1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
%% Source projet : E:\Dev\Web-Works\Lucien-sens-bon
%% Auth : native MedusaJS (JWT + Cookie session) - PAS de Keycloak/OIDC
%% Deux flux : client e-commerce (JWT Bearer) + admin dashboard (Cookie session)
%%{init: {'theme': 'base', 'sequence': {'mirrorActors': false}}}%%
sequenceDiagram
autonumber
box rgb(30, 58, 95) Cote Client
actor Client as Client navigateur
end
box rgb(30, 74, 46) huitral .22
participant SF as Storefront Next.js<br/>lsb.arauco.online<br/>:8000
participant API as Medusa API<br/>api-lsb.arauco.online<br/>:9000
participant Redis as Redis<br/>:6379
end
box rgb(74, 30, 58) npagnun .35
participant PG as PostgreSQL<br/>:5432
end
box rgb(30, 58, 95) Caddy araucaria .50
participant Caddy as Caddy<br/>TLS termination
end
Note over Client, Caddy: Flux 1 - AuthN Client E-commerce (JWT Bearer)
Client ->>+ Caddy: GET https://lsb.arauco.online
Caddy ->>+ SF: HTTP :8000
SF -->>- Caddy: Page login/register
Caddy -->>- Client: HTML + JS (Medusa SDK)
Client ->>+ Caddy: POST https://api-lsb.arauco.online/store/auth<br/>{email, password}
Caddy ->>+ API: HTTP :9000
API ->> PG: SELECT customer WHERE email = ?
PG -->> API: Customer record
API ->> API: Verify password (bcrypt)
API -->>- Caddy: 200 {access_token: "JWT"}
Caddy -->>- Client: JWT access_token
Client ->> Client: localStorage.setItem("lsb_customer_token", JWT)
Client ->> Client: medusaClient.setToken(JWT)
Note over Client, Caddy: Appels API authentifies
Client ->>+ Caddy: GET /store/products<br/>Authorization: Bearer JWT
Caddy ->>+ API: HTTP :9000<br/>CORS check (STORE_CORS)
API ->> API: Verify JWT (JWT_SECRET)
API ->> PG: Query produits
PG -->> API: Resultats
API -->>- Caddy: 200 JSON
Caddy -->>- Client: Donnees produits
Note over Client, Caddy: Flux 2 - AuthN Admin Dashboard (Cookie Session)
Client ->>+ Caddy: GET https://api-lsb.arauco.online/app
Caddy ->>+ API: HTTP :9000
API -->>- Caddy: Dashboard Admin UI
Caddy -->>- Client: HTML Admin Medusa
Client ->>+ Caddy: POST https://api-lsb.arauco.online/admin/auth<br/>{email, password}
Caddy ->>+ API: HTTP :9000
API ->> PG: SELECT admin WHERE email = ?
PG -->> API: Admin record
API ->> API: Verify password
API ->> API: Sign cookie (COOKIE_SECRET)
API ->> API: Generate JWT (JWT_SECRET)
API -->>- Caddy: 200 + Set-Cookie: session<br/>CORS check (ADMIN_CORS)
Caddy -->>- Client: Cookie session signe
Note over Client, Caddy: Appels admin authentifies
Client ->>+ Caddy: GET /admin/products<br/>Cookie: session=...
Caddy ->>+ API: HTTP :9000<br/>CORS check (ADMIN_CORS)
API ->> API: Verify cookie (COOKIE_SECRET)
API ->> PG: Query admin data
PG -->> API: Resultats
API -->>- Caddy: 200 JSON
Caddy -->>- Client: Donnees admin
Note over Client, PG: AuthZ - Pas de roles granulaires<br/>Client = acces store API<br/>Admin = acces admin API (tout ou rien)
|
