@startuml
title Security Boundaries - MVP Notification System

package "Frontend (React)" {
  [Notification UI]
  [Preferences UI]
}

package "API Layer" {
  [JWT Validator]
  [Authorization Check]
  [Rate Limiter]
}

package "Backend Services" {
  [Notification Service]
  [Preference Checker]
}

package "Data Layer" {
  database "PostgreSQL" {
    [notifications]
    [user_preferences]
  }
}

actor User
actor Attacker

User --> [Notification UI] : Authenticated
User --> [Preferences UI] : Manage settings

[Notification UI] --> [JWT Validator] : GET /api/notifications
[Preferences UI] --> [JWT Validator] : PUT /api/preferences

[JWT Validator] --> [Authorization Check] : Validate token
[Authorization Check] --> [Rate Limiter] : Check user ownership
[Rate Limiter] --> [Notification Service] : Enforce limits
[Rate Limiter] --> [Preference Checker] : Enforce limits

[Notification Service] --> [notifications] : Read/Write
[Preference Checker] --> [user_preferences] : Read/Write

Attacker -[#red]-> [JWT Validator] : ❌ Invalid token rejected
Attacker -[#red]-> [Authorization Check] : ❌ Cross-user access blocked
Attacker -[#red]-> [Rate Limiter] : ❌ Spam prevented

note right of [JWT Validator]
  **Security Controls:**
  • JWT validation (existing)
  • User-specific authorization
  • Rate limiting (100/hour)
  • Input validation/sanitization
  • CSRF protection
end note

note left of Attacker
  **Mitigated Threats:**
  • Unauthorized access
  • Notification injection
  • Subscription tampering
  • DoS via spam
  • Cross-user data leakage
end note

@enduml