Merge branch 'dev' into debian12

Docs/backend_API_docs/README.md

@@ -1,177 +1,366 @@
 # Borrow System API Documentation
 
-## Overview
+**Frontend:** https://insta.the1s.de  
+**Backend base URL:** `https://insta.the1s.de/backend/api`
 
-The Borrow System API provides endpoints for managing items, loans, and door access for a borrowing/locker system. All endpoints require authentication via an 8-digit API key passed as a URL parameter.
+---
 
 ## Authentication
 
-All requests must include a valid API key in the URL path as the `:key` parameter. API keys are 8-digit numeric strings.
+All API endpoints require **either**:
+
+### 1. Bearer Token (JWT)
+
+Send an `Authorization` header:
+
+```http
+Authorization: Bearer <JWT_TOKEN>
+```
+
+- Used for user-based access.
+- Token must be valid and not expired.
+
+### 2. API Key (for devices / machine-to-machine)
+
+Include an API key in the route as `:key` parameter:
+
+```text
+/api/.../:key/...
+```
+
+Example:
+
+```http
+GET /api/items/12345678
+```
+
+Where `12345678` is your API key.  
+The API key is validated server-side.
+
+---
+
+## Common Response Codes
+
+- `200 OK` – Request was successful.
+- `401 Unauthorized` – Missing or malformed credentials.
+- `403 Forbidden` – Credentials invalid or not allowed to access this resource.
+- `404 Not Found` – Resource (e.g., loan) not found.
+- `500 Internal Server Error` – Unexpected server error.
+
+---
 
 ## Endpoints
 
-The Base URL for all endpoints is: `https://insta.the1s.de/backend/api`
+### 1. Get All Items
 
-### Get All Items
+**GET** `/api/items/:key`
 
-`GET /items/:key`
+Returns a list of all items.
 
-Returns all items in the system.
+#### Path Parameters
 
-**Response 200:**
+- `:key` – API key (8-digit number)
+
+#### Authentication
+
+- Either:
+  - Valid `Authorization: Bearer <token>`
+  - Or valid `:key` path parameter
+
+#### Request Example
+
+```http
+GET /api/items/12345678 HTTP/1.1
+Host: backend.insta.the1s.de
+Authorization: Bearer <JWT_TOKEN>
+```
+
+#### Successful Response (200)
 
 ```json
 {
   "data": [
     {
       "id": 1,
-      "item_name": "Laptop",
-      "can_borrow_role": 1,
-      "in_safe": true,
+      "item_name": "DJI 1er Mikro",
+      "can_borrow_role": 4,
+      "inSafe": 1,
       "safe_nr": 3,
-      "door_key": 101,
-      "last_borrowed_person": "jdoe",
+      "door_key": "123",
+      "entry_created_at": "2025-08-19T22:02:16.000Z",
+      "entry_updated_at": "2025-08-19T22:02:16.000Z",
+      "last_borrowed_person": "alice",
       "currently_borrowing": null
     }
   ]
 }
 ```
 
-**Response 500:**
+#### Error Response (500)
 
 ```json
-{ "message": "Failed to fetch items" }
+{
+  "message": "Failed to fetch items"
+}
 ```
 
 ---
 
-### Change Item Safe State
+### 2. Toggle Item Safe State
 
-`POST /change-state/:key/:itemId`
+Toggles `in_safe` between `0` and `1` for a given item.
 
-Toggles the `in_safe` boolean state of an item.
+**Keep in mind that when you return a loan by code, the item states are automatically updated.**
 
-**URL Parameters:**
+**POST** `/api/change-state/:key/:itemId`
 
-- **key** - API key
-- **itemId** - The item's ID
+#### Path Parameters
 
-**Response 200:** Returns on successful toggle.
+- `:key` – API key (8-digit number)
+- `:itemId` – Item ID (integer)
 
-**Response 500:**
+#### Authentication
+
+- Either Bearer token or `:key` API key.
+
+#### Request Example
+
+```http
+POST /api/change-state/12345678/42 HTTP/1.1
+Host: backend.insta.the1s.de
+```
+
+#### Successful Response (200)
 
 ```json
-{ "message": "Failed to update item state" }
+{
+  "data": {}
+}
+```
+
+_(Implementation currently only returns `{ success: true }`, so `data` may be empty.)_
+
+#### Error Response (500)
+
+```json
+{
+  "message": "Failed to update item state"
+}
 ```
 
 ---
 
-### Get Loan by Code
+### 3. Get Loan by Code
 
-`GET /get-loan-by-code/:key/:loan_code`
+Fetch loan information by `loan_code`.
 
-Retrieves loan details by its 6-digit loan code.
+**GET** `/api/get-loan-by-code/:key/:loan_code`
 
-**URL Parameters:**
+#### Path Parameters
 
-- **key** - API key
-- **loan_code** - A 6-digit numeric loan code
+- `:key` – API key (8-digit number)
+- `:loan_code` – Loan code (string)
 
-**Response 200:**
+#### Authentication
+
+- Either Bearer token or `:key` API key.
+
+#### Request Example
+
+```http
+GET /api/get-loan-by-code/12345678/12345 HTTP/1.1
+Host: backend.insta.the1s.de
+```
+
+#### Successful Response (200)
 
 ```json
 {
   "data": {
-    "username": "jdoe",
+    "username": "john",
     "returned_date": null,
-    "take_date": "2024-01-15T10:30:00.000Z",
-    "lockers": [1, 3]
+    "take_date": "2025-01-01T10:00:00.000Z",
+    "lockers": "[1, 2, 3]"
   }
 }
 ```
 
-**Response 404:**
+#### Error Response (404)
 
 ```json
-{ "message": "Loan not found" }
+{
+  "message": "Loan not found"
+}
 ```
 
 ---
 
-### Set Take Date
+### 4. Set Loan Return Date
 
-`POST /set-take-date/:key/:loan_code`
+Sets `returned_date = NOW()` on a loan and updates related items:
 
-Records when items are physically taken by setting `take_date` to the current timestamp. Updates associated items to `in_safe = false` and sets `currently_borrowing` to the loan's username.
+- `in_safe = 1`
+- `currently_borrowing = NULL`
+- `last_borrowed_person = username`
 
-**URL Parameters:**
+**POST** `/api/set-return-date/:key/:loan_code`
 
-- **key** - API key
-- **loan_code** - A 6-digit numeric loan code
+#### Path Parameters
 
-**Response 200:** Empty JSON object on success.
+- `:key` – API key (8-digit number)
+- `:loan_code` – Loan code (string)
 
-**Response 500:**
+#### Authentication
 
-```json
-{ "message": "Loan not found or already taken" }
+- Either Bearer token or `:key` API key.
+
+#### Request Example
+
+```http
+POST /api/set-return-date/12345678/12345 HTTP/1.1
+Host: backend.insta.the1s.de
 ```
 
-> **Note:** This endpoint will fail if the loan has already been taken or does not exist.
+#### Successful Response (200)
+
+```json
+{
+  "data": {}
+}
+```
+
+#### Error Response (500)
+
+```json
+{
+  "message": "Failed to set return date"
+}
+```
 
 ---
 
-### Set Return Date
+### 5. Set Loan Take Date
 
-`POST /set-return-date/:key/:loan_code`
+Sets `take_date = NOW()` on a loan and updates related items:
 
-Marks a loan as returned by setting `returned_date` to the current timestamp. Also updates all associated items to `in_safe = true`, clears `currently_borrowing`, and sets `last_borrowed_person`. Therefore, keep in mind that you must not call other endpoints that will change the safe state of an item after or before calling this endpoint, otherwise the state of the items will be inconsistent.
+- `in_safe = 0`
+- `currently_borrowing = username`
 
-**URL Parameters:**
+**POST** `/api/set-take-date/:key/:loan_code`
 
-- **key** - API key
-- **loan_code** - A 6-digit numeric loan code
+#### Path Parameters
 
-**Response 200:** Empty JSON object on success.
+- `:key` – API key (8-digit number)
+- `:loan_code` – Loan code (string)
 
-**Response 500:**
+#### Authentication
 
-```json
-{ "message": "Failed to set return date" }
+- Either Bearer token or `:key` API key.
+
+#### Request Example
+
+```http
+POST /api/set-take-date/12345678/LOAN-12345 HTTP/1.1
+Host: backend.insta.the1s.de
 ```
 
-> **Note:** This endpoint will fail if the loan has already been returned (i.e., `returned_date` is not `NULL`).
+#### Successful Response (200)
+
+```json
+{
+  "data": {}
+}
+```
+
+#### Error Response (500)
+
+```json
+{
+  "message": "Failed to set take date"
+}
+```
 
 ---
 
-### Open Door
+### 6. Open Door by Door Key
 
-`GET /open-door/:key/:doorKey`
+Looks up an item by its `door_key`, toggles `in_safe`, and returns safe information.
 
-Toggles the safe state of an item identified by its door key and returns the associated safe number.
+**GET** `/api/open-door/:key/:doorKey`
 
-**URL Parameters:**
+#### Path Parameters
 
-- **key** - API key
-- **doorKey** - The door key identifier assigned to an item
+- `:key` – API key (8-digit number)
+- `:doorKey` – Door key/token (string) used by hardware to identify the locker.
 
-**Response 200:**
+#### Authentication
+
+- Either Bearer token or `:key` API key.
+
+#### Request Example
+
+```http
+GET /api/open-door/12345678/123 HTTP/1.1
+Host: backend.insta.the1s.de
+```
+
+#### Successful Response (200)
 
 ```json
 {
   "data": {
-    "safe_nr": 3,
-    "id": 1
+    "safe_nr": 5,
+    "id": 42
   }
 }
 ```
 
-**Response 500:**
+#### Error Response (500)
 
 ```json
-{ "message": "Failed to open door" }
+{
+  "message": "Failed to open door"
+}
 ```
 
-## Error Handling
+---
 
-All endpoints return a `500` status code for server-side failures and a JSON body with a `message` field, except for **Get Loan by Code** which returns `404` when no matching loan is found.
+## Authentication Error Messages
+
+### Missing credentials
+
+Status: `401`
+
+```json
+{
+  "message": "Unauthorized"
+}
+```
+
+### Invalid JWT
+
+Status: `403`
+
+```json
+{
+  "message": "Present token invalid"
+}
+```
+
+### Invalid API Key
+
+Status: `403`
+
+```json
+{
+  "message": "API Key invalid"
+}
+```
+
+---
+
+## Notes
+
+- All responses are JSON.
+- Time fields like `take_date` and `returned_date` are in the format returned by MySQL (usually ISO-like strings).
+- `loaned_items_id` in the database is stored as a JSON array string (e.g. `"[1,2,3]"`) and is parsed internally; clients do not interact with this field directly via current endpoints.

FrontendV2/nginx.conf

@@ -14,7 +14,7 @@ server {
   }
 
   location /backend/ {
-    proxy_pass http://borrow_system-backend_v2:8004/;
+    proxy_pass http://borrow_system-backend_v2:8102/;
   }
 
   location ~* \.(?:js|mjs|css|png|jpg|jpeg|gif|ico|svg|woff2?)$ {

FrontendV2/src/components/Header.tsx

@@ -142,7 +142,7 @@ export const Header = () => {
                 value="help"
                 onSelect={() =>
                   window.open(
-                    "https://git.the1s.de/Matthias-Claudius-Schule/borrow-system/wiki/?action=_pages",
+                    "https://git.the1s.de/Matthias-Claudius-Schule/borrow-system/wiki",
                     "_blank",
                     "noopener,noreferrer",
                   )
@@ -279,7 +279,7 @@ export const Header = () => {
           </Button>
 
           <a
-            href="https://git.the1s.de/Matthias-Claudius-Schule/borrow-system/wiki/?action=_pages"
+            href="https://git.the1s.de/Matthias-Claudius-Schule/borrow-system/wiki"
             target="_blank"
           >
             <Button variant="ghost">

FrontendV2/src/components/ui/provider.tsx

@@ -1,15 +1,23 @@
-"use client"
+"use client";
 
-import { ChakraProvider, defaultSystem } from "@chakra-ui/react"
-import {
-  ColorModeProvider,
-  type ColorModeProviderProps,
-} from "./color-mode"
+import { ChakraProvider, defaultSystem } from "@chakra-ui/react";
+import * as React from "react";
+import type { ReactNode } from "react";
+import { ColorModeProvider as ThemeColorModeProvider } from "./color-mode";
 
-export function Provider(props: ColorModeProviderProps) {
+export interface ColorModeProviderProps {
+  children: React.ReactNode;
+}
+
+export function ColorModeProvider({ children }: ColorModeProviderProps) {
+  // Wrap children with the real color-mode provider
+  return <ThemeColorModeProvider>{children}</ThemeColorModeProvider>;
+}
+
+export function Provider({ children }: { children: ReactNode }) {
   return (
     <ChakraProvider value={defaultSystem}>
-      <ColorModeProvider {...props} />
+      <ColorModeProvider>{children}</ColorModeProvider>
     </ChakraProvider>
-  )
+  );
 }

FrontendV2/src/pages/Landingpage.tsx

@@ -9,13 +9,12 @@ import {
   Card,
   SimpleGrid,
   Button,
-  Container,
 } from "@chakra-ui/react";
 import MyAlert from "@/components/myChakra/MyAlert";
 import { useTranslation } from "react-i18next";
 import { API_BASE } from "@/config/api.config";
 import Cookies from "js-cookie";
-import { Header } from "@/components/Header";
+import { useNavigate } from "react-router-dom";
 
 export const formatDateTime = (value: string | null | undefined) => {
   if (!value) return "N/A";
@@ -33,7 +32,6 @@ type Loan = {
   returned_date: string | null;
   take_date: string | null;
   loaned_items_name: string[] | string;
-  note: string | null;
 };
 
 type Device = {
@@ -48,6 +46,7 @@ type Device = {
 
 const Landingpage: React.FC = () => {
   const { t } = useTranslation();
+  const navigate = useNavigate();
 
   const [isLoading, setIsLoading] = useState(false);
   const [loans, setLoans] = useState<Loan[]>([]);
@@ -60,7 +59,7 @@ const Landingpage: React.FC = () => {
   const setError = (
     status: "error" | "success",
     message: string,
-    description: string,
+    description: string
   ) => {
     setIsError(false);
     setErrorStatus(status);
@@ -86,7 +85,7 @@ const Landingpage: React.FC = () => {
           setError(
             "error",
             t("error-by-loading"),
-            t("unexpected-date-format_loan"),
+            t("unexpected-date-format_loan")
           );
         }
 
@@ -103,7 +102,7 @@ const Landingpage: React.FC = () => {
           setError(
             "error",
             t("error-by-loading"),
-            t("unexpected-date-format_device"),
+            t("unexpected-date-format_device")
           );
         }
       } catch (e) {
@@ -116,8 +115,14 @@ const Landingpage: React.FC = () => {
   }, []);
 
   return (
-    <Container className="px-6 sm:px-8 pt-10">
-      <Header />
+    <>
+      <Heading as="h1" size="lg" mb={2}>
+        Matthias-Claudius-Schule Technik
+      </Heading>
+
+      <Button onClick={() => navigate("/", { replace: true })}>
+        {t("back")}
+      </Button>
 
       <Heading as="h2" size="md" mb={4}>
         {t("all-loans")}
@@ -163,9 +168,6 @@ const Landingpage: React.FC = () => {
               <Table.ColumnHeader>
                 <strong>{t("return-date")}</strong>
               </Table.ColumnHeader>
-              <Table.ColumnHeader>
-                <strong>{t("note")}</strong>
-              </Table.ColumnHeader>
             </Table.Row>
           </Table.Header>
           <Table.Body>
@@ -182,7 +184,6 @@ const Landingpage: React.FC = () => {
                 </Table.Cell>
                 <Table.Cell>{formatDateTime(loan.take_date)}</Table.Cell>
                 <Table.Cell>{formatDateTime(loan.returned_date)}</Table.Cell>
-                <Table.Cell>{loan.note}</Table.Cell>
               </Table.Row>
             ))}
           </Table.Body>
@@ -259,7 +260,7 @@ const Landingpage: React.FC = () => {
           </HStack>
         </Button>
       </HStack>
-    </Container>
+    </>
   );
 };
 

FrontendV2/vite.config.ts

@@ -1,16 +1,23 @@
 import { defineConfig } from "vite";
-import react from "@vitejs/plugin-react";
-import svgr from "vite-plugin-svgr";
 import tailwindcss from "@tailwindcss/vite";
-import tsconfigPaths from "vite-tsconfig-paths";
+import path from "node:path";
 
 export default defineConfig({
-  plugins: [react(), svgr(), tailwindcss(), tsconfigPaths()],
+  plugins: [tailwindcss()],
+  resolve: {
+    alias: {
+      "@": path.resolve(__dirname, "src"),
+    },
+  },
   server: {
     host: "0.0.0.0",
-    port: 8001,
-    watch: {
-      usePolling: true,
+    allowedHosts: ["insta.the1s.de"],
+    port: 8101,
+    watch: { usePolling: true },
+    hmr: {
+      host: "insta.the1s.de",
+      port: 8101,
+      protocol: "wss",
     },
   },
 });

admin/nginx.conf

@@ -14,7 +14,7 @@ server {
   }
 
   location /backend/ {
-    proxy_pass http://borrow_system-backend_v2:8004/;
+    proxy_pass http://borrow_system-backend_v2:8102/;
   }
 
   location ~* \.(?:js|mjs|css|png|jpg|jpeg|gif|ico|svg|woff2?)$ {

admin/vite.config.ts

@@ -8,9 +8,13 @@ export default defineConfig({
   plugins: [react(), svgr(), tailwindcss(), tsconfigPaths()],
   server: {
     host: "0.0.0.0",
-    port: 8003,
-    watch: {
-      usePolling: true,
+    allowedHosts: ["admin.insta.the1s.de"],
+    port: 8103,
+    watch: { usePolling: true },
+    hmr: {
+      host: "admin.insta.the1s.de",
+      port: 8103,
+      protocol: "wss",
     },
   },
 });

backendV2/info.json

@@ -1,11 +1,11 @@
 {
     "backend-info": {
-        "version": "v2.1.1 (demo)"
+        "version": "v2.1"
     },
     "frontend-info": {
-        "version": "v2.1.2 (demo)"
+        "version": "v2.1"
     },
     "admin-panel-info": {
-        "version": "v1.3.2 (demo)"
+        "version": "v1.3.2"
     }
 }

backendV2/schemeV2.mock.sql

@@ -1,100 +0,0 @@
-USE borrow_system_new;
-
--- USERS
-INSERT INTO users (username, password, email, first_name, last_name, role, is_admin)
-VALUES
-  ('user1', 'passwordhash1', 'user1@example.com', 'First1', 'Last1', 1, false),
-  ('user2', 'passwordhash2', 'user2@example.com', 'First2', 'Last2', 1, false),
-  ('user3', 'passwordhash3', 'user3@example.com', 'First3', 'Last3', 2, false),
-  ('admin1', 'passwordhash4', 'admin1@example.com', 'Admin',  'One',  9, true),
-  ('admin2', 'passwordhash5', 'admin2@example.com', 'Admin',  'Two',  9, true);
-
--- ITEMS
-INSERT INTO items (item_name, can_borrow_role, in_safe, safe_nr, door_key, last_borrowed_person, currently_borrowing)
-VALUES
-  ('Item1', 1, true,  1, 101, NULL, NULL),
-  ('Item2', 1, true,  2, 102, 'user1', 'user1'),
-  ('Item3', 2, true,  3, 103, 'user2', NULL),
-  ('Item4', 1, false, NULL, NULL, NULL, NULL),
-  ('Item5', 2, false, NULL, NULL, 'user3', 'user3');
-
--- LOANS
-INSERT INTO loans (
-  username,
-  lockers,
-  loan_code,
-  start_date,
-  end_date,
-  take_date,
-  returned_date,
-  created_at,
-  loaned_items_id,
-  loaned_items_name,
-  deleted,
-  note
-)
-VALUES
-  (
-    'user1',
-    JSON_ARRAY('Locker1', 'Locker2'),
-    '123456',
-    '2026-02-01 09:00:00',
-    '2026-02-10 17:00:00',
-    '2026-02-01 09:15:00',
-    NULL,
-    '2026-02-01 09:00:00',
-    JSON_ARRAY(1, 2),
-    JSON_ARRAY('Item1', 'Item2'),
-    false,
-    'Erste allgemeine Ausleihe'
-  ),
-  (
-    'user2',
-    JSON_ARRAY('Locker3'),
-    '234567',
-    '2026-02-02 10:00:00',
-    '2026-02-05 16:00:00',
-    '2026-02-02 10:05:00',
-    '2026-02-05 15:30:00',
-    '2026-02-02 10:00:00',
-    JSON_ARRAY(3),
-    JSON_ARRAY('Item3'),
-    false,
-    'Zurückgegeben vor Enddatum'
-  ),
-  (
-    'user3',
-    JSON_ARRAY(),
-    '345678',
-    '2026-02-03 08:30:00',
-    '2026-02-15 18:00:00',
-    NULL,
-    NULL,
-    '2026-02-03 08:30:00',
-    JSON_ARRAY(5),
-    JSON_ARRAY('Item5'),
-    false,
-    'Noch ausgeliehen'
-  ),
-  (
-    'user1',
-    JSON_ARRAY('Locker4'),
-    '456789',
-    '2025-12-01 09:00:00',
-    '2025-12-03 17:00:00',
-    '2025-12-01 09:10:00',
-    '2025-12-03 16:45:00',
-    '2025-12-01 09:00:00',
-    JSON_ARRAY(1),
-    JSON_ARRAY('Item1'),
-    true,
-    'Alte, gelöschte Ausleihe'
-  );
-
--- API KEYS
-INSERT INTO apiKeys (api_key, entry_name)
-VALUES
-  ('10000001', 'Entry1'),
-  ('10000002', 'Entry2'),
-  ('10000003', 'Entry3'),
-  ('10000004', 'Entry4');

backendV2/server.js

@@ -20,7 +20,7 @@ import apiRouter from "./routes/api/api.route.js";
 
 env.config();
 const app = express();
-const port = 8004;
+const port = 8102;
 
 app.use(cors());
 // Body-Parser VOR den Routen registrieren

docker-compose.yml

@@ -1,23 +1,23 @@
 services:
-  #  usr-frontend_v2:
-  #    container_name: borrow_system-usr-frontend
-  #    build: ./FrontendV2
-  #    ports:
-  #      - "8001:80"
-  #    restart: unless-stopped
+  usr-frontend_v2:
+    container_name: borrow_system-usr-frontend
+    networks:
+      - proxynet
+    build: ./FrontendV2
+    restart: unless-stopped
 
-  #  admin-frontend:
-  #    container_name: borrow_system-admin-frontend
-  #    build: ./admin
-  #    ports:
-  #      - "8003:80"
-  #    restart: unless-stopped
+  admin-frontend:
+    container_name: borrow_system-admin-frontend
+    networks:
+      - proxynet
+    build: ./admin
+    restart: unless-stopped
 
   backend_v2:
     container_name: borrow_system-backend_v2
+    networks:
+      - proxynet
     build: ./backendV2
-    ports:
-      - "8004:8004"
     environment:
       NODE_ENV: production
       DB_HOST: mysql_v2
@@ -30,6 +30,8 @@ services:
 
   mysql_v2:
     container_name: borrow_system-mysql-v2
+    networks:
+      - proxynet
     image: mysql:8.0
     restart: unless-stopped
     environment:
@@ -39,9 +41,11 @@ services:
     volumes:
       - mysql-v2-data:/var/lib/mysql
       - ./mysql-timezone.cnf:/etc/mysql/conf.d/timezone.cnf:ro
-    ports:
-      - "3310:3306"
 
 volumes:
   mysql-data:
   mysql-v2-data:
+
+networks:
+  proxynet:
+    external: true