Skip to content

feat: Add JWT authentication to admin endpoints#15

Open
Ishant5436 wants to merge 2 commits into
coopfinance:mainfrom
Ishant5436:feat/jwt-auth-admin
Open

feat: Add JWT authentication to admin endpoints#15
Ishant5436 wants to merge 2 commits into
coopfinance:mainfrom
Ishant5436:feat/jwt-auth-admin

Conversation

@Ishant5436

Copy link
Copy Markdown

Summary

  • Adds Stellar-signature-based auth (GET /api/auth/nonce → sign nonce → POST /api/auth/verify → JWT) per the flow described in the issue
  • Applies JwtAuthGuard to the write endpoints: POST /groups, POST /loans, PATCH /loans/:id/status
  • Read endpoints (GET /groups, GET /loans, etc.) remain public
  • Swagger @ApiBearerAuth() wired on the guarded routes
  • e2e test covers the full nonce → verify → protected-route flow

Closes #6

Test plan

  • GET /api/auth/nonce?address=<stellar_address> returns a nonce
  • Signing the nonce with the matching keypair and posting to /api/auth/verify returns a JWT
  • JWT is accepted as Authorization: Bearer <token> on protected routes
  • Unauthenticated requests to guarded routes are rejected
  • npm run test:e2e passes locally

@Ishant5436 Ishant5436 force-pushed the feat/jwt-auth-admin branch from ad6a17b to 3729b3a Compare July 1, 2026 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add JWT authentication guard to admin-only endpoints

1 participant