This section provides a concise overview of how the backend is structured.
- Presentation (
presentation/controller): HTTP endpoints and DTO mapping. - Application (
application/service): use-case orchestration and transactions. - Domain (
domain): entities, invariants, ownership rules. - Infrastructure (
infrastructure): persistence, security, integrations.
- Authentication uses JWT/OAuth2.
- Most business endpoints require
isAuthenticated()at controller level. - Business authorization for boards/projects/tasks is enforced by ownership/membership checks in services (not only by global roles).
ROLE_ADMINis reserved for admin endpoints (for example user/admin operations and protected actuator endpoints).
- Controller validates/parses request.
- Application service resolves the authenticated actor (
AuthenticatedUserService) and coordinates use-case. - Domain/service rules enforce ownership or collaborator membership.
- Repository persists/loads data.
- Controller returns response DTO.
- Configuration and profiles:
configuration.md - Public endpoint posture:
security-open-endpoints.md - Aggregate boundaries:
database/aggregates.md