Day 8
TL;DR: Yesterday I took a break. Today I’m back – and permissions are under control :)
Spent the day designing a fine-grained permission model.
I now support 96 distinct permissions across 8 modules, 4 CRUD operations, and 3 scopes: self, group, global.
Three system roles bind these into meaningful sets:
admin: full global access (32 permissions)
supervisor: read self + full group scope (32)
employee: read/update self only (16)

That's 80 role-permission bindings total. Uff.

https://write.as/bmariusz/designing-a-scalable-permission-model

#sql #Microservices #monorepo #rbac #codingdays #programming #accessManagement

Day 7
✅ 24 test suites, 153 tests passing.

Solid coverage across service and controller layers in my modular monorepo. Strict typing (TypeScript), full DTO validation, and realistic mocks across complex relations (TypeORM).

Next: fine-tuning error handling & exploring e2e strategies.

https://write.as/bmariusz/24-test-suites-153-tests-passing-scaling-confidence-with-every-assertion

#TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo #rbac #codingdays #swagger #jwt #jwt_auth #programming

Day 6
TL;DR: Groups, memberships, hierarchy — all dynamic now.

Released backend v0.3.0 🎉

✅ Users can belong to multiple groups with typed roles
✅ Groups can form hierarchical or overlapping structures
✅ Roles are normalized via reference types

Built with NestJS + TypeORM. Documented via Swagger.

https://write.as/bmariusz/building-a-flexible-group-structure-with-nestjs-and-typeorm

#TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo #rbac #codingdays #swagger #jwt #jwt_auth #programming

Day 5
TL;DR: Continued work on backend security — role-based access is now fully wired up.

✅ Got fine-grained role-based access control fully working today.

• Roles loaded from PostgreSQL
• Injected into JWT during login
• Validated via custom `@Roles()` + `RolesGuard`
• Authenticated via `@UseGuards(JwtAuthGuard)` globally
• Introduced `@Public()` decorator to bypass guards for public endpoints
• Swagger supports Bearer token for testing

Took a while to get the role propagation into the token right — the key was enriching the `validateUser()` result, not just fetching data from DB.

Modular, clean, and no magic. Feels good. 👌

more on: https://write.as/bmariusz/continuation-securing-routes-with-jwt-and-role-based-access-control
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo
#codingdays #swagger #jwt #jwt_auth #programming

Day 4

TL;DR: Full Swagger docs + JWT auth with registration and login are live.

Today’s work focused on two key improvements.

1. Swagger documentation was extended across all API layers. DTOs, entities, and controllers were enriched with `@ApiTags`, `@ApiOperation`, `@ApiResponse`, and detailed `@ApiBody` annotations — including real-life examples for request bodies.

2. JWT-based authentication was implemented. A secure registration flow was added, with password hashing via bcrypt. A login endpoint now issues access tokens containing user ID, email, and roles. All logic is encapsulated using Passport strategies (local and JWT). The next step will be protecting routes with guards and role-based access.

#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo
#codingdays #swagger #jwt #jwt_auth #programming

Day 3 2/2
2. Enabling API documentation with Swagger.

I integrated Swagger into the backend (NestJS v10, ESM, Turbo monorepo), using `@nestjs/swagger@7` to match our current framework version.
The docs are now live at `/api/docs`, fully aligned with our global `ValidationPipe` and `AllExceptionsFilter` — ensuring consistent validation and error responses.

Next: annotate DTOs, describe endpoints properly, and restrict access.
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices
#codingdays #programming

Day 3 1/2
TL;DR:
Added global `ValidationPipe` and unified `AllExceptionsFilter` in NestJS. API errors now follow a consistent format: `{ statusCode, error, message, code, details }`.

Today’s work focused on:
1. Standardizing input validation and error handling in the backend of the insurance sales network management system (NestJS, TypeScript, ESM, Turbo monorepo).

- Enabled global `ValidationPipe` with: `whitelist`, `forbidNonWhitelisted`, `transform`, `enableImplicitConversion`.
- Extended existing `AllExceptionsFilter` to produce structured error responses across `HttpException`, `QueryFailedError`, and other runtime errors.
- Removed `http-exception.filter.ts` — now redundant.
- Error response format is frontend/B2B-friendly and consistent across the API.

Example error response:
{
"statusCode": 400,
"error": "Bad Request",
"message": "Field 'email' is required",
"code": "VALIDATION_EMAIL_REQUIRED",
"details": {
"field": "email",
"reason": "required"
}
}
#codingdays #programming

Day 2:

TL;DR:
❌ `composite: true`
❌ `tsconfig.build.json`
✅ `paths` in `tsconfig.base.json`
✅ `include` shared libs explicitly where needed
✅ `turbo run build` just works

Wrestled for hours (~3) with TypeScript `project references` and `paths` in a Turbo monorepo (NestJS, ESM).
Turns out: if you want global aliases like `@my-lib/foo` to *just work* across apps — skip `composite: true` and `tsc --build`.

Project references and alias-based path mapping don't mix well when your intent is to keep things simple.

#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices
#codingdays #programming

Day 1:
tl;dr: ESM + TS + NestJS + TypeORM is possible, but not recommended for the impatient.

Successfully bootstrapped NestJS + TypeORM + PostgreSQL stack using ESM.

It only took:
- 6 hours
- 17 cryptic errors
- 3 existential crises

Turns out, using modern JS modules with legacy decorators is... bold. But hey — it runs now.

#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices
#codingdays #programming