Digital Money House is built on a microservices architecture where every concern — authentication, user management, accounts and transactions — lives in its own independently deployable Spring Boot service. Services discover each other through a central Eureka registry, communicate synchronously via Feign clients, and exchange asynchronous events over RabbitMQ, while all external traffic enters through a single reactive API Gateway.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Gianluca-X/DigitalMoney/llms.txt
Use this file to discover all available pages before exploring further.
System Topology
Service Inventory
| Service | Port | Responsibility | Database |
|---|---|---|---|
| Auth Service | 8082 | JWT issuance, login, logout, email verification, credential updates | auth_service_db |
| User Service | 8087 | User registration, profile CRUD, account provisioning via Feign | user_service_db |
| Accounts Service | 8084 | Digital accounts (CVU/alias), card management, transfers, activity history, PDF receipts | account_service_db |
| API Gateway | 8085 | Centralized request routing, JWT validation, CORS | — |
| Eureka Server | 8761 | Service registry and health dashboard | — |
| Config Server | 8888 | Centralised Spring Cloud Config distribution | — |
API Gateway Routing
The Spring Cloud Gateway is the only network entry point exposed to clients. Routes are defined ingateway/src/main/resources/application.yml and use load-balanced URIs (lb://) so the gateway resolves target instances dynamically from the Eureka registry:
http://localhost:3000) with GET, POST, PUT, PATCH, DELETE, and OPTIONS methods:
JWT validation is performed at the gateway using the
spring.security.oauth2.resourceserver.jwt.secret value configured in gateway/application.yml. The accounts-service and auth-service share the JWT_SECRET environment variable; the gateway uses a separately configured secret in its own application.yml.Service Discovery with Eureka
Every application service (Auth, User, Accounts, Config, Gateway) registers itself with the Eureka Server at startup. The registration names map directly to thespring.application.name property in each service’s configuration:
| Application Name | Registered As |
|---|---|
| Auth Service | auth-service |
| User Service | user-service |
| Accounts Service | accounts-service |
| Config Server | config-server |
| Gateway | gateway-service |
lb://auth-service URI tells the load-balancer ribbon to look up the auth-service registration in Eureka and forward the request to a healthy instance.
http://localhost:8761 when the stack is running.
Async Messaging with RabbitMQ
Email address changes must be reflected in both the Auth Service (credential store) and the User Service (profile store). Rather than a second synchronous Feign call that would tightly couple the two services, Digital Money House uses RabbitMQ for this propagation: Flow:- A client sends a
PATCH /auth/change-email?newEmail={email}request with a valid Bearer token. - Auth Service updates the email in its own
auth_service_dbrecord. - Auth Service publishes a
UserEmailChangedEventto theuser.exchangetopic exchange with the routing keyuser.email.changed. - User Service consumes the event from the
user.email.changedqueue and updates its local copy of the email inuser_service_db.
user-service/application.properties:
Database Isolation
Each service owns an independent MySQL schema. Schemas and their dedicated users are created byinit.sql, which MySQL executes automatically on first boot via the Docker Compose init-scripts mechanism:
ddl-auto: update), so schema migrations are applied automatically when a service restarts.
Inter-Service Communication (Feign Clients)
Where synchronous data is required between services, Digital Money House uses Spring Cloud OpenFeign declarative HTTP clients.User Service → Accounts Service
When a user registers, User Service calls Accounts Service to provision a new digital account. The call is authenticated with an internal token header:User Service → Auth Service
User Service calls Auth Service directly (bypassing the registry for this internal path) to register or update credentials in the auth store:The
AccountClient uses the Eureka-registered name accounts-service with a custom FeignClientConfig that injects the internal bearer token. The AuthClient currently uses a hardcoded URL; this is a known improvement area for moving to a fully registry-resolved URI.Concurrency & Data Integrity
The Accounts Service protects account balances from race conditions using a pessimistic write lock on the account row during transfer processing:@Transactional wrapping the entire transfer operation, this guarantees that concurrent transfer requests for the same account are serialised at the database level, preventing duplicate debits or phantom credits.