Files
Vendaweb-portal/.context/docs/security.md
Luis Eduardo Estevao 4652fea8fc documentação do sistema
2026-05-05 16:12:52 -03:00

985 B

type, name, description, category, generated, status, scaffoldVersion
type name description category generated status scaffoldVersion
doc security Security policies, authentication, secrets management, and compliance requirements security 2026-04-29 active 2.0.0

Security & Compliance Notes

Authentication & Authorization

The application uses JWT (JSON Web Tokens) for authentication.

  • The AuthModule handles user login (AuthLoginComponent).
  • An AuthGuard is implemented to protect specific routes, ensuring that unauthenticated users are redirected to the login page.
  • Role-based access control (RBAC) is implemented via PermissionUser components and specific guards.

Secrets & Sensitive Data

  • Environment variables (src/environments/) contain API endpoints.
  • Avoid hardcoding tokens or sensitive keys directly into the source code.
  • JWT tokens are stored in localStorage or sessionStorage and attached to outgoing requests via an HttpInterceptor.

Cross-References