Skip to content

feat: add Stellar-signature-based JWT authentication guard#11

Open
therealsaitama0 wants to merge 1 commit into
coopfinance:mainfrom
therealsaitama0:feat/jwt-auth-guard
Open

feat: add Stellar-signature-based JWT authentication guard#11
therealsaitama0 wants to merge 1 commit into
coopfinance:mainfrom
therealsaitama0:feat/jwt-auth-guard

Conversation

@therealsaitama0

@therealsaitama0 therealsaitama0 commented Jul 1, 2026

Copy link
Copy Markdown

Closes #6

Implements Stellar-signature-based JWT authentication for protected write endpoints.

  • Adds GET /api/auth/nonce endpoint for nonce generation
  • Adds POST /api/auth/verify endpoint for Stellar signature verification and JWT issuance
  • Applies JwtAuthGuard to POST /api/groups, POST /api/loans, and PATCH /api/loans/:id/status
  • Public read endpoints remain unguarded: GET /api/groups, GET /api/stats, GET /api/loans, GET /api/groups/:id
  • Swagger auth configured via existing @ApiBearerAuth() in DocumentBuilder

ETH Payment address: 0x5e1040927a1E28D740f92De27a3d493b81682D88
Paypal: https://paypal.me/therealsaitama

@therealsaitama0

therealsaitama0 commented Jul 1, 2026

Copy link
Copy Markdown
Author

Payment ETH address for this bounty: 0x5e1040927a1E28D740f92De27a3d493b81682D88
Paypal: https://paypal.me/therealsaitama

@therealsaitama0

therealsaitama0 commented Jul 1, 2026

Copy link
Copy Markdown
Author

Auth implementation summary:

  • Nonce endpoint: GET /api/auth/nonce?address=<stellar_address>
  • Verify endpoint: POST /api/auth/verify { address, signedNonce }
  • Storage: in-memory Map keyed by lower-cased address with 5-minute TTL
  • Verification: Keypair.verify from @stellar/stellar-sdk
  • JWT: issued via @nestjs/jwt and used by JwtAuthGuard (passport-jwt strategy)
  • Guards applied:
    • POST /api/groups
    • POST /api/loans
    • PATCH /api/loans/:id/status
  • Public reads stay unguarded: GET /api/groups, GET /api/stats, GET /api/loans, GET /api/groups/:id
  • Swagger bearer auth is already configured in main.ts and @ApiBearerAuth() is applied on protected endpoints
  • Build verified: npm run build

Bounty payment ETH address: 0x5e1040927a1E28D740f92De27a3d493b81682D88
Paypal: https://paypal.me/therealsaitama

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add JWT authentication guard to admin-only endpoints

1 participant