django-core-micha 0.1.0__tar.gz

django_core_micha-0.1.0/PKG-INFO

@@ -0,0 +1,10 @@
+Metadata-Version: 2.4
+Name: django-core-micha
+Version: 0.1.0
+Summary: Core utilities and settings for Django Apps
+Author-email: Micha Bigler <micha.bigler2@gmail.com>
+Project-URL: Homepage, https://github.com/MichaBigler/webapp-management
+Requires-Python: >=3.10
+Requires-Dist: Django>=4.0
+Requires-Dist: PyYAML
+Requires-Dist: psycopg2-binary

django_core_micha-0.1.0/pyproject.toml

@@ -0,0 +1,25 @@
+[build-system]
+requires = ["setuptools>=61.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "django-core-micha"
+version = "0.1.0"
+authors = [
+  { name="Micha Bigler", email="micha.bigler2@gmail.com" },
+]
+description = "Core utilities and settings for Django Apps"
+requires-python = ">=3.10"
+dependencies = [
+    "Django>=4.0",
+    "PyYAML",
+    "psycopg2-binary",
+    # Weitere gemeinsame Libs hier (z.B. djangorestframework)
+]
+
+[project.scripts]
+# Ermöglicht Aufruf via Terminal: "generate-env"
+generate-env = "django_core.scripts.generate_env:main"
+
+[project.urls]
+Homepage = "https://github.com/MichaBigler/webapp-management"

django_core_micha-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

django_core_micha-0.1.0/src/django-core-micha/auth/adapters.py

@@ -0,0 +1,9 @@
+from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
+from django.contrib.auth import get_user_model
+
+class InvitationOnlySocialAdapter(DefaultSocialAccountAdapter):
+    def is_open_for_signup(self, request, sociallogin):
+        User = get_user_model()
+        email = sociallogin.user.email
+        # Erlaubt Login nur, wenn User schon existiert
+        return User.objects.filter(email__iexact=email).exists()

django_core_micha-0.1.0/src/django-core-micha/auth/apps.py

@@ -0,0 +1,8 @@
+from django.apps import AppConfig
+
+class CoreAuthConfig(AppConfig):
+    name = 'django_core.auth'
+    label = 'core_auth'
+
+    def ready(self):
+        import django_core.auth.signals

django_core_micha-0.1.0/src/django-core-micha/auth/models.py

@@ -0,0 +1,18 @@
+from django.db import models
+from django.conf import settings
+
+class AbstractUserProfile(models.Model):
+    """
+    Abstrakte Basisklasse. Definiert Standardfelder für alle Projekte.
+    """
+    user = models.OneToOneField(
+        settings.AUTH_USER_MODEL, 
+        on_delete=models.CASCADE, 
+        related_name="profile"
+    )
+    is_new = models.BooleanField(default=True)
+    accepted_privacy_statement = models.BooleanField(default=False)
+    accepted_convenience_cookies = models.BooleanField(default=False)
+
+    class Meta:
+        abstract = True  # WICHTIG: Erstellt keine Tabelle in der DB

django_core_micha-0.1.0/src/django-core-micha/auth/signals.py

@@ -0,0 +1,39 @@
+from django.conf import settings
+from django.db.models.signals import pre_save
+from django.dispatch import receiver
+from django.contrib.auth import get_user_model
+from allauth.socialaccount.signals import pre_social_login
+import logging
+
+logger = logging.getLogger(__name__)
+
+@receiver(pre_save, sender=settings.AUTH_USER_MODEL)
+def prevent_password_wipe(sender, instance, **kwargs):
+    # ... (Dein Code von vorhin: Password Wipe Prevention) ...
+    if instance.pk:
+        try:
+            old_user = sender.objects.get(pk=instance.pk)
+            has_old_pw = old_user.password and not old_user.password.startswith('!')
+            is_wiping_pw = not instance.password or instance.password.startswith('!')
+
+            if has_old_pw and is_wiping_pw:
+                instance.password = old_user.password
+                logger.info(f"Prevented password wipe for user {instance.email}")
+        except sender.DoesNotExist:
+            pass
+
+@receiver(pre_social_login)
+def force_auto_connect_on_email_match(sender, request, sociallogin, **kwargs):
+    # ... (Dein Code von vorhin: Force Auto Connect) ...
+    if sociallogin.is_existing or not sociallogin.email_addresses:
+        return
+    
+    social_email = sociallogin.email_addresses[0].email
+    User = get_user_model()
+
+    try:
+        user = User.objects.get(email__iexact=social_email)
+        sociallogin.connect(request, user)
+        logger.info(f"Auto-connected social account for {social_email}")
+    except User.DoesNotExist:
+        pass

django_core_micha-0.1.0/src/django-core-micha/invitations/apps.py

@@ -0,0 +1,7 @@
+from django.apps import AppConfig
+
+
+class InvitationsCoreConfig(AppConfig):
+    name = "django_core.invitations"
+    label = "django_core_invitations"
+    verbose_name = "Core Invitations"

django_core_micha-0.1.0/src/django-core-micha/invitations/emails.py

@@ -0,0 +1,60 @@
+# django_core/invitations/emails.py
+from django.conf import settings
+from django.core.mail import EmailMessage
+from django.template.loader import render_to_string
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def send_invite_or_reset_email(*, user, url, is_new_user: bool) -> None:
+    """
+    Generic helper: nimmt User + Link, holt sich Texte aus Templates
+    und schickt die Mail raus.
+    """
+
+    ctx = {
+        "user": user,
+        "url": url,
+        "is_new_user": is_new_user,
+    }
+
+    # 1) Subjekt
+    if is_new_user:
+        subject_template = "invitations/invite_subject.txt"
+        body_template = "invitations/invite_body.txt"
+    else:
+        subject_template = "invitations/reset_subject.txt"
+        body_template = "invitations/reset_body.txt"
+
+    try:
+        subject = render_to_string(subject_template, ctx).strip()
+        body = render_to_string(body_template, ctx)
+    except Exception:
+        # Fallback, falls Templates fehlen (z. B. im frühen Setup)
+        if is_new_user:
+            subject = "Willkommen"
+            body = f"Hallo,\n\nbitte setze dein Passwort hier:\n{url}\n"
+        else:
+            subject = "Passwort zurücksetzen"
+            body = f"Hallo,\n\nbitte setze dein Passwort hier:\n{url}\n"
+
+    if getattr(settings, "ENV_TYPE", "") == "development":
+        logger.info("[DEV] Invite/Reset-Mail an %s: %s", user.email, url)
+        return
+
+    from_email = getattr(settings, "INVITATIONS_FROM_EMAIL", None)
+    reply_to = getattr(settings, "INVITATIONS_REPLY_TO", None)
+
+    headers = {}
+    if reply_to:
+        headers["Reply-To"] = reply_to
+
+    email = EmailMessage(
+        subject=subject,
+        body=body,
+        from_email=from_email,  # None → DEFAULT_FROM_EMAIL
+        to=[user.email],
+        headers=headers,
+    )
+    email.send(fail_silently=False)

django_core_micha-0.1.0/src/django-core-micha/invitations/mixins.py

@@ -0,0 +1,188 @@
+# django_core/invitations/mixins.py
+
+from django.contrib.auth import get_user_model
+from django.contrib.auth.tokens import default_token_generator
+from django.utils.encoding import force_bytes
+from django.utils.http import urlsafe_base64_encode
+
+from rest_framework import status
+from rest_framework.decorators import action
+from rest_framework.permissions import AllowAny, IsAuthenticated
+from rest_framework.response import Response
+
+from .serializers import InviteUserSerializer
+from .emails import send_invite_or_reset_email
+
+User = get_user_model()
+
+
+class InviteActionsMixin:
+    """
+    Mixin für dein UserViewSet:
+
+    - POST /api/users/invite/          → Einladung (neu oder bestehend)
+    - POST /api/users/reset-request/   → Passwort vergessen (für bestehende User)
+    - GET  /api/users/<pk>/invite-link/ → Invite-Link für Admins
+
+    Erwartet:
+      - user.profile.is_new (optional)
+      - user.profile.is_invited (optional)
+      - user.profile.role mit Wert "admin" für Admin-Erkennung
+    """
+
+    invite_serializer_class = InviteUserSerializer
+
+    def _get_invite_serializer(self, *args, **kwargs):
+        return self.invite_serializer_class(*args, **kwargs)
+
+    def _mark_invited_profile(self, user, *, created: bool) -> None:
+        profile = getattr(user, "profile", None)
+        if not profile:
+            return
+
+        if created and hasattr(profile, "is_new"):
+            profile.is_new = True
+
+        if hasattr(profile, "is_invited"):
+            profile.is_invited = True
+
+        profile.save()
+
+    def _is_admin_or_superuser(self, user) -> bool:
+        if not user or not user.is_authenticated:
+            return False
+        if user.is_superuser:
+            return True
+        profile = getattr(user, "profile", None)
+        return bool(profile and getattr(profile, "role", None) == "admin")
+
+    def _build_frontend_url(self, request, user, *, is_new_user: bool) -> str:
+        """
+        Baut den Link, der im E-Mail landet,
+        z.B. https://template.bigler-consult.ch/invite/<uid>/<token>/
+             oder https://template.bigler-consult.ch/reset/<uid>/<token>/
+        """
+        token = default_token_generator.make_token(user)
+        uid = urlsafe_base64_encode(force_bytes(user.pk))
+
+        base = request.build_absolute_uri("/").rstrip("/")  # https://domain.tld
+        if is_new_user:
+            path = f"/invite/{uid}/{token}/"
+        else:
+            path = f"/reset/{uid}/{token}/"
+
+        return f"{base}{path}"
+
+    # ------------------------------------------------------------------ #
+    # 1) Öffentlicher/Admin-Invite
+    # ------------------------------------------------------------------ #
+    @action(
+        detail=False,
+        methods=["post"],
+        url_path="invite",
+        authentication_classes=[],
+        permission_classes=[AllowAny],
+    )
+    def invite(self, request):
+        """
+        - nicht eingeloggt: User lädt sich selbst ein (Email → Link setzen Passwort)
+        - eingeloggt + Admin: Admin lädt beliebige Email-Adresse ein
+        """
+        serializer = self._get_invite_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        email = serializer.validated_data["email"]
+
+        # Admin-Check bei eingeloggtem User
+        if request.user and request.user.is_authenticated:
+            if not self._is_admin_or_superuser(request.user):
+                return Response(
+                    {"detail": "Permission denied."},
+                    status=status.HTTP_403_FORBIDDEN,
+                )
+
+        user, created = User.objects.get_or_create(
+            email=email,
+            defaults={"username": email},
+        )
+
+        self._mark_invited_profile(user, created=created)
+        url = self._build_frontend_url(request, user, is_new_user=True)
+
+        # WICHTIG: kein "request=" mehr, nur user/url/is_new_user
+        send_invite_or_reset_email(
+            user=user,
+            url=url,
+            is_new_user=True,
+        )
+
+        return Response(
+            {"detail": f"Invitation sent to {email}", "created": created},
+            status=status.HTTP_201_CREATED,
+        )
+
+    # ------------------------------------------------------------------ #
+    # 2) Passwort-vergessen-Flow
+    # ------------------------------------------------------------------ #
+    @action(
+        detail=False,
+        methods=["post"],
+        url_path="reset-request",
+        permission_classes=[AllowAny],
+        authentication_classes=[],
+    )
+    def reset_request(self, request):
+        """
+        Vergisst Passwort: schickt Reset-Link an bestehende Email.
+        Nutzt denselben Template-Mechanismus wie Invite,
+        aber mit is_new_user=False → andere Texte/Templates möglich.
+        """
+        email = request.data.get("email")
+        if not email:
+            return Response(
+                {"detail": "Email not provided."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        try:
+            user = User.objects.get(email=email)
+        except User.DoesNotExist:
+            # Entweder 200 zurückgeben (nicht leaken) oder wie bisher 400:
+            return Response(
+                {"detail": "User not found."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        url = self._build_frontend_url(request, user, is_new_user=False)
+
+        send_invite_or_reset_email(
+            user=user,
+            url=url,
+            is_new_user=False,
+        )
+
+        return Response(
+            {"detail": f"Ein Link wurde an deine Mail-Adresse {email} geschickt"},
+            status=status.HTTP_200_OK,
+        )
+
+    # ------------------------------------------------------------------ #
+    # 3) Invite-Link für Admins (z.B. im Admin-UI anzeigen)
+    # ------------------------------------------------------------------ #
+    @action(
+        detail=True,
+        methods=["get"],
+        url_path="invite-link",
+        permission_classes=[IsAuthenticated],
+    )
+    def invite_link(self, request, pk=None):
+        user = self.get_object()
+
+        if not self._is_admin_or_superuser(request.user):
+            return Response(
+                {"detail": "Permission denied."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
+        url = self._build_frontend_url(request, user, is_new_user=True)
+
+        return Response({"invite_link": url}, status=status.HTTP_200_OK)

django_core_micha-0.1.0/src/django-core-micha/invitations/serializers.py

@@ -0,0 +1,6 @@
+from rest_framework import serializers
+
+
+class InviteUserSerializer(serializers.Serializer):
+    """Simple serializer holding the invite target email address."""
+    email = serializers.EmailField()

django_core_micha-0.1.0/src/django-core-micha/invitations/views.py

@@ -0,0 +1,87 @@
+# webapp_management/invitations/views.py
+
+from django.contrib.auth import get_user_model
+from django.contrib.auth.tokens import default_token_generator
+from django.utils.encoding import force_str
+from django.utils.http import urlsafe_base64_decode
+
+from rest_framework.views import APIView
+from rest_framework.permissions import AllowAny
+from rest_framework.response import Response
+from rest_framework import status
+
+User = get_user_model()
+
+
+class NonAuthenticatedPasswordResetView(APIView):
+    """
+    Finale Schritt des Reset-/Invite-Flows:
+      - GET  → prüft, ob UID+Token gültig sind
+      - POST → setzt neues Passwort (ohne eingeloggt zu sein)
+
+    Typischer Ablauf im Frontend:
+      1. User klickt Link aus Mail (z.B. /reset/<uid>/<token>/ oder /invite/<uid>/<token>/)
+      2. SPA liest uid & token aus der URL
+      3. SPA ruft:
+         - GET  /api/.../reset/<uid>/<token>/   → "valid?" check
+         - POST /api/.../reset/<uid>/<token>/   → neues Passwort setzen
+    """
+
+    permission_classes = [AllowAny]
+
+    # Texte kannst du in einem Subclass pro Projekt überschreiben
+    link_valid_message = "Reset link is valid."
+    link_invalid_message = "Reset link is invalid."
+    missing_password_message = "Neues Passwort wurde nicht angegeben."
+    invalid_link_message = "Reset link is invalid."
+    success_message = "Passwort erfolgreich geändert."
+
+    def get_user_from_uid(self, uidb64):
+        try:
+            uid = force_str(urlsafe_base64_decode(uidb64))
+            return User.objects.get(pk=uid)
+        except Exception:
+            return None
+
+    def get(self, request, uidb64, token, *args, **kwargs):
+        """
+        Prüft, ob der Link (UID+Token) noch gültig ist.
+        """
+        user = self.get_user_from_uid(uidb64)
+        if user and default_token_generator.check_token(user, token):
+            return Response({"detail": self.link_valid_message})
+        return Response(
+            {"detail": self.link_invalid_message},
+            status=status.HTTP_400_BAD_REQUEST,
+        )
+
+    def post(self, request, uidb64, token, *args, **kwargs):
+        """
+        Setzt das neue Passwort für den User mit UID+Token.
+        """
+        new_pw = request.data.get("new_password")
+        if not new_pw:
+            return Response(
+                {"detail": self.missing_password_message},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        user = self.get_user_from_uid(uidb64)
+        if not user:
+            return Response(
+                {"detail": self.invalid_link_message},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        if not default_token_generator.check_token(user, token):
+            return Response(
+                {"detail": self.link_invalid_message},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        user.set_password(new_pw)
+        if hasattr(user, "is_active"):
+            user.is_active = True
+        user.save()
+
+        return Response({"detail": self.success_message})

django_core_micha-0.1.0/src/django-core-micha/scripts/generate_env.py

@@ -0,0 +1,204 @@
+#!/usr/bin/env python3
+import argparse
+import os
+import sys
+import yaml # pip install PyYAML
+
+def get_secret(key, default=None, required=False):
+    """Retrieves a secret from env vars (CI) or returns default."""
+    val = os.environ.get(key, default)
+    if required and not val:
+        print(f"❌ Error: Secret '{key}' is required but not set in environment.")
+        sys.exit(1)
+    return val
+
+def write_env_file(path, lines):
+    """Helper to write the list of lines to the .env file."""
+    try:
+        with open(path, "w") as f:
+            f.write("\n".join(lines))
+            f.write("\n")
+        print(f"✅ Successfully wrote {path}")
+    except Exception as e:
+        print(f"❌ Error writing file: {e}")
+        sys.exit(1)
+
+def generate_env(env_name, config_path="project.yaml", output_path=".env"):
+    print(f"⚙️  Generating .env for environment: {env_name}")
+    
+    if not os.path.exists(config_path):
+        print(f"❌ Error: Config file '{config_path}' not found.")
+        sys.exit(1)
+
+    with open(config_path, "r") as f:
+        config = yaml.safe_load(f)
+
+    project_type = config.get("project_type", "django")
+
+    # 1. Validate Environment exists in YAML
+    if env_name not in config.get("environments", {}):
+        if env_name == "local" and project_type == "infrastructure":
+            print("ℹ️  Infrastructure app does not require local .env generation. Exiting.")
+            sys.exit(0)
+            
+        print(f"❌ Error: Environment '{env_name}' not found in {config_path}")
+        sys.exit(1)
+
+    env_config = config["environments"][env_name]
+    env_overrides = env_config.get("env_overrides", {})
+    env_content = []
+
+    # ==========================================
+    # MODE A: INFRASTRUCTURE
+    # ==========================================
+    if project_type == "infrastructure":
+        print("🏗️  Generating Infrastructure .env")
+        # [Infrastructure logic omitted for brevity - logic remains identical]
+        domain_map = env_config.get("domains", {})
+        for var_name, domain in domain_map.items():
+            env_content.append(f"{var_name}={domain}")
+
+        infra_secrets = ["TRAEFIK_DASHBOARD_AUTH", "ACME_EMAIL", "WG_SERVERURL", "WG_PEERS"]
+        for secret in infra_secrets:
+            if secret in env_overrides:
+                val = env_overrides[secret]
+            else:
+                val = get_secret(secret, required=False)
+            
+            if val:
+                if secret == "TRAEFIK_DASHBOARD_AUTH": val = val.replace("$", "$$")
+                env_content.append(f"{secret}={val}")
+
+        env_content.append(f"CONTAINER_NAME_PREFIX={config.get('container_prefix', 'infra')}")
+        write_env_file(output_path, env_content)
+        return
+
+    # ==========================================
+    # MODE B: STANDARD DJANGO APP
+    # ==========================================
+    domains = env_config.get("domains", [])
+    use_traefik = env_config.get("use_traefik", False)
+    is_local = (env_name == "local")
+    local_defaults = env_config.get("defaults", {})
+
+    def resolve(key, required_in_prod=True):
+        if key in env_overrides: return env_overrides[key]
+        if is_local: return local_defaults.get(key, "")
+        return get_secret(key, required=required_in_prod)
+
+    # --- Database ---
+    env_content.append(f"# --- Database ---")
+    env_content.append(f"DB_USER={resolve('DB_USER')}")
+    env_content.append(f"DB_PASSWORD={resolve('DB_PASSWORD')}")
+    env_content.append(f"DB_NAME={resolve('DB_NAME')}")
+    env_content.append(f"DB_HOST={resolve('DB_HOST')}")
+    env_content.append(f"DB_PORT={resolve('DB_PORT')}")
+
+    # --- Django ---
+    env_content.append(f"\n# --- Django ---")
+    env_content.append(f"DJANGO_SECRET_KEY={resolve('DJANGO_SECRET_KEY', required_in_prod=True)}")
+    env_content.append(f"PIP_TOKEN={resolve('PIP_TOKEN', required_in_prod=True)}")
+    env_content.append(f"ENV_TYPE={env_name}")
+    debug_val = resolve('DEBUG', required_in_prod=False)
+    env_content.append(f"DEBUG={debug_val or 'False'}")
+
+    # --- Mail ---
+    env_content.append(f"\n# --- Mail ---")
+    if is_local:
+        env_content.append("EMAIL_BACKEND=django.core.mail.backends.console.EmailBackend")
+    else:
+        env_content.append(f"EMAIL_HOST={resolve('EMAIL_HOST', required_in_prod=False)}")
+        env_content.append(f"EMAIL_PORT={resolve('EMAIL_PORT', required_in_prod=False)}")
+        env_content.append(f"EMAIL_USE_TLS={resolve('EMAIL_USE_TLS', required_in_prod=False)}")
+        env_content.append(f"EMAIL_USER={resolve('EMAIL_USER', required_in_prod=False)}")
+        env_content.append(f"EMAIL_PASSWORD={resolve('EMAIL_PASSWORD', required_in_prod=False)}")
+        env_content.append(f"DEFAULT_FROM_EMAIL={resolve('EMAIL_USER', required_in_prod=False)}")
+
+    ex_key = resolve("EXCHANGERATE_HOST_KEY", required_in_prod=False)
+    if ex_key:
+        env_content.append(f"EXCHANGERATE_HOST_KEY={ex_key}")
+
+    # --- Infrastructure ---
+    env_content.append(f"\n# --- Infrastructure ---")
+    
+    # Fetch the base prefix (now "jg_ferien")
+    base_prefix = config.get("container_prefix", "app")
+    
+    # Logic: Construct the full prefix based on environment
+    if env_name == "staging":
+        ctr_prefix = f"{base_prefix}_stage"
+    elif env_name == "production":
+        ctr_prefix = f"{base_prefix}_prod"
+    else:
+        # Fallback for local or other environments
+        ctr_prefix = base_prefix
+    
+    env_content.append(f"CONTAINER_NAME_PREFIX={ctr_prefix}")
+    env_content.append(f"ROUTER_NAME={config.get('project_name')}-{env_name}")
+
+    # --- VOLUMES (New Section) ---
+    vol_config = env_config.get("volumes", {})
+    
+    def get_vol_name(key, default_name):
+        val = vol_config.get(key)
+        # Handle dict format (e.g., {external: true, name: 'foo'})
+        if isinstance(val, dict):
+            return val.get("name", default_name)
+        # Handle simple string format or None
+        return val if val else default_name
+
+    db_vol = get_vol_name("postgres_data", f"{ctr_prefix}_postgres_data")
+    media_vol = get_vol_name("media_volume", f"{ctr_prefix}_media_volume")
+    excel_vol = get_vol_name("excel_volume", f"{ctr_prefix}_excel_volume")
+
+    env_content.append(f"DB_VOLUME_NAME={db_vol}")
+    env_content.append(f"MEDIA_VOLUME_NAME={media_vol}")
+    env_content.append(f"EXCEL_VOLUME_NAME={excel_vol}")
+
+    # --- Network ---
+    main_domain = domains[0] if domains else "localhost"
+    env_content.append(f"DJANGO_ALLOWED_HOSTS={','.join(domains)}")
+    protocol = "https" if use_traefik else "http"
+    csrf_urls = [f"{protocol}://{d}" for d in domains]
+    if is_local:
+        csrf_urls.extend(["http://localhost:3000", "http://127.0.0.1:3000"])
+        
+    env_content.append(f"CSRF_TRUSTED_URLS={','.join(csrf_urls)}")
+    env_content.append(f"PUBLIC_ORIGIN={protocol}://{main_domain}")
+
+    if use_traefik:
+        rules = [f"Host(`{d}`)" for d in domains]
+        env_content.append(f"TRAEFIK_ROUTER_RULE={' || '.join(rules)}")
+    else:
+        env_content.append("TRAEFIK_ROUTER_RULE=Host(`localhost`)")
+
+    root_mod = config.get("root_module", "project_template_app")
+    env_content.append(f"DJANGO_ROOT_MODULE={root_mod}")
+    
+    # --- Auth / Social Secrets ---
+    env_content.append(f"\n# --- Social Auth ---")
+    # Google
+    env_content.append(f"GOOGLE_CLIENT_ID={resolve('GOOGLE_CLIENT_ID', required_in_prod=False)}")
+    env_content.append(f"GOOGLE_SECRET={resolve('GOOGLE_SECRET', required_in_prod=False)}")
+    # Microsoft
+    env_content.append(f"MICROSOFT_CLIENT_ID={resolve('MICROSOFT_CLIENT_ID', required_in_prod=False)}")
+    env_content.append(f"MICROSOFT_SECRET={resolve('MICROSOFT_SECRET', required_in_prod=False)}")
+    env_content.append(f"MICROSOFT_TENANT_ID={resolve('MICROSOFT_TENANT_ID', required_in_prod=False)}")
+
+    write_env_file(output_path, env_content)
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--env", required=True, help="Environment (production, staging, local)")
+    # Default output ist nun das aktuelle Verzeichnis, wo der Befehl ausgeführt wird
+    parser.add_argument("--output", default=".env", help="Output file path")
+    # Optional: Config-Pfad konfigurierbar machen, default auf aktuelles Dir
+    parser.add_argument("--config", default="project.yaml", help="Path to project.yaml")
+    
+    args = parser.parse_args()
+    
+    # Übergib args.config an generate_env
+    generate_env(args.env, config_path=args.config, output_path=args.output)
+
+if __name__ == "__main__":
+    main()

django_core_micha-0.1.0/src/django_core_micha.egg-info/PKG-INFO

@@ -0,0 +1,10 @@
+Metadata-Version: 2.4
+Name: django-core-micha
+Version: 0.1.0
+Summary: Core utilities and settings for Django Apps
+Author-email: Micha Bigler <micha.bigler2@gmail.com>
+Project-URL: Homepage, https://github.com/MichaBigler/webapp-management
+Requires-Python: >=3.10
+Requires-Dist: Django>=4.0
+Requires-Dist: PyYAML
+Requires-Dist: psycopg2-binary

django_core_micha-0.1.0/src/django_core_micha.egg-info/SOURCES.txt

@@ -0,0 +1,24 @@
+README.md
+pyproject.toml
+src/django-core-micha/__init__.py
+src/django-core-micha/auth/__init__.py
+src/django-core-micha/auth/adapters.py
+src/django-core-micha/auth/apps.py
+src/django-core-micha/auth/models.py
+src/django-core-micha/auth/signals.py
+src/django-core-micha/invitations/__init__.py
+src/django-core-micha/invitations/apps.py
+src/django-core-micha/invitations/emails.py
+src/django-core-micha/invitations/mixins.py
+src/django-core-micha/invitations/serializers.py
+src/django-core-micha/invitations/views.py
+src/django-core-micha/scripts/__init__.py
+src/django-core-micha/scripts/generate_env.py
+src/django-core-micha/settings/__init__.py
+src/django-core-micha/settings/defaults.py
+src/django_core_micha.egg-info/PKG-INFO
+src/django_core_micha.egg-info/SOURCES.txt
+src/django_core_micha.egg-info/dependency_links.txt
+src/django_core_micha.egg-info/entry_points.txt
+src/django_core_micha.egg-info/requires.txt
+src/django_core_micha.egg-info/top_level.txt

django_core_micha-0.1.0/src/django_core_micha.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

django_core_micha-0.1.0/src/django_core_micha.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+generate-env = django_core.scripts.generate_env:main

django_core_micha-0.1.0/src/django_core_micha.egg-info/requires.txt

@@ -0,0 +1,3 @@
+Django>=4.0
+PyYAML
+psycopg2-binary

django_core_micha-0.1.0/src/django_core_micha.egg-info/top_level.txt

@@ -0,0 +1,2 @@
+django-core-micha
+ui_core