BE-9: Authentication (JWT)

[tecnodeveloper]

Implement JWT-based authentication to protect book endpoints.

User Story

Given a user
When they log in
Then they receive a token to access protected routes

Endpoints

POST /auth/register
POST /auth/login

Tasks

• Create user model/table

• Implement registration endpoint:

  • Validate input
  • Hash password

• Implement login endpoint:

  • Verify credentials
  • Generate JWT token

• Create auth middleware:

  • Verify token
  • Attach user to request

• Protect routes:

  • POST /book
  • PUT /book/:id
  • DELETE /book/:id

• Add Swagger documentation

  • Auth endpoints
  • Bearer token usage

Acceptance Criteria

• User can register
• User can log in and receive token
• Protected routes require valid token
• Invalid token returns 401 Unauthorized
• Swagger supports auth header

Testing Steps

• Register user
• Login → get token
• Call protected endpoint without token → 401
• Call with token → success

Definition of Done

• Auth implemented
• Middleware works
• Routes protected
• Swagger updated
• Code linted and formatted