initial commit

[shamoo53]

PR Description: Implement Authentication Module with JWT & Refresh Tokens
📌 Context

The application currently lacks a secure authentication mechanism. To support user sessions and protect routes, we need an authentication module that leverages JWT for access tokens and refresh tokens for session persistence. This will enable secure login, route protection, and token lifecycle management.

🎯 Goal

Implement an AuthModule that provides:

Secure login with email + password.

Issuance of accessToken + refreshToken.

Middleware/guards for protecting routes with JWT strategy.

Refresh mechanism for session persistence.

Password hashing with bcrypt to store credentials securely.

✅ Tasks & Implementation

Auth Module Setup

Generate auth.module.ts, auth.service.ts, and auth.controller.ts.

Register JwtModule with secrets & expiration configs (from .env).

User Login Flow

Validate email + password against database.

Hash passwords with bcrypt on registration.

On successful login, return { accessToken, refreshToken }.

JWT Strategy & Guards

Create JwtStrategy for validating tokens.

Implement JwtAuthGuard to protect routes.

Refresh Tokens

Create /auth/refresh endpoint.

Validate refresh token & issue new access token.

Ensure refresh tokens have longer expiration.

Token Expiration

Access Token: ~15 minutes.

Refresh Token: ~7 days.

Store refresh tokens in DB (or memory) with user binding.

Security Hardening

Store secrets in .env (e.g., JWT_ACCESS_SECRET, JWT_REFRESH_SECRET).

Use bcrypt with salt rounds (e.g., bcrypt.hash(password, 10)).
Close #240

[vercel]

@shamoo53 is attempting to deploy a commit to the naijabuz's projects Team on Vercel.

A member of the Team first needs to authorize it.