update

2026-04-19 19:23:16 +02:00 · 2026-04-19 19:22:36 +02:00
22 changed files with 75 additions and 19 deletions
--- a/doc/core-apps/auth/features.md
+++ b/doc/core-apps/auth/features.md
@@ -1,4 +1,9 @@
- auth
+- login user
+- register user 
+- chnage password 
+- 
+- 
+
 	- registration, login, refresh, logout, password change, own profile
 	- routes: POST /register, /login, /refresh, /logout, /change-password; GET/PUT /me
 	- events emit: user.registered, user.logged_in
--- a/doc/core-apps/auth/specs.md
+++ b/doc/core-apps/auth/specs.md
@@ -1,3 +1,3 @@
- __init__.py (router, on_load)
+- __init__.py: 
 - models.py (User, RefreshToken)
 - manifest.yaml
--- a/doc/core-apps/features.md
+++ b/doc/core-apps/features.md
@@ -1,6 +1,4 @@
- core-apps
-	- shipped with the system, required for a functional shop
-	- same mechanics as any other app (manifest.yaml, router, migrations, events, DI) — no special status in the loader
-	- typically declared `required: true` in manifest so they cannot be switched off
-	- distinct from custom-apps (optional / third-party, not shipped)
-	- cover: auth, product catalog, cart, checkout, payment, orders, mail, shipment (planned), plus the AI layer (ai_core, ai_shop, ai_admin)
+- auth
+	- manage users
+	- login user
+	- register user  
--- a/doc/core-apps/specs.md
+++ b/doc/core-apps/specs.md
@@ -1,11 +1,6 @@
 - auth 
- catalog
- cart
- checkout
- payment
- orders
- mail
- ai_core
- ai_shop
- ai_admin
- shipment (planned, not implemented)
+	- hashing: argon2
+	- token: JWT (15m/30d)
+	- events
+		- user.registered
+		- user.logged_id
--- a/doc/core/features.md
+++ b/doc/core/features.md
@@ -0,0 +1 @@
+- setup für den shop 
--- a/doc/core/specs.md
+++ b/doc/core/specs.md
@@ -0,0 +1,7 @@
+- main — anwendung starten 
+- loader — apps laden
+- config — liest zugänge aus env
+- di — direkte apps kommunikation 
+- events — indirekte apps kommunikation
+- db — datenbank kommunikation
+- cache — redis kommunikation  
--- a/doc/systems/authentication/features.md
+++ b/doc/systems/authentication/features.md
@@ -0,0 +1,6 @@
+- authentication
+	- "who are you?"
+	- password hashing with argon2
+	- JWT (15 min access) with refresh (30 days)
+	- identity dependencies (current_user_claims, optional_user, get_current_user_id, oauth2_scheme)
+	- room for growth: OAuth/SSO, API-tokens for third-party apps, 2FA, refresh-token rotation, impersonation
--- a/doc/systems/authentication/specs.md
+++ b/doc/systems/authentication/specs.md
@@ -0,0 +1 @@
+- authentication.py
--- a/doc/systems/authorization/features.md
+++ b/doc/systems/authorization/features.md
@@ -0,0 +1,4 @@
+- authorization
+	- "what are you allowed to do?"
+	- role checks (require_admin today)
+	- room for growth: require_role, require_permission, per-resource checks (owner-of), B2B approval workflows, per-app permissions for marketplace apps
--- a/doc/systems/authorization/specs.md
+++ b/doc/systems/authorization/specs.md
@@ -0,0 +1 @@
+- authorization.py
--- a/doc/systems/features.md
+++ b/doc/systems/features.md
@@ -0,0 +1,2 @@
+- basis für apps 
+- sammelt logik der apps und führt sie aus  
--- a/doc/systems/i18n/features.md
+++ b/doc/systems/i18n/features.md
@@ -0,0 +1,2 @@
+- i18n
+	- internationalisation helper for DE/EN text fields
--- a/doc/systems/i18n/specs.md
+++ b/doc/systems/i18n/specs.md
@@ -0,0 +1 @@
+- i18n.py
--- a/doc/systems/middleware/features.md
+++ b/doc/systems/middleware/features.md
@@ -0,0 +1,4 @@
+- middleware
+	- central place to install FastAPI middlewares (install_middlewares(app))
+	- today: CORS (allowed origins from .env)
+	- room for growth: request-id, access logging, rate-limit, security headers (HSTS/CSP), compression
--- a/doc/systems/middleware/specs.md
+++ b/doc/systems/middleware/specs.md
@@ -0,0 +1 @@
+- middleware.py
--- a/doc/systems/migrations/features.md
+++ b/doc/systems/migrations/features.md
@@ -0,0 +1,5 @@
+- migrations
+	- orchestrator (migrations.py): discover per-app migration folders (apps/<name>/migrations/), configure alembic version_locations dynamically, coordinate multi-head merging
+	- startup check: fail fast if schema is not up to date
+	- migrations/ directory: alembic version store (today still holds all migrations centrally; per-app folders are the target state)
+	- use alembic
--- a/doc/systems/migrations/specs.md
+++ b/doc/systems/migrations/specs.md
@@ -0,0 +1,2 @@
+- migrations.py
+- migrations/ (Alembic version store)
--- a/doc/systems/seed/features.md
+++ b/doc/systems/seed/features.md
@@ -0,0 +1,2 @@
+- seed
+	- demo data (admin, demo customer, categories, products)
--- a/doc/systems/seed/specs.md
+++ b/doc/systems/seed/specs.md
@@ -0,0 +1 @@
+- seed.py
--- a/doc/systems/settings/features.md
+++ b/doc/systems/settings/features.md
@@ -0,0 +1,6 @@
+- settings
+	- key-value store for shop settings (runtime-changeable, e.g. shop_name, currency)
+	- postgres is source of truth
+	- mirrored to redis on write
+	- emits core.settings_updated event
+	- distinct from config (which only reads .env infrastructure values)
--- a/doc/systems/settings/specs.md
+++ b/doc/systems/settings/specs.md
@@ -0,0 +1 @@
+- settings.py
--- a/doc/systems/specs.md
+++ b/doc/systems/specs.md
@@ -0,0 +1,11 @@
+- controller - routes und aktionen 
+- model - datenbank tabellen 
+- migration — migrationen
+- event - eigene events 
+- subscriber - listener  
+- setting — shop konfigurationen 
+- authentication — zugriff 
+- authorization — rechte
+- middleware — request und response filter
+- seed — faker daten  
+- i18n — übersetzungen
Author	SHA1	Message	Date
Marek	47cfc67ef4	update	2026-04-19 19:23:16 +02:00
Marek	65157da61d	update	2026-04-19 19:22:36 +02:00