.gofwd.group/Forward_Group/ballistic-builder-spring.git</developerConnection>
         <tag/>
         <url/>
     </scm>
+
     <properties>
         <java.version>17</java.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
     </properties>
+
     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
-<!--        <dependency>
+
+        <!--
+        <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-rest</artifactId>
-        </dependency>-->
+        </dependency>
+        -->
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-devtools</artifactId>
             <scope>runtime</scope>
             <optional>true</optional>
         </dependency>
+
         <dependency>
             <groupId>org.springdoc</groupId>
             <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
             <version>2.8.5</version>
         </dependency>
-        <!--<dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-docker-compose</artifactId>
-            <scope>runtime</scope>
-            <optional>true</optional>
-        </dependency>-->
-        <!-- Jakarta / validation API is pulled by starters; explicit jakarta persistence if needed -->
+
+        <!-- Jakarta persistence API (optional, JPA starter already brings it transitively) -->
         <dependency>
             <groupId>jakarta.persistence</groupId>
             <artifactId>jakarta.persistence-api</artifactId>
             <version>3.1.0</version>
         </dependency>
+
         <dependency>
             <groupId>org.postgresql</groupId>
             <artifactId>postgresql</artifactId>
             <version>42.7.7</version>
             <scope>runtime</scope>
         </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
         </dependency>
+
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-csv</artifactId>
             <version>1.11.0</version>
         </dependency>
+
+        <!-- Spring Security -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <!-- JSON Web Tokens (JJWT) -->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.11.5</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.11.5</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>0.11.5</version>
+            <scope>runtime</scope>
+        </dependency>
     </dependencies>
 
     <build>
@@ -105,6 +143,7 @@
                     <target>${maven.compiler.target}</target>
                 </configuration>
             </plugin>
+
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>

src/main/java/group/goforward/ballistic/BallisticApplication.java

@@ -3,15 +3,11 @@ package group.goforward.ballistic;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.domain.EntityScan;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 import org.springframework.cache.annotation.EnableCaching;
+import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 
 @SpringBootApplication
 @EnableCaching
-@ComponentScan("group.goforward.ballistic.controllers")
-@ComponentScan("group.goforward.ballistic.repos")
-@ComponentScan("group.goforward.ballistic.services")
 @EntityScan(basePackages = "group.goforward.ballistic.model")
 @EnableJpaRepositories(basePackages = "group.goforward.ballistic.repos")
 public class BallisticApplication {

src/main/java/group/goforward/ballistic/configuration/PasswordConfig.java

@@ -0,0 +1,16 @@
+package group.goforward.ballistic.configuration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+// @Configuration
+// public class PasswordConfig {
+
+//     @Bean
+//     public PasswordEncoder passwordEncoder() {
+//         // BCrypt default password
+//         return new BCryptPasswordEncoder();
+//     }
+// }

src/main/java/group/goforward/ballistic/configuration/SecurityConfig.java

@@ -0,0 +1,59 @@
+package group.goforward.ballistic.configuration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+            .csrf(AbstractHttpConfigurer::disable)
+            .sessionManagement(sm ->
+                sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+            )
+            .authorizeHttpRequests(auth -> auth
+                
+                // Auth endpoints always open
+                .requestMatchers("/api/auth/**").permitAll()
+                
+                // Swagger / docs
+                .requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
+                
+                // Health
+                .requestMatchers("/actuator/health", "/actuator/info").permitAll()
+                
+                // Public product endpoints
+                .requestMatchers("/api/products/gunbuilder/**").permitAll()
+
+                // Everything else (for now) also open – we can tighten later
+                .anyRequest().permitAll()
+            );
+
+        return http.build();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        // BCrypt is a solid default for user passwords
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(
+            AuthenticationConfiguration configuration
+    ) throws Exception {
+        return configuration.getAuthenticationManager();
+    }
+}

src/main/java/group/goforward/ballistic/controllers/AuthController.java

@@ -0,0 +1,102 @@
+package group.goforward.ballistic.controllers;
+
+import group.goforward.ballistic.model.User;
+import group.goforward.ballistic.repos.UserRepository;
+import group.goforward.ballistic.security.JwtService;
+import group.goforward.ballistic.web.dto.auth.AuthResponse;
+import group.goforward.ballistic.web.dto.auth.LoginRequest;
+import group.goforward.ballistic.web.dto.auth.RegisterRequest;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.web.bind.annotation.*;
+
+import java.time.OffsetDateTime;
+import java.util.UUID;
+
+@RestController
+@RequestMapping("/api/auth")
+@CrossOrigin
+public class AuthController {
+
+    private final UserRepository users;
+    private final PasswordEncoder passwordEncoder;
+    private final JwtService jwtService;
+
+    public AuthController(
+            UserRepository users,
+            PasswordEncoder passwordEncoder,
+            JwtService jwtService
+    ) {
+        this.users = users;
+        this.passwordEncoder = passwordEncoder;
+        this.jwtService = jwtService;
+    }
+
+    @PostMapping("/register")
+    public ResponseEntity<?> register(@RequestBody RegisterRequest request) {
+        String email = request.getEmail().trim().toLowerCase();
+
+        if (users.existsByEmailIgnoreCaseAndDeletedAtIsNull(email)) {
+            return ResponseEntity
+                    .status(HttpStatus.CONFLICT)
+                    .body("Email is already registered");
+        }
+
+        User user = new User();
+        // Let DB generate id
+        user.setUuid(UUID.randomUUID()); 
+        user.setEmail(email);
+        user.setPasswordHash(passwordEncoder.encode(request.getPassword()));
+        user.setDisplayName(request.getDisplayName());
+        user.setRole("USER");
+        user.setIsActive(true);
+        user.setCreatedAt(OffsetDateTime.now());
+        user.setUpdatedAt(OffsetDateTime.now());
+
+        users.save(user);
+
+        String token = jwtService.generateToken(user);
+
+        AuthResponse response = new AuthResponse(
+                token,
+                user.getEmail(),
+                user.getDisplayName(),
+                user.getRole()
+        );
+
+        return ResponseEntity.status(HttpStatus.CREATED).body(response);
+    }
+
+    @PostMapping("/login")
+    public ResponseEntity<?> login(@RequestBody LoginRequest request) {
+        String email = request.getEmail().trim().toLowerCase();
+
+        User user = users.findByEmailIgnoreCaseAndDeletedAtIsNull(email)
+                .orElse(null);
+
+        if (user == null || !user.getIsActive()) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid credentials");
+        }
+
+        if (!passwordEncoder.matches(request.getPassword(), user.getPasswordHash())) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Invalid credentials");
+        }
+
+        user.setLastLoginAt(OffsetDateTime.now());
+        user.incrementLoginCount();
+        user.setUpdatedAt(OffsetDateTime.now());
+        users.save(user);
+
+        String token = jwtService.generateToken(user);
+
+        AuthResponse response = new AuthResponse(
+                token,
+                user.getEmail(),
+                user.getDisplayName(),
+                user.getRole()
+        );
+
+        return ResponseEntity.ok(response);
+    }
+}

src/main/java/group/goforward/ballistic/controllers/CategoryController.java

@@ -0,0 +1,34 @@
+package group.goforward.ballistic.controllers;
+
+import group.goforward.ballistic.repos.PartCategoryRepository;
+import group.goforward.ballistic.web.dto.admin.PartCategoryDto;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/categories")
+@CrossOrigin // you can tighten origins later
+public class CategoryController {
+
+    private final PartCategoryRepository partCategories;
+
+    public CategoryController(PartCategoryRepository partCategories) {
+        this.partCategories = partCategories;
+    }
+
+    @GetMapping
+    public List<PartCategoryDto> list() {
+        return partCategories.findAllByOrderByGroupNameAscSortOrderAscNameAsc()
+                .stream()
+                .map(pc -> new PartCategoryDto(
+                        pc.getId(),
+                        pc.getSlug(),
+                        pc.getName(),
+                        pc.getDescription(),
+                        pc.getGroupName(),
+                        pc.getSortOrder()
+                ))
+                .toList();
+    }
+}

src/main/java/group/goforward/ballistic/controllers/admin/AdminCategoryController.java

@@ -0,0 +1,40 @@
+package group.goforward.ballistic.controllers.admin;
+
+import group.goforward.ballistic.model.PartCategory;
+import group.goforward.ballistic.repos.PartCategoryRepository;
+import group.goforward.ballistic.web.dto.admin.PartCategoryDto;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/admin/categories")
+@CrossOrigin
+public class AdminCategoryController {
+
+    private final PartCategoryRepository partCategories;
+
+    public AdminCategoryController(PartCategoryRepository partCategories) {
+        this.partCategories = partCategories;
+    }
+
+    @GetMapping
+    public List<PartCategoryDto> listCategories() {
+        return partCategories
+                .findAllByOrderByGroupNameAscSortOrderAscNameAsc()
+                .stream()
+                .map(this::toDto)
+                .toList();
+    }
+
+    private PartCategoryDto toDto(PartCategory entity) {
+        return new PartCategoryDto(
+                entity.getId(),
+                entity.getSlug(),
+                entity.getName(),
+                entity.getDescription(),
+                entity.getGroupName(),
+                entity.getSortOrder()
+        );
+    }
+}

src/main/java/group/goforward/ballistic/controllers/admin/AdminCategoryMappingController.java

@@ -0,0 +1,117 @@
+package group.goforward.ballistic.controllers.admin;
+
+import group.goforward.ballistic.model.CategoryMapping;
+import group.goforward.ballistic.model.Merchant;
+import group.goforward.ballistic.model.PartCategory;
+import group.goforward.ballistic.repos.CategoryMappingRepository;
+import group.goforward.ballistic.repos.MerchantRepository;
+import group.goforward.ballistic.repos.PartCategoryRepository;
+import group.goforward.ballistic.web.dto.admin.MerchantCategoryMappingDto;
+import group.goforward.ballistic.web.dto.admin.SimpleMerchantDto;
+import group.goforward.ballistic.web.dto.admin.UpdateMerchantCategoryMappingRequest;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/admin/category-mappings")
+@CrossOrigin // you can tighten origins later
+public class AdminCategoryMappingController {
+
+    private final CategoryMappingRepository categoryMappingRepository;
+    private final MerchantRepository merchantRepository;
+    private final PartCategoryRepository partCategoryRepository;
+
+    public AdminCategoryMappingController(
+            CategoryMappingRepository categoryMappingRepository,
+            MerchantRepository merchantRepository,
+            PartCategoryRepository partCategoryRepository
+    ) {
+        this.categoryMappingRepository = categoryMappingRepository;
+        this.merchantRepository = merchantRepository;
+        this.partCategoryRepository = partCategoryRepository;
+    }
+
+    /**
+     * Merchants that have at least one category_mappings row.
+     * Used for the "All Merchants" dropdown in the UI.
+     */
+    @GetMapping("/merchants")
+    public List<SimpleMerchantDto> listMerchantsWithMappings() {
+        List<Merchant> merchants = categoryMappingRepository.findDistinctMerchantsWithMappings();
+        return merchants.stream()
+                .map(m -> new SimpleMerchantDto(m.getId(), m.getName()))
+                .toList();
+    }
+
+    /**
+     * List mappings for a specific merchant, or all mappings if no merchantId is provided.
+     * GET /api/admin/category-mappings?merchantId=1
+     */
+    @GetMapping
+    public List<MerchantCategoryMappingDto> listByMerchant(
+            @RequestParam(name = "merchantId", required = false) Integer merchantId
+    ) {
+        List<CategoryMapping> mappings;
+
+        if (merchantId != null) {
+            mappings = categoryMappingRepository.findByMerchantIdOrderByRawCategoryPathAsc(merchantId);
+        } else {
+            // fall back to all mappings; you can add a more specific repository method later if desired
+            mappings = categoryMappingRepository.findAll();
+        }
+
+        return mappings.stream()
+                .map(cm -> new MerchantCategoryMappingDto(
+                        cm.getId(),
+                        cm.getMerchant().getId(),
+                        cm.getMerchant().getName(),
+                        cm.getRawCategoryPath(),
+                        cm.getPartCategory() != null ? cm.getPartCategory().getId() : null,
+                        cm.getPartCategory() != null ? cm.getPartCategory().getName() : null
+                ))
+                .toList();
+    }
+
+    /**
+     * Update a single mapping's part_category.
+     * POST /api/admin/category-mappings/{id}
+     * Body: { "partCategoryId": 24 }
+     */
+    @PostMapping("/{id}")
+    public MerchantCategoryMappingDto updateMapping(
+            @PathVariable Integer id,
+            @RequestBody UpdateMerchantCategoryMappingRequest request
+    ) {
+        CategoryMapping mapping = categoryMappingRepository.findById(id)
+                .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Mapping not found"));
+
+        PartCategory partCategory = null;
+        if (request.partCategoryId() != null) {
+            partCategory = partCategoryRepository.findById(request.partCategoryId())
+                    .orElseThrow(() -> new ResponseStatusException(HttpStatus.BAD_REQUEST, "Part category not found"));
+        }
+
+        mapping.setPartCategory(partCategory);
+        mapping = categoryMappingRepository.save(mapping);
+
+        return new MerchantCategoryMappingDto(
+                mapping.getId(),
+                mapping.getMerchant().getId(),
+                mapping.getMerchant().getName(),
+                mapping.getRawCategoryPath(),
+                mapping.getPartCategory() != null ? mapping.getPartCategory().getId() : null,
+                mapping.getPartCategory() != null ? mapping.getPartCategory().getName() : null
+        );
+    }
+    @PutMapping("/{id}")
+    public MerchantCategoryMappingDto updateMappingPut(
+            @PathVariable Integer id,
+            @RequestBody UpdateMerchantCategoryMappingRequest request
+    ) {
+        // just delegate so POST & PUT behave the same
+        return updateMapping(id, request);
+    }
+}

src/main/java/group/goforward/ballistic/controllers/admin/AdminPartRoleMappingController.java

@@ -0,0 +1,123 @@
+package group.goforward.ballistic.controllers.admin;
+
+import group.goforward.ballistic.model.PartCategory;
+import group.goforward.ballistic.model.PartRoleMapping;
+import group.goforward.ballistic.repos.PartCategoryRepository;
+import group.goforward.ballistic.repos.PartRoleMappingRepository;
+import group.goforward.ballistic.web.dto.admin.AdminPartRoleMappingDto;
+import group.goforward.ballistic.web.dto.admin.CreatePartRoleMappingRequest;
+import group.goforward.ballistic.web.dto.admin.UpdatePartRoleMappingRequest;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/admin/part-role-mappings")
+@CrossOrigin
+public class AdminPartRoleMappingController {
+
+    private final PartRoleMappingRepository partRoleMappingRepository;
+    private final PartCategoryRepository partCategoryRepository;
+
+    public AdminPartRoleMappingController(
+            PartRoleMappingRepository partRoleMappingRepository,
+            PartCategoryRepository partCategoryRepository
+    ) {
+        this.partRoleMappingRepository = partRoleMappingRepository;
+        this.partCategoryRepository = partCategoryRepository;
+    }
+
+    // GET /api/admin/part-role-mappings?platform=AR-15
+    @GetMapping
+    public List<AdminPartRoleMappingDto> list(
+            @RequestParam(name = "platform", required = false) String platform
+    ) {
+        List<PartRoleMapping> mappings;
+
+        if (platform != null && !platform.isBlank()) {
+            mappings = partRoleMappingRepository.findByPlatformOrderByPartRoleAsc(platform);
+        } else {
+            mappings = partRoleMappingRepository.findAll();
+        }
+
+        return mappings.stream()
+                .map(this::toDto)
+                .toList();
+    }
+
+    // POST /api/admin/part-role-mappings
+    @PostMapping
+    public AdminPartRoleMappingDto create(
+            @RequestBody CreatePartRoleMappingRequest request
+    ) {
+        PartCategory category = partCategoryRepository.findBySlug(request.categorySlug())
+                .orElseThrow(() -> new ResponseStatusException(
+                        HttpStatus.BAD_REQUEST,
+                        "PartCategory not found for slug: " + request.categorySlug()
+                ));
+
+        PartRoleMapping mapping = new PartRoleMapping();
+        mapping.setPlatform(request.platform());
+        mapping.setPartRole(request.partRole());
+        mapping.setPartCategory(category);
+        mapping.setNotes(request.notes());
+
+        mapping = partRoleMappingRepository.save(mapping);
+        return toDto(mapping);
+    }
+
+    // PUT /api/admin/part-role-mappings/{id}
+    @PutMapping("/{id}")
+    public AdminPartRoleMappingDto update(
+            @PathVariable Integer id,
+            @RequestBody UpdatePartRoleMappingRequest request
+    ) {
+        PartRoleMapping mapping = partRoleMappingRepository.findById(id)
+                .orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "Mapping not found"));
+
+        if (request.platform() != null) {
+            mapping.setPlatform(request.platform());
+        }
+        if (request.partRole() != null) {
+            mapping.setPartRole(request.partRole());
+        }
+        if (request.categorySlug() != null) {
+            PartCategory category = partCategoryRepository.findBySlug(request.categorySlug())
+                    .orElseThrow(() -> new ResponseStatusException(
+                            HttpStatus.BAD_REQUEST,
+                            "PartCategory not found for slug: " + request.categorySlug()
+                    ));
+            mapping.setPartCategory(category);
+        }
+        if (request.notes() != null) {
+            mapping.setNotes(request.notes());
+        }
+
+        mapping = partRoleMappingRepository.save(mapping);
+        return toDto(mapping);
+    }
+
+    // DELETE /api/admin/part-role-mappings/{id}
+    @DeleteMapping("/{id}")
+    @ResponseStatus(HttpStatus.NO_CONTENT)
+    public void delete(@PathVariable Integer id) {
+        if (!partRoleMappingRepository.existsById(id)) {
+            throw new ResponseStatusException(HttpStatus.NOT_FOUND, "Mapping not found");
+        }
+        partRoleMappingRepository.deleteById(id);
+    }
+
+    private AdminPartRoleMappingDto toDto(PartRoleMapping mapping) {
+        PartCategory cat = mapping.getPartCategory();
+        return new AdminPartRoleMappingDto(
+                mapping.getId(),
+                mapping.getPlatform(),
+                mapping.getPartRole(),
+                cat != null ? cat.getSlug() : null,
+                cat != null ? cat.getGroupName() : null,
+                mapping.getNotes()
+        );
+    }
+}

src/main/java/group/goforward/ballistic/controllers/admin/PartCategoryAdminController.java

@@ -0,0 +1,35 @@
+package group.goforward.ballistic.controllers.admin;
+
+import group.goforward.ballistic.model.PartCategory;
+import group.goforward.ballistic.repos.PartCategoryRepository;
+import group.goforward.ballistic.web.dto.admin.PartCategoryDto;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/admin/part-categories")
+@CrossOrigin // keep it loose for now, you can tighten origins later
+public class PartCategoryAdminController {
+
+    private final PartCategoryRepository partCategories;
+
+    public PartCategoryAdminController(PartCategoryRepository partCategories) {
+        this.partCategories = partCategories;
+    }
+
+    @GetMapping
+    public List<PartCategoryDto> list() {
+        return partCategories.findAllByOrderByGroupNameAscSortOrderAscNameAsc()
+                .stream()
+                .map(pc -> new PartCategoryDto(
+                        pc.getId(),
+                        pc.getSlug(),
+                        pc.getName(),
+                        pc.getDescription(),
+                        pc.getGroupName(),
+                        pc.getSortOrder()
+                ))
+                .toList();
+    }
+}

src/main/java/group/goforward/ballistic/model/AffiliateCategoryMap.java

@@ -5,23 +5,32 @@ import jakarta.persistence.*;
 @Entity
 @Table(name = "affiliate_category_map")
 public class AffiliateCategoryMap {
+
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
-    @Column(name = "id", nullable = false)
     private Integer id;
 
-    @Column(name = "feedname", nullable = false, length = 100)
-    private String feedname;
+    // e.g. "PART_ROLE", "RAW_CATEGORY", etc.
+    @Column(name = "source_type", nullable = false)
+    private String sourceType;
 
-    @Column(name = "affiliatecategory", nullable = false)
-    private String affiliatecategory;
+    // the value we’re mapping from (e.g. "suppressor", "TRIGGER")
+    @Column(name = "source_value", nullable = false)
+    private String sourceValue;
 
-    @Column(name = "buildercategoryid", nullable = false)
-    private Integer buildercategoryid;
+    // optional platform ("AR-15", "PRECISION", etc.)
+    @Column(name = "platform")
+    private String platform;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "part_category_id", nullable = false)
+    private PartCategory partCategory;
 
     @Column(name = "notes")
     private String notes;
 
+    // --- getters / setters ---
+
     public Integer getId() {
         return id;
     }
@@ -30,28 +39,36 @@ public class AffiliateCategoryMap {
         this.id = id;
     }
 
-    public String getFeedname() {
-        return feedname;
+    public String getSourceType() {
+        return sourceType;
     }
 
-    public void setFeedname(String feedname) {
-        this.feedname = feedname;
+    public void setSourceType(String sourceType) {
+        this.sourceType = sourceType;
     }
 
-    public String getAffiliatecategory() {
-        return affiliatecategory;
+    public String getSourceValue() {
+        return sourceValue;
     }
 
-    public void setAffiliatecategory(String affiliatecategory) {
-        this.affiliatecategory = affiliatecategory;
+    public void setSourceValue(String sourceValue) {
+        this.sourceValue = sourceValue;
     }
 
-    public Integer getBuildercategoryid() {
-        return buildercategoryid;
+    public String getPlatform() {
+        return platform;
     }
 
-    public void setBuildercategoryid(Integer buildercategoryid) {
-        this.buildercategoryid = buildercategoryid;
+    public void setPlatform(String platform) {
+        this.platform = platform;
+    }
+
+    public PartCategory getPartCategory() {
+        return partCategory;
+    }
+
+    public void setPartCategory(PartCategory partCategory) {
+        this.partCategory = partCategory;
     }
 
     public String getNotes() {
@@ -61,5 +78,4 @@ public class AffiliateCategoryMap {
     public void setNotes(String notes) {
         this.notes = notes;
     }
-
 }

src/main/java/group/goforward/ballistic/model/CategoryMapping.java

@@ -0,0 +1,98 @@
+// src/main/java/group/goforward/ballistic/model/CategoryMapping.java
+package group.goforward.ballistic.model;
+
+import jakarta.persistence.*;
+import java.time.OffsetDateTime;
+
+@Entity
+@Table(name = "category_mappings")
+public class CategoryMapping {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name = "id", nullable = false)
+    private Integer id;
+
+    @ManyToOne(fetch = FetchType.LAZY, optional = false)
+    @JoinColumn(name = "merchant_id", nullable = false)
+    private Merchant merchant;
+
+    @Column(name = "raw_category_path", nullable = false)
+    private String rawCategoryPath;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "part_category_id")
+    private PartCategory partCategory;
+
+    @Column(name = "created_at", nullable = false)
+    private OffsetDateTime createdAt = OffsetDateTime.now();
+
+    @Column(name = "updated_at", nullable = false)
+    private OffsetDateTime updatedAt = OffsetDateTime.now();
+
+    @PrePersist
+    public void onCreate() {
+        OffsetDateTime now = OffsetDateTime.now();
+        if (createdAt == null) {
+            createdAt = now;
+        }
+        if (updatedAt == null) {
+            updatedAt = now;
+        }
+    }
+
+    @PreUpdate
+    public void onUpdate() {
+        this.updatedAt = OffsetDateTime.now();
+    }
+
+    // --- getters & setters ---
+
+    public Integer getId() {
+        return id;
+    }
+
+    public void setId(Integer id) {
+        this.id = id;
+    }
+
+    public Merchant getMerchant() {
+        return merchant;
+    }
+
+    public void setMerchant(Merchant merchant) {
+        this.merchant = merchant;
+    }
+
+    public String getRawCategoryPath() {
+        return rawCategoryPath;
+    }
+
+    public void setRawCategoryPath(String rawCategoryPath) {
+        this.rawCategoryPath = rawCategoryPath;
+    }
+
+    public PartCategory getPartCategory() {
+        return partCategory;
+    }
+
+    public void setPartCategory(PartCategory partCategory) {
+        this.partCategory = partCategory;
+    }
+
+    public OffsetDateTime getCreatedAt() {
+        return createdAt;
+    }
+
+    public void setCreatedAt(OffsetDateTime createdAt) {
+        this.createdAt = createdAt;
+    }
+
+    public OffsetDateTime getUpdatedAt() {
+        return updatedAt;
+    }
+
+    public void setUpdatedAt(OffsetDateTime updatedAt) {
+        this.updatedAt = updatedAt;
+    }
+}

src/main/java/group/goforward/ballistic/model/PartCategory.java

@@ -1,24 +1,49 @@
 package group.goforward.ballistic.model;
 
 import jakarta.persistence.*;
+import org.hibernate.annotations.ColumnDefault;
+
+import java.time.OffsetDateTime;
+import java.util.UUID;
 
 @Entity
 @Table(name = "part_categories")
 public class PartCategory {
+
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     @Column(name = "id", nullable = false)
     private Integer id;
 
-    @Column(name = "slug", nullable = false, length = Integer.MAX_VALUE)
+    @Column(name = "slug", nullable = false, unique = true)
     private String slug;
 
-    @Column(name = "name", nullable = false, length = Integer.MAX_VALUE)
+    @Column(name = "name", nullable = false)
     private String name;
 
-    @Column(name = "description", length = Integer.MAX_VALUE)
+    @Column(name = "description")
     private String description;
 
+    @ColumnDefault("gen_random_uuid()")
+    @Column(name = "uuid", nullable = false)
+    private UUID uuid;
+
+    @Column(name = "group_name")
+    private String groupName;
+
+    @Column(name = "sort_order")
+    private Integer sortOrder;
+
+    @ColumnDefault("now()")
+    @Column(name = "created_at", nullable = false)
+    private OffsetDateTime createdAt;
+
+    @ColumnDefault("now()")
+    @Column(name = "updated_at", nullable = false)
+    private OffsetDateTime updatedAt;
+
+    // --- Getters & Setters ---
+
     public Integer getId() {
         return id;
     }
@@ -51,4 +76,43 @@ public class PartCategory {
         this.description = description;
     }
 
+    public UUID getUuid() {
+        return uuid;
+    }
+
+    public void setUuid(UUID uuid) {
+        this.uuid = uuid;
+    }
+
+    public String getGroupName() {
+        return groupName;
+    }
+
+    public void setGroupName(String groupName) {
+        this.groupName = groupName;
+    }
+
+    public Integer getSortOrder() {
+        return sortOrder;
+    }
+
+    public void setSortOrder(Integer sortOrder) {
+        this.sortOrder = sortOrder;
+    }
+
+    public OffsetDateTime getCreatedAt() {
+        return createdAt;
+    }
+
+    public void setCreatedAt(OffsetDateTime createdAt) {
+        this.createdAt = createdAt;
+    }
+
+    public OffsetDateTime getUpdatedAt() {
+        return updatedAt;
+    }
+
+    public void setUpdatedAt(OffsetDateTime updatedAt) {
+        this.updatedAt = updatedAt;
+    }
 }

src/main/java/group/goforward/ballistic/model/PartRoleCategoryMapping.java

@@ -0,0 +1,56 @@
+package group.goforward.ballistic.model;
+
+import jakarta.persistence.*;
+import java.time.OffsetDateTime;
+
+@Entity
+@Table(name = "part_role_category_mappings",
+       uniqueConstraints = @UniqueConstraint(columnNames = {"platform", "part_role"}))
+public class PartRoleCategoryMapping {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Integer id;
+
+    @Column(name = "platform", nullable = false)
+    private String platform;
+
+    @Column(name = "part_role", nullable = false)
+    private String partRole;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "category_slug", referencedColumnName = "slug", nullable = false)
+    private PartCategory category;
+
+    @Column(name = "notes")
+    private String notes;
+
+    @Column(name = "created_at", nullable = false)
+    private OffsetDateTime createdAt;
+
+    @Column(name = "updated_at", nullable = false)
+    private OffsetDateTime updatedAt;
+
+    // getters/setters…
+
+    public Integer getId() { return id; }
+    public void setId(Integer id) { this.id = id; }
+
+    public String getPlatform() { return platform; }
+    public void setPlatform(String platform) { this.platform = platform; }
+
+    public String getPartRole() { return partRole; }
+    public void setPartRole(String partRole) { this.partRole = partRole; }
+
+    public PartCategory getCategory() { return category; }
+    public void setCategory(PartCategory category) { this.category = category; }
+
+    public String getNotes() { return notes; }
+    public void setNotes(String notes) { this.notes = notes; }
+
+    public OffsetDateTime getCreatedAt() { return createdAt; }
+    public void setCreatedAt(OffsetDateTime createdAt) { this.createdAt = createdAt; }
+
+    public OffsetDateTime getUpdatedAt() { return updatedAt; }
+    public void setUpdatedAt(OffsetDateTime updatedAt) { this.updatedAt = updatedAt; }
+}

src/main/java/group/goforward/ballistic/model/PartRoleMapping.java

@@ -0,0 +1,65 @@
+package group.goforward.ballistic.model;
+
+import jakarta.persistence.*;
+
+@Entity
+@Table(name = "part_role_mappings")
+public class PartRoleMapping {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Integer id;
+
+    @Column(nullable = false)
+    private String platform;   // e.g. "AR-15"
+
+    @Column(name = "part_role", nullable = false)
+    private String partRole;   // e.g. "UPPER", "BARREL", etc.
+
+    @ManyToOne(optional = false)
+    @JoinColumn(name = "part_category_id")
+    private PartCategory partCategory;
+
+    @Column(columnDefinition = "text")
+    private String notes;
+
+    public Integer getId() {
+        return id;
+    }
+
+    public void setId(Integer id) {
+        this.id = id;
+    }
+
+    public String getPlatform() {
+        return platform;
+    }
+
+    public void setPlatform(String platform) {
+        this.platform = platform;
+    }
+
+    public String getPartRole() {
+        return partRole;
+    }
+
+    public void setPartRole(String partRole) {
+        this.partRole = partRole;
+    }
+
+    public PartCategory getPartCategory() {
+        return partCategory;
+    }
+
+    public void setPartCategory(PartCategory partCategory) {
+        this.partCategory = partCategory;
+    }
+
+    public String getNotes() {
+        return notes;
+    }
+
+    public void setNotes(String notes) {
+        this.notes = notes;
+    }
+}

src/main/java/group/goforward/ballistic/model/Product.java

@@ -3,7 +3,13 @@ package group.goforward.ballistic.model;
 import jakarta.persistence.*;
 import java.time.Instant;
 import java.util.UUID;
+import java.math.BigDecimal;
+import java.util.Comparator;
+import java.util.Objects;
+import java.util.Set;
+import java.util.HashSet;
 
+import group.goforward.ballistic.model.ProductOffer;
 import group.goforward.ballistic.model.ProductConfiguration;
 
 @Entity
@@ -68,7 +74,16 @@ public class Product {
     @Column(name = "platform_locked", nullable = false)
     private Boolean platformLocked = false;
 
+    @OneToMany(mappedBy = "product", fetch = FetchType.LAZY)
+    private Set<ProductOffer> offers = new HashSet<>();
 
+    public Set<ProductOffer> getOffers() {
+        return offers;
+    }
+
+    public void setOffers(Set<ProductOffer> offers) {
+        this.offers = offers;
+    }
 
     // --- lifecycle hooks ---
 
@@ -236,4 +251,41 @@ public class Product {
     public void setConfiguration(ProductConfiguration configuration) {
         this.configuration = configuration;
     }
+    // Convenience: best offer price for Gunbuilder
+public BigDecimal getBestOfferPrice() {
+    if (offers == null || offers.isEmpty()) {
+        return BigDecimal.ZERO;
+    }
+
+    return offers.stream()
+            // pick sale_price if present, otherwise retail_price
+            .map(offer -> {
+                if (offer.getSalePrice() != null) {
+                    return offer.getSalePrice();
+                }
+                return offer.getRetailPrice();
+            })
+            .filter(Objects::nonNull)
+            .min(BigDecimal::compareTo)
+            .orElse(BigDecimal.ZERO);
+}
+
+    // Convenience: URL for the best-priced offer
+    public String getBestOfferBuyUrl() {
+        if (offers == null || offers.isEmpty()) {
+            return null;
+        }
+
+        return offers.stream()
+                .sorted(Comparator.comparing(offer -> {
+                    if (offer.getSalePrice() != null) {
+                        return offer.getSalePrice();
+                    }
+                    return offer.getRetailPrice();
+                }, Comparator.nullsLast(BigDecimal::compareTo)))
+                .map(ProductOffer::getAffiliateUrl)
+                .filter(Objects::nonNull)
+                .findFirst()
+                .orElse(null);
+    }
 }

src/main/java/group/goforward/ballistic/model/ProductOffer.java

@@ -7,11 +7,11 @@ import org.hibernate.annotations.OnDeleteAction;
 
 import java.math.BigDecimal;
 import java.time.OffsetDateTime;
-import java.util.UUID;
 
 @Entity
 @Table(name = "product_offers")
 public class ProductOffer {
+
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     @Column(name = "id", nullable = false)
@@ -26,16 +26,16 @@ public class ProductOffer {
     @JoinColumn(name = "merchant_id", nullable = false)
     private Merchant merchant;
 
-    @Column(name = "avantlink_product_id", nullable = false, length = Integer.MAX_VALUE)
+    @Column(name = "avantlink_product_id", nullable = false)
     private String avantlinkProductId;
 
-    @Column(name = "sku", length = Integer.MAX_VALUE)
+    @Column(name = "sku")
     private String sku;
 
-    @Column(name = "upc", length = Integer.MAX_VALUE)
+    @Column(name = "upc")
     private String upc;
 
-    @Column(name = "buy_url", nullable = false, length = Integer.MAX_VALUE)
+    @Column(name = "buy_url", nullable = false)
     private String buyUrl;
 
     @Column(name = "price", nullable = false, precision = 10, scale = 2)
@@ -45,7 +45,7 @@ public class ProductOffer {
     private BigDecimal originalPrice;
 
     @ColumnDefault("'USD'")
-    @Column(name = "currency", nullable = false, length = Integer.MAX_VALUE)
+    @Column(name = "currency", nullable = false)
     private String currency;
 
     @ColumnDefault("true")
@@ -60,6 +60,10 @@ public class ProductOffer {
     @Column(name = "first_seen_at", nullable = false)
     private OffsetDateTime firstSeenAt;
 
+    // -----------------------------------------------------
+    // Getters & setters
+    // -----------------------------------------------------
+
     public Integer getId() {
         return id;
     }
@@ -164,14 +168,26 @@ public class ProductOffer {
         this.firstSeenAt = firstSeenAt;
     }
 
+    // -----------------------------------------------------
+    // Helper Methods (used by Product entity)
+    // -----------------------------------------------------
+
+    public BigDecimal getSalePrice() {
+        return price;
+    }
+
+    public BigDecimal getRetailPrice() {
+        return originalPrice != null ? originalPrice : price;
+    }
+
+    public String getAffiliateUrl() {
+        return buyUrl;
+    }
+
     public BigDecimal getEffectivePrice() {
-        // Prefer a true sale price when it's lower than the original
         if (price != null && originalPrice != null && price.compareTo(originalPrice) < 0) {
             return price;
         }
-    
-        // Otherwise, use whatever is available
         return price != null ? price : originalPrice;
     }
-
 }

src/main/java/group/goforward/ballistic/model/User.java

@@ -1,9 +1,6 @@
 package group.goforward.ballistic.model;
 
-import jakarta.persistence.Column;
-import jakarta.persistence.Entity;
-import jakarta.persistence.Id;
-import jakarta.persistence.Table;
+import jakarta.persistence.*;
 import jakarta.validation.constraints.NotNull;
 import org.hibernate.annotations.ColumnDefault;
 
@@ -13,8 +10,9 @@ import java.util.UUID;
 @Entity
 @Table(name = "users")
 public class User {
+
     @Id
-    @NotNull
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
     @Column(name = "id", nullable = false)
     private Integer id;
 
@@ -42,7 +40,7 @@ public class User {
     @NotNull
     @ColumnDefault("true")
     @Column(name = "is_active", nullable = false)
-    private Boolean isActive = false;
+    private boolean isActive = true;
 
     @NotNull
     @ColumnDefault("now()")
@@ -57,6 +55,29 @@ public class User {
     @Column(name = "deleted_at")
     private OffsetDateTime deletedAt;
 
+    // NEW FIELDS
+
+    @Column(name = "email_verified_at")
+    private OffsetDateTime emailVerifiedAt;
+
+    @Column(name = "verification_token", length = Integer.MAX_VALUE)
+    private String verificationToken;
+
+    @Column(name = "reset_password_token", length = Integer.MAX_VALUE)
+    private String resetPasswordToken;
+
+    @Column(name = "reset_password_expires_at")
+    private OffsetDateTime resetPasswordExpiresAt;
+
+    @Column(name = "last_login_at")
+    private OffsetDateTime lastLoginAt;
+
+    @ColumnDefault("0")
+    @Column(name = "login_count", nullable = false)
+    private Integer loginCount = 0;
+
+    // --- Getters / setters ---
+
     public Integer getId() {
         return id;
     }
@@ -105,12 +126,12 @@ public class User {
         this.role = role;
     }
 
-    public Boolean getIsActive() {
+    public boolean getIsActive() {
         return isActive;
     }
 
-    public void setIsActive(Boolean isActive) {
-        this.isActive = isActive;
+    public void setIsActive(boolean active) {
+        isActive = active;
     }
 
     public OffsetDateTime getCreatedAt() {
@@ -137,4 +158,65 @@ public class User {
         this.deletedAt = deletedAt;
     }
 
+    public OffsetDateTime getEmailVerifiedAt() {
+        return emailVerifiedAt;
+    }
+
+    public void setEmailVerifiedAt(OffsetDateTime emailVerifiedAt) {
+        this.emailVerifiedAt = emailVerifiedAt;
+    }
+
+    public String getVerificationToken() {
+        return verificationToken;
+    }
+
+    public void setVerificationToken(String verificationToken) {
+        this.verificationToken = verificationToken;
+    }
+
+    public String getResetPasswordToken() {
+        return resetPasswordToken;
+    }
+
+    public void setResetPasswordToken(String resetPasswordToken) {
+        this.resetPasswordToken = resetPasswordToken;
+    }
+
+    public OffsetDateTime getResetPasswordExpiresAt() {
+        return resetPasswordExpiresAt;
+    }
+
+    public void setResetPasswordExpiresAt(OffsetDateTime resetPasswordExpiresAt) {
+        this.resetPasswordExpiresAt = resetPasswordExpiresAt;
+    }
+
+    public OffsetDateTime getLastLoginAt() {
+        return lastLoginAt;
+    }
+
+    public void setLastLoginAt(OffsetDateTime lastLoginAt) {
+        this.lastLoginAt = lastLoginAt;
+    }
+
+    public Integer getLoginCount() {
+        return loginCount;
+    }
+
+    public void setLoginCount(Integer loginCount) {
+        this.loginCount = loginCount;
+    }
+
+    // convenience helpers
+
+    @Transient
+    public boolean isEmailVerified() {
+        return emailVerifiedAt != null;
+    }
+
+    public void incrementLoginCount() {
+        if (loginCount == null) {
+            loginCount = 0;
+        }
+        loginCount++;
+    }
 }

src/main/java/group/goforward/ballistic/repos/CategoryMappingRepository.java

@@ -1,7 +1,22 @@
 package group.goforward.ballistic.repos;
 
-import group.goforward.ballistic.model.AffiliateCategoryMap;
+import group.goforward.ballistic.model.CategoryMapping;
+import group.goforward.ballistic.model.Merchant;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
 
-public interface CategoryMappingRepository extends JpaRepository<AffiliateCategoryMap, Integer> {
+import java.util.List;
+
+public interface CategoryMappingRepository extends JpaRepository<CategoryMapping, Integer> {
+
+    // All mappings for a merchant, ordered nicely
+    List<CategoryMapping> findByMerchantIdOrderByRawCategoryPathAsc(Integer merchantId);
+
+    // Merchants that actually have mappings (for the dropdown)
+    @Query("""
+        select distinct cm.merchant
+        from CategoryMapping cm
+        order by cm.merchant.name asc
+    """)
+    List<Merchant> findDistinctMerchantsWithMappings();
 }

src/main/java/group/goforward/ballistic/repos/PartCategoryRepository.java

@@ -2,8 +2,13 @@ package group.goforward.ballistic.repos;
 
 import group.goforward.ballistic.model.PartCategory;
 import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.List;
 import java.util.Optional;
 
 public interface PartCategoryRepository extends JpaRepository<PartCategory, Integer> {
+
     Optional<PartCategory> findBySlug(String slug);
+
+    List<PartCategory> findAllByOrderByGroupNameAscSortOrderAscNameAsc();
 }

src/main/java/group/goforward/ballistic/repos/PartRoleCategoryMappingRepository.java

@@ -0,0 +1,14 @@
+package group.goforward.ballistic.repos;
+
+import group.goforward.ballistic.model.PartRoleCategoryMapping;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.List;
+import java.util.Optional;
+
+public interface PartRoleCategoryMappingRepository extends JpaRepository<PartRoleCategoryMapping, Integer> {
+
+    List<PartRoleCategoryMapping> findAllByPlatformOrderByPartRoleAsc(String platform);
+
+    Optional<PartRoleCategoryMapping> findByPlatformAndPartRole(String platform, String partRole);
+}

src/main/java/group/goforward/ballistic/repos/PartRoleMappingRepository.java

@@ -0,0 +1,12 @@
+package group.goforward.ballistic.repos;
+
+import group.goforward.ballistic.model.PartRoleMapping;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.List;
+
+public interface PartRoleMappingRepository extends JpaRepository<PartRoleMapping, Integer> {
+
+    // List mappings for a platform, ordered nicely for the UI
+    List<PartRoleMapping> findByPlatformOrderByPartRoleAsc(String platform);
+}

src/main/java/group/goforward/ballistic/repos/ProductRepository.java

@@ -1,33 +1,28 @@
 package group.goforward.ballistic.repos;
 
-import group.goforward.ballistic.model.Product;
 import group.goforward.ballistic.model.Brand;
+import group.goforward.ballistic.model.Product;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
 
-import java.util.Optional;
-import java.util.UUID;
 import java.util.List;
-import java.util.Collection;
 
 public interface ProductRepository extends JpaRepository<Product, Integer> {
 
-    Optional<Product> findByUuid(UUID uuid);
-
-    boolean existsBySlug(String slug);
+    // -------------------------------------------------
+    // Used by MerchantFeedImportServiceImpl
+    // -------------------------------------------------
 
     List<Product> findAllByBrandAndMpn(Brand brand, String mpn);
 
     List<Product> findAllByBrandAndUpc(Brand brand, String upc);
 
-    // All products for a given platform (e.g. "AR-15")
-    List<Product> findByPlatform(String platform);
+    boolean existsBySlug(String slug);
 
-    // Products filtered by platform + part roles (e.g. upper-receiver, barrel, etc.)
-    List<Product> findByPlatformAndPartRoleIn(String platform, Collection<String> partRoles);
-
-    // ---------- Optimized variants for Gunbuilder (fetch brand to avoid N+1) ----------
+    // -------------------------------------------------
+    // Used by ProductController for platform views
+    // -------------------------------------------------
 
     @Query("""
            SELECT p
@@ -43,11 +38,25 @@ public interface ProductRepository extends JpaRepository<Product, Integer> {
            FROM Product p
            JOIN FETCH p.brand b
            WHERE p.platform = :platform
-             AND p.partRole IN :partRoles
+             AND p.partRole IN :roles
              AND p.deletedAt IS NULL
            """)
     List<Product> findByPlatformAndPartRoleInWithBrand(
             @Param("platform") String platform,
-            @Param("partRoles") Collection<String> partRoles
+            @Param("roles") List<String> roles
     );
+
+    // -------------------------------------------------
+    // Used by Gunbuilder service (if you wired this)
+    // -------------------------------------------------
+
+    @Query("""
+           SELECT DISTINCT p
+           FROM Product p
+           LEFT JOIN FETCH p.brand b
+           LEFT JOIN FETCH p.offers o
+           WHERE p.platform = :platform
+             AND p.deletedAt IS NULL
+           """)
+    List<Product> findSomethingForGunbuilder(@Param("platform") String platform);
 }

src/main/java/group/goforward/ballistic/repos/UserRepository.java

@@ -2,10 +2,15 @@ package group.goforward.ballistic.repos;
 
 import group.goforward.ballistic.model.User;
 import org.springframework.data.jpa.repository.JpaRepository;
+
 import java.util.Optional;
 import java.util.UUID;
 
 public interface UserRepository extends JpaRepository<User, Integer> {
-    Optional<User> findByEmail(String email);
+
+    Optional<User> findByEmailIgnoreCaseAndDeletedAtIsNull(String email);
+
+    boolean existsByEmailIgnoreCaseAndDeletedAtIsNull(String email);
+
     Optional<User> findByUuid(UUID uuid);
 }

src/main/java/group/goforward/ballistic/security/CustomUserDetails.java

@@ -0,0 +1,59 @@
+package group.goforward.ballistic.security;
+
+import group.goforward.ballistic.model.User;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.List;
+
+public class CustomUserDetails implements UserDetails {
+
+    private final User user;
+    private final List<GrantedAuthority> authorities;
+
+    public CustomUserDetails(User user) {
+        this.user = user;
+        this.authorities = List.of(new SimpleGrantedAuthority("ROLE_" + user.getRole()));
+    }
+
+    public User getUser() {
+        return user;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return authorities;
+    }
+
+    @Override
+    public String getPassword() {
+        return user.getPasswordHash();
+    }
+
+    @Override
+    public String getUsername() {
+        return user.getEmail();
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return user.getDeletedAt() == null;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return user.getIsActive();
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return user.getDeletedAt() == null;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return user.getIsActive() && user.getDeletedAt() == null;
+    }
+}

src/main/java/group/goforward/ballistic/security/CustomUserDetailsService.java

@@ -0,0 +1,25 @@
+package group.goforward.ballistic.security;
+
+import group.goforward.ballistic.model.User;
+import group.goforward.ballistic.repos.UserRepository;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+@Service
+public class CustomUserDetailsService implements UserDetailsService {
+
+    private final UserRepository users;
+
+    public CustomUserDetailsService(UserRepository users) {
+        this.users = users;
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
+        User user = users.findByEmailIgnoreCaseAndDeletedAtIsNull(email)
+                .orElseThrow(() -> new UsernameNotFoundException("User not found"));
+        return new CustomUserDetails(user);
+    }
+}

src/main/java/group/goforward/ballistic/security/JwtAuthenticationEntryPoint.java

@@ -0,0 +1,26 @@
+package group.goforward.ballistic.security;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            AuthenticationException authException
+    ) throws IOException, ServletException {
+        // Simple JSON 401 response
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        response.setContentType("application/json");
+        response.getWriter().write("{\"error\":\"Unauthorized\"}");
+    }
+}

src/main/java/group/goforward/ballistic/security/JwtAuthenticationFilter.java

@@ -0,0 +1,80 @@
+package group.goforward.ballistic.security;
+
+import group.goforward.ballistic.model.User;
+import group.goforward.ballistic.repos.UserRepository;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.UUID;
+
+@Component
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+    private final JwtService jwtService;
+    private final UserRepository userRepository;
+
+    public JwtAuthenticationFilter(JwtService jwtService, UserRepository userRepository) {
+        this.jwtService = jwtService;
+        this.userRepository = userRepository;
+    }
+
+    @Override
+    protected void doFilterInternal(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            FilterChain filterChain
+    ) throws ServletException, IOException {
+
+        String authHeader = request.getHeader("Authorization");
+
+        if (!StringUtils.hasText(authHeader) || !authHeader.startsWith("Bearer ")) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        String token = authHeader.substring(7);
+
+        if (!jwtService.isTokenValid(token)) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        UUID userUuid = jwtService.extractUserUuid(token);
+
+        if (userUuid == null || SecurityContextHolder.getContext().getAuthentication() != null) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        User user = userRepository.findByUuid(userUuid)
+                .orElse(null);
+
+        if (user == null || !user.getIsActive()) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        CustomUserDetails userDetails = new CustomUserDetails(user);
+
+        UsernamePasswordAuthenticationToken authToken =
+                new UsernamePasswordAuthenticationToken(
+                        userDetails,
+                        null,
+                        userDetails.getAuthorities()
+                );
+        authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+
+        SecurityContextHolder.getContext().setAuthentication(authToken);
+
+        filterChain.doFilter(request, response);
+    }
+}

src/main/java/group/goforward/ballistic/security/JwtService.java

@@ -0,0 +1,71 @@
+package group.goforward.ballistic.security;
+
+import group.goforward.ballistic.model.User;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.JwtException;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import java.security.Key;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.Date;
+import java.util.Map;
+import java.util.UUID;
+
+@Service
+public class JwtService {
+
+    private final Key key;
+    private final long accessTokenMinutes;
+
+    public JwtService(
+            @Value("${security.jwt.secret}") String secret,
+            @Value("${security.jwt.access-token-minutes:60}") long accessTokenMinutes
+    ) {
+        this.key = Keys.hmacShaKeyFor(secret.getBytes());
+        this.accessTokenMinutes = accessTokenMinutes;
+    }
+
+    public String generateToken(User user) {
+        Instant now = Instant.now();
+        Instant expiry = now.plus(accessTokenMinutes, ChronoUnit.MINUTES);
+
+        return Jwts.builder()
+                .setSubject(user.getUuid().toString())
+                .setIssuedAt(Date.from(now))
+                .setExpiration(Date.from(expiry))
+                .addClaims(Map.of(
+                        "email", user.getEmail(),
+                        "role", user.getRole(),
+                        "displayName", user.getDisplayName()
+                ))
+                .signWith(key, SignatureAlgorithm.HS256)
+                .compact();
+    }
+
+    public UUID extractUserUuid(String token) {
+        Claims claims = parseClaims(token);
+        return UUID.fromString(claims.getSubject());
+    }
+
+    public boolean isTokenValid(String token) {
+        try {
+            parseClaims(token);
+            return true;
+        } catch (JwtException | IllegalArgumentException ex) {
+            return false;
+        }
+    }
+
+    private Claims parseClaims(String token) {
+        return Jwts.parserBuilder()
+                .setSigningKey(key)
+                .build()
+                .parseClaimsJws(token)
+                .getBody();
+    }
+}

src/main/java/group/goforward/ballistic/services/GunbuilderProductService.java

@@ -0,0 +1,57 @@
+package group.goforward.ballistic.services;
+
+import group.goforward.ballistic.model.PartCategory;
+import group.goforward.ballistic.model.Product;
+import group.goforward.ballistic.repos.ProductRepository;
+import group.goforward.ballistic.web.dto.GunbuilderProductDto;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+@Service
+public class GunbuilderProductService {
+
+    private final ProductRepository productRepository;
+    private final PartCategoryResolverService partCategoryResolverService;
+
+    public GunbuilderProductService(
+            ProductRepository productRepository,
+            PartCategoryResolverService partCategoryResolverService
+    ) {
+        this.productRepository = productRepository;
+        this.partCategoryResolverService = partCategoryResolverService;
+    }
+
+    public List<GunbuilderProductDto> listGunbuilderProducts(String platform) {
+
+        List<Product> products = productRepository.findSomethingForGunbuilder(platform);
+
+        return products.stream()
+                .map(p -> {
+                    var maybeCategory = partCategoryResolverService
+                            .resolveForPlatformAndPartRole(platform, p.getPartRole());
+
+                    if (maybeCategory.isEmpty()) {
+                        // you can also log here
+                        return null;
+                    }
+
+                    PartCategory cat = maybeCategory.get();
+
+                    return new GunbuilderProductDto(
+                            p.getId(),
+                            p.getName(),
+                            p.getBrand().getName(),
+                            platform,
+                            p.getPartRole(),
+                            p.getBestOfferPrice(),
+                            p.getMainImageUrl(),
+                            p.getBestOfferBuyUrl(),
+                            cat.getSlug(),
+                            cat.getGroupName()
+                    );
+                })
+                .filter(dto -> dto != null)
+                .toList();
+    }
+}

src/main/java/group/goforward/ballistic/services/PartCategoryResolverService.java

@@ -0,0 +1,41 @@
+package group.goforward.ballistic.services;
+
+import group.goforward.ballistic.model.PartCategory;
+import group.goforward.ballistic.repos.PartCategoryRepository;
+import org.springframework.stereotype.Service;
+
+import java.util.Optional;
+
+@Service
+public class PartCategoryResolverService {
+
+    private final PartCategoryRepository partCategoryRepository;
+
+    public PartCategoryResolverService(PartCategoryRepository partCategoryRepository) {
+        this.partCategoryRepository = partCategoryRepository;
+    }
+
+    /**
+     * Resolve the canonical PartCategory for a given platform + partRole.
+     *
+     * For now we keep it simple:
+     * - We treat partRole as the slug (e.g. "barrel", "upper", "trigger").
+     * - Normalize to lower-kebab (spaces -> dashes, lowercased).
+     * - Look up by slug in part_categories.
+     *
+     * Later, if we want per-merchant / per-platform overrides using category_mappings,
+     * we can extend this method without changing callers.
+     */
+    public Optional<PartCategory> resolveForPlatformAndPartRole(String platform, String partRole) {
+        if (partRole == null || partRole.isBlank()) {
+            return Optional.empty();
+        }
+
+        String normalizedSlug = partRole
+                .trim()
+                .toLowerCase()
+                .replace(" ", "-");
+
+        return partCategoryRepository.findBySlug(normalizedSlug);
+    }
+}

src/main/java/group/goforward/ballistic/web/dto/GunbuilderProductDto.java

@@ -0,0 +1,53 @@
+package group.goforward.ballistic.web.dto;
+
+import java.math.BigDecimal;
+
+public class GunbuilderProductDto {
+
+    private Integer id;
+    private String name;
+    private String brand;
+    private String platform;
+    private String partRole;
+    private BigDecimal price;
+    private String imageUrl;
+    private String buyUrl;
+    private String categorySlug;
+    private String categoryGroup;
+
+    public GunbuilderProductDto(
+            Integer id,
+            String name,
+            String brand,
+            String platform,
+            String partRole,
+            BigDecimal price,
+            String imageUrl,
+            String buyUrl,
+            String categorySlug,
+            String categoryGroup
+    ) {
+        this.id = id;
+        this.name = name;
+        this.brand = brand;
+        this.platform = platform;
+        this.partRole = partRole;
+        this.price = price;
+        this.imageUrl = imageUrl;
+        this.buyUrl = buyUrl;
+        this.categorySlug = categorySlug;
+        this.categoryGroup = categoryGroup;
+    }
+
+    // --- Getters only (DTOs are read-only in most cases) ---
+    public Integer getId() { return id; }
+    public String getName() { return name; }
+    public String getBrand() { return brand; }
+    public String getPlatform() { return platform; }
+    public String getPartRole() { return partRole; }
+    public BigDecimal getPrice() { return price; }
+    public String getImageUrl() { return imageUrl; }
+    public String getBuyUrl() { return buyUrl; }
+    public String getCategorySlug() { return categorySlug; }
+    public String getCategoryGroup() { return categoryGroup; }
+}

src/main/java/group/goforward/ballistic/web/dto/admin/AdminPartRoleMappingDto.java

@@ -0,0 +1,10 @@
+package group.goforward.ballistic.web.dto.admin;
+
+public record AdminPartRoleMappingDto(
+        Integer id,
+        String platform,
+        String partRole,
+        String categorySlug,
+        String groupName,
+        String notes
+) {}

src/main/java/group/goforward/ballistic/web/dto/admin/CreatePartRoleMappingRequest.java

@@ -0,0 +1,8 @@
+package group.goforward.ballistic.web.dto.admin;
+
+public record CreatePartRoleMappingRequest(
+        String platform,
+        String partRole,
+        String categorySlug,
+        String notes
+) {}

src/main/java/group/goforward/ballistic/web/dto/admin/MerchantCategoryMappingDto.java

@@ -0,0 +1,11 @@
+// src/main/java/group/goforward/ballistic/web/dto/admin/MerchantCategoryMappingDto.java
+package group.goforward.ballistic.web.dto.admin;
+
+public record MerchantCategoryMappingDto(
+        Integer id,
+        Integer merchantId,
+        String merchantName,
+        String rawCategoryPath,
+        Integer partCategoryId,
+        String partCategoryName
+) {}

src/main/java/group/goforward/ballistic/web/dto/admin/PartCategoryDto.java

@@ -0,0 +1,10 @@
+package group.goforward.ballistic.web.dto.admin;
+
+public record PartCategoryDto(
+        Integer id,
+        String slug,
+        String name,
+        String description,
+        String groupName,
+        Integer sortOrder
+) {}

src/main/java/group/goforward/ballistic/web/dto/admin/PartRoleMappingDto.java

@@ -0,0 +1,10 @@
+package group.goforward.ballistic.web.dto.admin;
+
+public record PartRoleMappingDto(
+        Integer id,
+        String platform,
+        String partRole,
+        String categorySlug,
+        String groupName,
+        String notes
+) {}

src/main/java/group/goforward/ballistic/web/dto/admin/PartRoleMappingRequest.java

@@ -0,0 +1,8 @@
+package group.goforward.ballistic.web.dto.admin;
+
+public record PartRoleMappingRequest(
+        String platform,
+        String partRole,
+        String categorySlug,
+        String notes
+) {}

src/main/java/group/goforward/ballistic/web/dto/admin/SimpleMerchantDto.java

@@ -0,0 +1,6 @@
+package group.goforward.ballistic.web.dto.admin;
+
+public record SimpleMerchantDto(
+        Integer id,
+        String name
+) { }

src/main/java/group/goforward/ballistic/web/dto/admin/UpdateMerchantCategoryMappingRequest.java

@@ -0,0 +1,5 @@
+package group.goforward.ballistic.web.dto.admin;
+
+public record UpdateMerchantCategoryMappingRequest(
+        Integer partCategoryId
+) {}

src/main/java/group/goforward/ballistic/web/dto/admin/UpdatePartRoleMappingRequest.java

@@ -0,0 +1,8 @@
+package group.goforward.ballistic.web.dto.admin;
+
+public record UpdatePartRoleMappingRequest(
+        String platform,
+        String partRole,
+        String categorySlug,
+        String notes
+) {}

src/main/java/group/goforward/ballistic/web/dto/auth/AuthResponse.java

@@ -0,0 +1,49 @@
+package group.goforward.ballistic.web.dto.auth;
+
+public class AuthResponse {
+    private String token;
+    private String email;
+    private String displayName;
+    private String role;
+
+    public AuthResponse() {}
+
+    public AuthResponse(String token, String email, String displayName, String role) {
+        this.token = token;
+        this.email = email;
+        this.displayName = displayName;
+        this.role = role;
+    }
+
+    public String getToken() {
+        return token;
+    }
+
+    public void setToken(String token) {
+        this.token = token;
+    }
+
+    public String getEmail() {
+        return email;
+    }
+
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+    public String getDisplayName() {
+        return displayName;
+    }
+
+    public void setDisplayName(String displayName) {
+        this.displayName = displayName;
+    }
+
+    public String getRole() {
+        return role;
+    }
+
+    public void setRole(String role) {
+        this.role = role;
+    }
+}

src/main/java/group/goforward/ballistic/web/dto/auth/LoginRequest.java

@@ -0,0 +1,22 @@
+package group.goforward.ballistic.web.dto.auth;
+
+public class LoginRequest {
+    private String email;
+    private String password;
+
+    public String getEmail() {
+        return email;
+    }
+
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+}

src/main/java/group/goforward/ballistic/web/dto/auth/RegisterRequest.java

@@ -0,0 +1,31 @@
+package group.goforward.ballistic.web.dto.auth;
+
+public class RegisterRequest {
+    private String email;
+    private String password;
+    private String displayName;
+
+    public String getEmail() {
+        return email;
+    }
+
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public String getDisplayName() {
+        return displayName;
+    }
+
+    public void setDisplayName(String displayName) {
+        this.displayName = displayName;
+    }
+}

src/main/resources/application.properties

@@ -9,3 +9,6 @@ spring.datasource.driver-class-name=org.postgresql.Driver
 #spring.jpa.hibernate.ddl-auto=update
 spring.jpa.show-sql=true
 spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
+
+security.jwt.secret=ballistic-test-secret-key-1234567890-ABCDEFGHIJKLNMOPQRST
+security.jwt.access-token-minutes=2880

src/test/java/group/goforward/ballistic/BallisticApplicationTests.java

@@ -3,7 +3,7 @@ package group.goforward.ballistic;
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.SpringBootTest;
 
-@SpringBootTest
+// @SpringBootTest
 class BallisticApplicationTests {
 
 	@Test