@bmariusz@techhub.socialDay 3 2/2
2. Enabling API documentation with Swagger.
I integrated Swagger into the backend (NestJS v10, ESM, Turbo monorepo), using `@nestjs/swagger@7` to match our current framework version.
The docs are now live at `/api/docs`, fully aligned with our global `ValidationPipe` and `AllExceptionsFilter` — ensuring consistent validation and error responses.
Next: annotate DTOs, describe endpoints properly, and restrict access.
@bmariusz@techhub.socialDay 3 1/2
TL;DR:
Added global `ValidationPipe` and unified `AllExceptionsFilter` in NestJS. API errors now follow a consistent format: `{ statusCode, error, message, code, details }`.
Today’s work focused on:
1. Standardizing input validation and error handling in the backend of the insurance sales network management system (NestJS, TypeScript, ESM, Turbo monorepo).
- Enabled global `ValidationPipe` with: `whitelist`, `forbidNonWhitelisted`, `transform`, `enableI…
@bmariusz@techhub.socialDay 18
Today I debugged an issue with accessing backend endpoints from a Next.js frontend talking to a NestJS API.
The browser was blocking requests due to a CORS error — the Authorization header was not allowed in the preflight response. Even though frontend domains were correctly set, I forgot to include Authorization in allowedHeaders.
After updating enableCors() to:
`allowedHeaders: 'Authorization, Content-Type, Accept'`
…the issue disappeared, and t…
@bmariusz@techhub.socialDay 16
Just published a deep dive into building a secure login page with Next.js, NestJS, JWT, and PostgreSQL.
- Email verification
- Role-based access control
- Subscription enforcement
- Token decoding in frontend
- SQL-level inserts for system roles
Includes full code snippets and explanation of the entire flow.
Perfect if you're working on full-stack apps with JavaScript, TypeScript, and SQL.
@bmariusz@techhub.socialDay 12
Implemented password reset functionality using JWT:
/auth/remind-password generates a short-lived token and sends it via email
/auth/reset-password verifies the token and updates the password using bcrypt
Validation handled with class-validator.
Endpoints documented with Swagger.
Token secret and base URL configured via environment variables.
@bmariusz@techhub.socialDay 6
TL;DR: Groups, memberships, hierarchy — all dynamic now.
Released backend v0.3.0 🎉
✅ Users can belong to multiple groups with typed roles
✅ Groups can form hierarchical or overlapping structures
✅ Roles are normalized via reference types
Built with NestJS TypeORM. Documented via Swagger.
https://write…
@bmariusz@techhub.socialTL;DR:🧵
Today I lost 2 hours because TypeORM ESM NestJS is a fragile combo when it comes to migrations.
No migration:status.
No ESM-compatible CLI.
No schema awareness.
Class name must match filename (with timestamp!).
So I wrote my own migration-status.ts script to compare database state with the migration folder.
Lesson: if you need INSERT INTO "schema"."table", don’t forget the schema.
ORMs give you boilerplate — and tra…
