TDvorak/MyClub
1
0
Fork 0
mirror of https://github.com/Dvorinka/MyClubServer.git synced 2026-06-03 18:22:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
3ce26509522d780bac1348874fecb3d89f59ff3c
MyClub/diagrams/auth-flow.mmd
T
Tomas Dvorak c941313fd5 dev day #92
2025-11-14 15:53:12 +01:00

45 lines
1.4 KiB
Plaintext
Raw Blame History

%%{init: {
'theme': 'neutral'
}}%%
sequenceDiagram
autonumber
participant U as User
participant FE as Frontend (React)
participant BE as Backend API (Gin)
participant DB as Postgres
Note over FE,BE: Auth uses either HttpOnly cookie (auth_token) or Bearer token
U->>FE: Submit credentials (email/password)
FE->>BE: POST /api/v1/auth/login {email, password}
BE->>DB: Verify user by email
DB-->>BE: User + password hash
BE->>BE: Check password, issue JWT
BE-->>FE: 200 OK + Set-Cookie auth_token=JWT (HttpOnly)
rect rgba(200, 255, 200, 0.15)
Note over U,BE: Accessing protected endpoints
FE->>BE: GET /api/v1/admin/... (with cookie or Authorization: Bearer)
BE->>BE: JWTAuth parses token, loads user
BE->>DB: SELECT users WHERE id=claims.userID
DB-->>BE: User
BE->>BE: RoleAuth("admin" or "editor")
BE-->>FE: 200 OK (or 403/401)
end
rect rgba(200, 200, 255, 0.15)
Note over U,BE: Get current user
FE->>BE: GET /api/v1/auth/me
BE->>BE: JWTOptional (if present)
BE-->>FE: 200 OK {user}
end
rect rgba(255, 220, 200, 0.15)
Note over U,BE: Logout
FE->>BE: POST /api/v1/auth/logout
BE-->>FE: 200/204 + Clear-Cookie auth_token
end
Note over BE: Dev shortcuts (non-production)
Note over BE: X-Admin-Token or X-Dev-Admin grant admin for local/dev only
Reference in New Issue View Git Blame Copy Permalink