985 B
985 B
type, name, description, category, generated, status, scaffoldVersion
| type | name | description | category | generated | status | scaffoldVersion |
|---|---|---|---|---|---|---|
| doc | security | Security policies, authentication, secrets management, and compliance requirements | security | 2026-04-29 | active | 2.0.0 |
Security & Compliance Notes
Authentication & Authorization
The application uses JWT (JSON Web Tokens) for authentication.
- The
AuthModulehandles user login (AuthLoginComponent). - An
AuthGuardis implemented to protect specific routes, ensuring that unauthenticated users are redirected to the login page. - Role-based access control (RBAC) is implemented via
PermissionUsercomponents and specific guards.
Secrets & Sensitive Data
- Environment variables (
src/environments/) contain API endpoints. - Avoid hardcoding tokens or sensitive keys directly into the source code.
- JWT tokens are stored in
localStorageorsessionStorageand attached to outgoing requests via an HttpInterceptor.