Components

Authentication Gateway

Responsibility: JWT token validation and user context extraction from Auth0 tokens

Key Interfaces:

• validateJWT(token: string): Promise<UserContext>
• extractUserContext(jwt: JWT): UserContext

Dependencies: Auth0 JWT verification, User service for role validation

Technology Stack: NestJS Guard using @nestjs/jwt and Auth0 public keys for token verification

Tenant Context Service

Responsibility: Automatic data filtering based on user's client_access permissions extracted from JWT

Key Interfaces:

• getCurrentUserContext(): UserContext
• filterByClientAccess<T>(query: Query<T>): Query<T>
• validateClientAccess(clientId: string): boolean

Dependencies: Authentication Gateway, Prisma Client

Technology Stack: NestJS service with Prisma middleware for transparent query filtering

Role Authorization Service

Responsibility: Role-based endpoint access control using decorators and guards

Key Interfaces:

• @RequireRoles(...roles: UserRole[])
• @RequireClientAccess(clientIdParam: string)
• validateRoleAccess(requiredRoles: UserRole[], userRole: UserRole): boolean

Dependencies: Authentication Gateway, Tenant Context Service

Technology Stack: NestJS custom decorators and guards with metadata reflection

API Client Service (Frontend)

Responsibility: HTTP client that automatically includes JWT token in all requests

Key Interfaces:

• get<T>(url: string): Promise<T>
• post<T>(url: string, data: any): Promise<T>
• upload(url: string, file: File): Promise<any>

Dependencies: Auth0 React SDK for token management

Technology Stack: Axios or Fetch with Auth0 token interceptor, no client-side filtering logic

Component Diagrams