OPCODE-Open-Spring-Fest
diff --git a/‎.env.example‎
Lines changed: 1 addition & 0 deletions b/‎.env.example‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/Contributor_Guide/Contributing.md‎
Lines changed: 125 additions & 18 deletions b/‎.github/Contributor_Guide/Contributing.md‎
Lines changed: 125 additions & 18 deletions
diff --git a/‎API_DOCUMENTATION.md‎
Lines changed: 229 additions & 0 deletions b/‎API_DOCUMENTATION.md‎
Lines changed: 229 additions & 0 deletions
@@ -16,3 +16,4 @@ JWT_EXPIRE=7d
 
 # CORS Configuration
 CORS_URL=http://localhost:3000
+
@@ -1,35 +1,142 @@
-# Contribute to <Project_Name>
+# Contributing to RBAC
 
-Thank you for taking the time to contribute to <project_name>! We really appreciate it.
+Thank you for taking the time to contribute to **RBAC**! 🎉  
+We appreciate your interest and contributions — whether it's fixing bugs, improving documentation, or adding new features.  
 
-Before contributing, please make sure to read the [Code of Conduct](../../CODE_OF_CONDUCT.md). We expect you to follow it in all your interactions with the project.
+Before contributing, please make sure to read our [Code of Conduct](../../CODE_OF_CONDUCT.md).  
+We expect all contributors to uphold it in all interactions related to this project.  
 
-## New to <Project_Name>?
+---
 
-If you are new to <Project_Name>, please take a look at the [documentation](./Project_Tour.md). It is a great place to start.
+## 🧭 New to RBAC?
 
-## New Contributor Guide
+If you’re new here, start by exploring our [Project Tour](./Project_Tour.md) for an overview of the architecture, setup, and modules.  
+To understand the code structure, check out the [README.md](../src/README.md) file inside the `src` directory.
 
-To get an overview of the codebase, check out the '[README.md](../src/README.md)' file in the `src` directory.
+---
 
-that will help you understand the structure of the project.
+## 💡 Ways to Contribute
 
-## How to Contribute
+There are many ways you can help make RBAC better!
 
-### Reporting Bugs
+### 🐞 Reporting Bugs
+If you find a bug or an unexpected behavior:
+1. Check existing [Issues](../../issues) to see if it’s already reported.  
+2. If not, [submit a new bug report](../ISSUE_TEMPLATE/bug_report.yaml).  
+3. Include clear steps to reproduce, expected vs actual behavior, and screenshots if relevant.
 
-If you find a bug in the source code, you can help us by [submitting an issue](../ISSUE_TEMPLATE/bug_report.yaml).
+---
 
-### Suggesting Enhancements
+### 🚀 Suggesting Enhancements
+Have an idea to improve RBAC? We’d love to hear it!  
+- Submit a [Feature Request](../ISSUE_TEMPLATE/feature_request.yaml).  
+- Describe the motivation, proposed solution, and any possible alternatives.  
 
-If you want to suggest an enhancement to <Project_Name>, please [submit an issue](../ISSUE_TEMPLATE/feature_request.yaml).
+---
 
-### Pull Requests
+### 🧑‍💻 Submitting a Pull Request (PR)
 
-If you want to contribute to <Project_Name>, submit a pull request.
+We welcome pull requests for fixes, features, and docs improvements.  
 
-- url: `https://github.com/OPCODE-Open-Spring-Fest/<project_Name>/compare/branch...YOURGITHUBUSERNAME:<project_Name>:BRANCH?quick_pull=1&template=pr.md`
+#### 🔄 Fork & Clone
+1. Fork the repository:  
+   ```bash
+   git clone https://github.com/YOUR_GITHUB_USERNAME/RBAC.git
+   cd RBAC
+   ```
+2. Create a new branch for your feature or fix:  
+   ```bash
+   git checkout -b feature/your-feature-name
+   ```
 
-### Requirements
+#### 🧩 Make Your Changes
+- Follow existing code style and conventions.  
+- Add comments and documentation where needed.  
+- Test your changes before committing.  
 
-### Setup
+#### 🧾 Commit Your Changes
+Use **conventional commit messages** (for example):
+```
+fix: resolve login redirect bug
+docs: update API setup instructions
+feat: add JWT-based role validation middleware
+```
+
+#### 📬 Push and Create a PR
+Push your branch and open a pull request using the following URL:  
+```
+https://github.com/OPCODE-Open-Spring-Fest/RBAC/compare/main...YOUR_GITHUB_USERNAME:RBAC:BRANCH?quick_pull=1&template=pr.md
+```
+
+Your PR should:
+- Clearly describe the changes.
+- Reference related issues (e.g., “Closes #23”).
+- Include screenshots or logs if relevant.
+
+---
+
+## ⚙️ Local Setup
+
+To set up the project locally:
+
+```bash
+git clone https://github.com/OPCODE-Open-Spring-Fest/RBAC.git
+cd RBAC
+npm install
+npm run dev
+```
+
+> 💡 Ensure Node.js and npm are installed before running the project.
+
+---
+
+## ✅ Code Guidelines
+
+- Follow **ESLint** rules configured in the project.
+- Write meaningful commit messages and pull request titles.
+- Keep PRs focused — one purpose per PR.
+- Update or add relevant documentation when changing code.
+
+---
+
+## 🧪 Testing
+
+Run the test suite before submitting your PR:
+
+```bash
+npm test
+```
+
+If you add new functionality, include corresponding unit tests.
+
+---
+
+## 🧱 Branch Naming Convention
+
+Please follow this format for branch names:
+- `feat/<feature-name>` – for new features  
+- `fix/<bug-name>` – for bug fixes  
+- `docs/<file-update>` – for documentation  
+- `refactor/<component>` – for refactoring  
+
+Example:
+```
+feat/add-role-based-access
+fix/login-redirect-error
+docs/update-readme
+```
+
+---
+
+## 🙌 Need Help?
+
+If you’re stuck or need clarification:
+- Open a **discussion** in the [GitHub Discussions](../../discussions) tab.
+- Or ask in the issue thread related to your contribution.
+
+---
+
+## 💬 Attribution
+
+This project follows open-source best practices.  
+Inspired by contributing guides from [Contributor Covenant](https://www.contributor-covenant.org/) and [GitHub Docs](https://docs.github.com/en/get-started/quickstart/contributing-to-projects).
@@ -0,0 +1,229 @@
+# 🔐 RBAC API Documentation
+
+## Authentication Endpoints
+
+### POST /api/auth/register
+Register a new user in the system.
+
+**Request Body:**
+```json
+{
+  "username": "string",
+  "email": "string",
+  "fullname": "string",
+  "password": "string"
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "message": "User registered successfully",
+  "user": {
+    "id": "user_id",
+    "username": "username",
+    "email": "email",
+    "role": "User"
+  }
+}
+```
+
+### POST /api/auth/login
+Authenticate user and return access and refresh tokens.
+
+**Request Body:**
+```json
+{
+  "email": "string",
+  "password": "string"
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "message": "Login successful",
+  "accessToken": "jwt_access_token",
+  "refreshToken": "jwt_refresh_token",
+  "user": {
+    "id": "user_id",
+    "username": "username",
+    "email": "email",
+    "fullname": "fullname",
+    "role": "User"
+  }
+}
+```
+
+### POST /api/auth/refresh
+Refresh access token using refresh token.
+
+**Request Body:**
+```json
+{
+  "refreshToken": "jwt_refresh_token"
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "message": "Token refreshed successfully",
+  "accessToken": "new_jwt_access_token",
+  "user": {
+    "id": "user_id",
+    "username": "username",
+    "email": "email",
+    "fullname": "fullname",
+    "role": "User"
+  }
+}
+```
+
+### POST /api/auth/logout
+Logout user and invalidate refresh token.
+
+**Request Body:**
+```json
+{
+  "refreshToken": "jwt_refresh_token"
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "message": "Logged out successfully"
+}
+```
+
+## Role Management Endpoints
+
+### GET /api/roles
+Get all roles (requires authentication).
+
+**Headers:**
+```
+Authorization: Bearer <access_token>
+```
+
+**Response:**
+```json
+[
+  {
+    "_id": "role_id",
+    "name": "Admin",
+    "permissions": [
+      {
+        "_id": "permission_id",
+        "name": "Manage Users",
+        "description": "Admin can manage users"
+      }
+    ]
+  }
+]
+```
+
+### POST /api/roles
+Create a new role (requires authentication).
+
+**Headers:**
+```
+Authorization: Bearer <access_token>
+```
+
+**Request Body:**
+```json
+{
+  "name": "string",
+  "permissions": ["permission_id_1", "permission_id_2"]
+}
+```
+
+## Permission Management Endpoints
+
+### GET /api/permissions
+Get all permissions (requires authentication).
+
+**Headers:**
+```
+Authorization: Bearer <access_token>
+```
+
+### POST /api/permissions
+Create a new permission (requires authentication).
+
+**Headers:**
+```
+Authorization: Bearer <access_token>
+```
+
+**Request Body:**
+```json
+{
+  "name": "string",
+  "description": "string"
+}
+```
+
+## RBAC Test Endpoints
+
+### GET /api/rbac-test/admin-only
+Test endpoint for Admin role only.
+
+**Headers:**
+```
+Authorization: Bearer <access_token>
+```
+
+**Response:**
+```json
+{
+  "message": "Welcome, Admin"
+}
+```
+
+### GET /api/rbac-test/user-only
+Test endpoint for User role only.
+
+**Headers:**
+```
+Authorization: Bearer <access_token>
+```
+
+**Response:**
+```json
+{
+  "message": "Welcome, User"
+}
+```
+
+## Error Responses
+
+All endpoints return consistent error responses:
+
+```json
+{
+  "success": false,
+  "message": "Error description"
+}
+```
+
+Common HTTP status codes:
+- `400` - Bad Request
+- `401` - Unauthorized
+- `403` - Forbidden
+- `404` - Not Found
+- `500` - Internal Server Error
+
+## Security Features
+
+- **JWT Access Tokens**: Short-lived (1 day) for API access
+- **Refresh Tokens**: Long-lived (7 days) for token renewal
+- **Password Hashing**: bcrypt with salt rounds
+- **Role-Based Access Control**: Granular permissions
+- **Token Invalidation**: Secure logout mechanism
Original file line number	Diff line number	Diff line change
`@@ -16,3 +16,4 @@ JWT_EXPIRE=7d`
`16`	`16`
`17`	`17`	`# CORS Configuration`
`18`	`18`	`CORS_URL=http://localhost:3000`
	`19`	`+`