You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+90-25Lines changed: 90 additions & 25 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -189,7 +189,49 @@ try {
189
189
190
190
## 🏗️ Architecture
191
191
192
-
### JWT Encoding Process
192
+
### 🔄 Complete Data Flow
193
+
194
+
> This diagram shows the complete JWT workflow from data input to output. The **Sign** process creates encrypted tokens and stores them in cache, while **Verify** operations check cache first for 1,600x performance boost. **Decode** extracts raw data without verification, and **Cache Management** ensures memory efficiency with LRU eviction and TTL expiration.
195
+
196
+
```mermaid
197
+
graph TD
198
+
A[User Data] --> B[Sign Request]
199
+
B --> C[Create Payload]
200
+
C --> D[AES-256-GCM Encrypt]
201
+
D --> E[Generate Token]
202
+
E --> F[Store in Cache]
203
+
F --> G[Return Token]
204
+
205
+
H[Token Verification] --> I{Cache Hit?}
206
+
I -->|Yes| J[Return Cached Data]
207
+
I -->|No| K[Decrypt Token]
208
+
K --> L[Validate Integrity]
209
+
L --> M[Store in Cache]
210
+
M --> N[Return Decoded Data]
211
+
212
+
O[Token Decode] --> P[Extract Payload]
213
+
P --> Q[Return Raw Data]
214
+
215
+
R[Cache Management] --> S[LRU Eviction]
216
+
S --> T[TTL Expiration]
217
+
T --> U[Memory Limit 10K]
218
+
219
+
style A fill:#e1f5fe,color:#000
220
+
style G fill:#c8e6c9,color:#000
221
+
style J fill:#c8e6c9,color:#000
222
+
style N fill:#c8e6c9,color:#000
223
+
style Q fill:#c8e6c9,color:#000
224
+
style I fill:#fff9c4,color:#000
225
+
style F fill:#e8f5e8,color:#000
226
+
style M fill:#e8f5e8,color:#000
227
+
style R fill:#f3e5f5,color:#000
228
+
```
229
+
230
+
---
231
+
232
+
### 🔐 JWT Encoding Process
233
+
234
+
> This diagram details the token creation process with AES-256-GCM encryption. Each token gets a **random IV** for uniqueness, **version-based AAD** for compatibility, and **authentication tags** for tamper detection. The **caching system** stores encrypted tokens for instant retrieval, providing massive performance improvements for repeated verifications.
193
235
194
236
```mermaid
195
237
graph TD
@@ -201,43 +243,66 @@ graph TD
201
243
F --> G[Create Token Structure]
202
244
G --> H[Base64 Encode]
203
245
H --> I[Secure JWT Token]
246
+
I --> J[Store in Cache]
247
+
J --> K[LRU Eviction Check]
248
+
K --> L[TTL Expiration]
204
249
205
-
J[Secret Key] --> K[Key Preparation]
206
-
K --> F
207
-
L[Random Salt] --> K
250
+
M[Secret Key] --> N[Key Preparation]
251
+
N --> F
252
+
O[Random Salt] --> N
208
253
209
-
M[Version] --> N[Additional
254
+
P[Version] --> Q[Additional
210
255
Authenticated Data]
211
-
N --> F
256
+
Q --> F
212
257
213
-
F --> O[Authentication Tag]
214
-
O --> G
258
+
F --> R[Authentication Tag]
259
+
R --> G
260
+
261
+
S[Cache Hit?] --> T[Return Cached Data]
262
+
S --> U[Decrypt & Cache]
263
+
U --> V[Return Decrypted Data]
215
264
216
265
style A fill:#e1f5fe,color:#000
217
266
style I fill:#c8e6c9,color:#000
218
267
style F fill:#fff3e0,color:#000
219
-
style J fill:#fce4ec,color:#000
268
+
style M fill:#fce4ec,color:#000
269
+
style J fill:#e8f5e8,color:#000
270
+
style S fill:#fff9c4,color:#000
220
271
```
221
272
222
-
### Security Layers
273
+
---
274
+
275
+
### 🛡️ Security Layers
276
+
277
+
> This diagram illustrates the security-focused verification process. **Cache validation** provides the first security layer, preventing DoS attacks through performance optimization. **Decryption** uses the secret key and random IV, while **integrity checks** verify authentication tags. The **caching system** acts as both a performance and security feature, ensuring fast and secure token validation.
0 commit comments