initial commit

2026-01-19 08:52:38 +01:00
commit 46907ca153
193 changed files with 35051 additions and 0 deletions
--- a/docs/architecture/15-security-performance.md
+++ b/docs/architecture/15-security-performance.md
@@ -0,0 +1,68 @@
+# 15. Security & Performance
+
+## Security Measures
+
+### Authentication
+- Session-based authentication with secure cookies
+- Password hashing with bcrypt (cost factor 12)
+- Session expiration and rotation
+
+### Input Validation
+- All inputs validated with Zod schemas
+- Server-side validation mandatory
+- Prisma parameterized queries (SQL injection prevention)
+
+### Headers (via Traefik)
+```yaml
+# Security headers middleware
+http:
+  middlewares:
+    security-headers:
+      headers:
+        stsSeconds: 31536000
+        stsIncludeSubdomains: true
+        contentTypeNosniff: true
+        frameDeny: true
+        browserXssFilter: true
+        referrerPolicy: "strict-origin-when-cross-origin"
+        contentSecurityPolicy: "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
+```
+
+## Performance Optimizations
+
+### Database
+- Indexes on foreign keys and search fields
+- Pagination for all list queries
+- Connection pooling via Prisma
+
+### Caching
+- node-cache for server-side caching
+- TanStack Query for client-side caching
+- DofusDB data cached for 1 hour
+
+### Frontend
+- Code splitting via TanStack Router
+- Lazy loading for routes
+- Optimistic updates for better UX
+
+### Bundle Optimization
+```typescript
+// app.config.ts
+export default defineConfig({
+  vite: {
+    build: {
+      rollupOptions: {
+        output: {
+          manualChunks: {
+            'vendor-react': ['react', 'react-dom'],
+            'vendor-tanstack': ['@tanstack/react-router', '@tanstack/react-query'],
+            'vendor-ui': ['@radix-ui/react-dialog', '@radix-ui/react-select'],
+          },
+        },
+      },
+    },
+  },
+});
+```
+
+---