From c0dac6503789e8c3f2c111cef0d4d0ebeb624ea9 Mon Sep 17 00:00:00 2001
From: ertopogo <erwin.t.pombett@gmail.com>
Date: Sun, 22 Feb 2026 19:51:17 +0100
Subject: Application:ajout des flux de sequence

---
 micro/flux/lsb_auth_seq.mmd | 81 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 micro/flux/lsb_auth_seq.mmd

(limited to 'micro/flux/lsb_auth_seq.mmd')

diff --git a/micro/flux/lsb_auth_seq.mmd b/micro/flux/lsb_auth_seq.mmd
new file mode 100644
index 0000000..6d29a20
--- /dev/null
+++ b/micro/flux/lsb_auth_seq.mmd
@@ -0,0 +1,81 @@
+%% Source projet : E:\Dev\Web-Works\Lucien-sens-bon
+%% Auth : native MedusaJS (JWT + Cookie session) - PAS de Keycloak/OIDC
+%% Deux flux : client e-commerce (JWT Bearer) + admin dashboard (Cookie session)
+%%{init: {'theme': 'base', 'sequence': {'mirrorActors': false}}}%%
+sequenceDiagram
+    autonumber
+
+    box rgb(30, 58, 95) Cote Client
+        actor Client as Client navigateur
+    end
+
+    box rgb(30, 74, 46) huitral .22
+        participant SF as Storefront Next.js<br/>lsb.arauco.online<br/>:8000
+        participant API as Medusa API<br/>api-lsb.arauco.online<br/>:9000
+        participant Redis as Redis<br/>:6379
+    end
+
+    box rgb(74, 30, 58) npagnun .35
+        participant PG as PostgreSQL<br/>:5432
+    end
+
+    box rgb(30, 58, 95) Caddy araucaria .50
+        participant Caddy as Caddy<br/>TLS termination
+    end
+
+    Note over Client, Caddy: Flux 1 - AuthN Client E-commerce (JWT Bearer)
+
+    Client ->>+ Caddy: GET https://lsb.arauco.online
+    Caddy ->>+ SF: HTTP :8000
+    SF -->>- Caddy: Page login/register
+    Caddy -->>- Client: HTML + JS (Medusa SDK)
+
+    Client ->>+ Caddy: POST https://api-lsb.arauco.online/store/auth<br/>{email, password}
+    Caddy ->>+ API: HTTP :9000
+    API ->> PG: SELECT customer WHERE email = ?
+    PG -->> API: Customer record
+    API ->> API: Verify password (bcrypt)
+    API -->>- Caddy: 200 {access_token: "JWT"}
+    Caddy -->>- Client: JWT access_token
+
+    Client ->> Client: localStorage.setItem("lsb_customer_token", JWT)
+    Client ->> Client: medusaClient.setToken(JWT)
+
+    Note over Client, Caddy: Appels API authentifies
+
+    Client ->>+ Caddy: GET /store/products<br/>Authorization: Bearer JWT
+    Caddy ->>+ API: HTTP :9000<br/>CORS check (STORE_CORS)
+    API ->> API: Verify JWT (JWT_SECRET)
+    API ->> PG: Query produits
+    PG -->> API: Resultats
+    API -->>- Caddy: 200 JSON
+    Caddy -->>- Client: Donnees produits
+
+    Note over Client, Caddy: Flux 2 - AuthN Admin Dashboard (Cookie Session)
+
+    Client ->>+ Caddy: GET https://api-lsb.arauco.online/app
+    Caddy ->>+ API: HTTP :9000
+    API -->>- Caddy: Dashboard Admin UI
+    Caddy -->>- Client: HTML Admin Medusa
+
+    Client ->>+ Caddy: POST https://api-lsb.arauco.online/admin/auth<br/>{email, password}
+    Caddy ->>+ API: HTTP :9000
+    API ->> PG: SELECT admin WHERE email = ?
+    PG -->> API: Admin record
+    API ->> API: Verify password
+    API ->> API: Sign cookie (COOKIE_SECRET)
+    API ->> API: Generate JWT (JWT_SECRET)
+    API -->>- Caddy: 200 + Set-Cookie: session<br/>CORS check (ADMIN_CORS)
+    Caddy -->>- Client: Cookie session signe
+
+    Note over Client, Caddy: Appels admin authentifies
+
+    Client ->>+ Caddy: GET /admin/products<br/>Cookie: session=...
+    Caddy ->>+ API: HTTP :9000<br/>CORS check (ADMIN_CORS)
+    API ->> API: Verify cookie (COOKIE_SECRET)
+    API ->> PG: Query admin data
+    PG -->> API: Resultats
+    API -->>- Caddy: 200 JSON
+    Caddy -->>- Client: Donnees admin
+
+    Note over Client, PG: AuthZ - Pas de roles granulaires<br/>Client = acces store API<br/>Admin = acces admin API (tout ou rien)
-- 
cgit v1.2.3