# INSIGHT MVP — Aktueller Implementierungsstand *Stand: 2026-03-15* --- ## Alle Services live und gesund | Service | Container | Status | |---------|-----------|--------| | Core Service | `insight-core` | ✅ healthy | | CRM Service | `insight-crm` | ✅ healthy | | Frontend | `insight-frontend` | ✅ healthy | | PostgreSQL | `insight-postgres` | ✅ healthy | | PgBouncer | `insight-pgbouncer` | ✅ healthy | | Redis | `insight-redis` | ✅ healthy | | Traefik | `insight-traefik` | ✅ healthy | | step-ca | `insight-step-ca` | ✅ healthy | --- ## Implementierte Features (vollständig deployed) ### Auth & Benutzer - ✅ Login (lokal + SSO via Microsoft Entra ID) - ✅ JWT (RS256, Access in Memory, Refresh HttpOnly Cookie) - ✅ 2FA (TOTP) - ✅ Silent Refresh - ✅ Passwort ändern - ✅ Profilbild-Upload ### Microsoft 365 Integration - ✅ OAuth2-Flow (`/auth/integrations/microsoft-365`) - ✅ Token-Storage verschlüsselt (AES-256-GCM) in `user_integrations` - ✅ Token-Refresh automatisch - ✅ Scopes: Mail.Read, Calendars.Read, Tasks.ReadWrite, offline_access - ✅ O365-Profilfelder: jobTitle, department, companyName, officeLocation - ✅ Profilbild-Sync aus O365 (96x96, nur wenn kein INSIGHT-Avatar) - ✅ Auto-Sync beim Login (`useO365ProfileSync` Hook) ### Dashboard - ✅ Home-Tab: Analoguhr, 3-Tage-Wetter-Prognose, Spruch des Tages, kompakte Widgets - ✅ E-Mail-Tab (O365 Inbox mit Lesefenster) - ✅ Kalender-Tab (O365 Events) - ✅ Aufgaben-Tab (O365 + CRM bidirektional) - ✅ Kontakte-Tab (O365 + CRM verknüpft) ### CRM (Phase 1–2.5) - ✅ Companies, Contacts, Deals, Activities (vollständiges CRUD) - ✅ Pipelines & Stages - ✅ Custom Fields - ✅ Kanban-Board (`/crm/kanban`) mit Drag & Drop (@dnd-kit) - ✅ Forecast-Ansicht - ✅ Lexware Office Integration (Kontakte, Belege) - ✅ North Data Enrichment - ✅ **CRM Berechtigungsmodell (Phase 2.5)**: - Sichtbarkeitsfilter OWN/TEAM/ALL pro Entity (COMPANY, CONTACT, DEAL, ACTIVITY) - JWT enthält `tenantRole` + `department` - ReadonlyGuard für READONLY-Rolle - Admin-Einstellungsseite `/admin/crm-settings` - Redis-Cache für Visibility-Settings (5 Min TTL) ### Expertenprofil - ✅ Skills, Erfahrungen, Projekte, Zertifizierungen, Sprachen, Anhänge - ✅ 3-Spalten-Layout - ✅ PDF-Export (Timeline, Logo, Akzentfarbe aus Branding) - ✅ Word-Export (DOCX) ### Profilzugriff (Admin) - ✅ `ProfileAccessGroup` + `ProfileAccessGroupMember` Modelle - ✅ Benutzergruppen mit canView/canExport/canEdit Berechtigungen - ✅ Admin-UI `/admin/profile-access`: - Tab "Gruppen": CRUD + Mitglieder verwalten - Tab "Profile": alle User mit Aktionen (Ansehen, PDF, DOCX, Bearbeiten) - ✅ Admin-Detailseite `/admin/profiles/:userId` (Profil im Admin-Kontext bearbeiten) - ✅ Admin-Endpoints für alle Profil-Mutationen (`/expert-profile/admin/users/...`) ### Admin-Bereich - ✅ Benutzerverwaltung (`/admin/users`) - ✅ SSO-Konfiguration (`/admin/sso`) - ✅ Externe Links (`/admin/external-links`) - ✅ **Anpassungen (`/admin/customize`)**: - Sidebar-Breite, Logo, Farben - Login-Hintergrund (Farbverlauf / Einfarbig / Hintergrundbild) - ✅ Firmendaten (`/admin/company`) - ✅ Events (`/admin/events`) - ✅ SSL/Domain (`/admin/ssl`) - ✅ Profilzugriff (`/admin/profile-access`) - ✅ CRM Sichtbarkeit (`/admin/crm-settings`) ### Login-Screen-Branding - ✅ Dynamischer Hintergrund aus Branding-Einstellungen - ✅ Logo auf Login-Seite (statt "INSIGHT"-Text) - ✅ Typen: Farbverlauf, Einfarbig, Hintergrundbild (max 2MB) --- ## Technische Infrastruktur | Komponente | Version/Details | |------------|-----------------| | Backend | NestJS 10, TypeScript strict | | Frontend | React 18, Vite | | Datenbank | PostgreSQL 16, Prisma ORM | | Cache | Redis 7 (Pub/Sub + Cache) | | Connection Pool | PgBouncer | | API Gateway | Traefik 3 | | Auth | RS256 JWT, bcrypt Cost 12 | | mTLS | step-ca (Smallstep) | | Container | Docker Compose | ### Prisma-Schemas - `core.schema.prisma` — User, Auth, Profile, Tenant, Integrations, ProfileAccess - `crm.schema.prisma` — CRM-Entities, Pipelines, CustomFields, Contracts, Visibility ### Branching - Aktiver Branch: `feature/crm-service` - 200 Commits seit Initial --- ## API-Endpunkte (Core Service) ``` POST /api/v1/auth/login POST /api/v1/auth/refresh POST /api/v1/auth/logout GET /api/v1/auth/integrations/microsoft-365 ← OAuth-Flow GET /api/v1/auth/integrations/microsoft-365/callback GET /api/v1/users/me PATCH /api/v1/users/me GET /api/v1/users/team-members GET /api/v1/users/me/integrations DELETE /api/v1/users/me/integrations/microsoft-365 GET /api/v1/expert-profile/me PATCH /api/v1/expert-profile/me/skills POST /api/v1/expert-profile/me/experiences ... (Projekte, Zertifizierungen, Sprachen, Anhänge) GET /api/v1/expert-profile/me/export/pdf GET /api/v1/expert-profile/me/export/docx GET /api/v1/expert-profile/admin/users GET /api/v1/expert-profile/admin/users/:userId GET /api/v1/expert-profile/admin/users/:userId/export/pdf ... (alle Profil-Mutationen für Admin) GET /api/v1/profile-access/groups POST /api/v1/profile-access/groups PATCH /api/v1/profile-access/groups/:id DELETE /api/v1/profile-access/groups/:id GET/POST/DELETE /api/v1/profile-access/groups/:id/members/:userId GET /api/v1/settings/branding POST /api/v1/settings/branding GET /api/v1/settings/company POST /api/v1/settings/company ``` ## API-Endpunkte (CRM Service) ``` Companies, Contacts, Deals, Activities, Pipelines, ... (vollständiges CRUD) GET /api/v1/crm/visibility-settings PUT /api/v1/crm/visibility-settings/:entity GET /api/v1/crm/office365/emails GET /api/v1/crm/office365/calendar GET /api/v1/crm/office365/tasks POST /api/v1/crm/office365/tasks GET /api/v1/crm/office365/profile ```