Overview
The StreamForge API endpoints need to be protected so that only authorized services and users can access contribution and scoring data.
What needs to be done
- Implement a JWT-based authentication middleware in NestJS
- Create an
auth module under src/
- Protect all routes except public health check endpoints
- Implement the following:
POST /auth/login — accepts credentials and returns a signed JWT token- Auth guard that validates JWT on every protected request
- Proper error responses for unauthorized requests
Acceptance Criteria
Notes
Use the @nestjs/jwt and @nestjs/passport packages. Follow NestJS guard conventions. Do not hardcode secrets — use environment variables.
Overview
The StreamForge API endpoints need to be protected so that only authorized services and users can access contribution and scoring data.
What needs to be done
authmodule undersrc/POST /auth/login— accepts credentials and returns a signed JWT tokenAcceptance Criteria
src/authmodule exists with guard, service, and controllerPOST /auth/loginreturns a valid JWT on correct credentials401when no token is provided403when token is invalid or expiredNotes
Use the
@nestjs/jwtand@nestjs/passportpackages. Follow NestJS guard conventions. Do not hardcode secrets — use environment variables.