Benjamin_Boenisch/breakpilot-pwa
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-02-15. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
00f778ca9b234355a5212a5cd66fe728d4359fb7
breakpilot-pwa/docs-site/architecture/auth-system/index.html
BreakPilot Dev 557305db5d
Some checks failed
ci/woodpecker/push/integration Pipeline failed
Details
ci/woodpecker/push/main Pipeline failed
Details
CI/CD Pipeline / Go Tests (push) Has been cancelled
Details
CI/CD Pipeline / Python Tests (push) Has been cancelled
Details
CI/CD Pipeline / Website Tests (push) Has been cancelled
Details
CI/CD Pipeline / Linting (push) Has been cancelled
Details
CI/CD Pipeline / Security Scan (push) Has been cancelled
Details
CI/CD Pipeline / Docker Build & Push (push) Has been cancelled
Details
CI/CD Pipeline / Integration Tests (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details
CI/CD Pipeline / CI Summary (push) Has been cancelled
Details
Security Scanning / Secret Scanning (push) Has been cancelled
Details
Security Scanning / Dependency Vulnerability Scan (push) Has been cancelled
Details
Security Scanning / Go Security Scan (push) Has been cancelled
Details
Security Scanning / Python Security Scan (push) Has been cancelled
Details
Security Scanning / Node.js Security Scan (push) Has been cancelled
Details
Security Scanning / Docker Image Security (push) Has been cancelled
Details
Security Scanning / Security Summary (push) Has been cancelled
Details
Tests / Go Tests (push) Has been cancelled
Details
Tests / Python Tests (push) Has been cancelled
Details
Tests / Integration Tests (push) Has been cancelled
Details
Tests / Go Lint (push) Has been cancelled
Details
Tests / Python Lint (push) Has been cancelled
Details
Tests / Security Scan (push) Has been cancelled
Details
Tests / All Checks Passed (push) Has been cancelled
Details
feat: Add Academy, Whistleblower, Incidents SDK modules, pitch-deck, blog and CI/CD config 
- Academy, Whistleblower, Incidents frontend pages with API proxies and types
- Vendor compliance API proxy route
- Go backend handlers and models for all new SDK modules
- Investor pitch-deck app with interactive slides
- Blog section with DSGVO, AI Act, NIS2, glossary articles
- MkDocs documentation site
- CI/CD pipelines (Woodpecker, GitHub Actions), security scanning config
- Planning and implementation documentation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 21:12:16 +01:00

2896 lines
78 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="de" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="canonical" href="https://macmini:8008/architecture/auth-system/">
<link rel="prev" href="../system-architecture/">
<link rel="next" href="../mail-rbac-architecture/">
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.1">
<title>Auth-System - Breakpilot Dokumentation</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.484c7ddc.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.ab4e12ef.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="teal" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#breakpilot-authentifizierung-autorisierung" class="md-skip">
Zum Inhalt
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Kopfzeile">
<a href="../.." title="Breakpilot Dokumentation" class="md-header__button md-logo" aria-label="Breakpilot Dokumentation" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Breakpilot Dokumentation
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Auth-System
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="" data-md-color-scheme="default" data-md-color-primary="teal" data-md-color-accent="indigo" aria-label="Dark Mode aktivieren" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Dark Mode aktivieren" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
</label>
<input class="md-option" data-md-color-media="" data-md-color-scheme="slate" data-md-color-primary="teal" data-md-color-accent="indigo" aria-label="Light Mode aktivieren" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Light Mode aktivieren" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
</label>
</form>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Suche" placeholder="Suche" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Suche">
<button type="reset" class="md-search__icon md-icon" title="Zurücksetzen" aria-label="Zurücksetzen" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
<div class="md-search__suggest" data-md-component="search-suggest"></div>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Suche wird initialisiert
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<nav class="md-tabs" aria-label="Hauptnavigation" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../.." class="md-tabs__link">
Start
</a>
</li>
<li class="md-tabs__item">
<a href="../../getting-started/environment-setup/" class="md-tabs__link">
Erste Schritte
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../system-architecture/" class="md-tabs__link">
Architektur
</a>
</li>
<li class="md-tabs__item">
<a href="../../services/ki-daten-pipeline/" class="md-tabs__link">
Services
</a>
</li>
<li class="md-tabs__item">
<a href="../../api/backend-api/" class="md-tabs__link">
API
</a>
</li>
<li class="md-tabs__item">
<a href="../../development/testing/" class="md-tabs__link">
Entwicklung
</a>
</li>
</ul>
</div>
</nav>
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="Breakpilot Dokumentation" class="md-nav__button md-logo" aria-label="Breakpilot Dokumentation" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
</a>
Breakpilot Dokumentation
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
<span class="md-ellipsis">
Start
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-ellipsis">
Erste Schritte
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Erste Schritte
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../getting-started/environment-setup/" class="md-nav__link">
<span class="md-ellipsis">
Umgebung einrichten
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../getting-started/mac-mini-setup/" class="md-nav__link">
<span class="md-ellipsis">
Mac Mini Setup
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked>
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="">
<span class="md-ellipsis">
Architektur
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Architektur
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../system-architecture/" class="md-nav__link">
<span class="md-ellipsis">
Systemuebersicht
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Auth-System
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Auth-System
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Inhaltsverzeichnis">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Inhaltsverzeichnis
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#uebersicht" class="md-nav__link">
<span class="md-ellipsis">
Uebersicht
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#warum-dieser-ansatz" class="md-nav__link">
<span class="md-ellipsis">
Warum dieser Ansatz?
</span>
</a>
<nav class="md-nav" aria-label="Warum dieser Ansatz?">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#alternative-loesungen-verworfen" class="md-nav__link">
<span class="md-ellipsis">
Alternative Loesungen (verworfen)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#vorteile-des-hybrid-ansatzes" class="md-nav__link">
<span class="md-ellipsis">
Vorteile des Hybrid-Ansatzes
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#authentifizierung-authkeycloak_authpy" class="md-nav__link">
<span class="md-ellipsis">
Authentifizierung (auth/keycloak_auth.py)
</span>
</a>
<nav class="md-nav" aria-label="Authentifizierung (auth/keycloak_auth.py)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#konfiguration" class="md-nav__link">
<span class="md-ellipsis">
Konfiguration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#token-erkennung" class="md-nav__link">
<span class="md-ellipsis">
Token-Erkennung
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#fastapi-integration" class="md-nav__link">
<span class="md-ellipsis">
FastAPI Integration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#autorisierung-klausur-servicebackendrbacpy" class="md-nav__link">
<span class="md-ellipsis">
Autorisierung (klausur-service/backend/rbac.py)
</span>
</a>
<nav class="md-nav" aria-label="Autorisierung (klausur-service/backend/rbac.py)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#rollen-15" class="md-nav__link">
<span class="md-ellipsis">
Rollen (15+)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#ressourcentypen-25" class="md-nav__link">
<span class="md-ellipsis">
Ressourcentypen (25+)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#aktionen-17" class="md-nav__link">
<span class="md-ellipsis">
Aktionen (17)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#permission-pruefung" class="md-nav__link">
<span class="md-ellipsis">
Permission-Pruefung
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#bundesland-spezifische-policies" class="md-nav__link">
<span class="md-ellipsis">
Bundesland-spezifische Policies
</span>
</a>
<nav class="md-nav" aria-label="Bundesland-spezifische Policies">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#beispiel-niedersachsen" class="md-nav__link">
<span class="md-ellipsis">
Beispiel: Niedersachsen
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#workflow-beispiele" class="md-nav__link">
<span class="md-ellipsis">
Workflow-Beispiele
</span>
</a>
<nav class="md-nav" aria-label="Workflow-Beispiele">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#klausurkorrektur-workflow" class="md-nav__link">
<span class="md-ellipsis">
Klausurkorrektur-Workflow
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#zeugnis-workflow" class="md-nav__link">
<span class="md-ellipsis">
Zeugnis-Workflow
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#dateien" class="md-nav__link">
<span class="md-ellipsis">
Dateien
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#konfiguration_1" class="md-nav__link">
<span class="md-ellipsis">
Konfiguration
</span>
</a>
<nav class="md-nav" aria-label="Konfiguration">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#entwicklung-ohne-keycloak" class="md-nav__link">
<span class="md-ellipsis">
Entwicklung (ohne Keycloak)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#produktion-mit-keycloak" class="md-nav__link">
<span class="md-ellipsis">
Produktion (mit Keycloak)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#sicherheitshinweise" class="md-nav__link">
<span class="md-ellipsis">
Sicherheitshinweise
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../mail-rbac-architecture/" class="md-nav__link">
<span class="md-ellipsis">
Mail-RBAC
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../multi-agent/" class="md-nav__link">
<span class="md-ellipsis">
Multi-Agent
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../secrets-management/" class="md-nav__link">
<span class="md-ellipsis">
Secrets Management
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../devsecops/" class="md-nav__link">
<span class="md-ellipsis">
DevSecOps
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../sdk-protection/" class="md-nav__link">
<span class="md-ellipsis">
SDK Protection
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../environments/" class="md-nav__link">
<span class="md-ellipsis">
Environments
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../zeugnis-system/" class="md-nav__link">
<span class="md-ellipsis">
Zeugnis-System
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
<span class="md-ellipsis">
Services
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Services
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_1" >
<label class="md-nav__link" for="__nav_4_1" id="__nav_4_1_label" tabindex="0">
<span class="md-ellipsis">
KI-Daten-Pipeline
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_1">
<span class="md-nav__icon md-icon"></span>
KI-Daten-Pipeline
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../services/ki-daten-pipeline/" class="md-nav__link">
<span class="md-ellipsis">
Uebersicht
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/ki-daten-pipeline/architecture/" class="md-nav__link">
<span class="md-ellipsis">
Architektur
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_2" >
<label class="md-nav__link" for="__nav_4_2" id="__nav_4_2_label" tabindex="0">
<span class="md-ellipsis">
Klausur-Service
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_2">
<span class="md-nav__icon md-icon"></span>
Klausur-Service
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../services/klausur-service/" class="md-nav__link">
<span class="md-ellipsis">
Uebersicht
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/klausur-service/byoeh-system-erklaerung/" class="md-nav__link">
<span class="md-ellipsis">
BYOEH Systemerklaerung
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/klausur-service/BYOEH-Architecture/" class="md-nav__link">
<span class="md-ellipsis">
BYOEH Architektur
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/klausur-service/BYOEH-Developer-Guide/" class="md-nav__link">
<span class="md-ellipsis">
BYOEH Developer Guide
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/klausur-service/NiBiS-Ingestion-Pipeline/" class="md-nav__link">
<span class="md-ellipsis">
NiBiS Pipeline
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/klausur-service/OCR-Labeling-Spec/" class="md-nav__link">
<span class="md-ellipsis">
OCR Labeling
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/klausur-service/OCR-Compare/" class="md-nav__link">
<span class="md-ellipsis">
OCR Compare
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/klausur-service/RAG-Admin-Spec/" class="md-nav__link">
<span class="md-ellipsis">
RAG Admin
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/klausur-service/Worksheet-Editor-Architecture/" class="md-nav__link">
<span class="md-ellipsis">
Worksheet Editor
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../services/voice-service/" class="md-nav__link">
<span class="md-ellipsis">
Voice-Service
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/agent-core/" class="md-nav__link">
<span class="md-ellipsis">
Agent-Core
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_5" >
<label class="md-nav__link" for="__nav_4_5" id="__nav_4_5_label" tabindex="0">
<span class="md-ellipsis">
AI-Compliance-SDK
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_5">
<span class="md-nav__icon md-icon"></span>
AI-Compliance-SDK
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../services/ai-compliance-sdk/" class="md-nav__link">
<span class="md-ellipsis">
Uebersicht
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/ai-compliance-sdk/ARCHITECTURE/" class="md-nav__link">
<span class="md-ellipsis">
Architektur
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/ai-compliance-sdk/DEVELOPER/" class="md-nav__link">
<span class="md-ellipsis">
Developer Guide
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/ai-compliance-sdk/AUDITOR_DOCUMENTATION/" class="md-nav__link">
<span class="md-ellipsis">
Auditor Dokumentation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../services/ai-compliance-sdk/SBOM/" class="md-nav__link">
<span class="md-ellipsis">
SBOM
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
API
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
API
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../api/backend-api/" class="md-nav__link">
<span class="md-ellipsis">
Backend API
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
Entwicklung
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
Entwicklung
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../development/testing/" class="md-nav__link">
<span class="md-ellipsis">
Testing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../development/documentation/" class="md-nav__link">
<span class="md-ellipsis">
Dokumentation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../development/ci-cd-pipeline/" class="md-nav__link">
<span class="md-ellipsis">
CI/CD Pipeline
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Inhaltsverzeichnis">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Inhaltsverzeichnis
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#uebersicht" class="md-nav__link">
<span class="md-ellipsis">
Uebersicht
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#warum-dieser-ansatz" class="md-nav__link">
<span class="md-ellipsis">
Warum dieser Ansatz?
</span>
</a>
<nav class="md-nav" aria-label="Warum dieser Ansatz?">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#alternative-loesungen-verworfen" class="md-nav__link">
<span class="md-ellipsis">
Alternative Loesungen (verworfen)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#vorteile-des-hybrid-ansatzes" class="md-nav__link">
<span class="md-ellipsis">
Vorteile des Hybrid-Ansatzes
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#authentifizierung-authkeycloak_authpy" class="md-nav__link">
<span class="md-ellipsis">
Authentifizierung (auth/keycloak_auth.py)
</span>
</a>
<nav class="md-nav" aria-label="Authentifizierung (auth/keycloak_auth.py)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#konfiguration" class="md-nav__link">
<span class="md-ellipsis">
Konfiguration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#token-erkennung" class="md-nav__link">
<span class="md-ellipsis">
Token-Erkennung
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#fastapi-integration" class="md-nav__link">
<span class="md-ellipsis">
FastAPI Integration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#autorisierung-klausur-servicebackendrbacpy" class="md-nav__link">
<span class="md-ellipsis">
Autorisierung (klausur-service/backend/rbac.py)
</span>
</a>
<nav class="md-nav" aria-label="Autorisierung (klausur-service/backend/rbac.py)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#rollen-15" class="md-nav__link">
<span class="md-ellipsis">
Rollen (15+)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#ressourcentypen-25" class="md-nav__link">
<span class="md-ellipsis">
Ressourcentypen (25+)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#aktionen-17" class="md-nav__link">
<span class="md-ellipsis">
Aktionen (17)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#permission-pruefung" class="md-nav__link">
<span class="md-ellipsis">
Permission-Pruefung
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#bundesland-spezifische-policies" class="md-nav__link">
<span class="md-ellipsis">
Bundesland-spezifische Policies
</span>
</a>
<nav class="md-nav" aria-label="Bundesland-spezifische Policies">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#beispiel-niedersachsen" class="md-nav__link">
<span class="md-ellipsis">
Beispiel: Niedersachsen
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#workflow-beispiele" class="md-nav__link">
<span class="md-ellipsis">
Workflow-Beispiele
</span>
</a>
<nav class="md-nav" aria-label="Workflow-Beispiele">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#klausurkorrektur-workflow" class="md-nav__link">
<span class="md-ellipsis">
Klausurkorrektur-Workflow
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#zeugnis-workflow" class="md-nav__link">
<span class="md-ellipsis">
Zeugnis-Workflow
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#dateien" class="md-nav__link">
<span class="md-ellipsis">
Dateien
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#konfiguration_1" class="md-nav__link">
<span class="md-ellipsis">
Konfiguration
</span>
</a>
<nav class="md-nav" aria-label="Konfiguration">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#entwicklung-ohne-keycloak" class="md-nav__link">
<span class="md-ellipsis">
Entwicklung (ohne Keycloak)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#produktion-mit-keycloak" class="md-nav__link">
<span class="md-ellipsis">
Produktion (mit Keycloak)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#sicherheitshinweise" class="md-nav__link">
<span class="md-ellipsis">
Sicherheitshinweise
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="breakpilot-authentifizierung-autorisierung">BreakPilot Authentifizierung &amp; Autorisierung<a class="headerlink" href="#breakpilot-authentifizierung-autorisierung" title="Permanent link">&para;</a></h1>
<h2 id="uebersicht">Uebersicht<a class="headerlink" href="#uebersicht" title="Permanent link">&para;</a></h2>
<p>BreakPilot verwendet einen <strong>Hybrid-Ansatz</strong> fuer Authentifizierung und Autorisierung:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1"></a>┌─────────────────────────────────────────────────────────────────────────┐
<a id="__codelineno-0-2" name="__codelineno-0-2" href="#__codelineno-0-2"></a>│ AUTHENTIFIZIERUNG │
<a id="__codelineno-0-3" name="__codelineno-0-3" href="#__codelineno-0-3"></a>&quot;Wer bist du?&quot;
<a id="__codelineno-0-4" name="__codelineno-0-4" href="#__codelineno-0-4"></a>│ ┌────────────────────────────────────────────────────────────────────┐ │
<a id="__codelineno-0-5" name="__codelineno-0-5" href="#__codelineno-0-5"></a>│ │ HybridAuthenticator │ │
<a id="__codelineno-0-6" name="__codelineno-0-6" href="#__codelineno-0-6"></a>│ │ ┌─────────────────────┐ ┌─────────────────────────────────┐ │ │
<a id="__codelineno-0-7" name="__codelineno-0-7" href="#__codelineno-0-7"></a>│ │ │ Keycloak │ │ Lokales JWT │ │ │
<a id="__codelineno-0-8" name="__codelineno-0-8" href="#__codelineno-0-8"></a>│ │ │ (Produktion) │ OR │ (Entwicklung) │ │ │
<a id="__codelineno-0-9" name="__codelineno-0-9" href="#__codelineno-0-9"></a>│ │ │ RS256 + JWKS │ │ HS256 + Secret │ │ │
<a id="__codelineno-0-10" name="__codelineno-0-10" href="#__codelineno-0-10"></a>│ │ └─────────────────────┘ └─────────────────────────────────┘ │ │
<a id="__codelineno-0-11" name="__codelineno-0-11" href="#__codelineno-0-11"></a>│ └────────────────────────────────────────────────────────────────────┘ │
<a id="__codelineno-0-12" name="__codelineno-0-12" href="#__codelineno-0-12"></a>└─────────────────────────────────────────────────────────────────────────┘
<a id="__codelineno-0-13" name="__codelineno-0-13" href="#__codelineno-0-13"></a>
<a id="__codelineno-0-14" name="__codelineno-0-14" href="#__codelineno-0-14"></a>
<a id="__codelineno-0-15" name="__codelineno-0-15" href="#__codelineno-0-15"></a>┌─────────────────────────────────────────────────────────────────────────┐
<a id="__codelineno-0-16" name="__codelineno-0-16" href="#__codelineno-0-16"></a>│ AUTORISIERUNG │
<a id="__codelineno-0-17" name="__codelineno-0-17" href="#__codelineno-0-17"></a>&quot;Was darfst du?&quot;
<a id="__codelineno-0-18" name="__codelineno-0-18" href="#__codelineno-0-18"></a>│ ┌────────────────────────────────────────────────────────────────────┐ │
<a id="__codelineno-0-19" name="__codelineno-0-19" href="#__codelineno-0-19"></a>│ │ rbac.py (Eigenentwicklung) │ │
<a id="__codelineno-0-20" name="__codelineno-0-20" href="#__codelineno-0-20"></a>│ │ ┌─────────────────┐ ┌─────────────────┐ ┌───────────────────┐ │ │
<a id="__codelineno-0-21" name="__codelineno-0-21" href="#__codelineno-0-21"></a>│ │ │ Rollen-Hierarchie│ │ PolicySet │ │ DEFAULT_PERMISSIONS│ │ │
<a id="__codelineno-0-22" name="__codelineno-0-22" href="#__codelineno-0-22"></a>│ │ │ 15+ Rollen │ │ Bundesland- │ │ Matrix │ │ │
<a id="__codelineno-0-23" name="__codelineno-0-23" href="#__codelineno-0-23"></a>│ │ │ - Erstkorrektor │ │ spezifisch │ │ Rolle→Ressource→ │ │ │
<a id="__codelineno-0-24" name="__codelineno-0-24" href="#__codelineno-0-24"></a>│ │ │ - Klassenlehrer │ │ - Niedersachsen │ │ Aktion │ │ │
<a id="__codelineno-0-25" name="__codelineno-0-25" href="#__codelineno-0-25"></a>│ │ │ - Schulleitung │ │ - Bayern │ │ │ │ │
<a id="__codelineno-0-26" name="__codelineno-0-26" href="#__codelineno-0-26"></a>│ │ └─────────────────┘ └─────────────────┘ └───────────────────┘ │ │
<a id="__codelineno-0-27" name="__codelineno-0-27" href="#__codelineno-0-27"></a>│ └────────────────────────────────────────────────────────────────────┘ │
<a id="__codelineno-0-28" name="__codelineno-0-28" href="#__codelineno-0-28"></a>└─────────────────────────────────────────────────────────────────────────┘
</code></pre></div>
<h2 id="warum-dieser-ansatz">Warum dieser Ansatz?<a class="headerlink" href="#warum-dieser-ansatz" title="Permanent link">&para;</a></h2>
<h3 id="alternative-loesungen-verworfen">Alternative Loesungen (verworfen)<a class="headerlink" href="#alternative-loesungen-verworfen" title="Permanent link">&para;</a></h3>
<table>
<thead>
<tr>
<th>Tool</th>
<th>Problem fuer BreakPilot</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Casbin</strong></td>
<td>Zu generisch fuer Bundesland-spezifische Policies</td>
</tr>
<tr>
<td><strong>Cerbos</strong></td>
<td>Overhead: Externer PDP-Service fuer ~15 Rollen ueberdimensioniert</td>
</tr>
<tr>
<td><strong>OpenFGA</strong></td>
<td>Zanzibar-Modell optimiert fuer Graph-Beziehungen, nicht Hierarchien</td>
</tr>
<tr>
<td><strong>Keycloak RBAC</strong></td>
<td>Kann keine ressourcen-spezifischen Zuweisungen (User X ist Erstkorrektor fuer Package Y)</td>
</tr>
</tbody>
</table>
<h3 id="vorteile-des-hybrid-ansatzes">Vorteile des Hybrid-Ansatzes<a class="headerlink" href="#vorteile-des-hybrid-ansatzes" title="Permanent link">&para;</a></h3>
<ol>
<li><strong>Keycloak fuer Authentifizierung:</strong></li>
<li>Bewährtes IAM-System</li>
<li>SSO, Federation, MFA</li>
<li>
<p>Apache-2.0 Lizenz</p>
</li>
<li>
<p><strong>Eigenes rbac.py fuer Autorisierung:</strong></p>
</li>
<li>Domaenenspezifische Logik (Korrekturkette, Zeugnis-Workflow)</li>
<li>Bundesland-spezifische Regeln</li>
<li>Zeitlich begrenzte Zuweisungen</li>
<li>Key-Sharing fuer verschluesselte Klausuren</li>
</ol>
<hr />
<h2 id="authentifizierung-authkeycloak_authpy">Authentifizierung (auth/keycloak_auth.py)<a class="headerlink" href="#authentifizierung-authkeycloak_authpy" title="Permanent link">&para;</a></h2>
<h3 id="konfiguration">Konfiguration<a class="headerlink" href="#konfiguration" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a><span class="c1"># Entwicklung: Lokales JWT (Standard)</span>
<a id="__codelineno-1-2" name="__codelineno-1-2" href="#__codelineno-1-2"></a><span class="n">JWT_SECRET</span><span class="o">=</span><span class="n">your</span><span class="o">-</span><span class="n">secret</span><span class="o">-</span><span class="n">key</span>
<a id="__codelineno-1-3" name="__codelineno-1-3" href="#__codelineno-1-3"></a>
<a id="__codelineno-1-4" name="__codelineno-1-4" href="#__codelineno-1-4"></a><span class="c1"># Produktion: Keycloak</span>
<a id="__codelineno-1-5" name="__codelineno-1-5" href="#__codelineno-1-5"></a><span class="n">KEYCLOAK_SERVER_URL</span><span class="o">=</span><span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="n">keycloak</span><span class="o">.</span><span class="n">breakpilot</span><span class="o">.</span><span class="n">app</span>
<a id="__codelineno-1-6" name="__codelineno-1-6" href="#__codelineno-1-6"></a><span class="n">KEYCLOAK_REALM</span><span class="o">=</span><span class="n">breakpilot</span>
<a id="__codelineno-1-7" name="__codelineno-1-7" href="#__codelineno-1-7"></a><span class="n">KEYCLOAK_CLIENT_ID</span><span class="o">=</span><span class="n">breakpilot</span><span class="o">-</span><span class="n">backend</span>
<a id="__codelineno-1-8" name="__codelineno-1-8" href="#__codelineno-1-8"></a><span class="n">KEYCLOAK_CLIENT_SECRET</span><span class="o">=</span><span class="n">your</span><span class="o">-</span><span class="n">client</span><span class="o">-</span><span class="n">secret</span>
</code></pre></div>
<h3 id="token-erkennung">Token-Erkennung<a class="headerlink" href="#token-erkennung" title="Permanent link">&para;</a></h3>
<p>Der <code>HybridAuthenticator</code> erkennt automatisch den Token-Typ:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-2-1" name="__codelineno-2-1" href="#__codelineno-2-1"></a><span class="c1"># Keycloak-Token (RS256)</span>
<a id="__codelineno-2-2" name="__codelineno-2-2" href="#__codelineno-2-2"></a><span class="p">{</span>
<a id="__codelineno-2-3" name="__codelineno-2-3" href="#__codelineno-2-3"></a> <span class="s2">&quot;iss&quot;</span><span class="p">:</span> <span class="s2">&quot;https://keycloak.breakpilot.app/realms/breakpilot&quot;</span><span class="p">,</span>
<a id="__codelineno-2-4" name="__codelineno-2-4" href="#__codelineno-2-4"></a> <span class="s2">&quot;sub&quot;</span><span class="p">:</span> <span class="s2">&quot;user-uuid&quot;</span><span class="p">,</span>
<a id="__codelineno-2-5" name="__codelineno-2-5" href="#__codelineno-2-5"></a> <span class="s2">&quot;realm_access&quot;</span><span class="p">:</span> <span class="p">{</span><span class="s2">&quot;roles&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;teacher&quot;</span><span class="p">,</span> <span class="s2">&quot;admin&quot;</span><span class="p">]},</span>
<a id="__codelineno-2-6" name="__codelineno-2-6" href="#__codelineno-2-6"></a> <span class="o">...</span>
<a id="__codelineno-2-7" name="__codelineno-2-7" href="#__codelineno-2-7"></a><span class="p">}</span>
<a id="__codelineno-2-8" name="__codelineno-2-8" href="#__codelineno-2-8"></a>
<a id="__codelineno-2-9" name="__codelineno-2-9" href="#__codelineno-2-9"></a><span class="c1"># Lokales JWT (HS256)</span>
<a id="__codelineno-2-10" name="__codelineno-2-10" href="#__codelineno-2-10"></a><span class="p">{</span>
<a id="__codelineno-2-11" name="__codelineno-2-11" href="#__codelineno-2-11"></a> <span class="s2">&quot;iss&quot;</span><span class="p">:</span> <span class="s2">&quot;breakpilot&quot;</span><span class="p">,</span>
<a id="__codelineno-2-12" name="__codelineno-2-12" href="#__codelineno-2-12"></a> <span class="s2">&quot;user_id&quot;</span><span class="p">:</span> <span class="s2">&quot;user-uuid&quot;</span><span class="p">,</span>
<a id="__codelineno-2-13" name="__codelineno-2-13" href="#__codelineno-2-13"></a> <span class="s2">&quot;role&quot;</span><span class="p">:</span> <span class="s2">&quot;admin&quot;</span><span class="p">,</span>
<a id="__codelineno-2-14" name="__codelineno-2-14" href="#__codelineno-2-14"></a> <span class="o">...</span>
<a id="__codelineno-2-15" name="__codelineno-2-15" href="#__codelineno-2-15"></a><span class="p">}</span>
</code></pre></div>
<h3 id="fastapi-integration">FastAPI Integration<a class="headerlink" href="#fastapi-integration" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-3-1" name="__codelineno-3-1" href="#__codelineno-3-1"></a><span class="kn">from</span><span class="w"> </span><span class="nn">auth</span><span class="w"> </span><span class="kn">import</span> <span class="n">get_current_user</span>
<a id="__codelineno-3-2" name="__codelineno-3-2" href="#__codelineno-3-2"></a>
<a id="__codelineno-3-3" name="__codelineno-3-3" href="#__codelineno-3-3"></a><span class="nd">@app</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;/api/protected&quot;</span><span class="p">)</span>
<a id="__codelineno-3-4" name="__codelineno-3-4" href="#__codelineno-3-4"></a><span class="k">async</span> <span class="k">def</span><span class="w"> </span><span class="nf">protected_endpoint</span><span class="p">(</span><span class="n">user</span><span class="p">:</span> <span class="nb">dict</span> <span class="o">=</span> <span class="n">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">)):</span>
<a id="__codelineno-3-5" name="__codelineno-3-5" href="#__codelineno-3-5"></a> <span class="c1"># user enthält: user_id, email, role, realm_roles, tenant_id</span>
<a id="__codelineno-3-6" name="__codelineno-3-6" href="#__codelineno-3-6"></a> <span class="k">return</span> <span class="p">{</span><span class="s2">&quot;user_id&quot;</span><span class="p">:</span> <span class="n">user</span><span class="p">[</span><span class="s2">&quot;user_id&quot;</span><span class="p">]}</span>
</code></pre></div>
<hr />
<h2 id="autorisierung-klausur-servicebackendrbacpy">Autorisierung (klausur-service/backend/rbac.py)<a class="headerlink" href="#autorisierung-klausur-servicebackendrbacpy" title="Permanent link">&para;</a></h2>
<h3 id="rollen-15">Rollen (15+)<a class="headerlink" href="#rollen-15" title="Permanent link">&para;</a></h3>
<table>
<thead>
<tr>
<th>Rolle</th>
<th>Beschreibung</th>
<th>Bereich</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>erstkorrektor</code></td>
<td>Erster Prüfer</td>
<td>Klausur</td>
</tr>
<tr>
<td><code>zweitkorrektor</code></td>
<td>Zweiter Prüfer</td>
<td>Klausur</td>
</tr>
<tr>
<td><code>drittkorrektor</code></td>
<td>Dritter Prüfer</td>
<td>Klausur</td>
</tr>
<tr>
<td><code>klassenlehrer</code></td>
<td>Klassenleitung</td>
<td>Zeugnis</td>
</tr>
<tr>
<td><code>fachlehrer</code></td>
<td>Fachlehrkraft</td>
<td>Noten</td>
</tr>
<tr>
<td><code>fachvorsitz</code></td>
<td>Fachkonferenz-Leitung</td>
<td>Fachschaft</td>
</tr>
<tr>
<td><code>schulleitung</code></td>
<td>Schulleiter/in</td>
<td>Schule</td>
</tr>
<tr>
<td><code>zeugnisbeauftragter</code></td>
<td>Zeugnis-Koordination</td>
<td>Zeugnis</td>
</tr>
<tr>
<td><code>sekretariat</code></td>
<td>Verwaltung</td>
<td>Schule</td>
</tr>
<tr>
<td><code>data_protection_officer</code></td>
<td>DSB</td>
<td>DSGVO</td>
</tr>
<tr>
<td>...</td>
<td></td>
<td></td>
</tr>
</tbody>
</table>
<h3 id="ressourcentypen-25">Ressourcentypen (25+)<a class="headerlink" href="#ressourcentypen-25" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-4-1" name="__codelineno-4-1" href="#__codelineno-4-1"></a><span class="k">class</span><span class="w"> </span><span class="nc">ResourceType</span><span class="p">(</span><span class="nb">str</span><span class="p">,</span> <span class="n">Enum</span><span class="p">):</span>
<a id="__codelineno-4-2" name="__codelineno-4-2" href="#__codelineno-4-2"></a> <span class="n">EXAM_PACKAGE</span> <span class="o">=</span> <span class="s2">&quot;exam_package&quot;</span> <span class="c1"># Klausurpaket</span>
<a id="__codelineno-4-3" name="__codelineno-4-3" href="#__codelineno-4-3"></a> <span class="n">STUDENT_SUBMISSION</span> <span class="o">=</span> <span class="s2">&quot;student_submission&quot;</span>
<a id="__codelineno-4-4" name="__codelineno-4-4" href="#__codelineno-4-4"></a> <span class="n">CORRECTION</span> <span class="o">=</span> <span class="s2">&quot;correction&quot;</span>
<a id="__codelineno-4-5" name="__codelineno-4-5" href="#__codelineno-4-5"></a> <span class="n">ZEUGNIS</span> <span class="o">=</span> <span class="s2">&quot;zeugnis&quot;</span>
<a id="__codelineno-4-6" name="__codelineno-4-6" href="#__codelineno-4-6"></a> <span class="n">FACHNOTE</span> <span class="o">=</span> <span class="s2">&quot;fachnote&quot;</span>
<a id="__codelineno-4-7" name="__codelineno-4-7" href="#__codelineno-4-7"></a> <span class="n">KOPFNOTE</span> <span class="o">=</span> <span class="s2">&quot;kopfnote&quot;</span>
<a id="__codelineno-4-8" name="__codelineno-4-8" href="#__codelineno-4-8"></a> <span class="n">BEMERKUNG</span> <span class="o">=</span> <span class="s2">&quot;bemerkung&quot;</span>
<a id="__codelineno-4-9" name="__codelineno-4-9" href="#__codelineno-4-9"></a> <span class="o">...</span>
</code></pre></div>
<h3 id="aktionen-17">Aktionen (17)<a class="headerlink" href="#aktionen-17" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-5-1" name="__codelineno-5-1" href="#__codelineno-5-1"></a><span class="k">class</span><span class="w"> </span><span class="nc">Action</span><span class="p">(</span><span class="nb">str</span><span class="p">,</span> <span class="n">Enum</span><span class="p">):</span>
<a id="__codelineno-5-2" name="__codelineno-5-2" href="#__codelineno-5-2"></a> <span class="n">CREATE</span> <span class="o">=</span> <span class="s2">&quot;create&quot;</span>
<a id="__codelineno-5-3" name="__codelineno-5-3" href="#__codelineno-5-3"></a> <span class="n">READ</span> <span class="o">=</span> <span class="s2">&quot;read&quot;</span>
<a id="__codelineno-5-4" name="__codelineno-5-4" href="#__codelineno-5-4"></a> <span class="n">UPDATE</span> <span class="o">=</span> <span class="s2">&quot;update&quot;</span>
<a id="__codelineno-5-5" name="__codelineno-5-5" href="#__codelineno-5-5"></a> <span class="n">DELETE</span> <span class="o">=</span> <span class="s2">&quot;delete&quot;</span>
<a id="__codelineno-5-6" name="__codelineno-5-6" href="#__codelineno-5-6"></a> <span class="n">SIGN_OFF</span> <span class="o">=</span> <span class="s2">&quot;sign_off&quot;</span> <span class="c1"># Freigabe</span>
<a id="__codelineno-5-7" name="__codelineno-5-7" href="#__codelineno-5-7"></a> <span class="n">BREAK_GLASS</span> <span class="o">=</span> <span class="s2">&quot;break_glass&quot;</span> <span class="c1"># Notfall-Zugriff</span>
<a id="__codelineno-5-8" name="__codelineno-5-8" href="#__codelineno-5-8"></a> <span class="n">SHARE_KEY</span> <span class="o">=</span> <span class="s2">&quot;share_key&quot;</span> <span class="c1"># Schlüssel teilen</span>
<a id="__codelineno-5-9" name="__codelineno-5-9" href="#__codelineno-5-9"></a> <span class="o">...</span>
</code></pre></div>
<h3 id="permission-pruefung">Permission-Pruefung<a class="headerlink" href="#permission-pruefung" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-6-1" name="__codelineno-6-1" href="#__codelineno-6-1"></a><span class="kn">from</span><span class="w"> </span><span class="nn">klausur_service.backend.rbac</span><span class="w"> </span><span class="kn">import</span> <span class="n">PolicyEngine</span>
<a id="__codelineno-6-2" name="__codelineno-6-2" href="#__codelineno-6-2"></a>
<a id="__codelineno-6-3" name="__codelineno-6-3" href="#__codelineno-6-3"></a><span class="n">engine</span> <span class="o">=</span> <span class="n">PolicyEngine</span><span class="p">()</span>
<a id="__codelineno-6-4" name="__codelineno-6-4" href="#__codelineno-6-4"></a>
<a id="__codelineno-6-5" name="__codelineno-6-5" href="#__codelineno-6-5"></a><span class="c1"># Pruefe ob User X Klausur Y korrigieren darf</span>
<a id="__codelineno-6-6" name="__codelineno-6-6" href="#__codelineno-6-6"></a><span class="n">allowed</span> <span class="o">=</span> <span class="n">engine</span><span class="o">.</span><span class="n">check_permission</span><span class="p">(</span>
<a id="__codelineno-6-7" name="__codelineno-6-7" href="#__codelineno-6-7"></a> <span class="n">user_id</span><span class="o">=</span><span class="s2">&quot;user-uuid&quot;</span><span class="p">,</span>
<a id="__codelineno-6-8" name="__codelineno-6-8" href="#__codelineno-6-8"></a> <span class="n">action</span><span class="o">=</span><span class="n">Action</span><span class="o">.</span><span class="n">UPDATE</span><span class="p">,</span>
<a id="__codelineno-6-9" name="__codelineno-6-9" href="#__codelineno-6-9"></a> <span class="n">resource_type</span><span class="o">=</span><span class="n">ResourceType</span><span class="o">.</span><span class="n">CORRECTION</span><span class="p">,</span>
<a id="__codelineno-6-10" name="__codelineno-6-10" href="#__codelineno-6-10"></a> <span class="n">resource_id</span><span class="o">=</span><span class="s2">&quot;klausur-uuid&quot;</span>
<a id="__codelineno-6-11" name="__codelineno-6-11" href="#__codelineno-6-11"></a><span class="p">)</span>
</code></pre></div>
<hr />
<h2 id="bundesland-spezifische-policies">Bundesland-spezifische Policies<a class="headerlink" href="#bundesland-spezifische-policies" title="Permanent link">&para;</a></h2>
<div class="highlight"><pre><span></span><code><a id="__codelineno-7-1" name="__codelineno-7-1" href="#__codelineno-7-1"></a><span class="nd">@dataclass</span>
<a id="__codelineno-7-2" name="__codelineno-7-2" href="#__codelineno-7-2"></a><span class="k">class</span><span class="w"> </span><span class="nc">PolicySet</span><span class="p">:</span>
<a id="__codelineno-7-3" name="__codelineno-7-3" href="#__codelineno-7-3"></a> <span class="n">bundesland</span><span class="p">:</span> <span class="nb">str</span>
<a id="__codelineno-7-4" name="__codelineno-7-4" href="#__codelineno-7-4"></a> <span class="n">abitur_type</span><span class="p">:</span> <span class="nb">str</span> <span class="c1"># &quot;landesabitur&quot; | &quot;zentralabitur&quot;</span>
<a id="__codelineno-7-5" name="__codelineno-7-5" href="#__codelineno-7-5"></a>
<a id="__codelineno-7-6" name="__codelineno-7-6" href="#__codelineno-7-6"></a> <span class="c1"># Korrekturkette</span>
<a id="__codelineno-7-7" name="__codelineno-7-7" href="#__codelineno-7-7"></a> <span class="n">korrektoren_anzahl</span><span class="p">:</span> <span class="nb">int</span> <span class="c1"># 2 oder 3</span>
<a id="__codelineno-7-8" name="__codelineno-7-8" href="#__codelineno-7-8"></a> <span class="n">anonyme_erstkorrektur</span><span class="p">:</span> <span class="nb">bool</span>
<a id="__codelineno-7-9" name="__codelineno-7-9" href="#__codelineno-7-9"></a>
<a id="__codelineno-7-10" name="__codelineno-7-10" href="#__codelineno-7-10"></a> <span class="c1"># Sichtbarkeit</span>
<a id="__codelineno-7-11" name="__codelineno-7-11" href="#__codelineno-7-11"></a> <span class="n">zk_visibility_mode</span><span class="p">:</span> <span class="n">ZKVisibilityMode</span> <span class="c1"># BLIND | SEMI | FULL</span>
<a id="__codelineno-7-12" name="__codelineno-7-12" href="#__codelineno-7-12"></a> <span class="n">eh_visibility_mode</span><span class="p">:</span> <span class="n">EHVisibilityMode</span>
<a id="__codelineno-7-13" name="__codelineno-7-13" href="#__codelineno-7-13"></a>
<a id="__codelineno-7-14" name="__codelineno-7-14" href="#__codelineno-7-14"></a> <span class="c1"># Zeugnis</span>
<a id="__codelineno-7-15" name="__codelineno-7-15" href="#__codelineno-7-15"></a> <span class="n">kopfnoten_enabled</span><span class="p">:</span> <span class="nb">bool</span>
<a id="__codelineno-7-16" name="__codelineno-7-16" href="#__codelineno-7-16"></a> <span class="o">...</span>
</code></pre></div>
<h3 id="beispiel-niedersachsen">Beispiel: Niedersachsen<a class="headerlink" href="#beispiel-niedersachsen" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-8-1" name="__codelineno-8-1" href="#__codelineno-8-1"></a><span class="n">NIEDERSACHSEN_POLICY</span> <span class="o">=</span> <span class="n">PolicySet</span><span class="p">(</span>
<a id="__codelineno-8-2" name="__codelineno-8-2" href="#__codelineno-8-2"></a> <span class="n">bundesland</span><span class="o">=</span><span class="s2">&quot;niedersachsen&quot;</span><span class="p">,</span>
<a id="__codelineno-8-3" name="__codelineno-8-3" href="#__codelineno-8-3"></a> <span class="n">abitur_type</span><span class="o">=</span><span class="s2">&quot;landesabitur&quot;</span><span class="p">,</span>
<a id="__codelineno-8-4" name="__codelineno-8-4" href="#__codelineno-8-4"></a> <span class="n">korrektoren_anzahl</span><span class="o">=</span><span class="mi">2</span><span class="p">,</span>
<a id="__codelineno-8-5" name="__codelineno-8-5" href="#__codelineno-8-5"></a> <span class="n">anonyme_erstkorrektur</span><span class="o">=</span><span class="kc">True</span><span class="p">,</span>
<a id="__codelineno-8-6" name="__codelineno-8-6" href="#__codelineno-8-6"></a> <span class="n">zk_visibility_mode</span><span class="o">=</span><span class="n">ZKVisibilityMode</span><span class="o">.</span><span class="n">BLIND</span><span class="p">,</span>
<a id="__codelineno-8-7" name="__codelineno-8-7" href="#__codelineno-8-7"></a> <span class="n">eh_visibility_mode</span><span class="o">=</span><span class="n">EHVisibilityMode</span><span class="o">.</span><span class="n">SUMMARY_ONLY</span><span class="p">,</span>
<a id="__codelineno-8-8" name="__codelineno-8-8" href="#__codelineno-8-8"></a> <span class="n">kopfnoten_enabled</span><span class="o">=</span><span class="kc">True</span><span class="p">,</span>
<a id="__codelineno-8-9" name="__codelineno-8-9" href="#__codelineno-8-9"></a><span class="p">)</span>
</code></pre></div>
<hr />
<h2 id="workflow-beispiele">Workflow-Beispiele<a class="headerlink" href="#workflow-beispiele" title="Permanent link">&para;</a></h2>
<h3 id="klausurkorrektur-workflow">Klausurkorrektur-Workflow<a class="headerlink" href="#klausurkorrektur-workflow" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-9-1" name="__codelineno-9-1" href="#__codelineno-9-1"></a>1. Lehrer laedt Klausuren hoch
<a id="__codelineno-9-2" name="__codelineno-9-2" href="#__codelineno-9-2"></a> └── Rolle: &quot;lehrer&quot; + Action.CREATE auf EXAM_PACKAGE
<a id="__codelineno-9-3" name="__codelineno-9-3" href="#__codelineno-9-3"></a>
<a id="__codelineno-9-4" name="__codelineno-9-4" href="#__codelineno-9-4"></a>2. Erstkorrektor korrigiert
<a id="__codelineno-9-5" name="__codelineno-9-5" href="#__codelineno-9-5"></a> └── Rolle: &quot;erstkorrektor&quot; (ressourcen-spezifisch) + Action.UPDATE auf CORRECTION
<a id="__codelineno-9-6" name="__codelineno-9-6" href="#__codelineno-9-6"></a>
<a id="__codelineno-9-7" name="__codelineno-9-7" href="#__codelineno-9-7"></a>3. Zweitkorrektor ueberprueft
<a id="__codelineno-9-8" name="__codelineno-9-8" href="#__codelineno-9-8"></a> └── Rolle: &quot;zweitkorrektor&quot; + Action.READ auf CORRECTION
<a id="__codelineno-9-9" name="__codelineno-9-9" href="#__codelineno-9-9"></a> └── Policy: zk_visibility_mode bestimmt Sichtbarkeit
<a id="__codelineno-9-10" name="__codelineno-9-10" href="#__codelineno-9-10"></a>
<a id="__codelineno-9-11" name="__codelineno-9-11" href="#__codelineno-9-11"></a>4. Drittkorrektor (bei Abweichung)
<a id="__codelineno-9-12" name="__codelineno-9-12" href="#__codelineno-9-12"></a> └── Rolle: &quot;drittkorrektor&quot; + Action.SIGN_OFF
</code></pre></div>
<h3 id="zeugnis-workflow">Zeugnis-Workflow<a class="headerlink" href="#zeugnis-workflow" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-10-1" name="__codelineno-10-1" href="#__codelineno-10-1"></a>1. Fachlehrer traegt Noten ein
<a id="__codelineno-10-2" name="__codelineno-10-2" href="#__codelineno-10-2"></a> └── Rolle: &quot;fachlehrer&quot; + Action.CREATE auf FACHNOTE
<a id="__codelineno-10-3" name="__codelineno-10-3" href="#__codelineno-10-3"></a>
<a id="__codelineno-10-4" name="__codelineno-10-4" href="#__codelineno-10-4"></a>2. Klassenlehrer prueft
<a id="__codelineno-10-5" name="__codelineno-10-5" href="#__codelineno-10-5"></a> └── Rolle: &quot;klassenlehrer&quot; + Action.READ auf ZEUGNIS
<a id="__codelineno-10-6" name="__codelineno-10-6" href="#__codelineno-10-6"></a> └── Action.SIGN_OFF freigeben
<a id="__codelineno-10-7" name="__codelineno-10-7" href="#__codelineno-10-7"></a>
<a id="__codelineno-10-8" name="__codelineno-10-8" href="#__codelineno-10-8"></a>3. Zeugnisbeauftragter final
<a id="__codelineno-10-9" name="__codelineno-10-9" href="#__codelineno-10-9"></a> └── Rolle: &quot;zeugnisbeauftragter&quot; + Action.SIGN_OFF
<a id="__codelineno-10-10" name="__codelineno-10-10" href="#__codelineno-10-10"></a>
<a id="__codelineno-10-11" name="__codelineno-10-11" href="#__codelineno-10-11"></a>4. Schulleitung unterzeichnet
<a id="__codelineno-10-12" name="__codelineno-10-12" href="#__codelineno-10-12"></a> └── Rolle: &quot;schulleitung&quot; + Action.SIGN_OFF
</code></pre></div>
<hr />
<h2 id="dateien">Dateien<a class="headerlink" href="#dateien" title="Permanent link">&para;</a></h2>
<table>
<thead>
<tr>
<th>Datei</th>
<th>Beschreibung</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>backend/auth/__init__.py</code></td>
<td>Auth-Modul Exports</td>
</tr>
<tr>
<td><code>backend/auth/keycloak_auth.py</code></td>
<td>Hybrid-Authentifizierung</td>
</tr>
<tr>
<td><code>klausur-service/backend/rbac.py</code></td>
<td>Autorisierungs-Engine</td>
</tr>
<tr>
<td><code>backend/rbac_api.py</code></td>
<td>REST API fuer Rollenverwaltung</td>
</tr>
</tbody>
</table>
<hr />
<h2 id="konfiguration_1">Konfiguration<a class="headerlink" href="#konfiguration_1" title="Permanent link">&para;</a></h2>
<h3 id="entwicklung-ohne-keycloak">Entwicklung (ohne Keycloak)<a class="headerlink" href="#entwicklung-ohne-keycloak" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-11-1" name="__codelineno-11-1" href="#__codelineno-11-1"></a><span class="c1"># .env</span>
<a id="__codelineno-11-2" name="__codelineno-11-2" href="#__codelineno-11-2"></a><span class="nv">ENVIRONMENT</span><span class="o">=</span>development
<a id="__codelineno-11-3" name="__codelineno-11-3" href="#__codelineno-11-3"></a><span class="nv">JWT_SECRET</span><span class="o">=</span>dev-secret-32-chars-minimum-here
</code></pre></div>
<h3 id="produktion-mit-keycloak">Produktion (mit Keycloak)<a class="headerlink" href="#produktion-mit-keycloak" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-12-1" name="__codelineno-12-1" href="#__codelineno-12-1"></a><span class="c1"># .env</span>
<a id="__codelineno-12-2" name="__codelineno-12-2" href="#__codelineno-12-2"></a><span class="nv">ENVIRONMENT</span><span class="o">=</span>production
<a id="__codelineno-12-3" name="__codelineno-12-3" href="#__codelineno-12-3"></a><span class="nv">JWT_SECRET</span><span class="o">=</span>&lt;openssl<span class="w"> </span>rand<span class="w"> </span>-hex<span class="w"> </span><span class="m">32</span>&gt;
<a id="__codelineno-12-4" name="__codelineno-12-4" href="#__codelineno-12-4"></a><span class="nv">KEYCLOAK_SERVER_URL</span><span class="o">=</span>https://keycloak.breakpilot.app
<a id="__codelineno-12-5" name="__codelineno-12-5" href="#__codelineno-12-5"></a><span class="nv">KEYCLOAK_REALM</span><span class="o">=</span>breakpilot
<a id="__codelineno-12-6" name="__codelineno-12-6" href="#__codelineno-12-6"></a><span class="nv">KEYCLOAK_CLIENT_ID</span><span class="o">=</span>breakpilot-backend
<a id="__codelineno-12-7" name="__codelineno-12-7" href="#__codelineno-12-7"></a><span class="nv">KEYCLOAK_CLIENT_SECRET</span><span class="o">=</span>&lt;from<span class="w"> </span>keycloak<span class="w"> </span>admin<span class="w"> </span>console&gt;
</code></pre></div>
<hr />
<h2 id="sicherheitshinweise">Sicherheitshinweise<a class="headerlink" href="#sicherheitshinweise" title="Permanent link">&para;</a></h2>
<ol>
<li><strong>Secrets niemals im Code</strong> - Immer Umgebungsvariablen verwenden</li>
<li><strong>JWT_SECRET in Produktion</strong> - Mindestens 32 Bytes, generiert mit <code>openssl rand -hex 32</code></li>
<li><strong>Keycloak HTTPS</strong> - KEYCLOAK_VERIFY_SSL=true in Produktion</li>
<li><strong>Token-Expiration</strong> - Keycloak-Tokens kurz halten (5-15 Minuten)</li>
<li><strong>Audit-Trail</strong> - Alle Berechtigungspruefungen werden geloggt</li>
</ol>
</article>
</div>
<script>var tabs=__md_get("__tabs");if(Array.isArray(tabs))e:for(var set of document.querySelectorAll(".tabbed-set")){var labels=set.querySelector(".tabbed-labels");for(var tab of tabs)for(var label of labels.getElementsByTagName("label"))if(label.innerText.trim()===tab){var input=document.getElementById(label.htmlFor);input.checked=!0;continue e}}</script>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
Zurück zum Seitenanfang
</button>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-social">
<a href="http://macmini:3003/breakpilot/breakpilot-pwa" target="_blank" rel="noopener" title="macmini:3003" class="md-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M173.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M252.8 8C114.1 8 8 113.3 8 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C436.2 457.8 504 362.9 504 252 504 113.3 391.5 8 252.8 8M105.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"annotate": null, "base": "../..", "features": ["search.highlight", "search.suggest", "navigation.tabs", "navigation.sections", "navigation.expand", "navigation.top", "content.code.copy", "content.tabs.link", "toc.follow"], "search": "../../assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "In Zwischenablage kopiert", "clipboard.copy": "In Zwischenablage kopieren", "search.result.more.one": "1 weiteres Suchergebnis auf dieser Seite", "search.result.more.other": "# weitere Suchergebnisse auf dieser Seite", "search.result.none": "Keine Suchergebnisse", "search.result.one": "1 Suchergebnis", "search.result.other": "# Suchergebnisse", "search.result.placeholder": "Suchbegriff eingeben", "search.result.term.missing": "Es fehlt", "select.version": "Version ausw\u00e4hlen"}, "version": null}</script>
<script src="../../assets/javascripts/bundle.79ae519e.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink