Projects Management API
Backend Lead18 weeksLiveTeam of 3

Projects Management API

NestJS backend with JWT auth, RBAC guards, and Prisma for academic project lifecycle management

NNestJSPrismaPrismaPostgreSQLPostgreSQLTypeScriptTypeScriptJJWTNext.jsNext.jsRQReact Query
View LiveSource Code

Project Intelligence

Duration

18 weeks

Technologies

7

Status

Production

Key Challenge

Layering AuthGuard, VerifiedGuard, RolesGuard, and OwnershipGuard cleanly across 40+ endpoints

Skills Demonstrated

API DesignAuthenticationRBACPrisma

TL;DR

Designed and shipped a NestJS + Prisma + PostgreSQL API for managing users, projects, modules, and workshops with JWT authentication, role-based guards, and an approval workflow—deployed live on Render.

Problem

Academic project tracking lacked centralized auth, roles, and approval workflows

Solution

Layered NestJS guard stack with JWT, email verification, and ownership checks

Result

Live API on Render serving projects, users, modules, and workshops

40+

API endpoints

4

Security guards

Key Outcomes

8+

API modules

4

Guard types

99.5%

Deploy uptime

Curated Visuals

Screenshot 1
1 / 21

Screenshot 1

Results & Impact

Production-grade school project API with real security patterns deployed live.

Centralized project lifecycle management for academic teams.

61

Commits

8+

Domain modules

Architecture

Architecture diagram

Three-tier architecture: Next.js frontend, NestJS REST API, and PostgreSQL via Prisma.

Each domain is an isolated NestJS module with controller, service, and DTOs. Guards applied via decorators at controller or method level.

Email verification tokens validated before VerifiedGuard allows access.

Infrastructure & Deployment

Backend on Render with managed PostgreSQL. Frontend on Vercel pointing to Render API URL.

Features

Core

JWT Authentication

Signup, signin, email verification, and password reset.

Core

Role-Based Access

Member, owner, and mentor roles enforced by RolesGuard.

Core

Project CRUD

Create and manage projects with team membership.

Core

Workshop Tracking

Schedule and track upcoming and past workshops.

Secondary

Approval Workflow

Request and approve team member additions.

Planned

Audit Logging

Structured audit trail for sensitive operations.

Challenges & Solutions

1

Guard composition

The Problem

Different endpoints need different guard combinations.

How I Solved It

Reusable guards combined with @UseGuards decorator stacks per route.

@UseGuards(AuthGuard, VerifiedGuard, RolesGuard)
@Roles(Role.MENTOR)
@Get(':id/team') getProjectTeam() { ... }
2

Email verification race

The Problem

Users could hit protected routes before verifying email.

How I Solved It

VerifiedGuard blocks all non-auth routes until isVerified is true.

if (!user.isVerified) throw new ForbiddenException('Verify email first');
3

Ownership on nested resources

The Problem

Project owners should modify their projects but not others.

How I Solved It

OwnershipGuard loads entity and compares ownerId to JWT user id.

@UseGuards(AuthGuard, OwnershipGuard)
@Patch(':id') updateProject() { ... }

Lessons Learned

  1. 1

    Guards compose better than middleware soup

    NestJS guard decorators made it easy to mix auth, verification, role, and ownership checks per endpoint.

  2. 2

    Prisma accelerates iteration

    Schema changes with migrate dev kept the team moving fast without raw SQL drift.

  3. 3

    DTOs at the boundary

    class-validator on every input DTO caught bad payloads before they hit services.

What I'd Do Differently

Finish the approval system endpoints and add rate limiting plus structured logging.