Basistha Kumar

End-to-End Encrypted Messaging Backend

• ▸ Designed a passwordless, anonymous authentication system using Ed25519 key pairs and challenge-response verification, requiring only a username and public key at registration with no email, phone number, or password ever stored or transmitted.
• ▸ Built a stateless JWT security layer with dual-path invalidation: an explicit revoked-token table for logout and timestamp-based rejection for key rotation, ensuring prior sessions are invalidated without a per-token blocklist entry.
• ▸ Implemented a WebSocket/STOMP delivery pipeline pushing encrypted messages to recipients in real time while persisting ciphertext and nonces server-side with no ability to read message content.
• ▸ Engineered an account recovery system generating eight BCrypt-hashed one-time codes at registration, allowing users to reclaim access and install a new key pair without any server-stored password.
• ▸ Configured Spring Security with a custom OncePerRequestFilter for JWT validation, revocation checks, and key-rotation enforcement, and a separate STOMP channel interceptor for WebSocket authentication.

Encrypted File Storage & Management Backend

• ▸ Engineered file upload and download via AWS S3 presigned URLs, keeping file bytes out of the application server entirely — the backend issues a time-limited signed URL and the client transacts with S3 directly, decoupling storage I/O from API throughput.
• ▸ Designed a passwordless authentication system using Ed25519 key pairs and challenge-response verification with stateless JWT sessions, using dual-path invalidation: an explicit revoked-token table for logout and timestamp-based rejection for key rotation, ensuring prior sessions are invalidated without a per-token blocklist entry per user.
• ▸ Built a hierarchical folder system with recursive parent-folder references and a granular per-resource permission model, allowing owners to grant read or write access to individual recipients on both files and folders independently.
• ▸ Implemented per-user storage quota enforcement with atomic quota updates on every upload, deletion, and soft-restore, rejecting requests that would breach the allocated limit before a presigned URL is issued to the client.
• ▸ Implemented a two-tier scheduled cleanup: a fixedRate job every 5 minutes soft-deleting demo files older than 30 minutes from S3 and the database, and a nightly cron job performing a full hard-delete cascade of demo accounts — files, folders, shares, recovery keys, and auth challenges — in dependency order to avoid foreign-key violations.

Collaborative Document Editor & Project Management Backend

• ▸ Built WebSocket/STOMP real-time collaboration layer enabling low-latency document sync across concurrent users.
• ▸ Implemented CRDT-based conflict resolution using the YATA algorithm with deterministic ordering (counter @ clientId), ensuring all clients converge to identical document state regardless of operation order.
• ▸ Architected JWT authentication and role-based access control with Spring Security for multi-user document permissions.
• ▸ Designed PostgreSQL persistence via Spring Data JPA with JSON-serialized CRDT state; containerized full stack with Docker Compose.

E-Commerce REST API

• ▸ Architected a RESTful e-commerce backend using Spring Boot with stateless JWT authentication, BCrypt password hashing, and role-based access control separating public, user, and admin endpoints.
• ▸ Implemented transactional order processing with pessimistic write locking on stock fields to prevent overselling under concurrent requests, with automatic stock restoration on order cancellation.
• ▸ Built a token-bucket rate limiter using Bucket4j applied per client IP on authentication endpoints, rejecting excess requests with HTTP 429 before JWT parsing is attempted.
• ▸ Designed a schema migration strategy using a custom ApplicationRunner to perform idempotent DDL operations via JdbcTemplate post-Hibernate-initialisation, handling column drops and type conversions that ddl-auto=update cannot perform on existing tables.
• ▸ Integrated JavaMail for HTML order confirmation and cancellation emails with isolated exception handling ensuring mail failures never roll back the enclosing transaction.