Context
Protecting admin routes and sensitive creator data.
Problem
Basic authentication doesn't distinguish between 'Investor', 'Creator', and 'Admin'.
Suggested Execution
- Use 'Passport' strategy for NestJS.
- Define 'Roles' decorator for controllers.
Acceptance Criteria
- Restricted access to /admin and /internal routes.
- Secure, token-based session management.
References
- backend/src/guards/roles.guard.ts
Context
Protecting admin routes and sensitive creator data.
Problem
Basic authentication doesn't distinguish between 'Investor', 'Creator', and 'Admin'.
Suggested Execution
Acceptance Criteria
References