Files
Vendaweb-portal/.context/docs/security.md
Luis Eduardo Estevao 4652fea8fc documentação do sistema
2026-05-05 16:12:52 -03:00

26 lines
985 B
Markdown

---
type: doc
name: security
description: Security policies, authentication, secrets management, and compliance requirements
category: security
generated: 2026-04-29
status: active
scaffoldVersion: "2.0.0"
---
# Security & Compliance Notes
## Authentication & Authorization
The application uses JWT (JSON Web Tokens) for authentication.
- The `AuthModule` handles user login (`AuthLoginComponent`).
- An `AuthGuard` is implemented to protect specific routes, ensuring that unauthenticated users are redirected to the login page.
- Role-based access control (RBAC) is implemented via `PermissionUser` components and specific guards.
## Secrets & Sensitive Data
- Environment variables (`src/environments/`) contain API endpoints.
- Avoid hardcoding tokens or sensitive keys directly into the source code.
- JWT tokens are stored in `localStorage` or `sessionStorage` and attached to outgoing requests via an HttpInterceptor.
## Cross-References
- [Architecture](./architecture.md)