Skip to content

Implement JWT-based Role Access Control (RBAC) #357

Description

@gabito1451

Context

Protecting admin routes and sensitive creator data.

Problem

Basic authentication doesn't distinguish between 'Investor', 'Creator', and 'Admin'.

Suggested Execution

  • Use 'Passport' strategy for NestJS.
  • Define 'Roles' decorator for controllers.

Acceptance Criteria

  • Restricted access to /admin and /internal routes.
  • Secure, token-based session management.

References

  • backend/src/guards/roles.guard.ts

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions