# 15. Security & Performance

## Security Measures

### Authentication
- Session-based authentication with secure cookies
- Password hashing with bcrypt (cost factor 12)
- Session expiration and rotation

### Input Validation
- All inputs validated with Zod schemas
- Server-side validation mandatory
- Prisma parameterized queries (SQL injection prevention)

### Headers (via Traefik)
```yaml
# Security headers middleware
http:
  middlewares:
    security-headers:
      headers:
        stsSeconds: 31536000
        stsIncludeSubdomains: true
        contentTypeNosniff: true
        frameDeny: true
        browserXssFilter: true
        referrerPolicy: "strict-origin-when-cross-origin"
        contentSecurityPolicy: "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
```

## Performance Optimizations

### Database
- Indexes on foreign keys and search fields
- Pagination for all list queries
- Connection pooling via Prisma

### Caching
- node-cache for server-side caching
- TanStack Query for client-side caching
- DofusDB data cached for 1 hour

### Frontend
- Code splitting via TanStack Router
- Lazy loading for routes
- Optimistic updates for better UX

### Bundle Optimization
```typescript
// app.config.ts
export default defineConfig({
  vite: {
    build: {
      rollupOptions: {
        output: {
          manualChunks: {
            'vendor-react': ['react', 'react-dom'],
            'vendor-tanstack': ['@tanstack/react-router', '@tanstack/react-query'],
            'vendor-ui': ['@radix-ui/react-dialog', '@radix-ui/react-select'],
          },
        },
      },
    },
  },
});
```

---