Prysm Labs – Backend Developer Intern Assignment

Mini CRM Backend (Users, Customers, Tasks)

Production-style REST API built with NestJS + PostgreSQL + Prisma.

Tech stack (mandatory)

• NestJS (TypeScript)
• PostgreSQL
• Prisma ORM
• JWT Authentication (Passport JWT)
• DTO validation (class-validator + class-transformer)
• Password hashing (bcrypt)
• Swagger API documentation (/swagger)

Setup instructions

1) Install dependencies

npm install

2) Configure environment variables

• Copy .env.example → .env
• Set a strong JWT_SECRET

3) Start PostgreSQL

Option A (recommended): Docker

docker compose up -d

Option B: Local PostgreSQL

• Install PostgreSQL
• Create a database (example: prysm_crm)
• Update DATABASE_URL in .env

4) Run database migrations (Prisma)

Development migration (creates/updates DB and generates Prisma client):

npm run prisma:migrate

Deploy-style migration (uses checked-in migrations under prisma/migrations):

npm run prisma:deploy

5) Start the server

npm run start:dev

Swagger URL

• http://localhost:3000/swagger
• Click Authorize and paste: Bearer <accessToken>

Environment variables

Defined in .env.example:

• PORT (default: 3000)
• DATABASE_URL (PostgreSQL connection string)
• JWT_SECRET (required)

Optional seed variables (only if you run npm run db:seed):

• SEED_ADMIN_EMAIL, SEED_ADMIN_PASSWORD
• SEED_EMPLOYEE_EMAIL, SEED_EMPLOYEE_PASSWORD

Authentication (JWT)

POST /auth/register

• Hashes password using bcrypt
• Enforces unique email
• Returns only: id, name, email, role (never returns password)

POST /auth/login

• Returns:
  • accessToken
  • user: { id, name, email, role }

JWT payload includes userId and role.

All protected routes require:

• Authorization: Bearer <token>

Role-based access control

• ADMIN: full access
• EMPLOYEE: read-only customers + only own tasks

API endpoints

Users (ADMIN only)

• GET /users → list users (id, name, email, role, createdAt)
• GET /users/:id → user by id
• PATCH /users/:id → updates role only

Customers

• POST /customers (ADMIN only)
• GET /customers (ADMIN + EMPLOYEE)
  • Query: page (default 1), limit (default 10), optional search
  • Response:
    • page, limit, totalRecords, totalPages, data
• GET /customers/:id (ADMIN + EMPLOYEE)
• PATCH /customers/:id (ADMIN only)
• DELETE /customers/:id (ADMIN only)

Tasks

• POST /tasks (ADMIN only)
  • Validates assignedTo exists and is EMPLOYEE
  • Validates customerId exists
• GET /tasks
  • ADMIN: all tasks
  • EMPLOYEE: only tasks assigned to them
• PATCH /tasks/:id/status
  • EMPLOYEE: can only update own tasks (403 otherwise)
  • ADMIN: allowed

Error handling (expected)

• 400 validation failures (DTO validation)
• 401 missing/invalid token, invalid login credentials
• 403 role violations / employee trying to update someone else’s task
• 404 record not found
• 409 unique constraint conflicts (customer email/phone, user email)

Postman collection

• Import postman_collection.json into Postman
• Collection variables:
  • baseUrl (default http://localhost:3000)
  • token (set by the “Login (ADMIN) -> sets token” request)

Example curl commands (PowerShell)

$API = "http://localhost:3000"

curl.exe -X POST "$API/auth/register" -H "Content-Type: application/json" -d "{\"name\":\"Admin\",\"email\":\"admin@example.com\",\"password\":\"password123\",\"role\":\"ADMIN\"}"

curl.exe -X POST "$API/auth/login" -H "Content-Type: application/json" -d "{\"email\":\"admin@example.com\",\"password\":\"password123\"}"

Seed (optional)

Creates demo data (admin + employee + sample customer/task):

npm run db:seed