Rules Hub
Coding Rules Library
← Back to all rules
Rule priority, scope & exceptions
Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).
backend ruleP0universalStack: NestJS
securityauthenticationauthorization
Check required account state before issuing an auth token
Confirm preconditions like verified/active status before signing and returning an access token, so unverified accounts cannot authenticate.
PR: vinify-backend · org-mining-hist-2026-06Created: Jun 19, 2026
Bad example
Old codetypescript
| 1 | async logIn(user: User): Promise<LoginSuccess> { |
| 2 | return { accessToken: this.jwt.sign({ sub: user.id }) }; |
| 3 | } |
Explanation (EN)
Objašnjenje (HR)
Good example
New codetypescript
| 1 | async logIn(user: User): Promise<LoginSuccess> { |
| 2 | if (!user.isVerified) { |
| 3 | throw new ForbiddenException('Account not verified'); |
| 4 | } |
| 5 | return { accessToken: this.jwt.sign({ sub: user.id }) }; |
| 6 | } |
Explanation (EN)
Objašnjenje (HR)