Search
52 results for “bmariusz”
-
Day 5
TL;DR: Continued work on backend security — role-based access is now fully wired up.✅ Got fine-grained role-based access control fully working today.
• Roles loaded from PostgreSQL
• Injected into JWT during login
• Validated via custom `@Roles()` + `RolesGuard`
• Authenticated via `@UseGuards(JwtAuthGuard)` globally
• Introduced `@Public()` decorator to bypass guards for public endpoints
• Swagger supports Bearer token for testingTook a while to get the role propagation into the token right — the key was enriching the `validateUser()` result, not just fetching data from DB.
Modular, clean, and no magic. Feels good. 👌
more on: https://write.as/bmariusz/continuation-securing-routes-with-jwt-and-role-based-access-control
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo
#codingdays #swagger #jwt #jwt_auth #programming -
Day 5
TL;DR: Continued work on backend security — role-based access is now fully wired up.✅ Got fine-grained role-based access control fully working today.
• Roles loaded from PostgreSQL
• Injected into JWT during login
• Validated via custom `@Roles()` + `RolesGuard`
• Authenticated via `@UseGuards(JwtAuthGuard)` globally
• Introduced `@Public()` decorator to bypass guards for public endpoints
• Swagger supports Bearer token for testingTook a while to get the role propagation into the token right — the key was enriching the `validateUser()` result, not just fetching data from DB.
Modular, clean, and no magic. Feels good. 👌
more on: https://write.as/bmariusz/continuation-securing-routes-with-jwt-and-role-based-access-control
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo
#codingdays #swagger #jwt #jwt_auth #programming -
Day 5
TL;DR: Continued work on backend security — role-based access is now fully wired up.✅ Got fine-grained role-based access control fully working today.
• Roles loaded from PostgreSQL
• Injected into JWT during login
• Validated via custom `@Roles()` + `RolesGuard`
• Authenticated via `@UseGuards(JwtAuthGuard)` globally
• Introduced `@Public()` decorator to bypass guards for public endpoints
• Swagger supports Bearer token for testingTook a while to get the role propagation into the token right — the key was enriching the `validateUser()` result, not just fetching data from DB.
Modular, clean, and no magic. Feels good. 👌
more on: https://write.as/bmariusz/continuation-securing-routes-with-jwt-and-role-based-access-control
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo
#codingdays #swagger #jwt #jwt_auth #programming -
Day 5
TL;DR: Continued work on backend security — role-based access is now fully wired up.✅ Got fine-grained role-based access control fully working today.
• Roles loaded from PostgreSQL
• Injected into JWT during login
• Validated via custom `@Roles()` + `RolesGuard`
• Authenticated via `@UseGuards(JwtAuthGuard)` globally
• Introduced `@Public()` decorator to bypass guards for public endpoints
• Swagger supports Bearer token for testingTook a while to get the role propagation into the token right — the key was enriching the `validateUser()` result, not just fetching data from DB.
Modular, clean, and no magic. Feels good. 👌
more on: https://write.tyolabs.com/?p=21
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo
#codingdays #swagger #jwt #jwt_auth #programming -
Day 4
TL;DR: Full Swagger docs + JWT auth with registration and login are live.
Today’s work focused on two key improvements.
1. Swagger documentation was extended across all API layers. DTOs, entities, and controllers were enriched with `@ApiTags`, `@ApiOperation`, `@ApiResponse`, and detailed `@ApiBody` annotations — including real-life examples for request bodies.
2. JWT-based authentication was implemented. A secure registration flow was added, with password hashing via bcrypt. A login endpoint now issues access tokens containing user ID, email, and roles. All logic is encapsulated using Passport strategies (local and JWT). The next step will be protecting routes with guards and role-based access.
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo
#codingdays #swagger #jwt #jwt_auth #programming -
Day 4
TL;DR: Full Swagger docs + JWT auth with registration and login are live.
Today’s work focused on two key improvements.
1. Swagger documentation was extended across all API layers. DTOs, entities, and controllers were enriched with `@ApiTags`, `@ApiOperation`, `@ApiResponse`, and detailed `@ApiBody` annotations — including real-life examples for request bodies.
2. JWT-based authentication was implemented. A secure registration flow was added, with password hashing via bcrypt. A login endpoint now issues access tokens containing user ID, email, and roles. All logic is encapsulated using Passport strategies (local and JWT). The next step will be protecting routes with guards and role-based access.
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo
#codingdays #swagger #jwt #jwt_auth #programming -
Day 4
TL;DR: Full Swagger docs + JWT auth with registration and login are live.
Today’s work focused on two key improvements.
1. Swagger documentation was extended across all API layers. DTOs, entities, and controllers were enriched with `@ApiTags`, `@ApiOperation`, `@ApiResponse`, and detailed `@ApiBody` annotations — including real-life examples for request bodies.
2. JWT-based authentication was implemented. A secure registration flow was added, with password hashing via bcrypt. A login endpoint now issues access tokens containing user ID, email, and roles. All logic is encapsulated using Passport strategies (local and JWT). The next step will be protecting routes with guards and role-based access.
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo
#codingdays #swagger #jwt #jwt_auth #programming -
Day 4
TL;DR: Full Swagger docs + JWT auth with registration and login are live.
Today’s work focused on two key improvements.
1. Swagger documentation was extended across all API layers. DTOs, entities, and controllers were enriched with `@ApiTags`, `@ApiOperation`, `@ApiResponse`, and detailed `@ApiBody` annotations — including real-life examples for request bodies.
2. JWT-based authentication was implemented. A secure registration flow was added, with password hashing via bcrypt. A login endpoint now issues access tokens containing user ID, email, and roles. All logic is encapsulated using Passport strategies (local and JWT). The next step will be protecting routes with guards and role-based access.
https://write.tyolabs.com/?p=19
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #monorepo
#codingdays #swagger #jwt #jwt_auth #programming -
Day 3 2/2
2. Enabling API documentation with Swagger.I integrated Swagger into the backend (NestJS v10, ESM, Turbo monorepo), using `@nestjs/swagger@7` to match our current framework version.
The docs are now live at `/api/docs`, fully aligned with our global `ValidationPipe` and `AllExceptionsFilter` — ensuring consistent validation and error responses.Next: annotate DTOs, describe endpoints properly, and restrict access.
https://write.tyolabs.com/?p=17
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices
#codingdays #programming -
Day 3 1/2
TL;DR:
Added global `ValidationPipe` and unified `AllExceptionsFilter` in NestJS. API errors now follow a consistent format: `{ statusCode, error, message, code, details }`.Today’s work focused on:
1. Standardizing input validation and error handling in the backend of the insurance sales network management system (NestJS, TypeScript, ESM, Turbo monorepo).- Enabled global `ValidationPipe` with: `whitelist`, `forbidNonWhitelisted`, `transform`, `enableImplicitConversion`.
- Extended existing `AllExceptionsFilter` to produce structured error responses across `HttpException`, `QueryFailedError`, and other runtime errors.
- Removed `http-exception.filter.ts` — now redundant.
- Error response format is frontend/B2B-friendly and consistent across the API.Example error response:
{
"statusCode": 400,
"error": "Bad Request",
"message": "Field 'email' is required",
"code": "VALIDATION_EMAIL_REQUIRED",
"details": {
"field": "email",
"reason": "required"
}
}
#codingdays #programming -
Day 2:
TL;DR:
❌ `composite: true`
❌ `tsconfig.build.json`
✅ `paths` in `tsconfig.base.json`
✅ `include` shared libs explicitly where needed
✅ `turbo run build` just worksWrestled for hours (~3) with TypeScript `project references` and `paths` in a Turbo monorepo (NestJS, ESM).
Turns out: if you want global aliases like `@my-lib/foo` to *just work* across apps — skip `composite: true` and `tsc --build`.Project references and alias-based path mapping don't mix well when your intent is to keep things simple.
https://write.tyolabs.com/?p=15
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices
#codingdays #programming -
Day 1:
tl;dr: ESM + TS + NestJS + TypeORM is possible, but not recommended for the impatient.Successfully bootstrapped NestJS + TypeORM + PostgreSQL stack using ESM.
It only took:
- 6 hours
- 17 cryptic errors
- 3 existential crisesTurns out, using modern JS modules with legacy decorators is... bold. But hey — it runs now.
https://write.tyolabs.com/?p=13
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices
#codingdays #programming -
Day 0:
TL;DR: Set up the basic foundations for a new system: database schema finalized, core backend modules scaffolded, and initial API contracts defined. The real work begins now.
No hype. Just building.Today I worked on building the core backend infrastructure for a cloud-native insurance platform. Key points:
Modular microservices architecture based on NestJS
PostgreSQL schemas designed for flexibility — no hardcoded values, all dynamic
Using TypeScript with ESM modules for better code organization
Setting up communication patterns between backend and Next.js frontend
Focus on scalability and simplicity in cloud deployment
This lays a solid foundation for a system built from scratch to replace legacy solutions and support future growth.#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices
#codingdays #programming -
Day 0:
TL;DR: Set up the basic foundations for a new system: database schema finalized, core backend modules scaffolded, and initial API contracts defined. The real work begins now.
No hype. Just building.Today I worked on building the core backend infrastructure for a cloud-native insurance platform. Key points:
Modular microservices architecture based on NestJS
PostgreSQL schemas designed for flexibility — no hardcoded values, all dynamic
Using TypeScript with ESM modules for better code organization
Setting up communication patterns between backend and Next.js frontend
Focus on scalability and simplicity in cloud deployment
This lays a solid foundation for a system built from scratch to replace legacy solutions and support future growth.#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices
#codingdays #programming -
Day 0:
TL;DR: Set up the basic foundations for a new system: database schema finalized, core backend modules scaffolded, and initial API contracts defined. The real work begins now.
No hype. Just building.Today I worked on building the core backend infrastructure for a cloud-native insurance platform. Key points:
Modular microservices architecture based on NestJS
PostgreSQL schemas designed for flexibility — no hardcoded values, all dynamic
Using TypeScript with ESM modules for better code organization
Setting up communication patterns between backend and Next.js frontend
Focus on scalability and simplicity in cloud deployment
This lays a solid foundation for a system built from scratch to replace legacy solutions and support future growth.#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices
#codingdays #programming -
Day 0:
TL;DR: Set up the basic foundations for a new system: database schema finalized, core backend modules scaffolded, and initial API contracts defined. The real work begins now.
No hype. Just building.Today I worked on building the core backend infrastructure for a cloud-native insurance platform. Key points:
Modular microservices architecture based on NestJS
PostgreSQL schemas designed for flexibility — no hardcoded values, all dynamic
Using TypeScript with ESM modules for better code organization
Setting up communication patterns between backend and Next.js frontend
Focus on scalability and simplicity in cloud deployment
This lays a solid foundation for a system built from scratch to replace legacy solutions and support future growth.#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices
#codingdays #programming -
Day 0:
TL;DR: Set up the basic foundations for a new system: database schema finalized, core backend modules scaffolded, and initial API contracts defined. The real work begins now.
No hype. Just building.Today I worked on building the core backend infrastructure for a cloud-native insurance platform. Key points:
Modular microservices architecture based on NestJS
PostgreSQL schemas designed for flexibility — no hardcoded values, all dynamic
Using TypeScript with ESM modules for better code organization
Setting up communication patterns between backend and Next.js frontend
Focus on scalability and simplicity in cloud deployment
This lays a solid foundation for a system built from scratch to replace legacy solutions and support future growth.https://write.tyolabs.com/?p=10
#CloudNative #TypeScript #NestJS #Nextjs #InsuranceTech #Microservices #codingdays #programming
-
Day 11
Well, technically it’s been a few days.I just finished populating the entire partner-contracts layer in our system. That means hundreds of users, each linked to the correct unit, with the proper supervisor, job title, and contract type. All of it reflected in a single, consistent data model.
Every user has a contract pointing to their supervisor — with cascading relations:
- regional managers report directly to the admin,
- unit managers report to regional managers,
- team leads report to unit managers,
- and finally, operators, assigned in pairs to each lead.I’ve also updated every partner’s supervisor field, so hierarchy is fully navigable.
It took some time and required pulling data from multiple sources:
users, organizational units, and memberships, regional and structural hierarchy, and even address assignments.Numbers:
Total test users & contracts: 1,408
Regional Coordinators: 16
Managers: 160
Team Leads: 640
Operators: 592 -
Day 11
Well, technically it’s been a few days.I just finished populating the entire partner-contracts layer in our system. That means hundreds of users, each linked to the correct unit, with the proper supervisor, job title, and contract type. All of it reflected in a single, consistent data model.
Every user has a contract pointing to their supervisor — with cascading relations:
- regional managers report directly to the admin,
- unit managers report to regional managers,
- team leads report to unit managers,
- and finally, operators, assigned in pairs to each lead.I’ve also updated every partner’s supervisor field, so hierarchy is fully navigable.
It took some time and required pulling data from multiple sources:
users, organizational units, and memberships, regional and structural hierarchy, and even address assignments.Numbers:
Total test users & contracts: 1,408
Regional Coordinators: 16
Managers: 160
Team Leads: 640
Operators: 592 -
Day 11
Well, technically it’s been a few days.I just finished populating the entire partner-contracts layer in our system. That means hundreds of users, each linked to the correct unit, with the proper supervisor, job title, and contract type. All of it reflected in a single, consistent data model.
Every user has a contract pointing to their supervisor — with cascading relations:
- regional managers report directly to the admin,
- unit managers report to regional managers,
- team leads report to unit managers,
- and finally, operators, assigned in pairs to each lead.I’ve also updated every partner’s supervisor field, so hierarchy is fully navigable.
It took some time and required pulling data from multiple sources:
users, organizational units, and memberships, regional and structural hierarchy, and even address assignments.Numbers:
Total test users & contracts: 1,408
Regional Coordinators: 16
Managers: 160
Team Leads: 640
Operators: 592 -
Day 11
Well, technically it’s been a few days.I just finished populating the entire partner-contracts layer in our system. That means hundreds of users, each linked to the correct unit, with the proper supervisor, job title, and contract type. All of it reflected in a single, consistent data model.
Every user has a contract pointing to their supervisor — with cascading relations:
- regional managers report directly to the admin,
- unit managers report to regional managers,
- team leads report to unit managers,
- and finally, operators, assigned in pairs to each lead.I’ve also updated every partner’s supervisor field, so hierarchy is fully navigable.
It took some time and required pulling data from multiple sources:
users, organizational units, and memberships, regional and structural hierarchy, and even address assignments.Numbers:
Total test users & contracts: 1,408
Regional Coordinators: 16
Managers: 160
Team Leads: 640
Operators: 592 -
Day 11
Well, technically it’s been a few days.I just finished populating the entire partner-contracts layer in our system. That means hundreds of users, each linked to the correct unit, with the proper supervisor, job title, and contract type. All of it reflected in a single, consistent data model.
Every user has a contract pointing to their supervisor — with cascading relations:
- regional managers report directly to the admin,
- unit managers report to regional managers,
- team leads report to unit managers,
- and finally, operators, assigned in pairs to each lead.I’ve also updated every partner’s supervisor field, so hierarchy is fully navigable.
It took some time and required pulling data from multiple sources:
users, organizational units, and memberships, regional and structural hierarchy, and even address assignments.Numbers:
Total test users & contracts: 1,408
Regional Coordinators: 16
Managers: 160
Team Leads: 640
Operators: 592