blob: 3d6c07c3a87bca801b703253a56c8924a03e2be1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
%% Source projet : E:\Dev\Web-Works\Lucien-sens-bon
%% Auth : native MedusaJS (JWT + Cookie session) - PAS de Keycloak/OIDC
%% Deux flux : client e-commerce (JWT Bearer) + admin dashboard (Cookie session)
sequenceDiagram
autonumber
actor Client as Client navigateur
participant Caddy as Caddy araucaria .50
participant SF as Storefront Next.js :8000
participant API as Medusa API :9000
participant Redis as Redis :6379
participant PG as PostgreSQL npagnun .35
Note over Client, PG: Flux 1 - AuthN Client E-commerce (JWT Bearer)
Client ->>+ Caddy: GET https://lsb.arauco.online
Caddy ->>+ SF: HTTP :8000
SF -->>- Caddy: Page login/register
Caddy -->>- Client: HTML + JS (Medusa SDK)
Client ->>+ Caddy: POST https://api-lsb.arauco.online/store/auth {email, password}
Caddy ->>+ API: HTTP :9000
API ->> PG: SELECT customer WHERE email = ?
PG -->> API: Customer record
API ->> API: Verify password (bcrypt)
API -->>- Caddy: 200 {access_token: JWT}
Caddy -->>- Client: JWT access_token
Client ->> Client: localStorage.setItem(lsb_customer_token, JWT)
Client ->> Client: medusaClient.setToken(JWT)
Note over Client, API: Appels API authentifies
Client ->>+ Caddy: GET /store/products - Authorization: Bearer JWT
Caddy ->>+ API: HTTP :9000 - CORS check (STORE_CORS)
API ->> API: Verify JWT (JWT_SECRET)
API ->> PG: Query produits
PG -->> API: Resultats
API -->>- Caddy: 200 JSON
Caddy -->>- Client: Donnees produits
Note over Client, PG: Flux 2 - AuthN Admin Dashboard (Cookie Session)
Client ->>+ Caddy: GET https://api-lsb.arauco.online/app
Caddy ->>+ API: HTTP :9000
API -->>- Caddy: Dashboard Admin UI
Caddy -->>- Client: HTML Admin Medusa
Client ->>+ Caddy: POST /admin/auth {email, password}
Caddy ->>+ API: HTTP :9000
API ->> PG: SELECT admin WHERE email = ?
PG -->> API: Admin record
API ->> API: Verify password
API ->> API: Sign cookie (COOKIE_SECRET)
API ->> API: Generate JWT (JWT_SECRET)
API -->>- Caddy: 200 + Set-Cookie: session - CORS (ADMIN_CORS)
Caddy -->>- Client: Cookie session signe
Note over Client, API: Appels admin authentifies
Client ->>+ Caddy: GET /admin/products - Cookie: session=...
Caddy ->>+ API: HTTP :9000 - CORS check (ADMIN_CORS)
API ->> API: Verify cookie (COOKIE_SECRET)
API ->> PG: Query admin data
PG -->> API: Resultats
API -->>- Caddy: 200 JSON
Caddy -->>- Client: Donnees admin
Note over Client, PG: AuthZ - Client = store API / Admin = admin API (tout ou rien)
|
