Login that sets httpOnly cookie; JwtAuthGuard + RolesGuard
Return paginated meta with page/limit/total/totalPages
Soft-delete with matching list and count filters
How to work this milestone
Definition
A milestone is an auto-checked Notes API stage in apps/notes-practice: read the official Nest chapter, inspect the monorepo reference, implement the stage, then run the grader.
In simpler words
Literacy quiz (≥80%) still matters. The milestone command proves you can ship the week’s code.
Official tutorial order: docs/academy/fe-to-api/README.md (Week 3 — AuthN / AuthZ).
Official docs: Nest Authentication + Authorization — https://docs.nestjs.com/security/authentication
Repo reference (read-only teaching slice): apps/api/src/modules/auth/*, common/auth/auth.decorators.ts, tickets list pagination
Supplemental Nest/SQL links live under /resources.
Implement in apps/notes-practice, then run: pnpm course:validate-milestone be-notes-p3
On green, the CLI posts POST /course/milestones/:id/complete (cookie session) so progress saves with passedVia=milestone.
Acceptance checklist
- [ ] httpOnly cookie login
- [ ] @Roles('admin') on delete + ForbiddenException path
- [ ] { data, meta } pagination + soft-delete filters
- [ ] pnpm course:validate-milestone be-notes-p3 is green
The grader encodes these checks; unchecked boxes mean the milestone is not done.
Deliverables
Definition
Deliverables are the concrete Nest files and behaviors this stage must produce.
In simpler words
Ship the smallest vertical slice that makes the grader green — not a redesign of the monorepo.
Cookie JWT login; @Public on login/health
Admin-only soft delete; member ownership on update
Paginated list excluding soft-deleted rows in data and total
Keep in mind
401 = not authenticated; 403 = authenticated but wrong role.
Reuse the same QueryBuilder filters for page and count.
Test
Check your understanding
At least 10 questions — mix of concept, syntax, practical, and logic. Score ≥ 80% (enforced by the API) to save progress.