03d478840b
Adds the Caddy hop to seq-auth-flow.puml and surfaces the two
production-relevant header behaviours:
- Caddy terminates TLS and forwards X-Forwarded-Proto: https
- Spring Boot trusts this header (server.forward-headers-strategy:
native, ForwardedRequestCustomizer at the Jetty layer), so
request.getScheme() returns "https"
- The Set-Cookie response carries the Secure flag because the
observed scheme is https — without forward-headers-strategy this
would silently drop to plain http and the cookie would lose Secure
Closes the doc-currency gap flagged in the Markus review on PR #499:
"Auth flow change → docs/architecture/c4/seq-auth-flow.puml".
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
C4-PlantUML Diagrams
Architecture diagrams in C4-PlantUML format. These are the authoritative source for layout-accurate diagrams. The companion c4-diagrams.md in the parent directory keeps Mermaid versions for inline Gitea rendering.
Render in Gitea
Gitea is configured to render .puml files as diagrams. Open any .puml file in the Gitea UI to see the rendered diagram.
Note:
plantumlcode fences inside Markdown files do not render inline in Gitea — this is a Gitea limitation unrelated to the server configuration. The.mdfiles in this repo use Mermaid for that reason.
Render in VS Code
Install the PlantUML extension (jebbs.plantuml). The project's .vscode/settings.json already points at the shared server:
plantuml.server = http://heim-nas:8500
Open any .puml file and press Alt+D to preview.
Files
| File | Diagram |
|---|---|
l1-context.puml |
Level 1 — System Context |
l2-containers.puml |
Level 2 — Containers |
l3-backend-3a-security.puml |
L3 Backend: Security & Authentication |
l3-backend-3b-document-management.puml |
L3 Backend: Document Management & Import |
l3-backend-3c-transcription.puml |
L3 Backend: Document Transcription Pipeline |
l3-backend-3d-users-groups.puml |
L3 Backend: Users, Groups & Administration |
l3-backend-3e-persons.puml |
L3 Backend: Persons & Family Graph |
l3-backend-3f-ocr.puml |
L3 Backend: OCR Orchestration |
l3-backend-3g-supporting.puml |
L3 Backend: Supporting Domains |
l3-frontend-3a-middleware-auth.puml |
L3 Frontend: Middleware, Auth & Layout |
l3-frontend-3b-document-workflows.puml |
L3 Frontend: Document Workflows |
l3-frontend-3c-people-stories.puml |
L3 Frontend: People, Stories & Discovery |
l3-frontend-3d-administration.puml |
L3 Frontend: Administration & Help |
seq-auth-flow.puml |
Sequence: Authentication Flow |
seq-document-upload.puml |
Sequence: Document Upload Flow |