Gym Pass
Backend API focused on gym check-ins, with user registration/authentication, gym search by name or proximity, and check-in flows with strict business rules. It includes RBAC for admin actions, JWT authentication with refresh token via cookie, Swagger/OpenAPI documentation, and unit/e2e test coverage.
The Problem
Managing gym check-ins requires enforcing rules like maximum distance, one check-in per day, limited validation window, and role-based permissions, while keeping the API secure and maintainable.
The Solution
Implemented a layered architecture with Fastify controllers, use cases, and repository abstractions using Prisma + PostgreSQL. Added JWT/refresh-token authentication, RBAC middleware, geolocation-based validation, and automated testing with Vitest.
Technical Architecture
Fastify exposes REST routes and handles request/response validation with Zod. Controllers delegate to use-case services that encapsulate business rules. Use cases access data through repository interfaces, with Prisma implementations for PostgreSQL and in-memory implementations for tests. Swagger/OpenAPI provides interactive API documentation.