NestJS backend for Akan Pay — authentication and user management foundation for the payment platform.
- NestJS 11, TypeScript, PostgreSQL 16, TypeORM
- JWT access + refresh tokens, RBAC (
user|admin) - Swagger at
/api(disabled in production by default)
docker compose up -dThis creates databases akanpay-db (dev) and akanpay-test (e2e) on first run.
cp .env.example .envEdit .env — ensure JWT secrets are at least 32 characters.
Option A — migrations (recommended for shared/CI environments):
npm run migration:runSet DB_SYNC=false in .env.
Option B — auto-sync (solo local dev only):
Set DB_SYNC=true in .env and skip migrations.
Never use
DB_SYNC=truein production. The app refuses to start ifNODE_ENV=productionandDB_SYNC=true.
npm install
npm run start:dev- API base:
http://localhost:3000/v1 - Swagger:
http://localhost:3000/api - Health:
http://localhost:3000/health - Readiness (DB ping):
http://localhost:3000/health/ready
| Method | Path | Access |
|---|---|---|
| GET | /health |
Public |
| GET | /health/ready |
Public |
| GET | /v1 |
Public |
| POST | /v1/auth/register |
Public (throttled) |
| POST | /v1/auth/login |
Public (throttled) |
| POST | /v1/auth/refresh |
Public (throttled) |
| POST | /v1/auth/logout |
Bearer JWT |
| GET | /v1/auth/profile |
Bearer JWT |
| GET | /v1/user |
user or admin |
| POST | /v1/user |
admin |
| Command | Description |
|---|---|
npm run start:dev |
Dev server with watch |
npm run build |
Compile to dist/ |
npm run migration:run |
Apply pending migrations |
npm run migration:revert |
Revert last migration |
npm run migration:show |
Show migration status |
npm test |
Unit tests |
npm run test:e2e |
E2E tests (requires Postgres) |
npm run lint |
ESLint |
Requires Postgres running (docker compose up -d). The test runner creates akanpay-test automatically if it is missing.
cp test/.env.e2e.example test/.env.e2e
npm run test:e2eTo create the test database manually (e.g. existing Docker volume from before this script existed):
npm run db:create-testOr via Docker:
docker compose exec postgres psql -U root -d postgres -c "CREATE DATABASE \"akanpay-test\";"- Helmet security headers
- Configurable CORS (
CORS_ORIGINS) - Global rate limiting + stricter auth route limits
- bcrypt password hashing
- Separate JWT secrets for access/refresh
- Refresh tokens stored hashed; rotation on refresh
- Session revocation via
tokenVersion - Global validation pipe (whitelist, forbid unknown fields)
- Production-safe error responses (no stack traces)
- Password policy: 8+ chars, upper, lower, number
See .env.example for the full list.
UPDATE "user" SET roles = '{admin}' WHERE username = 'your-username';GitHub Actions runs lint, build, unit tests, and e2e tests against PostgreSQL on push/PR to main and backend-dev.