Security in Centrix is treated as an engineering quality attribute: authentication, validation, tenant safety and safe configuration are integrated into the development workflow.
This case study describes security-related decisions at a public, non-sensitive level.
Centrix focuses on practical application security fundamentals:
- Protect authenticated routes.
- Validate input before business logic execution.
- Preserve tenant boundaries.
- Avoid leaking sensitive configuration.
- Keep frontend/backend contracts predictable.
- Reduce accidental access to incorrect tenant data.
The backend uses JWT-based authentication.
Protected API requests require an authenticated session and tenant context.
General flow:
Login
→ credentials validated
→ JWT issued
→ protected request
→ JWT verified
→ tenant context checked
→ operation executedThe system supports role-based behavior.
Current roles:
| Role | Purpose |
|---|---|
| Administrator | Full system access. |
| Seller | Limited access focused on sales creation. |
Authorization is applied according to the module and requested action.
Centrix validates request data before executing operations.
Validated request areas:
- Body.
- Params.
- Query string.
- Enum values.
- Required fields.
- Business constraints.
- Tenant context.
- User status.
Validation helps protect the system from malformed requests and keeps business rules consistent.
Tenant-aware behavior is validated across the request lifecycle.
Key checks:
- Tenant exists.
- Tenant is active.
- Tenant context is attached to the request.
- JWT tenant context matches request tenant context.
- Data operations execute within the resolved tenant scope.
This helps reduce the risk of cross-tenant data access.
Production-sensitive values are kept outside source code.
Examples of non-public configuration:
- Database connection strings.
- JWT secrets.
- Production environment variables.
- Internal service configuration.
- Credentials and tokens.
This repository intentionally excludes:
- Source code for private services.
- Environment files.
- Secrets.
- Tokens.
- Database dumps.
- Logs containing headers or credentials.
- Real user or tenant data.
- Internal production configuration.
Centrix is not presented as a cybersecurity product. Security is used as a supporting engineering discipline to make the application more robust, safer and more maintainable.