Update prod JPA config

This reverts commit 3fcea268a9.

.gitea/workflows/test_image_build_push.yml

@@ -64,23 +64,4 @@ jobs:
         run: |
           docker push 192.168.0.100:8928/hithomelabs/cftunnels:test
           docker push 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
-  sync_forks:
+  
-    name: Sync All Forks
-    runs-on: ubuntu-latest
-    needs: build_tag_push
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v4
-      - name: Sync all forks via Gitea API
-        run: |
-          echo "Fetching forks for Hithomelabs/CFTunnels..."
-          response=$(curl -s -X GET "https://gitea.hithomelabs.com/api/v1/repos/Hithomelabs/CFTunnels/forks" -H "Authorization: token ${{secrets.TOKEN}}")
-          filtered=$(echo "$response" | grep -o '"clone_url":"[^"]*"' | sed 's/"clone_url":"\([^"]*\)"/\1/' | grep -v "/Hithomelabs")
-          echo "Detected forks:"
-          echo "$filtered"
-          readarray -t forks <<< "$filtered"
-          for fork_url in "${forks[@]}"; do
-            echo "🔄 Syncing fork: $fork_url"
-            authed_url=$(echo "$fork_url" | sed "s#https://#https://${{secrets.TOKEN}}@#")
-            git push "$authed_url" test &
-          done

CFTunnels/Get tunnels.bru

@@ -1,11 +0,0 @@
-meta {
-  name: Get tunnels
-  type: http
-  seq: 4
-}
-
-get {
-  url: {{base_url}}/cloudflare/tunnels
-  body: none
-  auth: none
-}

CFTunnels/Tunnel.bru

@@ -1,11 +0,0 @@
-meta {
-  name: Tunnel
-  type: http
-  seq: 5
-}
-
-get {
-  url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}
-  body: none
-  auth: none
-}

CFTunnels/Write ingress.bru

@@ -1,19 +0,0 @@
-meta {
-  name: Write ingress
-  type: http
-  seq: 2
-}
-
-put {
-  url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}/add
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-    "service": "http://192.168.0.100:3457",
-    "hostname": "random.hithomelabs.com",
-    "originRequest": {}
-  }
-}

CFTunnels/bruno.json

@@ -1,9 +0,0 @@
-{
-  "version": "1",
-  "name": "CFTunnels",
-  "type": "collection",
-  "ignore": [
-    "node_modules",
-    ".git"
-  ]
-}

CFTunnels/delete mapping.bru

@@ -1,19 +0,0 @@
-meta {
-  name: delete mapping
-  type: http
-  seq: 3
-}
-
-put {
-  url: {{base_url}}/cloudflare/tunnel/{{tunnel_id}}/delete
-  body: json
-  auth: none
-}
-
-body:json {
-  {
-    "service": "http://192.168.0.100:6000",
-    "hostname": "random.hithomelabs.com",
-    "originRequest": {}
-  }
-}

CFTunnels/environments/CFTunnels Local.bru

@@ -1,4 +0,0 @@
-vars {
-  tunnel_id: 50df9101-f625-4618-b7c5-100338a57124
-  base_url: http://localhost:8080
-}

CFTunnels/environments/CFTunnels.bru

@@ -1,4 +0,0 @@
-vars {
-  tunnel_id: 50df9101-f625-4618-b7c5-100338a57124
-  base_url: https://testcf.hithomelabs.com
-}

build.gradle

@@ -14,7 +14,7 @@ java {
 }
 
 test {
-	systemProperty 'spring.profiles.active', 'test'
+	systemProperty 'spring.profiles.active', 'ci'
 	useJUnitPlatform {
 		excludeTags 'integration'
 	}
@@ -54,6 +54,7 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 	runtimeOnly 'org.postgresql:postgresql'
 	implementation 'org.hibernate.validator:hibernate-validator'
+    runtimeOnly 'com.h2database:h2'
 }
 
 tasks.named('test') {

docker-compose.yaml

@@ -14,6 +14,7 @@ services:
       - HOST_PORT=${HOST_PORT}
       - POSTGRES_USER=${POSTGRES_USERNAME}
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - SWAGGER_OAUTH_CLIENT_ID=${SWAGGER_OAUTH_CLIENT_ID}
     env_file:
       - stack.env
     restart: unless-stopped

src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java

@@ -1,6 +1,8 @@
 package com.hithomelabs.CFTunnels.Config;
 
+import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.security.*;
 import io.swagger.v3.oas.models.servers.Server;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
@@ -16,13 +18,37 @@ public class OpenApiConfig {
     @Value("${api.baseUrl}")
     private String baseUrl;
 
+    @Value("${springdoc.swagger-ui.oauth.authorization-url}")
+    private String authorizationUri;
+
+    @Value("${springdoc.swagger-ui.oauth.token-url}")
+    private String tokenUri;
+
     @Bean
-    public OpenAPI openAPI(){
+    public OpenAPI openAPI() {
         Server httpsServer = new Server().url(baseUrl);
         OpenAPI openApi = new OpenAPI();
         ArrayList<Server> servers = new ArrayList<>();
         servers.add(httpsServer);
         openApi.setServers(servers);
+        openApi.addSecurityItem(new SecurityRequirement().addList("oidcAuth"))
+                .components(new Components()
+                        .addSecuritySchemes("oidcAuth",
+                                new SecurityScheme()
+                                        .type(SecurityScheme.Type.OAUTH2)
+                                        .flows(new OAuthFlows()
+                                                .authorizationCode(new OAuthFlow()
+                                                        .authorizationUrl(authorizationUri)
+                                                        .tokenUrl(tokenUri)
+                                                        .scopes(new Scopes()
+                                                                .addString("openid", "OpenID scope")
+                                                                .addString("profile", "OpenID profile")
+                                                                .addString("email", "OpenID email"))
+                                                )
+                                        )
+                        )
+                )
+                .addSecurityItem(new SecurityRequirement().addList("oidcAuth"));
         return openApi;
     }
 }

src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java

@@ -28,6 +28,7 @@ public class SecuirtyConfig {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
                 .authorizeHttpRequests(auth -> auth
+                        //.requestMatchers( "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html" ).permitAll()
                         .anyRequest().authenticated()
                 ).csrf(csrf -> csrf.disable())
                 .with(new OAuth2LoginConfigurer<>(),

src/main/java/com/hithomelabs/CFTunnels/Controllers/HomeController.java

@@ -1,32 +0,0 @@
-package com.hithomelabs.CFTunnels.Controllers;
-
-
-import org.springframework.boot.web.servlet.error.ErrorController;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-
-@Controller
-public class HomeController implements ErrorController {
-
-    private static final String ERROR_PATH = "/error";
-
-    /**
-     * Redirects the root (including any query params like ?continue=…)
-     * straight into Swagger UI.
-     */
-    @GetMapping("/")
-    public String rootRedirect() {
-        return "redirect:/swagger-ui/index.html";
-    }
-
-    /**
-     * Catches any errors (404s, unhandled paths) and punts them
-     * into the same Swagger UI page.
-     */
-    @RequestMapping(ERROR_PATH)
-    public String onError() {
-        return "redirect:/swagger-ui/index.html";
-    }
-
-}

src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java

@@ -4,13 +4,24 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import com.hithomelabs.CFTunnels.Config.AuthoritiesToGroupMapping;
 import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
 import com.hithomelabs.CFTunnels.Config.RestTemplateConfig;
+import com.hithomelabs.CFTunnels.Entity.Request;
+import com.hithomelabs.CFTunnels.Entity.Tunnel;
+import com.hithomelabs.CFTunnels.Entity.User;
 import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
 import com.hithomelabs.CFTunnels.Models.Config;
 import com.hithomelabs.CFTunnels.Models.Ingress;
 import com.hithomelabs.CFTunnels.Models.TunnelResponse;
+import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
+import com.hithomelabs.CFTunnels.Repositories.UserRepository;
 import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
+import com.hithomelabs.CFTunnels.Services.MappingRequestService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.servlet.error.ErrorController;
+import org.springframework.dao.DataAccessException;
+import org.springframework.http.*;
 import org.springframework.http.*;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.GrantedAuthority;
@@ -22,6 +33,8 @@ import org.springframework.web.client.RestTemplate;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.NoSuchElementException;
+import java.util.UUID;
 
 @RestController
 @RequestMapping("/cloudflare")
@@ -44,6 +57,15 @@ public class TunnelController implements ErrorController {
     @Autowired
     CloudflareAPIService cloudflareAPIService;
 
+    @Autowired
+    MappingRequestService mappingRequestService;
+
+    @Autowired
+    private UserRepository userRepository;
+
+    @Value("${spring.profiles.active}")
+    private String environment;
+
     @PreAuthorize("hasAnyRole('USER')")
     @GetMapping("/whoami")
     public Map<String,Object> whoAmI(@AuthenticationPrincipal OidcUser oidcUser) {
@@ -59,9 +81,10 @@ public class TunnelController implements ErrorController {
 
     @PreAuthorize("hasAnyRole('USER')")
     @GetMapping("/tunnels")
+    @Operation( security = { @SecurityRequirement(name = "oidcAuth") } )
     public ResponseEntity<Map<String,Object>> getTunnels(){
 
-        ResponseEntity<Map> responseEntity = cloudflareAPIService.getCloudflareTunnels();
+        ResponseEntity<TunnelsResponse> responseEntity = cloudflareAPIService.getCloudflareTunnels();
         Map<String, Object> jsonResponse = new HashMap<>();
         jsonResponse.put("status", "success");
         jsonResponse.put("data", responseEntity.getBody());
@@ -69,8 +92,36 @@ public class TunnelController implements ErrorController {
         return ResponseEntity.ok(jsonResponse);
     }
 
+    @PreAuthorize("hasAnyRole('USER')")
+    @GetMapping("/configured/tunnels")
+    public ResponseEntity<Map<String,Object>> getConfiguredTunnels(){
+        try {
+            List<Tunnel> tunnels = cloudflareAPIService.getAllConfiguredTunnels();
+            Map<String, Object> jsonResponse = new HashMap<>();
+            jsonResponse.put("status", "success");
+            jsonResponse.put("data", tunnels);
+            return ResponseEntity.ok(jsonResponse);
+        } catch (DataAccessException e) {
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
+        }
+    }
+
+    @PreAuthorize("hasAnyRole('USER')")
+    @GetMapping("/requests")
+    public ResponseEntity<Map<String,Object>> getAllRequests() {
+        try {
+            List<Request> requests = mappingRequestService.getAllRequests();
+            Map<String, Object> jsonResponse = new HashMap<>();
+            jsonResponse.put("status", "success");
+            jsonResponse.put("data", requests);
+            return ResponseEntity.ok(jsonResponse);
+        } catch (DataAccessException e) {
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
+        }
+    }
+
     @PreAuthorize("hasAnyRole('DEVELOPER')")
-    @GetMapping("/tunnel/{tunnelId}")
+    @GetMapping("/tunnels/{tunnelId}/mappings")
     public ResponseEntity<Map<String,Object>> getTunnelConfigurations(@PathVariable String tunnelId) {
 
         ResponseEntity<Map> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplate, Map.class);
@@ -83,7 +134,7 @@ public class TunnelController implements ErrorController {
 
     // 50df9101-f625-4618-b7c5-100338a57124
     @PreAuthorize("hasAnyRole('ADMIN')")
-    @PutMapping("/tunnel/{tunnelId}/add")
+    @PostMapping("/tunnels/{tunnelId}/mappings")
     public ResponseEntity<Map<String, Object>> addTunnelconfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
 
         ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
@@ -105,7 +156,7 @@ public class TunnelController implements ErrorController {
     }
 
     @PreAuthorize("hasAnyRole('DEVELOPER')")
-    @PutMapping("/tunnel/{tunnelId}/delete")
+    @DeleteMapping("/tunnels/{tunnelId}/mappings")
     public ResponseEntity<Map<String, Object>> deleteTunnelConfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
 
         ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class);
@@ -132,4 +183,70 @@ public class TunnelController implements ErrorController {
 
         return ResponseEntity.ok(jsonResponse);
     }
+
+    @PreAuthorize("hasAnyRole('DEVELOPER')")
+    @PostMapping("/tunnels/configure/{tunnelId}/requests")
+    public ResponseEntity<Request> createTunnelMappingRequest(@PathVariable String tunnelId, @AuthenticationPrincipal OidcUser oidcUser, @RequestBody Ingress ingess){
+        Request request = mappingRequestService.createMappingRequest(tunnelId, ingess, oidcUser);
+        if(request.getId() != null)
+            return ResponseEntity.status(HttpStatus.CREATED).body(request);
+        return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
+    }
+
+    @PreAuthorize("hasAnyRole('APPROVER')")
+    @PutMapping("/requests/{requestId}/approve")
+    public ResponseEntity<Request> approveMappingRequest(@PathVariable UUID requestId, @AuthenticationPrincipal OidcUser oidcUser) {
+        try {
+            User approver = userRepository.findByEmail(oidcUser.getEmail())
+                    .orElseThrow(() -> new RuntimeException("Approver not found"));
+            Request request = mappingRequestService.approveRequest(requestId, approver);
+            return ResponseEntity.ok(request);
+        } catch (NoSuchElementException e) {
+            return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
+        } catch (IllegalStateException e) {
+            return ResponseEntity.status(HttpStatus.CONFLICT).build();
+        } catch (RuntimeException e) {
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
+        }
+    }
+
+    @PreAuthorize("hasAnyRole('APPROVER')")
+    @PutMapping("/requests/{requestId}/reject")
+    public ResponseEntity<Request> rejectMappingRequest(@PathVariable UUID requestId, @AuthenticationPrincipal OidcUser oidcUser) {
+        try {
+            User rejecter = userRepository.findByEmail(oidcUser.getEmail())
+                    .orElseThrow(() -> new RuntimeException("Rejecter not found"));
+            Request request = mappingRequestService.rejectRequest(requestId, rejecter);
+            return ResponseEntity.ok(request);
+        } catch (NoSuchElementException e) {
+            return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
+        } catch (IllegalStateException e) {
+            return ResponseEntity.status(HttpStatus.CONFLICT).build();
+        } catch (RuntimeException e) {
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
+        }
+    }
+
+    @PreAuthorize("hasAnyRole('ADMIN')")
+    @PutMapping("/tunnels/configure/{tunnelId}")
+    public ResponseEntity<Tunnel> configureTunnelForEnvironment(@PathVariable String tunnelId, @AuthenticationPrincipal OidcUser user) {
+        /*
+         *  * Returns 200 if an object is created or updated with a new representation of the object
+         *  * Returns 204 if the object state did not need any changing.
+         *  * Returns 404 if the tunnelId is not valid
+         */
+
+        try {
+            Tunnel tunnel = cloudflareAPIService.createOrUpdateTunnel(tunnelId, environment);
+            if (tunnel == null)
+                return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
+            else
+                return ResponseEntity.ok(tunnel);
+        } catch (NoSuchElementException e) {
+            return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
+        } catch (RuntimeException e) {
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
+        }
+    }
+
 }

src/main/java/com/hithomelabs/CFTunnels/Entity/Mapping.java

@@ -0,0 +1,38 @@
+package com.hithomelabs.CFTunnels.Entity;
+
+import jakarta.persistence.*;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+
+import java.util.UUID;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+@Table(name = "mappings")
+public class Mapping {
+
+    @Id
+    @GeneratedValue
+    @Column(columnDefinition = "uuid", nullable = false, unique = true)
+    private UUID id;
+
+    @Column(nullable = false)
+    private int port;
+
+    @Enumerated(EnumType.STRING)
+    @Column(length = 10, nullable = false)
+    private Protocol protocol;
+
+    @Column(length = 50, nullable = false)
+    private String subdomain;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "tunnel_id", nullable = false)
+    private Tunnel tunnel;
+}

src/main/java/com/hithomelabs/CFTunnels/Entity/Protocol.java

@@ -0,0 +1,8 @@
+package com.hithomelabs.CFTunnels.Entity;
+
+public enum Protocol {
+    HTTP,
+    HTTPS,
+    TCP,
+    SSH
+}

src/main/java/com/hithomelabs/CFTunnels/Entity/Request.java

@@ -0,0 +1,45 @@
+package com.hithomelabs.CFTunnels.Entity;
+
+import jakarta.persistence.*;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.util.UUID;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+@Table(name = "requests")
+public class Request {
+
+    @Id
+    @GeneratedValue
+    @Column(columnDefinition = "uuid", unique = true, nullable = false)
+    private UUID id;
+
+    @OneToOne
+    @JoinColumn(name = "mapping_id", unique = true, nullable = false)
+    private Mapping mapping;
+
+    @ManyToOne
+    @JoinColumn(name = "created_by", nullable = false)
+    private User createdBy;
+
+    @ManyToOne
+    @JoinColumn(name = "accepted_by")
+    private User acceptedBy;
+
+    public enum RequestStatus {
+        PENDING,
+        APPROVED,
+        REJECTED
+    }
+
+    @Enumerated(EnumType.STRING)
+    @Column(length = 10, nullable = false)
+    private RequestStatus status;
+}

src/main/java/com/hithomelabs/CFTunnels/Entity/Tunnel.java

@@ -0,0 +1,28 @@
+package com.hithomelabs.CFTunnels.Entity;
+
+import jakarta.persistence.*;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.util.UUID;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+@Table(name="tunnels")
+public class Tunnel {
+
+    @Id
+    @Column(columnDefinition = "uuid", insertable = false, updatable = false, nullable = false)
+    private UUID id;
+
+    @Column(length = 10, unique = true, nullable = false)
+    private String environment;
+
+    @Column(length = 50, unique = true, nullable = false)
+    private String name;
+}

src/main/java/com/hithomelabs/CFTunnels/Entity/User.java

@@ -0,0 +1,30 @@
+package com.hithomelabs.CFTunnels.Entity;
+import jakarta.persistence.*;
+import jakarta.validation.constraints.Size;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.util.UUID;
+
+@Entity
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+@Table(name = "users")
+public class User {
+    @Id
+    @GeneratedValue
+    @Column(columnDefinition = "uuid", insertable = false, updatable = false, nullable = false)
+    private UUID id;
+
+    @Column(length = 50, nullable = false)
+    @Size(max = 50)
+    private String name;
+
+    @Column(length = 50, nullable = false)
+    @Size(max = 50)
+    private String email;
+}

src/main/java/com/hithomelabs/CFTunnels/Exceptions/ExternalServiceException.java

@@ -0,0 +1,5 @@
+package com.hithomelabs.CFTunnels.Exceptions;
+
+public class ExternalServiceException extends RuntimeException {
+    public ExternalServiceException(String message) { super(message); }
+}

src/main/java/com/hithomelabs/CFTunnels/Models/TunnelResult.java

@@ -0,0 +1,19 @@
+package com.hithomelabs.CFTunnels.Models;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+public class TunnelResult {
+
+    private String id;
+
+    private String name;
+}

src/main/java/com/hithomelabs/CFTunnels/Models/TunnelsResponse.java

@@ -0,0 +1,28 @@
+package com.hithomelabs.CFTunnels.Models;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.util.List;
+import java.util.Map;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+public class TunnelsResponse {
+
+    private List<TunnelResult> result;
+
+    private List<Map<String, Object>> errors;
+
+    private List<Map<String, Object>> messages;
+
+    private Boolean success;
+
+
+}

src/main/java/com/hithomelabs/CFTunnels/Repositories/MappingRepository.java

@@ -0,0 +1,11 @@
+package com.hithomelabs.CFTunnels.Repositories;
+
+import com.hithomelabs.CFTunnels.Entity.Mapping;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.UUID;
+
+@Repository
+public interface MappingRepository extends JpaRepository<Mapping, UUID> {
+}

src/main/java/com/hithomelabs/CFTunnels/Repositories/RequestRepository.java

@@ -0,0 +1,24 @@
+package com.hithomelabs.CFTunnels.Repositories;
+
+import com.hithomelabs.CFTunnels.Entity.Request;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.Pageable;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+
+@Repository
+public interface RequestRepository extends JpaRepository<Request, UUID> {
+    Page<Request> findByStatus(Request.RequestStatus status, Pageable pageable);
+
+    @Query("SELECT r FROM Request r JOIN FETCH r.mapping m JOIN FETCH m.tunnel JOIN FETCH r.createdBy LEFT JOIN FETCH r.acceptedBy")
+    List<Request> findAllWithDetails();
+
+    @Query("SELECT r FROM Request r JOIN FETCH r.mapping m JOIN FETCH m.tunnel JOIN FETCH r.createdBy LEFT JOIN FETCH r.acceptedBy WHERE r.id = :id")
+    Optional<Request> findByIdWithDetails(@Param("id") UUID id);
+}

src/main/java/com/hithomelabs/CFTunnels/Repositories/TunnelRepository.java

@@ -0,0 +1,12 @@
+package com.hithomelabs.CFTunnels.Repositories;
+
+import com.hithomelabs.CFTunnels.Entity.Tunnel;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.Optional;
+import java.util.UUID;
+
+@Repository
+public interface TunnelRepository extends JpaRepository<Tunnel, UUID> {
+}

src/main/java/com/hithomelabs/CFTunnels/Repositories/UserRepository.java

@@ -0,0 +1,14 @@
+package com.hithomelabs.CFTunnels.Repositories;
+
+import com.hithomelabs.CFTunnels.Entity.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.Optional;
+import java.util.UUID;
+
+@Repository
+public interface UserRepository extends JpaRepository<User, UUID> {
+
+    Optional<User> findByEmail(String email);
+}

src/main/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIService.java

@@ -1,14 +1,26 @@
 package com.hithomelabs.CFTunnels.Services;
 
 import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
+import com.hithomelabs.CFTunnels.Entity.Tunnel;
+import com.hithomelabs.CFTunnels.Exceptions.ExternalServiceException;
 import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
 import com.hithomelabs.CFTunnels.Models.Config;
+import com.hithomelabs.CFTunnels.Models.Ingress;
+import com.hithomelabs.CFTunnels.Models.TunnelResponse;
+import com.hithomelabs.CFTunnels.Models.TunnelResult;
+import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
+import com.hithomelabs.CFTunnels.Repositories.TunnelRepository;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.dao.DataAccessException;
 import org.springframework.http.*;
 import org.springframework.stereotype.Service;
 import org.springframework.web.client.RestTemplate;
 
+import java.util.List;
 import java.util.Map;
+import java.util.NoSuchElementException;
+import java.util.Optional;
+import java.util.UUID;
 
 @Service
 public class CloudflareAPIService {
@@ -22,13 +34,15 @@ public class CloudflareAPIService {
     @Autowired
     RestTemplate restTemplate;
 
-    public ResponseEntity<Map> getCloudflareTunnels() {
+    @Autowired
+    TunnelRepository tunnelRepository;
+
+    public ResponseEntity<TunnelsResponse> getCloudflareTunnels() {
 
-        // * * Resource URL to hit get request at
         String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel";
 
         HttpEntity<String> httpEntity = new HttpEntity<>("", authKeyEmailHeader.getHttpHeaders());
-        ResponseEntity<Map> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, Map.class);
+        ResponseEntity<TunnelsResponse> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, TunnelsResponse.class);
         return responseEntity;
     }
 
@@ -54,8 +68,41 @@ public class CloudflareAPIService {
         return responseEntity;
     }
 
+    private Tunnel getTunnelFromTunnelResponse(TunnelResult tunnelResult, String env){
+        return new Tunnel(UUID.fromString(tunnelResult.getId()), env, tunnelResult.getName());
+    }
 
+    public Tunnel createOrUpdateTunnel(String tunnelId, String environment) throws ExternalServiceException, NoSuchElementException  {
 
+        ResponseEntity<TunnelsResponse> responseEntity = getCloudflareTunnels();
 
+        if (responseEntity.getStatusCode().isError())
+            throw new ExternalServiceException("Cloudflare API error: " + responseEntity.getStatusCode());
 
+        TunnelResult tunnelResult = responseEntity.getBody().getResult().stream().filter(t -> t.getId().equals(tunnelId)).findFirst().orElse(null);
+        if (tunnelResult == null)
+            throw new NoSuchElementException();
+
+        Tunnel toBeConfigured = getTunnelFromTunnelResponse(tunnelResult, environment);
+        Tunnel fromDatabase = tunnelRepository.findById(UUID.fromString(tunnelId)).orElse(null);
+
+        if (fromDatabase != null)
+            tunnelRepository.deleteById(UUID.fromString(tunnelId));
+        tunnelRepository.save(toBeConfigured);
+        return toBeConfigured;
+    }
+
+    public List<Tunnel> getAllConfiguredTunnels() {
+        return tunnelRepository.findAll();
+    }
+
+    public ResponseEntity<TunnelResponse> addTunnelIngress(String tunnelId, Ingress ingress) {
+        ResponseEntity<TunnelResponse> currentConfig = getCloudflareTunnelConfigurations(tunnelId, restTemplate, TunnelResponse.class);
+        
+        Config config = currentConfig.getBody().getResult().getConfig();
+        List<Ingress> ingressList = config.getIngress();
+        ingressList.add(ingressList.size() - 1, ingress);
+        
+        return putCloudflareTunnelConfigurations(tunnelId, restTemplate, TunnelResponse.class, config);
+    }
 }

src/main/java/com/hithomelabs/CFTunnels/Services/MappingRequestService.java

@@ -0,0 +1,152 @@
+package com.hithomelabs.CFTunnels.Services;
+
+import com.hithomelabs.CFTunnels.Entity.Mapping;
+import com.hithomelabs.CFTunnels.Entity.Protocol;
+import com.hithomelabs.CFTunnels.Entity.Request;
+import com.hithomelabs.CFTunnels.Entity.Tunnel;
+import com.hithomelabs.CFTunnels.Entity.User;
+import com.hithomelabs.CFTunnels.Models.Ingress;
+import com.hithomelabs.CFTunnels.Repositories.MappingRepository;
+import com.hithomelabs.CFTunnels.Repositories.RequestRepository;
+import com.hithomelabs.CFTunnels.Repositories.TunnelRepository;
+import com.hithomelabs.CFTunnels.Repositories.UserRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.List;
+import java.util.Map;
+import java.util.NoSuchElementException;
+import java.util.UUID;
+
+@Service
+public class MappingRequestService {
+
+    @Autowired
+    UserRepository userRepository;
+
+    @Autowired
+    MappingRepository mappingRepository;
+
+    @Autowired
+    RequestRepository requestRepository;
+
+    @Autowired
+    TunnelRepository tunnelRepository;
+
+    @Autowired
+    CloudflareAPIService cloudflareAPIService;
+
+    public Mapping createMapping(UUID tunnelId, Ingress ingress){
+        Tunnel tunnel = tunnelRepository.findById(tunnelId).orElseThrow(() -> new RuntimeException("Tunnel not found"));
+        Mapping mapping = createMappingFromTunnelIngress(tunnel, ingress);
+        return mappingRepository.save(mapping);
+    }
+
+    public Request createRequest(Mapping mapping, User user){
+        Request request = new Request();
+        request.setMapping(mapping);
+        request.setCreatedBy(user);
+        request.setStatus(Request.RequestStatus.PENDING);
+        return requestRepository.save(request);
+    }
+
+    public Request createMappingRequest(String tunnelId, Ingress ingress, OidcUser oidcUser){
+        User user = userRepository.findByEmail(oidcUser.getEmail()).orElseGet(()-> mapUser(oidcUser));
+        Mapping mapping = createMapping(UUID.fromString(tunnelId), ingress);
+        return createRequest(mapping, user);
+    }
+
+    @Transactional(readOnly = true)
+    public List<Request> getAllRequests() {
+        return requestRepository.findAllWithDetails();
+    }
+
+    public User mapUser(OidcUser oidcUser){
+        String email = oidcUser.getEmail();
+        String name = oidcUser.getNickName();
+        User user = new User();
+        user.setEmail(email);
+        user.setName(name);
+        userRepository.save(user);
+        return user;
+    }
+
+    public Mapping createMappingFromTunnelIngress(Tunnel tunnel, Ingress ingress){
+        Mapping mapping = new Mapping();
+        mapping.setTunnel(tunnel);
+        
+        String serviceString = ingress.getService().toLowerCase();
+        Protocol protocol = parseProtocol(serviceString);
+        mapping.setProtocol(protocol);
+        
+        mapping.setPort(Integer.parseInt(ingress.getService().split(":")[2]));
+        mapping.setSubdomain(ingress.getHostname().split("\\.")[0]);
+        return mapping;
+    }
+
+    private Protocol parseProtocol(String serviceString) {
+        if (serviceString.startsWith("https://")) {
+            return Protocol.HTTPS;
+        } else if (serviceString.startsWith("tcp://")) {
+            return Protocol.TCP;
+        } else if (serviceString.startsWith("ssh://")) {
+            return Protocol.SSH;
+        }
+        return Protocol.HTTP;
+    }
+
+    @Transactional
+    public Request approveRequest(UUID requestId, User approver) {
+        Request request = requestRepository.findByIdWithDetails(requestId)
+                .orElseThrow(() -> new NoSuchElementException("Request not found"));
+
+        if (request.getStatus() != Request.RequestStatus.PENDING) {
+            throw new IllegalStateException("Request is not in PENDING status");
+        }
+
+        Mapping mapping = request.getMapping();
+        Tunnel tunnel = mapping.getTunnel();
+        
+        Ingress ingress = createIngressFromMapping(mapping);
+        
+        ResponseEntity<?> response = cloudflareAPIService.addTunnelIngress(
+                tunnel.getId().toString(), 
+                ingress
+        );
+
+        if (!response.getStatusCode().is2xxSuccessful()) {
+            throw new RuntimeException("Failed to add mapping to Cloudflare");
+        }
+
+        request.setStatus(Request.RequestStatus.APPROVED);
+        request.setAcceptedBy(approver);
+        return requestRepository.save(request);
+    }
+
+    @Transactional
+    public Request rejectRequest(UUID requestId, User rejecter) {
+        Request request = requestRepository.findByIdWithDetails(requestId)
+                .orElseThrow(() -> new NoSuchElementException("Request not found"));
+
+        if (request.getStatus() != Request.RequestStatus.PENDING) {
+            throw new IllegalStateException("Request is not in PENDING status");
+        }
+
+        request.setStatus(Request.RequestStatus.REJECTED);
+        request.setAcceptedBy(rejecter);
+        return requestRepository.save(request);
+    }
+
+    private static final String SERVER_IP = "192.168.0.100";
+
+    private Ingress createIngressFromMapping(Mapping mapping) {
+        Tunnel tunnel = mapping.getTunnel();
+        String protocol = mapping.getProtocol().name().toLowerCase();
+        String service = protocol + "://" + SERVER_IP + ":" + mapping.getPort();
+        String hostname = mapping.getSubdomain() + ".hithomelabs.com";
+        return new Ingress(service, hostname, null, null);
+    }
+}

src/main/resources/application-ci.properties

@@ -0,0 +1,7 @@
+api.baseUrl=https://testcf.hithomelabs.com
+
+spring.datasource.url=jdbc:h2:mem:testdb
+spring.datasource.driver-class-name=org.h2.Driver
+spring.datasource.username=sa
+spring.datasource.password=
+spring.jpa.hibernate.ddl-auto=none

src/main/resources/application-integration.properties

@@ -1,3 +1,9 @@
 cloudflare.accountId=${CLOUDFLARE_ACCOUNT_ID}
 cloudflare.apiKey=${CLOUDFLARE_API_KEY}
 cloudflare.email=${CLOUDFLARE_EMAIL}
+
+spring.datasource.url=jdbc:h2:mem:testdb
+spring.datasource.driver-class-name=org.h2.Driver
+spring.datasource.username=sa
+spring.datasource.password=
+spring.jpa.hibernate.ddl-auto=none

src/main/resources/application-local.properties

@@ -7,4 +7,6 @@ management.endpoint.health.show-details=always
 logging.level.org.hibernate.SQL=DEBUG
 debug=true
 
+spring.jpa.hibernate.ddl-auto=update
+spring.jpa.show-sql=true
 spring.datasource.url=jdbc:postgresql://localhost:5432/cftunnel

src/main/resources/application-prod.properties

@@ -1 +1,12 @@
 api.baseUrl=https://cftunnels.hithomelabs.com
+
+# Production Database Configuration
+spring.datasource.url=jdbc:postgresql://postgres:5432/cftunnel
+spring.datasource.username=${POSTGRES_USERNAME}
+spring.datasource.password=${POSTGRES_PASSWORD}
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# JPA Configuration
+spring.jpa.hibernate.ddl-auto=create-drop
+spring.jpa.show-sql=false
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect

src/main/resources/application-test.properties

@@ -1 +1,12 @@
 api.baseUrl=https://testcf.hithomelabs.com
+
+# Test Database Configuration - Same as Production
+spring.datasource.url=jdbc:postgresql://postgres:5432/cftunnel
+spring.datasource.username=${POSTGRES_USERNAME}
+spring.datasource.password=${POSTGRES_PASSWORD}
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# JPA Configuration
+spring.jpa.hibernate.ddl-auto=update
+spring.jpa.show-sql=true
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect

src/main/resources/application.properties

@@ -18,6 +18,13 @@ spring.security.oauth2.client.provider.cftunnels.user-info-uri=https://auth.hith
 spring.security.oauth2.client.provider.cftunnels.jwk-set-uri=https://auth.hithomelabs.com/application/o/cftunnels/jwks/
 spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels/
 
+springdoc.swagger-ui.oauth.client-id=${SWAGGER_OAUTH_CLIENT_ID}
+springdoc.swagger-ui.oauth.client-secret= # leave empty for public client
+springdoc.swagger-ui.oauth.use-pkce=true
+springdoc.swagger-ui.oauth.scopes=openid,profile,email
+springdoc.swagger-ui.oauth.authorization-url=https://auth.hithomelabs.com/application/o/authorize/
+springdoc.swagger-ui.oauth.token-url=https://auth.hithomelabs.com/application/o/token/
+
 spring.datasource.url=jdbc:postgresql://192.168.0.100:5432/cftunnel
 spring.datasource.username=${POSTGRES_USERNAME}
 spring.datasource.password=${POSTGRES_PASSWORD}

src/main/resources/schema.sql

@@ -1,37 +1,29 @@
--- schema.sql
+CREATE EXTENSION IF NOT EXISTS "pgcrypto";
 
--- Roles table
-CREATE TABLE IF NOT EXISTS roles (
-    role_id SERIAL PRIMARY KEY,
-    role_name VARCHAR(50) UNIQUE NOT NULL
-);
-
--- Users table
-CREATE TABLE IF NOT EXISTS users (
-    user_id SERIAL PRIMARY KEY,
-    user_name VARCHAR(100) NOT NULL,
-    password VARCHAR(255) NOT NULL
-);
-
--- User-Role Mapping table (many-to-many relationship)
-CREATE TABLE IF NOT EXISTS user_role_mapping (
-    mapping_id SERIAL PRIMARY KEY,
-    user_id INTEGER NOT NULL REFERENCES users(user_id) ON DELETE CASCADE,
-    role_id INTEGER NOT NULL REFERENCES roles(role_id) ON DELETE CASCADE
-);
-
--- Tunnels table
 CREATE TABLE IF NOT EXISTS tunnels (
-    tunnel_id SERIAL PRIMARY KEY,
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    tunnel_name VARCHAR(100) NOT NULL,
+    environment VARCHAR(10) NOT NULL,
-    tunnel_type VARCHAR(50) NOT NULL
+    cf_tunnel_id UUID UNIQUE NOT NULL
 );
 
--- Mapping Requests table
+CREATE TABLE IF NOT EXISTS users (
-CREATE TABLE IF NOT EXISTS mapping_requests (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-    request_id SERIAL PRIMARY KEY,
+    name VARCHAR(50) NOT NULL
-    request_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+);
-    status VARCHAR(20) NOT NULL,
+
-    user_id INTEGER REFERENCES users(user_id) ON DELETE SET NULL,
+CREATE TABLE IF NOT EXISTS mappings (
-    tunnel_id INTEGER REFERENCES tunnels(tunnel_id) ON DELETE SET NULL
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tunnel_id UUID NOT NULL REFERENCES tunnels(id) ON DELETE CASCADE,
+    port INT NOT NULL,
+    subdomain VARCHAR(50) NOT NULL
+--    UNIQUE (tunnel_id, port),
+--    UNIQUE (tunnel_id, subdomain)
+);
+
+CREATE TABLE IF NOT EXISTS requests (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    mapping_id UUID NOT NULL REFERENCES mappings(id) ON DELETE CASCADE,
+    created_by UUID NOT NULL REFERENCES users(id) ON DELETE RESTRICT,
+    accepted_by UUID REFERENCES users(id) ON DELETE SET NULL,
+    status VARCHAR(20) NOT NULL CHECK (status IN ('PENDING', 'APPROVED', 'REJECTED'))
 );

src/test/java/com/hithomelabs/CFTunnels/Controllers/TunnelControllerTest.java

@@ -5,11 +5,17 @@ import com.hithomelabs.CFTunnels.Config.AuthoritiesToGroupMapping;
 import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
 import com.hithomelabs.CFTunnels.Config.RestTemplateConfig;
 import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
+import com.hithomelabs.CFTunnels.Entity.Request;
+import com.hithomelabs.CFTunnels.Entity.Tunnel;
 import com.hithomelabs.CFTunnels.Models.Authorities;
 import com.hithomelabs.CFTunnels.Models.Config;
 import com.hithomelabs.CFTunnels.Models.Groups;
 import com.hithomelabs.CFTunnels.Models.TunnelResponse;
+import com.hithomelabs.CFTunnels.Models.TunnelResult;
+import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
+import com.hithomelabs.CFTunnels.Repositories.UserRepository;
 import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
+import com.hithomelabs.CFTunnels.Services.MappingRequestService;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -28,6 +34,10 @@ import java.io.IOException;
 import java.time.Instant;
 import java.util.*;
 
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.PageImpl;
+import org.springframework.data.domain.PageRequest;
+
 import static com.hithomelabs.CFTunnels.TestUtils.Util.getClassPathDataResource;
 import static org.hamcrest.core.IsIterableContaining.hasItem;
 import static org.mockito.ArgumentMatchers.any;
@@ -35,8 +45,7 @@ import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 import static org.hamcrest.Matchers.not;
@@ -66,6 +75,12 @@ class TunnelControllerTest {
     @MockitoBean
     RestTemplateConfig restTemplateConfig;
 
+    @MockitoBean
+    MappingRequestService mappingRequestService;
+
+    @MockitoBean
+    UserRepository userRepository;
+
     private static final String tunnelResponseSmallIngressFile = "tunnelResponseSmallIngress.json";
 
     private static final String tunnelResponseLargeIngressFile = "tunnelResponseLargeIngress.json";
@@ -117,6 +132,26 @@ class TunnelControllerTest {
         return new DefaultOidcUser(authorities, idToken, "preferred_username");
     }
 
+    private DefaultOidcUser buildOidcUserWithEmail(String username, String role, String email) {
+
+        when(authoritiesToGroupMapping.getAuthorityForGroup()).thenReturn(Map.of(Groups.GITEA_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
+                Groups.POWER_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
+                Groups.HOMELAB_DEVELOPER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_DEVELOPER))),
+                Groups.SYSTEM_ADMIN, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_APPROVER), new SimpleGrantedAuthority(Authorities.ROLE_ADMIN)))));
+
+        Map<String, Set<GrantedAuthority>> roleAuthorityMapping = authoritiesToGroupMapping.getAuthorityForGroup();
+        List<GrantedAuthority> authorities = roleAuthorityMapping.get(role).stream().toList();
+
+        OidcIdToken idToken = new OidcIdToken(
+                "mock-token",
+                Instant.now(),
+                Instant.now().plusSeconds(3600),
+                Map.of("preferred_username", username, "sub", username, "email", email)
+        );
+
+        return new DefaultOidcUser(authorities, idToken, "preferred_username");
+    }
+
     @Test
     @DisplayName("should return appropriate user roles when use belongs to group GITEA_USER")
     public void testWhoAmI_user() throws Exception {
@@ -137,8 +172,9 @@ class TunnelControllerTest {
         headers.set("X-Auth-Email", "me@example.com");
         when(authKeyEmailHeader.getHttpHeaders()).thenReturn(headers);
 
-        Map<String, Object> tunnelData = Map.of("tunnels", List.of(Map.of("id", "50df9101-f625-4618-b7c5-100338a57124")));
+        List<TunnelResult> tunnelResults = List.of(new TunnelResult("50df9101-f625-4618-b7c5-100338a57124", "test-tunnel"));
-        ResponseEntity<Map> mockResponse = new ResponseEntity<>(tunnelData, HttpStatus.OK);
+        TunnelsResponse tunnelsResponse = new TunnelsResponse(tunnelResults, null, null, true);
+        ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(tunnelsResponse, HttpStatus.OK);
 
         when(cloudflareAPIService.getCloudflareTunnels()).thenReturn(mockResponse);
 
@@ -146,10 +182,193 @@ class TunnelControllerTest {
                         .with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
                 .andExpect(status().isOk())
                 .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
-                .andExpect(jsonPath("$.data.tunnels[0].id").value("50df9101-f625-4618-b7c5-100338a57124"));
+                .andExpect(jsonPath("$.data.result[0].id").value("50df9101-f625-4618-b7c5-100338a57124"));
 
     }
 
+    @Test
+    @DisplayName("should return list of configured tunnels from database")
+    void getConfiguredTunnels() throws Exception {
+        List<Tunnel> tunnels = List.of(
+                new Tunnel(UUID.fromString("50df9101-f625-4618-b7c5-100338a57124"), "dev", "devtunnel"),
+                new Tunnel(UUID.fromString("60df9101-f625-4618-b7c5-100338a57125"), "prod", "prodtunnel")
+        );
+        when(cloudflareAPIService.getAllConfiguredTunnels()).thenReturn(tunnels);
+
+        mockMvc.perform(get("/cloudflare/configured/tunnels")
+                        .with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
+                .andExpect(status().isOk())
+                .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
+                .andExpect(jsonPath("$.status").value("success"))
+                .andExpect(jsonPath("$.data[*].name", hasItem("devtunnel")))
+                .andExpect(jsonPath("$.data[*].name", hasItem("prodtunnel")));
+    }
+
+    @Test
+    @DisplayName("should return list of requests")
+    void getAllRequests_Success() throws Exception {
+        List<com.hithomelabs.CFTunnels.Entity.Request> requests = Arrays.asList(
+                createTestRequest(UUID.randomUUID(), com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.PENDING),
+                createTestRequest(UUID.randomUUID(), com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.APPROVED)
+        );
+        
+        when(mappingRequestService.getAllRequests()).thenReturn(requests);
+
+        mockMvc.perform(get("/cloudflare/requests")
+                        .with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
+                .andExpect(status().isOk())
+                .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
+                .andExpect(jsonPath("$.status").value("success"))
+                .andExpect(jsonPath("$.data").isArray())
+                .andExpect(jsonPath("$.data.length()").value(2));
+    }
+
+    @Test
+    @DisplayName("should create mapping request successfully")
+    void createTunnelMappingRequest_Success() throws Exception {
+        UUID tunnelId = UUID.randomUUID();
+        com.hithomelabs.CFTunnels.Entity.Request createdRequest = new com.hithomelabs.CFTunnels.Entity.Request();
+        createdRequest.setId(UUID.randomUUID());
+        createdRequest.setStatus(com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.PENDING);
+
+        when(mappingRequestService.createMappingRequest(any(String.class), any(com.hithomelabs.CFTunnels.Models.Ingress.class), any())).thenReturn(createdRequest);
+
+        mockMvc.perform(post("/cloudflare/tunnels/configure/{tunnelId}/requests", tunnelId.toString())
+                        .with(oauth2Login().oauth2User(buildOidcUser("developer", Groups.HOMELAB_DEVELOPER)))
+                        .with(csrf())
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(ingressJson))
+                .andExpect(status().isCreated())
+                .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
+                .andExpect(jsonPath("$.status").value("PENDING"));
+    }
+
+    @Test
+    @DisplayName("should approve mapping request successfully")
+    void approveMappingRequest_Success() throws Exception {
+        UUID requestId = UUID.randomUUID();
+        com.hithomelabs.CFTunnels.Entity.User approverUser = new com.hithomelabs.CFTunnels.Entity.User();
+        approverUser.setEmail("approver@example.com");
+        approverUser.setName("Approver");
+
+        com.hithomelabs.CFTunnels.Entity.Request approvedRequest = new com.hithomelabs.CFTunnels.Entity.Request();
+        approvedRequest.setId(requestId);
+        approvedRequest.setStatus(com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.APPROVED);
+
+        when(mappingRequestService.approveRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
+                .thenReturn(approvedRequest);
+        when(userRepository.findByEmail("approver@example.com"))
+                .thenReturn(java.util.Optional.of(approverUser));
+
+        mockMvc.perform(put("/cloudflare/requests/{requestId}/approve", requestId)
+                        .with(oauth2Login().oauth2User(buildOidcUserWithEmail("approver", Groups.SYSTEM_ADMIN, "approver@example.com")))
+                        .with(csrf()))
+                .andExpect(status().isOk())
+                .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
+                .andExpect(jsonPath("$.status").value("APPROVED"));
+    }
+
+    @Test
+    @DisplayName("should return 404 when request not found")
+    void approveMappingRequest_NotFound() throws Exception {
+        UUID requestId = UUID.randomUUID();
+        com.hithomelabs.CFTunnels.Entity.User approverUser = new com.hithomelabs.CFTunnels.Entity.User();
+        approverUser.setEmail("approver@example.com");
+        approverUser.setName("Approver");
+
+        when(mappingRequestService.approveRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
+                .thenThrow(new NoSuchElementException("Request not found"));
+        when(userRepository.findByEmail("approver@example.com"))
+                .thenReturn(java.util.Optional.of(approverUser));
+
+        mockMvc.perform(put("/cloudflare/requests/{requestId}/approve", requestId)
+                        .with(oauth2Login().oauth2User(buildOidcUserWithEmail("approver", Groups.SYSTEM_ADMIN, "approver@example.com")))
+                        .with(csrf()))
+                .andExpect(status().isNotFound());
+    }
+
+    @Test
+    @DisplayName("should return 500 when mapping creation fails")
+    void approveMappingRequest_InternalServerError() throws Exception {
+        UUID requestId = UUID.randomUUID();
+        com.hithomelabs.CFTunnels.Entity.User approverUser = new com.hithomelabs.CFTunnels.Entity.User();
+        approverUser.setEmail("approver@example.com");
+        approverUser.setName("Approver");
+
+        when(mappingRequestService.approveRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
+                .thenThrow(new RuntimeException("Failed to add mapping to Cloudflare"));
+        when(userRepository.findByEmail("approver@example.com"))
+                .thenReturn(java.util.Optional.of(approverUser));
+
+        mockMvc.perform(put("/cloudflare/requests/{requestId}/approve", requestId)
+                        .with(oauth2Login().oauth2User(buildOidcUserWithEmail("approver", Groups.SYSTEM_ADMIN, "approver@example.com")))
+                        .with(csrf()))
+                .andExpect(status().isInternalServerError());
+    }
+
+    @Test
+    @DisplayName("should reject mapping request successfully")
+    void rejectMappingRequest_Success() throws Exception {
+        UUID requestId = UUID.randomUUID();
+        com.hithomelabs.CFTunnels.Entity.User rejecterUser = new com.hithomelabs.CFTunnels.Entity.User();
+        rejecterUser.setEmail("rejecter@example.com");
+        rejecterUser.setName("Rejecter");
+
+        com.hithomelabs.CFTunnels.Entity.Request rejectedRequest = new com.hithomelabs.CFTunnels.Entity.Request();
+        rejectedRequest.setId(requestId);
+        rejectedRequest.setStatus(com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.REJECTED);
+
+        when(mappingRequestService.rejectRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
+                .thenReturn(rejectedRequest);
+        when(userRepository.findByEmail("rejecter@example.com"))
+                .thenReturn(java.util.Optional.of(rejecterUser));
+
+        mockMvc.perform(put("/cloudflare/requests/{requestId}/reject", requestId)
+                        .with(oauth2Login().oauth2User(buildOidcUserWithEmail("rejecter", Groups.SYSTEM_ADMIN, "rejecter@example.com")))
+                        .with(csrf()))
+                .andExpect(status().isOk())
+                .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
+                .andExpect(jsonPath("$.status").value("REJECTED"));
+    }
+
+    @Test
+    @DisplayName("should return 404 when rejecting non-existent request")
+    void rejectMappingRequest_NotFound() throws Exception {
+        UUID requestId = UUID.randomUUID();
+        com.hithomelabs.CFTunnels.Entity.User rejecterUser = new com.hithomelabs.CFTunnels.Entity.User();
+        rejecterUser.setEmail("rejecter@example.com");
+        rejecterUser.setName("Rejecter");
+
+        when(mappingRequestService.rejectRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
+                .thenThrow(new NoSuchElementException("Request not found"));
+        when(userRepository.findByEmail("rejecter@example.com"))
+                .thenReturn(java.util.Optional.of(rejecterUser));
+
+        mockMvc.perform(put("/cloudflare/requests/{requestId}/reject", requestId)
+                        .with(oauth2Login().oauth2User(buildOidcUserWithEmail("rejecter", Groups.SYSTEM_ADMIN, "rejecter@example.com")))
+                        .with(csrf()))
+                .andExpect(status().isNotFound());
+    }
+
+    @Test
+    @DisplayName("should return 409 when rejecting already processed request")
+    void rejectMappingRequest_Conflict() throws Exception {
+        UUID requestId = UUID.randomUUID();
+        com.hithomelabs.CFTunnels.Entity.User rejecterUser = new com.hithomelabs.CFTunnels.Entity.User();
+        rejecterUser.setEmail("rejecter@example.com");
+        rejecterUser.setName("Rejecter");
+
+        when(mappingRequestService.rejectRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
+                .thenThrow(new IllegalStateException("Request is not in PENDING status"));
+        when(userRepository.findByEmail("rejecter@example.com"))
+                .thenReturn(java.util.Optional.of(rejecterUser));
+
+        mockMvc.perform(put("/cloudflare/requests/{requestId}/reject", requestId)
+                        .with(oauth2Login().oauth2User(buildOidcUserWithEmail("rejecter", Groups.SYSTEM_ADMIN, "rejecter@example.com")))
+                        .with(csrf()))
+                .andExpect(status().isConflict());
+    }
+
     @Test
     void getTunnelConfigurations() throws Exception {
 
@@ -158,7 +377,7 @@ class TunnelControllerTest {
 
         when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(Map.class))).thenReturn(mockResponse);
 
-        mockMvc.perform(get("/cloudflare/tunnel/{tunnelId}", "sampleTunnelId")
+        mockMvc.perform(get("/cloudflare/tunnels/{tunnelId}/mappings", "sampleTunnelId")
                         .with(oauth2Login().oauth2User(buildOidcUser("username", Groups.HOMELAB_DEVELOPER))))
                 .andExpect(status().isOk())
                 .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
@@ -180,7 +399,7 @@ class TunnelControllerTest {
         ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
         when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
 
-        mockMvc.perform(put("/cloudflare/tunnel/{tunnelId}/add", "sampleTunnelId")
+        mockMvc.perform(post("/cloudflare/tunnels/{tunnelId}/mappings", "sampleTunnelId")
                         .with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
                         .with(csrf())
                         .contentType(MediaType.APPLICATION_JSON)
@@ -190,6 +409,13 @@ class TunnelControllerTest {
                 .andExpect(jsonPath("$.data.result.config.ingress[*].hostname", hasItem("random.hithomelabs.com")));
     }
 
+    private Request createTestRequest(UUID id, Request.RequestStatus status) {
+        Request request = new Request();
+        request.setId(id);
+        request.setStatus(status);
+        return request;
+    }
+
     @Test
     void deleteTunnelConfiguration() throws Exception {
 
@@ -205,7 +431,7 @@ class TunnelControllerTest {
         ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
         when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
 
-        mockMvc.perform(put("/cloudflare/tunnel/{tunnelId}/delete", "sampleTunnelId")
+        mockMvc.perform(delete("/cloudflare/tunnels/{tunnelId}/mappings", "sampleTunnelId")
                         .with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
                         .with(csrf())
                         .contentType(MediaType.APPLICATION_JSON)
@@ -215,5 +441,55 @@ class TunnelControllerTest {
                 .andExpect(jsonPath("$.data.result.config.ingress[*].hostname", not(hasItem("random.hithomelabs.com"))));
     }
 
+    @Test
+    @DisplayName("should return 200 OK with tunnel when tunnel is successfully updated")
+    void configureTunnelForEnvironment_Success() throws Exception {
+        Tunnel tunnel = new Tunnel(UUID.randomUUID(), "dev", "test-tunnel");
+        when(cloudflareAPIService.createOrUpdateTunnel(eq("test-tunnel-id"), any(String.class))).thenReturn(tunnel);
+
+        mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "test-tunnel-id")
+                        .with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
+                        .with(csrf()))
+                .andExpect(status().isOk())
+                .andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
+                .andExpect(jsonPath("$.name").value("test-tunnel"))
+                .andExpect(jsonPath("$.environment").value("dev"));
+    }
+
+    @Test
+    @DisplayName("should return 204 NO_CONTENT when tunnel does not need changes")
+    void configureTunnelForEnvironment_NoContent() throws Exception {
+        when(cloudflareAPIService.createOrUpdateTunnel(eq("test-tunnel-id"), any(String.class))).thenReturn(null);
+
+        mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "test-tunnel-id")
+                        .with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
+                        .with(csrf()))
+                .andExpect(status().isNoContent());
+    }
+
+    @Test
+    @DisplayName("should return 404 NOT_FOUND when tunnelId is not valid")
+    void configureTunnelForEnvironment_NotFound() throws Exception {
+        when(cloudflareAPIService.createOrUpdateTunnel(eq("invalid-tunnel-id"), any(String.class)))
+                .thenThrow(new NoSuchElementException("Tunnel not found"));
+
+        mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "invalid-tunnel-id")
+                        .with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
+                        .with(csrf()))
+                .andExpect(status().isNotFound());
+    }
+
+    @Test
+    @DisplayName("should return 500 INTERNAL_SERVER_ERROR when runtime exception occurs")
+    void configureTunnelForEnvironment_InternalServerError() throws Exception {
+        when(cloudflareAPIService.createOrUpdateTunnel(eq("test-tunnel-id"), any(String.class)))
+                .thenThrow(new RuntimeException("Internal error"));
+
+        mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "test-tunnel-id")
+                        .with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
+                        .with(csrf()))
+                .andExpect(status().isInternalServerError());
+    }
+
 
 }

src/test/java/com/hithomelabs/CFTunnels/Integration/CoudflareApiIntegrationTest.java

@@ -5,6 +5,8 @@ import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
 import com.hithomelabs.CFTunnels.Models.Config;
 import com.hithomelabs.CFTunnels.Models.Ingress;
 import com.hithomelabs.CFTunnels.Models.TunnelResponse;
+import com.hithomelabs.CFTunnels.Models.TunnelResult;
+import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
 import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Tag;
@@ -17,7 +19,6 @@ import org.springframework.test.context.ActiveProfiles;
 import org.springframework.web.client.RestTemplate;
 
 import java.util.List;
-import java.util.Map;
 
 import static org.junit.jupiter.api.Assertions.*;
 
@@ -44,13 +45,13 @@ public class CoudflareApiIntegrationTest {
     @DisplayName("Calls cloudflare cfd tunnels API and checks that dev tunnel should be a part of the response")
     public void testGetTunnelsTest() {
 
-        ResponseEntity<Map> response = cloudflareAPIService.getCloudflareTunnels();
+        ResponseEntity<TunnelsResponse> response = cloudflareAPIService.getCloudflareTunnels();
 
         assertEquals(HttpStatus.OK, response.getStatusCode());
 
-        List<Map<String, Object>> tunnelList = (List<Map<String, Object>>) response.getBody().get("result");
+        List<TunnelResult> tunnelList = response.getBody().getResult();
         boolean hasName = tunnelList.stream()
-                .anyMatch(tunnel -> "devtunnel".equals(tunnel.get("name")));
+                .anyMatch(tunnel -> "devtunnel".equals(tunnel.getName()));
 
         assertTrue(hasName);
     }

src/test/java/com/hithomelabs/CFTunnels/Repositories/RequestRepositoryTest.java

@@ -0,0 +1,179 @@
+package com.hithomelabs.CFTunnels.Repositories;
+
+import com.hithomelabs.CFTunnels.Entity.Mapping;
+import com.hithomelabs.CFTunnels.Entity.Protocol;
+import com.hithomelabs.CFTunnels.Entity.Request;
+import com.hithomelabs.CFTunnels.Entity.Tunnel;
+import com.hithomelabs.CFTunnels.Entity.User;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.boot.test.autoconfigure.jdbc.AutoConfigureTestDatabase;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.TestPropertySource;
+
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+@DataJpaTest
+@AutoConfigureTestDatabase(replace = AutoConfigureTestDatabase.Replace.ANY)
+@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_EACH_TEST_METHOD)
+@TestPropertySource(properties = {
+    "spring.jpa.hibernate.ddl-auto=create-drop",
+    "spring.jpa.show-sql=false",
+    "spring.sql.init.mode=never"
+})
+class RequestRepositoryTest {
+
+    @Autowired
+    private RequestRepository requestRepository;
+
+    @Autowired
+    private TunnelRepository tunnelRepository;
+
+    @Autowired
+    private MappingRepository mappingRepository;
+
+    @Autowired
+    private UserRepository userRepository;
+
+    private Tunnel tunnel;
+    private User createdByUser;
+    private User acceptedByUser;
+    private Mapping mapping;
+
+    @BeforeEach
+    void setUp() {
+        tunnel = new Tunnel();
+        tunnel.setId(UUID.randomUUID());
+        tunnel.setEnvironment("test");
+        tunnel.setName("test-tunnel");
+        tunnel = tunnelRepository.save(tunnel);
+
+        createdByUser = new User();
+        createdByUser.setEmail("creator@example.com");
+        createdByUser.setName("Creator User");
+        createdByUser = userRepository.save(createdByUser);
+
+        acceptedByUser = new User();
+        acceptedByUser.setEmail("approver@example.com");
+        acceptedByUser.setName("Approver User");
+        acceptedByUser = userRepository.save(acceptedByUser);
+
+        mapping = new Mapping();
+        mapping.setTunnel(tunnel);
+        mapping.setPort(8080);
+        mapping.setProtocol(Protocol.HTTP);
+        mapping.setSubdomain("test-subdomain");
+        mapping = mappingRepository.save(mapping);
+    }
+
+    @Test
+    @DisplayName("findAllWithDetails should return requests with all relationships loaded")
+    void findAllWithDetails_ShouldReturnRequestsWithAllRelationships() {
+        Request request = new Request();
+        request.setMapping(mapping);
+        request.setCreatedBy(createdByUser);
+        request.setAcceptedBy(acceptedByUser);
+        request.setStatus(Request.RequestStatus.PENDING);
+        requestRepository.save(request);
+
+        List<Request> results = requestRepository.findAllWithDetails();
+
+        assertThat(results).hasSize(1);
+        Request result = results.get(0);
+        assertThat(result.getMapping()).isNotNull();
+        assertThat(result.getMapping().getTunnel()).isNotNull();
+        assertThat(result.getCreatedBy()).isNotNull();
+        assertThat(result.getAcceptedBy()).isNotNull();
+    }
+
+    @Test
+    @DisplayName("findByIdWithDetails should return request with all relationships loaded")
+    void findByIdWithDetails_ShouldReturnRequestWithAllRelationships() {
+        Request request = new Request();
+        request.setMapping(mapping);
+        request.setCreatedBy(createdByUser);
+        request.setAcceptedBy(acceptedByUser);
+        request.setStatus(Request.RequestStatus.PENDING);
+        UUID requestId = requestRepository.save(request).getId();
+
+        Optional<Request> result = requestRepository.findByIdWithDetails(requestId);
+
+        assertThat(result).isPresent();
+        assertThat(result.get().getMapping()).isNotNull();
+        assertThat(result.get().getMapping().getTunnel()).isNotNull();
+        assertThat(result.get().getCreatedBy()).isNotNull();
+        assertThat(result.get().getAcceptedBy()).isNotNull();
+    }
+
+    @Test
+    @DisplayName("findByIdWithDetails should return empty for non-existent id")
+    void findByIdWithDetails_ShouldReturnEmptyForNonExistentId() {
+        Optional<Request> result = requestRepository.findByIdWithDetails(UUID.randomUUID());
+
+        assertThat(result).isEmpty();
+    }
+
+    @Test
+    @DisplayName("findAllWithDetails should return empty list when no requests exist")
+    void findAllWithDetails_ShouldReturnEmptyListWhenNoRequests() {
+        List<Request> results = requestRepository.findAllWithDetails();
+
+        assertThat(results).isEmpty();
+    }
+
+    @Test
+    @DisplayName("findAllWithDetails should handle multiple requests with different statuses")
+    void findAllWithDetails_ShouldHandleMultipleRequests() {
+        Mapping mapping1 = new Mapping();
+        mapping1.setTunnel(tunnel);
+        mapping1.setPort(8080);
+        mapping1.setProtocol(Protocol.HTTP);
+        mapping1.setSubdomain("pending-subdomain");
+        mapping1 = mappingRepository.save(mapping1);
+
+        Mapping mapping2 = new Mapping();
+        mapping2.setTunnel(tunnel);
+        mapping2.setPort(8081);
+        mapping2.setProtocol(Protocol.HTTP);
+        mapping2.setSubdomain("approved-subdomain");
+        mapping2 = mappingRepository.save(mapping2);
+
+        Mapping mapping3 = new Mapping();
+        mapping3.setTunnel(tunnel);
+        mapping3.setPort(8082);
+        mapping3.setProtocol(Protocol.HTTP);
+        mapping3.setSubdomain("rejected-subdomain");
+        mapping3 = mappingRepository.save(mapping3);
+
+        Request pendingRequest = new Request();
+        pendingRequest.setMapping(mapping1);
+        pendingRequest.setCreatedBy(createdByUser);
+        pendingRequest.setStatus(Request.RequestStatus.PENDING);
+        requestRepository.save(pendingRequest);
+
+        Request approvedRequest = new Request();
+        approvedRequest.setMapping(mapping2);
+        approvedRequest.setCreatedBy(createdByUser);
+        approvedRequest.setAcceptedBy(acceptedByUser);
+        approvedRequest.setStatus(Request.RequestStatus.APPROVED);
+        requestRepository.save(approvedRequest);
+
+        Request rejectedRequest = new Request();
+        rejectedRequest.setMapping(mapping3);
+        rejectedRequest.setCreatedBy(createdByUser);
+        rejectedRequest.setAcceptedBy(acceptedByUser);
+        rejectedRequest.setStatus(Request.RequestStatus.REJECTED);
+        requestRepository.save(rejectedRequest);
+
+        List<Request> results = requestRepository.findAllWithDetails();
+
+        assertThat(results).hasSize(3);
+    }
+}

src/test/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIServiceTest.java

@@ -3,9 +3,15 @@ package com.hithomelabs.CFTunnels.Services;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
+import com.hithomelabs.CFTunnels.Entity.Tunnel;
+import com.hithomelabs.CFTunnels.Exceptions.ExternalServiceException;
 import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
 import com.hithomelabs.CFTunnels.Models.Config;
+import com.hithomelabs.CFTunnels.Models.Ingress;
 import com.hithomelabs.CFTunnels.Models.TunnelResponse;
+import com.hithomelabs.CFTunnels.Models.TunnelResult;
+import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
+import com.hithomelabs.CFTunnels.Repositories.TunnelRepository;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.InjectMocks;
@@ -16,12 +22,16 @@ import org.springframework.web.client.RestTemplate;
 
 import java.io.IOException;
 import java.util.List;
-import java.util.Map;
+import java.util.NoSuchElementException;
+import java.util.Optional;
+import java.util.UUID;
 
 import static com.hithomelabs.CFTunnels.TestUtils.Util.getClassPathDataResource;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 @ExtendWith(MockitoExtension.class)
@@ -39,6 +49,9 @@ class CloudflareAPIServiceTest {
     @Mock
     CloudflareConfig cloudflareConfig;
 
+    @Mock
+    TunnelRepository tunnelRepository;
+
     private static final String tunnelResponseLargeIngressFile = "tunnelResponseLargeIngress.json";
 
     private static final String bigTunnelResponse;
@@ -56,17 +69,18 @@ class CloudflareAPIServiceTest {
 
         when(cloudflareConfig.getAccountId()).thenReturn("account-123");
         when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
-        Map<String, Object> mockBody = Map.of("tunnels", List.of(Map.of("id", "t1")));
+        List<TunnelResult> tunnelResults = List.of(new TunnelResult("t1", "test-tunnel"));
-        ResponseEntity<Map> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
+        TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
+        ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
 
         when(restTemplate.exchange(
                 any(String.class),
                 eq(HttpMethod.GET),
                 any(HttpEntity.class),
-                eq(Map.class)
+                eq(TunnelsResponse.class)
         )).thenReturn(mockResponse);
 
-        ResponseEntity<Map> response = cloudflareAPIService.getCloudflareTunnels();
+        ResponseEntity<TunnelsResponse> response = cloudflareAPIService.getCloudflareTunnels();
         assertEquals(HttpStatus.OK, response.getStatusCode());
     }
 
@@ -114,4 +128,138 @@ class CloudflareAPIServiceTest {
         assertEquals(HttpStatus.OK, response.getStatusCode());
         assertEquals(response.getBody().getResult().getConfig().getIngress().get(2).getHostname(), "random.hithomelabs.com");
     }
+
+    @Test
+    void createOrUpdateTunnel_Success() {
+        String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
+        String environment = "dev";
+
+        List<TunnelResult> tunnelResults = List.of(new TunnelResult(tunnelId, "devtunnel"));
+        TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
+        ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
+
+        when(restTemplate.exchange(
+                any(String.class),
+                eq(HttpMethod.GET),
+                any(HttpEntity.class),
+                eq(TunnelsResponse.class)
+        )).thenReturn(mockResponse);
+
+        when(tunnelRepository.findById(UUID.fromString(tunnelId))).thenReturn(Optional.empty());
+
+        Tunnel result = cloudflareAPIService.createOrUpdateTunnel(tunnelId, environment);
+
+        assertEquals(UUID.fromString(tunnelId), result.getId());
+        assertEquals("devtunnel", result.getName());
+        assertEquals(environment, result.getEnvironment());
+        verify(tunnelRepository).save(any(Tunnel.class));
+    }
+
+    @Test
+    void createOrUpdateTunnel_UpdatesExistingTunnel() {
+        String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
+        String environment = "prod";
+
+        List<TunnelResult> tunnelResults = List.of(new TunnelResult(tunnelId, "devtunnel"));
+        TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
+        ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
+
+        when(restTemplate.exchange(
+                any(String.class),
+                eq(HttpMethod.GET),
+                any(HttpEntity.class),
+                eq(TunnelsResponse.class)
+        )).thenReturn(mockResponse);
+
+        Tunnel existingTunnel = new Tunnel(UUID.fromString(tunnelId), "dev", "oldname");
+        when(tunnelRepository.findById(UUID.fromString(tunnelId))).thenReturn(Optional.of(existingTunnel));
+
+        cloudflareAPIService.createOrUpdateTunnel(tunnelId, environment);
+
+        verify(tunnelRepository).deleteById(UUID.fromString(tunnelId));
+        verify(tunnelRepository).save(any(Tunnel.class));
+    }
+
+    @Test
+    void createOrUpdateTunnel_ThrowsExternalServiceExceptionOnApiError() {
+        String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
+
+        ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR);
+
+        when(restTemplate.exchange(
+                any(String.class),
+                eq(HttpMethod.GET),
+                any(HttpEntity.class),
+                eq(TunnelsResponse.class)
+        )).thenReturn(mockResponse);
+
+        assertThrows(ExternalServiceException.class, () ->
+                cloudflareAPIService.createOrUpdateTunnel(tunnelId, "dev")
+        );
+    }
+
+    @Test
+    void createOrUpdateTunnel_ThrowsNoSuchElementExceptionWhenTunnelNotFound() {
+        String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
+
+        List<TunnelResult> tunnelResults = List.of(new TunnelResult("other-tunnel-id", "othertunnel"));
+        TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
+        ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
+
+        when(restTemplate.exchange(
+                any(String.class),
+                eq(HttpMethod.GET),
+                any(HttpEntity.class),
+                eq(TunnelsResponse.class)
+        )).thenReturn(mockResponse);
+
+        assertThrows(NoSuchElementException.class, () ->
+                cloudflareAPIService.createOrUpdateTunnel(tunnelId, "dev")
+        );
+    }
+
+    @Test
+    void getAllConfiguredTunnels_ReturnsAllTunnels() {
+        List<Tunnel> tunnels = List.of(
+                new Tunnel(UUID.fromString("50df9101-f625-4618-b7c5-100338a57124"), "dev", "devtunnel"),
+                new Tunnel(UUID.fromString("60df9101-f625-4618-b7c5-100338a57125"), "prod", "prodtunnel")
+        );
+        when(tunnelRepository.findAll()).thenReturn(tunnels);
+
+        List<Tunnel> result = cloudflareAPIService.getAllConfiguredTunnels();
+
+        assertEquals(2, result.size());
+        assertEquals("devtunnel", result.get(0).getName());
+        assertEquals("prodtunnel", result.get(1).getName());
+    }
+
+    @Test
+    void addTunnelIngress_Success() throws JsonProcessingException {
+        String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
+        Ingress ingress = new Ingress("http://192.168.0.100:8080", "test.hithomelabs.com", null, null);
+
+        when(cloudflareConfig.getAccountId()).thenReturn("account-123");
+        when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
+
+        TunnelResponse tunnelResponse = new ObjectMapper().readValue(bigTunnelResponse, TunnelResponse.class);
+        ResponseEntity<TunnelResponse> getResponse = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
+        when(restTemplate.exchange(
+                any(String.class),
+                eq(HttpMethod.GET),
+                any(HttpEntity.class),
+                eq(TunnelResponse.class)
+        )).thenReturn(getResponse);
+
+        ResponseEntity<TunnelResponse> putResponse = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
+        when(restTemplate.exchange(
+                any(String.class),
+                eq(HttpMethod.PUT),
+                any(HttpEntity.class),
+                eq(TunnelResponse.class)
+        )).thenReturn(putResponse);
+
+        ResponseEntity<TunnelResponse> result = cloudflareAPIService.addTunnelIngress(tunnelId, ingress);
+
+        assertEquals(HttpStatus.OK, result.getStatusCode());
+    }
 }