Merge branch 'demoDev' into debian12Demo

Docs/backend_API_docs/README.md

@@ -1,366 +1,177 @@
 # Borrow System API Documentation
 
-**Frontend:** https://insta.the1s.de  
+## Overview
-**Backend base URL:** `https://insta.the1s.de/backend/api`
 
----
+The Borrow System API provides endpoints for managing items, loans, and door access for a borrowing/locker system. All endpoints require authentication via an 8-digit API key passed as a URL parameter.
 
 ## Authentication
 
-All API endpoints require **either**:
+All requests must include a valid API key in the URL path as the `:key` parameter. API keys are 8-digit numeric strings.
-
-### 1. Bearer Token (JWT)
-
-Send an `Authorization` header:
-
-```http
-Authorization: Bearer <JWT_TOKEN>
-```
-
-- Used for user-based access.
-- Token must be valid and not expired.
-
-### 2. API Key (for devices / machine-to-machine)
-
-Include an API key in the route as `:key` parameter:
-
-```text
-/api/.../:key/...
-```
-
-Example:
-
-```http
-GET /api/items/12345678
-```
-
-Where `12345678` is your API key.  
-The API key is validated server-side.
-
----
-
-## Common Response Codes
-
-- `200 OK` – Request was successful.
-- `401 Unauthorized` – Missing or malformed credentials.
-- `403 Forbidden` – Credentials invalid or not allowed to access this resource.
-- `404 Not Found` – Resource (e.g., loan) not found.
-- `500 Internal Server Error` – Unexpected server error.
-
----
 
 ## Endpoints
 
-### 1. Get All Items
+The Base URL for all endpoints is: `https://insta.the1s.de/backend/api`
 
-**GET** `/api/items/:key`
+### Get All Items
 
-Returns a list of all items.
+`GET /items/:key`
 
-#### Path Parameters
+Returns all items in the system.
 
-- `:key` – API key (8-digit number)
+**Response 200:**
-
-#### Authentication
-
-- Either:
-  - Valid `Authorization: Bearer <token>`
-  - Or valid `:key` path parameter
-
-#### Request Example
-
-```http
-GET /api/items/12345678 HTTP/1.1
-Host: backend.insta.the1s.de
-Authorization: Bearer <JWT_TOKEN>
-```
-
-#### Successful Response (200)
 
 ```json
 {
   "data": [
     {
       "id": 1,
-      "item_name": "DJI 1er Mikro",
+      "item_name": "Laptop",
-      "can_borrow_role": 4,
+      "can_borrow_role": 1,
-      "inSafe": 1,
+      "in_safe": true,
       "safe_nr": 3,
-      "door_key": "123",
+      "door_key": 101,
-      "entry_created_at": "2025-08-19T22:02:16.000Z",
+      "last_borrowed_person": "jdoe",
-      "entry_updated_at": "2025-08-19T22:02:16.000Z",
-      "last_borrowed_person": "alice",
       "currently_borrowing": null
     }
   ]
 }
 ```
 
-#### Error Response (500)
+**Response 500:**
 
 ```json
-{
+{ "message": "Failed to fetch items" }
-  "message": "Failed to fetch items"
-}
 ```
 
 ---
 
-### 2. Toggle Item Safe State
+### Change Item Safe State
 
-Toggles `in_safe` between `0` and `1` for a given item.
+`POST /change-state/:key/:itemId`
 
-**Keep in mind that when you return a loan by code, the item states are automatically updated.**
+Toggles the `in_safe` boolean state of an item.
 
-**POST** `/api/change-state/:key/:itemId`
+**URL Parameters:**
 
-#### Path Parameters
+- **key** - API key
+- **itemId** - The item's ID
 
-- `:key` – API key (8-digit number)
+**Response 200:** Returns on successful toggle.
-- `:itemId` – Item ID (integer)
 
-#### Authentication
+**Response 500:**
-
-- Either Bearer token or `:key` API key.
-
-#### Request Example
-
-```http
-POST /api/change-state/12345678/42 HTTP/1.1
-Host: backend.insta.the1s.de
-```
-
-#### Successful Response (200)
 
 ```json
-{
+{ "message": "Failed to update item state" }
-  "data": {}
-}
-```
-
-_(Implementation currently only returns `{ success: true }`, so `data` may be empty.)_
-
-#### Error Response (500)
-
-```json
-{
-  "message": "Failed to update item state"
-}
 ```
 
 ---
 
-### 3. Get Loan by Code
+### Get Loan by Code
 
-Fetch loan information by `loan_code`.
+`GET /get-loan-by-code/:key/:loan_code`
 
-**GET** `/api/get-loan-by-code/:key/:loan_code`
+Retrieves loan details by its 6-digit loan code.
 
-#### Path Parameters
+**URL Parameters:**
 
-- `:key` – API key (8-digit number)
+- **key** - API key
-- `:loan_code` – Loan code (string)
+- **loan_code** - A 6-digit numeric loan code
 
-#### Authentication
+**Response 200:**
-
-- Either Bearer token or `:key` API key.
-
-#### Request Example
-
-```http
-GET /api/get-loan-by-code/12345678/12345 HTTP/1.1
-Host: backend.insta.the1s.de
-```
-
-#### Successful Response (200)
 
 ```json
 {
   "data": {
-    "username": "john",
+    "username": "jdoe",
     "returned_date": null,
-    "take_date": "2025-01-01T10:00:00.000Z",
+    "take_date": "2024-01-15T10:30:00.000Z",
-    "lockers": "[1, 2, 3]"
+    "lockers": [1, 3]
   }
 }
 ```
 
-#### Error Response (404)
+**Response 404:**
 
 ```json
-{
+{ "message": "Loan not found" }
-  "message": "Loan not found"
-}
 ```
 
 ---
 
-### 4. Set Loan Return Date
+### Set Take Date
 
-Sets `returned_date = NOW()` on a loan and updates related items:
+`POST /set-take-date/:key/:loan_code`
 
-- `in_safe = 1`
+Records when items are physically taken by setting `take_date` to the current timestamp. Updates associated items to `in_safe = false` and sets `currently_borrowing` to the loan's username.
-- `currently_borrowing = NULL`
-- `last_borrowed_person = username`
 
-**POST** `/api/set-return-date/:key/:loan_code`
+**URL Parameters:**
 
-#### Path Parameters
+- **key** - API key
+- **loan_code** - A 6-digit numeric loan code
 
-- `:key` – API key (8-digit number)
+**Response 200:** Empty JSON object on success.
-- `:loan_code` – Loan code (string)
 
-#### Authentication
+**Response 500:**
-
-- Either Bearer token or `:key` API key.
-
-#### Request Example
-
-```http
-POST /api/set-return-date/12345678/12345 HTTP/1.1
-Host: backend.insta.the1s.de
-```
-
-#### Successful Response (200)
 
 ```json
-{
+{ "message": "Loan not found or already taken" }
-  "data": {}
-}
 ```
 
-#### Error Response (500)
+> **Note:** This endpoint will fail if the loan has already been taken or does not exist.
-
-```json
-{
-  "message": "Failed to set return date"
-}
-```
 
 ---
 
-### 5. Set Loan Take Date
+### Set Return Date
 
-Sets `take_date = NOW()` on a loan and updates related items:
+`POST /set-return-date/:key/:loan_code`
 
-- `in_safe = 0`
+Marks a loan as returned by setting `returned_date` to the current timestamp. Also updates all associated items to `in_safe = true`, clears `currently_borrowing`, and sets `last_borrowed_person`. Therefore, keep in mind that you must not call other endpoints that will change the safe state of an item after or before calling this endpoint, otherwise the state of the items will be inconsistent.
-- `currently_borrowing = username`
 
-**POST** `/api/set-take-date/:key/:loan_code`
+**URL Parameters:**
 
-#### Path Parameters
+- **key** - API key
+- **loan_code** - A 6-digit numeric loan code
 
-- `:key` – API key (8-digit number)
+**Response 200:** Empty JSON object on success.
-- `:loan_code` – Loan code (string)
 
-#### Authentication
+**Response 500:**
-
-- Either Bearer token or `:key` API key.
-
-#### Request Example
-
-```http
-POST /api/set-take-date/12345678/LOAN-12345 HTTP/1.1
-Host: backend.insta.the1s.de
-```
-
-#### Successful Response (200)
 
 ```json
-{
+{ "message": "Failed to set return date" }
-  "data": {}
-}
 ```
 
-#### Error Response (500)
+> **Note:** This endpoint will fail if the loan has already been returned (i.e., `returned_date` is not `NULL`).
-
-```json
-{
-  "message": "Failed to set take date"
-}
-```
 
 ---
 
-### 6. Open Door by Door Key
+### Open Door
 
-Looks up an item by its `door_key`, toggles `in_safe`, and returns safe information.
+`GET /open-door/:key/:doorKey`
 
-**GET** `/api/open-door/:key/:doorKey`
+Toggles the safe state of an item identified by its door key and returns the associated safe number.
 
-#### Path Parameters
+**URL Parameters:**
 
-- `:key` – API key (8-digit number)
+- **key** - API key
-- `:doorKey` – Door key/token (string) used by hardware to identify the locker.
+- **doorKey** - The door key identifier assigned to an item
 
-#### Authentication
+**Response 200:**
-
-- Either Bearer token or `:key` API key.
-
-#### Request Example
-
-```http
-GET /api/open-door/12345678/123 HTTP/1.1
-Host: backend.insta.the1s.de
-```
-
-#### Successful Response (200)
 
 ```json
 {
   "data": {
-    "safe_nr": 5,
+    "safe_nr": 3,
-    "id": 42
+    "id": 1
   }
 }
 ```
 
-#### Error Response (500)
+**Response 500:**
 
 ```json
-{
+{ "message": "Failed to open door" }
-  "message": "Failed to open door"
-}
 ```
 
----
+## Error Handling
 
-## Authentication Error Messages
+All endpoints return a `500` status code for server-side failures and a JSON body with a `message` field, except for **Get Loan by Code** which returns `404` when no matching loan is found.
-
-### Missing credentials
-
-Status: `401`
-
-```json
-{
-  "message": "Unauthorized"
-}
-```
-
-### Invalid JWT
-
-Status: `403`
-
-```json
-{
-  "message": "Present token invalid"
-}
-```
-
-### Invalid API Key
-
-Status: `403`
-
-```json
-{
-  "message": "API Key invalid"
-}
-```
-
----
-
-## Notes
-
-- All responses are JSON.
-- Time fields like `take_date` and `returned_date` are in the format returned by MySQL (usually ISO-like strings).
-- `loaned_items_id` in the database is stored as a JSON array string (e.g. `"[1,2,3]"`) and is parsed internally; clients do not interact with this field directly via current endpoints.

FrontendV2/nginx.conf

@@ -14,7 +14,7 @@ server {
   }
 
   location /backend/ {
-    proxy_pass http://borrow_system-backend_v2:8004/;
+    proxy_pass http://demo_borrow_system-backend_v2:8102/;
   }
 
   location ~* \.(?:js|mjs|css|png|jpg|jpeg|gif|ico|svg|woff2?)$ {

FrontendV2/src/App.tsx

@@ -12,11 +12,10 @@ import { triggerLogoutAtom } from "@/states/Atoms";
 import { MyLoansPage } from "./pages/MyLoansPage";
 import Landingpage from "./pages/Landingpage";
 import { changeLanguage } from "i18next";
-import { Box, Flex } from "@chakra-ui/react";
+import { Flex } from "@chakra-ui/react";
 import { Footer } from "./components/footer/Footer";
 import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
 import { API_BASE } from "@/config/api.config";
-import { ContactPage } from "./pages/ContactPage";
 
 const queryClient = new QueryClient();
 
@@ -72,8 +71,8 @@ function App() {
 
   return (
     <QueryClientProvider client={queryClient}>
-      <Flex direction="column" minH="100vh">
+      <Flex direction="column" minH="100dvh">
-        <Box as="main" flex="1">
+        <Flex as="main" flex="1" direction="column">
           <UserContext.Provider value={user}>
             <BrowserRouter>
               <Routes>
@@ -81,14 +80,13 @@ function App() {
                   <Route path="/" element={<HomePage />} />
                   <Route path="/my-loans" element={<MyLoansPage />} />
                   <Route path="/landingpage" element={<Landingpage />} />
-                  <Route path="/contact" element={<ContactPage />} />
                 </Route>
 
                 <Route path="/login" element={<LoginPage />} />
               </Routes>
             </BrowserRouter>
           </UserContext.Provider>
-        </Box>
+        </Flex>
         <Footer />
       </Flex>
     </QueryClientProvider>

FrontendV2/src/components/Header.tsx

@@ -22,7 +22,6 @@ import {
   MoreVertical,
   Languages,
   Table,
-  ContactRound,
 } from "lucide-react";
 import { useUserContext } from "@/states/Context";
 import { useState } from "react";
@@ -142,7 +141,7 @@ export const Header = () => {
                 value="help"
                 onSelect={() =>
                   window.open(
-                    "https://git.the1s.de/Matthias-Claudius-Schule/borrow-system/wiki",
+                    "https://git.the1s.de/Matthias-Claudius-Schule/borrow-system/wiki/?action=_pages",
                     "_blank",
                     "noopener,noreferrer",
                   )
@@ -154,16 +153,6 @@ export const Header = () => {
                   </HStack>
                 }
               />
-              <Menu.Item
-                value="contact"
-                onSelect={() => navigate("/contact", { replace: true })}
-                children={
-                  <HStack gap={3}>
-                    <ContactRound size={16} />
-                    <Text as="span">{t("contact")}</Text>
-                  </HStack>
-                }
-              />
               <Menu.Separator />
               <Menu.Item
                 value="logout"
@@ -279,7 +268,7 @@ export const Header = () => {
           </Button>
 
           <a
-            href="https://git.the1s.de/Matthias-Claudius-Schule/borrow-system/wiki"
+            href="https://git.the1s.de/Matthias-Claudius-Schule/borrow-system/wiki/?action=_pages"
             target="_blank"
           >
             <Button variant="ghost">
@@ -289,17 +278,6 @@ export const Header = () => {
               </HStack>
             </Button>
           </a>
-
-          <Button
-            variant={"outline"}
-            onClick={() => navigate("/contact", { replace: true })}
-          >
-            <HStack gap={2}>
-              <ContactRound size={18} />
-              <Text as="span">{t("contact")}</Text>
-            </HStack>
-          </Button>
-
           <Button onClick={logout} variant="outline" colorScheme="red">
             <HStack gap={2}>
               <LogOut size={18} />

FrontendV2/src/components/footer/Footer.tsx

@@ -9,10 +9,9 @@ export const Footer = () => {
       as="footer"
       py={4}
       textAlign="center"
-      position="fixed"
+      width="100%"
-      bottom="0"
+      flexShrink={0}
-      left="0"
+      fontSize="sm"
-      right="0"
     >
       Made with ❤️ by Theis Gaedigk - Class of 2019 at MCS-Bochum
       <br />

FrontendV2/src/components/ui/provider.tsx

@@ -1,15 +1,23 @@
-"use client"
+"use client";
 
-import { ChakraProvider, defaultSystem } from "@chakra-ui/react"
+import { ChakraProvider, defaultSystem } from "@chakra-ui/react";
-import {
+import * as React from "react";
-  ColorModeProvider,
+import type { ReactNode } from "react";
-  type ColorModeProviderProps,
+import { ColorModeProvider as ThemeColorModeProvider } from "./color-mode";
-} from "./color-mode"
 
-export function Provider(props: ColorModeProviderProps) {
+export interface ColorModeProviderProps {
+  children: React.ReactNode;
+}
+
+export function ColorModeProvider({ children }: ColorModeProviderProps) {
+  // Wrap children with the real color-mode provider
+  return <ThemeColorModeProvider>{children}</ThemeColorModeProvider>;
+}
+
+export function Provider({ children }: { children: ReactNode }) {
   return (
     <ChakraProvider value={defaultSystem}>
-      <ColorModeProvider {...props} />
+      <ColorModeProvider>{children}</ColorModeProvider>
     </ChakraProvider>
-  )
+  );
 }

FrontendV2/src/pages/ContactPage.tsx

@@ -1,84 +0,0 @@
-import {
-  Field,
-  Textarea,
-  Button,
-  Alert,
-  Container,
-  Text,
-} from "@chakra-ui/react";
-import { useTranslation } from "react-i18next";
-import { useState } from "react";
-import { API_BASE } from "@/config/api.config";
-import Cookies from "js-cookie";
-import { Header } from "@/components/Header";
-
-interface Alert {
-  type: "info" | "warning" | "success" | "error" | "neutral";
-  headline: string;
-  text: string;
-}
-
-export const ContactPage = () => {
-  const { t } = useTranslation();
-  const [message, setMessage] = useState("");
-  const [alert, setAlert] = useState<Alert | null>(null);
-
-  const sendMessage = async () => {
-    // Logic to send the message
-    const result = await fetch(`${API_BASE}/api/users/contact`, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${Cookies.get("token") || ""}`,
-        "Content-Type": "application/json",
-        Accept: "application/json",
-      },
-      body: JSON.stringify({ message }),
-    });
-
-    if (result.ok) {
-      setAlert({
-        type: "success",
-        headline: t("contactPage_successHeadline"),
-        text: t("contactPage_successText"),
-      });
-      setMessage("");
-    } else {
-      setAlert({
-        type: "error",
-        headline: t("contactPage_errorHeadline"),
-        text: t("contactPage_errorText"),
-      });
-    }
-  };
-
-  return (
-    <Container className="px-6 sm:px-8 pt-10">
-      <Header />
-      <Field.Root invalid={message === ""}>
-        <Field.Label>
-          <Text>{t("contactPage_messageDescription")}</Text>
-          <Field.RequiredIndicator />
-        </Field.Label>
-        <Textarea
-          placeholder={t("contactPage_messagePlaceholder")}
-          variant="subtle"
-          value={message}
-          onChange={(e) => setMessage(e.target.value)}
-        />
-        {message === "" && (
-          <Field.ErrorText>{t("contactPage_messageErrorText")}</Field.ErrorText>
-        )}
-      </Field.Root>
-      {alert && (
-        <Alert.Root status={alert.type}>
-          <Alert.Indicator />
-          <Alert.Content>
-            <Alert.Title>{alert.headline}</Alert.Title>
-            <Alert.Description>{alert.text}</Alert.Description>
-          </Alert.Content>
-        </Alert.Root>
-      )}
-      <Button onClick={sendMessage}>{t("contactPage_sendButton")}</Button>
-    </Container>
-  );
-};

FrontendV2/src/pages/Landingpage.tsx

@@ -9,12 +9,13 @@ import {
   Card,
   SimpleGrid,
   Button,
+  Container,
 } from "@chakra-ui/react";
 import MyAlert from "@/components/myChakra/MyAlert";
 import { useTranslation } from "react-i18next";
 import { API_BASE } from "@/config/api.config";
 import Cookies from "js-cookie";
-import { useNavigate } from "react-router-dom";
+import { Header } from "@/components/Header";
 
 export const formatDateTime = (value: string | null | undefined) => {
   if (!value) return "N/A";
@@ -32,6 +33,7 @@ type Loan = {
   returned_date: string | null;
   take_date: string | null;
   loaned_items_name: string[] | string;
+  note: string | null;
 };
 
 type Device = {
@@ -46,7 +48,6 @@ type Device = {
 
 const Landingpage: React.FC = () => {
   const { t } = useTranslation();
-  const navigate = useNavigate();
 
   const [isLoading, setIsLoading] = useState(false);
   const [loans, setLoans] = useState<Loan[]>([]);
@@ -59,7 +60,7 @@ const Landingpage: React.FC = () => {
   const setError = (
     status: "error" | "success",
     message: string,
-    description: string
+    description: string,
   ) => {
     setIsError(false);
     setErrorStatus(status);
@@ -85,7 +86,7 @@ const Landingpage: React.FC = () => {
           setError(
             "error",
             t("error-by-loading"),
-            t("unexpected-date-format_loan")
+            t("unexpected-date-format_loan"),
           );
         }
 
@@ -102,7 +103,7 @@ const Landingpage: React.FC = () => {
           setError(
             "error",
             t("error-by-loading"),
-            t("unexpected-date-format_device")
+            t("unexpected-date-format_device"),
           );
         }
       } catch (e) {
@@ -115,14 +116,8 @@ const Landingpage: React.FC = () => {
   }, []);
 
   return (
-    <>
+    <Container className="px-6 sm:px-8 pt-10">
-      <Heading as="h1" size="lg" mb={2}>
+      <Header />
-        Matthias-Claudius-Schule Technik
-      </Heading>
-
-      <Button onClick={() => navigate("/", { replace: true })}>
-        {t("back")}
-      </Button>
 
       <Heading as="h2" size="md" mb={4}>
         {t("all-loans")}
@@ -168,6 +163,9 @@ const Landingpage: React.FC = () => {
               <Table.ColumnHeader>
                 <strong>{t("return-date")}</strong>
               </Table.ColumnHeader>
+              <Table.ColumnHeader>
+                <strong>{t("note")}</strong>
+              </Table.ColumnHeader>
             </Table.Row>
           </Table.Header>
           <Table.Body>
@@ -184,6 +182,7 @@ const Landingpage: React.FC = () => {
                 </Table.Cell>
                 <Table.Cell>{formatDateTime(loan.take_date)}</Table.Cell>
                 <Table.Cell>{formatDateTime(loan.returned_date)}</Table.Cell>
+                <Table.Cell>{loan.note}</Table.Cell>
               </Table.Row>
             ))}
           </Table.Body>
@@ -260,7 +259,7 @@ const Landingpage: React.FC = () => {
           </HStack>
         </Button>
       </HStack>
-    </>
+    </Container>
   );
 };
 

FrontendV2/src/pages/LoginPage.tsx

@@ -7,7 +7,6 @@ import Cookies from "js-cookie";
 import { Navigate, useNavigate, useLocation } from "react-router-dom";
 import { PasswordInput } from "@/components/ui/password-input";
 import { useTranslation } from "react-i18next";
-import { Footer } from "@/components/footer/Footer";
 import { API_BASE } from "@/config/api.config";
 
 export const LoginPage = () => {
@@ -71,7 +70,7 @@ export const LoginPage = () => {
   }
 
   return (
-    <div className="min-h-screen flex items-center justify-center p-4">
+    <div className="flex flex-1 items-center justify-center p-4">
       <form onSubmit={(e) => e.preventDefault()}>
         <Card.Root maxW="sm">
           <Card.Header>
@@ -115,7 +114,6 @@ export const LoginPage = () => {
           </Card.Footer>
         </Card.Root>
       </form>
-      <Footer />
     </div>
   );
 };

FrontendV2/src/utils/Fetcher.ts

@@ -1,13 +1,10 @@
 import Cookies from "js-cookie";
 import { API_BASE } from "@/config/api.config";
-import { useTranslation } from "react-i18next";
 
 export const getBorrowableItems = async (
   startDate: string,
   endDate: string,
 ) => {
-  const { t } = useTranslation();
-
   try {
     const response = await fetch(`${API_BASE}/api/loans/borrowable-items`, {
       method: "POST",
@@ -24,7 +21,8 @@ export const getBorrowableItems = async (
         data: null,
         status: "error",
         title: "Server error",
-        description: t("serverError"),
+        description:
+          "An error occurred on the server. Sometimes reloading the page helps. Otherwise, please contact the administrator.",
       };
     }
 

FrontendV2/src/utils/i18n/locales/de/de.json

@@ -68,7 +68,7 @@
     "admin-status": "Admin-Status",
     "first-name": "Vorname",
     "last-name": "Nachname",
-    "app-title": "Ausleihsystem",
+    "app-title": "Ausleihsystem (demo)",
     "last-borrowed-person": "Zuletzt ausgeliehen von",
     "currently-borrowed-by": "Derzeit ausgeliehen von",
     "back": "Zurückgehen",

FrontendV2/src/utils/i18n/locales/en/en.json

@@ -68,7 +68,7 @@
     "admin-status": "Admin status",
     "first-name": "First name",
     "last-name": "Last name",
-    "app-title": "Borrow System",
+    "app-title": "Borrow System (demo)",
     "last-borrowed-person": "Last borrowed by",
     "currently-borrowed-by": "Currently borrowed by",
     "back": "Go back",

FrontendV2/vite.config.ts

@@ -1,16 +1,23 @@
 import { defineConfig } from "vite";
-import react from "@vitejs/plugin-react";
-import svgr from "vite-plugin-svgr";
 import tailwindcss from "@tailwindcss/vite";
-import tsconfigPaths from "vite-tsconfig-paths";
+import path from "node:path";
 
 export default defineConfig({
-  plugins: [react(), svgr(), tailwindcss(), tsconfigPaths()],
+  plugins: [tailwindcss()],
+  resolve: {
+    alias: {
+      "@": path.resolve(__dirname, "src"),
+    },
+  },
   server: {
     host: "0.0.0.0",
-    port: 8001,
+    allowedHosts: ["insta.the1s.de"],
-    watch: {
+    port: 8101,
-      usePolling: true,
+    watch: { usePolling: true },
+    hmr: {
+      host: "insta.the1s.de",
+      port: 8101,
+      protocol: "wss",
     },
   },
 });

admin/nginx.conf

@@ -14,7 +14,7 @@ server {
   }
 
   location /backend/ {
-    proxy_pass http://borrow_system-backend_v2:8004/;
+    proxy_pass http://demo_borrow_system-backend_v2:8102/;
   }
 
   location ~* \.(?:js|mjs|css|png|jpg|jpeg|gif|ico|svg|woff2?)$ {

admin/src/Layout/Login.tsx

@@ -3,6 +3,7 @@ import { useState } from "react";
 import { loginFunc } from "@/utils/loginUser";
 import MyAlert from "../components/myChakra/MyAlert";
 import { Button, Card, Field, Input, Stack } from "@chakra-ui/react";
+import { PasswordInput } from "@/components/ui/password-input";
 
 const Login: React.FC<{ onSuccess: () => void }> = ({ onSuccess }) => {
   const [username, setUsername] = useState("");
@@ -43,8 +44,7 @@ const Login: React.FC<{ onSuccess: () => void }> = ({ onSuccess }) => {
               </Field.Root>
               <Field.Root>
                 <Field.Label>password</Field.Label>
-                <Input
+                <PasswordInput
-                  type="password"
                   value={password}
                   onChange={(e) => setPassword(e.target.value)}
                 />

admin/src/components/ui/password-input.tsx

@@ -0,0 +1,159 @@
+"use client"
+
+import type {
+  ButtonProps,
+  GroupProps,
+  InputProps,
+  StackProps,
+} from "@chakra-ui/react"
+import {
+  Box,
+  HStack,
+  IconButton,
+  Input,
+  InputGroup,
+  Stack,
+  mergeRefs,
+  useControllableState,
+} from "@chakra-ui/react"
+import * as React from "react"
+import { LuEye, LuEyeOff } from "react-icons/lu"
+
+export interface PasswordVisibilityProps {
+  /**
+   * The default visibility state of the password input.
+   */
+  defaultVisible?: boolean
+  /**
+   * The controlled visibility state of the password input.
+   */
+  visible?: boolean
+  /**
+   * Callback invoked when the visibility state changes.
+   */
+  onVisibleChange?: (visible: boolean) => void
+  /**
+   * Custom icons for the visibility toggle button.
+   */
+  visibilityIcon?: { on: React.ReactNode; off: React.ReactNode }
+}
+
+export interface PasswordInputProps
+  extends InputProps,
+    PasswordVisibilityProps {
+  rootProps?: GroupProps
+}
+
+export const PasswordInput = React.forwardRef<
+  HTMLInputElement,
+  PasswordInputProps
+>(function PasswordInput(props, ref) {
+  const {
+    rootProps,
+    defaultVisible,
+    visible: visibleProp,
+    onVisibleChange,
+    visibilityIcon = { on: <LuEye />, off: <LuEyeOff /> },
+    ...rest
+  } = props
+
+  const [visible, setVisible] = useControllableState({
+    value: visibleProp,
+    defaultValue: defaultVisible || false,
+    onChange: onVisibleChange,
+  })
+
+  const inputRef = React.useRef<HTMLInputElement>(null)
+
+  return (
+    <InputGroup
+      endElement={
+        <VisibilityTrigger
+          disabled={rest.disabled}
+          onPointerDown={(e) => {
+            if (rest.disabled) return
+            if (e.button !== 0) return
+            e.preventDefault()
+            setVisible(!visible)
+          }}
+        >
+          {visible ? visibilityIcon.off : visibilityIcon.on}
+        </VisibilityTrigger>
+      }
+      {...rootProps}
+    >
+      <Input
+        {...rest}
+        ref={mergeRefs(ref, inputRef)}
+        type={visible ? "text" : "password"}
+      />
+    </InputGroup>
+  )
+})
+
+const VisibilityTrigger = React.forwardRef<HTMLButtonElement, ButtonProps>(
+  function VisibilityTrigger(props, ref) {
+    return (
+      <IconButton
+        tabIndex={-1}
+        ref={ref}
+        me="-2"
+        aspectRatio="square"
+        size="sm"
+        variant="ghost"
+        height="calc(100% - {spacing.2})"
+        aria-label="Toggle password visibility"
+        {...props}
+      />
+    )
+  },
+)
+
+interface PasswordStrengthMeterProps extends StackProps {
+  max?: number
+  value: number
+}
+
+export const PasswordStrengthMeter = React.forwardRef<
+  HTMLDivElement,
+  PasswordStrengthMeterProps
+>(function PasswordStrengthMeter(props, ref) {
+  const { max = 4, value, ...rest } = props
+
+  const percent = (value / max) * 100
+  const { label, colorPalette } = getColorPalette(percent)
+
+  return (
+    <Stack align="flex-end" gap="1" ref={ref} {...rest}>
+      <HStack width="full" {...rest}>
+        {Array.from({ length: max }).map((_, index) => (
+          <Box
+            key={index}
+            height="1"
+            flex="1"
+            rounded="sm"
+            data-selected={index < value ? "" : undefined}
+            layerStyle="fill.subtle"
+            colorPalette="gray"
+            _selected={{
+              colorPalette,
+              layerStyle: "fill.solid",
+            }}
+          />
+        ))}
+      </HStack>
+      {label && <HStack textStyle="xs">{label}</HStack>}
+    </Stack>
+  )
+})
+
+function getColorPalette(percent: number) {
+  switch (true) {
+    case percent < 33:
+      return { label: "Low", colorPalette: "red" }
+    case percent < 66:
+      return { label: "Medium", colorPalette: "orange" }
+    default:
+      return { label: "High", colorPalette: "green" }
+  }
+}

admin/tsconfig.app.json

@@ -1,10 +1,11 @@
 {
   "compilerOptions": {
     "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
-    "target": "ESNext",
+    "target": "ES2022",
     "useDefineForClassFields": true,
     "lib": ["ES2022", "DOM", "DOM.Iterable"],
     "module": "ESNext",
+    "types": ["vite/client"],
     "skipLibCheck": true,
 
     /* Bundler mode */
@@ -23,13 +24,10 @@
     "noFallthroughCasesInSwitch": true,
     "noUncheckedSideEffectImports": true,
 
-    /* Chakra / Pfad Aliases */
+    /* Path aliases */
-    "baseUrl": ".",
     "paths": {
       "@/*": ["./src/*"]
-    },
+    }
-
-    "forceConsistentCasingInFileNames": true
   },
   "include": ["src"]
 }

admin/vite.config.ts

@@ -8,9 +8,13 @@ export default defineConfig({
   plugins: [react(), svgr(), tailwindcss(), tsconfigPaths()],
   server: {
     host: "0.0.0.0",
-    port: 8003,
+    allowedHosts: ["admin.insta.the1s.de"],
-    watch: {
+    port: 8103,
-      usePolling: true,
+    watch: { usePolling: true },
+    hmr: {
+      host: "admin.insta.the1s.de",
+      port: 8103,
+      protocol: "wss",
     },
   },
 });

backendV2/info.json

@@ -1,11 +1,11 @@
 {
     "backend-info": {
-        "version": "v2.1 (dev)"
+        "version": "v2.1.1 (demo)"
     },
     "frontend-info": {
-        "version": "v2.1 (dev)"
+        "version": "v2.1.2 (demo)"
     },
     "admin-panel-info": {
-        "version": "v1.3.2 (dev)"
+        "version": "v1.3.2 (demo)"
     }
 }

backendV2/routes/admin/database/userDataMgmt.database.js

@@ -29,14 +29,14 @@ export const createUser = async (
 };
 
 export const deleteUserById = async (userId) => {
-  const [result] = await pool.query("DELETE FROM users WHERE id = ?", [userId]);
+  const [result] = await pool.query("DELETE FROM users WHERE id = ? AND secret_user = false", [userId]);
   if (result.affectedRows > 0) return { success: true };
   return { success: false };
 };
 
 export const changePassword = async (username, newPassword) => {
   const [result] = await pool.query(
-    "UPDATE users SET password = ?, entry_updated_at = NOW() WHERE username = ?",
+    "UPDATE users SET password = ?, entry_updated_at = NOW() WHERE username = ? AND secret_user = false",
     [newPassword, username],
   );
   if (result.affectedRows > 0) return { success: true };
@@ -52,7 +52,7 @@ export const editUserById = async (
   is_admin,
 ) => {
   const [result] = await pool.query(
-    "UPDATE users SET  first_name = ?, last_name = ?, role = ?, email = ?, is_admin = ?, entry_updated_at = NOW() WHERE id = ?",
+    "UPDATE users SET  first_name = ?, last_name = ?, role = ?, email = ?, is_admin = ?, entry_updated_at = NOW() WHERE id = ? AND secret_user = false",
     [first_name, last_name, role, email, is_admin, userId],
   );
   if (result.affectedRows > 0) return { success: true };
@@ -61,7 +61,7 @@ export const editUserById = async (
 
 export const getAllUsers = async () => {
   const [result] = await pool.query(
-    "SELECT id, username, first_name, last_name, role, email, is_admin, entry_created_at, entry_updated_at FROM users",
+    "SELECT id, username, first_name, last_name, role, email, is_admin, entry_created_at, entry_updated_at FROM users WHERE secret_user = false",
   );
   if (result.length > 0) return { success: true, data: result };
   return { success: false };
@@ -69,7 +69,7 @@ export const getAllUsers = async () => {
 
 export const getUserById = async (userId) => {
   const [rows] = await pool.query(
-    "SELECT id, username, first_name, last_name, role, email, is_admin FROM users WHERE id = ?",
+    "SELECT id, username, first_name, last_name, role, email, is_admin FROM users WHERE id = ? AND secret_user = false",
     [userId],
   );
   if (rows.length === 0) {

backendV2/routes/api/api.database.js

@@ -22,7 +22,7 @@ export const getItemsFromDatabaseV2 = async () => {
 export const getLoanByCodeV2 = async (loan_code) => {
   const [result] = await pool.query(
     "SELECT username, returned_date, take_date, lockers FROM loans WHERE loan_code = ?;",
-    [loan_code]
+    [loan_code],
   );
   if (result.length > 0) {
     return { success: true, data: result[0] };
@@ -33,7 +33,7 @@ export const getLoanByCodeV2 = async (loan_code) => {
 export const changeInSafeStateV2 = async (itemId) => {
   const [result] = await pool.query(
     "UPDATE items SET in_safe = NOT in_safe WHERE id = ?",
-    [itemId]
+    [itemId],
   );
   if (result.affectedRows > 0) {
     return { success: true };
@@ -42,50 +42,62 @@ export const changeInSafeStateV2 = async (itemId) => {
 };
 
 export const setReturnDateV2 = async (loanCode) => {
-  const [items] = await pool.query(
+  try {
-    "SELECT loaned_items_id FROM loans WHERE loan_code = ?",
+    const [items] = await pool.query(
-    [loanCode]
+      "SELECT loaned_items_id, username FROM loans WHERE loan_code = ?",
-  );
+      [loanCode],
+    );
 
-  const [owner] = await pool.query(
+    if (items.length === 0)
-    "SELECT username FROM loans WHERE loan_code = ?",
+      return { success: false, message: "No items found for loan" };
-    [loanCode]
-  );
 
-  if (items.length === 0) return { success: false };
+    const itemIds = Array.isArray(items[0].loaned_items_id)
+      ? items[0].loaned_items_id
+      : JSON.parse(items[0].loaned_items_id || "[]");
 
-  const itemIds = Array.isArray(items[0].loaned_items_id)
+    const [result] = await pool.query(
-    ? items[0].loaned_items_id
+      "UPDATE loans SET returned_date = NOW() WHERE loan_code = ? AND returned_date IS NULL",
-    : JSON.parse(items[0].loaned_items_id || "[]");
+      [loanCode],
+    );
 
-  const [setItemStates] = await pool.query(
+    if (result.affectedRows === 0) return { success: false };
-    "UPDATE items SET in_safe = 1, currently_borrowing = NULL, last_borrowed_person = (?) WHERE id IN (?)",
-    [owner[0].username, itemIds]
-  );
 
-  const [result] = await pool.query(
+    if (itemIds.length > 0) {
-    "UPDATE loans SET returned_date = NOW() WHERE loan_code = ?",
+      await pool.query(
-    [loanCode]
+        "UPDATE items SET in_safe = 1, currently_borrowing = NULL, last_borrowed_person = ? WHERE id IN (?)",
-  );
+        [items[0].username, itemIds],
+      );
+    }
 
-  if (result.affectedRows > 0 && setItemStates.affectedRows > 0) {
+    return { success: true, data: { returned: true } };
-    return { success: true };
+  } catch (error) {
+    console.error("setReturnDateV2 error:", error);
+    return { success: false, message: "Failed to set return date" };
   }
-  return { success: false };
 };
 
 export const setTakeDateV2 = async (loanCode) => {
+  const [isTaken] = await pool.query(
+    "SELECT take_date FROM loans WHERE loan_code = ?",
+    [loanCode],
+  );
+
+  if (isTaken.length === 0 || isTaken[0].take_date !== null) {
+    return { success: false, message: "Loan not found or already taken" };
+  }
+
   const [items] = await pool.query(
     "SELECT loaned_items_id FROM loans WHERE loan_code = ?",
-    [loanCode]
+    [loanCode],
   );
 
   const [owner] = await pool.query(
     "SELECT username FROM loans WHERE loan_code = ?",
-    [loanCode]
+    [loanCode],
   );
 
-  if (items.length === 0) return { success: false };
+  if (items.length === 0)
+    return { success: false, message: "No items found for loan" };
 
   const itemIds = Array.isArray(items[0].loaned_items_id)
     ? items[0].loaned_items_id
@@ -93,18 +105,18 @@ export const setTakeDateV2 = async (loanCode) => {
 
   const [setItemStates] = await pool.query(
     "UPDATE items SET in_safe = 0, currently_borrowing = (?) WHERE id IN (?)",
-    [owner[0].username, itemIds]
+    [owner[0].username, itemIds],
   );
 
   const [result] = await pool.query(
-    "UPDATE loans SET take_date = NOW() WHERE loan_code = ?",
+    "UPDATE loans SET take_date = NOW() WHERE loan_code = ? AND take_date IS NULL",
-    [loanCode]
+    [loanCode],
   );
 
   if (result.affectedRows > 0 && setItemStates.affectedRows > 0) {
     return { success: true };
   }
-  return { success: false };
+  return { message: "Failed to set take date", success: false };
 };
 
 export const getAllLoansV2 = async () => {
@@ -118,12 +130,12 @@ export const getAllLoansV2 = async () => {
 export const openDoor = async (doorKey) => {
   const [result] = await pool.query(
     "SELECT safe_nr, id FROM items WHERE door_key = ?;",
-    [doorKey]
+    [doorKey],
   );
   if (result.length > 0) {
     const [changeItemSate] = await pool.query(
       "UPDATE items SET in_safe = NOT in_safe WHERE id = ?",
-      [result[0].id]
+      [result[0].id],
     );
     if (changeItemSate.affectedRows > 0) {
       return { success: true, data: result[0] };

backendV2/routes/api/api.route.js

@@ -47,7 +47,7 @@ router.get(
     } else {
       res.status(404).json({ message: "Loan not found" });
     }
-  }
+  },
 );
 
 // Route for API to set the return date by the loan code
@@ -58,11 +58,11 @@ router.post(
     const loanCode = req.params.loan_code;
     const result = await setReturnDateV2(loanCode);
     if (result.success) {
-      res.status(200).json({ data: result.data });
+      res.status(200).json({});
     } else {
       res.status(500).json({ message: "Failed to set return date" });
     }
-  }
+  },
 );
 
 // Route for API to set the take away date by the loan code
@@ -73,11 +73,11 @@ router.post(
     const loanCode = req.params.loan_code;
     const result = await setTakeDateV2(loanCode);
     if (result.success) {
-      res.status(200).json({ data: result.data });
+      res.status(200).json({});
     } else {
-      res.status(500).json({ message: "Failed to set take date" });
+      res.status(500).json({ message: result.message });
     }
-  }
+  },
 );
 
 // Route for API to open a door

backendV2/routes/app/loanMgmt.route.js

@@ -62,6 +62,7 @@ router.post("/createLoan", authenticate, async (req, res) => {
         mailInfo.data.start_date,
         mailInfo.data.end_date,
         mailInfo.data.created_at,
+        mailInfo.data.note,
       );
       return res.status(201).json({
         message: "Loan created successfully",

backendV2/routes/app/services/mailer.js

@@ -34,7 +34,14 @@ const formatDateTime = (value) => {
   return "N/A";
 };
 
-function buildLoanEmail({ user, items, startDate, endDate, createdDate }) {
+function buildLoanEmail({
+  user,
+  items,
+  startDate,
+  endDate,
+  createdDate,
+  note,
+}) {
   const brand = process.env.MAIL_BRAND_COLOR || "#0ea5e9";
   const itemsList =
     Array.isArray(items) && items.length
@@ -116,6 +123,12 @@ function buildLoanEmail({ user, items, startDate, endDate, createdDate }) {
                   createdDate,
                 )}</td>
               </tr>
+              <tr>
+                <td style="padding:10px 14px; color:#6b7280; vertical-align:top;">Notiz</td>
+                <td style="padding:10px 14px; font-weight:600; color:#111827;">${
+                  note || "Keine Notiz"
+                }</td>
+              </tr>
             </tbody>
           </table>
           <p style="margin:22px 0 0 0; font-size:14px;">
@@ -134,7 +147,14 @@ function buildLoanEmail({ user, items, startDate, endDate, createdDate }) {
 </html>`;
 }
 
-function buildLoanEmailText({ user, items, startDate, endDate, createdDate }) {
+function buildLoanEmailText({
+  user,
+  items,
+  startDate,
+  endDate,
+  createdDate,
+  note,
+}) {
   const itemsText =
     Array.isArray(items) && items.length ? items.join(", ") : "N/A";
   return [
@@ -145,10 +165,18 @@ function buildLoanEmailText({ user, items, startDate, endDate, createdDate }) {
     `Start: ${formatDateTime(startDate)}`,
     `Ende: ${formatDateTime(endDate)}`,
     `Erstellt am: ${formatDateTime(createdDate)}`,
+    `Notiz: ${note || "Keine Notiz"}`,
   ].join("\n");
 }
 
-export function sendMailLoan(user, items, startDate, endDate, createdDate) {
+export function sendMailLoan(
+  user,
+  items,
+  startDate,
+  endDate,
+  createdDate,
+  note,
+) {
   const transporter = nodemailer.createTransport({
     host: process.env.MAIL_HOST,
     port: process.env.MAIL_PORT,
@@ -170,8 +198,16 @@ export function sendMailLoan(user, items, startDate, endDate, createdDate) {
         startDate,
         endDate,
         createdDate,
+        note,
+      }),
+      html: buildLoanEmail({
+        user,
+        items,
+        startDate,
+        endDate,
+        createdDate,
+        note,
       }),
-      html: buildLoanEmail({ user, items, startDate, endDate, createdDate }),
     });
 
     console.log("Loan message sent:", info.messageId);

backendV2/schemeV2.mock.sql

@@ -0,0 +1,100 @@
+USE borrow_system_new;
+
+-- USERS
+INSERT INTO users (username, password, email, first_name, last_name, role, is_admin)
+VALUES
+  ('user1', 'passwordhash1', 'user1@example.com', 'First1', 'Last1', 1, false),
+  ('user2', 'passwordhash2', 'user2@example.com', 'First2', 'Last2', 1, false),
+  ('user3', 'passwordhash3', 'user3@example.com', 'First3', 'Last3', 2, false),
+  ('admin1', 'passwordhash4', 'admin1@example.com', 'Admin',  'One',  9, true),
+  ('admin2', 'passwordhash5', 'admin2@example.com', 'Admin',  'Two',  9, true);
+
+-- ITEMS
+INSERT INTO items (item_name, can_borrow_role, in_safe, safe_nr, door_key, last_borrowed_person, currently_borrowing)
+VALUES
+  ('Item1', 1, true,  1, 101, NULL, NULL),
+  ('Item2', 1, true,  2, 102, 'user1', 'user1'),
+  ('Item3', 2, true,  3, 103, 'user2', NULL),
+  ('Item4', 1, false, NULL, NULL, NULL, NULL),
+  ('Item5', 2, false, NULL, NULL, 'user3', 'user3');
+
+-- LOANS
+INSERT INTO loans (
+  username,
+  lockers,
+  loan_code,
+  start_date,
+  end_date,
+  take_date,
+  returned_date,
+  created_at,
+  loaned_items_id,
+  loaned_items_name,
+  deleted,
+  note
+)
+VALUES
+  (
+    'user1',
+    JSON_ARRAY('Locker1', 'Locker2'),
+    '123456',
+    '2026-02-01 09:00:00',
+    '2026-02-10 17:00:00',
+    '2026-02-01 09:15:00',
+    NULL,
+    '2026-02-01 09:00:00',
+    JSON_ARRAY(1, 2),
+    JSON_ARRAY('Item1', 'Item2'),
+    false,
+    'Erste allgemeine Ausleihe'
+  ),
+  (
+    'user2',
+    JSON_ARRAY('Locker3'),
+    '234567',
+    '2026-02-02 10:00:00',
+    '2026-02-05 16:00:00',
+    '2026-02-02 10:05:00',
+    '2026-02-05 15:30:00',
+    '2026-02-02 10:00:00',
+    JSON_ARRAY(3),
+    JSON_ARRAY('Item3'),
+    false,
+    'Zurückgegeben vor Enddatum'
+  ),
+  (
+    'user3',
+    JSON_ARRAY(),
+    '345678',
+    '2026-02-03 08:30:00',
+    '2026-02-15 18:00:00',
+    NULL,
+    NULL,
+    '2026-02-03 08:30:00',
+    JSON_ARRAY(5),
+    JSON_ARRAY('Item5'),
+    false,
+    'Noch ausgeliehen'
+  ),
+  (
+    'user1',
+    JSON_ARRAY('Locker4'),
+    '456789',
+    '2025-12-01 09:00:00',
+    '2025-12-03 17:00:00',
+    '2025-12-01 09:10:00',
+    '2025-12-03 16:45:00',
+    '2025-12-01 09:00:00',
+    JSON_ARRAY(1),
+    JSON_ARRAY('Item1'),
+    true,
+    'Alte, gelöschte Ausleihe'
+  );
+
+-- API KEYS
+INSERT INTO apiKeys (api_key, entry_name)
+VALUES
+  ('10000001', 'Entry1'),
+  ('10000002', 'Entry2'),
+  ('10000003', 'Entry3'),
+  ('10000004', 'Entry4');

backendV2/schemeV2.mock_data.sql

@@ -1,120 +0,0 @@
-USE borrow_system_new;
-
--- Reset tables (no FKs defined, so order is safe)
-SET FOREIGN_KEY_CHECKS = 0;
-TRUNCATE TABLE loans;
-TRUNCATE TABLE apiKeys;
-TRUNCATE TABLE items;
-TRUNCATE TABLE users;
-SET FOREIGN_KEY_CHECKS = 1;
-
--- Users (roles 1–6, plain-text passwords; is_admin is BOOL)
-INSERT INTO users (username, password, email, first_name, last_name, role, is_admin) VALUES
-('admin',  'adminpass', 'admin@example.com',  'System', 'Admin',   6, TRUE),
-('alice',  'alice123',  'alice@example.com',  'Alice',  'Andersen',1, FALSE),
-('bob',    'bob12345',  'bob@example.com',    'Bob',    'Berg',    2, FALSE),
-('carol',  'carol123',  'carol@example.com',  'Carol',  'Christensen', 3, FALSE),
-('dave',   'dave123',   'dave@example.com',   'Dave',   'Dahl',    4, FALSE),
-('erin',   'erin123',   'erin@example.com',   'Erin',   'Enevoldsen', 5, FALSE),
-('frank',  'frank123',  'frank@example.com',  'Frank',  'Fisher',  2, FALSE),
-('grace',  'grace123',  'grace@example.com',  'Grace',  'Gundersen',1, FALSE),
-('heidi',  'heidi123',  'heidi@example.com',  'Heidi',  'Hansen',  4, FALSE),
-('tech',   'techpass',  'tech@example.com',   'Tech',   'User',    5, TRUE);
-
--- Items (safe_nr is two digits or NULL; matches CHECK and UNIQUE constraint)
-INSERT INTO items (item_name, can_borrow_role, in_safe, safe_nr, last_borrowed_person, currently_borrowing) VALUES
-('Laptop A',           2, FALSE, NULL, 'grace',  'bob'),
-('Laptop B',           2, TRUE,  '01', NULL,     NULL),
-('Camera Canon',       3, TRUE,  '02', 'erin',   NULL),
-('Microphone Rode',    1, TRUE,  '03', 'grace',  NULL),
-('Tripod Manfrotto',   1, TRUE,  '04', 'frank',  NULL),
-('Oscilloscope Tek',   4, TRUE,  '05', NULL,     NULL),
-('VR Headset',         3, FALSE, NULL, 'heidi',  'carol'),
-('Keycard Programmer', 6, TRUE,  '06', 'admin',  NULL);
-
--- Loans (JSON strings, 6-digit numeric loan_code per CHECK)
--- Assumes the items above have ids 1..8 in insert order
-INSERT INTO loans (
-  username,
-  lockers,
-  loan_code,
-  start_date,
-  end_date,
-  take_date,
-  returned_date,
-  loaned_items_id,
-  loaned_items_name,
-  deleted,
-  note
-) VALUES
--- Active loan: bob has Laptop A (item id 1, locker "01")
-('bob',
-  '["01"]',
-  '123456',
-  '2025-11-15 09:00:00',
-  '2025-11-22 17:00:00',
-  '2025-11-15 09:15:00',
-  NULL,
-  '[1]',
-  '["Laptop A"]',
-  FALSE,
-  'Active loan - Laptop A'
-),
--- Returned loan: frank had Tripod Manfrotto (item id 5, locker "04")
-('frank',
-  '["04"]',
-  '234567',
-  '2025-10-01 10:00:00',
-  '2025-10-07 16:00:00',
-  '2025-10-01 10:05:00',
-  '2025-10-05 15:30:00',
-  '[5]',
-  '["Tripod Manfrotto"]',
-  FALSE,
-  'Completed loan'
-),
--- Future reservation: dave will take Oscilloscope Tek (item id 6, locker "05")
-('dave',
-  '["05"]',
-  '345678',
-  '2025-12-10 09:00:00',
-  '2025-12-12 17:00:00',
-  NULL,
-  NULL,
-  '[6]',
-  '["Oscilloscope Tek"]',
-  FALSE,
-  'Reserved'
-),
--- Active loan: carol has VR Headset (item id 7, locker "02")
-('carol',
-  '["02"]',
-  '456789',
-  '2025-11-10 13:00:00',
-  '2025-11-20 12:00:00',
-  '2025-11-10 13:10:00',
-  NULL,
-  '[7]',
-  '["VR Headset"]',
-  FALSE,
-  'Active loan - VR Headset'
-),
--- Soft-deleted historic loan: grace had Microphone + Tripod (item ids 4,5; lockers "03","04")
-('grace',
-  '["03","04"]',
-  '567890',
-  '2025-09-01 09:00:00',
-  '2025-09-03 17:00:00',
-  '2025-09-01 09:10:00',
-  '2025-09-03 16:45:00',
-  '[4,5]',
-  '["Microphone Rode","Tripod Manfrotto"]',
-  TRUE,
-  'Canceled/soft-deleted record'
-);
-
--- API keys (8-digit numeric keys per CHECK)
-INSERT INTO apiKeys (api_key, entry_name, last_used_at) VALUES
-('12345678', 'CI token',     '2025-11-15 08:00:00'),
-('87654321', 'Local dev',    NULL),
-('00000001', 'Monitoring',   '2025-11-10 12:30:00');

backendV2/schemeV2.sql

@@ -11,6 +11,7 @@ CREATE TABLE users (
   is_admin bool NOT NULL DEFAULT false,
   entry_created_at timestamp NULL DEFAULT CURRENT_TIMESTAMP,
   entry_updated_at timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  secret_user bool NOT NULL DEFAULT false,
   PRIMARY KEY (id)
 ) ENGINE=InnoDB;
 

backendV2/server.js

@@ -20,7 +20,7 @@ import apiRouter from "./routes/api/api.route.js";
 
 env.config();
 const app = express();
-const port = 8004;
+const port = 8102;
 
 app.use(cors());
 // Body-Parser VOR den Routen registrieren

docker-compose.yml

@@ -1,35 +1,37 @@
 services:
-  #  usr-frontend_v2:
+  demo_usr_frontend:
-  #    container_name: borrow_system-usr-frontend
+    container_name: demo_borrow_system-usr-frontend
-  #    build: ./FrontendV2
+    networks:
-  #    ports:
+      - proxynet
-  #      - "8001:80"
+    build: ./FrontendV2
-  #    restart: unless-stopped
+    restart: unless-stopped
 
-  #  admin-frontend:
+  demo_admin_frontend:
-  #    container_name: borrow_system-admin-frontend
+    container_name: demo_borrow_system-admin-frontend
-  #    build: ./admin
+    networks:
-  #    ports:
+      - proxynet
-  #      - "8003:80"
+    build: ./admin
-  #    restart: unless-stopped
+    restart: unless-stopped
 
-  backend_v2:
+  demo_backend_v2:
-    container_name: borrow_system-backend_v2
+    container_name: demo_borrow_system-backend_v2
+    networks:
+      - proxynet
     build: ./backendV2
-    ports:
-      - "8004:8004"
     environment:
       NODE_ENV: production
-      DB_HOST: mysql_v2
+      DB_HOST: demo_mysql_v2
       DB_USER: root
       DB_PASSWORD: ${DB_PASSWORD_V2}
       DB_NAME: borrow_system_new
     depends_on:
-      - mysql_v2
+      - demo_mysql_v2
     restart: unless-stopped
 
-  mysql_v2:
+  demo_mysql_v2:
-    container_name: borrow_system-mysql-v2
+    container_name: demo_borrow_system-mysql-v2
+    networks:
+      - proxynet
     image: mysql:8.0
     restart: unless-stopped
     environment:
@@ -37,11 +39,13 @@ services:
       MYSQL_DATABASE: borrow_system_new
       TZ: Europe/Berlin
     volumes:
-      - mysql-v2-data:/var/lib/mysql
+      - demo_mysql-v2-data:/var/lib/mysql
       - ./mysql-timezone.cnf:/etc/mysql/conf.d/timezone.cnf:ro
-    ports:
-      - "3310:3306"
 
 volumes:
   mysql-data:
-  mysql-v2-data:
+  demo_mysql-v2-data:
+
+networks:
+  proxynet:
+    external: true