diff --git a/AGENTS.md b/AGENTS.md
index 679234b..d5193a9 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -8,39 +8,75 @@ News site in Macedonia with sarcastic tone. Minimalistic design using TanStack s
 - **Backend**: NestJS + TypeORM + SQLite
 - **CMS**: Strapi (in /cms)
 
+## Root-Level Commands
+```bash
+# Docker development
+npm run docker:up           # Start all services
+npm run docker:down         # Stop all services
+npm run docker:build        # Rebuild containers
+npm run docker:logs         # View logs
+npm run dev:docker          # Start docker dev (alias)
+
+# Local development
+npm run dev:local           # Start backend & frontend locally
+npm run dev:backend:local   # Backend only (local env)
+npm run dev:frontend:local  # Frontend only (local env)
+
+# Code quality
+npm run lint                # Lint both projects
+npm run lint:fix            # Auto-fix lint issues
+npm run type-check          # Type check both projects
+
+# Database operations
+npm run db:backup           # Backup database
+npm run db:restore          # Restore database
+npm run db:reset            # Reset database
+
+# Environment
+npm run reset:env           # Reset to docker environment
+```
+
 ## Build Commands
 
 ### Backend (NestJS)
 ```bash
 cd backend
 npm install
-npm run start:dev    # Watch mode
+npm run start:dev           # Watch mode
+npm run start:debug         # Debug mode
 npm run build
 npm run start:prod
-npm run lint         # Lint
-npm run lint:fix     # Auto-fix
-npm run type-check   # TypeScript check
-npm test             # All tests
+npm run lint                # Lint
+npm run lint:fix            # Auto-fix
+npm run type-check          # TypeScript check
+npm test                    # All tests
+npm test:watch              # Watch mode tests
+npm test:cov                # Coverage
+npm test:e2e                # E2E tests
 npm test app.service.spec.ts  # Single file
-npm test -t "should"           # By test name
-npm run test:cov    # Coverage
-npm run test:e2e    # E2E tests
+npm test -t "should return"    # By test name pattern
+npm run format              # Format with Prettier
+npm run dev:local           # Local env with .env.local
+npm run dev:docker          # Docker env with .env.docker
 ```
 
 ### Frontend (TanStack)
 ```bash
 cd frontend
 npm install
-npm run dev         # Vite dev server
+npm run dev                 # Vite dev server
 npm run build
 npm run preview
-npm run lint
-npm run lint:fix
-npm run type-check
-npm test            # All tests
-npm test Header.test.tsx  # Single file
-npm test -t "renders"     # By name
-npm run test:ui     # Vitest UI
+npm run lint                # Lint
+npm run lint:fix            # Auto-fix
+npm run type-check          # TypeScript check
+npm test                    # All tests (Vitest)
+npm test:ui                 # Vitest UI
+npm test:coverage           # Test coverage
+npm test Header.test.tsx    # Single file
+npm test -t "renders"       # By test name pattern
+npm run dev:local           # Local env with .env.local
+npm run dev:docker          # Docker env with .env.docker
 ```
 
 ## Code Style
@@ -51,6 +87,8 @@ npm run test:ui     # Vitest UI
 - Explicit return types for public methods
 - Prefer interfaces over types for objects
 - Use `readonly` for immutable properties
+- Backend: `noImplicitAny: true`, `strictNullChecks: true`
+- Frontend: Path alias `@/*` maps to `./src/*`
 
 ### Naming Conventions
 - **Files**: kebab-case (`user-profile.ts`, `auth.service.ts`)
@@ -62,6 +100,20 @@ npm run test:ui     # Vitest UI
 
 ### Import Order
 - External libraries first, then internal modules, then relative imports
+- Group imports with blank lines between groups
+- Example:
+  ```typescript
+  // External
+  import { Module } from '@nestjs/common';
+  import { TypeOrmModule } from '@nestjs/typeorm';
+  
+  // Internal modules
+  import { AuthModule } from '../auth/auth.module';
+  
+  // Relative imports
+  import { UserService } from './user.service';
+  import { UserController } from './user.controller';
+  ```
 
 
 ### File Structure
@@ -104,12 +156,16 @@ frontend/src/
   ```
 
 ### Testing
+- **Backend**: Jest with ts-jest transformer
+- **Frontend**: Vitest with React Testing Library patterns
 - Unit tests for services/hooks (AAA pattern: Arrange-Act-Assert)
 - Integration tests for API endpoints
 - E2E tests for critical user flows
-- Descriptive test names that explain what is tested
+- Descriptive test names that explain what is tested (e.g., `should return user data when valid ID provided`)
 - Mock external dependencies (use Jest for backend, Vitest for frontend)
 - Run `npm test` for all tests or target specific files/names
+- Test files: `*.spec.ts` (backend), `*.test.tsx` (frontend)
+- Coverage reports: `npm test:cov` (backend), `npm test:coverage` (frontend)
 
 ### Git Workflow
 - Conventional commits: `feat:`, `fix:`, `refactor:`, `test:`, `docs:`, `chore:`
@@ -147,5 +203,16 @@ frontend/src/
 - Example backend env: `DATABASE_PATH=./data.db`
 - Store sensitive config in `.env` files
 - Use `DATABASE_PATH` for SQLite location
+- Use `@nestjs/config` for backend environment management
+- Frontend env vars must be prefixed with `VITE_`
+
+## Agent-Specific Instructions
+- **ALWAYS** run `npm run lint` and `npm run type-check` after making changes
+- **NEVER** commit changes without explicit user request
+- **ALWAYS** follow existing code patterns and conventions
+- **PREFER** editing existing files over creating new ones
+- **VERIFY** tests pass before considering work complete
+- **USE** the root-level commands for common operations
+- **CHECK** both backend and frontend when making API changes
 
 
diff --git a/backend/package.json b/backend/package.json
index b0ac5dc..7b768c9 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -22,7 +22,8 @@
     "test:e2e": "jest --config ./test/jest-e2e.json",
     "dev:docker": "nest start --watch",
     "dev:local": "cp -f .env.local .env && nest start --watch",
-    "dev:reset-env": "cp -f .env.docker .env"
+    "dev:reset-env": "cp -f .env.docker .env",
+    "seed:admin": "ts-node scripts/seed-admin.ts"
   },
   "dependencies": {
     "@nestjs/axios": "^4.0.1",
@@ -30,10 +31,19 @@
     "@nestjs/config": "^4.0.2",
     "@nestjs/core": "^11.0.1",
     "@nestjs/event-emitter": "^3.0.1",
+    "@nestjs/jwt": "^11.0.2",
+    "@nestjs/passport": "^11.0.5",
     "@nestjs/platform-express": "^11.0.1",
     "@nestjs/typeorm": "^11.0.0",
+    "@types/bcrypt": "^6.0.0",
+    "@types/passport-jwt": "^4.0.1",
+    "@types/passport-local": "^1.0.38",
+    "bcrypt": "^6.0.0",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.14.3",
+    "passport": "^0.7.0",
+    "passport-jwt": "^4.0.1",
+    "passport-local": "^1.0.0",
     "pg": "^8.18.0",
     "reflect-metadata": "^0.2.2",
     "rxjs": "^7.8.1",
diff --git a/backend/scripts/reset-db.js b/backend/scripts/reset-db.js
new file mode 100644
index 0000000..c605ef8
--- /dev/null
+++ b/backend/scripts/reset-db.js
@@ -0,0 +1,26 @@
+const { exec } = require('child_process');
+const { promisify } = require('util');
+const execAsync = promisify(exec);
+
+async function resetDatabase() {
+  console.log('Resetting database...');
+  
+  try {
+    // Drop and recreate the database
+    const { stdout, stderr } = await execAsync(`
+      PGPASSWORD=placebo_password psql -h localhost -U placebo_user -d postgres -c "DROP DATABASE IF EXISTS placebo_backend_db;"
+      PGPASSWORD=placebo_password psql -h localhost -U placebo_user -d postgres -c "CREATE DATABASE placebo_backend_db;"
+    `);
+    
+    if (stderr && !stderr.includes('warning')) {
+      console.error('Error:', stderr);
+      return;
+    }
+    
+    console.log('Database reset successfully!');
+  } catch (error) {
+    console.error('Failed to reset database:', error.message);
+  }
+}
+
+resetDatabase();
\ No newline at end of file
diff --git a/backend/scripts/reset-db.sh b/backend/scripts/reset-db.sh
new file mode 100755
index 0000000..0c181d8
--- /dev/null
+++ b/backend/scripts/reset-db.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+echo "Resetting PostgreSQL database..."
+
+# Connect to PostgreSQL and reset the database (without -t for TTY)
+docker exec -i placebo-postgres-dev psql -U placebo_user -d postgres <<EOF
+DROP DATABASE IF EXISTS placebo_backend_db;
+CREATE DATABASE placebo_backend_db;
+EOF
+
+echo "Database reset complete!"
+echo "The new schema will be created when the backend starts with DATABASE_SYNCHRONIZE=true"
\ No newline at end of file
diff --git a/backend/scripts/seed-admin.ts b/backend/scripts/seed-admin.ts
new file mode 100644
index 0000000..62ca6df
--- /dev/null
+++ b/backend/scripts/seed-admin.ts
@@ -0,0 +1,41 @@
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from '../src/app.module';
+import { UserService } from '../src/modules/users/user.service';
+import { UserRole } from '../src/modules/entities';
+
+async function bootstrap() {
+  const app = await NestFactory.createApplicationContext(AppModule);
+  const userService = app.get(UserService);
+
+  try {
+    // Check if admin user already exists
+    const existingAdmin = await userService.findByUsername('admin');
+    if (existingAdmin) {
+      console.log('Admin user already exists');
+      await app.close();
+      return;
+    }
+
+    // Create admin user
+    const adminUser = await userService.create({
+      username: 'admin',
+      email: 'admin@placebo.mk',
+      password: 'admin123', // Change this in production!
+      role: UserRole.ADMIN,
+      isActive: true,
+    });
+
+    console.log('Admin user created successfully:');
+    console.log(`Username: ${adminUser.username}`);
+    console.log(`Email: ${adminUser.email}`);
+    console.log(`Role: ${adminUser.role}`);
+    console.log('\n⚠️  IMPORTANT: Change the default password immediately!');
+
+  } catch (error) {
+    console.error('Error creating admin user:', error);
+  } finally {
+    await app.close();
+  }
+}
+
+bootstrap();
\ No newline at end of file
diff --git a/backend/src/app.module.ts b/backend/src/app.module.ts
index 8844efb..e5d80a3 100644
--- a/backend/src/app.module.ts
+++ b/backend/src/app.module.ts
@@ -6,12 +6,18 @@ import { AppService } from './app.service';
 import { ArticlesModule } from './modules/articles.module';
 import { StrapiModule } from './modules/strapi.module';
 import { LiveBlogModule } from './modules/live-blog.module';
+import { UserModule } from './modules/users/user.module';
+import { AuthModule } from './modules/auth/auth.module';
+import { CommentModule } from './modules/comment/comment.module';
 import {
   Article,
   Author,
   Category,
   LiveBlog,
   LiveBlogUpdate,
+  User,
+  Comment,
+  Reaction,
 } from './modules/entities';
 
 @Module({
@@ -26,13 +32,25 @@ import {
       username: process.env.DATABASE_USERNAME || 'placebo_user',
       password: process.env.DATABASE_PASSWORD || 'placebo_password',
       database: process.env.DATABASE_NAME || 'placebo_backend_db',
-      entities: [Article, Author, Category, LiveBlog, LiveBlogUpdate],
-      synchronize: process.env.NODE_ENV !== 'production',
-      logging: process.env.NODE_ENV === 'development',
+      entities: [
+        Article,
+        Author,
+        Category,
+        LiveBlog,
+        LiveBlogUpdate,
+        User,
+        Comment,
+        Reaction,
+      ],
+      synchronize: process.env.DATABASE_SYNCHRONIZE === 'true',
+      logging: process.env.DATABASE_LOGGING === 'true',
     }),
     ArticlesModule,
     StrapiModule,
     LiveBlogModule,
+    UserModule,
+    AuthModule,
+    CommentModule,
   ],
   controllers: [AppController],
   providers: [AppService],
diff --git a/backend/src/main.ts b/backend/src/main.ts
index d4964c5..058a471 100644
--- a/backend/src/main.ts
+++ b/backend/src/main.ts
@@ -1,5 +1,7 @@
-import { NestFactory } from '@nestjs/core';
+import { NestFactory, Reflector } from '@nestjs/core';
+import { ValidationPipe } from '@nestjs/common';
 import { AppModule } from './app.module';
+import { JwtAuthPublicGuard } from './modules/auth/jwt-auth-public.guard';
 
 async function bootstrap() {
   const app = await NestFactory.create(AppModule);
@@ -16,6 +18,19 @@ async function bootstrap() {
 
   app.setGlobalPrefix('api/v1');
 
+  // Apply global validation pipe
+  app.useGlobalPipes(
+    new ValidationPipe({
+      whitelist: true,
+      transform: true,
+      forbidNonWhitelisted: true,
+    }),
+  );
+
+  // Apply global authentication guard
+  const reflector = app.get(Reflector);
+  app.useGlobalGuards(new JwtAuthPublicGuard(reflector));
+
   const port = process.env.PORT ?? 3000;
   const host = '0.0.0.0'; // Bind to all interfaces for Docker
   await app.listen(port, host);
diff --git a/backend/src/modules/articles.controller.ts b/backend/src/modules/articles.controller.ts
index 2f0449d..4162aa1 100644
--- a/backend/src/modules/articles.controller.ts
+++ b/backend/src/modules/articles.controller.ts
@@ -8,7 +8,7 @@ import {
   Body,
   Param,
   Query,
-  ValidationPipe,
+  UseGuards,
 } from '@nestjs/common';
 import { ArticlesService } from './articles.service';
 import {
@@ -16,54 +16,67 @@ import {
   UpdateArticleDto,
   FindArticlesDto,
 } from './articles.dto';
-import { ArticleStatus } from './entities';
+
+import { JwtAuthGuard } from './auth/jwt-auth.guard';
+import { RolesGuard } from './auth/roles.guard';
+import { Roles } from './auth/roles.decorator';
+import { Public } from './auth/public.decorator';
+import { UserRole } from './entities';
 
 @Controller('articles')
 export class ArticlesController {
   constructor(private readonly articlesService: ArticlesService) {}
 
   @Post()
-  create(@Body(new ValidationPipe({ transform: true })) dto: CreateArticleDto) {
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
+  create(@Body() dto: CreateArticleDto) {
     return this.articlesService.create(dto);
   }
 
   @Get()
-  findAll(
-    @Query(new ValidationPipe({ transform: true })) dto: FindArticlesDto,
-  ) {
+  @Public()
+  findAll(@Query() dto: FindArticlesDto) {
     return this.articlesService.findAll(dto);
   }
 
   @Get(':id')
+  @Public()
   findOne(@Param('id') id: string) {
     return this.articlesService.findOne(id);
   }
 
   @Get('slug/:slug')
+  @Public()
   findBySlug(@Param('slug') slug: string) {
     return this.articlesService.findBySlug(slug);
   }
 
   @Put(':id')
-  update(
-    @Param('id') id: string,
-    @Body(new ValidationPipe({ transform: true })) dto: UpdateArticleDto,
-  ) {
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
+  update(@Param('id') id: string, @Body() dto: UpdateArticleDto) {
     return this.articlesService.update(id, dto);
   }
 
   @Delete(':id')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
   remove(@Param('id') id: string) {
     return this.articlesService.remove(id);
   }
 
   @Patch(':id/archive')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
   archive(@Param('id') id: string) {
     return this.articlesService.archive(id);
   }
 
   @Patch(':id/publish')
-  publish(@Param('id') id: string, @Query('status') status?: ArticleStatus) {
-    return this.articlesService.publish(id, status || ArticleStatus.PUBLISHED);
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
+  publish(@Param('id') id: string) {
+    return this.articlesService.publish(id);
   }
 }
diff --git a/backend/src/modules/auth/auth.controller.ts b/backend/src/modules/auth/auth.controller.ts
new file mode 100644
index 0000000..0ed67ba
--- /dev/null
+++ b/backend/src/modules/auth/auth.controller.ts
@@ -0,0 +1,31 @@
+import {
+  Controller,
+  Post,
+  Body,
+  HttpCode,
+  HttpStatus,
+  UseGuards,
+} from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { LoginUserDto, CreateUserDto } from '../users/user.dto';
+import { LocalAuthGuard } from './local-auth.guard';
+import { Public } from './public.decorator';
+
+@Controller('auth')
+export class AuthController {
+  constructor(private readonly authService: AuthService) {}
+
+  @Public()
+  @UseGuards(LocalAuthGuard)
+  @Post('login')
+  @HttpCode(HttpStatus.OK)
+  async login(@Body() loginUserDto: LoginUserDto) {
+    return this.authService.login(loginUserDto);
+  }
+
+  @Public()
+  @Post('register')
+  async register(@Body() createUserDto: CreateUserDto) {
+    return this.authService.register(createUserDto);
+  }
+}
diff --git a/backend/src/modules/auth/auth.module.ts b/backend/src/modules/auth/auth.module.ts
new file mode 100644
index 0000000..a160327
--- /dev/null
+++ b/backend/src/modules/auth/auth.module.ts
@@ -0,0 +1,34 @@
+import { Module } from '@nestjs/common';
+import { JwtModule } from '@nestjs/jwt';
+import { PassportModule } from '@nestjs/passport';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { UserModule } from '../users/user.module';
+import { AuthService } from './auth.service';
+import { AuthController } from './auth.controller';
+import { JwtStrategy } from './jwt.strategy';
+import { LocalStrategy } from './local.strategy';
+
+@Module({
+  imports: [
+    UserModule,
+    PassportModule,
+    JwtModule.registerAsync({
+      imports: [ConfigModule],
+      useFactory: (configService: ConfigService) => {
+        const expiration = configService.get<string>('JWT_EXPIRATION') || '7d';
+        return {
+          secret:
+            configService.get<string>('JWT_SECRET') || 'default-secret-key',
+          signOptions: {
+            expiresIn: expiration ? parseInt(expiration) : 3600, // Convert to number
+          },
+        };
+      },
+      inject: [ConfigService],
+    }),
+  ],
+  controllers: [AuthController],
+  providers: [AuthService, LocalStrategy, JwtStrategy],
+  exports: [AuthService, JwtModule],
+})
+export class AuthModule {}
diff --git a/backend/src/modules/auth/auth.service.ts b/backend/src/modules/auth/auth.service.ts
new file mode 100644
index 0000000..e038367
--- /dev/null
+++ b/backend/src/modules/auth/auth.service.ts
@@ -0,0 +1,80 @@
+import { Injectable } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { UserService } from '../users/user.service';
+import { CreateUserDto, LoginUserDto } from '../users/user.dto';
+import { AuthResponse, JwtPayload } from './types';
+import { UserRole } from '../entities';
+
+@Injectable()
+export class AuthService {
+  constructor(
+    private userService: UserService,
+    private jwtService: JwtService,
+  ) {}
+
+  async validateUser(
+    username: string,
+    password: string,
+  ): Promise<{
+    id: string;
+    username: string;
+    email: string;
+    role: string;
+  } | null> {
+    return this.userService.validateUser(username, password);
+  }
+
+  async login(loginUserDto: LoginUserDto): Promise<AuthResponse> {
+    const user = await this.validateUser(
+      loginUserDto.username,
+      loginUserDto.password,
+    );
+    if (!user) {
+      throw new Error('Invalid credentials');
+    }
+
+    const payload: JwtPayload = {
+      sub: user.id,
+      username: user.username,
+      email: user.email,
+      role: user.role as UserRole,
+    };
+
+    return {
+      access_token: this.jwtService.sign(payload),
+      user: {
+        id: user.id,
+        username: user.username,
+        email: user.email,
+        role: user.role as UserRole,
+      },
+    };
+  }
+
+  async register(createUserDto: CreateUserDto): Promise<AuthResponse> {
+    // Default new users to USER role
+    const userDto = {
+      ...createUserDto,
+      role: UserRole.USER,
+    };
+
+    const user = await this.userService.create(userDto);
+
+    const payload: JwtPayload = {
+      sub: user.id,
+      username: user.username,
+      email: user.email,
+      role: user.role,
+    };
+
+    return {
+      access_token: this.jwtService.sign(payload),
+      user: {
+        id: user.id,
+        username: user.username,
+        email: user.email,
+        role: user.role,
+      },
+    };
+  }
+}
diff --git a/backend/src/modules/auth/jwt-auth-public.guard.ts b/backend/src/modules/auth/jwt-auth-public.guard.ts
new file mode 100644
index 0000000..0f4a07a
--- /dev/null
+++ b/backend/src/modules/auth/jwt-auth-public.guard.ts
@@ -0,0 +1,24 @@
+import { Injectable, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { AuthGuard } from '@nestjs/passport';
+import { IS_PUBLIC_KEY } from './public.decorator';
+
+@Injectable()
+export class JwtAuthPublicGuard extends AuthGuard('jwt') {
+  constructor(private reflector: Reflector) {
+    super();
+  }
+
+  canActivate(context: ExecutionContext) {
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    if (isPublic) {
+      return true;
+    }
+
+    return super.canActivate(context);
+  }
+}
diff --git a/backend/src/modules/auth/jwt-auth.guard.ts b/backend/src/modules/auth/jwt-auth.guard.ts
new file mode 100644
index 0000000..f9516ee
--- /dev/null
+++ b/backend/src/modules/auth/jwt-auth.guard.ts
@@ -0,0 +1,9 @@
+import { Injectable, ExecutionContext } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {
+  canActivate(context: ExecutionContext) {
+    return super.canActivate(context);
+  }
+}
diff --git a/backend/src/modules/auth/jwt.strategy.ts b/backend/src/modules/auth/jwt.strategy.ts
new file mode 100644
index 0000000..4c43731
--- /dev/null
+++ b/backend/src/modules/auth/jwt.strategy.ts
@@ -0,0 +1,27 @@
+import { Injectable } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+import { ConfigService } from '@nestjs/config';
+import { JwtPayload } from './types';
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy) {
+  constructor(private configService: ConfigService) {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKey:
+        configService.get<string>('JWT_SECRET') || 'default-secret-key',
+    });
+  }
+
+  async validate(payload: JwtPayload) {
+    await Promise.resolve(); // Add await to satisfy eslint rule
+    return {
+      id: payload.sub,
+      username: payload.username,
+      email: payload.email,
+      role: payload.role,
+    };
+  }
+}
diff --git a/backend/src/modules/auth/local-auth.guard.ts b/backend/src/modules/auth/local-auth.guard.ts
new file mode 100644
index 0000000..ccf962b
--- /dev/null
+++ b/backend/src/modules/auth/local-auth.guard.ts
@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class LocalAuthGuard extends AuthGuard('local') {}
diff --git a/backend/src/modules/auth/local.strategy.ts b/backend/src/modules/auth/local.strategy.ts
new file mode 100644
index 0000000..7cca2c4
--- /dev/null
+++ b/backend/src/modules/auth/local.strategy.ts
@@ -0,0 +1,22 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { Strategy } from 'passport-local';
+import { AuthService } from './auth.service';
+
+@Injectable()
+export class LocalStrategy extends PassportStrategy(Strategy) {
+  constructor(private authService: AuthService) {
+    super();
+  }
+
+  async validate(
+    username: string,
+    password: string,
+  ): Promise<{ id: string; username: string; email: string; role: string }> {
+    const user = await this.authService.validateUser(username, password);
+    if (!user) {
+      throw new UnauthorizedException('Invalid credentials');
+    }
+    return user;
+  }
+}
diff --git a/backend/src/modules/auth/public.decorator.ts b/backend/src/modules/auth/public.decorator.ts
new file mode 100644
index 0000000..b3845e1
--- /dev/null
+++ b/backend/src/modules/auth/public.decorator.ts
@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const IS_PUBLIC_KEY = 'isPublic';
+export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);
diff --git a/backend/src/modules/auth/roles.decorator.ts b/backend/src/modules/auth/roles.decorator.ts
new file mode 100644
index 0000000..d754667
--- /dev/null
+++ b/backend/src/modules/auth/roles.decorator.ts
@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+import { UserRole } from '../entities';
+
+export const Roles = (...roles: UserRole[]) => SetMetadata('roles', roles);
diff --git a/backend/src/modules/auth/roles.guard.ts b/backend/src/modules/auth/roles.guard.ts
new file mode 100644
index 0000000..439f559
--- /dev/null
+++ b/backend/src/modules/auth/roles.guard.ts
@@ -0,0 +1,31 @@
+import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { UserRole } from '../entities';
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(private reflector: Reflector) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(
+      'roles',
+      [context.getHandler(), context.getClass()],
+    );
+
+    if (!requiredRoles) {
+      return true;
+    }
+
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+    const request = context.switchToHttp().getRequest();
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+    const user = request.user as
+      | { id: string; username: string; email: string; role: UserRole }
+      | undefined;
+    if (!user) {
+      return false;
+    }
+
+    return requiredRoles.includes(user.role);
+  }
+}
diff --git a/backend/src/modules/auth/types.ts b/backend/src/modules/auth/types.ts
new file mode 100644
index 0000000..b217186
--- /dev/null
+++ b/backend/src/modules/auth/types.ts
@@ -0,0 +1,27 @@
+import { UserRole } from '../entities';
+
+export interface JwtPayload {
+  sub: string;
+  username: string;
+  email: string;
+  role: UserRole;
+}
+
+export interface RequestWithUser extends Request {
+  user: {
+    id: string;
+    username: string;
+    email: string;
+    role: UserRole;
+  };
+}
+
+export interface AuthResponse {
+  access_token: string;
+  user: {
+    id: string;
+    username: string;
+    email: string;
+    role: UserRole;
+  };
+}
diff --git a/backend/src/modules/comment/comment.controller.ts b/backend/src/modules/comment/comment.controller.ts
new file mode 100644
index 0000000..00f5bc6
--- /dev/null
+++ b/backend/src/modules/comment/comment.controller.ts
@@ -0,0 +1,148 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Put,
+  Delete,
+  Patch,
+  Body,
+  Param,
+  Query,
+  UseGuards,
+  Request,
+  HttpCode,
+  HttpStatus,
+} from '@nestjs/common';
+import { CommentService } from './comment.service';
+import {
+  CreateCommentDto,
+  UpdateCommentDto,
+  CommentResponseDto,
+  FindCommentsDto,
+  CreateReactionDto,
+} from './comment.dto';
+import { JwtAuthGuard } from '../auth/jwt-auth.guard';
+import { RolesGuard } from '../auth/roles.guard';
+import { Roles } from '../auth/roles.decorator';
+import { Public } from '../auth/public.decorator';
+import { UserRole } from '../entities';
+import type { RequestWithUser } from '../auth/types';
+
+@Controller('comments')
+export class CommentController {
+  constructor(private readonly commentService: CommentService) {}
+
+  @Post()
+  @UseGuards(JwtAuthGuard)
+  async create(
+    @Body() createCommentDto: CreateCommentDto,
+    @Request() req: RequestWithUser,
+  ): Promise<CommentResponseDto> {
+    return this.commentService.create(createCommentDto, req.user.id);
+  }
+
+  @Get()
+  @Public()
+  async findAll(
+    @Query() findCommentsDto: FindCommentsDto,
+  ): Promise<CommentResponseDto[]> {
+    return this.commentService.findAll(findCommentsDto);
+  }
+
+  @Get(':id')
+  @Public()
+  async findOne(@Param('id') id: string): Promise<CommentResponseDto> {
+    return this.commentService.findOne(id);
+  }
+
+  @Put(':id')
+  @UseGuards(JwtAuthGuard)
+  async update(
+    @Param('id') id: string,
+    @Body() updateCommentDto: UpdateCommentDto,
+    @Request() req: RequestWithUser,
+  ): Promise<CommentResponseDto> {
+    return this.commentService.update(
+      id,
+      updateCommentDto,
+      req.user.id,
+      req.user.role,
+    );
+  }
+
+  @Delete(':id')
+  @UseGuards(JwtAuthGuard)
+  @HttpCode(HttpStatus.NO_CONTENT)
+  async remove(
+    @Param('id') id: string,
+    @Request() req: RequestWithUser,
+  ): Promise<void> {
+    return this.commentService.remove(id, req.user.id, req.user.role);
+  }
+
+  @Post('reactions')
+  @UseGuards(JwtAuthGuard)
+  @HttpCode(HttpStatus.NO_CONTENT)
+  async addReaction(
+    @Body() createReactionDto: CreateReactionDto,
+    @Request() req: RequestWithUser,
+  ): Promise<void> {
+    return this.commentService.addReaction(createReactionDto, req.user.id);
+  }
+
+  @Get('reactions/user')
+  @UseGuards(JwtAuthGuard)
+  async getUserReaction(
+    @Request() req: RequestWithUser,
+    @Query('articleId') articleId?: string,
+    @Query('liveBlogId') liveBlogId?: string,
+    @Query('commentId') commentId?: string,
+  ): Promise<{ type: string | null }> {
+    const reaction = await this.commentService.getUserReaction(
+      req.user.id,
+      articleId,
+      liveBlogId,
+      commentId,
+    );
+    return { type: reaction };
+  }
+
+  @Get('reactions/counts')
+  @Public()
+  async getReactionCounts(
+    @Query('articleId') articleId?: string,
+    @Query('liveBlogId') liveBlogId?: string,
+    @Query('commentId') commentId?: string,
+  ): Promise<{ likes: number; dislikes: number }> {
+    return this.commentService.getReactionCounts(
+      articleId,
+      liveBlogId,
+      commentId,
+    );
+  }
+
+  // Admin endpoints
+  @Patch(':id/hide')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN)
+  async hideComment(@Param('id') id: string): Promise<CommentResponseDto> {
+    return this.commentService.update(
+      id,
+      { isVisible: false },
+      'admin',
+      'admin',
+    );
+  }
+
+  @Patch(':id/show')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN)
+  async showComment(@Param('id') id: string): Promise<CommentResponseDto> {
+    return this.commentService.update(
+      id,
+      { isVisible: true },
+      'admin',
+      'admin',
+    );
+  }
+}
diff --git a/backend/src/modules/comment/comment.dto.ts b/backend/src/modules/comment/comment.dto.ts
new file mode 100644
index 0000000..222a220
--- /dev/null
+++ b/backend/src/modules/comment/comment.dto.ts
@@ -0,0 +1,145 @@
+import {
+  IsString,
+  IsOptional,
+  IsUUID,
+  IsBoolean,
+  IsInt,
+  Min,
+  Max,
+} from 'class-validator';
+
+interface CommentEntity {
+  id: string;
+  content: string;
+  articleId?: string;
+  liveBlogId?: string;
+  parentId?: string;
+  userId: string;
+  likeCount: number;
+  dislikeCount: number;
+  isVisible: boolean;
+  createdAt: Date;
+  updatedAt: Date;
+  user?: {
+    id: string;
+    username: string;
+  };
+  replies?: CommentEntity[];
+}
+
+export class CreateCommentDto {
+  @IsString()
+  @Max(5000)
+  content: string;
+
+  @IsUUID()
+  @IsOptional()
+  articleId?: string;
+
+  @IsUUID()
+  @IsOptional()
+  liveBlogId?: string;
+
+  @IsUUID()
+  @IsOptional()
+  parentId?: string;
+}
+
+export class UpdateCommentDto {
+  @IsString()
+  @Max(5000)
+  @IsOptional()
+  content?: string;
+
+  @IsBoolean()
+  @IsOptional()
+  isVisible?: boolean;
+}
+
+export class CommentResponseDto {
+  id: string;
+  content: string;
+  articleId?: string;
+  liveBlogId?: string;
+  parentId?: string;
+  userId: string;
+  likeCount: number;
+  dislikeCount: number;
+  isVisible: boolean;
+  createdAt: Date;
+  updatedAt: Date;
+  user: {
+    id: string;
+    username: string;
+  };
+  replies?: CommentResponseDto[];
+
+  constructor(comment: CommentEntity) {
+    this.id = comment.id;
+    this.content = comment.content;
+    this.articleId = comment.articleId;
+    this.liveBlogId = comment.liveBlogId;
+    this.parentId = comment.parentId;
+    this.userId = comment.userId;
+    this.likeCount = comment.likeCount;
+    this.dislikeCount = comment.dislikeCount;
+    this.isVisible = comment.isVisible;
+    this.createdAt = comment.createdAt;
+    this.updatedAt = comment.updatedAt;
+
+    if (comment.user) {
+      this.user = {
+        id: comment.user.id,
+        username: comment.user.username,
+      };
+    }
+
+    if (comment.replies) {
+      this.replies = comment.replies.map(
+        (reply) => new CommentResponseDto(reply),
+      );
+    }
+  }
+}
+
+export class FindCommentsDto {
+  @IsUUID()
+  @IsOptional()
+  articleId?: string;
+
+  @IsUUID()
+  @IsOptional()
+  liveBlogId?: string;
+
+  @IsUUID()
+  @IsOptional()
+  parentId?: string;
+
+  @IsInt()
+  @Min(1)
+  @IsOptional()
+  page?: number = 1;
+
+  @IsInt()
+  @Min(1)
+  @Max(100)
+  @IsOptional()
+  limit?: number = 20;
+}
+
+export class CreateReactionDto {
+  @IsString()
+  type: 'like' | 'dislike';
+
+  @IsUUID()
+  @IsOptional()
+  articleId?: string;
+
+  @IsUUID()
+  @IsOptional()
+  liveBlogId?: string;
+
+  @IsUUID()
+  @IsOptional()
+  commentId?: string;
+}
diff --git a/backend/src/modules/comment/comment.module.ts b/backend/src/modules/comment/comment.module.ts
new file mode 100644
index 0000000..e9e2211
--- /dev/null
+++ b/backend/src/modules/comment/comment.module.ts
@@ -0,0 +1,13 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { Comment, Reaction } from '../entities';
+import { CommentService } from './comment.service';
+import { CommentController } from './comment.controller';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([Comment, Reaction])],
+  controllers: [CommentController],
+  providers: [CommentService],
+  exports: [CommentService],
+})
+export class CommentModule {}
diff --git a/backend/src/modules/comment/comment.service.ts b/backend/src/modules/comment/comment.service.ts
new file mode 100644
index 0000000..8fb87db
--- /dev/null
+++ b/backend/src/modules/comment/comment.service.ts
@@ -0,0 +1,298 @@
+import {
+  Injectable,
+  NotFoundException,
+  BadRequestException,
+} from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { Comment, Reaction, ReactionType } from '../entities';
+import {
+  CreateCommentDto,
+  UpdateCommentDto,
+  CommentResponseDto,
+  FindCommentsDto,
+  CreateReactionDto,
+} from './comment.dto';
+
+@Injectable()
+export class CommentService {
+  constructor(
+    @InjectRepository(Comment)
+    private commentRepository: Repository<Comment>,
+    @InjectRepository(Reaction)
+    private reactionRepository: Repository<Reaction>,
+  ) {}
+
+  async create(
+    createCommentDto: CreateCommentDto,
+    userId: string,
+  ): Promise<CommentResponseDto> {
+    // Validate that comment is attached to either article or live blog
+    if (!createCommentDto.articleId && !createCommentDto.liveBlogId) {
+      throw new BadRequestException(
+        'Comment must be attached to either an article or live blog',
+      );
+    }
+
+    // If parentId is provided, verify it exists
+    if (createCommentDto.parentId) {
+      const parent = await this.commentRepository.findOne({
+        where: { id: createCommentDto.parentId },
+      });
+      if (!parent) {
+        throw new NotFoundException('Parent comment not found');
+      }
+    }
+
+    const comment = this.commentRepository.create({
+      ...createCommentDto,
+      userId,
+    });
+
+    const savedComment = await this.commentRepository.save(comment);
+    return this.findOne(savedComment.id);
+  }
+
+  async findAll(
+    findCommentsDto: FindCommentsDto,
+  ): Promise<CommentResponseDto[]> {
+    const {
+      articleId,
+      liveBlogId,
+      parentId,
+      page = 1,
+      limit = 20,
+    } = findCommentsDto;
+    const skip = (page - 1) * limit;
+
+    const query = this.commentRepository
+      .createQueryBuilder('comment')
+      .leftJoinAndSelect('comment.user', 'user')
+      .leftJoinAndSelect('comment.replies', 'replies')
+      .leftJoinAndSelect('replies.user', 'replyUser')
+      .where('comment.isVisible = :isVisible', { isVisible: true });
+
+    if (articleId) {
+      query.andWhere('comment.articleId = :articleId', { articleId });
+    }
+
+    if (liveBlogId) {
+      query.andWhere('comment.liveBlogId = :liveBlogId', { liveBlogId });
+    }
+
+    if (parentId) {
+      query.andWhere('comment.parentId = :parentId', { parentId });
+    } else {
+      query.andWhere('comment.parentId IS NULL');
+    }
+
+    query.orderBy('comment.createdAt', 'DESC').skip(skip).take(limit);
+
+    const comments = await query.getMany();
+    return comments.map((comment) => new CommentResponseDto(comment));
+  }
+
+  async findOne(id: string): Promise<CommentResponseDto> {
+    const comment = await this.commentRepository
+      .createQueryBuilder('comment')
+      .leftJoinAndSelect('comment.user', 'user')
+      .leftJoinAndSelect('comment.replies', 'replies')
+      .leftJoinAndSelect('replies.user', 'replyUser')
+      .where('comment.id = :id', { id })
+      .andWhere('comment.isVisible = :isVisible', { isVisible: true })
+      .getOne();
+
+    if (!comment) {
+      throw new NotFoundException('Comment not found');
+    }
+
+    return new CommentResponseDto(comment);
+  }
+
+  async update(
+    id: string,
+    updateCommentDto: UpdateCommentDto,
+    userId: string,
+    userRole: string,
+  ): Promise<CommentResponseDto> {
+    const comment = await this.commentRepository.findOne({
+      where: { id },
+      relations: ['user'],
+    });
+
+    if (!comment) {
+      throw new NotFoundException('Comment not found');
+    }
+
+    // Only allow comment owner or admin to update
+    if (comment.userId !== userId && userRole !== 'admin') {
+      throw new BadRequestException('You can only update your own comments');
+    }
+
+    Object.assign(comment, updateCommentDto);
+    const updatedComment = await this.commentRepository.save(comment);
+    return this.findOne(updatedComment.id);
+  }
+
+  async remove(id: string, userId: string, userRole: string): Promise<void> {
+    const comment = await this.commentRepository.findOne({
+      where: { id },
+      relations: ['user'],
+    });
+
+    if (!comment) {
+      throw new NotFoundException('Comment not found');
+    }
+
+    // Only allow comment owner or admin to delete
+    if (comment.userId !== userId && userRole !== 'admin') {
+      throw new BadRequestException('You can only delete your own comments');
+    }
+
+    await this.commentRepository.remove(comment);
+  }
+
+  async addReaction(
+    createReactionDto: CreateReactionDto,
+    userId: string,
+  ): Promise<void> {
+    // Validate that reaction is attached to either article, live blog, or comment
+    const { articleId, liveBlogId, commentId, type } = createReactionDto;
+
+    if (!articleId && !liveBlogId && !commentId) {
+      throw new BadRequestException(
+        'Reaction must be attached to an article, live blog, or comment',
+      );
+    }
+
+    // Check if user already reacted to this item
+    const whereClause: {
+      userId: string;
+      articleId?: string;
+      liveBlogId?: string;
+      commentId?: string;
+    } = { userId };
+    if (articleId) whereClause.articleId = articleId;
+    if (liveBlogId) whereClause.liveBlogId = liveBlogId;
+    if (commentId) whereClause.commentId = commentId;
+
+    const existingReaction = await this.reactionRepository.findOne({
+      where: whereClause,
+    });
+
+    if (existingReaction) {
+      // If same reaction type, remove it (toggle)
+      if (existingReaction.type === (type as ReactionType)) {
+        await this.reactionRepository.remove(existingReaction);
+
+        // Update comment counts if reacting to comment
+        if (commentId) {
+          await this.updateCommentReactionCount(commentId, type, -1);
+        }
+        return;
+      } else {
+        // Change reaction type
+        existingReaction.type = type as ReactionType;
+        await this.reactionRepository.save(existingReaction);
+
+        // Update comment counts if reacting to comment
+        if (commentId) {
+          // Decrement old reaction count
+          await this.updateCommentReactionCount(
+            commentId,
+            existingReaction.type === ReactionType.LIKE
+              ? ReactionType.DISLIKE
+              : ReactionType.LIKE,
+            -1,
+          );
+          // Increment new reaction count
+          await this.updateCommentReactionCount(commentId, type, 1);
+        }
+        return;
+      }
+    }
+
+    // Create new reaction
+    const reaction = this.reactionRepository.create({
+      ...createReactionDto,
+      userId,
+      type: type as ReactionType,
+    });
+
+    await this.reactionRepository.save(reaction);
+
+    // Update comment counts if reacting to comment
+    if (commentId) {
+      await this.updateCommentReactionCount(commentId, type, 1);
+    }
+  }
+
+  private async updateCommentReactionCount(
+    commentId: string,
+    type: 'like' | 'dislike',
+    change: number,
+  ): Promise<void> {
+    const comment = await this.commentRepository.findOne({
+      where: { id: commentId },
+    });
+    if (!comment) {
+      return;
+    }
+
+    if (type === 'like') {
+      comment.likeCount = Math.max(0, comment.likeCount + change);
+    } else {
+      comment.dislikeCount = Math.max(0, comment.dislikeCount + change);
+    }
+
+    await this.commentRepository.save(comment);
+  }
+
+  async getUserReaction(
+    userId: string,
+    articleId?: string,
+    liveBlogId?: string,
+    commentId?: string,
+  ): Promise<ReactionType | null> {
+    const whereClause: {
+      userId: string;
+      articleId?: string;
+      liveBlogId?: string;
+      commentId?: string;
+    } = { userId };
+    if (articleId) whereClause.articleId = articleId;
+    if (liveBlogId) whereClause.liveBlogId = liveBlogId;
+    if (commentId) whereClause.commentId = commentId;
+
+    const reaction = await this.reactionRepository.findOne({
+      where: whereClause,
+    });
+
+    return reaction ? reaction.type : null;
+  }
+
+  async getReactionCounts(
+    articleId?: string,
+    liveBlogId?: string,
+    commentId?: string,
+  ): Promise<{ likes: number; dislikes: number }> {
+    const query = this.reactionRepository.createQueryBuilder('reaction');
+
+    if (articleId) {
+      query.where('reaction.articleId = :articleId', { articleId });
+    } else if (liveBlogId) {
+      query.where('reaction.liveBlogId = :liveBlogId', { liveBlogId });
+    } else if (commentId) {
+      query.where('reaction.commentId = :commentId', { commentId });
+    } else {
+      return { likes: 0, dislikes: 0 };
+    }
+
+    const reactions = await query.getMany();
+
+    return {
+      likes: reactions.filter((r) => r.type === ReactionType.LIKE).length,
+      dislikes: reactions.filter((r) => r.type === ReactionType.DISLIKE).length,
+    };
+  }
+}
diff --git a/backend/src/modules/entities.ts b/backend/src/modules/entities.ts
index d8b3bf6..184a4e2 100644
--- a/backend/src/modules/entities.ts
+++ b/backend/src/modules/entities.ts
@@ -56,6 +56,17 @@ export enum VideoPosition {
   NONE = 'none',
 }
 
+export enum UserRole {
+  ADMIN = 'admin',
+  CONTRIBUTOR = 'contributor',
+  USER = 'user',
+}
+
+export enum ReactionType {
+  LIKE = 'like',
+  DISLIKE = 'dislike',
+}
+
 @Entity('authors')
 export class Author {
   @PrimaryGeneratedColumn('uuid')
@@ -114,6 +125,36 @@ export class Category {
   parent: Category;
 }
 
+@Entity('users')
+export class User {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({ unique: true })
+  email: string;
+
+  @Column({ unique: true })
+  username: string;
+
+  @Column()
+  passwordHash: string;
+
+  @Column({
+    type: 'text',
+    default: 'user',
+  })
+  role: UserRole;
+
+  @Column({ default: true })
+  isActive: boolean;
+
+  @CreateDateColumn()
+  createdAt: Date;
+
+  @UpdateDateColumn()
+  updatedAt: Date;
+}
+
 @Entity('articles')
 export class Article {
   @PrimaryGeneratedColumn('uuid')
@@ -196,6 +237,12 @@ export class Article {
   @ManyToOne(() => Category, { onDelete: 'SET NULL' })
   @JoinColumn({ name: 'categoryId' })
   category: Category;
+
+  @OneToMany(() => Comment, (comment) => comment.article)
+  comments: Comment[];
+
+  @OneToMany(() => Reaction, (reaction) => reaction.article)
+  reactions: Reaction[];
 }
 
 @Entity('live_blogs')
@@ -278,6 +325,12 @@ export class LiveBlog {
     cascade: true,
   })
   updates: LiveBlogUpdate[];
+
+  @OneToMany(() => Comment, (comment) => comment.liveBlog)
+  comments: Comment[];
+
+  @OneToMany(() => Reaction, (reaction) => reaction.liveBlog)
+  reactions: Reaction[];
 }
 
 @Entity('live_blog_updates')
@@ -314,3 +367,100 @@ export class LiveBlogUpdate {
   @JoinColumn({ name: 'liveBlogId' })
   liveBlog: LiveBlog;
 }
+
+@Entity('comments')
+export class Comment {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column('text')
+  content: string;
+
+  @Column({ nullable: true })
+  articleId: string;
+
+  @Column({ nullable: true })
+  liveBlogId: string;
+
+  @Column({ nullable: true })
+  parentId: string;
+
+  @Column()
+  userId: string;
+
+  @Column({ default: 0 })
+  likeCount: number;
+
+  @Column({ default: 0 })
+  dislikeCount: number;
+
+  @Column({ default: true })
+  isVisible: boolean;
+
+  @CreateDateColumn()
+  createdAt: Date;
+
+  @UpdateDateColumn()
+  updatedAt: Date;
+
+  @ManyToOne(() => Article, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'articleId' })
+  article: Article;
+
+  @ManyToOne(() => LiveBlog, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'liveBlogId' })
+  liveBlog: LiveBlog;
+
+  @ManyToOne(() => Comment, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'parentId' })
+  parent: Comment;
+
+  @ManyToOne(() => User, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'userId' })
+  user: User;
+
+  @OneToMany(() => Comment, (comment) => comment.parent)
+  replies: Comment[];
+}
+
+@Entity('reactions')
+export class Reaction {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column({
+    type: 'text',
+  })
+  type: ReactionType;
+
+  @Column({ nullable: true })
+  articleId: string;
+
+  @Column({ nullable: true })
+  liveBlogId: string;
+
+  @Column({ nullable: true })
+  commentId: string;
+
+  @Column()
+  userId: string;
+
+  @CreateDateColumn()
+  createdAt: Date;
+
+  @ManyToOne(() => Article, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'articleId' })
+  article: Article;
+
+  @ManyToOne(() => LiveBlog, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'liveBlogId' })
+  liveBlog: LiveBlog;
+
+  @ManyToOne(() => Comment, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'commentId' })
+  comment: Comment;
+
+  @ManyToOne(() => User, { onDelete: 'CASCADE' })
+  @JoinColumn({ name: 'userId' })
+  user: User;
+}
diff --git a/backend/src/modules/live-blog.controller.ts b/backend/src/modules/live-blog.controller.ts
index 84f3e81..7a45474 100644
--- a/backend/src/modules/live-blog.controller.ts
+++ b/backend/src/modules/live-blog.controller.ts
@@ -8,10 +8,10 @@ import {
   Body,
   Param,
   Query,
-  ValidationPipe,
   Res,
   Logger,
   Headers,
+  UseGuards,
 } from '@nestjs/common';
 import type { Response as ExpressResponse } from 'express';
 import { LiveBlogService } from './live-blog.service';
@@ -22,7 +22,11 @@ import {
   CreateLiveBlogUpdateDto,
   UpdateLiveBlogUpdateDto,
 } from './articles.dto';
-import { LiveBlogStatus } from './entities';
+import { LiveBlogStatus, UserRole } from './entities';
+import { JwtAuthGuard } from './auth/jwt-auth.guard';
+import { RolesGuard } from './auth/roles.guard';
+import { Roles } from './auth/roles.decorator';
+import { Public } from './auth/public.decorator';
 
 @Controller('live-blogs')
 export class LiveBlogController {
@@ -32,68 +36,76 @@ export class LiveBlogController {
 
   // Live Blog CRUD operations
   @Get('featured')
+  @Public()
   getFeatured() {
     this.logger.log('GET /featured called');
     return this.liveBlogService.findPinned();
   }
 
   @Get('active')
+  @Public()
   getActive() {
     return this.liveBlogService.findActive();
   }
 
   @Get('recent')
+  @Public()
   getRecent() {
     return this.liveBlogService.getLiveBlogsWithRecentUpdates();
   }
 
   @Post()
-  create(
-    @Body(new ValidationPipe({ transform: true })) dto: CreateLiveBlogDto,
-  ) {
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
+  create(@Body() dto: CreateLiveBlogDto) {
     return this.liveBlogService.create(dto);
   }
 
   @Get()
-  findAll(
-    @Query(new ValidationPipe({ transform: true })) dto: FindLiveBlogsDto,
-  ) {
+  @Public()
+  findAll(@Query() dto: FindLiveBlogsDto) {
     return this.liveBlogService.findAll(dto);
   }
 
   @Get(':id')
+  @Public()
   findOne(@Param('id') id: string) {
     return this.liveBlogService.findOne(id);
   }
 
   @Get('slug/:slug')
+  @Public()
   findBySlug(@Param('slug') slug: string) {
     return this.liveBlogService.findBySlug(slug);
   }
 
   @Put(':id')
-  update(
-    @Param('id') id: string,
-    @Body(new ValidationPipe({ transform: true })) dto: UpdateLiveBlogDto,
-  ) {
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
+  update(@Param('id') id: string, @Body() dto: UpdateLiveBlogDto) {
     return this.liveBlogService.update(id, dto);
   }
 
   @Delete(':id')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
   remove(@Param('id') id: string) {
     return this.liveBlogService.remove(id);
   }
 
   // Live Blog Updates CRUD operations
   @Post(':id/updates')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
   createUpdate(
     @Param('id') liveBlogId: string,
-    @Body(new ValidationPipe({ transform: true })) dto: CreateLiveBlogUpdateDto,
+    @Body() dto: CreateLiveBlogUpdateDto,
   ) {
     return this.liveBlogService.createUpdate(dto, liveBlogId);
   }
 
   @Get(':id/updates')
+  @Public()
   findUpdates(
     @Param('id') liveBlogId: string,
     @Query('page') page = 1,
@@ -107,15 +119,19 @@ export class LiveBlogController {
   }
 
   @Put(':id/updates/:updateId')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
   updateUpdate(
     @Param('id') liveBlogId: string,
     @Param('updateId') updateId: string,
-    @Body(new ValidationPipe({ transform: true })) dto: UpdateLiveBlogUpdateDto,
+    @Body() dto: UpdateLiveBlogUpdateDto,
   ) {
     return this.liveBlogService.updateUpdate(liveBlogId, updateId, dto);
   }
 
   @Delete(':id/updates/:updateId')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
   removeUpdate(
     @Param('id') liveBlogId: string,
     @Param('updateId') updateId: string,
@@ -124,17 +140,22 @@ export class LiveBlogController {
   }
 
   @Patch(':id/archive')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
   archive(@Param('id') id: string) {
     return this.liveBlogService.archive(id);
   }
 
   @Patch(':id/publish')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN, UserRole.CONTRIBUTOR)
   publish(@Param('id') id: string, @Query('status') status?: LiveBlogStatus) {
     return this.liveBlogService.publish(id, status || LiveBlogStatus.DRAFT);
   }
 
   // SSE endpoint for real-time updates
   @Get(':id/stream')
+  @Public()
   stream(
     @Param('id') liveBlogId: string,
     @Res() response: ExpressResponse,
diff --git a/backend/src/modules/users/user.controller.ts b/backend/src/modules/users/user.controller.ts
new file mode 100644
index 0000000..6671517
--- /dev/null
+++ b/backend/src/modules/users/user.controller.ts
@@ -0,0 +1,104 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Body,
+  Patch,
+  Param,
+  Delete,
+  UseGuards,
+  Request,
+  HttpCode,
+  HttpStatus,
+} from '@nestjs/common';
+import { UserService } from './user.service';
+import {
+  CreateUserDto,
+  UpdateUserDto,
+  UserResponseDto,
+  ChangePasswordDto,
+} from './user.dto';
+import { JwtAuthGuard } from '../auth/jwt-auth.guard';
+import { RolesGuard } from '../auth/roles.guard';
+import { Roles } from '../auth/roles.decorator';
+import { UserRole } from '../entities';
+import type { RequestWithUser } from '../auth/types';
+
+@Controller('users')
+export class UserController {
+  constructor(private readonly userService: UserService) {}
+
+  @Post()
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN)
+  async create(@Body() createUserDto: CreateUserDto): Promise<UserResponseDto> {
+    return this.userService.create(createUserDto);
+  }
+
+  @Get()
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN)
+  async findAll(): Promise<UserResponseDto[]> {
+    return this.userService.findAll();
+  }
+
+  @Get('profile')
+  @UseGuards(JwtAuthGuard)
+  async getProfile(@Request() req: RequestWithUser): Promise<UserResponseDto> {
+    return this.userService.findOne(req.user.id);
+  }
+
+  @Get(':id')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN)
+  async findOne(@Param('id') id: string): Promise<UserResponseDto> {
+    return this.userService.findOne(id);
+  }
+
+  @Patch(':id')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN)
+  async update(
+    @Param('id') id: string,
+    @Body() updateUserDto: UpdateUserDto,
+  ): Promise<UserResponseDto> {
+    return this.userService.update(id, updateUserDto);
+  }
+
+  @Delete(':id')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN)
+  @HttpCode(HttpStatus.NO_CONTENT)
+  async remove(@Param('id') id: string): Promise<void> {
+    return this.userService.remove(id);
+  }
+
+  @Post(':id/change-password')
+  @UseGuards(JwtAuthGuard)
+  @HttpCode(HttpStatus.NO_CONTENT)
+  async changePassword(
+    @Param('id') id: string,
+    @Body() changePasswordDto: ChangePasswordDto,
+    @Request() req: RequestWithUser,
+  ): Promise<void> {
+    // Users can only change their own password, unless they're admin
+    if (req.user.role !== UserRole.ADMIN && req.user.id !== id) {
+      throw new Error('You can only change your own password');
+    }
+    return this.userService.changePassword(id, changePasswordDto);
+  }
+
+  @Patch(':id/deactivate')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN)
+  async deactivate(@Param('id') id: string): Promise<UserResponseDto> {
+    return this.userService.update(id, { isActive: false });
+  }
+
+  @Patch(':id/activate')
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  @Roles(UserRole.ADMIN)
+  async activate(@Param('id') id: string): Promise<UserResponseDto> {
+    return this.userService.update(id, { isActive: true });
+  }
+}
diff --git a/backend/src/modules/users/user.dto.ts b/backend/src/modules/users/user.dto.ts
new file mode 100644
index 0000000..8ce8f63
--- /dev/null
+++ b/backend/src/modules/users/user.dto.ts
@@ -0,0 +1,111 @@
+import {
+  IsEmail,
+  IsString,
+  IsEnum,
+  IsBoolean,
+  IsOptional,
+  MinLength,
+  MaxLength,
+  Matches,
+} from 'class-validator';
+import { UserRole } from '../entities';
+
+interface UserEntity {
+  id: string;
+  email: string;
+  username: string;
+  role: UserRole;
+  isActive: boolean;
+  createdAt: Date;
+  updatedAt: Date;
+}
+
+export class CreateUserDto {
+  @IsEmail()
+  email: string;
+
+  @IsString()
+  @MinLength(3)
+  @MaxLength(30)
+  @Matches(/^[a-zA-Z0-9_]+$/, {
+    message: 'Username can only contain letters, numbers, and underscores',
+  })
+  username: string;
+
+  @IsString()
+  @MinLength(6)
+  password: string;
+
+  @IsEnum(UserRole)
+  @IsOptional()
+  role?: UserRole = UserRole.USER;
+
+  @IsBoolean()
+  @IsOptional()
+  isActive?: boolean = true;
+}
+
+export class UpdateUserDto {
+  @IsEmail()
+  @IsOptional()
+  email?: string;
+
+  @IsString()
+  @MinLength(3)
+  @MaxLength(30)
+  @Matches(/^[a-zA-Z0-9_]+$/, {
+    message: 'Username can only contain letters, numbers, and underscores',
+  })
+  @IsOptional()
+  username?: string;
+
+  @IsString()
+  @MinLength(6)
+  @IsOptional()
+  password?: string;
+
+  @IsEnum(UserRole)
+  @IsOptional()
+  role?: UserRole;
+
+  @IsBoolean()
+  @IsOptional()
+  isActive?: boolean;
+}
+
+export class LoginUserDto {
+  @IsString()
+  username: string;
+
+  @IsString()
+  password: string;
+}
+
+export class UserResponseDto {
+  id: string;
+  email: string;
+  username: string;
+  role: UserRole;
+  isActive: boolean;
+  createdAt: Date;
+  updatedAt: Date;
+
+  constructor(user: UserEntity) {
+    this.id = user.id;
+    this.email = user.email;
+    this.username = user.username;
+    this.role = user.role;
+    this.isActive = user.isActive;
+    this.createdAt = user.createdAt;
+    this.updatedAt = user.updatedAt;
+  }
+}
+
+export class ChangePasswordDto {
+  @IsString()
+  currentPassword: string;
+
+  @IsString()
+  @MinLength(6)
+  newPassword: string;
+}
diff --git a/backend/src/modules/users/user.module.ts b/backend/src/modules/users/user.module.ts
new file mode 100644
index 0000000..0610d18
--- /dev/null
+++ b/backend/src/modules/users/user.module.ts
@@ -0,0 +1,13 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { User } from '../entities';
+import { UserService } from './user.service';
+import { UserController } from './user.controller';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([User])],
+  controllers: [UserController],
+  providers: [UserService],
+  exports: [UserService],
+})
+export class UserModule {}
diff --git a/backend/src/modules/users/user.service.ts b/backend/src/modules/users/user.service.ts
new file mode 100644
index 0000000..2b1d9e0
--- /dev/null
+++ b/backend/src/modules/users/user.service.ts
@@ -0,0 +1,212 @@
+import {
+  Injectable,
+  NotFoundException,
+  ConflictException,
+  BadRequestException,
+} from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import * as bcrypt from 'bcrypt';
+import { User, UserRole } from '../entities';
+import {
+  CreateUserDto,
+  UpdateUserDto,
+  UserResponseDto,
+  ChangePasswordDto,
+} from './user.dto';
+
+@Injectable()
+export class UserService {
+  constructor(
+    @InjectRepository(User)
+    private userRepository: Repository<User>,
+  ) {}
+
+  async create(createUserDto: CreateUserDto): Promise<UserResponseDto> {
+    // Check if email already exists
+    const existingEmail = await this.userRepository.findOne({
+      where: { email: createUserDto.email },
+    });
+    if (existingEmail) {
+      throw new ConflictException('Email already exists');
+    }
+
+    // Check if username already exists
+    const existingUsername = await this.userRepository.findOne({
+      where: { username: createUserDto.username },
+    });
+    if (existingUsername) {
+      throw new ConflictException('Username already exists');
+    }
+
+    // Hash password
+    const saltRounds = 10;
+    const passwordHash = await bcrypt.hash(createUserDto.password, saltRounds);
+
+    // Create user
+    const user = this.userRepository.create({
+      ...createUserDto,
+      passwordHash,
+    });
+
+    const savedUser = await this.userRepository.save(user);
+    return new UserResponseDto(savedUser);
+  }
+
+  async findAll(): Promise<UserResponseDto[]> {
+    const users = await this.userRepository.find({
+      order: { createdAt: 'DESC' },
+    });
+    return users.map((user) => new UserResponseDto(user));
+  }
+
+  async findOne(id: string): Promise<UserResponseDto> {
+    const user = await this.userRepository.findOne({ where: { id } });
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+    return new UserResponseDto(user);
+  }
+
+  async findByUsername(username: string): Promise<User | null> {
+    return this.userRepository.findOne({ where: { username } });
+  }
+
+  async findByEmail(email: string): Promise<User | null> {
+    return this.userRepository.findOne({ where: { email } });
+  }
+
+  async update(
+    id: string,
+    updateUserDto: UpdateUserDto,
+  ): Promise<UserResponseDto> {
+    const user = await this.userRepository.findOne({ where: { id } });
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+
+    // Check if email is being changed and if it already exists
+    if (updateUserDto.email && updateUserDto.email !== user.email) {
+      const existingEmail = await this.userRepository.findOne({
+        where: { email: updateUserDto.email },
+      });
+      if (existingEmail) {
+        throw new ConflictException('Email already exists');
+      }
+    }
+
+    // Check if username is being changed and if it already exists
+    if (updateUserDto.username && updateUserDto.username !== user.username) {
+      const existingUsername = await this.userRepository.findOne({
+        where: { username: updateUserDto.username },
+      });
+      if (existingUsername) {
+        throw new ConflictException('Username already exists');
+      }
+    }
+
+    // Hash new password if provided
+    if (updateUserDto.password) {
+      const saltRounds = 10;
+      updateUserDto.password = await bcrypt.hash(
+        updateUserDto.password,
+        saltRounds,
+      );
+    }
+
+    // Update user
+    Object.assign(user, updateUserDto);
+    if (updateUserDto.password) {
+      user.passwordHash = updateUserDto.password;
+      delete updateUserDto.password;
+    }
+
+    const updatedUser = await this.userRepository.save(user);
+    return new UserResponseDto(updatedUser);
+  }
+
+  async remove(id: string): Promise<void> {
+    const user = await this.userRepository.findOne({ where: { id } });
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+
+    // Prevent deleting the last admin
+    if (user.role === UserRole.ADMIN) {
+      const adminCount = await this.userRepository.count({
+        where: { role: UserRole.ADMIN },
+      });
+      if (adminCount <= 1) {
+        throw new BadRequestException('Cannot delete the last admin user');
+      }
+    }
+
+    await this.userRepository.remove(user);
+  }
+
+  async changePassword(
+    id: string,
+    changePasswordDto: ChangePasswordDto,
+  ): Promise<void> {
+    const user = await this.userRepository.findOne({ where: { id } });
+    if (!user) {
+      throw new NotFoundException('User not found');
+    }
+
+    // Verify current password
+    const isPasswordValid = await bcrypt.compare(
+      changePasswordDto.currentPassword,
+      user.passwordHash,
+    );
+    if (!isPasswordValid) {
+      throw new BadRequestException('Current password is incorrect');
+    }
+
+    // Hash new password
+    const saltRounds = 10;
+    user.passwordHash = await bcrypt.hash(
+      changePasswordDto.newPassword,
+      saltRounds,
+    );
+
+    await this.userRepository.save(user);
+  }
+
+  async validateUser(username: string, password: string): Promise<User | null> {
+    const user = await this.userRepository.findOne({
+      where: { username, isActive: true },
+    });
+    if (!user) {
+      return null;
+    }
+
+    const isPasswordValid = await bcrypt.compare(password, user.passwordHash);
+    if (!isPasswordValid) {
+      return null;
+    }
+
+    return user;
+  }
+
+  async createAdminIfNotExists(): Promise<void> {
+    const adminExists = await this.userRepository.findOne({
+      where: { role: UserRole.ADMIN },
+    });
+
+    if (!adminExists) {
+      const saltRounds = 10;
+      const passwordHash = await bcrypt.hash('admin123', saltRounds);
+
+      const adminUser = this.userRepository.create({
+        email: 'admin@placebo.mk',
+        username: 'admin',
+        passwordHash,
+        role: UserRole.ADMIN,
+        isActive: true,
+      });
+
+      await this.userRepository.save(adminUser);
+      console.log('Default admin user created: admin / admin123');
+    }
+  }
+}
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
index 5e5395d..9f455ca 100644
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -24,9 +24,9 @@ services:
       dockerfile: Dockerfile.dev
     container_name: placebo-backend-dev
     env_file:
-      - ./backend/.env  # Use the .env file for configuration
+      - ./backend/.env.docker  # Use the .env.docker file for Docker configuration
     environment:
-      # Only override if needed, most config is in .env file
+      # Only override if needed, most config is in .env.docker file
       NODE_ENV: development
     ports:
       - "3000:3000"
@@ -36,7 +36,7 @@ services:
       - ./backend/src:/app/src
       - ./backend/package.json:/app/package.json
       - ./backend/package-lock.json:/app/package-lock.json
-      - ./backend/.env:/app/.env  # Mount .env file into container
+      - ./backend/.env.docker:/app/.env  # Mount .env.docker file as .env in container
     command: npm run dev:docker
     networks:
       - placebo-network-dev
diff --git a/docker-compose.yml b/docker-compose.yml
index 2ea328d..74effe0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,7 +6,7 @@ services:
     image: postgres:16-alpine
     container_name: placebo-postgres
     environment:
-      POSTGRES_DB: placebo_db
+      POSTGRES_DB: placebo_backend_db
       POSTGRES_USER: placebo_user
       POSTGRES_PASSWORD: placebo_password
     volumes:
@@ -15,7 +15,7 @@ services:
     ports:
       - "5432:5432"
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U placebo_user -d placebo_db"]
+      test: ["CMD-SHELL", "pg_isready -U placebo_user -d placebo_backend_db"]
       interval: 10s
       timeout: 5s
       retries: 5
@@ -28,20 +28,18 @@ services:
       context: ./backend
       dockerfile: Dockerfile
     container_name: placebo-backend
-    environment:
-      NODE_ENV: production
-      DATABASE_TYPE: postgres
-      DATABASE_HOST: postgres
-      DATABASE_PORT: 5432
-      DATABASE_USERNAME: placebo_user
-      DATABASE_PASSWORD: placebo_password
-      DATABASE_NAME: placebo_db
-      DATABASE_SYNCHRONIZE: "false"
-      DATABASE_LOGGING: "false"
-      JWT_SECRET: ${JWT_SECRET:-your-jwt-secret-key-change-in-production}
-      JWT_EXPIRATION: 3600
-      CORS_ORIGIN: http://localhost:5173,http://localhost:3001
-      PORT: 3000
+     environment:
+       NODE_ENV: production
+       DATABASE_TYPE: postgres
+       DATABASE_HOST: postgres
+       DATABASE_PORT: 5432
+       DATABASE_USERNAME: placebo_user
+       DATABASE_PASSWORD: placebo_password
+       DATABASE_NAME: placebo_backend_db
+       DATABASE_SYNCHRONIZE: "false"
+       DATABASE_LOGGING: "false"
+       CORS_ORIGIN: http://localhost:5173,http://localhost:3001
+       PORT: 3000
     ports:
       - "3000:3000"
     depends_on:
diff --git a/frontend/src/components/auth/LoginForm.tsx b/frontend/src/components/auth/LoginForm.tsx
new file mode 100644
index 0000000..a1bb63b
--- /dev/null
+++ b/frontend/src/components/auth/LoginForm.tsx
@@ -0,0 +1,94 @@
+import React, { useState } from 'react';
+import { useAuth } from '../../contexts/AuthContext';
+import { Button } from '../ui/button';
+import { Input } from '../ui/input';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '../ui/card';
+import { Label } from '../ui/label';
+
+interface LoginFormProps {
+  onSuccess?: () => void;
+  onSwitchToRegister?: () => void;
+}
+
+export function LoginForm({ onSuccess, onSwitchToRegister }: LoginFormProps) {
+  const { login, isLoading } = useAuth();
+  const [username, setUsername] = useState('');
+  const [password, setPassword] = useState('');
+  const [error, setError] = useState('');
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setError('');
+
+    try {
+      await login(username, password);
+      onSuccess?.();
+    } catch (err) {
+      setError(err instanceof Error ? err.message : 'Login failed');
+    }
+  };
+
+  return (
+    <Card className="w-full max-w-md mx-auto">
+      <CardHeader>
+        <CardTitle>Login</CardTitle>
+        <CardDescription>
+          Enter your credentials to access your account
+        </CardDescription>
+      </CardHeader>
+      <CardContent>
+        <form onSubmit={handleSubmit} className="space-y-4">
+          {error && (
+            <div className="p-3 text-sm bg-destructive/10 text-destructive rounded-md">
+              {error}
+            </div>
+          )}
+          
+          <div className="space-y-2">
+            <Label htmlFor="username">Username</Label>
+            <Input
+              id="username"
+              type="text"
+              value={username}
+              onChange={(e) => setUsername(e.target.value)}
+              placeholder="Enter your username"
+              required
+              disabled={isLoading}
+            />
+          </div>
+
+          <div className="space-y-2">
+            <Label htmlFor="password">Password</Label>
+            <Input
+              id="password"
+              type="password"
+              value={password}
+              onChange={(e) => setPassword(e.target.value)}
+              placeholder="Enter your password"
+              required
+              disabled={isLoading}
+            />
+          </div>
+
+          <Button type="submit" className="w-full" disabled={isLoading}>
+            {isLoading ? 'Logging in...' : 'Login'}
+          </Button>
+
+          {onSwitchToRegister && (
+            <div className="text-center text-sm text-muted-foreground">
+              Don't have an account?{' '}
+              <button
+                type="button"
+                onClick={onSwitchToRegister}
+                className="text-primary hover:underline"
+                disabled={isLoading}
+              >
+                Register here
+              </button>
+            </div>
+          )}
+        </form>
+      </CardContent>
+    </Card>
+  );
+}
\ No newline at end of file
diff --git a/frontend/src/components/auth/ProtectedRoute.tsx b/frontend/src/components/auth/ProtectedRoute.tsx
new file mode 100644
index 0000000..8806dc9
--- /dev/null
+++ b/frontend/src/components/auth/ProtectedRoute.tsx
@@ -0,0 +1,38 @@
+import React from 'react';
+import { Navigate } from '@tanstack/react-router';
+import { useAuth } from '../../contexts/AuthContext';
+
+interface ProtectedRouteProps {
+  children: React.ReactNode;
+  requiredRole?: 'admin' | 'contributor' | 'user';
+  redirectTo?: string;
+}
+
+export function ProtectedRoute({ 
+  children, 
+  requiredRole, 
+  redirectTo = '/' 
+}: ProtectedRouteProps) {
+  const { isAuthenticated, user, isLoading } = useAuth();
+
+  if (isLoading) {
+    return (
+      <div className="flex items-center justify-center min-h-screen">
+        <div className="text-center">
+          <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-primary mx-auto"></div>
+          <p className="mt-4 text-muted-foreground">Loading...</p>
+        </div>
+      </div>
+    );
+  }
+
+  if (!isAuthenticated) {
+    return <Navigate to={redirectTo} />;
+  }
+
+  if (requiredRole && user?.role !== requiredRole) {
+    return <Navigate to="/" />;
+  }
+
+  return <>{children}</>;
+}
\ No newline at end of file
diff --git a/frontend/src/components/auth/RegisterForm.tsx b/frontend/src/components/auth/RegisterForm.tsx
new file mode 100644
index 0000000..a865811
--- /dev/null
+++ b/frontend/src/components/auth/RegisterForm.tsx
@@ -0,0 +1,132 @@
+import React, { useState } from 'react';
+import { useAuth } from '../../contexts/AuthContext';
+import { Button } from '../ui/button';
+import { Input } from '../ui/input';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '../ui/card';
+import { Label } from '../ui/label';
+
+interface RegisterFormProps {
+  onSuccess?: () => void;
+  onSwitchToLogin?: () => void;
+}
+
+export function RegisterForm({ onSuccess, onSwitchToLogin }: RegisterFormProps) {
+  const { register, isLoading } = useAuth();
+  const [username, setUsername] = useState('');
+  const [email, setEmail] = useState('');
+  const [password, setPassword] = useState('');
+  const [confirmPassword, setConfirmPassword] = useState('');
+  const [error, setError] = useState('');
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setError('');
+
+    if (password !== confirmPassword) {
+      setError('Passwords do not match');
+      return;
+    }
+
+    if (password.length < 6) {
+      setError('Password must be at least 6 characters');
+      return;
+    }
+
+    try {
+      await register(username, email, password);
+      onSuccess?.();
+    } catch (err) {
+      setError(err instanceof Error ? err.message : 'Registration failed');
+    }
+  };
+
+  return (
+    <Card className="w-full max-w-md mx-auto">
+      <CardHeader>
+        <CardTitle>Register</CardTitle>
+        <CardDescription>
+          Create a new account to start commenting and reacting
+        </CardDescription>
+      </CardHeader>
+      <CardContent>
+        <form onSubmit={handleSubmit} className="space-y-4">
+          {error && (
+            <div className="p-3 text-sm bg-destructive/10 text-destructive rounded-md">
+              {error}
+            </div>
+          )}
+          
+          <div className="space-y-2">
+            <Label htmlFor="username">Username</Label>
+            <Input
+              id="username"
+              type="text"
+              value={username}
+              onChange={(e) => setUsername(e.target.value)}
+              placeholder="Choose a username"
+              required
+              disabled={isLoading}
+            />
+          </div>
+
+          <div className="space-y-2">
+            <Label htmlFor="email">Email</Label>
+            <Input
+              id="email"
+              type="email"
+              value={email}
+              onChange={(e) => setEmail(e.target.value)}
+              placeholder="Enter your email"
+              required
+              disabled={isLoading}
+            />
+          </div>
+
+          <div className="space-y-2">
+            <Label htmlFor="password">Password</Label>
+            <Input
+              id="password"
+              type="password"
+              value={password}
+              onChange={(e) => setPassword(e.target.value)}
+              placeholder="Choose a password (min 6 characters)"
+              required
+              disabled={isLoading}
+            />
+          </div>
+
+          <div className="space-y-2">
+            <Label htmlFor="confirmPassword">Confirm Password</Label>
+            <Input
+              id="confirmPassword"
+              type="password"
+              value={confirmPassword}
+              onChange={(e) => setConfirmPassword(e.target.value)}
+              placeholder="Confirm your password"
+              required
+              disabled={isLoading}
+            />
+          </div>
+
+          <Button type="submit" className="w-full" disabled={isLoading}>
+            {isLoading ? 'Creating account...' : 'Register'}
+          </Button>
+
+          {onSwitchToLogin && (
+            <div className="text-center text-sm text-muted-foreground">
+              Already have an account?{' '}
+              <button
+                type="button"
+                onClick={onSwitchToLogin}
+                className="text-primary hover:underline"
+                disabled={isLoading}
+              >
+                Login here
+              </button>
+            </div>
+          )}
+        </form>
+      </CardContent>
+    </Card>
+  );
+}
\ No newline at end of file
diff --git a/frontend/src/components/features/comments/CommentSection.tsx b/frontend/src/components/features/comments/CommentSection.tsx
new file mode 100644
index 0000000..695e795
--- /dev/null
+++ b/frontend/src/components/features/comments/CommentSection.tsx
@@ -0,0 +1,130 @@
+import React, { useState } from 'react';
+import { useAuth } from '../../../contexts/AuthContext';
+import { useComments, useCreateComment } from '../../../queries/comments';
+import { Button } from '../../ui/button';
+import { Textarea } from '../../ui/textarea';
+import { Card, CardContent } from '../../ui/card';
+import { format } from 'date-fns';
+import { mk } from 'date-fns/locale';
+
+interface CommentSectionProps {
+  articleId?: string;
+  liveBlogId?: string;
+}
+
+export function CommentSection({ articleId, liveBlogId }: CommentSectionProps) {
+  const { isAuthenticated } = useAuth();
+  const [newComment, setNewComment] = useState('');
+  const [isSubmitting, setIsSubmitting] = useState(false);
+  
+  const { data: commentsData, isLoading } = useComments({
+    articleId,
+    liveBlogId,
+    limit: 50,
+  });
+  
+  const createCommentMutation = useCreateComment();
+  
+  const comments = commentsData?.data || [];
+  
+  const handleSubmitComment = async (e: React.FormEvent) => {
+    e.preventDefault();
+    
+    if (!newComment.trim() || !isAuthenticated) return;
+    
+    setIsSubmitting(true);
+    try {
+      await createCommentMutation.mutateAsync({
+        content: newComment,
+        articleId,
+        liveBlogId,
+      });
+      setNewComment('');
+    } catch (error) {
+      console.error('Failed to post comment:', error);
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+  
+  return (
+    <div className="mt-12 pt-8 border-t">
+      <h2 className="text-2xl font-bold mb-6">Коментари</h2>
+      
+      {isAuthenticated ? (
+        <Card className="mb-8">
+          <CardContent className="pt-6">
+            <form onSubmit={handleSubmitComment}>
+              <Textarea
+                placeholder="Што мислите за овој напис?"
+                value={newComment}
+                onChange={(e) => setNewComment(e.target.value)}
+                className="min-h-[100px] mb-4"
+                disabled={isSubmitting}
+              />
+              <div className="flex justify-end">
+                <Button 
+                  type="submit" 
+                  disabled={!newComment.trim() || isSubmitting}
+                >
+                  {isSubmitting ? 'Поставување...' : 'Постави коментар'}
+                </Button>
+              </div>
+            </form>
+          </CardContent>
+        </Card>
+      ) : (
+        <Card className="mb-8">
+          <CardContent className="pt-6 text-center">
+            <p className="text-muted-foreground mb-4">
+              Најавете се за да можете да коментирате
+            </p>
+            <Button asChild>
+              <a href="/auth">Најави се</a>
+            </Button>
+          </CardContent>
+        </Card>
+      )}
+      
+      {isLoading ? (
+        <div className="text-center py-8">
+          <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-primary mx-auto"></div>
+          <p className="mt-2 text-sm text-muted-foreground">Вчитување коментари...</p>
+        </div>
+      ) : comments.length === 0 ? (
+        <Card>
+          <CardContent className="pt-6 text-center">
+            <p className="text-muted-foreground">
+              Сè уште нема коментари. Бидете првиот што ќе коментира!
+            </p>
+          </CardContent>
+        </Card>
+      ) : (
+        <div className="space-y-6">
+          {comments.map((comment) => (
+            <Card key={comment.id}>
+              <CardContent className="pt-6">
+                <div className="flex items-start justify-between mb-4">
+                  <div>
+                    <div className="font-medium">
+                      {comment.user?.username || 'Анонимен корисник'}
+                    </div>
+                    <div className="text-sm text-muted-foreground">
+                      {format(new Date(comment.createdAt), 'dd MMMM yyyy, HH:mm', { locale: mk })}
+                    </div>
+                  </div>
+                  {comment.user?.role === 'admin' && (
+                    <span className="px-2 py-1 text-xs rounded-full bg-primary/10 text-primary">
+                      Администратор
+                    </span>
+                  )}
+                </div>
+                <p className="whitespace-pre-wrap">{comment.content}</p>
+              </CardContent>
+            </Card>
+          ))}
+        </div>
+      )}
+    </div>
+  );
+}
\ No newline at end of file
diff --git a/frontend/src/components/features/comments/ReactionButtons.tsx b/frontend/src/components/features/comments/ReactionButtons.tsx
new file mode 100644
index 0000000..aba663c
--- /dev/null
+++ b/frontend/src/components/features/comments/ReactionButtons.tsx
@@ -0,0 +1,111 @@
+import React from 'react';
+import { useAuth } from '../../../contexts/AuthContext';
+import { useReactionCounts, useUserReaction, useAddReaction } from '../../../queries/comments';
+import { Button } from '../../ui/button';
+import { ThumbsUp, ThumbsDown } from 'lucide-react';
+
+interface ReactionButtonsProps {
+  articleId?: string;
+  liveBlogId?: string;
+  commentId?: string;
+  compact?: boolean;
+}
+
+export function ReactionButtons({ 
+  articleId, 
+  liveBlogId, 
+  commentId,
+  compact = false 
+}: ReactionButtonsProps) {
+  const { isAuthenticated } = useAuth();
+  
+  const { data: counts } = useReactionCounts(articleId, liveBlogId, commentId);
+  const { data: userReaction } = useUserReaction(articleId, liveBlogId, commentId);
+  const addReactionMutation = useAddReaction();
+  
+  const userReactionType = userReaction?.type;
+  
+  const handleReaction = async (type: 'like' | 'dislike') => {
+    if (!isAuthenticated) {
+      window.location.href = '/auth';
+      return;
+    }
+    
+    try {
+      await addReactionMutation.mutateAsync({
+        type,
+        articleId,
+        liveBlogId,
+        commentId,
+      });
+    } catch (error) {
+      console.error('Failed to add reaction:', error);
+    }
+  };
+  
+  const likes = counts?.likes || 0;
+  const dislikes = counts?.dislikes || 0;
+  
+  if (compact) {
+    return (
+      <div className="flex items-center gap-2">
+        <Button
+          variant="ghost"
+          size="sm"
+          onClick={() => handleReaction('like')}
+          className={`h-8 px-2 ${userReactionType === 'like' ? 'text-primary' : ''}`}
+        >
+          <ThumbsUp className="w-4 h-4 mr-1" />
+          {likes > 0 && <span>{likes}</span>}
+        </Button>
+        <Button
+          variant="ghost"
+          size="sm"
+          onClick={() => handleReaction('dislike')}
+          className={`h-8 px-2 ${userReactionType === 'dislike' ? 'text-destructive' : ''}`}
+        >
+          <ThumbsDown className="w-4 h-4 mr-1" />
+          {dislikes > 0 && <span>{dislikes}</span>}
+        </Button>
+      </div>
+    );
+  }
+  
+  return (
+    <div className="flex items-center gap-4">
+      <div className="flex items-center gap-2">
+        <Button
+          variant={userReactionType === 'like' ? 'default' : 'outline'}
+          size="sm"
+          onClick={() => handleReaction('like')}
+          className="gap-2"
+        >
+          <ThumbsUp className="w-4 h-4" />
+          <span>Допаѓа ми</span>
+          {likes > 0 && (
+            <span className="ml-1 bg-primary/20 px-2 py-0.5 rounded-full text-xs">
+              {likes}
+            </span>
+          )}
+        </Button>
+      </div>
+      
+      <div className="flex items-center gap-2">
+        <Button
+          variant={userReactionType === 'dislike' ? 'destructive' : 'outline'}
+          size="sm"
+          onClick={() => handleReaction('dislike')}
+          className="gap-2"
+        >
+          <ThumbsDown className="w-4 h-4" />
+          <span>Не ми се допаѓа</span>
+          {dislikes > 0 && (
+            <span className="ml-1 bg-destructive/20 px-2 py-0.5 rounded-full text-xs">
+              {dislikes}
+            </span>
+          )}
+        </Button>
+      </div>
+    </div>
+  );
+}
\ No newline at end of file
diff --git a/frontend/src/components/layout/Header.tsx b/frontend/src/components/layout/Header.tsx
new file mode 100644
index 0000000..2de60f9
--- /dev/null
+++ b/frontend/src/components/layout/Header.tsx
@@ -0,0 +1,65 @@
+import React from 'react';
+import { Link } from '@tanstack/react-router';
+import { useAuth } from '../../contexts/AuthContext';
+import { Button } from '../ui/button';
+
+export function Header() {
+  const { user, logout, isAuthenticated, hasRole } = useAuth();
+
+  return (
+    <header className="border-b">
+      <div className="container mx-auto max-w-6xl px-4 py-4">
+        <div className="flex items-center justify-between">
+          <h1 className="text-3xl font-bold">
+            <Link to="/" className="hover:underline">Placebo.mk</Link>
+          </h1>
+          
+          <nav className="flex items-center gap-4">
+            <Link to="/" className="text-sm font-medium hover:underline">
+              Home
+            </Link>
+            <Link to="/articles" className="text-sm font-medium hover:underline">
+              Articles
+            </Link>
+            <Link to="/live-blogs" className="text-sm font-medium hover:underline">
+              Live
+            </Link>
+            
+            {isAuthenticated ? (
+              <>
+                {(hasRole('admin') || hasRole('contributor')) && (
+                  <>
+                    <Link to="/admin" className="text-sm font-medium hover:underline text-primary">
+                      Admin
+                    </Link>
+                    <Link to="/admin/live-blogs/create" className="text-sm font-medium hover:underline text-primary">
+                      + New Live Blog
+                    </Link>
+                  </>
+                )}
+                
+                <div className="flex items-center gap-2">
+                  <span className="text-sm text-muted-foreground">
+                    {user?.username}
+                  </span>
+                  <Button 
+                    variant="outline" 
+                    size="sm"
+                    onClick={logout}
+                    className="text-xs"
+                  >
+                    Logout
+                  </Button>
+                </div>
+              </>
+            ) : (
+              <Link to="/auth" className="text-sm font-medium hover:underline text-primary">
+                Login / Register
+              </Link>
+            )}
+          </nav>
+        </div>
+      </div>
+    </header>
+  );
+}
\ No newline at end of file
diff --git a/frontend/src/components/routes/ArticleDetailComponent.tsx b/frontend/src/components/routes/ArticleDetailComponent.tsx
index ddb62da..9379229 100644
--- a/frontend/src/components/routes/ArticleDetailComponent.tsx
+++ b/frontend/src/components/routes/ArticleDetailComponent.tsx
@@ -5,6 +5,8 @@ import ReactMarkdown from 'react-markdown'
 import remarkGfm from 'remark-gfm'
 import { YouTubeEmbed } from '@/components/ui/youtube-embed'
 import { extractYouTubeVideoId, getVideoPositionClasses } from '@/lib/video-utils'
+import { CommentSection } from '@/components/features/comments/CommentSection'
+import { ReactionButtons } from '@/components/features/comments/ReactionButtons'
 
 export function ArticleDetailComponent({ id }: { id: string }) {
   const { data, isLoading, error } = useQuery({
@@ -181,6 +183,17 @@ export function ArticleDetailComponent({ id }: { id: string }) {
           </div>
         </div>
       )}
+
+      {/* Reactions */}
+      <div className="mt-8 pt-8 border-t">
+        <div className="flex items-center justify-between mb-6">
+          <h3 className="text-lg font-semibold">Што мислите за овој напис?</h3>
+          <ReactionButtons articleId={data.id} />
+        </div>
+      </div>
+
+      {/* Comments */}
+      <CommentSection articleId={data.id} />
     </article>
   )
 }
\ No newline at end of file
diff --git a/frontend/src/components/routes/AuthPage.tsx b/frontend/src/components/routes/AuthPage.tsx
new file mode 100644
index 0000000..c0c299e
--- /dev/null
+++ b/frontend/src/components/routes/AuthPage.tsx
@@ -0,0 +1,58 @@
+import React, { useState } from 'react';
+import { LoginForm } from '../auth/LoginForm';
+import { RegisterForm } from '../auth/RegisterForm';
+import { useAuth } from '../../contexts/AuthContext';
+import { Navigate } from '@tanstack/react-router';
+
+export function AuthPage() {
+  const { isAuthenticated } = useAuth();
+  const [isLogin, setIsLogin] = useState(true);
+
+  if (isAuthenticated) {
+    return <Navigate to="/" />;
+  }
+
+  return (
+    <div className="min-h-screen flex items-center justify-center bg-background p-4">
+      <div className="w-full max-w-lg">
+        <div className="text-center mb-8">
+          <h1 className="text-3xl font-bold mb-2">
+            Welcome to <span className="text-primary">Placebo.mk</span>
+          </h1>
+          <p className="text-muted-foreground">
+            {isLogin 
+              ? 'Login to comment, react, and access admin features' 
+              : 'Join our community of sarcastic news enthusiasts'}
+          </p>
+        </div>
+
+        {isLogin ? (
+          <LoginForm 
+            onSuccess={() => window.location.href = '/'}
+            onSwitchToRegister={() => setIsLogin(false)}
+          />
+        ) : (
+          <RegisterForm 
+            onSuccess={() => window.location.href = '/'}
+            onSwitchToLogin={() => setIsLogin(true)}
+          />
+        )}
+
+        <div className="mt-8 text-center text-sm text-muted-foreground">
+          <p>
+            By {isLogin ? 'logging in' : 'registering'}, you agree to our{' '}
+            <a href="#" className="text-primary hover:underline">Terms of Service</a>{' '}
+            and{' '}
+            <a href="#" className="text-primary hover:underline">Privacy Policy</a>.
+          </p>
+          <p className="mt-2">
+            Need help?{' '}
+            <a href="mailto:support@placebo.mk" className="text-primary hover:underline">
+              Contact support
+            </a>
+          </p>
+        </div>
+      </div>
+    </div>
+  );
+}
\ No newline at end of file
diff --git a/frontend/src/contexts/AuthContext.tsx b/frontend/src/contexts/AuthContext.tsx
new file mode 100644
index 0000000..70f1b2b
--- /dev/null
+++ b/frontend/src/contexts/AuthContext.tsx
@@ -0,0 +1,105 @@
+/* eslint-disable react-refresh/only-export-components */
+import React, { createContext, useContext, useState, useEffect, ReactNode } from 'react';
+import * as api from '../lib/api';
+import { User } from '@/types';
+
+interface AuthContextType {
+  user: User | null;
+  token: string | null;
+  isLoading: boolean;
+  login: (username: string, password: string) => Promise<void>;
+  register: (username: string, email: string, password: string) => Promise<void>;
+  logout: () => void;
+  isAuthenticated: boolean;
+  hasRole: (role: string) => boolean;
+}
+
+const AuthContext = createContext<AuthContextType | undefined>(undefined);
+
+interface AuthProviderProps {
+  children: ReactNode;
+}
+
+export function AuthProvider({ children }: AuthProviderProps) {
+  const [user, setUser] = useState<User | null>(null);
+  const [token, setToken] = useState<string | null>(null);
+  const [isLoading, setIsLoading] = useState(true);
+
+  useEffect(() => {
+    const initializeAuth = () => {
+      const storedToken = localStorage.getItem('token');
+      const storedUser = localStorage.getItem('user');
+
+      if (storedToken && storedUser) {
+        try {
+          setToken(storedToken);
+          setUser(JSON.parse(storedUser));
+        } catch (error) {
+          console.error('Failed to parse stored user:', error);
+          localStorage.removeItem('token');
+          localStorage.removeItem('user');
+        }
+      }
+
+      setIsLoading(false);
+    };
+
+    initializeAuth();
+  }, []);
+
+  const login = async (username: string, password: string) => {
+    setIsLoading(true);
+    const response = await api.login({ username, password });
+    localStorage.setItem('token', response.access_token);
+    localStorage.setItem('user', JSON.stringify(response.user));
+    setToken(response.access_token);
+    setUser(response.user);
+    setIsLoading(false);
+  };
+
+  const register = async (username: string, email: string, password: string) => {
+    setIsLoading(true);
+    const response = await api.register({ username, email, password });
+    localStorage.setItem('token', response.access_token);
+    localStorage.setItem('user', JSON.stringify(response.user));
+    setToken(response.access_token);
+    setUser(response.user);
+    setIsLoading(false);
+  };
+
+  const logout = () => {
+    localStorage.removeItem('token');
+    localStorage.removeItem('user');
+    setToken(null);
+    setUser(null);
+    api.logout();
+  };
+
+  const isAuthenticated = !!user && !!token;
+
+  const hasRole = (role: string) => {
+    if (!user) return false;
+    return user.role === role;
+  };
+
+  const value = {
+    user,
+    token,
+    isLoading,
+    login,
+    register,
+    logout,
+    isAuthenticated,
+    hasRole,
+  };
+
+  return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;
+}
+
+export function useAuth() {
+  const context = useContext(AuthContext);
+  if (context === undefined) {
+    throw new Error('useAuth must be used within an AuthProvider');
+  }
+  return context;
+}
\ No newline at end of file
diff --git a/frontend/src/lib/api.ts b/frontend/src/lib/api.ts
index 75fccae..e887337 100644
--- a/frontend/src/lib/api.ts
+++ b/frontend/src/lib/api.ts
@@ -4,6 +4,42 @@ const API_BASE_URL = import.meta.env.VITE_API_URL || 'http://localhost:3000/api/
 console.log('API_BASE_URL:', API_BASE_URL);
 console.log('VITE_API_URL env:', import.meta.env.VITE_API_URL);
 
+// Helper function to get auth headers
+function getAuthHeaders(): HeadersInit {
+  const token = localStorage.getItem('token');
+  const headers: HeadersInit = {
+    'Content-Type': 'application/json',
+  };
+  
+  if (token) {
+    headers['Authorization'] = `Bearer ${token}`;
+  }
+  
+  return headers;
+}
+
+// Enhanced fetch wrapper
+async function authFetch(url: string, options: RequestInit = {}): Promise<Response> {
+  const headers = getAuthHeaders();
+  
+  const response = await fetch(url, {
+    ...options,
+    headers: {
+      ...headers,
+      ...options.headers,
+    },
+  });
+  
+  // Handle 401 unauthorized
+  if (response.status === 401) {
+    localStorage.removeItem('token');
+    localStorage.removeItem('user');
+    window.location.href = '/auth';
+  }
+  
+  return response;
+}
+
 export interface Article {
   id: string;
   title: string;
@@ -110,7 +146,7 @@ export async function fetchArticles(params: FindArticlesParams = {}): Promise<Ar
   const url = `${API_BASE_URL}/articles?${searchParams}`;
   console.log('Fetching from:', url);
 
-  const response = await fetch(url);
+  const response = await authFetch(url);
   console.log('Response status:', response.status, 'ok:', response.ok);
 
   if (!response.ok) {
@@ -123,7 +159,7 @@ export async function fetchArticles(params: FindArticlesParams = {}): Promise<Ar
 }
 
 export async function fetchArticleBySlug(slug: string): Promise<Article> {
-  const response = await fetch(`${API_BASE_URL}/articles/slug/${slug}`);
+  const response = await authFetch(`${API_BASE_URL}/articles/slug/${slug}`);
   if (!response.ok) {
     throw new Error('Failed to fetch article');
   }
@@ -131,7 +167,7 @@ export async function fetchArticleBySlug(slug: string): Promise<Article> {
 }
 
 export async function fetchArticleById(id: string): Promise<Article> {
-  const response = await fetch(`${API_BASE_URL}/articles/${id}`);
+  const response = await authFetch(`${API_BASE_URL}/articles/${id}`);
   if (!response.ok) {
     throw new Error('Failed to fetch article');
   }
@@ -139,11 +175,8 @@ export async function fetchArticleById(id: string): Promise<Article> {
 }
 
 export async function createArticle(dto: CreateArticleDto): Promise<Article> {
-  const response = await fetch(`${API_BASE_URL}/articles`, {
+  const response = await authFetch(`${API_BASE_URL}/articles`, {
     method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
     body: JSON.stringify(dto),
   });
   if (!response.ok) {
@@ -153,11 +186,8 @@ export async function createArticle(dto: CreateArticleDto): Promise<Article> {
 }
 
 export async function updateArticle(id: string, dto: UpdateArticleDto): Promise<Article> {
-  const response = await fetch(`${API_BASE_URL}/articles/${id}`, {
+  const response = await authFetch(`${API_BASE_URL}/articles/${id}`, {
     method: 'PUT',
-    headers: {
-      'Content-Type': 'application/json',
-    },
     body: JSON.stringify(dto),
   });
   if (!response.ok) {
@@ -167,7 +197,7 @@ export async function updateArticle(id: string, dto: UpdateArticleDto): Promise<
 }
 
 export async function deleteArticle(id: string): Promise<void> {
-  const response = await fetch(`${API_BASE_URL}/articles/${id}`, {
+  const response = await authFetch(`${API_BASE_URL}/articles/${id}`, {
     method: 'DELETE',
   });
   if (!response.ok) {
@@ -176,7 +206,7 @@ export async function deleteArticle(id: string): Promise<void> {
 }
 
 export async function archiveArticle(id: string): Promise<Article> {
-  const response = await fetch(`${API_BASE_URL}/articles/${id}/archive`, {
+  const response = await authFetch(`${API_BASE_URL}/articles/${id}/archive`, {
     method: 'PATCH',
   });
   if (!response.ok) {
@@ -186,7 +216,7 @@ export async function archiveArticle(id: string): Promise<Article> {
 }
 
 export async function publishArticle(id: string, status: 'draft' | 'published' = 'published'): Promise<Article> {
-  const response = await fetch(`${API_BASE_URL}/articles/${id}/publish?status=${status}`, {
+  const response = await authFetch(`${API_BASE_URL}/articles/${id}/publish?status=${status}`, {
     method: 'PATCH',
   });
   if (!response.ok) {
@@ -323,7 +353,7 @@ export async function fetchLiveBlogs(params: FindLiveBlogsParams = {}): Promise<
     }
   });
 
-  const response = await fetch(`${API_BASE_URL}/live-blogs?${searchParams}`);
+  const response = await authFetch(`${API_BASE_URL}/live-blogs?${searchParams}`);
   if (!response.ok) {
     throw new Error('Failed to fetch live blogs');
   }
@@ -331,7 +361,7 @@ export async function fetchLiveBlogs(params: FindLiveBlogsParams = {}): Promise<
 }
 
 export async function fetchLiveBlogBySlug(slug: string): Promise<LiveBlog> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/slug/${slug}`);
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/slug/${slug}`);
   if (!response.ok) {
     throw new Error('Failed to fetch live blog');
   }
@@ -339,7 +369,7 @@ export async function fetchLiveBlogBySlug(slug: string): Promise<LiveBlog> {
 }
 
 export async function fetchLiveBlogById(id: string): Promise<LiveBlog> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/${id}`);
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/${id}`);
   if (!response.ok) {
     throw new Error('Failed to fetch live blog');
   }
@@ -351,7 +381,7 @@ export async function fetchLiveBlogUpdates(
   page = 1,
   limit = 50
 ): Promise<LiveBlogUpdatesResponse> {
-  const response = await fetch(
+  const response = await authFetch(
     `${API_BASE_URL}/live-blogs/${liveBlogId}/updates?page=${page}&limit=${limit}`
   );
   if (!response.ok) {
@@ -361,7 +391,7 @@ export async function fetchLiveBlogUpdates(
 }
 
 export async function fetchRecentLiveBlogs(): Promise<LiveBlog[]> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/recent`);
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/recent`);
   if (!response.ok) {
     throw new Error('Failed to fetch recent live blogs');
   }
@@ -369,7 +399,7 @@ export async function fetchRecentLiveBlogs(): Promise<LiveBlog[]> {
 }
 
 export async function fetchPinnedLiveBlogs(): Promise<LiveBlog[]> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/featured`);
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/featured`);
   if (!response.ok) {
     throw new Error('Failed to fetch pinned live blogs');
   }
@@ -377,7 +407,7 @@ export async function fetchPinnedLiveBlogs(): Promise<LiveBlog[]> {
 }
 
 export async function fetchActiveLiveBlogs(): Promise<LiveBlog[]> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/active`);
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/active`);
   if (!response.ok) {
     throw new Error('Failed to fetch active live blogs');
   }
@@ -389,11 +419,8 @@ export async function createLiveBlogUpdate(
   liveBlogId: string,
   dto: CreateLiveBlogUpdateDto
 ): Promise<LiveBlogUpdate> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/${liveBlogId}/updates`, {
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/${liveBlogId}/updates`, {
     method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
     body: JSON.stringify(dto),
   });
   if (!response.ok) {
@@ -407,11 +434,8 @@ export async function updateLiveBlogUpdate(
   updateId: string,
   dto: UpdateLiveBlogUpdateDto
 ): Promise<LiveBlogUpdate> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/${liveBlogId}/updates/${updateId}`, {
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/${liveBlogId}/updates/${updateId}`, {
     method: 'PUT',
-    headers: {
-      'Content-Type': 'application/json',
-    },
     body: JSON.stringify(dto),
   });
   if (!response.ok) {
@@ -421,7 +445,7 @@ export async function updateLiveBlogUpdate(
 }
 
 export async function deleteLiveBlogUpdate(liveBlogId: string, updateId: string): Promise<void> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/${liveBlogId}/updates/${updateId}`, {
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/${liveBlogId}/updates/${updateId}`, {
     method: 'DELETE',
   });
   if (!response.ok) {
@@ -430,11 +454,8 @@ export async function deleteLiveBlogUpdate(liveBlogId: string, updateId: string)
 }
 
 export async function createLiveBlog(dto: CreateLiveBlogDto): Promise<LiveBlog> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs`, {
+  const response = await authFetch(`${API_BASE_URL}/live-blogs`, {
     method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-    },
     body: JSON.stringify(dto),
   });
   if (!response.ok) {
@@ -444,11 +465,8 @@ export async function createLiveBlog(dto: CreateLiveBlogDto): Promise<LiveBlog>
 }
 
 export async function updateLiveBlog(id: string, dto: UpdateLiveBlogDto): Promise<LiveBlog> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/${id}`, {
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/${id}`, {
     method: 'PUT',
-    headers: {
-      'Content-Type': 'application/json',
-    },
     body: JSON.stringify(dto),
   });
   if (!response.ok) {
@@ -458,7 +476,7 @@ export async function updateLiveBlog(id: string, dto: UpdateLiveBlogDto): Promis
 }
 
 export async function deleteLiveBlog(id: string): Promise<void> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/${id}`, {
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/${id}`, {
     method: 'DELETE',
   });
   if (!response.ok) {
@@ -467,7 +485,7 @@ export async function deleteLiveBlog(id: string): Promise<void> {
 }
 
 export async function archiveLiveBlog(id: string): Promise<LiveBlog> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/${id}/archive`, {
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/${id}/archive`, {
     method: 'PATCH',
   });
   if (!response.ok) {
@@ -477,7 +495,7 @@ export async function archiveLiveBlog(id: string): Promise<LiveBlog> {
 }
 
 export async function publishLiveBlog(id: string, status: 'draft' | 'live' | 'ended' = 'draft'): Promise<LiveBlog> {
-  const response = await fetch(`${API_BASE_URL}/live-blogs/${id}/publish?status=${status}`, {
+  const response = await authFetch(`${API_BASE_URL}/live-blogs/${id}/publish?status=${status}`, {
     method: 'PATCH',
   });
   if (!response.ok) {
@@ -485,3 +503,223 @@ export async function publishLiveBlog(id: string, status: 'draft' | 'live' | 'en
   }
   return response.json();
 }
+
+// Auth Types
+import type { User, LoginDto, RegisterDto, AuthResponse } from '@/types';
+
+// Auth API Functions
+export async function login(dto: LoginDto): Promise<AuthResponse> {
+  const response = await fetch(`${API_BASE_URL}/auth/login`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(dto),
+  });
+  
+  if (!response.ok) {
+    const error = await response.json();
+    throw new Error(error.message || 'Login failed');
+  }
+  
+  return response.json();
+}
+
+export async function register(dto: RegisterDto): Promise<AuthResponse> {
+  const response = await fetch(`${API_BASE_URL}/auth/register`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(dto),
+  });
+  
+  if (!response.ok) {
+    const error = await response.json();
+    throw new Error(error.message || 'Registration failed');
+  }
+  
+  return response.json();
+}
+
+export async function getProfile(): Promise<User> {
+  const response = await authFetch(`${API_BASE_URL}/users/profile`, {
+    method: 'GET',
+  });
+  
+  if (!response.ok) {
+    throw new Error('Failed to fetch profile');
+  }
+  
+  return response.json();
+}
+
+export async function logout(): Promise<void> {
+  localStorage.removeItem('token');
+  localStorage.removeItem('user');
+}
+
+// Comment Types
+export interface Comment {
+  id: string;
+  content: string;
+  articleId: string | null;
+  liveBlogId: string | null;
+  parentCommentId: string | null;
+  userId: string;
+  isVisible: boolean;
+  user?: {
+    id: string;
+    username: string;
+    email: string;
+    role: string;
+  };
+  reactions?: {
+    likes: number;
+    dislikes: number;
+  };
+  createdAt: string;
+  updatedAt: string;
+}
+
+export interface CreateCommentDto {
+  content: string;
+  articleId?: string;
+  liveBlogId?: string;
+  parentCommentId?: string;
+}
+
+export interface UpdateCommentDto {
+  content?: string;
+  isVisible?: boolean;
+}
+
+export interface FindCommentsParams {
+  articleId?: string;
+  liveBlogId?: string;
+  parentCommentId?: string;
+  page?: number;
+  limit?: number;
+}
+
+export interface CommentsResponse {
+  data: Comment[];
+  total: number;
+  page?: number;
+  limit?: number;
+}
+
+export interface ReactionCounts {
+  likes: number;
+  dislikes: number;
+}
+
+export interface CreateReactionDto {
+  type: 'like' | 'dislike';
+  articleId?: string;
+  liveBlogId?: string;
+  commentId?: string;
+}
+
+// Comment API Functions
+export async function fetchComments(params: FindCommentsParams = {}): Promise<CommentsResponse> {
+  const searchParams = new URLSearchParams();
+  
+  Object.entries(params).forEach(([key, value]) => {
+    if (value !== undefined && value !== null) {
+      if (typeof value === 'number') {
+        searchParams.append(key, value.toString());
+      } else {
+        searchParams.append(key, String(value));
+      }
+    }
+  });
+
+  const response = await authFetch(`${API_BASE_URL}/comments?${searchParams}`);
+  if (!response.ok) {
+    throw new Error('Failed to fetch comments');
+  }
+  return response.json();
+}
+
+export async function createComment(dto: CreateCommentDto): Promise<Comment> {
+  const response = await authFetch(`${API_BASE_URL}/comments`, {
+    method: 'POST',
+    body: JSON.stringify(dto),
+  });
+  if (!response.ok) {
+    throw new Error('Failed to create comment');
+  }
+  return response.json();
+}
+
+export async function updateComment(id: string, dto: UpdateCommentDto): Promise<Comment> {
+  const response = await authFetch(`${API_BASE_URL}/comments/${id}`, {
+    method: 'PUT',
+    body: JSON.stringify(dto),
+  });
+  if (!response.ok) {
+    throw new Error('Failed to update comment');
+  }
+  return response.json();
+}
+
+export async function deleteComment(id: string): Promise<void> {
+  const response = await authFetch(`${API_BASE_URL}/comments/${id}`, {
+    method: 'DELETE',
+  });
+  if (!response.ok) {
+    throw new Error('Failed to delete comment');
+  }
+}
+
+export async function addReaction(dto: CreateReactionDto): Promise<void> {
+  const response = await authFetch(`${API_BASE_URL}/comments/reactions`, {
+    method: 'POST',
+    body: JSON.stringify(dto),
+  });
+  if (!response.ok) {
+    throw new Error('Failed to add reaction');
+  }
+}
+
+export async function getReactionCounts(
+  articleId?: string,
+  liveBlogId?: string,
+  commentId?: string
+): Promise<ReactionCounts> {
+  const searchParams = new URLSearchParams();
+  
+  if (articleId) searchParams.append('articleId', articleId);
+  if (liveBlogId) searchParams.append('liveBlogId', liveBlogId);
+  if (commentId) searchParams.append('commentId', commentId);
+
+  const url = `${API_BASE_URL}/comments/reactions/counts${searchParams.toString() ? `?${searchParams}` : ''}`;
+  const response = await authFetch(url);
+  if (!response.ok) {
+    throw new Error('Failed to fetch reaction counts');
+  }
+  return response.json();
+}
+
+export async function getUserReaction(
+  articleId?: string,
+  liveBlogId?: string,
+  commentId?: string
+): Promise<{ type: string | null }> {
+  const searchParams = new URLSearchParams();
+  
+  if (articleId) searchParams.append('articleId', articleId);
+  if (liveBlogId) searchParams.append('liveBlogId', liveBlogId);
+  if (commentId) searchParams.append('commentId', commentId);
+
+  const url = `${API_BASE_URL}/comments/reactions/user${searchParams.toString() ? `?${searchParams}` : ''}`;
+  const response = await authFetch(url);
+  if (!response.ok) {
+    if (response.status === 401) {
+      return { type: null };
+    }
+    throw new Error('Failed to fetch user reaction');
+  }
+  return response.json();
+}
diff --git a/frontend/src/main.tsx b/frontend/src/main.tsx
index a9f6a3b..81e5307 100644
--- a/frontend/src/main.tsx
+++ b/frontend/src/main.tsx
@@ -3,13 +3,16 @@ import ReactDOM from 'react-dom/client'
 import { RouterProvider } from '@tanstack/react-router'
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query'
 import { router } from './routes'
+import { AuthProvider } from './contexts/AuthContext'
 
 const queryClient = new QueryClient()
 
 ReactDOM.createRoot(document.getElementById('root')!).render(
   <StrictMode>
     <QueryClientProvider client={queryClient}>
-      <RouterProvider router={router} />
+      <AuthProvider>
+        <RouterProvider router={router} />
+      </AuthProvider>
     </QueryClientProvider>
   </StrictMode>,
 )
diff --git a/frontend/src/queries/auth.ts b/frontend/src/queries/auth.ts
new file mode 100644
index 0000000..61379cb
--- /dev/null
+++ b/frontend/src/queries/auth.ts
@@ -0,0 +1,49 @@
+import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
+import * as api from '../lib/api';
+
+export function useLogin() {
+  const queryClient = useQueryClient();
+  
+  return useMutation({
+    mutationFn: ({ username, password }: { username: string; password: string }) =>
+      api.login({ username, password }),
+    onSuccess: (data) => {
+      queryClient.setQueryData(['auth', 'user'], data.user);
+      queryClient.setQueryData(['auth', 'token'], data.access_token);
+    },
+  });
+}
+
+export function useRegister() {
+  const queryClient = useQueryClient();
+  
+  return useMutation({
+    mutationFn: ({ username, email, password }: { username: string; email: string; password: string }) =>
+      api.register({ username, email, password }),
+    onSuccess: (data) => {
+      queryClient.setQueryData(['auth', 'user'], data.user);
+      queryClient.setQueryData(['auth', 'token'], data.access_token);
+    },
+  });
+}
+
+export function useProfile() {
+  return useQuery({
+    queryKey: ['auth', 'user'],
+    queryFn: api.getProfile,
+    enabled: false, // We'll manually trigger this when needed
+    retry: false,
+  });
+}
+
+export function useLogout() {
+  const queryClient = useQueryClient();
+  
+  return useMutation({
+    mutationFn: api.logout,
+    onSuccess: () => {
+      queryClient.removeQueries({ queryKey: ['auth'] });
+      queryClient.clear();
+    },
+  });
+}
\ No newline at end of file
diff --git a/frontend/src/queries/comments.ts b/frontend/src/queries/comments.ts
new file mode 100644
index 0000000..fca7d6e
--- /dev/null
+++ b/frontend/src/queries/comments.ts
@@ -0,0 +1,98 @@
+import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
+import * as api from '../lib/api';
+
+export function useComments(params: api.FindCommentsParams = {}) {
+  return useQuery({
+    queryKey: ['comments', params],
+    queryFn: () => api.fetchComments(params),
+  });
+}
+
+export function useCreateComment() {
+  const queryClient = useQueryClient();
+  
+  return useMutation({
+    mutationFn: api.createComment,
+    onSuccess: (data, variables) => {
+      queryClient.invalidateQueries({ 
+        queryKey: ['comments', { articleId: variables.articleId }] 
+      });
+      queryClient.invalidateQueries({ 
+        queryKey: ['comments', { liveBlogId: variables.liveBlogId }] 
+      });
+    },
+  });
+}
+
+export function useUpdateComment() {
+  const queryClient = useQueryClient();
+  
+  return useMutation({
+    mutationFn: ({ id, dto }: { id: string; dto: api.UpdateCommentDto }) =>
+      api.updateComment(id, dto),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: ['comments'] });
+    },
+  });
+}
+
+export function useDeleteComment() {
+  const queryClient = useQueryClient();
+  
+  return useMutation({
+    mutationFn: api.deleteComment,
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: ['comments'] });
+    },
+  });
+}
+
+export function useReactionCounts(
+  articleId?: string,
+  liveBlogId?: string,
+  commentId?: string
+) {
+  return useQuery({
+    queryKey: ['reactions', 'counts', { articleId, liveBlogId, commentId }],
+    queryFn: () => api.getReactionCounts(articleId, liveBlogId, commentId),
+    enabled: !!articleId || !!liveBlogId || !!commentId,
+  });
+}
+
+export function useUserReaction(
+  articleId?: string,
+  liveBlogId?: string,
+  commentId?: string
+) {
+  return useQuery({
+    queryKey: ['reactions', 'user', { articleId, liveBlogId, commentId }],
+    queryFn: () => api.getUserReaction(articleId, liveBlogId, commentId),
+    enabled: !!articleId || !!liveBlogId || !!commentId,
+    retry: false,
+  });
+}
+
+export function useAddReaction() {
+  const queryClient = useQueryClient();
+  
+  return useMutation({
+    mutationFn: api.addReaction,
+    onSuccess: (_, variables) => {
+      // Invalidate both counts and user reaction queries
+      queryClient.invalidateQueries({ 
+        queryKey: ['reactions', 'counts', { 
+          articleId: variables.articleId,
+          liveBlogId: variables.liveBlogId,
+          commentId: variables.commentId
+        }] 
+      });
+      queryClient.invalidateQueries({ 
+        queryKey: ['reactions', 'user', { 
+          articleId: variables.articleId,
+          liveBlogId: variables.liveBlogId,
+          commentId: variables.commentId
+        }] 
+      });
+    },
+  });
+}
\ No newline at end of file
diff --git a/frontend/src/routes.tsx b/frontend/src/routes.tsx
index b82b554..32ae47d 100644
--- a/frontend/src/routes.tsx
+++ b/frontend/src/routes.tsx
@@ -1,4 +1,4 @@
-import { createRootRoute, createRoute, createRouter, Outlet, Link } from '@tanstack/react-router'
+import { createRootRoute, createRoute, createRouter, Outlet } from '@tanstack/react-router'
 import { ArticleTicker } from './components/ArticleTicker'
 import { ArticlesComponent } from './components/routes/ArticlesComponent'
 import { ArticleDetailComponent } from './components/routes/ArticleDetailComponent'
@@ -7,8 +7,11 @@ import { LiveBlogDetailComponent } from './components/routes/LiveBlogDetailCompo
 import { LiveBlogAdminComponent } from './components/routes/LiveBlogAdminComponent'
 import { CreateLiveBlogComponent } from './components/routes/CreateLiveBlogComponent'
 import { AdminDashboardComponent } from './components/routes/AdminDashboardComponent'
+import { AuthPage } from './components/routes/AuthPage'
 import { LiveBlogTicker } from './components/features/live-blog/LiveBlogTicker'
 import { PinnedLiveBlogSidebar } from './components/features/live-blog/PinnedLiveBlogSidebar'
+import { ProtectedRoute } from './components/auth/ProtectedRoute'
+import { Header } from './components/layout/Header'
 import './styles.css'
 
 const rootRoute = createRootRoute({
@@ -22,30 +25,7 @@ const rootRoute = createRootRoute({
   }),
   component: () => (
     <div className="min-h-screen bg-background text-foreground flex flex-col">
-      <header className="border-b">
-        <div className="container mx-auto max-w-6xl px-4 py-4">
-          <h1 className="text-3xl font-bold">
-            <Link to="/" className="hover:underline">Placebo.mk</Link>
-          </h1>
-            <nav className="flex gap-4">
-              <Link to="/" className="text-sm font-medium hover:underline">
-                Home
-              </Link>
-              <Link to="/articles" className="text-sm font-medium hover:underline">
-                Articles
-              </Link>
-              <Link to="/live-blogs" className="text-sm font-medium hover:underline">
-                Live
-              </Link>
-              <Link to="/admin" className="text-sm font-medium hover:underline text-primary">
-                Admin
-              </Link>
-              <Link to="/admin/live-blogs/create" className="text-sm font-medium hover:underline text-primary">
-                + New Live Blog
-              </Link>
-            </nav>
-        </div>
-      </header>
+      <Header />
 
       <main className="flex-1 container mx-auto max-w-6xl px-4 py-8">
         <Outlet />
@@ -236,25 +216,43 @@ const liveBlogDetailRoute = createRoute({
   },
 })
 
+const authRoute = createRoute({
+  getParentRoute: () => rootRoute,
+  path: '/auth',
+  component: AuthPage,
+})
+
 const liveBlogAdminRoute = createRoute({
   getParentRoute: () => rootRoute,
   path: '/admin/live-blogs/$slug',
   component: () => {
     const { slug } = liveBlogAdminRoute.useParams()
-    return <LiveBlogAdminComponent slug={slug} />
+    return (
+      <ProtectedRoute requiredRole="admin">
+        <LiveBlogAdminComponent slug={slug} />
+      </ProtectedRoute>
+    )
   },
 })
 
 const createLiveBlogRoute = createRoute({
   getParentRoute: () => rootRoute,
   path: '/admin/live-blogs/create',
-  component: CreateLiveBlogComponent,
+  component: () => (
+    <ProtectedRoute requiredRole="admin">
+      <CreateLiveBlogComponent />
+    </ProtectedRoute>
+  ),
 })
 
 const adminDashboardRoute = createRoute({
   getParentRoute: () => rootRoute,
   path: '/admin',
-  component: AdminDashboardComponent,
+  component: () => (
+    <ProtectedRoute requiredRole="admin">
+      <AdminDashboardComponent />
+    </ProtectedRoute>
+  ),
 })
 
 const routeTree = rootRoute.addChildren([
@@ -263,6 +261,7 @@ const routeTree = rootRoute.addChildren([
   articleDetailRoute,
   liveBlogsRoute,
   liveBlogDetailRoute,
+  authRoute,
   liveBlogAdminRoute,
   createLiveBlogRoute,
   adminDashboardRoute,
diff --git a/frontend/src/types/auth.ts b/frontend/src/types/auth.ts
new file mode 100644
index 0000000..2f7ae79
--- /dev/null
+++ b/frontend/src/types/auth.ts
@@ -0,0 +1,32 @@
+export type UserRole = 'admin' | 'contributor' | 'user';
+
+export interface User {
+  id: string;
+  username: string;
+  email: string;
+  role: UserRole;
+  createdAt: string;
+  updatedAt: string;
+}
+
+export interface LoginDto {
+  username: string;
+  password: string;
+}
+
+export interface RegisterDto {
+  username: string;
+  email: string;
+  password: string;
+}
+
+export interface AuthResponse {
+  access_token: string;
+  user: User;
+}
+
+export interface ApiError {
+  message: string;
+  statusCode: number;
+  error?: string;
+}
\ No newline at end of file
diff --git a/frontend/src/types/index.ts b/frontend/src/types/index.ts
new file mode 100644
index 0000000..e295e15
--- /dev/null
+++ b/frontend/src/types/index.ts
@@ -0,0 +1 @@
+export * from './auth';
\ No newline at end of file
diff --git a/frontend/vite.config.ts b/frontend/vite.config.ts
index c2618b9..038a96c 100644
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -13,6 +13,12 @@ export default defineConfig({
     alias: {
       '@': path.resolve(__dirname, './src'),
     },
+    // For npm workspaces - look for dependencies in parent node_modules
+    preserveSymlinks: true,
+  },
+  // For npm workspaces - optimize dependencies from root
+  optimizeDeps: {
+    include: ['react', 'react-dom', 'react-markdown'],
   },
   server: {
     host: true, // Listen on all addresses
diff --git a/package-lock.json b/package-lock.json
index 421a411..869a066 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -25,10 +25,19 @@
         "@nestjs/config": "^4.0.2",
         "@nestjs/core": "^11.0.1",
         "@nestjs/event-emitter": "^3.0.1",
+        "@nestjs/jwt": "^11.0.2",
+        "@nestjs/passport": "^11.0.5",
         "@nestjs/platform-express": "^11.0.1",
         "@nestjs/typeorm": "^11.0.0",
+        "@types/bcrypt": "^6.0.0",
+        "@types/passport-jwt": "^4.0.1",
+        "@types/passport-local": "^1.0.38",
+        "bcrypt": "^6.0.0",
         "class-transformer": "^0.5.1",
         "class-validator": "^0.14.3",
+        "passport": "^0.7.0",
+        "passport-jwt": "^4.0.1",
+        "passport-local": "^1.0.0",
         "pg": "^8.18.0",
         "reflect-metadata": "^0.2.2",
         "rxjs": "^7.8.1",
@@ -632,14 +641,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "backend/node_modules/@borewit/text-codec": {
-      "version": "0.1.1",
-      "license": "MIT",
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/Borewit"
-      }
-    },
     "backend/node_modules/@colors/colors": {
       "version": "1.5.0",
       "dev": true,
@@ -1787,13 +1788,6 @@
         "@jridgewell/sourcemap-codec": "^1.4.14"
       }
     },
-    "backend/node_modules/@lukeed/csprng": {
-      "version": "1.1.0",
-      "license": "MIT",
-      "engines": {
-        "node": ">=8"
-      }
-    },
     "backend/node_modules/@nestjs/axios": {
       "version": "4.0.1",
       "license": "MIT",
@@ -2003,36 +1997,6 @@
         }
       }
     },
-    "backend/node_modules/@nestjs/common": {
-      "version": "11.1.10",
-      "license": "MIT",
-      "peer": true,
-      "dependencies": {
-        "file-type": "21.1.1",
-        "iterare": "1.2.1",
-        "load-esm": "1.0.3",
-        "tslib": "2.8.1",
-        "uid": "2.0.2"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/nest"
-      },
-      "peerDependencies": {
-        "class-transformer": ">=0.4.1",
-        "class-validator": ">=0.13.2",
-        "reflect-metadata": "^0.1.12 || ^0.2.0",
-        "rxjs": "^7.1.0"
-      },
-      "peerDependenciesMeta": {
-        "class-transformer": {
-          "optional": true
-        },
-        "class-validator": {
-          "optional": true
-        }
-      }
-    },
     "backend/node_modules/@nestjs/config": {
       "version": "4.0.2",
       "license": "MIT",
@@ -2349,25 +2313,6 @@
       "version": "1.2.5",
       "license": "MIT"
     },
-    "backend/node_modules/@tokenizer/inflate": {
-      "version": "0.4.1",
-      "license": "MIT",
-      "dependencies": {
-        "debug": "^4.4.3",
-        "token-types": "^6.1.1"
-      },
-      "engines": {
-        "node": ">=18"
-      },
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/Borewit"
-      }
-    },
-    "backend/node_modules/@tokenizer/token": {
-      "version": "0.3.0",
-      "license": "MIT"
-    },
     "backend/node_modules/@tootallnate/once": {
       "version": "1.1.2",
       "license": "MIT",
@@ -2433,23 +2378,6 @@
         "@babel/types": "^7.28.2"
       }
     },
-    "backend/node_modules/@types/body-parser": {
-      "version": "1.19.6",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@types/connect": "*",
-        "@types/node": "*"
-      }
-    },
-    "backend/node_modules/@types/connect": {
-      "version": "3.4.38",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@types/node": "*"
-      }
-    },
     "backend/node_modules/@types/cookiejar": {
       "version": "2.1.5",
       "dev": true,
@@ -2474,32 +2402,6 @@
         "@types/estree": "*"
       }
     },
-    "backend/node_modules/@types/express": {
-      "version": "5.0.6",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@types/body-parser": "*",
-        "@types/express-serve-static-core": "^5.0.0",
-        "@types/serve-static": "^2"
-      }
-    },
-    "backend/node_modules/@types/express-serve-static-core": {
-      "version": "5.1.0",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@types/node": "*",
-        "@types/qs": "*",
-        "@types/range-parser": "*",
-        "@types/send": "*"
-      }
-    },
-    "backend/node_modules/@types/http-errors": {
-      "version": "2.0.5",
-      "dev": true,
-      "license": "MIT"
-    },
     "backend/node_modules/@types/istanbul-lib-coverage": {
       "version": "2.0.6",
       "dev": true,
@@ -2549,33 +2451,6 @@
         "undici-types": "~6.21.0"
       }
     },
-    "backend/node_modules/@types/qs": {
-      "version": "6.14.0",
-      "dev": true,
-      "license": "MIT"
-    },
-    "backend/node_modules/@types/range-parser": {
-      "version": "1.2.7",
-      "dev": true,
-      "license": "MIT"
-    },
-    "backend/node_modules/@types/send": {
-      "version": "1.2.1",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@types/node": "*"
-      }
-    },
-    "backend/node_modules/@types/serve-static": {
-      "version": "2.2.0",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@types/http-errors": "*",
-        "@types/node": "*"
-      }
-    },
     "backend/node_modules/@types/stack-utils": {
       "version": "2.0.3",
       "dev": true,
@@ -2601,10 +2476,6 @@
         "@types/superagent": "^8.1.0"
       }
     },
-    "backend/node_modules/@types/validator": {
-      "version": "13.15.10",
-      "license": "MIT"
-    },
     "backend/node_modules/@types/yargs": {
       "version": "17.0.35",
       "dev": true,
@@ -3787,21 +3658,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "backend/node_modules/class-transformer": {
-      "version": "0.5.1",
-      "license": "MIT",
-      "peer": true
-    },
-    "backend/node_modules/class-validator": {
-      "version": "0.14.3",
-      "license": "MIT",
-      "peer": true,
-      "dependencies": {
-        "@types/validator": "^13.15.3",
-        "libphonenumber-js": "^1.11.1",
-        "validator": "^13.15.20"
-      }
-    },
     "backend/node_modules/clean-stack": {
       "version": "2.2.0",
       "license": "MIT",
@@ -4748,22 +4604,6 @@
         "node": ">=16.0.0"
       }
     },
-    "backend/node_modules/file-type": {
-      "version": "21.1.1",
-      "license": "MIT",
-      "dependencies": {
-        "@tokenizer/inflate": "^0.4.1",
-        "strtok3": "^10.3.4",
-        "token-types": "^6.1.1",
-        "uint8array-extras": "^1.4.0"
-      },
-      "engines": {
-        "node": ">=20"
-      },
-      "funding": {
-        "url": "https://github.com/sindresorhus/file-type?sponsor=1"
-      }
-    },
     "backend/node_modules/file-uri-to-path": {
       "version": "1.0.0",
       "license": "MIT"
@@ -5338,24 +5178,6 @@
         "url": "https://opencollective.com/express"
       }
     },
-    "backend/node_modules/ieee754": {
-      "version": "1.2.1",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/feross"
-        },
-        {
-          "type": "patreon",
-          "url": "https://www.patreon.com/feross"
-        },
-        {
-          "type": "consulting",
-          "url": "https://feross.org/support"
-        }
-      ],
-      "license": "BSD-3-Clause"
-    },
     "backend/node_modules/ignore": {
       "version": "5.3.2",
       "dev": true,
@@ -5621,13 +5443,6 @@
         "node": ">=8"
       }
     },
-    "backend/node_modules/iterare": {
-      "version": "1.2.1",
-      "license": "ISC",
-      "engines": {
-        "node": ">=6"
-      }
-    },
     "backend/node_modules/jackspeak": {
       "version": "3.4.3",
       "license": "BlueOak-1.0.0",
@@ -6409,32 +6224,11 @@
         "node": ">= 0.8.0"
       }
     },
-    "backend/node_modules/libphonenumber-js": {
-      "version": "1.12.33",
-      "license": "MIT"
-    },
     "backend/node_modules/lines-and-columns": {
       "version": "1.2.4",
       "dev": true,
       "license": "MIT"
     },
-    "backend/node_modules/load-esm": {
-      "version": "1.0.3",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/Borewit"
-        },
-        {
-          "type": "buymeacoffee",
-          "url": "https://buymeacoffee.com/borewit"
-        }
-      ],
-      "license": "MIT",
-      "engines": {
-        "node": ">=13.2.0"
-      }
-    },
     "backend/node_modules/loader-runner": {
       "version": "4.3.1",
       "dev": true,
@@ -7709,11 +7503,6 @@
         "url": "https://paulmillr.com/funding/"
       }
     },
-    "backend/node_modules/reflect-metadata": {
-      "version": "0.2.2",
-      "license": "Apache-2.0",
-      "peer": true
-    },
     "backend/node_modules/require-from-string": {
       "version": "2.0.2",
       "dev": true,
@@ -7821,24 +7610,6 @@
         "node": ">= 18"
       }
     },
-    "backend/node_modules/safe-buffer": {
-      "version": "5.2.1",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/feross"
-        },
-        {
-          "type": "patreon",
-          "url": "https://www.patreon.com/feross"
-        },
-        {
-          "type": "consulting",
-          "url": "https://feross.org/support"
-        }
-      ],
-      "license": "MIT"
-    },
     "backend/node_modules/safer-buffer": {
       "version": "2.1.2",
       "license": "MIT"
@@ -7860,16 +7631,6 @@
         "url": "https://opencollective.com/webpack"
       }
     },
-    "backend/node_modules/semver": {
-      "version": "7.7.3",
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "backend/node_modules/send": {
       "version": "1.2.1",
       "license": "MIT",
@@ -8332,20 +8093,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "backend/node_modules/strtok3": {
-      "version": "10.3.4",
-      "license": "MIT",
-      "dependencies": {
-        "@tokenizer/token": "^0.3.0"
-      },
-      "engines": {
-        "node": ">=18"
-      },
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/Borewit"
-      }
-    },
     "backend/node_modules/superagent": {
       "version": "10.2.3",
       "dev": true,
@@ -8727,22 +8474,6 @@
         "node": ">=0.6"
       }
     },
-    "backend/node_modules/token-types": {
-      "version": "6.1.1",
-      "license": "MIT",
-      "dependencies": {
-        "@borewit/text-codec": "^0.1.0",
-        "@tokenizer/token": "^0.3.0",
-        "ieee754": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14.16"
-      },
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/Borewit"
-      }
-    },
     "backend/node_modules/ts-api-utils": {
       "version": "2.3.0",
       "dev": true,
@@ -9217,26 +8948,6 @@
         "node": ">=0.8.0"
       }
     },
-    "backend/node_modules/uid": {
-      "version": "2.0.2",
-      "license": "MIT",
-      "dependencies": {
-        "@lukeed/csprng": "^1.0.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "backend/node_modules/uint8array-extras": {
-      "version": "1.5.0",
-      "license": "MIT",
-      "engines": {
-        "node": ">=18"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "backend/node_modules/undici-types": {
       "version": "6.21.0",
       "devOptional": true,
@@ -9376,13 +9087,6 @@
         "node": ">=10.12.0"
       }
     },
-    "backend/node_modules/validator": {
-      "version": "13.15.26",
-      "license": "MIT",
-      "engines": {
-        "node": ">= 0.10"
-      }
-    },
     "backend/node_modules/vary": {
       "version": "1.1.2",
       "license": "MIT",
@@ -10307,14 +10011,6 @@
         "node": ">=6.9.0"
       }
     },
-    "cms/cms/node_modules/@borewit/text-codec": {
-      "version": "0.1.1",
-      "license": "MIT",
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/Borewit"
-      }
-    },
     "cms/cms/node_modules/@casl/ability": {
       "version": "6.5.0",
       "license": "MIT",
@@ -13691,10 +13387,6 @@
       "version": "2.1.3",
       "license": "MIT"
     },
-    "cms/cms/node_modules/@tokenizer/token": {
-      "version": "0.3.0",
-      "license": "MIT"
-    },
     "cms/cms/node_modules/@types/accepts": {
       "version": "1.3.7",
       "license": "MIT",
@@ -13710,14 +13402,6 @@
       "version": "5.0.4",
       "license": "MIT"
     },
-    "cms/cms/node_modules/@types/body-parser": {
-      "version": "1.19.6",
-      "license": "MIT",
-      "dependencies": {
-        "@types/connect": "*",
-        "@types/node": "*"
-      }
-    },
     "cms/cms/node_modules/@types/cacheable-request": {
       "version": "6.0.3",
       "license": "MIT",
@@ -13736,13 +13420,6 @@
         "@types/qs": "*"
       }
     },
-    "cms/cms/node_modules/@types/connect": {
-      "version": "3.4.38",
-      "license": "MIT",
-      "dependencies": {
-        "@types/node": "*"
-      }
-    },
     "cms/cms/node_modules/@types/content-disposition": {
       "version": "0.5.9",
       "license": "MIT"
@@ -13833,10 +13510,6 @@
       "version": "4.0.4",
       "license": "MIT"
     },
-    "cms/cms/node_modules/@types/http-errors": {
-      "version": "2.0.5",
-      "license": "MIT"
-    },
     "cms/cms/node_modules/@types/inquirer": {
       "version": "9.0.9",
       "license": "MIT",
@@ -13853,14 +13526,6 @@
       "version": "7.0.15",
       "license": "MIT"
     },
-    "cms/cms/node_modules/@types/jsonwebtoken": {
-      "version": "9.0.10",
-      "license": "MIT",
-      "dependencies": {
-        "@types/ms": "*",
-        "@types/node": "*"
-      }
-    },
     "cms/cms/node_modules/@types/keygrip": {
       "version": "1.0.6",
       "license": "MIT"
@@ -13939,14 +13604,6 @@
       "version": "15.7.15",
       "license": "MIT"
     },
-    "cms/cms/node_modules/@types/qs": {
-      "version": "6.14.0",
-      "license": "MIT"
-    },
-    "cms/cms/node_modules/@types/range-parser": {
-      "version": "1.2.7",
-      "license": "MIT"
-    },
     "cms/cms/node_modules/@types/react": {
       "version": "18.3.27",
       "license": "MIT",
@@ -13979,13 +13636,6 @@
         "@types/node": "*"
       }
     },
-    "cms/cms/node_modules/@types/send": {
-      "version": "1.2.1",
-      "license": "MIT",
-      "dependencies": {
-        "@types/node": "*"
-      }
-    },
     "cms/cms/node_modules/@types/serve-static": {
       "version": "1.15.10",
       "license": "MIT",
@@ -14784,10 +14434,6 @@
         "ieee754": "^1.1.13"
       }
     },
-    "cms/cms/node_modules/buffer-equal-constant-time": {
-      "version": "1.0.1",
-      "license": "BSD-3-Clause"
-    },
     "cms/cms/node_modules/buffer-from": {
       "version": "1.1.2",
       "license": "MIT"
@@ -15902,13 +15548,6 @@
       "version": "0.2.0",
       "license": "MIT"
     },
-    "cms/cms/node_modules/ecdsa-sig-formatter": {
-      "version": "1.0.11",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "safe-buffer": "^5.0.1"
-      }
-    },
     "cms/cms/node_modules/ee-first": {
       "version": "1.1.1",
       "license": "MIT"
@@ -17496,24 +17135,6 @@
         "postcss": "^8.1.0"
       }
     },
-    "cms/cms/node_modules/ieee754": {
-      "version": "1.2.1",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/feross"
-        },
-        {
-          "type": "patreon",
-          "url": "https://www.patreon.com/feross"
-        },
-        {
-          "type": "consulting",
-          "url": "https://feross.org/support"
-        }
-      ],
-      "license": "BSD-3-Clause"
-    },
     "cms/cms/node_modules/ignore": {
       "version": "5.3.2",
       "license": "MIT",
@@ -18172,16 +17793,6 @@
         "setimmediate": "^1.0.5"
       }
     },
-    "cms/cms/node_modules/jwa": {
-      "version": "2.0.1",
-      "license": "MIT",
-      "optional": true,
-      "dependencies": {
-        "buffer-equal-constant-time": "^1.0.1",
-        "ecdsa-sig-formatter": "1.0.11",
-        "safe-buffer": "^5.0.1"
-      }
-    },
     "cms/cms/node_modules/jwk-to-pem": {
       "version": "2.0.5",
       "license": "Apache-2.0",
@@ -18206,15 +17817,6 @@
         "node": ">=14"
       }
     },
-    "cms/cms/node_modules/jws": {
-      "version": "4.0.1",
-      "license": "MIT",
-      "optional": true,
-      "dependencies": {
-        "jwa": "^2.0.1",
-        "safe-buffer": "^5.0.1"
-      }
-    },
     "cms/cms/node_modules/keygrip": {
       "version": "1.1.0",
       "license": "MIT",
@@ -18723,10 +18325,6 @@
       "version": "4.1.0",
       "license": "MIT"
     },
-    "cms/cms/node_modules/lodash.isplainobject": {
-      "version": "4.0.6",
-      "license": "MIT"
-    },
     "cms/cms/node_modules/log-symbols": {
       "version": "4.1.0",
       "license": "MIT",
@@ -20028,21 +19626,6 @@
         "url": "https://github.com/sponsors/jaredhanson"
       }
     },
-    "cms/cms/node_modules/passport-local": {
-      "version": "1.0.0",
-      "dependencies": {
-        "passport-strategy": "1.x.x"
-      },
-      "engines": {
-        "node": ">= 0.4.0"
-      }
-    },
-    "cms/cms/node_modules/passport-strategy": {
-      "version": "1.0.0",
-      "engines": {
-        "node": ">= 0.4.0"
-      }
-    },
     "cms/cms/node_modules/path-exists": {
       "version": "3.0.0",
       "license": "MIT",
@@ -20114,9 +19697,6 @@
         "node": ">=8"
       }
     },
-    "cms/cms/node_modules/pause": {
-      "version": "0.0.1"
-    },
     "cms/cms/node_modules/pg-connection-string": {
       "version": "2.6.1",
       "license": "MIT"
@@ -21639,24 +21219,6 @@
         "queue-microtask": "^1.2.2"
       }
     },
-    "cms/cms/node_modules/safe-buffer": {
-      "version": "5.2.1",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/feross"
-        },
-        {
-          "type": "patreon",
-          "url": "https://www.patreon.com/feross"
-        },
-        {
-          "type": "consulting",
-          "url": "https://feross.org/support"
-        }
-      ],
-      "license": "MIT"
-    },
     "cms/cms/node_modules/safe-regex-test": {
       "version": "1.1.0",
       "license": "MIT",
@@ -22315,20 +21877,6 @@
         "node": ">=0.10.0"
       }
     },
-    "cms/cms/node_modules/strtok3": {
-      "version": "10.3.4",
-      "license": "MIT",
-      "dependencies": {
-        "@tokenizer/token": "^0.3.0"
-      },
-      "engines": {
-        "node": ">=18"
-      },
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/Borewit"
-      }
-    },
     "cms/cms/node_modules/style-loader": {
       "version": "3.3.4",
       "license": "MIT",
@@ -22676,22 +22224,6 @@
         "node": ">=0.6"
       }
     },
-    "cms/cms/node_modules/token-types": {
-      "version": "6.1.1",
-      "license": "MIT",
-      "dependencies": {
-        "@borewit/text-codec": "^0.1.0",
-        "@tokenizer/token": "^0.3.0",
-        "ieee754": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14.16"
-      },
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/Borewit"
-      }
-    },
     "cms/cms/node_modules/toposort": {
       "version": "2.0.2",
       "license": "MIT"
@@ -22829,16 +22361,6 @@
         "node": ">=0.8.0"
       }
     },
-    "cms/cms/node_modules/uint8array-extras": {
-      "version": "1.5.0",
-      "license": "MIT",
-      "engines": {
-        "node": ">=18"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "cms/cms/node_modules/umzug": {
       "version": "3.8.1",
       "license": "MIT",
@@ -23047,13 +22569,6 @@
       "version": "0.4.0",
       "license": "MIT"
     },
-    "cms/cms/node_modules/utils-merge": {
-      "version": "1.0.1",
-      "license": "MIT",
-      "engines": {
-        "node": ">= 0.4.0"
-      }
-    },
     "cms/cms/node_modules/uuid": {
       "version": "8.3.2",
       "license": "MIT",
@@ -27060,11 +26575,6 @@
         "typescript": ">=4.8.4 <6.0.0"
       }
     },
-    "frontend/node_modules/undici-types": {
-      "version": "7.16.0",
-      "devOptional": true,
-      "license": "MIT"
-    },
     "frontend/node_modules/update-browserslist-db": {
       "version": "1.2.3",
       "dev": true,
@@ -27288,6 +26798,131 @@
         "node": ">=6.9.0"
       }
     },
+    "node_modules/@borewit/text-codec": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/@borewit/text-codec/-/text-codec-0.2.1.tgz",
+      "integrity": "sha512-k7vvKPbf7J2fZ5klGRD9AeKfUvojuZIQ3BT5u7Jfv+puwXkUBUT5PVyMDfJZpy30CBDXGMgw7fguK/lpOMBvgw==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/Borewit"
+      }
+    },
+    "node_modules/@lukeed/csprng": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@lukeed/csprng/-/csprng-1.1.0.tgz",
+      "integrity": "sha512-Z7C/xXCiGWsg0KuKsHTKJxbWhpI3Vs5GwLfOean7MGyVFGqdRgBbAjOCh6u4bbjPc/8MJ2pZmK/0DLdCbivLDA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@nestjs/common": {
+      "version": "11.1.13",
+      "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-11.1.13.tgz",
+      "integrity": "sha512-ieqWtipT+VlyDWLz5Rvz0f3E5rXcVAnaAi+D53DEHLjc1kmFxCgZ62qVfTX2vwkywwqNkTNXvBgGR72hYqV//Q==",
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "file-type": "21.3.0",
+        "iterare": "1.2.1",
+        "load-esm": "1.0.3",
+        "tslib": "2.8.1",
+        "uid": "2.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/nest"
+      },
+      "peerDependencies": {
+        "class-transformer": ">=0.4.1",
+        "class-validator": ">=0.13.2",
+        "reflect-metadata": "^0.1.12 || ^0.2.0",
+        "rxjs": "^7.1.0"
+      },
+      "peerDependenciesMeta": {
+        "class-transformer": {
+          "optional": true
+        },
+        "class-validator": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@nestjs/jwt": {
+      "version": "11.0.2",
+      "resolved": "https://registry.npmjs.org/@nestjs/jwt/-/jwt-11.0.2.tgz",
+      "integrity": "sha512-rK8aE/3/Ma45gAWfCksAXUNbOoSOUudU0Kn3rT39htPF7wsYXtKfjALKeKKJbFrIWbLjsbqfXX5bIJNvgBugGA==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/jsonwebtoken": "9.0.10",
+        "jsonwebtoken": "9.0.3"
+      },
+      "peerDependencies": {
+        "@nestjs/common": "^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0"
+      }
+    },
+    "node_modules/@nestjs/passport": {
+      "version": "11.0.5",
+      "resolved": "https://registry.npmjs.org/@nestjs/passport/-/passport-11.0.5.tgz",
+      "integrity": "sha512-ulQX6mbjlws92PIM15Naes4F4p2JoxGnIJuUsdXQPT+Oo2sqQmENEZXM7eYuimocfHnKlcfZOuyzbA33LwUlOQ==",
+      "license": "MIT",
+      "peerDependencies": {
+        "@nestjs/common": "^10.0.0 || ^11.0.0",
+        "passport": "^0.5.0 || ^0.6.0 || ^0.7.0"
+      }
+    },
+    "node_modules/@tokenizer/inflate": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/@tokenizer/inflate/-/inflate-0.4.1.tgz",
+      "integrity": "sha512-2mAv+8pkG6GIZiF1kNg1jAjh27IDxEPKwdGul3snfztFerfPGI1LjDezZp3i7BElXompqEtPmoPx6c2wgtWsOA==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.4.3",
+        "token-types": "^6.1.1"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/Borewit"
+      }
+    },
+    "node_modules/@tokenizer/token": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/@tokenizer/token/-/token-0.3.0.tgz",
+      "integrity": "sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A==",
+      "license": "MIT"
+    },
+    "node_modules/@types/bcrypt": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/@types/bcrypt/-/bcrypt-6.0.0.tgz",
+      "integrity": "sha512-/oJGukuH3D2+D+3H4JWLaAsJ/ji86dhRidzZ/Od7H/i8g+aCmvkeCc6Ni/f9uxGLSQVCRZkX2/lqEFG2BvWtlQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/body-parser": {
+      "version": "1.19.6",
+      "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.6.tgz",
+      "integrity": "sha512-HLFeCYgz89uk22N5Qg3dvGvsv46B8GLvKKo1zKG4NybA8U2DiEO3w9lqGg29t/tfLRJpJ6iQxnVw4OnB7MoM9g==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/connect": "*",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/connect": {
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz",
+      "integrity": "sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/@types/debug": {
       "version": "4.1.12",
       "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz",
@@ -27312,6 +26947,29 @@
         "@types/estree": "*"
       }
     },
+    "node_modules/@types/express": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/@types/express/-/express-5.0.6.tgz",
+      "integrity": "sha512-sKYVuV7Sv9fbPIt/442koC7+IIwK5olP1KWeD88e/idgoJqDm3JV/YUiPwkoKK92ylff2MGxSz1CSjsXelx0YA==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/body-parser": "*",
+        "@types/express-serve-static-core": "^5.0.0",
+        "@types/serve-static": "^2"
+      }
+    },
+    "node_modules/@types/express-serve-static-core": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-5.1.1.tgz",
+      "integrity": "sha512-v4zIMr/cX7/d2BpAEX3KNKL/JrT1s43s96lLvvdTmza1oEvDudCqK9aF/djc/SWgy8Yh0h30TZx5VpzqFCxk5A==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*",
+        "@types/qs": "*",
+        "@types/range-parser": "*",
+        "@types/send": "*"
+      }
+    },
     "node_modules/@types/hast": {
       "version": "3.0.4",
       "resolved": "https://registry.npmjs.org/@types/hast/-/hast-3.0.4.tgz",
@@ -27321,6 +26979,22 @@
         "@types/unist": "*"
       }
     },
+    "node_modules/@types/http-errors": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.5.tgz",
+      "integrity": "sha512-r8Tayk8HJnX0FztbZN7oVqGccWgw98T/0neJphO91KkmOzug1KkofZURD4UaD5uH8AqcFLfdPErnBod0u71/qg==",
+      "license": "MIT"
+    },
+    "node_modules/@types/jsonwebtoken": {
+      "version": "9.0.10",
+      "resolved": "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.10.tgz",
+      "integrity": "sha512-asx5hIG9Qmf/1oStypjanR7iKTv0gXQ1Ov/jfrX6kS/EO0OFni8orbmGCn0672NHR3kXHwpAwR+B368ZGN/2rA==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/ms": "*",
+        "@types/node": "*"
+      }
+    },
     "node_modules/@types/mdast": {
       "version": "4.0.4",
       "resolved": "https://registry.npmjs.org/@types/mdast/-/mdast-4.0.4.tgz",
@@ -27336,6 +27010,67 @@
       "integrity": "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==",
       "license": "MIT"
     },
+    "node_modules/@types/node": {
+      "version": "25.2.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.2.0.tgz",
+      "integrity": "sha512-DZ8VwRFUNzuqJ5khrvwMXHmvPe+zGayJhr2CDNiKB1WBE1ST8Djl00D0IC4vvNmHMdj6DlbYRIaFE7WHjlDl5w==",
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~7.16.0"
+      }
+    },
+    "node_modules/@types/passport": {
+      "version": "1.0.17",
+      "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.17.tgz",
+      "integrity": "sha512-aciLyx+wDwT2t2/kJGJR2AEeBz0nJU4WuRX04Wu9Dqc5lSUtwu0WERPHYsLhF9PtseiAMPBGNUOtFjxZ56prsg==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/express": "*"
+      }
+    },
+    "node_modules/@types/passport-jwt": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/@types/passport-jwt/-/passport-jwt-4.0.1.tgz",
+      "integrity": "sha512-Y0Ykz6nWP4jpxgEUYq8NoVZeCQPo1ZndJLfapI249g1jHChvRfZRO/LS3tqu26YgAS/laI1qx98sYGz0IalRXQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/jsonwebtoken": "*",
+        "@types/passport-strategy": "*"
+      }
+    },
+    "node_modules/@types/passport-local": {
+      "version": "1.0.38",
+      "resolved": "https://registry.npmjs.org/@types/passport-local/-/passport-local-1.0.38.tgz",
+      "integrity": "sha512-nsrW4A963lYE7lNTv9cr5WmiUD1ibYJvWrpE13oxApFsRt77b0RdtZvKbCdNIY4v/QZ6TRQWaDDEwV1kCTmcXg==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/express": "*",
+        "@types/passport": "*",
+        "@types/passport-strategy": "*"
+      }
+    },
+    "node_modules/@types/passport-strategy": {
+      "version": "0.2.38",
+      "resolved": "https://registry.npmjs.org/@types/passport-strategy/-/passport-strategy-0.2.38.tgz",
+      "integrity": "sha512-GC6eMqqojOooq993Tmnmp7AUTbbQSgilyvpCYQjT+H6JfG/g6RGc7nXEniZlp0zyKJ0WUdOiZWLBZft9Yug1uA==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/express": "*",
+        "@types/passport": "*"
+      }
+    },
+    "node_modules/@types/qs": {
+      "version": "6.14.0",
+      "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.14.0.tgz",
+      "integrity": "sha512-eOunJqu0K1923aExK6y8p6fsihYEn/BYuQ4g0CxAAgFc4b/ZLN4CrsRZ55srTdqoiLzU2B2evC+apEIxprEzkQ==",
+      "license": "MIT"
+    },
+    "node_modules/@types/range-parser": {
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz",
+      "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==",
+      "license": "MIT"
+    },
     "node_modules/@types/react": {
       "version": "19.2.10",
       "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.10.tgz",
@@ -27346,12 +27081,37 @@
         "csstype": "^3.2.2"
       }
     },
+    "node_modules/@types/send": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@types/send/-/send-1.2.1.tgz",
+      "integrity": "sha512-arsCikDvlU99zl1g69TcAB3mzZPpxgw0UQnaHeC1Nwb015xp8bknZv5rIfri9xTOcMuaVgvabfIRA7PSZVuZIQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/serve-static": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-2.2.0.tgz",
+      "integrity": "sha512-8mam4H1NHLtu7nmtalF7eyBH14QyOASmcxHhSfEoRyr0nP/YdoesEtU+uSRvMe96TW/HPTtkoKqQLl53N7UXMQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/http-errors": "*",
+        "@types/node": "*"
+      }
+    },
     "node_modules/@types/unist": {
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz",
       "integrity": "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==",
       "license": "MIT"
     },
+    "node_modules/@types/validator": {
+      "version": "13.15.10",
+      "resolved": "https://registry.npmjs.org/@types/validator/-/validator-13.15.10.tgz",
+      "integrity": "sha512-T8L6i7wCuyoK8A/ZeLYt1+q0ty3Zb9+qbSSvrIVitzT3YjZqkTZ40IbRsPanlB4h1QB3JVL1SYCdR6ngtFYcuA==",
+      "license": "MIT"
+    },
     "node_modules/@ungap/structured-clone": {
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.3.0.tgz",
@@ -27396,6 +27156,26 @@
         "url": "https://github.com/sponsors/wooorm"
       }
     },
+    "node_modules/bcrypt": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/bcrypt/-/bcrypt-6.0.0.tgz",
+      "integrity": "sha512-cU8v/EGSrnH+HnxV2z0J7/blxH8gq7Xh2JFT6Aroax7UohdmiJJlxApMxtKfuI7z68NvvVcmR78k2LbT6efhRg==",
+      "hasInstallScript": true,
+      "license": "MIT",
+      "dependencies": {
+        "node-addon-api": "^8.3.0",
+        "node-gyp-build": "^4.8.4"
+      },
+      "engines": {
+        "node": ">= 18"
+      }
+    },
+    "node_modules/buffer-equal-constant-time": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
+      "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==",
+      "license": "BSD-3-Clause"
+    },
     "node_modules/ccount": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/ccount/-/ccount-2.0.1.tgz",
@@ -27474,6 +27254,25 @@
         "url": "https://github.com/sponsors/wooorm"
       }
     },
+    "node_modules/class-transformer": {
+      "version": "0.5.1",
+      "resolved": "https://registry.npmjs.org/class-transformer/-/class-transformer-0.5.1.tgz",
+      "integrity": "sha512-SQa1Ws6hUbfC98vKGxZH3KFY0Y1lm5Zm0SY8XX9zbK7FJCyVEac3ATW0RIpwzW+oOfmHE5PMPufDG9hCfoEOMw==",
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/class-validator": {
+      "version": "0.14.3",
+      "resolved": "https://registry.npmjs.org/class-validator/-/class-validator-0.14.3.tgz",
+      "integrity": "sha512-rXXekcjofVN1LTOSw+u4u9WXVEUvNBVjORW154q/IdmYWy1nMbOU9aNtZB0t8m+FJQ9q91jlr2f9CwwUFdFMRA==",
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "@types/validator": "^13.15.3",
+        "libphonenumber-js": "^1.11.1",
+        "validator": "^13.15.20"
+      }
+    },
     "node_modules/cliui": {
       "version": "8.0.1",
       "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz",
@@ -27622,6 +27421,15 @@
         "url": "https://github.com/sponsors/wooorm"
       }
     },
+    "node_modules/ecdsa-sig-formatter": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
+      "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "safe-buffer": "^5.0.1"
+      }
+    },
     "node_modules/emoji-regex": {
       "version": "8.0.0",
       "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
@@ -27665,6 +27473,24 @@
       "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==",
       "license": "MIT"
     },
+    "node_modules/file-type": {
+      "version": "21.3.0",
+      "resolved": "https://registry.npmjs.org/file-type/-/file-type-21.3.0.tgz",
+      "integrity": "sha512-8kPJMIGz1Yt/aPEwOsrR97ZyZaD1Iqm8PClb1nYFclUCkBi0Ma5IsYNQzvSFS9ib51lWyIw5mIT9rWzI/xjpzA==",
+      "license": "MIT",
+      "dependencies": {
+        "@tokenizer/inflate": "^0.4.1",
+        "strtok3": "^10.3.4",
+        "token-types": "^6.1.1",
+        "uint8array-extras": "^1.4.0"
+      },
+      "engines": {
+        "node": ">=20"
+      },
+      "funding": {
+        "url": "https://github.com/sindresorhus/file-type?sponsor=1"
+      }
+    },
     "node_modules/frontend": {
       "resolved": "frontend",
       "link": true
@@ -27737,6 +27563,26 @@
         "url": "https://opencollective.com/unified"
       }
     },
+    "node_modules/ieee754": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
+      "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "BSD-3-Clause"
+    },
     "node_modules/inline-style-parser": {
       "version": "0.2.7",
       "resolved": "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.2.7.tgz",
@@ -27808,12 +27654,131 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/iterare": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/iterare/-/iterare-1.2.1.tgz",
+      "integrity": "sha512-RKYVTCjAnRthyJes037NX/IiqeidgN1xc3j1RjFfECFp28A1GVwK9nA+i0rJPaHqSZwygLzRnFlzUuHFoWWy+Q==",
+      "license": "ISC",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/jsonwebtoken": {
+      "version": "9.0.3",
+      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz",
+      "integrity": "sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==",
+      "license": "MIT",
+      "dependencies": {
+        "jws": "^4.0.1",
+        "lodash.includes": "^4.3.0",
+        "lodash.isboolean": "^3.0.3",
+        "lodash.isinteger": "^4.0.4",
+        "lodash.isnumber": "^3.0.3",
+        "lodash.isplainobject": "^4.0.6",
+        "lodash.isstring": "^4.0.1",
+        "lodash.once": "^4.0.0",
+        "ms": "^2.1.1",
+        "semver": "^7.5.4"
+      },
+      "engines": {
+        "node": ">=12",
+        "npm": ">=6"
+      }
+    },
+    "node_modules/jwa": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz",
+      "integrity": "sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==",
+      "license": "MIT",
+      "dependencies": {
+        "buffer-equal-constant-time": "^1.0.1",
+        "ecdsa-sig-formatter": "1.0.11",
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "node_modules/jws": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.1.tgz",
+      "integrity": "sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==",
+      "license": "MIT",
+      "dependencies": {
+        "jwa": "^2.0.1",
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "node_modules/libphonenumber-js": {
+      "version": "1.12.36",
+      "resolved": "https://registry.npmjs.org/libphonenumber-js/-/libphonenumber-js-1.12.36.tgz",
+      "integrity": "sha512-woWhKMAVx1fzzUnMCyOzglgSgf6/AFHLASdOBcchYCyvWSGWt12imw3iu2hdI5d4dGZRsNWAmWiz37sDKUPaRQ==",
+      "license": "MIT"
+    },
+    "node_modules/load-esm": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/load-esm/-/load-esm-1.0.3.tgz",
+      "integrity": "sha512-v5xlu8eHD1+6r8EHTg6hfmO97LN8ugKtiXcy5e6oN72iD2r6u0RPfLl6fxM+7Wnh2ZRq15o0russMst44WauPA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/Borewit"
+        },
+        {
+          "type": "buymeacoffee",
+          "url": "https://buymeacoffee.com/borewit"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=13.2.0"
+      }
+    },
     "node_modules/lodash": {
       "version": "4.17.23",
       "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
       "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
       "license": "MIT"
     },
+    "node_modules/lodash.includes": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
+      "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isboolean": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
+      "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isinteger": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
+      "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isnumber": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
+      "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isplainobject": {
+      "version": "4.0.6",
+      "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
+      "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isstring": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
+      "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.once": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
+      "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==",
+      "license": "MIT"
+    },
     "node_modules/longest-streak": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/longest-streak/-/longest-streak-3.1.0.tgz",
@@ -28673,6 +28638,26 @@
       "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
       "license": "MIT"
     },
+    "node_modules/node-addon-api": {
+      "version": "8.5.0",
+      "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.5.0.tgz",
+      "integrity": "sha512-/bRZty2mXUIFY/xU5HLvveNHlswNJej+RnxBjOMkidWfwZzgTbPG1E3K5TOxRLOR+5hX7bSofy8yf1hZevMS8A==",
+      "license": "MIT",
+      "engines": {
+        "node": "^18 || ^20 || >= 21"
+      }
+    },
+    "node_modules/node-gyp-build": {
+      "version": "4.8.4",
+      "resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.8.4.tgz",
+      "integrity": "sha512-LA4ZjwlnUblHVgq0oBF3Jl/6h/Nvs5fzBLwdEF4nuxnFdsfajde4WfxtJr3CaiH+F6ewcIB/q4jQ4UzPyid+CQ==",
+      "license": "MIT",
+      "bin": {
+        "node-gyp-build": "bin.js",
+        "node-gyp-build-optional": "optional.js",
+        "node-gyp-build-test": "build-test.js"
+      }
+    },
     "node_modules/parse-entities": {
       "version": "4.0.2",
       "resolved": "https://registry.npmjs.org/parse-entities/-/parse-entities-4.0.2.tgz",
@@ -28698,6 +28683,59 @@
       "integrity": "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==",
       "license": "MIT"
     },
+    "node_modules/passport": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/passport/-/passport-0.7.0.tgz",
+      "integrity": "sha512-cPLl+qZpSc+ireUvt+IzqbED1cHHkDoVYMo30jbJIdOOjQ1MQYZBPiNvmi8UM6lJuOpTPXJGZQk0DtC4y61MYQ==",
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "passport-strategy": "1.x.x",
+        "pause": "0.0.1",
+        "utils-merge": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/jaredhanson"
+      }
+    },
+    "node_modules/passport-jwt": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/passport-jwt/-/passport-jwt-4.0.1.tgz",
+      "integrity": "sha512-UCKMDYhNuGOBE9/9Ycuoyh7vP6jpeTp/+sfMJl7nLff/t6dps+iaeE0hhNkKN8/HZHcJ7lCdOyDxHdDoxoSvdQ==",
+      "license": "MIT",
+      "dependencies": {
+        "jsonwebtoken": "^9.0.0",
+        "passport-strategy": "^1.0.0"
+      }
+    },
+    "node_modules/passport-local": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/passport-local/-/passport-local-1.0.0.tgz",
+      "integrity": "sha512-9wCE6qKznvf9mQYYbgJ3sVOHmCWoUNMVFoZzNoznmISbhnNNPhN9xfY3sLmScHMetEJeoY7CXwfhCe7argfQow==",
+      "dependencies": {
+        "passport-strategy": "1.x.x"
+      },
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/passport-strategy": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz",
+      "integrity": "sha512-CB97UUvDKJde2V0KDWWB3lyf6PC3FaZP7YxZ2G8OAtn9p4HI9j9JLP9qjOGZFvyl8uwNT8qM+hGnz/n16NI7oA==",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/pause": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/pause/-/pause-0.0.1.tgz",
+      "integrity": "sha512-KG8UEiEVkR3wGEb4m5yZkVCzigAD+cVEJck2CzYZO37ZGJfctvVptVO192MwrtPhzONn6go8ylnOdMhKqi4nfg=="
+    },
     "node_modules/pg": {
       "version": "8.18.0",
       "resolved": "https://registry.npmjs.org/pg/-/pg-8.18.0.tgz",
@@ -28874,6 +28912,13 @@
         "react": ">=18"
       }
     },
+    "node_modules/reflect-metadata": {
+      "version": "0.2.2",
+      "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.2.2.tgz",
+      "integrity": "sha512-urBwgfrvVP/eAyXx4hluJivBKzuEbSQs9rKWCrCkbSxNv8mxPcUZKeuoF3Uy4mJl3Lwprp6yy5/39VWigZ4K6Q==",
+      "license": "Apache-2.0",
+      "peer": true
+    },
     "node_modules/remark-gfm": {
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/remark-gfm/-/remark-gfm-4.0.1.tgz",
@@ -28959,6 +29004,38 @@
         "tslib": "^2.1.0"
       }
     },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/semver": {
+      "version": "7.7.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz",
+      "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==",
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/shell-quote": {
       "version": "1.8.3",
       "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.3.tgz",
@@ -29035,6 +29112,22 @@
         "node": ">=8"
       }
     },
+    "node_modules/strtok3": {
+      "version": "10.3.4",
+      "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-10.3.4.tgz",
+      "integrity": "sha512-KIy5nylvC5le1OdaaoCJ07L+8iQzJHGH6pWDuzS+d07Cu7n1MZ2x26P8ZKIWfbK02+XIL8Mp4RkWeqdUCrDMfg==",
+      "license": "MIT",
+      "dependencies": {
+        "@tokenizer/token": "^0.3.0"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/Borewit"
+      }
+    },
     "node_modules/style-to-js": {
       "version": "1.1.21",
       "resolved": "https://registry.npmjs.org/style-to-js/-/style-to-js-1.1.21.tgz",
@@ -29068,6 +29161,24 @@
         "url": "https://github.com/chalk/supports-color?sponsor=1"
       }
     },
+    "node_modules/token-types": {
+      "version": "6.1.2",
+      "resolved": "https://registry.npmjs.org/token-types/-/token-types-6.1.2.tgz",
+      "integrity": "sha512-dRXchy+C0IgK8WPC6xvCHFRIWYUbqqdEIKPaKo/AcTUNzwLTK6AH7RjdLWsEZcAN/TBdtfUw3PYEgPr5VPr6ww==",
+      "license": "MIT",
+      "dependencies": {
+        "@borewit/text-codec": "^0.2.1",
+        "@tokenizer/token": "^0.3.0",
+        "ieee754": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14.16"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/Borewit"
+      }
+    },
     "node_modules/tree-kill": {
       "version": "1.2.2",
       "resolved": "https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.2.tgz",
@@ -29103,6 +29214,36 @@
       "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
       "license": "0BSD"
     },
+    "node_modules/uid": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/uid/-/uid-2.0.2.tgz",
+      "integrity": "sha512-u3xV3X7uzvi5b1MncmZo3i2Aw222Zk1keqLA1YkHldREkAhAqi65wuPfe7lHx8H/Wzy+8CE7S7uS3jekIM5s8g==",
+      "license": "MIT",
+      "dependencies": {
+        "@lukeed/csprng": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/uint8array-extras": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/uint8array-extras/-/uint8array-extras-1.5.0.tgz",
+      "integrity": "sha512-rvKSBiC5zqCCiDZ9kAOszZcDvdAHwwIKJG33Ykj43OKcWsnmcBRL09YTU4nOeHZ8Y2a7l1MgTd08SBe9A8Qj6A==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/undici-types": {
+      "version": "7.16.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
+      "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
+      "license": "MIT"
+    },
     "node_modules/unified": {
       "version": "11.0.5",
       "resolved": "https://registry.npmjs.org/unified/-/unified-11.0.5.tgz",
@@ -29190,6 +29331,24 @@
         "url": "https://opencollective.com/unified"
       }
     },
+    "node_modules/utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/validator": {
+      "version": "13.15.26",
+      "resolved": "https://registry.npmjs.org/validator/-/validator-13.15.26.tgz",
+      "integrity": "sha512-spH26xU080ydGggxRyR1Yhcbgx+j3y5jbNXk/8L+iRvdIEQ4uTRH2Sgf2dokud6Q4oAtsbNvJ1Ft+9xmm6IZcA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
     "node_modules/vfile": {
       "version": "6.0.3",
       "resolved": "https://registry.npmjs.org/vfile/-/vfile-6.0.3.tgz",