67b0082df0
- Simplify CLAUDE.md from ~460 to ~145 lines with imports - Add Theme System section to css-design-system.md (3 modes: auto/light/dark) - Document theme toggle UI, localStorage persistence, CSS priority order - Add paths: frontmatter to authentication.md and company-period.md - Update DESIGN_TOKENS.md Dark Mode section with toggle documentation - Clean auto-build-memory.md header (remove non-existent auto-sync reference) - Remove non-existent plugin from settings.json 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
22 lines
781 B
Markdown
22 lines
781 B
Markdown
---
|
|
paths: "{backend,shared}/**/*.py,src/**/*.{js,vue}"
|
|
---
|
|
|
|
# Authentication Rules
|
|
|
|
## JWT Token Structure (IMMUTABLE)
|
|
All apps use the same token payload:
|
|
- `username`, `user_id`, `companies[]`, `permissions[]`, `exp`, `iat`, `type`
|
|
|
|
## Backend Rules
|
|
- Use `AuthenticationMiddleware` from `shared/auth/middleware.py`
|
|
- Use `get_current_user` dependency from `shared/auth/dependencies.py`
|
|
- Never implement custom auth logic in routers
|
|
- Rate limiting: 5 req/5 min for /auth/* paths
|
|
|
|
## Frontend Rules
|
|
- Use `createAuthStore(apiService)` factory from `shared/frontend/stores/auth.js`
|
|
- Use `LoginView.vue` component from `shared/frontend/components/`
|
|
- Store tokens in localStorage: `access_token`, `refresh_token`, `user`
|
|
- Initialize auth on app startup with `initializeAuth()`
|