# Kundenportal Prototyp (MSP)

Diese Demo besteht aus:
- `kundenportal-prototyp.html` (Frontend)
- `managed-presentation.html` (oeffentliche, passwortgeschuetzte Kundenpraesentation)
- `kundenportal_api.py` (lokale API + statisches File-Hosting, PostgreSQL-ready)

Deployment-Doku (Azure + PostgreSQL):
- `docs/azure-appservice-postgres.md`
- `docs/gitlab-azure-ci.md` (Self-Hosted GitLab CI -> Azure App Service)
- `docs/entra-oidc-setup.md` (Benutzerverwaltung/Login via Entra OIDC)

## Lokal starten (PostgreSQL)

1. Python-Umgebung:

```bash
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
```

2. Datenbank-URL setzen:

```bash
export DATABASE_URL='postgresql://portal_user:portal_password@127.0.0.1:5432/portal?sslmode=disable&gssencmode=disable'
export APP_ENV='development'
export KP_MANAGED_PRESENTATION_SECRET='please-set-a-long-random-secret-with-32plus-chars'
```

3. API starten:

```bash
bash scripts/local/start_postgres.sh
```

4. Browser:

```text
http://127.0.0.1:8000/kundenportal-prototyp.html
```

## Entra OIDC (Benutzerverwaltung/Login)

Setze fuer Entra OIDC mindestens:

```bash
export KP_AUTH_SESSION_SECRET='long-random-secret-min-32-chars'
export KP_OIDC_ENABLED='1'
export KP_OIDC_TENANT_ID='<tenant-id>'
export KP_OIDC_CLIENT_ID='<app-client-id>'
export KP_OIDC_REDIRECT_URI='http://127.0.0.1:8000/kundenportal-prototyp.html'
export KP_OIDC_ALLOWED_DOMAINS='deinefirma.de'
```

Optional:

```bash
export KP_OIDC_CLIENT_SECRET='<nur falls confidential client>'
export KP_OIDC_ADMIN_GROUP_IDS='<entra-group-guid-1>,<entra-group-guid-2>'
```

## Schnellcheck

```bash
curl http://127.0.0.1:8000/api/health
curl http://127.0.0.1:8000/api/tenants
```