8 changed files with 31 additions and 627 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,7 +6,6 @@ build/
 !gradle/wrapper/gradle-wrapper.jar
 !**/src/main/**/build/
 !**/src/test/**/build/
 CFTunnels/
 ### STS ###
 .apt_generated
--- a/README.md
+++ b/README.md
@ -1,186 +0,0 @@
 # CFTunnels - Cloudflare Tunnels Management API
 > **Note**: All pull requests should be raised against the `test` branch.
 A Spring Boot REST API for managing Cloudflare Tunnels with ingress mappings and an approval workflow.
 ## Overview
 CFTunnels provides a programmatic way to manage Cloudflare Tunnel configurations, allowing teams to:
 - View and manage Cloudflare Tunnels
 - Add, modify, and delete ingress mappings
 - Request mapping changes through an approval workflow
 - Track tunnel configurations locally
 ## Features
 - **Tunnel Management**: Create, update, and delete Cloudflare tunnels
 - **Ingress Mappings**: Add custom ingress rules to tunnel configurations
 - **Approval Workflow**: Request/approve/reject mapping changes
 - **Security**: OIDC-based authentication with role-based access
 - **API Documentation**: OpenAPI/Swagger documentation
 ## Technology Stack
 - Java 17
 - Spring Boot 3.x
 - Spring Data JPA
 - Spring Security with OIDC
 - H2 Database (configurable for PostgreSQL)
 - Cloudflare API v4
 ## Prerequisites
 - Java 17 or higher
 - Cloudflare account with API key
 - OIDC provider (e.g., Google, Okta, Auth0)
 ## Configuration
 Copy `.env.example` to `.env` and configure:
 ```bash
 cp .env.example .env
 ```
 ### Required Environment Variables
 | Variable | Description |
 |---------|-------------|
 | `CLOUDFLARE_ACCOUNT_ID` | Cloudflare Account ID |
 | `CLOUDFLARE_API_KEY` | Cloudflare API Key |
 | `CLOUDFLARE_EMAIL` | Cloudflare account email |
 | `SPRING_PROFILES_ACTIVE` | Environment (local, dev, prod) |
 ### Security Configuration
 OIDC settings in `application.properties`:
 ```properties
 spring.security.oauth2.client.registration.<provider>.client-id=your-client-id
 spring.security.oauth2.client.registration.<provider>.client-secret=your-client-secret
 spring.security.oauth2.client.provider.<provider>.issuer-uri=https://your-oidc-provider
 ```
 ## Running Locally
 ### Using Gradle
 ```bash
 ./gradlew bootRun
 ```
 ### Using Docker
 ```bash
 docker-compose up --build
 ```
 The API will be available at `http://localhost:8080`
 ## API Documentation
 Once running, access:
 - **Swagger UI**: `http://localhost:8080/swagger-ui.html`
 - **OpenAPI JSON**: `http://localhost:8080/v3/api-docs`
 ## API Endpoints
 ### Base URL: `/cloudflare`
 | Method | Endpoint | Description | Required Role |
 |--------|----------|-------------|---------------|
 | GET | `/whoami` | Get current user info | USER |
 | GET | `/tunnels` | List all Cloudflare tunnels | USER |
 | GET | `/configured/tunnels` | List locally configured tunnels | USER |
 | GET | `/requests` | List all mapping requests | USER |
 | GET | `/tunnels/{tunnelId}/mappings` | Get tunnel configuration | DEVELOPER |
 | POST | `/tunnels/{tunnelId}/mappings` | Add ingress mapping | ADMIN |
 | DELETE | `/tunnels/{tunnelId}/mappings` | Delete ingress mapping | DEVELOPER |
 | POST | `/tunnels/configure/{tunnelId}/requests` | Create mapping request | DEVELOPER |
 | PUT | `/requests/{requestId}/approve` | Approve mapping request | APPROVER |
 | PUT | `/requests/{requestId}/reject` | Reject mapping request | APPROVER |
 | PUT | `/tunnels/configure/{tunnelId}` | Configure tunnel for environment | ADMIN |
 ## Role-Based Access
 | Role | Permissions |
 |------|-------------|
 | USER | View tunnels and requests |
 | DEVELOPER | Create/modify/delete mappings, create requests |
 | APPROVER | Approve/reject requests |
 | ADMIN | Full access including tunnel configuration |
 ## Example Usage
 ### List all tunnels
 ```bash
 curl -H "Authorization: Bearer $TOKEN" \
  http://localhost:8080/cloudflare/tunnels
 ```
 ### Add an ingress mapping
 ```bash
 curl -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "hostname": "api.example.com",
    "service": "http://localhost:8080",
    "originRequest": {"noTLSVerify": true}
  }' \
  http://localhost:8080/cloudflare/tunnels/{tunnelId}/mappings
 ```
 ## Project Structure
 ```
 CFTunnels/
 ├── src/main/java/com/hithomelabs/CFTunnels/
 │   ├── CfTunnelsApplication.java     # Main application
 │   ├── Config/                      # Configuration classes
 │   ├── Controllers/                # REST controllers
 │   │   └── TunnelController.java     # Main API controller
 │   ├── Entity/                     # JPA entities
 │   │   ├── Mapping.java            # Ingress mapping
 │   │   ├── Protocol.java         # Protocol enum
 │   │   ├── Request.java         # Mapping request
 │   │   ├── Tunnel.java          # Tunnel entity
 │   │   └── User.java            # User entity
 │   ├── Models/                     # DTOs
 │   ├── Repositories/              # JPA repositories
 │   └── Services/                 # Business logic
 │       ├── CloudflareAPIService.java   # Cloudflare API
 │       └── MappingRequestService.java  # Request workflow
 └── src/main/resources/
    ├── application.properties    # Main config
    └── schema.sql              # Database schema
 ```
 ## Testing
 Run tests with:
 ```bash
 ./gradlew test
 ```
 Run integration tests:
 ```bash
 ./gradlew integrationTest
 ```
 ## License
 Private - All rights reserved
 ## References
 - [Cloudflare Tunnel Documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/)
 - [Cloudflare API v4](https://api.cloudflare.com/)
 - [Spring Boot Documentation](https://docs.spring.io/spring-boot/docs/current/reference/)
--- a/src/main/java/com/hithomelabs/CFTunnels/CfTunnelsApplication.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/CfTunnelsApplication.java
@ -1,13 +1,11 @@
 package com.hithomelabs.CFTunnels;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 /**
 * Main Spring Boot application class for Cloudflare Tunnels API.
- *
+ * 
 * <p>This application provides a RESTful API for managing Cloudflare Tunnels,
 * allowing users to create tunnel mappings to services with an approval workflow.</p>
- *
+ * 
 * <p><b>Features:</b></p>
 * <ul>
 *   <li>Create, update, and delete Cloudflare tunnels</li>
@ -15,7 +13,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
 *   <li>Request/approval workflow for mapping changes</li>
 *   <li>OIDC-based authentication with role-based access</li>
 * </ul>
- *
+ * 
 * <p><b>Technology Stack:</b></p>
 * <ul>
 *   <li>Java 17</li>
@ -25,23 +23,23 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
 *   <li>H2 Database (configurable for PostgreSQL)</li>
 *   <li>Cloudflare API</li>
 * </ul>
- *
+ * 
 * <p>Access the API documentation at:
 * {@code /swagger-ui.html} for the Swagger/OpenAPI UI</p>
- *
+ * 
 * @see <a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-negative">Cloudflare Tunnel Documentation</a>
 * @since 1.0.0
 */
@SpringBootApplication
 public class CfTunnelsApplication {
-    /**
+	/**
-     * Main entry point for the application.
+	 * Main entry point for the application.
-     * 
+	 * 
-     * @param args command line arguments passed to the application
+	 * @param args command line arguments passed to the application
-     */
+	 */
-    public static void main(String[] args) {
+	public static void main(String[] args) {
-        SpringApplication.run(CfTunnelsApplication.class, args);
+		SpringApplication.run(CfTunnelsApplication.class, args);
-    }
+	}
-}
+}
--- a/src/main/java/com/hithomelabs/CFTunnels/Config/CloudflareConfig.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Config/CloudflareConfig.java
@ -3,47 +3,11 @@ package com.hithomelabs.CFTunnels.Config;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 /**
 * Configuration class for Cloudflare API credentials.
 * 
 * <p>Loads Cloudflare configuration from application properties
 * using the {@code cloudflare.*} prefix.</p>
 * 
 * <p><b>Example configuration in application.properties:</b></p>
 * <pre>
 * cloudflare.account-id=your-account-id
 * cloudflare.api-key=your-api-key
 * cloudflare.email=your@email.com
 * </pre>
 * 
 * @see <a href="https://api.cloudflare.com/">Cloudflare API Documentation</a>
 */
@Configuration
@ConfigurationProperties(prefix = "cloudflare")
 public class CloudflareConfig {
    /**
     * Cloudflare account ID.
     * 
     * <p>Found in the Cloudflare Dashboard under
     * Overview > Account ID</p>
     */
    private String accountId;
    /**
     * Cloudflare API Key.
     * 
     * <p>Generated in Cloudflare Dashboard under
     * Profile > API Tokens > Global API Key</p>
     */
    private String apiKey;
    /**
     * Cloudflare account email.
     * 
     * <p>The email address associated with your
     * Cloudflare account.</p>
     */
    private String email;
    // Getters and Setters
@ -55,4 +19,4 @@ public class CloudflareConfig {
    public String getEmail() { return email; }
    public void setEmail(String email) { this.email = email; }
-}
+}
--- a/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java
@ -22,6 +22,7 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.servlet.error.ErrorController;
 import org.springframework.dao.DataAccessException;
 import org.springframework.http.*;
 import org.springframework.http.*;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
@ -35,41 +36,6 @@ import java.util.Map;
 import java.util.NoSuchElementException;
 import java.util.UUID;
 /**
 * REST Controller for managing Cloudflare Tunnels.
 * 
 * <p>This controller provides the public API for managing Cloudflare Tunnels
 * and their ingress mappings. All endpoints require authentication via OIDC
 * and are protected by role-based access control.</p>
 * 
 * <p><b>Base URL:</b> {@code /cloudflare}</p>
 * 
 * <p><b>Authentication:</b> OIDC-based with role-based access</p>
 * 
 * <p><b>Available Roles:</b></p>
 * <ul>
 *   <li>USER - View tunnels and requests</li>
 *   <li>DEVELOPER - Create/modify/delete mappings</li>
 *   <li>APPROVER - Approve/reject requests</li>
 *   <li>ADMIN - Full tunnel configuration access</li>
 * </ul>
 * 
 * <p><b>Example Usage:</b></p>
 * <pre>
 * # Get all tunnels (requires USER role)
 * curl -H "Authorization: Bearer &lt;token&gt;" \
 *   https://api.example.com/cloudflare/tunnels
 * 
 * # Add a mapping (requires ADMIN role)
 * curl -X POST -H "Authorization: Bearer &lt;token&gt;" \
 *   -H "Content-Type: application/json" \
 *   -d '{"hostname":"api.example.com","service":"http://localhost:8080"}' \
 *   https://api.example.com/cloudflare/tunnels/{tunnelId}/mappings
 * </pre>
 * 
 * @see CloudflareAPIService
 * @see MappingRequestService
 */
@RestController
@RequestMapping("/cloudflare")
 public class TunnelController implements ErrorController {
@ -97,21 +63,9 @@ public class TunnelController implements ErrorController {
    @Autowired
    private UserRepository userRepository;
    /**
     * Current environment (loaded from spring.profiles.active).
     */
    @Value("${spring.profiles.active}")
    private String environment;
    /**
     * Get current user information.
     * 
     * <p>Returns the authenticated user's username and roles.</p>
     * 
     * @param oidcUser The authenticated OIDC user
     * @return Map containing username and roles
     * @throws SecurityException if authentication fails
     */
    @PreAuthorize("hasAnyRole('USER')")
    @GetMapping("/whoami")
    public Map<String,Object> whoAmI(@AuthenticationPrincipal OidcUser oidcUser) {
@ -125,16 +79,6 @@ public class TunnelController implements ErrorController {
        );
    }
    /**
     * Get all tunnels from Cloudflare API.
     * 
     * <p>Fetches the complete list of tunnels from Cloudflare,
     * including their status and configuration from the Cloudflare API.</p>
     * 
     * @return Map containing list of all tunnels
     * @throws SecurityException if user lacks required role
     * @see <a href="https://api.cloudflare.com/#cfd_tunnel-get-tunnels">Cloudflare API</a>
     */
    @PreAuthorize("hasAnyRole('USER')")
    @GetMapping("/tunnels")
    @Operation( security = { @SecurityRequirement(name = "oidcAuth") } )
@ -148,16 +92,6 @@ public class TunnelController implements ErrorController {
        return ResponseEntity.ok(jsonResponse);
    }
    /**
     * Get locally configured tunnels.
     * 
     * <p>Returns the tunnels that have been configured locally
     * with environment associations.</p>
     * 
     * @return Map containing list of configured tunnels
     * @throws SecurityException if user lacks required role
     * @see CloudflareAPIService#getAllConfiguredTunnels()
     */
    @PreAuthorize("hasAnyRole('USER')")
    @GetMapping("/configured/tunnels")
    public ResponseEntity<Map<String,Object>> getConfiguredTunnels(){
@ -172,14 +106,6 @@ public class TunnelController implements ErrorController {
        }
    }
    /**
     * Get all mapping requests.
     * 
     * <p>Returns all pending, approved, and rejected mapping requests.</p>
     * 
     * @return Map containing list of all requests
     * @throws SecurityException if user lacks required role
     */
    @PreAuthorize("hasAnyRole('USER')")
    @GetMapping("/requests")
    public ResponseEntity<Map<String,Object>> getAllRequests() {
@ -194,17 +120,6 @@ public class TunnelController implements ErrorController {
        }
    }
    /**
     * Get tunnel configuration from Cloudflare.
     * 
     * <p>Fetches the complete configuration for a specific tunnel,
     * including all ingress rules.</p>
     * 
     * @param tunnelId The Cloudflare tunnel ID (UUID)
     * @return Map containing tunnel configuration
     * @throws SecurityException if user lacks required role
     * @see <a href="https://api.cloudflare.com/#cfd_tunnel-get-tunnel-config">Cloudflare API</a>
     */
    @PreAuthorize("hasAnyRole('DEVELOPER')")
    @GetMapping("/tunnels/{tunnelId}/mappings")
    public ResponseEntity<Map<String,Object>> getTunnelConfigurations(@PathVariable String tunnelId) {
@ -217,41 +132,22 @@ public class TunnelController implements ErrorController {
        return ResponseEntity.ok(jsonResponse);
    }
-    /**
+    // 50df9101-f625-4618-b7c5-100338a57124
     * Add an ingress mapping to a tunnel.
     * 
     * <p>Adds a new ingress rule to the tunnel configuration.
     * The new rule is inserted at the second-to-last position,
     * before any catch-all rule.</p>
     * 
     * @param tunnelId The Cloudflare tunnel ID (UUID)
     * @param ingress The ingress rule to add
     * @return Map containing the updated configuration
     * @throws SecurityException if user lacks required role
     * @throws JsonProcessingException if JSON processing fails
     * 
     * @example
     * {
     *   "hostname": "api.example.com",
     *   "service": "http://localhost:8080",
     *   "originRequest": {"noTLSVerify": true}
     * }
     */
    @PreAuthorize("hasAnyRole('ADMIN')")
    @PostMapping("/tunnels/{tunnelId}/mappings")
    public ResponseEntity<Map<String, Object>> addTunnelconfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
        ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
-        // Inserting new ingress value at second-to last position in list
+        // * * Inserting new ingress value at second-to last position in list
        Config config = responseEntity.getBody().getResult().getConfig();
        List<Ingress> response_ingress = config.getIngress();
        response_ingress.add(response_ingress.size()-1, ingress);
-        // Hitting put endpoint
+        // * * Hitting put endpoint
        ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class, config);
-        // Displaying response
+        // * * Displaying response
        Map<String, Object> jsonResponse = new HashMap<>();
        jsonResponse.put("status", response.getStatusCode().toString());
        jsonResponse.put("data", response.getBody());
@ -259,32 +155,21 @@ public class TunnelController implements ErrorController {
        return ResponseEntity.ok(jsonResponse);
    }
    /**
     * Delete an ingress mapping from a tunnel.
     * 
     * <p>Removes an ingress rule by hostname from the tunnel configuration.</p>
     * 
     * @param tunnelId The Cloudflare tunnel ID (UUID)
     * @param ingress Ingress containing hostname to delete (only hostname field is used)
     * @return Map containing the result
     * @throws SecurityException if user lacks required role
     * @throws JsonProcessingException if JSON processing fails
     */
    @PreAuthorize("hasAnyRole('DEVELOPER')")
    @DeleteMapping("/tunnels/{tunnelId}/mappings")
    public ResponseEntity<Map<String, Object>> deleteTunnelConfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
        ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
-        // Deleting the selected ingress value
+        // * * Deleting the selected ingress value
        Config config = responseEntity.getBody().getResult().getConfig();
        List<Ingress> response_ingress = config.getIngress();
        Boolean result = Ingress.deleteByHostName(response_ingress, ingress.getHostname());
-        // Hitting put endpoint
+        // * * Hitting put endpoint
        ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class, config);
-        // Displaying response
+        // * * Displaying response
        Map<String, Object> jsonResponse = new HashMap<>();
        if (result){
@ -299,20 +184,6 @@ public class TunnelController implements ErrorController {
        return ResponseEntity.ok(jsonResponse);
    }
    /**
     * Create a mapping change request.
     * 
     * <p>Creates a new request for changing tunnel ingress mappings.
     * The request starts in PENDING status and must be approved
     * before the changes are applied.</p>
     * 
     * @param tunnelId  The Cloudflare tunnel ID (UUID)
     * @param oidcUser  The authenticated user
     * @param ingess   The ingress configuration to request
     * @return The created request with PENDING status
     * @throws SecurityException if user lacks required role
     * @see MappingRequestService#createMappingRequest(String, Ingress, OidcUser)
     */
    @PreAuthorize("hasAnyRole('DEVELOPER')")
    @PostMapping("/tunnels/configure/{tunnelId}/requests")
    public ResponseEntity<Request> createTunnelMappingRequest(@PathVariable String tunnelId, @AuthenticationPrincipal OidcUser oidcUser, @RequestBody Ingress ingess){
@ -322,17 +193,6 @@ public class TunnelController implements ErrorController {
        return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
    }
    /**
     * Approve a mapping request.
     * 
     * <p>Approves a pending mapping request. If approved, the
     * mapping will be applied to the Cloudflare tunnel.</p>
     * 
     * @param requestId The ID of the request to approve
     * @param oidcUser  The approver (must have APPROVER role)
     * @return The updated request with APPROVED status
     * @throws SecurityException if user lacks required role
     */
    @PreAuthorize("hasAnyRole('APPROVER')")
    @PutMapping("/requests/{requestId}/approve")
    public ResponseEntity<Request> approveMappingRequest(@PathVariable UUID requestId, @AuthenticationPrincipal OidcUser oidcUser) {
@ -350,17 +210,6 @@ public class TunnelController implements ErrorController {
        }
    }
    /**
     * Reject a mapping request.
     * 
     * <p>Rejects a pending mapping request. No changes
     * will be made to the tunnel.</p>
     * 
     * @param requestId The ID of the request to reject
     * @param oidcUser  The rejecter (must have APPROVER role)
     * @return The updated request with REJECTED status
     * @throws SecurityException if user lacks required role
     */
    @PreAuthorize("hasAnyRole('APPROVER')")
    @PutMapping("/requests/{requestId}/reject")
    public ResponseEntity<Request> rejectMappingRequest(@PathVariable UUID requestId, @AuthenticationPrincipal OidcUser oidcUser) {
@ -378,31 +227,13 @@ public class TunnelController implements ErrorController {
        }
    }
    /**
     * Configure a tunnel for the current environment.
     * 
     * <p>Creates a local configuration entry for a tunnel,
     * associating it with the current environment (from spring.profiles.active).</p>
     * 
     * <p><b>Response Codes:</b></p>
     * <ul>
     *   <li>200 - Created/updated with new tunnel</li>
     *   <li>204 - No changes needed</li>
     *   <li>404 - Tunnel not found in Cloudflare</li>
     * </ul>
     * 
     * @param tunnelId The Cloudflare tunnel ID (UUID)
     * @param user    The authenticated user
     * @return The tunnel configuration
     * @throws SecurityException if user lacks required role
     */
    @PreAuthorize("hasAnyRole('ADMIN')")
    @PutMapping("/tunnels/configure/{tunnelId}")
    public ResponseEntity<Tunnel> configureTunnelForEnvironment(@PathVariable String tunnelId, @AuthenticationPrincipal OidcUser user) {
        /*
-         * Returns 200 if an object is created or updated with a new representation of the object
+         *  * Returns 200 if an object is created or updated with a new representation of the object
-         * Returns 204 if the object state did not need any changing.
+         *  * Returns 204 if the object state did not need any changing.
-         * Returns 404 if the tunnelId is not valid
+         *  * Returns 404 if the tunnelId is not valid
         */
        try {
--- a/src/main/java/com/hithomelabs/CFTunnels/Entity/User.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Entity/User.java
@ -1,5 +1,4 @@
 package com.hithomelabs.CFTunnels.Entity;
 import jakarta.persistence.*;
 import jakarta.validation.constraints.Size;
 import lombok.AllArgsConstructor;
@ -9,26 +8,6 @@ import lombok.Setter;
 import java.util.UUID;
 /**
 * JPA Entity representing a user in the system.
 * 
 * <p>This entity stores user information synced from the OIDC provider
 * during authentication. Users are assigned roles that determine their
 * access levels to the API endpoints.</p>
 * 
 * <p><b>Database Table:</b> {@code users}</p>
 * 
 * <p><b>Roles:</b></p>
 * <ul>
 *   <li>USER - Basic access to view tunnels</li>
 *   <li>DEVELOPER - Can create/modify mappings</li>
 *   <li>APPROVER - Can approve/reject requests</li>
 *   <li>ADMIN - Full access including tunnel configuration</li>
 * </ul>
 * 
 * @see Request
 * @see Mapping
 */
@Entity
@Getter
@Setter
@ -36,33 +15,16 @@ import java.util.UUID;
@AllArgsConstructor
@Table(name = "users")
 public class User {
    /**
     * Unique identifier for the user (UUID).
     * 
     * <p>This corresponds to the user's ID in the OIDC provider.</p>
     */
    @Id
    @GeneratedValue
    @Column(columnDefinition = "uuid", insertable = false, updatable = false, nullable = false)
    private UUID id;
    /**
     * User's display name.
     * 
     * <p>This is typically the full name from the OIDC provider.</p>
     */
    @Column(length = 50, nullable = false)
    @Size(max = 50)
    private String name;
    /**
     * User's email address.
     * 
     * <p>Used as the unique identifier for authentication
     * and for associating users with their roles.</p>
     */
    @Column(length = 50, nullable = false)
    @Size(max = 50)
    private String email;
-}
+}
--- a/src/main/java/com/hithomelabs/CFTunnels/Models/Ingress.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Models/Ingress.java
@ -8,88 +8,19 @@ import lombok.Setter;
 import java.util.List;
 import java.util.Map;
 /**
 * Model representing an ingress rule for a Cloudflare Tunnel.
 * 
 * <p>Ingress rules define how incoming requests should be routed through
 * the tunnel to your internal services. Each rule specifies:</p>
 * <ul>
 *   <li>{@link #hostname} - The domain/subdomain to match</li>
 *   <li>{@link #service} - The internal service URL</li>
 *   <li>{@link #originRequest} - Optional settings for origin requests</li>
 *   <li>{@link #path} - Optional path prefix to match</li>
 * </ul>
 * 
 * <p><b>Example JSON:</b></p>
 * <pre>
 * {
 *   "hostname": "api.example.com",
 *   "service": "http://localhost:8080",
 *   "originRequest": {
 *     "noTLSVerify": true
 *   },
 *   "path": "/api"
 * }
 * </pre>
 * 
 * @see <a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/routing/ingress/">Cloudflare Ingress Docs</a>
 */
@NoArgsConstructor
@AllArgsConstructor
@Getter
@Setter
 public class Ingress {
    /**
     * The target service URL.
     * 
     * <p>Format: {@code protocol://host:port}</p>
     * <p>Example: {@code http://localhost:8080}</p>
     */
    private String service;
    /**
     * Hostname pattern to match for this ingress rule.
     * 
     * <p>Can be a full domain (api.example.com) or use wildcards 
     * (*.example.com) to match subdomains.</p>
     * <p>If null, this rule acts as a catch-all.</p>
     */
    private String hostname;
    /**
     * Optional settings for requests to the origin server.
     * 
     * <p>Supported options:</p>
     * <ul>
     *   <li>noTLSVerify - Skip TLS verification</li>
     *   <li>connectTimeout - Connection timeout in seconds</li>
     *   <li>tlsTimeout - TLS handshake timeout</li>
     *   <li>httpHostHeader - Host header to send</li>
     * </ul>
     */
    private Map<String, Object> originRequest;
    /**
     * Optional path to match before routing.
     * 
     * <p>Example: "/api" would only route requests with
     * paths starting with /api to this service.</p>
     */
    private String path;
    /**
     * Removes an ingress rule by hostname from a list.
     * 
     * <p>This utility method finds and removes the first ingress
     * matching the given hostname.</p>
     * 
     * @param ingressList  List of ingress rules to modify
     * @param toBeDeleted Hostname of the rule to remove
     * @return true if an ingress was removed, false otherwise
     */
    public static boolean deleteByHostName(List<Ingress> ingressList, String toBeDeleted){
         return ingressList.removeIf(ingress -> ingress.getHostname() != null && ingress.getHostname().equals(toBeDeleted));
    }
-}
+}
--- a/src/main/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIService.java
+++ b/src/main/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIService.java
@ -22,60 +22,21 @@ import java.util.NoSuchElementException;
 import java.util.Optional;
 import java.util.UUID;
 /**
 * Service for interacting with the Cloudflare Tunnel API.
 * 
 * <p>This service provides methods to manage Cloudflare Tunnels,
 * including fetching tunnel configurations, creating/updating tunnels,
 * and adding ingress mappings. It handles all communication with the
 * Cloudflare API using the configured credentials.</p>
 * 
 * <p><b>API Endpoints Used:</b></p>
 * <ul>
 *   <li>GET /accounts/{accountId}/cfd_tunnel - List all tunnels</li>
 *   <li>GET /accounts/{accountId}/cfd_tunnel/{tunnelId}/configurations - Get tunnel config</li>
 *   <li>PUT /accounts/{accountId}/cfd_tunnel/{tunnelId}/configurations - Update tunnel config</li>
 * </ul>
 * 
 * @see CloudflareConfig
 * @see Tunnel
 * @see Ingress
 */
@Service
 public class CloudflareAPIService {
    /**
     * Configuration for Cloudflare API credentials and settings.
     * Loaded from application.properties using the {@code cloudflare.*} prefix.
     */
    @Autowired
    CloudflareConfig cloudflareConfig;
    /**
     * Header provider for Cloudflare API authentication.
     * Generates the X-Auth-Key and X-Auth-Email headers.
     */
    @Autowired
    AuthKeyEmailHeader authKeyEmailHeader;
    /**
     * HTTP client for making API requests.
     */
    @Autowired
    RestTemplate restTemplate;
    /**
     * Repository for storing tunnel configurations locally.
     */
    @Autowired
    TunnelRepository tunnelRepository;
    /**
     * Fetches all Cloudflare tunnels from the API.
     * 
     * @return Response containing the list of tunnels from Cloudflare
     * @see TunnelsResponse
     */
    public ResponseEntity<TunnelsResponse> getCloudflareTunnels() {
        String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel";
@ -85,18 +46,9 @@ public class CloudflareAPIService {
        return responseEntity;
    }
    /**
     * Fetches the configuration for a specific tunnel.
     * 
     * @param tunnelId      The Cloudflare tunnel ID (UUID string)
     * @param restTemplate HTTP client to use for the request
     * @param responseType Class to deserialize the response into
     * @param <T>         Response type
     * @return Response containing the tunnel configuration
     */
    public <T> ResponseEntity<T> getCloudflareTunnelConfigurations(String tunnelId, RestTemplate restTemplate, Class<T> responseType) {
-        // Resource URL to hit get request at
+        // * * Resource URL to hit get request at
        String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
        HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
@ -104,22 +56,9 @@ public class CloudflareAPIService {
        return responseEntity;
    }
    /**
     * Updates the configuration for a specific tunnel.
     * 
     * <p>This method is used to add, modify, or remove ingress mappings
     * by providing a complete configuration object.</p>
     * 
     * @param tunnelId      The Cloudflare tunnel ID (UUID string)
     * @param restTemplate HTTP client to use for the request
     * @param responseType Class to deserialize the response into
     * @param config      The new configuration to apply
     * @param <T>        Response type
     * @return Response containing the updated tunnel configuration
     */
    public <T> ResponseEntity<T> putCloudflareTunnelConfigurations(String tunnelId, RestTemplate restTemplate, Class<T> responseType, Config config) {
-        // Resource URL to hit get request at
+        // * * Resource URL to hit get request at
        String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
        HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
@ -129,29 +68,10 @@ public class CloudflareAPIService {
        return responseEntity;
    }
    /**
     * Converts a Cloudflare API tunnel result to a local Tunnel entity.
     * 
     * @param tunnelResult The tunnel result from Cloudflare API
     * @param env          The environment name to associate
     * @return New Tunnel entity instance
     */
    private Tunnel getTunnelFromTunnelResponse(TunnelResult tunnelResult, String env){
        return new Tunnel(UUID.fromString(tunnelResult.getId()), env, tunnelResult.getName());
    }
    /**
     * Creates or updates a tunnel's local configuration.
     * 
     * <p>This method fetches the tunnel from Cloudflare API, validates it exists,
     * and stores a local copy with the environment association.</p>
     * 
     * @param tunnelId    The Cloudflare tunnel ID
     * @param environment Environment name (e.g., "production", "staging")
     * @return The created or updated Tunnel entity
     * @throws ExternalServiceException if Cloudflare API returns an error
     * @throws NoSuchElementException if the tunnel doesn't exist in Cloudflare
     */
    public Tunnel createOrUpdateTunnel(String tunnelId, String environment) throws ExternalServiceException, NoSuchElementException  {
        ResponseEntity<TunnelsResponse> responseEntity = getCloudflareTunnels();
@ -172,25 +92,10 @@ public class CloudflareAPIService {
        return toBeConfigured;
    }
    /**
     * Retrieves all tunnels that have been locally configured.
     * 
     * @return List of locally configured tunnels
     */
    public List<Tunnel> getAllConfiguredTunnels() {
        return tunnelRepository.findAll();
    }
    /**
     * Adds an ingress mapping to an existing tunnel.
     * 
     * <p>The new ingress is inserted at the second-to-last position in the
     * ingress list (Cloudflare requires a catch-all rule at the end).</p>
     * 
     * @param tunnelId The Cloudflare tunnel ID
     * @param ingress  The ingress configuration to add
     * @return Response with the updated tunnel configuration
     */
    public ResponseEntity<TunnelResponse> addTunnelIngress(String tunnelId, Ingress ingress) {
        ResponseEntity<TunnelResponse> currentConfig = getCloudflareTunnelConfigurations(tunnelId, restTemplate, TunnelResponse.class);
@ -200,4 +105,4 @@ public class CloudflareAPIService {
        return putCloudflareTunnelConfigurations(tunnelId, restTemplate, TunnelResponse.class, config);
    }
-}
+}