update

2026-04-19 19:23:16 +02:00 · 2026-04-19 19:22:36 +02:00
22 changed files with 75 additions and 19 deletions
--- a/doc/core-apps/auth/features.md
+++ b/doc/core-apps/auth/features.md
@@ -1,4 +1,9 @@
- auth
+- login user
 - register user 
 - chnage password 
 - 
 - 
 	- registration, login, refresh, logout, password change, own profile
 	- routes: POST /register, /login, /refresh, /logout, /change-password; GET/PUT /me
 	- events emit: user.registered, user.logged_in
--- a/doc/core-apps/auth/specs.md
+++ b/doc/core-apps/auth/specs.md
@@ -1,3 +1,3 @@
- __init__.py (router, on_load)
+- __init__.py: 
 - models.py (User, RefreshToken)
 - manifest.yaml
--- a/doc/core-apps/features.md
+++ b/doc/core-apps/features.md
@@ -1,6 +1,4 @@
- core-apps
+- auth
-	- shipped with the system, required for a functional shop
+	- manage users
-	- same mechanics as any other app (manifest.yaml, router, migrations, events, DI) — no special status in the loader
+	- login user
-	- typically declared `required: true` in manifest so they cannot be switched off
+	- register user  
 	- distinct from custom-apps (optional / third-party, not shipped)
 	- cover: auth, product catalog, cart, checkout, payment, orders, mail, shipment (planned), plus the AI layer (ai_core, ai_shop, ai_admin)
--- a/doc/core-apps/specs.md
+++ b/doc/core-apps/specs.md
@@ -1,11 +1,6 @@
 - auth 
- catalog
+	- hashing: argon2
- cart
+	- token: JWT (15m/30d)
- checkout
+	- events
- payment
+		- user.registered
- orders
+		- user.logged_id
 - mail
 - ai_core
 - ai_shop
 - ai_admin
 - shipment (planned, not implemented)
--- a/doc/core/features.md
+++ b/doc/core/features.md
@@ -0,0 +1 @@
 - setup für den shop 
--- a/doc/core/specs.md
+++ b/doc/core/specs.md
@@ -0,0 +1,7 @@
 - main — anwendung starten 
 - loader — apps laden
 - config — liest zugänge aus env
 - di — direkte apps kommunikation 
 - events — indirekte apps kommunikation
 - db — datenbank kommunikation
 - cache — redis kommunikation  
--- a/doc/systems/authentication/features.md
+++ b/doc/systems/authentication/features.md
@@ -0,0 +1,6 @@
 - authentication
 	- "who are you?"
 	- password hashing with argon2
 	- JWT (15 min access) with refresh (30 days)
 	- identity dependencies (current_user_claims, optional_user, get_current_user_id, oauth2_scheme)
 	- room for growth: OAuth/SSO, API-tokens for third-party apps, 2FA, refresh-token rotation, impersonation
--- a/doc/systems/authentication/specs.md
+++ b/doc/systems/authentication/specs.md
@@ -0,0 +1 @@
 - authentication.py
--- a/doc/systems/authorization/features.md
+++ b/doc/systems/authorization/features.md
@@ -0,0 +1,4 @@
 - authorization
 	- "what are you allowed to do?"
 	- role checks (require_admin today)
 	- room for growth: require_role, require_permission, per-resource checks (owner-of), B2B approval workflows, per-app permissions for marketplace apps
--- a/doc/systems/authorization/specs.md
+++ b/doc/systems/authorization/specs.md
@@ -0,0 +1 @@
 - authorization.py
--- a/doc/systems/features.md
+++ b/doc/systems/features.md
@@ -0,0 +1,2 @@
 - basis für apps 
 - sammelt logik der apps und führt sie aus  
--- a/doc/systems/i18n/features.md
+++ b/doc/systems/i18n/features.md
@@ -0,0 +1,2 @@
 - i18n
 	- internationalisation helper for DE/EN text fields
--- a/doc/systems/i18n/specs.md
+++ b/doc/systems/i18n/specs.md
@@ -0,0 +1 @@
 - i18n.py
--- a/doc/systems/middleware/features.md
+++ b/doc/systems/middleware/features.md
@@ -0,0 +1,4 @@
 - middleware
 	- central place to install FastAPI middlewares (install_middlewares(app))
 	- today: CORS (allowed origins from .env)
 	- room for growth: request-id, access logging, rate-limit, security headers (HSTS/CSP), compression
--- a/doc/systems/middleware/specs.md
+++ b/doc/systems/middleware/specs.md
@@ -0,0 +1 @@
 - middleware.py
--- a/doc/systems/migrations/features.md
+++ b/doc/systems/migrations/features.md
@@ -0,0 +1,5 @@
 - migrations
 	- orchestrator (migrations.py): discover per-app migration folders (apps/<name>/migrations/), configure alembic version_locations dynamically, coordinate multi-head merging
 	- startup check: fail fast if schema is not up to date
 	- migrations/ directory: alembic version store (today still holds all migrations centrally; per-app folders are the target state)
 	- use alembic
--- a/doc/systems/migrations/specs.md
+++ b/doc/systems/migrations/specs.md
@@ -0,0 +1,2 @@
 - migrations.py
 - migrations/ (Alembic version store)
--- a/doc/systems/seed/features.md
+++ b/doc/systems/seed/features.md
@@ -0,0 +1,2 @@
 - seed
 	- demo data (admin, demo customer, categories, products)
--- a/doc/systems/seed/specs.md
+++ b/doc/systems/seed/specs.md
@@ -0,0 +1 @@
 - seed.py
--- a/doc/systems/settings/features.md
+++ b/doc/systems/settings/features.md
@@ -0,0 +1,6 @@
 - settings
 	- key-value store for shop settings (runtime-changeable, e.g. shop_name, currency)
 	- postgres is source of truth
 	- mirrored to redis on write
 	- emits core.settings_updated event
 	- distinct from config (which only reads .env infrastructure values)
--- a/doc/systems/settings/specs.md
+++ b/doc/systems/settings/specs.md
@@ -0,0 +1 @@
 - settings.py
--- a/doc/systems/specs.md
+++ b/doc/systems/specs.md
@@ -0,0 +1,11 @@
 - controller - routes und aktionen 
 - model - datenbank tabellen 
 - migration — migrationen
 - event - eigene events 
 - subscriber - listener  
 - setting — shop konfigurationen 
 - authentication — zugriff 
 - authorization — rechte
 - middleware — request und response filter
 - seed — faker daten  
 - i18n — übersetzungen
Author	SHA1	Message	Date
Marek	47cfc67ef4	update	2026-04-19 19:23:16 +02:00
Marek	65157da61d	update	2026-04-19 19:22:36 +02:00
		`@@ -0,0 +1,2 @@`
							`- basis für apps`
							`- sammelt logik der apps und führt sie aus`
		`@@ -0,0 +1,2 @@`
							`- i18n`
							`- internationalisation helper for DE/EN text fields`
		`@@ -0,0 +1,2 @@`
							`- migrations.py`
							`- migrations/ (Alembic version store)`
		`@@ -0,0 +1,2 @@`
							`- seed`
							`- demo data (admin, demo customer, categories, products)`