NestJS backend with JWT auth, RBAC guards, and Prisma for academic project lifecycle management
18 weeks
7
Production
Key Challenge
Layering AuthGuard, VerifiedGuard, RolesGuard, and OwnershipGuard cleanly across 40+ endpoints
Skills Demonstrated
Designed and shipped a NestJS + Prisma + PostgreSQL API for managing users, projects, modules, and workshops with JWT authentication, role-based guards, and an approval workflow—deployed live on Render.
Academic project tracking lacked centralized auth, roles, and approval workflows
Layered NestJS guard stack with JWT, email verification, and ownership checks
Live API on Render serving projects, users, modules, and workshops
40+
API endpoints
4
Security guards
8+
API modules
4
Guard types
99.5%
Deploy uptime
Screenshot 1
Production-grade school project API with real security patterns deployed live.
Centralized project lifecycle management for academic teams.
61
Commits
8+
Domain modules
Three-tier architecture: Next.js frontend, NestJS REST API, and PostgreSQL via Prisma.
Each domain is an isolated NestJS module with controller, service, and DTOs. Guards applied via decorators at controller or method level.
Email verification tokens validated before VerifiedGuard allows access.
Infrastructure & Deployment
Backend on Render with managed PostgreSQL. Frontend on Vercel pointing to Render API URL.
Signup, signin, email verification, and password reset.
Member, owner, and mentor roles enforced by RolesGuard.
Create and manage projects with team membership.
Schedule and track upcoming and past workshops.
Request and approve team member additions.
Structured audit trail for sensitive operations.
The Problem
Different endpoints need different guard combinations.
How I Solved It
Reusable guards combined with @UseGuards decorator stacks per route.
@UseGuards(AuthGuard, VerifiedGuard, RolesGuard)
@Roles(Role.MENTOR)
@Get(':id/team') getProjectTeam() { ... }The Problem
Users could hit protected routes before verifying email.
How I Solved It
VerifiedGuard blocks all non-auth routes until isVerified is true.
if (!user.isVerified) throw new ForbiddenException('Verify email first');The Problem
Project owners should modify their projects but not others.
How I Solved It
OwnershipGuard loads entity and compares ownerId to JWT user id.
@UseGuards(AuthGuard, OwnershipGuard)
@Patch(':id') updateProject() { ... }Guards compose better than middleware soup
NestJS guard decorators made it easy to mix auth, verification, role, and ownership checks per endpoint.
Prisma accelerates iteration
Schema changes with migrate dev kept the team moving fast without raw SQL drift.
DTOs at the boundary
class-validator on every input DTO caught bad payloads before they hit services.
What I'd Do Differently
Finish the approval system endpoints and add rate limiting plus structured logging.
Healthcare pharmacy platform with patient/pharmacy accounts, prescriptions, orders, and product catalog.
Full-stack meeting room management for Al Baraka with NestJS backend and Next.js dashboard.
Interested in a project like this or want to collaborate on your own?