35 Zeilen
1.7 KiB
Markdown
35 Zeilen
1.7 KiB
Markdown
Architecture Overview
|
|
|
|
Layers
|
|
- Domain: Types in `shared/` reused by backend/frontend.
|
|
- Use-Cases: `backend/src/usecases` (e.g., auth/loginUser, employees CRUD, users management).
|
|
- Repositories: `backend/src/repositories` do all DB access; controllers do not use SQL.
|
|
- Adapters/HTTP: `backend/src/routes/*` map HTTP <-> use-cases and validate inputs.
|
|
- Infra/Services: encryption, email, sync components, logger.
|
|
|
|
Database Ownership
|
|
- Canonical core schema lives in `backend/src/config/secureDatabase.ts` (users, employees, skills + junctions, language_skills, specializations, controlled_vocabulary, system_settings, security_audit_log). These include field encryption and hash indexes.
|
|
- Extended, non-sensitive schema lives in `backend/src/config/database.ts` (profiles + facets, workspaces/bookings, analytics, organizational structure, deputies, reminders, audit_log).
|
|
- Initialization order: `initializeSecureDatabase()` runs before `initializeDatabase()`. Routes import `db` from either module, but both resolve to the same secure DB instance.
|
|
|
|
Security
|
|
- JWT required; in production `JWT_SECRET` must be set.
|
|
- Field-level encryption (AES) for sensitive data + deterministic hashes for lookups.
|
|
- Error redaction: sensitive fields are redacted in logs.
|
|
|
|
Sync
|
|
- Modular components under `backend/src/services/sync`:
|
|
- `queueStore`: DB interactions (pending, status, metadata)
|
|
- `transport`: HTTP communication between nodes
|
|
- `applier`: applies changes entity-wise
|
|
- `SyncService`: orchestrates and exposes routes
|
|
|
|
Migrations
|
|
- Simple runner: `npm run migrate` in `backend`
|
|
- Tracks applied migrations in `schema_version`; add files to `backend/scripts/migrations`.
|
|
|
|
Frontend
|
|
- API abstraction with normalized error handling
|
|
- ErrorBoundary wraps the app
|
|
|