Nicholai/united-tattoo
1
1
Fork 0
Code Issues 24 Pull Requests Actions 2 Packages Projects Releases Wiki Activity
united-tattoo/.clinerules/authrules.md

24 lines
838 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Security, Auth, Headers, Validation, RateLimiting, Secrets
## Authentication & RBAC
- **NextAuth (Auth.js)** mandatory
- Sessions: pick JWT or DB, document choice
- Route/Server Action guards via middleware; role model documented
## Security Headers
- CSP (nonce/hash) + `Referrer-Policy: strict-origin-when-cross-origin`
- `X-Frame-Options: DENY`; `Permissions-Policy` scoped
- COOP/COEP where SharedArrayBuffer needed
- Cookies: HttpOnly, Secure, SameSite=Strict
## Validation
- **Zod everywhere** (server actions, routes, forms)
- `react-hook-form` + zod resolver
## Rate Limiting
- Redis (Upstash/self-hosted)
- Enforce on auth, forms, APIs (middleware/handlers)
## Secrets Policy
- `.env.example` is canonical list; validate at boot (`lib/env.ts` with Zod)
- Use SOPS/Age, 1Password, or Docker secrets; never commit secrets
Reference in New Issue View Git Blame Copy Permalink