NestJS backend with JWT auth, RBAC guards, and Prisma for academic project lifecycle management
18 weeks
7
Production
Défi principal
Layering AuthGuard, VerifiedGuard, RolesGuard, and OwnershipGuard cleanly across 40+ endpoints
Compétences démontrées
Designed and shipped a NestJS + Prisma + PostgreSQL API for managing users, projects, modules, and workshops with JWT authentication, role-based guards, and an approval workflow—deployed live on Render.
Academic project tracking lacked centralized auth, roles, and approval workflows
Layered NestJS guard stack with JWT, email verification, and ownership checks
Live API on Render serving projects, users, modules, and workshops
40+
API endpoints
4
Security guards
8+
API modules
4
Guard types
99.5%
Deploy uptime
Screenshot 1
Production-grade school project API with real security patterns deployed live.
Centralized project lifecycle management for academic teams.
61
Commits
8+
Domain modules
Three-tier architecture: Next.js frontend, NestJS REST API, and PostgreSQL via Prisma.
Each domain is an isolated NestJS module with controller, service, and DTOs. Guards applied via decorators at controller or method level.
Email verification tokens validated before VerifiedGuard allows access.
Infrastructure & déploiement
Backend on Render with managed PostgreSQL. Frontend on Vercel pointing to Render API URL.
Signup, signin, email verification, and password reset.
Member, owner, and mentor roles enforced by RolesGuard.
Create and manage projects with team membership.
Schedule and track upcoming and past workshops.
Request and approve team member additions.
Structured audit trail for sensitive operations.
Le problème
Different endpoints need different guard combinations.
Comment je l'ai résolu
Reusable guards combined with @UseGuards decorator stacks per route.
@UseGuards(AuthGuard, VerifiedGuard, RolesGuard)
@Roles(Role.MENTOR)
@Get(':id/team') getProjectTeam() { ... }Le problème
Users could hit protected routes before verifying email.
Comment je l'ai résolu
VerifiedGuard blocks all non-auth routes until isVerified is true.
if (!user.isVerified) throw new ForbiddenException('Verify email first');Le problème
Project owners should modify their projects but not others.
Comment je l'ai résolu
OwnershipGuard loads entity and compares ownerId to JWT user id.
@UseGuards(AuthGuard, OwnershipGuard)
@Patch(':id') updateProject() { ... }Guards compose better than middleware soup
NestJS guard decorators made it easy to mix auth, verification, role, and ownership checks per endpoint.
Prisma accelerates iteration
Schema changes with migrate dev kept the team moving fast without raw SQL drift.
DTOs at the boundary
class-validator on every input DTO caught bad payloads before they hit services.
Ce que je ferais différemment
Finish the approval system endpoints and add rate limiting plus structured logging.
Healthcare pharmacy platform with patient/pharmacy accounts, prescriptions, orders, and product catalog.
Full-stack meeting room management for Al Baraka with NestJS backend and Next.js dashboard.
Intéressé par un projet similaire ou envie de collaborer sur le vôtre ?