I'd like to have code review for backend of todo app.
It has 2 main functionalities:
Authentication and authorization using Spring Security and JWT token.
CRUD for tasks
In particular I'd like to focus on code quality and database design.
https://github.com/redshift-7/todo-app
REST controller for managing tasks:
@Slf4j @RequiredArgsConstructor @CrossOrigin @RestController @RequestMapping("/api") public class TaskController { private final TaskService taskService; @GetMapping("/tasks") public List<Task> all() { log.info("Request to get all tasks for current user"); return taskService.findAll(); } @GetMapping("/task/{id}") public ResponseEntity<Task> one(@PathVariable Long id) { log.info("Request to get tasks with id: {}", id); return taskService.getById(id).map(response -> ResponseEntity.ok().body(response)) .orElse(new ResponseEntity<>(HttpStatus.NOT_FOUND)); } @PostMapping("/tasks") public ResponseEntity<Task> newTask(@Valid @RequestBody Task task) throws URISyntaxException { log.info("Request to save new task item: {}", task); Task result = taskService.save(task); log.info("New task saved with id: {}", result.getId()); return ResponseEntity.created(new URI("/api/task/" + result.getId())).body(result); } @PutMapping("/tasks/{id}") public ResponseEntity<Task> updateTask(@Valid @RequestBody Task newTask, @PathVariable Long id) { log.info("Request to update task with id: {}", id); Optional<Task> result = taskService.update(newTask); return result.map(task -> ResponseEntity.ok().body(task)) .orElseGet(() -> ResponseEntity.notFound().build()); } @DeleteMapping("/tasks/{id}") public ResponseEntity<HttpStatus> deleteTask(@PathVariable Long id) { log.info("Request to delete task with id: {}", id); taskService.delete(id); return ResponseEntity.noContent().build(); } } 
/task/{id}mapping (with singular instead of plural) intentional or a typo?\$\endgroup\$newTaskmethod contains the generation of theLocationlink that is created as part of the201 Createdresponse that points to/task/{id}.\$\endgroup\$