feature: add google.oauth.enabled flag and seed default roles for Google…

RestroHub/src/main/java/com/restroly/qrmenu/auth/service/GoogleAuthService.java

@@ -37,6 +37,9 @@ public class GoogleAuthService {
     @Value("${google.oauth.client-id}")
     private String googleClientId;
 
+    @Value("${google.oauth.enabled:true}")
+    private boolean googleAuthEnabled;
+
     /**
      * Authenticates user via Google OAuth token.
      * 1. Verifies the Google ID token
@@ -51,8 +54,13 @@ public class GoogleAuthService {
      */
     @Transactional
     public AuthResponse authenticateWithGoogle(GoogleAuthRequest googleAuthRequest) {
+        if (!googleAuthEnabled) {
+            log.warn("Google OAuth is disabled via configuration");
+            throw new BusinessException("Google authentication is currently disabled. Please use username/password login.");
+        }
+
         String idToken = googleAuthRequest.getToken();
-        
+
         log.info("Google OAuth authentication initiated");
 
         JsonWebSignature jws = verifyGoogleToken(idToken);

RestroHub/src/main/java/com/restroly/qrmenu/config/DataInitializer.java

@@ -0,0 +1,52 @@
+package com.restroly.qrmenu.config;
+
+import com.restroly.qrmenu.user.entity.Role;
+import com.restroly.qrmenu.user.repository.RoleRepository;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+/**
+ * Initializes default roles in the database on application startup.
+ * Ensures required roles (ADMIN, RESTAURANT_OWNER, CUSTOMER) exist
+ * before any authentication (including Google OAuth) is attempted.
+ */
+@Component
+@RequiredArgsConstructor
+@Slf4j
+public class DataInitializer implements CommandLineRunner {
+
+    private final RoleRepository roleRepository;
+
+    private static final List<String[]> DEFAULT_ROLES = List.of(
+        new String[]{"ADMIN",            "System administrator with full access"},
+        new String[]{"RESTAURANT_OWNER", "Restaurant owner with management access"},
+        new String[]{"CUSTOMER",         "End customer placing orders via QR menu"}
+    );
+
+    @Override
+    public void run(String... args) {
+        log.info("Checking and initializing default roles...");
+
+        for (String[] roleData : DEFAULT_ROLES) {
+            String roleName = roleData[0];
+            String roleDesc = roleData[1];
+
+            if (!roleRepository.existsByName(roleName)) {
+                Role role = Role.builder()
+                        .name(roleName)
+                        .description(roleDesc)
+                        .isActive(true)
+                        .build();
+                roleRepository.save(role);
+                log.info("Created default role: {}", roleName);
+            } else {
+                log.debug("Role already exists, skipping: {}", roleName);
+            }
+        }
+
+        log.info("Role initialization complete.");
+    }

RestroHub/src/main/resources/application-dev.properties

@@ -61,4 +61,5 @@ security.cors.allowed-origins=${CORS_ALLOWED_ORIGINS:http://localhost:5173,http:
 # --- Google OAuth 2.0 Credentials ---
 # Create your client credentials in the Google Cloud Console:
 # https://console.cloud.google.com/apis/credentials
-google.oauth.client-id=${GOOGLE_OAUTH_CLIENT_ID:YOUR_GOOGLE_OAUTH_CLIENT_ID_HERE}
+google.oauth.client-id=${GOOGLE_OAUTH_CLIENT_ID:YOUR_GOOGLE_OAUTH_CLIENT_ID_HERE}
+google.oauth.enabled=${GOOGLE_OAUTH_ENABLED:true}

RestroHub/src/main/resources/application.properties

@@ -95,6 +95,8 @@ security.jwt.refresh-expiration=${JWT_REFRESH_EXPIRATION:604800000}
 # https://console.cloud.google.com/apis/credentials
 
 google.oauth.client-id=${GOOGLE_OAUTH_CLIENT_ID:YOUR_GOOGLE_OAUTH_CLIENT_ID_HERE}
+# Set to false to disable Google OAuth login
+google.oauth.enabled=${GOOGLE_OAUTH_ENABLED:true}
 
 # ===============================
 # Payment Gateway