I’m afraid FLS is not enforced in your Apex controller, because it’s running in System context. You can find more about how to enforce it manually here.
You can still enforce sharing rules with the
without sharing keyword on your Apex class as described here to get a record level security.
However, once Lightning Data Service is GA, you will be able to use it and it will enforce FLS for you.