diff options
Diffstat (limited to 'micro/flux/lsb_auth_seq.mmd')
| -rw-r--r-- | micro/flux/lsb_auth_seq.mmd | 51 |
1 files changed, 20 insertions, 31 deletions
diff --git a/micro/flux/lsb_auth_seq.mmd b/micro/flux/lsb_auth_seq.mmd index 6d29a20..3d6c07c 100644 --- a/micro/flux/lsb_auth_seq.mmd +++ b/micro/flux/lsb_auth_seq.mmd @@ -1,81 +1,70 @@ %% Source projet : E:\Dev\Web-Works\Lucien-sens-bon
%% Auth : native MedusaJS (JWT + Cookie session) - PAS de Keycloak/OIDC
%% Deux flux : client e-commerce (JWT Bearer) + admin dashboard (Cookie session)
-%%{init: {'theme': 'base', 'sequence': {'mirrorActors': false}}}%%
sequenceDiagram
autonumber
- box rgb(30, 58, 95) Cote Client
- actor Client as Client navigateur
- end
+ actor Client as Client navigateur
- box rgb(30, 74, 46) huitral .22
- participant SF as Storefront Next.js<br/>lsb.arauco.online<br/>:8000
- participant API as Medusa API<br/>api-lsb.arauco.online<br/>:9000
- participant Redis as Redis<br/>:6379
- end
+ participant Caddy as Caddy araucaria .50
+ participant SF as Storefront Next.js :8000
+ participant API as Medusa API :9000
+ participant Redis as Redis :6379
+ participant PG as PostgreSQL npagnun .35
- box rgb(74, 30, 58) npagnun .35
- participant PG as PostgreSQL<br/>:5432
- end
-
- box rgb(30, 58, 95) Caddy araucaria .50
- participant Caddy as Caddy<br/>TLS termination
- end
-
- Note over Client, Caddy: Flux 1 - AuthN Client E-commerce (JWT Bearer)
+ Note over Client, PG: Flux 1 - AuthN Client E-commerce (JWT Bearer)
Client ->>+ Caddy: GET https://lsb.arauco.online
Caddy ->>+ SF: HTTP :8000
SF -->>- Caddy: Page login/register
Caddy -->>- Client: HTML + JS (Medusa SDK)
- Client ->>+ Caddy: POST https://api-lsb.arauco.online/store/auth<br/>{email, password}
+ Client ->>+ Caddy: POST https://api-lsb.arauco.online/store/auth {email, password}
Caddy ->>+ API: HTTP :9000
API ->> PG: SELECT customer WHERE email = ?
PG -->> API: Customer record
API ->> API: Verify password (bcrypt)
- API -->>- Caddy: 200 {access_token: "JWT"}
+ API -->>- Caddy: 200 {access_token: JWT}
Caddy -->>- Client: JWT access_token
- Client ->> Client: localStorage.setItem("lsb_customer_token", JWT)
+ Client ->> Client: localStorage.setItem(lsb_customer_token, JWT)
Client ->> Client: medusaClient.setToken(JWT)
- Note over Client, Caddy: Appels API authentifies
+ Note over Client, API: Appels API authentifies
- Client ->>+ Caddy: GET /store/products<br/>Authorization: Bearer JWT
- Caddy ->>+ API: HTTP :9000<br/>CORS check (STORE_CORS)
+ Client ->>+ Caddy: GET /store/products - Authorization: Bearer JWT
+ Caddy ->>+ API: HTTP :9000 - CORS check (STORE_CORS)
API ->> API: Verify JWT (JWT_SECRET)
API ->> PG: Query produits
PG -->> API: Resultats
API -->>- Caddy: 200 JSON
Caddy -->>- Client: Donnees produits
- Note over Client, Caddy: Flux 2 - AuthN Admin Dashboard (Cookie Session)
+ Note over Client, PG: Flux 2 - AuthN Admin Dashboard (Cookie Session)
Client ->>+ Caddy: GET https://api-lsb.arauco.online/app
Caddy ->>+ API: HTTP :9000
API -->>- Caddy: Dashboard Admin UI
Caddy -->>- Client: HTML Admin Medusa
- Client ->>+ Caddy: POST https://api-lsb.arauco.online/admin/auth<br/>{email, password}
+ Client ->>+ Caddy: POST /admin/auth {email, password}
Caddy ->>+ API: HTTP :9000
API ->> PG: SELECT admin WHERE email = ?
PG -->> API: Admin record
API ->> API: Verify password
API ->> API: Sign cookie (COOKIE_SECRET)
API ->> API: Generate JWT (JWT_SECRET)
- API -->>- Caddy: 200 + Set-Cookie: session<br/>CORS check (ADMIN_CORS)
+ API -->>- Caddy: 200 + Set-Cookie: session - CORS (ADMIN_CORS)
Caddy -->>- Client: Cookie session signe
- Note over Client, Caddy: Appels admin authentifies
+ Note over Client, API: Appels admin authentifies
- Client ->>+ Caddy: GET /admin/products<br/>Cookie: session=...
- Caddy ->>+ API: HTTP :9000<br/>CORS check (ADMIN_CORS)
+ Client ->>+ Caddy: GET /admin/products - Cookie: session=...
+ Caddy ->>+ API: HTTP :9000 - CORS check (ADMIN_CORS)
API ->> API: Verify cookie (COOKIE_SECRET)
API ->> PG: Query admin data
PG -->> API: Resultats
API -->>- Caddy: 200 JSON
Caddy -->>- Client: Donnees admin
- Note over Client, PG: AuthZ - Pas de roles granulaires<br/>Client = acces store API<br/>Admin = acces admin API (tout ou rien)
+ Note over Client, PG: AuthZ - Client = store API / Admin = admin API (tout ou rien)
|