documentação do sistema
This commit is contained in:
25
.context/docs/security.md
Normal file
25
.context/docs/security.md
Normal file
@@ -0,0 +1,25 @@
|
||||
---
|
||||
type: doc
|
||||
name: security
|
||||
description: Security policies, authentication, secrets management, and compliance requirements
|
||||
category: security
|
||||
generated: 2026-04-29
|
||||
status: active
|
||||
scaffoldVersion: "2.0.0"
|
||||
---
|
||||
|
||||
# Security & Compliance Notes
|
||||
|
||||
## Authentication & Authorization
|
||||
The application uses JWT (JSON Web Tokens) for authentication.
|
||||
- The `AuthModule` handles user login (`AuthLoginComponent`).
|
||||
- An `AuthGuard` is implemented to protect specific routes, ensuring that unauthenticated users are redirected to the login page.
|
||||
- Role-based access control (RBAC) is implemented via `PermissionUser` components and specific guards.
|
||||
|
||||
## Secrets & Sensitive Data
|
||||
- Environment variables (`src/environments/`) contain API endpoints.
|
||||
- Avoid hardcoding tokens or sensitive keys directly into the source code.
|
||||
- JWT tokens are stored in `localStorage` or `sessionStorage` and attached to outgoing requests via an HttpInterceptor.
|
||||
|
||||
## Cross-References
|
||||
- [Architecture](./architecture.md)
|
||||
Reference in New Issue
Block a user