Backend: Authentication & Authorization

[GoSTEAN]

Description: Implement JWT-based authentication with refresh tokens, user sessions, and rate limiting.

Acceptance Criteria:

• POST /api/auth/login endpoint (wallet signature verification)
• POST /api/auth/refresh endpoint for token refresh
• JWT middleware to protect private routes
• Rate limiting middleware (100 req/min per user)
• Session management with Redis
• Wallet address verification (Stellar)
• Unit + integration tests for auth flows

Tests (minimum):

• Valid login returns JWT tokens
• Invalid credentials rejected with 401
• Protected routes require valid JWT
• Rate limiter blocks excessive requests
• Refresh token flow works correctly

Files: backend/src/routes/auth.ts, backend/src/middleware/auth.ts, backend/src/services/auth.ts
Dependencies: None (can start immediately)

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 150 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[DokaIzk]

@DokaIzk has applied to work on this issue as part of the Stellar Wave Program's 1st wave.

I’ll implement JWT-based authentication with wallet signature verification (Stellar) via POST /api/auth/login, add refresh token support through POST /api/auth/refresh, protect private routes using JWT middleware, enforce per-user rate limiting (100 req/min), and manage user sessions with Redis. I’ll cover all auth flows with unit and integration tests, including login validation, 401 handling, protected route access, rate-limit enforcement, and refresh token rotation.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @DokaIzk to this issue.

[drips-wave]

Congratulations, @DokaIzk! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on January 31, 2026.

🧑‍💻 @DokaIzk: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

⚠️ Important: When opening a PR, please link it to this issue to ensure it gets tracked accurately.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[drips-wave]

This issue has been marked as completed by a Drips Wave moderator for @DokaIzk as part of the Stellar Wave Program's 1st Wave 🥳

Moderator's reason: The issue was resolved by the contributor and merged by the maintainer in PR:
#41

😎 @DokaIzk: You earned 150 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here.

🧑‍💻 Repo maintainers: How'd the contributor do? If you like, you can reward them with additional points by making a compliment within seven days after the Wave Program's current wave ends.

ℹ️ Note: This issue was marked complete via moderation. Points were issued even though the GitHub issue remains open.

[drips-wave]

This issue has been marked as completed by a Drips Wave moderator for @DokaIzk as part of the Stellar Wave Program's 1st Wave 🥳

Moderator's reason: The issue was resolved by the contributor and merged by the maintainer in PR:
#41

😎 @DokaIzk: You earned 150 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here.

🧑‍💻 Repo maintainers: How'd the contributor do? If you like, you can reward them with additional points by making a compliment within seven days after the Wave Program's current wave ends.

ℹ️ Note: This issue was marked complete via moderation. Points were issued even though the GitHub issue remains open.