Fullstack CourseLearn by building
Back to roadmap

Week 3 — Auth, contracts & API craft

Secure Nest APIs with JWT/RBAC, shape contracts, and craft list endpoints — then ship Notes P3 as this week’s mini-project.

End-of-week mini-project · practice only

Notes API — Auth + list craft (P3)

Cookie JWT, RBAC, paginated { data, meta }, and soft-delete-safe counts on Notes.

Definition. Week 3’s mini-project is Notes P3: secure the Notes API and ship correct list pagination with soft deletes.

In simpler words. Match this monorepo’s auth style. Prove the auth matrix and meta counts with the P3 grader.

Deliverables

  • httpOnly cookie login; JwtAuthGuard + RolesGuard
  • Paginated list meta; soft-delete filters on page and count
  • Admin-only soft delete; ownership on update

Acceptance checklist

- [ ] 401 vs 403 understood and implemented
- [ ] Soft-deleted rows excluded from data AND total
- [ ] pnpm course:validate-milestone be-notes-p3 is green
- [ ] Open topic be-notes-p3 for Nest auth doc links

Tips

  • Copy cookie JWT patterns from apps/api auth — not a new auth style.