diff options
| author | ertopogo <erwin.t.pombett@gmail.com> | 2026-02-22 19:31:53 +0100 |
|---|---|---|
| committer | ertopogo <erwin.t.pombett@gmail.com> | 2026-02-22 19:31:53 +0100 |
| commit | 4e0d25b944fd9632e2555c4f6ae01b4728262dfb (patch) | |
| tree | 7a4e5e36850105483ce3cda2b57441aa8c6bd5e2 /micro/applications/der_topogo.mmd | |
| parent | 5063ccc088f75f5f56cae32d8cf1987c69816200 (diff) | |
Application:ajout de lucien-sens bon, vikunja, homeassistant
Diffstat (limited to 'micro/applications/der_topogo.mmd')
| -rw-r--r-- | micro/applications/der_topogo.mmd | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/micro/applications/der_topogo.mmd b/micro/applications/der_topogo.mmd new file mode 100644 index 0000000..edace84 --- /dev/null +++ b/micro/applications/der_topogo.mmd @@ -0,0 +1,101 @@ +%% Source projet : E:\Dev\Web-Works\Der-topogo
+%% Auth active : Payload CMS natif (email/password, RBAC admin/editor/viewer)
+%% Auth planifiee : Auth.js v5 + Keycloak OIDC (client dertopogo)
+%%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 40, 'rankSpacing': 50}}}%%
+flowchart TB
+ subgraph huitral_docker ["huitral 192.168.99.22 - Docker"]
+ direction TB
+
+ subgraph dt_app ["der-topogo - Next.js 16 + Payload CMS v3"]
+ direction TB
+ nextjs["Next.js standalone<br/>Port: 3000<br/>App Router + TypeScript"]
+ payload["Payload CMS v3<br/>Admin: /admin<br/>REST API + GraphQL"]
+ middleware["Middleware Next.js<br/>CSP headers<br/>connect-src: kc.arauco.online"]
+ end
+ end
+
+ subgraph pg_ext ["PostgreSQL externe"]
+ pg["PostgreSQL<br/>@payloadcms/db-postgres"]
+ end
+
+ subgraph auth_payload ["AuthN Active - Payload CMS natif"]
+ direction TB
+ pay_login["1. Login /admin<br/>email + password"]
+ pay_session["2. Session Payload<br/>PAYLOAD_SECRET"]
+ pay_access["3. Acces admin<br/>Controle par collection"]
+ pay_login --> pay_session --> pay_access
+ end
+
+ subgraph rbac_payload ["AuthZ - RBAC Payload"]
+ direction TB
+ role_admin["admin<br/>CRUD toutes collections<br/>gestion utilisateurs"]
+ role_editor["editor<br/>Lecture + ecriture articles<br/>upload media"]
+ role_viewer["viewer<br/>Lecture seule"]
+ end
+
+ subgraph auth_oidc_planned ["AuthN Planifiee - Auth.js v5 + Keycloak"]
+ direction TB
+ oidc_step1["1. Login SSO<br/>Auth.js provider Keycloak"]
+ oidc_step2["2. Redirect OIDC<br/>kc.arauco.online<br/>/realms/chiruca"]
+ oidc_step3["3. Callback<br/>/api/auth/callback/keycloak"]
+ oidc_step4["4. Session Auth.js<br/>AUTH_SECRET"]
+ oidc_step1 -.-> oidc_step2 -.-> oidc_step3 -.-> oidc_step4
+ end
+
+ subgraph keycloak_ext ["Keycloak - npagnun .35"]
+ direction TB
+ kc["Realm chiruca<br/>Client: dertopogo<br/>Type: confidential"]
+ google["-> Google IdP"]
+ kc --> google
+ end
+
+ subgraph caddy_ext ["Caddy - araucaria .50"]
+ direction TB
+ caddy_pub["dt.arauco.online<br/>HTTPS -> :3000<br/>HSTS, X-Frame-Options: DENY<br/>X-Content-Type-Options: nosniff"]
+ caddy_lan["dt.huitral.ruka.lan<br/>HTTPS auto-signe -> :3000"]
+ end
+
+ subgraph security ["Headers securite"]
+ direction LR
+ csp["CSP<br/>connect-src: kc.arauco.online<br/>Exclu pour /admin"]
+ sec_headers["HSTS 2 ans<br/>X-Frame-Options: DENY<br/>Referrer-Policy: strict-origin<br/>Permissions-Policy: restrict"]
+ end
+
+ subgraph users ["Utilisateurs"]
+ direction TB
+ visitor["Visiteur public<br/>Pages sans auth"]
+ cms_admin["Admin CMS<br/>Payload /admin"]
+ sso_user["Utilisateur SSO<br/>Auth.js + Keycloak"]
+ end
+
+ caddy_pub -->|"HTTP"| nextjs
+ caddy_lan -->|"HTTP"| nextjs
+ nextjs --> payload
+ payload -->|"JDBC"| pg
+
+ auth_payload -.->|"Flux actif"| payload
+ auth_oidc_planned -.->|"Flux planifie"| kc
+
+ visitor --> caddy_pub
+ cms_admin --> caddy_pub
+ sso_user -.->|"Planifie"| caddy_pub
+
+ classDef svcStyle fill:#1e4a2e,stroke:#4a9a6a,color:#a8e0c0
+ classDef storStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8
+ classDef iamStyle fill:#4a1e3a,stroke:#d94a8a,color:#f0a8c8
+ classDef netStyle fill:#1e3a5f,stroke:#4a90d9,color:#a8d0f0
+ classDef secStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8
+ classDef userStyle fill:#3a1e5f,stroke:#8a6ad9,color:#c8b0f0
+ classDef flowStyle fill:#3a2a1e,stroke:#aa7a4a,color:#e8c8a0
+ classDef plannedStyle fill:#2a2a2a,stroke:#666,stroke-dasharray: 5 5,color:#999
+
+ class nextjs,payload,middleware svcStyle
+ class pg storStyle
+ class pay_login,pay_session,pay_access flowStyle
+ class role_admin,role_editor,role_viewer secStyle
+ class oidc_step1,oidc_step2,oidc_step3,oidc_step4 plannedStyle
+ class kc,google iamStyle
+ class caddy_pub,caddy_lan netStyle
+ class csp,sec_headers secStyle
+ class visitor,cms_admin userStyle
+ class sso_user plannedStyle
|