26 lines
985 B
Markdown
26 lines
985 B
Markdown
---
|
|
type: doc
|
|
name: security
|
|
description: Security policies, authentication, secrets management, and compliance requirements
|
|
category: security
|
|
generated: 2026-04-29
|
|
status: active
|
|
scaffoldVersion: "2.0.0"
|
|
---
|
|
|
|
# Security & Compliance Notes
|
|
|
|
## Authentication & Authorization
|
|
The application uses JWT (JSON Web Tokens) for authentication.
|
|
- The `AuthModule` handles user login (`AuthLoginComponent`).
|
|
- An `AuthGuard` is implemented to protect specific routes, ensuring that unauthenticated users are redirected to the login page.
|
|
- Role-based access control (RBAC) is implemented via `PermissionUser` components and specific guards.
|
|
|
|
## Secrets & Sensitive Data
|
|
- Environment variables (`src/environments/`) contain API endpoints.
|
|
- Avoid hardcoding tokens or sensitive keys directly into the source code.
|
|
- JWT tokens are stored in `localStorage` or `sessionStorage` and attached to outgoing requests via an HttpInterceptor.
|
|
|
|
## Cross-References
|
|
- [Architecture](./architecture.md)
|