A modern, secure, and scalable RESTful API for movie reviews and theater seat reservations
π Live Demo: https://cineticket.onrender.com
Overview β’ Features β’ Demo β’ Architecture β’ Installation β’ API Reference β’ Security β’ Documentation β’ Contributing β’ Contact
CineTicket is an enterprise-grade Spring Boot application that provides a comprehensive solution for movie enthusiasts. It seamlessly integrates movie reviews with theater seat reservations, offering a complete platform for users to discover movies, share opinions, and book seats for upcoming shows.
Built with modern Java and Spring technologies, this API implements industry best practices including JWT authentication, role-based access control, Stripe payment integration, PDF receipt generation, email notifications, rate limiting, and comprehensive API documentation.
The system is deployed and fully functional at https://cineticket.onrender.com.
 |
 |
|---|---|
| π¨βπΌ Admin Dashboard | π§βπ» User Experience |
| Manage movies, theaters, showtimes, and view reservation data | Browse movies, read reviews, select seats, and complete the reservation process |
| π¬ Movie Platform | ποΈ Reservation System | π Enterprise Security |
|---|---|---|
| β’ Browse & search movies β’ Rate & review movies β’ Manage user reviews β’ Movie recommendations |
β’ Theater management β’ Showtime scheduling β’ Seat selection & booking β’ Stripe payment integration β’ PDF receipt generation β’ Email notifications |
β’ JWT authentication β’ Role-based access control β’ Rate limiting protection β’ Secure transactions |
| π³ Payment Processing | π§ Email Notifications | π« Reservation Management |
|---|---|---|
| β’ Stripe integration β’ Checkout sessions β’ Webhook handling β’ Receipt generation |
β’ Confirmation emails β’ PDF attachments β’ Branded templates |
β’ Interactive seat selection β’ Status tracking β’ Concurrent booking protection |
- Backend: Java 17, Spring Boot 3.2.3, Spring Data JPA
- Database: MySQL 8.0
- Security: Spring Security, JJWT 0.12.6
- API Documentation: Swagger OpenAPI 3.0
- Payment Processing: Stripe API 22.0.0
- PDF Generation: iText 5.5.13.3
- Email Service: Spring Mail
- Utilities: Lombok, Resilience4j, MessageSource
- Testing: JUnit 5, Mockito
- Java 17 or higher
- Maven 3.6+
- MySQL 8.0+
- Clone the repository
git clone https://github.com/lakshay1341/Movie-Review-System-API.git
cd Movie-Review-System-API- Configure the database
CREATE DATABASE moviereviewdbupdated;- Configure application properties
Update src/main/resources/application.properties with your database credentials, JWT configuration, and Stripe API keys.
β οΈ Security Note: Generate a secure JWT secret usingopenssl rand -base64 64and never commit it to version control.
- Set up environment variables
Create a .env file based on the provided .env.example with your configuration.
# Copy the example file
cp .env.example .env
# Edit the .env file with your actual values
# For security, generate a new JWT secret:
openssl rand -base64 64- Build and run the application
mvn clean install
mvn spring-boot:run- Access the application
- API: http://localhost:8080
- Swagger UI: http://localhost:8080/swagger-ui/index.html
The system automatically creates two users on startup:
| Role | Username | Password |
|---|---|---|
| Admin | admin |
password |
| User | user |
password |
| Method | Endpoint | Description | Access |
|---|---|---|---|
POST |
/api/v1/auth/register |
Register new user |  |
POST |
/api/v1/auth/login |
Get JWT token | |
| Method | Endpoint | Description | Access |
|---|---|---|---|
GET |
/api/v1/movies |
Get all movies | |
GET |
/api/v1/movies?search={query} |
Search movies | |
GET |
/api/v1/movies/{id} |
Get movie by ID | |
POST |
/api/v1/movies |
Add movie |  |
PUT |
/api/v1/movies/{id} |
Update movie | |
DELETE |
/api/v1/movies/{id} |
Delete movie | |
| Method | Endpoint | Description | Access |
|---|---|---|---|
POST |
/api/v1/reviews/movies/{movieId} |
Add review |  |
GET |
/api/v1/reviews/my-reviews |
Get user reviews | |
PUT |
/api/v1/reviews/{reviewId} |
Update review |  |
DELETE |
/api/v1/reviews/{reviewId} |
Delete review | |
| Method | Endpoint | Description | Access |
|---|---|---|---|
GET |
/api/v1/theaters |
Get all theaters | |
GET |
/api/v1/theaters/{id} |
Get theater by ID | |
GET |
/api/v1/theaters/search?location={location} |
Search theaters | |
POST |
/api/v1/theaters |
Add theater | |
PUT |
/api/v1/theaters/{id} |
Update theater | |
DELETE |
/api/v1/theaters/{id} |
Delete theater | |
| Method | Endpoint | Description | Access |
|---|---|---|---|
GET |
/api/v1/showtimes?date={date} |
Get showtimes by date | |
GET |
/api/v1/showtimes/movies/{movieId} |
Get showtimes by movie | |
GET |
/api/v1/showtimes/theaters/{theaterId} |
Get showtimes by theater | |
GET |
/api/v1/showtimes/available |
Get available showtimes | |
POST |
/api/v1/showtimes |
Add showtime | |
PUT |
/api/v1/showtimes/{id} |
Update showtime | |
DELETE |
/api/v1/showtimes/{id} |
Delete showtime | |
| Method | Endpoint | Description | Access |
|---|---|---|---|
GET |
/api/v1/seats/showtimes/{showtimeId} |
Get all seats | |
GET |
/api/v1/seats/showtimes/{showtimeId}/available |
Get available seats |  |
| Method | Endpoint | Description | Access |
|---|---|---|---|
POST |
/api/v1/reservations |
Create reservation | |
GET |
/api/v1/reservations/my-reservations |
Get user reservations | |
GET |
/api/v1/reservations/{id} |
Get reservation by ID | |
DELETE |
/api/v1/reservations/{id} |
Cancel reservation | |
GET |
/api/v1/reservations |
Get all reservations | |
GET |
/api/v1/reservations/reports/revenue |
Get revenue report | |
| Security Features | Authentication Flow |
|---|---|
| β’ JWT Authentication: Secure token-based authentication β’ Password Encryption: BCrypt encoding (strength 12) β’ Role-Based Access Control: User/admin permissions β’ Rate Limiting: 100 requests per minute β’ Concurrent Access Control: Pessimistic locking β’ Transactional Operations: Data integrity β’ Secure Payments: Stripe integration β’ Environment Variables: Secure credential management |
1. User registers or logs in with credentials 2. Server validates credentials and returns a JWT token 3. Client includes JWT in Authorization header 4. Server validates token and grants access based on roles Example Header: Authorization: Bearer eyJhbGciOiJIUzUxMiJ9... |
| Swagger UI | Postman Collection |
|---|---|
| Interactive API documentation with request/response examples β’ Local Development β’ Production β’ OpenAPI Specification |
Complete API testing suite with environments Also available in docs/postman directory |
All API responses follow a consistent format:
{
"success": true,
"message": "operation.success.message",
"data": {"Response data here"}
}- Complete API Coverage: All endpoints from authentication to reservations
- Environment Variables: Pre-configured for development and testing
- Authentication Handling: Automatic JWT token management
- Test Scripts: Response validation and environment variable extraction
- Request Examples: Sample payloads for all operations
Contributions are welcome! Here's how you can contribute:
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit your changes:
git commit -m 'Add some amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
- π¬ Original Problem Statement: roadmap.sh
- π Live Demo: https://cineticket.onrender.com
- π API Documentation: https://cineticket.onrender.com/swagger-ui/index.html
Lakshay Chaudhary π§ Email: [email protected] πΌ GitHub: lakshay1341
β Star this repository if you find it helpful!
Built with β€οΈ by Lakshay Chaudhary