湛兮
15 lines
1.1 KiB
Markdown
15 lines
1.1 KiB
Markdown
# role-user Project Notes
|
|
|
|
This project is the employee-facing C-side app for the `access-manage` backend and the `role-admin` management console.
|
|
|
|
When working in this repository:
|
|
|
|
- Prefer Chinese for project notes, PRDs, comments, and delivery summaries.
|
|
- Use React + Next.js App Router + TypeScript as the default frontend stack.
|
|
- Keep the app mobile-first and PWA-friendly; desktop should work, but the primary user is a store employee using a phone.
|
|
- Treat `access-manage/docs/ROLE_USER_BACKEND_REQUIREMENTS.md` as the backend contract source and `docs/C_EMPLOYEE_APP_REQUIREMENTS.md` as the frontend product source.
|
|
- Do not store or expose plaintext passwords in the frontend. Password operations must use reset/change flows, temporary one-time passwords, and audit logs.
|
|
- Use a Backend-for-Frontend layer in Next.js Route Handlers when it improves session safety. Prefer HttpOnly cookies over localStorage for tokens.
|
|
- Keep business API types and request helpers centralized under `src/lib/` once the app is scaffolded.
|
|
- When files or directories are added, removed, renamed, or reorganized, update `README.md` in the same change once a README exists.
|