Skip to content

Latest commit

 

History

History

README.md

03-authorization-rbac

Role and permission based authorization with @RequireRoles, @RequirePermissions, and JWT authentication.

Documentation

Quick start

npm install
cp .env.example .env
npm run dev

Try it

# Login as admin (seed: admin@expressots.dev / password123)
curl -s -X POST http://localhost:3000/api/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"email":"admin@expressots.dev","password":"password123"}'

# Admin dashboard (requires admin role)
curl -s http://localhost:3000/api/admin/dashboard \
  -H 'Authorization: Bearer <accessToken>'

# Documents (requires documents:read permission)
curl -s http://localhost:3000/api/documents \
  -H 'Authorization: Bearer <accessToken>'

Tests

npm test

Covers 401 (unauthenticated), 403 (wrong role or permission), and 200 (authorized) responses.