Viele neue Features
This commit is contained in:
371
AGENTS.md
371
AGENTS.md
@@ -1,6 +1,6 @@
|
||||
💍 AGENTS.md
|
||||
|
||||
Wedding App – Agent Specification (Hero + Secure Edition)
|
||||
Wedding App – Agent Specification (Hero + Secure + Group Edition)
|
||||
|
||||
1. Project Overview
|
||||
|
||||
@@ -13,13 +13,13 @@ https://www.svenja-dominic-hochzeit.de/
|
||||
The entire platform is protected by login.
|
||||
There is no public content accessible without authentication.
|
||||
|
||||
Core goals:
|
||||
Core Goals
|
||||
|
||||
password-protected access (event password)
|
||||
invitation-based access system
|
||||
|
||||
RSVP + plus-one selection
|
||||
group-based RSVP handling
|
||||
|
||||
photo upload + shared gallery
|
||||
photo upload + shared gallery with permission control
|
||||
|
||||
modern information pages (schedule, hotels, taxi, location)
|
||||
|
||||
@@ -31,33 +31,101 @@ language switch (German / English)
|
||||
|
||||
visually polished, modern, mobile-first UI
|
||||
|
||||
2. Access Model (IMPORTANT)
|
||||
2. Access Model (IMPORTANT – UPDATED)
|
||||
|
||||
The entire site must be login-protected.
|
||||
|
||||
No publicly accessible landing page.
|
||||
|
||||
Flow:
|
||||
Invitation-Based Authentication Model
|
||||
|
||||
Each account represents one invitation.
|
||||
|
||||
An invitation can be:
|
||||
|
||||
a single person
|
||||
|
||||
a family
|
||||
|
||||
a couple
|
||||
|
||||
any defined group
|
||||
|
||||
Even single guests are technically treated as a group with one member.
|
||||
|
||||
Login Flow
|
||||
|
||||
User visits root URL → redirected to login
|
||||
|
||||
User enters:
|
||||
|
||||
event password
|
||||
group password
|
||||
|
||||
guest name
|
||||
group name (predefined)
|
||||
|
||||
On success:
|
||||
|
||||
guest stored in database (if new)
|
||||
group loaded from database
|
||||
|
||||
session created
|
||||
|
||||
redirect to internal start page
|
||||
|
||||
All internal routes must require authentication.
|
||||
No free registration allowed.
|
||||
|
||||
3. Internal Start Page Structure (Hero + Dashboard Concept)
|
||||
Each group has:
|
||||
|
||||
a predefined group name
|
||||
|
||||
an individual password
|
||||
|
||||
Different groups → different passwords.
|
||||
|
||||
Group Management After Login
|
||||
|
||||
After login, the group sees:
|
||||
|
||||
all predefined members of their invitation
|
||||
|
||||
RSVP selection per member
|
||||
|
||||
For each member:
|
||||
|
||||
attending Yes / No
|
||||
|
||||
Only one person per group must log in and manage the responses.
|
||||
|
||||
3. Roles System (NEW)
|
||||
|
||||
Two roles must exist:
|
||||
|
||||
Role: Guest (Default)
|
||||
|
||||
Can:
|
||||
|
||||
manage RSVP for their group
|
||||
|
||||
upload images
|
||||
|
||||
delete only their own uploaded images
|
||||
|
||||
Cannot:
|
||||
|
||||
delete images uploaded by others
|
||||
|
||||
Role: Admin (Hosts)
|
||||
|
||||
Can:
|
||||
|
||||
delete any uploaded image
|
||||
|
||||
manage all groups
|
||||
|
||||
optionally view attendance overview
|
||||
|
||||
No public admin panel required, but role logic must exist internally.
|
||||
|
||||
4. Internal Start Page Structure (Hero + Dashboard Concept)
|
||||
|
||||
After login, the start page consists of two sections:
|
||||
|
||||
@@ -77,6 +145,7 @@ short personal text
|
||||
smooth scroll transition to dashboard
|
||||
|
||||
Purpose:
|
||||
|
||||
Make the platform feel emotional and elegant, not like a business app.
|
||||
|
||||
Section 2 – Dashboard Area
|
||||
@@ -99,7 +168,7 @@ Taxi
|
||||
|
||||
Location
|
||||
|
||||
The dashboard must:
|
||||
Dashboard must:
|
||||
|
||||
use rounded cards
|
||||
|
||||
@@ -109,7 +178,19 @@ consistent spacing
|
||||
|
||||
mobile-first responsive layout
|
||||
|
||||
4. Tech Stack (Required)
|
||||
Navigation Requirement (NEW)
|
||||
|
||||
A back button (arrow icon) must exist:
|
||||
|
||||
visible in header area
|
||||
|
||||
allows navigation back to previous page
|
||||
|
||||
must NOT replace logout button
|
||||
|
||||
Logout remains separate and visible.
|
||||
|
||||
5. Tech Stack (Required)
|
||||
|
||||
Python 3.12
|
||||
Flask
|
||||
@@ -121,14 +202,11 @@ Docker + Docker Compose
|
||||
Frontend:
|
||||
|
||||
Jinja2 templates
|
||||
|
||||
Tailwind via CDN OR lightweight custom CSS
|
||||
|
||||
No heavy JS frameworks
|
||||
|
||||
Minimal JavaScript only where needed
|
||||
|
||||
5. UI / UX Requirements (Very Important)
|
||||
6. UI / UX Requirements (Very Important)
|
||||
|
||||
Visual style:
|
||||
|
||||
@@ -149,10 +227,9 @@ clean typography (Google Fonts allowed)
|
||||
Mobile-first design required.
|
||||
|
||||
Minimal clutter.
|
||||
|
||||
Smooth hover transitions.
|
||||
|
||||
6. Language Switch (DE / EN)
|
||||
7. Language Switch (DE / EN)
|
||||
|
||||
Must include:
|
||||
|
||||
@@ -162,112 +239,37 @@ switch stored in session
|
||||
|
||||
no automatic geo-detection
|
||||
|
||||
static text controlled via simple translation dictionary or structure
|
||||
static text controlled via simple translation dictionary
|
||||
|
||||
7. Location Page Requirements
|
||||
8. RSVP Logic (UPDATED – GROUP BASED)
|
||||
|
||||
Must include:
|
||||
Database structure must support:
|
||||
|
||||
Location name (env variable)
|
||||
group entity
|
||||
|
||||
Address (env variable)
|
||||
group members
|
||||
|
||||
Google Maps embed (iframe)
|
||||
Each group contains:
|
||||
|
||||
Prominent button:
|
||||
multiple persons
|
||||
|
||||
“Zur Location-Webseite” / “Visit Location Website”
|
||||
For each person:
|
||||
|
||||
target="_blank"
|
||||
attending (boolean)
|
||||
|
||||
rel="noopener"
|
||||
Optional plus-one logic may be removed since groups now define structure.
|
||||
|
||||
Environment variables:
|
||||
Persist responses per individual.
|
||||
|
||||
LOCATION_NAME
|
||||
LOCATION_ADDRESS
|
||||
LOCATION_WEBSITE_URL
|
||||
GOOGLE_MAPS_EMBED_URL
|
||||
|
||||
Google Maps Privacy Requirement
|
||||
|
||||
Google Maps must NOT load automatically.
|
||||
|
||||
Implement a 2-click solution:
|
||||
|
||||
Show placeholder container
|
||||
|
||||
Display privacy notice:
|
||||
“Zur Anzeige der Karte werden Daten an Google übertragen.”
|
||||
|
||||
Only after user click → load iframe dynamically
|
||||
|
||||
No global cookie banner required.
|
||||
|
||||
8. Authentication Requirements
|
||||
|
||||
Event password stored in environment variable:
|
||||
|
||||
EVENT_PASSWORD
|
||||
|
||||
Guest provides:
|
||||
|
||||
event password
|
||||
|
||||
name
|
||||
|
||||
Use Flask sessions.
|
||||
|
||||
No:
|
||||
|
||||
email verification
|
||||
|
||||
role system
|
||||
|
||||
admin panel
|
||||
|
||||
9. Database Schema
|
||||
|
||||
Table: guests
|
||||
|
||||
id (PK)
|
||||
|
||||
name (required)
|
||||
|
||||
attending (boolean, nullable)
|
||||
|
||||
plus_one (boolean, default False)
|
||||
|
||||
created_at (timestamp)
|
||||
|
||||
Table: uploads
|
||||
|
||||
id (PK)
|
||||
|
||||
filename
|
||||
|
||||
uploaded_by (guest id)
|
||||
|
||||
uploaded_at (timestamp)
|
||||
|
||||
SQLite only.
|
||||
|
||||
10. RSVP Logic
|
||||
|
||||
Guest selects:
|
||||
|
||||
attending Yes / No
|
||||
|
||||
plus_one only visible if attending Yes
|
||||
|
||||
Persist to database.
|
||||
|
||||
11. Upload Requirements
|
||||
9. Image Upload & Gallery System (UPDATED)
|
||||
Upload Requirements
|
||||
|
||||
Allowed types:
|
||||
|
||||
jpg
|
||||
|
||||
jpeg
|
||||
|
||||
png
|
||||
|
||||
Must:
|
||||
@@ -286,26 +288,123 @@ store files in /uploads
|
||||
|
||||
store reference in database
|
||||
|
||||
Uploads must support:
|
||||
|
||||
mobile gallery uploads (iOS / Android compatible input field)
|
||||
|
||||
Optional but recommended:
|
||||
|
||||
remove EXIF metadata before saving
|
||||
|
||||
12. Gallery Requirements
|
||||
Gallery Requirements
|
||||
|
||||
All guests see all images
|
||||
All authenticated guests see all images.
|
||||
|
||||
Responsive grid layout
|
||||
Responsive grid layout.
|
||||
|
||||
Click → larger view (simple modal)
|
||||
Click → larger modal view.
|
||||
|
||||
No download tracking
|
||||
Image Permissions (NEW)
|
||||
|
||||
13. Legal Pages (Important)
|
||||
Guest:
|
||||
|
||||
may delete only images where:
|
||||
image.uploaded_by == current_user.id
|
||||
|
||||
Admin:
|
||||
|
||||
may delete any image
|
||||
|
||||
Every image must have:
|
||||
|
||||
visible download button
|
||||
|
||||
direct file download (no right-click dependency)
|
||||
|
||||
Optional:
|
||||
|
||||
future ZIP export of all images
|
||||
|
||||
10. Location Page Requirements
|
||||
|
||||
Must include:
|
||||
|
||||
Location name (env variable)
|
||||
|
||||
Address (env variable)
|
||||
|
||||
Google Maps embed (iframe)
|
||||
|
||||
Prominent button:
|
||||
|
||||
“Zur Location-Webseite” / “Visit Location Website”
|
||||
|
||||
target="_blank"
|
||||
rel="noopener"
|
||||
|
||||
Environment variables:
|
||||
|
||||
LOCATION_NAME
|
||||
LOCATION_ADDRESS
|
||||
LOCATION_WEBSITE_URL
|
||||
GOOGLE_MAPS_EMBED_URL
|
||||
|
||||
Google Maps Privacy Requirement
|
||||
|
||||
Google Maps must NOT load automatically.
|
||||
|
||||
Implement 2-click solution:
|
||||
|
||||
Show placeholder container
|
||||
|
||||
Display privacy notice
|
||||
“Zur Anzeige der Karte werden Daten an Google übertragen.”
|
||||
|
||||
Only after user click → load iframe dynamically
|
||||
|
||||
No global cookie banner required.
|
||||
|
||||
11. Database Schema (UPDATED)
|
||||
|
||||
Table: groups
|
||||
|
||||
id (PK)
|
||||
|
||||
name (required)
|
||||
|
||||
password_hash
|
||||
|
||||
role (guest / admin)
|
||||
|
||||
created_at
|
||||
|
||||
Table: group_members
|
||||
|
||||
id (PK)
|
||||
|
||||
group_id (FK)
|
||||
|
||||
name
|
||||
|
||||
attending (boolean, nullable)
|
||||
|
||||
Table: uploads
|
||||
|
||||
id (PK)
|
||||
|
||||
filename
|
||||
|
||||
uploaded_by (group id)
|
||||
|
||||
uploaded_at (timestamp)
|
||||
|
||||
SQLite only.
|
||||
|
||||
12. Legal Pages (Important)
|
||||
|
||||
Must implement:
|
||||
|
||||
/datenschutz
|
||||
|
||||
/impressum
|
||||
|
||||
Both:
|
||||
@@ -314,15 +413,9 @@ accessible without login (legal requirement)
|
||||
|
||||
linked in footer
|
||||
|
||||
always visible in footer
|
||||
always visible
|
||||
|
||||
No cookie banner required because:
|
||||
|
||||
only technically necessary session cookies used
|
||||
|
||||
Google Maps loaded via 2-click solution
|
||||
|
||||
14. Dependency Management Rules
|
||||
13. Dependency Management Rules
|
||||
|
||||
Use uv.
|
||||
|
||||
@@ -340,7 +433,7 @@ Docker must run:
|
||||
|
||||
uv sync --frozen --no-dev
|
||||
|
||||
15. Docker Requirements
|
||||
14. Docker Requirements
|
||||
|
||||
Base image:
|
||||
|
||||
@@ -356,36 +449,38 @@ run uv sync --frozen --no-dev
|
||||
|
||||
expose port 8000
|
||||
|
||||
start with:
|
||||
Start with:
|
||||
|
||||
uv run gunicorn -b 0.0.0.0:8000 app:app
|
||||
|
||||
Uploads + SQLite database must use persistent volumes.
|
||||
|
||||
16. Non-Goals (Strict)
|
||||
15. Non-Goals (Strict)
|
||||
|
||||
Do NOT implement:
|
||||
|
||||
Admin dashboards
|
||||
email systemsnur
|
||||
|
||||
Email systems
|
||||
|
||||
Payment systems
|
||||
payment systems
|
||||
|
||||
OAuth
|
||||
|
||||
Cloud storage
|
||||
cloud storage
|
||||
|
||||
Microservices
|
||||
microservices
|
||||
|
||||
Tracking tools
|
||||
tracking tools
|
||||
|
||||
Analytics tools
|
||||
analytics tools
|
||||
|
||||
17. Design Philosophy
|
||||
16. Design Philosophy
|
||||
|
||||
Aesthetic first, but not overengineered.
|
||||
Simple, maintainable code.
|
||||
Minimal dependencies.
|
||||
Excellent mobile UX.
|
||||
Elegant, but not playful.
|
||||
Elegant, mature, emotionally warm.
|
||||
|
||||
Not playful.
|
||||
Not corporate.
|
||||
Not overcomplex.
|
||||
Reference in New Issue
Block a user