documentação do sistema

This commit is contained in:
Luis Eduardo Estevao
2026-05-05 16:12:52 -03:00
parent bbb5d68af1
commit 4652fea8fc
41 changed files with 1919 additions and 0 deletions

25
.context/docs/security.md Normal file
View File

@@ -0,0 +1,25 @@
---
type: doc
name: security
description: Security policies, authentication, secrets management, and compliance requirements
category: security
generated: 2026-04-29
status: active
scaffoldVersion: "2.0.0"
---
# Security & Compliance Notes
## Authentication & Authorization
The application uses JWT (JSON Web Tokens) for authentication.
- The `AuthModule` handles user login (`AuthLoginComponent`).
- An `AuthGuard` is implemented to protect specific routes, ensuring that unauthenticated users are redirected to the login page.
- Role-based access control (RBAC) is implemented via `PermissionUser` components and specific guards.
## Secrets & Sensitive Data
- Environment variables (`src/environments/`) contain API endpoints.
- Avoid hardcoding tokens or sensitive keys directly into the source code.
- JWT tokens are stored in `localStorage` or `sessionStorage` and attached to outgoing requests via an HttpInterceptor.
## Cross-References
- [Architecture](./architecture.md)