update changeSafeState function to use PUT method for state changes

chaged ports accordingly
Merge branch 'dev_v1-admin' into debian12_v1-admin
2025-09-16 13:40:23 +02:00 · 2025-09-16 13:04:13 +02:00 · 2025-09-16 13:03:35 +02:00 · 2025-09-16 11:26:31 +02:00 · 2025-09-16 11:20:37 +02:00 · 2025-09-05 11:27:39 +02:00
27 changed files with 482 additions and 1102 deletions
--- a/Docs/backend_API_docs/README.md
+++ b/Docs/backend_API_docs/README.md
@@ -1,4 +1,4 @@
-# Backend API docs (apiV2)
+# Backend API docs
 If you want to cooperate with me, or build something new with my backend API, feel free to reach out!
@@ -6,51 +6,49 @@ On this page you will learn how my API works.
 ## General information
-When you look at my backend folder and file structure, you can see that I have two files called `API`. The first file called `api.js` which is for my web frontend, because this file works together with my JWT token service.
+When you look at my backend folder and file structure, you can see that I have two files called `API`. The first file called `api.js` is for my web frontend, because this file works together with my JWT token service.
-But I have built a second API. You can see the second API file in the same directory, the file is called `apiV2.js`.
+**\*But I have built a second API. You can see the second API file in the same directory, the file is called `apiV2.js`.**
-But first you have to get an API Key. You can get the API key from my admin dashboard. When you don't have any access to my admin dashboard, please contact your administrator or me.
+This is the file that you can use to build an API.
---
+But first you have to get the Admin API key, stored in an `.env` file on my server.
 ## Base URL
 - Frontend: `https://insta.the1s.de`
 - Backend: `https://backend.insta.the1s.de`
 - Base path for this API: `https://backend.insta.the1s.de/apiV2`
 You can see the status of this and all my other services at `https://status.the1s.de`.
 _I have also build a [fallback page](https://git.the1s.de/theis.gaedigk/fallback-page). When only the application is down, you will see a friendly message and a link to the status page. (Only if the server is not down)_
 ---
 ## Authentication
-All endpoints require an API key as a path parameter named `:key`.
+All endpoints require the Admin API key (`ADMIN_ID`) as a URL parameter.
-Example: `/apiV2/items/:key`
+Example: `/apiV2/items/{ADMIN_ID}`
 If the key is missing or invalid, the API responds with `401 Unauthorized`.
 ---
-## Endpoints
+## URL
-### 1) Get all items
+- The frontend is currently running on `https://insta.the1s.de`.
-GET `/apiV2/items/:key`
+- The backend is currently running on `https://backend.insta.the1s.de`.
-Returns a list of all items wrapped in a `data` object.
+You can see the status of this and all my other services at `https://status.the1s.de`.
-Example request:
+---
 ## Current endpoints
 ### 1. Get All Items
 **GET** `/apiV2/items/:key`
 Returns a list of all items and their details.
 #### Example Request
 ```
-GET https://backend.insta.the1s.de/apiV2/items/12345
+GET https://backend.insta.the1s.de/apiV2/items/your_admin_key
 ```
-Example response:
+#### Example Response
 ```
 {
@@ -61,66 +59,206 @@ Example response:
      "can_borrow_role": 4,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 2,
      "item_name": "DJI 2er Mikro 1",
      "can_borrow_role": 4,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 3,
      "item_name": "DJI 2er Mikro 2",
      "can_borrow_role": 4,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 4,
      "item_name": "Rode Richt Mikrofon",
      "can_borrow_role": 2,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 5,
      "item_name": "Kamera Stativ",
      "can_borrow_role": 1,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 6,
      "item_name": "SONY Kamera - inkl. Akkus und Objektiv",
      "can_borrow_role": 1,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 7,
      "item_name": "MacBook inkl. Adapter",
      "can_borrow_role": 2,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 8,
      "item_name": "SD Karten",
      "can_borrow_role": 3,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 9,
      "item_name": "Kameragimbal",
      "can_borrow_role": 1,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 10,
      "item_name": "ATEM MINI PRO",
      "can_borrow_role": 1,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 11,
      "item_name": "Handygimbal",
      "can_borrow_role": 4,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 12,
      "item_name": "Kameralfter",
      "can_borrow_role": 1,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 13,
      "item_name": "Kleine Kamera 1 - inkl. Objektiv",
      "can_borrow_role": 2,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    },
    {
      "id": 14,
      "item_name": "Kleine Kamera 2 - inkl. Objektiv",
      "can_borrow_role": 2,
      "inSafe": 1,
      "entry_created_at": "2025-08-19T22:02:16.000Z"
    }
  ]
 }
 ```
-Fields:
+Each item has the following properties:
- `id`: Unique identifier
+- `id`: The unique identifier for the item.
- `item_name`: Item name
+- `item_name`: The name of the item.
- `can_borrow_role`: Role allowed to borrow
+- `can_borrow_role`: The role ID that is allowed to borrow the item.
- `inSafe`: 1 if in locker, 0 otherwise
+- `inSafe`: Indicates whether the item is currently in the locker (1) or not (0). This variable/state can change over time.
 - `entry_created_at`: Creation timestamp
-Status: 200 on success, 500 on failure.
+_You also get an http 200 status code._
 ---
-### 2) Change item safe state
+### 2. Change Item Safe State
-POST `/apiV2/controlInSafe/:key/:itemId/:state`
+**POST** `/apiV2/controlInSafe/:key/:itemId/:state`
-Updates `inSafe` (locker) state of an item.
+Updates the `inSafe` state of an item (whether it is in the locker).
- `state` must be `"1"` (in safe) or `"0"` (not in safe)
+- `state` must be `"1"` (in safe) or `"0"` (not in safe).
-Example request:
+#### Example Request
 ```
-POST https://backend.insta.the1s.de/apiV2/controlInSafe/12345/123/1
+POST https://backend.insta.the1s.de/apiV2/controlInSafe/your_admin_key/item_id/new_item_state
 ```
-Example response (shape depends on database service):
+#### Example Response
 ```
-{ "data": { /* update result */ } }
+{}
 ```
-Status:
+_An empty object means, that the operation was successful and no further information is returned._
- 200 on success
+_You also get an http 200 status code._
 - 400 if `state` is invalid
 - 500 on failure
 **You can get the item id on the admin panel, from your system administrator.**
 ---
-### 3) Get loan by code
+### 3. Set Return Date
-GET `/apiV2/getLoanByCode/:key/:loan_code`
+**POST** `/apiV2/setReturnDate/:key/:loan_code`
-Retrieves the details of a specific loan.
+Sets the `returned_date` of a loan to the current server time.
-Example request:
+- `loan_code`: The unique code of the loan.
 #### Example Request
 ```
-GET https://backend.insta.the1s.de/apiV2/getLoanByCode/12345/123456
+POST https://backend.insta.the1s.de/apiV2/setReturnDate/your_admin_key/your_loan_code
 ```
-Example response:
+#### Example Response
 ```
 {}
 ```
 _An empty object means, that the operation was successful and no further information is returned._
 _You also get an http 200 status code._
 ---
 ### 4. Set Take Date
 **POST** `/apiV2/setTakeDate/:key/:loan_code`
 Sets the `take_date` of a loan to the current server time.
 - `loan_code`: The unique code of the loan.
 #### Example Request
 ```
 POST https://backend.insta.the1s.de/apiV2/setTakeDate/your_admin_key/your_loan_code
 ```
 #### Example Response
 ```
 {}
 ```
 _An empty object means, that the operation was successful and no further information is returned._
 _You also get an http 2xx status code._
 ---
 ### 5. Get whole loan by loan code
 **POST** `/getLoanByCode/:key/:loan_code`
 Retrieves the details of a specific loan by its unique code.
 - `loan_code`: The unique code of the loan.
 #### Example Request
 ```
 GET https://backend.insta.the1s.de/getLoanByCode/your_admin_key/your_loan_code
 ```
 #### Example Response
 ```
 {
@@ -133,70 +271,36 @@ Example response:
    "take_date": null,
    "returned_date": null,
    "created_at": "2025-08-20T11:23:40.000Z",
-    "loaned_items_id": [8, 9],
+    "loaned_items_id": [
-    "loaned_items_name": ["SD Karten", "Kameragimbal"]
+      8,
      9
    ],
    "loaned_items_name": [
      "SD Karten",
      "Kameragimbal"
    ]
  }
 }
 ```
-Status:
+_You also get an http 200 status code._
- 200 on success
+If the loan id does not exist, you will receive a 404 status code and an error message.
- 404 if not found
+
 ```
 {
  "message": "Loan not found"
 }
 ```
 ---
-### 4) Set return date (now) by loan code
+## Error Handling
-POST `/apiV2/setReturnDate/:key/:loan_code`
+- `403 Forbidden`: Invalid or missing API key.
-
+- `400 Bad Request`: Invalid parameters (e.g., wrong state value).
-Sets the `returned_date` to the current server time.
+- `500 Internal Server Error`: Database or server error.
 Example request:
 ```
 POST https://backend.insta.the1s.de/apiV2/setReturnDate/12345/123456
 ```
 Example response:
 ```
 { "data": { /* update result */ } }
 ```
 Status: 200 on success, 500 on failure.
 ---
-### 5) Set take date (now) by loan code
+If you have questions or want to collaborate, please reach out to me!
 POST `/apiV2/setTakeDate/:key/:loan_code`
 Sets the `take_date` to the current server time.
 Example request:
 ```
 POST https://backend.insta.the1s.de/apiV2/setTakeDate/12345/123456
 ```
 Example response:
 ```
 { "data": { /* update result */ } }
 ```
 Status: 200 on success, 500 on failure.
 ---
 ## Error handling
 - 401 Unauthorized: Missing or invalid API key
 - 400 Bad Request: Invalid parameters (e.g., wrong state value)
 - 404 Not Found: Loan not found
 - 500 Internal Server Error: Database or server error
 ---
 If you have questions or want to collaborate, please reach out!
--- a/README.md
+++ b/README.md
@@ -1,73 +1,7 @@
 # Borrow System
-![React](https://img.shields.io/badge/React-20232A?logo=react&logoColor=61DAFB)
+**You have reached the `debian12` branch.**
 ![TypeScript](https://img.shields.io/badge/TypeScript-3178C6?logo=typescript&logoColor=white)
 ![Vite](https://img.shields.io/badge/Vite-646CFF?logo=vite&logoColor=white)
 ![TailwindCSS](https://img.shields.io/badge/Tailwind_CSS-38B2AC?logo=tailwind-css&logoColor=white)
 ![Node.js](https://img.shields.io/badge/Node.js-339933?logo=node.js&logoColor=white)
 ![Express](https://img.shields.io/badge/Express-000000?logo=express&logoColor=white)
 ![MySQL](https://img.shields.io/badge/MySQL-4479A1?logo=mysql&logoColor=white)
 ![Docker](https://img.shields.io/badge/Docker-2496ED?logo=docker&logoColor=white)
 ![JWT](https://img.shields.io/badge/JWT-000000?logo=jsonwebtokens&logoColor=white)
-A small full‑stack system to log in, view available items, reserve them for a time window, and manage personal loans.
+Here you will find the source code of exactly the application that I have hosted.
- Frontend: React + TypeScript + Vite + Tailwind CSS
+The main branch or the branch that I am developing on, is the `dev` branch.
 - Backend: Node.js + Express + MySQL + JWT (jose)
 - Orchestration: Docker Compose (backend + MySQL)
 ## Contents
 - Frontend: [frontend/](frontend)
  - Vite/Tailwind config: [frontend/vite.config.ts](frontend/vite.config.ts), [frontend/tailwind.config.js](frontend/tailwind.config.js)
  - App entry: [frontend/src/main.tsx](frontend/src/main.tsx), [frontend/src/App.tsx](frontend/src/App.tsx)
  - UI: [frontend/src/layout/Layout.tsx](frontend/src/layout/Layout.tsx), [frontend/src/components](frontend/src/components)
  - Data/utilities: [frontend/src/utils/fetchData.ts](frontend/src/utils/fetchData.ts), [frontend/src/utils/userHandler.ts](frontend/src/utils/userHandler.ts), [frontend/src/utils/toastify.ts](frontend/src/utils/toastify.ts)
 - Backend: [backend/](backend)
  - Server: [backend/server.js](backend/server.js)
  - Routes: [backend/routes/api.js](backend/routes/api.js), [backend/routes/apiV2.js](backend/routes/apiV2.js)
  - DB + services: [backend/services/database.js](backend/services/database.js), [backend/services/tokenService.js](backend/services/tokenService.js)
  - Schema/seed: [backend/scheme.sql](backend/scheme.sql)
 - Docs: [docs/](docs)
  - API docs (see below): [docs/backend_API_docs/README.md](docs/backend_API_docs/README.md)
 ## Features (high‑level)
 - Auth via JWT (login -> token cookie) using the backend route in [backend/routes/api.js](backend/routes/api.js).
 - After login, the app loads items, loans, and user loans and keeps them in localStorage.
 - Choose a date range to fetch borrowable items, select items, and create a loan.
 - Manage personal loans list (and delete a loan).
 Key frontend utilities:
 - [`utils.fetchData.fetchAllData`](frontend/src/utils/fetchData.ts): loads items, loans, and user loans after login.
 - [`utils.fetchData.getBorrowableItems`](frontend/src/utils/fetchData.ts): fetches borrowable items for the selected time range.
 - [`utils.userHandler.createLoan`](frontend/src/utils/userHandler.ts): creates a new loan for selected items.
 - [`utils.userHandler.handleDeleteLoan`](frontend/src/utils/userHandler.ts): deletes a loan and syncs local state.
 - [`utils.toastify.myToast`](frontend/src/utils/toastify.ts): toast notifications.
 UI flow (main screens):
 - Period selection: [frontend/src/components/Form1.tsx](frontend/src/components/Form1.tsx)
 - Borrowable items + selection: [frontend/src/components/Form2.tsx](frontend/src/components/Form2.tsx)
 - User loans table: [frontend/src/components/Form4.tsx](frontend/src/components/Form4.tsx)
 ## Development
 - Scripts: see [frontend/package.json](frontend/package.json) and [backend/package.json](backend/package.json)
  - Frontend: `npm run dev`, `npm run build`, `npm run preview`, `npm run lint`
  - Backend: `npm start`
 - Linting: ESLint configured via [frontend/eslint.config.js](frontend/eslint.config.js)
 - TypeScript configs: [frontend/tsconfig.app.json](frontend/tsconfig.app.json), [frontend/tsconfig.node.json](frontend/tsconfig.node.json)
 ## Configuration notes
 - Vite/Tailwind integration via [frontend/vite.config.ts](frontend/vite.config.ts) and `@tailwindcss/vite`; CSS entry uses `@import "tailwindcss"` in [frontend/src/index.css](frontend/src/index.css).
 - Toasts wired in [frontend/src/main.tsx](frontend/src/main.tsx) with `react-toastify`.
 - Local state is stored in `localStorage` keys: `allItems`, `allLoans`, `userLoans`, `borrowableItems`. Cross‑component updates are signaled via window events from [`utils.fetchData`](frontend/src/utils/fetchData.ts).
 ## API documentation
 Refer to the dedicated API docs:
 `docs/backend_API_docs/README.md`
--- a/admin/src/App.tsx
+++ b/admin/src/App.tsx
@@ -4,7 +4,9 @@ import Layout from "./Layout/Layout";
 function App() {
  return (
    <>
-      <Layout />
+      <Layout>
        <p></p>
      </Layout>
    </>
  );
 }
--- a/admin/src/Layout/Dashboard.tsx
+++ b/admin/src/Layout/Dashboard.tsx
@@ -5,7 +5,6 @@ import Sidebar from "./Sidebar";
 import UserTable from "../components/UserTable";
 import ItemTable from "../components/ItemTable";
 import LoanTable from "../components/LoanTable";
 import APIKeyTable from "@/components/APIKeyTable";
 import { MoveLeft } from "lucide-react";
 type DashboardProps = {
@@ -24,7 +23,6 @@ const Dashboard: React.FC<DashboardProps> = ({ onLogout }) => {
        viewGegenstaende={() => setActiveView("Gegenstände")}
        viewSchliessfaecher={() => setActiveView("Schließfächer")}
        viewUser={() => setActiveView("User")}
        viewAPI={() => setActiveView("API")}
      />
      <Box flex="1" display="flex" flexDirection="column">
        <Flex
@@ -68,7 +66,6 @@ const Dashboard: React.FC<DashboardProps> = ({ onLogout }) => {
          {activeView === "User" && <UserTable />}
          {activeView === "Ausleihen" && <LoanTable />}
          {activeView === "Gegenstände" && <ItemTable />}
          {activeView === "API" && <APIKeyTable />}
        </Box>
      </Box>
    </Flex>
--- a/admin/src/Layout/Layout.tsx
+++ b/admin/src/Layout/Layout.tsx
@@ -3,23 +3,18 @@ import { useEffect } from "react";
 import Dashboard from "./Dashboard";
 import Login from "./Login";
 import Cookies from "js-cookie";
 import Landingpage from "@/components/API/Landingpage";
-const Layout: React.FC = () => {
+type LayoutProps = {
  children: React.ReactNode;
 };
 const Layout: React.FC<LayoutProps> = ({ children }) => {
  const [isLoggedIn, setIsLoggedIn] = useState(false);
  const [showAPI, setShowAPI] = useState(false);
  useEffect(() => {
    const path = window.location.pathname.replace(/\/+$/, ""); // remove trailing slash
    if (path === "/api") {
      setShowAPI(true);
      console.log("signal");
      return;
    }
    if (Cookies.get("token")) {
      const verifyToken = async () => {
-        const response = await fetch("http://localhost:8002/api/verifyToken", {
+        const response = await fetch("https://backend.insta.the1s.de/api/verifyToken", {
          method: "GET",
          headers: {
            Authorization: `Bearer ${Cookies.get("token")}`,
@@ -42,15 +37,8 @@ const Layout: React.FC = () => {
    setIsLoggedIn(false);
  };
  if (showAPI) {
    return (
      <main>
        <Landingpage />
      </main>
    );
  }
  return (
    <>
      <main>
        {isLoggedIn ? (
          <Dashboard onLogout={() => handleLogout()} />
@@ -58,6 +46,8 @@ const Layout: React.FC = () => {
          <Login onSuccess={() => setIsLoggedIn(true)} />
        )}
      </main>
      {children}
    </>
  );
 };
--- a/admin/src/Layout/Sidebar.tsx
+++ b/admin/src/Layout/Sidebar.tsx
@@ -6,14 +6,12 @@ type SidebarProps = {
  viewGegenstaende: () => void;
  viewSchliessfaecher: () => void;
  viewUser: () => void;
  viewAPI: () => void;
 };
 const Sidebar: React.FC<SidebarProps> = ({
  viewAusleihen,
  viewGegenstaende,
  viewUser,
  viewAPI,
 }) => {
  return (
    <Box
@@ -60,15 +58,6 @@ const Sidebar: React.FC<SidebarProps> = ({
          >
            Gegenstände
          </Link>
          <Link
            px={3}
            py={2}
            rounded="md"
            _hover={{ bg: "gray.700", textDecoration: "none" }}
            onClick={viewAPI}
          >
            API Keys
          </Link>
        </VStack>
        <Box mt="auto" pt={8} fontSize="xs" color="gray.500">
--- a/admin/src/components/API/Landingpage.tsx
+++ b/admin/src/components/API/Landingpage.tsx
@@ -1,233 +0,0 @@
 import React, { useEffect, useState } from "react";
 import {
  Spinner,
  Text,
  VStack,
  Table,
  Heading,
  HStack,
  Card,
  SimpleGrid,
  Button,
 } from "@chakra-ui/react";
 import { Lock, LockOpen } from "lucide-react";
 import MyAlert from "../myChakra/MyAlert";
 import { formatDateTime } from "@/utils/userFuncs";
 type Loan = {
  id: number;
  username: string;
  start_date: string;
  end_date: string;
  returned_date: string | null;
  take_date: string | null;
  loaned_items_name: string[] | string;
 };
 type Device = {
  id: number;
  item_name: string;
  can_borrow_role: string;
  inSafe: number;
  entry_created_at: string;
 };
 const Landingpage: React.FC = () => {
  const [isLoading, setIsLoading] = useState(false);
  const [loans, setLoans] = useState<Loan[]>([]);
  const [devices, setDevices] = useState<Device[]>([]);
  const [isError, setIsError] = useState(false);
  const [errorStatus, setErrorStatus] = useState<"error" | "success">("error");
  const [errorMessage, setErrorMessage] = useState("");
  const [errorDsc, setErrorDsc] = useState("");
  const setError = (
    status: "error" | "success",
    message: string,
    description: string
  ) => {
    setIsError(false);
    setErrorStatus(status);
    setErrorMessage(message);
    setErrorDsc(description);
    setIsError(true);
  };
  useEffect(() => {
    const fetchData = async () => {
      setIsLoading(true);
      try {
        const loanRes = await fetch("http://localhost:8002/apiV2/allLoans");
        const loanData = await loanRes.json();
        if (Array.isArray(loanData)) {
          setLoans(loanData);
        } else {
          setError(
            "error",
            "Fehler beim Laden",
            "Unerwartetes Datenformat erhalten. (Ausleihen)"
          );
        }
        const deviceRes = await fetch("http://localhost:8002/apiV2/allItems");
        const deviceData = await deviceRes.json();
        if (Array.isArray(deviceData)) {
          setDevices(deviceData);
        } else {
          setError(
            "error",
            "Fehler beim Laden",
            "Unerwartetes Datenformat erhalten. (Geräte)"
          );
        }
      } catch (e) {
        setError(
          "error",
          "Fehler beim Laden",
          "Die Ausleihen konnten nicht geladen werden."
        );
      } finally {
        setIsLoading(false);
      }
    };
    fetchData();
  }, []);
  return (
    <>
      <Heading as="h1" size="lg" mb={2}>
        Matthias-Claudius-Schule Technik
      </Heading>
      <Heading as="h2" size="md" mb={4}>
        Alle Ausleihen
      </Heading>
      {isError && (
        <MyAlert
          status={errorStatus}
          description={errorDsc}
          title={errorMessage}
        />
      )}
      {isLoading && (
        <VStack colorPalette="teal">
          <Spinner color="colorPalette.600" />
          <Text color="colorPalette.600">Loading...</Text>
        </VStack>
      )}
      {!isLoading && (
        <Table.Root size="sm" striped>
          <Table.Header>
            <Table.Row>
              <Table.ColumnHeader>
                <strong>#</strong>
              </Table.ColumnHeader>
              <Table.ColumnHeader>
                <strong>Benutzername</strong>
              </Table.ColumnHeader>
              <Table.ColumnHeader>
                <strong>Startdatum</strong>
              </Table.ColumnHeader>
              <Table.ColumnHeader>
                <strong>Enddatum</strong>
              </Table.ColumnHeader>
              <Table.ColumnHeader>
                <strong>Ausgeliehene Artikel</strong>
              </Table.ColumnHeader>
              <Table.ColumnHeader>
                <strong>Rückgabedatum</strong>
              </Table.ColumnHeader>
              <Table.ColumnHeader>
                <strong>Ausleihdatum</strong>
              </Table.ColumnHeader>
            </Table.Row>
          </Table.Header>
          <Table.Body>
            {loans.map((loan) => (
              <Table.Row key={loan.id}>
                <Table.Cell>{loan.id}</Table.Cell>
                <Table.Cell>{loan.username}</Table.Cell>
                <Table.Cell>{formatDateTime(loan.start_date)}</Table.Cell>
                <Table.Cell>{formatDateTime(loan.end_date)}</Table.Cell>
                <Table.Cell>
                  {Array.isArray(loan.loaned_items_name)
                    ? loan.loaned_items_name.join(", ")
                    : loan.loaned_items_name}
                </Table.Cell>
                <Table.Cell>{formatDateTime(loan.returned_date)}</Table.Cell>
                <Table.Cell>{formatDateTime(loan.take_date)}</Table.Cell>
              </Table.Row>
            ))}
          </Table.Body>
        </Table.Root>
      )}
      {!isLoading && loans.length === 0 && !isError && (
        <Text color="gray.500" mt={2}>
          Keine Ausleihen vorhanden.
        </Text>
      )}
      <Heading as="h2" size="md" mb={4}>
        Alle Geräte
      </Heading>
      {/* Responsive Grid mit gleich hohen Karten */}
      <SimpleGrid minChildWidth="200px" gap={2} alignItems="stretch">
        {devices.map((device) => (
          <Card.Root
            key={device.id}
            size="sm"
            bg={device.inSafe ? "green" : "red"}
            h="full"
            minH="100px"
          >
            <Card.Header>
              {device.inSafe ? <LockOpen size={16} /> : <Lock size={16} />}
              <Heading size="md">{device.item_name}</Heading>
            </Card.Header>
            <Card.Body color="fg.muted">
              <Text>Ausleihrolle: {device.can_borrow_role}</Text>
            </Card.Body>
          </Card.Root>
        ))}
      </SimpleGrid>
      <HStack mt={3} gap={3} align="center" role="group" aria-label="Legende">
        <Text fontWeight="medium" color="fg.muted">
          Legende:
        </Text>
        <Button
          size="sm"
          variant="subtle"
          colorPalette="green"
          pointerEvents="none"
          cursor="default"
          borderRadius="full"
        >
          <HStack gap={2}>
            <Lock size={16} />
            <Text>Im Schließfach</Text>
          </HStack>
        </Button>
        <Button
          size="sm"
          variant="subtle"
          colorPalette="red"
          pointerEvents="none"
          cursor="default"
          borderRadius="full"
        >
          <HStack gap={2}>
            <LockOpen size={16} />
            <Text>Nicht im Schließfach</Text>
          </HStack>
        </Button>
      </HStack>
    </>
  );
 };
 export default Landingpage;
--- a/admin/src/components/APIKeyTable.tsx
+++ b/admin/src/components/APIKeyTable.tsx
@@ -1,203 +0,0 @@
 import React from "react";
 import {
  Table,
  Spinner,
  Text,
  VStack,
  Button,
  HStack,
  IconButton,
  Heading,
 } from "@chakra-ui/react";
 import { Tooltip } from "@/components/ui/tooltip";
 import MyAlert from "./myChakra/MyAlert";
 import { Trash2, RefreshCcwDot, CirclePlus } from "lucide-react";
 import Cookies from "js-cookie";
 import { useState, useEffect } from "react";
 import { deleteAPKey } from "@/utils/userActions";
 import AddAPIKey from "./AddAPIKey";
 import { formatDateTime } from "@/utils/userFuncs";
 type Items = {
  id: number;
  apiKey: string;
  user: string;
  entry_created_at: string;
 };
 const APIKeyTable: React.FC = () => {
  const [items, setItems] = useState<Items[]>([]);
  const [errorStatus, setErrorStatus] = useState<"error" | "success">("error");
  const [errorMessage, setErrorMessage] = useState("");
  const [errorDsc, setErrorDsc] = useState("");
  const [isError, setIsError] = useState(false);
  const [isLoading, setIsLoading] = useState(false);
  const [reload, setReload] = useState(false);
  const [addAPIForm, setAddAPIForm] = useState(false);
  const setError = (
    status: "error" | "success",
    message: string,
    description: string
  ) => {
    setIsError(false);
    setErrorStatus(status);
    setErrorMessage(message);
    setErrorDsc(description);
    setIsError(true);
  };
  useEffect(() => {
    const fetchData = async () => {
      setIsLoading(true);
      try {
        const response = await fetch("http://localhost:8002/api/apiKeys", {
          method: "GET",
          headers: {
            Authorization: `Bearer ${Cookies.get("token")}`,
          },
        });
        const data = await response.json();
        return data;
      } catch (error) {
        setError("error", "Failed to fetch items", "There is an error");
      } finally {
        setIsLoading(false);
      }
    };
    fetchData().then((data) => {
      if (Array.isArray(data)) {
        setItems(data);
      }
    });
  }, [reload]);
  return (
    <>
      {/* Action toolbar */}
      <HStack
        mb={4}
        gap={3}
        justify="flex-start"
        align="center"
        flexWrap="wrap"
      >
        <Tooltip content="API Keys neu laden" openDelay={300}>
          <IconButton
            aria-label="Refresh API Keys"
            size="sm"
            variant="outline"
            rounded="md"
            shadow="sm"
            _hover={{ shadow: "md", transform: "translateY(-2px)" }}
            _active={{ transform: "translateY(0)" }}
            onClick={() => setReload(!reload)}
          >
            <RefreshCcwDot size={18} />
          </IconButton>
        </Tooltip>
        <Tooltip content="Neuen API Key hinzufügen" openDelay={300}>
          <Button
            size="sm"
            colorPalette="teal"
            variant="solid"
            rounded="md"
            fontWeight="semibold"
            shadow="sm"
            _hover={{ shadow: "md", bg: "colorPalette.600" }}
            _active={{ bg: "colorPalette.700" }}
            onClick={() => {
              setAddAPIForm(true);
            }}
          >
            <CirclePlus size={18} style={{ marginRight: 6 }} />
            Neuen API Key hinzufügen
          </Button>
        </Tooltip>
      </HStack>
      {/* End action toolbar */}
      <Heading marginBottom={4} size="md">
        Gegenstände
      </Heading>
      {isError && (
        <MyAlert
          status={errorStatus}
          description={errorDsc}
          title={errorMessage}
        />
      )}
      {isLoading && (
        <VStack colorPalette="teal">
          <Spinner color="colorPalette.600" />
          <Text color="colorPalette.600">Loading...</Text>
        </VStack>
      )}
      {addAPIForm && (
        <AddAPIKey
          onClose={() => {
            setAddAPIForm(false);
            setReload(!reload);
          }}
          alert={setError}
        />
      )}
      <Table.Root size="sm" striped>
        <Table.Header>
          <Table.Row>
            <Table.ColumnHeader>
              <strong>#</strong>
            </Table.ColumnHeader>
            <Table.ColumnHeader>
              <strong>API Key</strong>
            </Table.ColumnHeader>
            <Table.ColumnHeader>
              <strong>Benutzer</strong>
            </Table.ColumnHeader>
            <Table.ColumnHeader>
              <strong>Eintrag erstellt am</strong>
            </Table.ColumnHeader>
            <Table.ColumnHeader>
              <strong>Aktionen</strong>
            </Table.ColumnHeader>
          </Table.Row>
        </Table.Header>
        <Table.Body>
          {items.map((apiKey) => (
            <Table.Row key={apiKey.id}>
              <Table.Cell>{apiKey.id}</Table.Cell>
              <Table.Cell>{apiKey.apiKey}</Table.Cell>
              <Table.Cell>{apiKey.user}</Table.Cell>
              <Table.Cell>{formatDateTime(apiKey.entry_created_at)}</Table.Cell>
              <Table.Cell>
                <Button
                  onClick={() =>
                    deleteAPKey(apiKey.id).then((response) => {
                      if (response.success) {
                        setItems(items.filter((i) => i.id !== apiKey.id));
                        setError(
                          "success",
                          "Gegenstand gelöscht",
                          "Der Gegenstand wurde erfolgreich gelöscht."
                        );
                      }
                    })
                  }
                  colorPalette="red"
                  size="sm"
                  ml={2}
                >
                  <Trash2 />
                </Button>
              </Table.Cell>
            </Table.Row>
          ))}
        </Table.Body>
      </Table.Root>
    </>
  );
 };
 export default APIKeyTable;
--- a/admin/src/components/AddAPIKey.tsx
+++ b/admin/src/components/AddAPIKey.tsx
@@ -1,73 +0,0 @@
 import React from "react";
 import { Button, Card, Field, Input, Stack } from "@chakra-ui/react";
 import { createAPIentry } from "@/utils/userActions";
 type AddAPIKeyProps = {
  onClose: () => void;
  alert: (
    status: "success" | "error",
    message: string,
    description: string
  ) => void;
 };
 const AddAPIKey: React.FC<AddAPIKeyProps> = ({ onClose, alert }) => {
  return (
    <div className="fixed inset-0 z-50 flex items-center justify-center bg-black/60 backdrop-blur-sm p-4">
      <Card.Root maxW="sm">
        <Card.Header>
          <Card.Title>Neuen API Key erstellen</Card.Title>
          <Card.Description>
            Füllen Sie das folgende Formular aus, um einen API Key zu erstellen.
          </Card.Description>
        </Card.Header>
        <Card.Body>
          <Stack gap="4" w="full">
            <Field.Root>
              <Field.Label>API key</Field.Label>
              <Input type="number" id="apiKey" />
            </Field.Root>
            <Field.Root>
              <Field.Label>Benutzer</Field.Label>
              <Input id="user" type="text" />
            </Field.Root>
          </Stack>
        </Card.Body>
        <Card.Footer justifyContent="flex-end">
          <Button variant="outline" onClick={onClose}>
            Abbrechen
          </Button>
          <Button
            variant="solid"
            onClick={async () => {
              const apiKey =
                (
                  document.getElementById("apiKey") as HTMLInputElement
                )?.value.trim() || "";
              const user =
                (
                  document.getElementById("user") as HTMLInputElement
                )?.value.trim() || "";
              if (!apiKey || !user) return;
              const res = await createAPIentry(apiKey, user);
              if (res.success) {
                alert(
                  "success",
                  "API Key erstellt",
                  "Der API Key wurde erfolgreich erstellt."
                );
                onClose();
              }
            }}
          >
            Erstellen
          </Button>
        </Card.Footer>
      </Card.Root>
    </div>
  );
 };
 export default AddAPIKey;
--- a/admin/src/components/ItemTable.tsx
+++ b/admin/src/components/ItemTable.tsx
@@ -9,6 +9,7 @@ import {
  IconButton,
  Heading,
  Icon,
  Tag,
  Input,
 } from "@chakra-ui/react";
 import { Tooltip } from "@/components/ui/tooltip";
@@ -77,7 +78,7 @@ const ItemTable: React.FC = () => {
    const fetchData = async () => {
      setIsLoading(true);
      try {
-        const response = await fetch("http://localhost:8002/api/allItems", {
+        const response = await fetch("https://backend.insta.the1s.de/api/allItems", {
          method: "GET",
          headers: {
            Authorization: `Bearer ${Cookies.get("token")}`,
@@ -218,34 +219,57 @@ const ItemTable: React.FC = () => {
                  onClick={() =>
                    changeSafeState(item.id).then(() => setReload(!reload))
                  }
-                  size="xs"
+                  size="sm"
                  rounded="full"
                  px={3}
                  py={1}
                  gap={2}
                  variant="ghost"
                  color={item.inSafe ? "green.600" : "red.600"}
                  borderWidth="1px"
                  borderColor={item.inSafe ? "green.300" : "red.300"}
                  _hover={{
                    bg: item.inSafe ? "green.50" : "red.50",
                    borderColor: item.inSafe ? "green.400" : "red.400",
                    transform: "translateY(-1px)",
                    shadow: "sm",
                  }}
                  _active={{ transform: "translateY(0)" }}
                  aria-label={
                    item.inSafe ? "Mark as not in safe" : "Mark as in safe"
                  }
                >
-                  <Icon
+                  {item.inSafe ? (
-                    as={item.inSafe ? CheckCircle2 : XCircle}
+                    <Tag.Root
-                    boxSize={3.5}
+                      size="md"
-                    mr={2}
+                      bg="green.500"
-                  />
+                      color="white"
-                  <Text as="span" fontSize="xs" fontWeight="semibold">
+                      px={4}
-                    {item.inSafe ? "Yes" : "No"}
+                      py={1.5}
                      rounded="full"
                      display="inline-flex"
                      alignItems="center"
                      gap={2}
                      shadow="sm"
                      _hover={{ shadow: "md" }}
                    >
                      <Icon as={CheckCircle2} boxSize={4} />
                      <Text
                        as="span"
                        fontSize="xs"
                        letterSpacing="wide"
                        textTransform="uppercase"
                      >
                        Yes
                      </Text>
                    </Tag.Root>
                  ) : (
                    <Tag.Root
                      size="md"
                      bg="red.500"
                      color="white"
                      px={4}
                      py={1.5}
                      rounded="full"
                      display="inline-flex"
                      alignItems="center"
                      gap={2}
                      shadow="sm"
                      _hover={{ shadow: "md" }}
                    >
                      <Icon as={XCircle} boxSize={4} />
                      <Text
                        as="span"
                        fontSize="xs"
                        letterSpacing="wide"
                        textTransform="uppercase"
                      >
                        No
                      </Text>
                    </Tag.Root>
                  )}
                </Button>
              </Table.Cell>
              <Table.Cell>{formatDateTime(item.entry_created_at)}</Table.Cell>
--- a/admin/src/components/LoanTable.tsx
+++ b/admin/src/components/LoanTable.tsx
@@ -55,7 +55,7 @@ const LoanTable: React.FC = () => {
    const fetchData = async () => {
      setIsLoading(true);
      try {
-        const response = await fetch("http://localhost:8002/api/allLoans", {
+        const response = await fetch("https://backend.insta.the1s.de/api/allLoans", {
          method: "GET",
          headers: {
            Authorization: `Bearer ${Cookies.get("token")}`,
--- a/admin/src/utils/fetcher.ts
+++ b/admin/src/utils/fetcher.ts
@@ -1,7 +1,7 @@
 import Cookies from "js-cookie";
 export const fetchUserData = async () => {
-  const response = await fetch("http://localhost:8002/api/allUsers", {
+  const response = await fetch("https://backend.insta.the1s.de/api/allUsers", {
    headers: {
      Authorization: `Bearer ${Cookies.get("token")}`,
    },
--- a/admin/src/utils/loginUser.ts
+++ b/admin/src/utils/loginUser.ts
@@ -13,7 +13,7 @@ export const loginFunc = async (
  password: string
 ): Promise<LoginResult> => {
  try {
-    const response = await fetch("http://localhost:8002/api/loginAdmin", {
+    const response = await fetch("https://backend.insta.the1s.de/api/loginAdmin", {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify({ username, password }),
--- a/admin/src/utils/userActions.ts
+++ b/admin/src/utils/userActions.ts
@@ -3,7 +3,7 @@ import Cookies from "js-cookie";
 export const handleDelete = async (userId: number) => {
  try {
    const response = await fetch(
-      `http://localhost:8002/api/deleteUser/${userId}`,
+      `https://backend.insta.the1s.de/api/deleteUser/${userId}`,
      {
        method: "DELETE",
        headers: {
@@ -28,7 +28,7 @@ export const handleEdit = async (
 ) => {
  try {
    const response = await fetch(
-      `http://localhost:8002/api/editUser/${userId}`,
+      `https://backend.insta.the1s.de/api/editUser/${userId}`,
      {
        method: "POST",
        headers: {
@@ -54,14 +54,17 @@ export const createUser = async (
  password: string
 ) => {
  try {
-    const response = await fetch(`http://localhost:8002/api/createUser`, {
+    const response = await fetch(
      `https://backend.insta.the1s.de/api/createUser`,
      {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
          Authorization: `Bearer ${Cookies.get("token")}`,
        },
        body: JSON.stringify({ username, role, password }),
-    });
+      }
    );
    if (!response.ok) {
      throw new Error("Failed to create user");
    }
@@ -74,14 +77,17 @@ export const createUser = async (
 export const changePW = async (newPassword: string, username: string) => {
  try {
-    const response = await fetch(`http://localhost:8002/api/changePWadmin`, {
+    const response = await fetch(
      `https://backend.insta.the1s.de/api/changePWadmin`,
      {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
          Authorization: `Bearer ${Cookies.get("token")}`,
        },
        body: JSON.stringify({ newPassword, username }),
-    });
+      }
    );
    if (!response.ok) {
      throw new Error("Failed to change password");
    }
@@ -95,7 +101,7 @@ export const changePW = async (newPassword: string, username: string) => {
 export const deleteLoan = async (loanId: number) => {
  try {
    const response = await fetch(
-      `http://localhost:8002/api/deleteLoan/${loanId}`,
+      `https://backend.insta.the1s.de/api/deleteLoan/${loanId}`,
      {
        method: "DELETE",
        headers: {
@@ -116,7 +122,7 @@ export const deleteLoan = async (loanId: number) => {
 export const deleteItem = async (itemId: number) => {
  try {
    const response = await fetch(
-      `http://localhost:8002/api/deleteItem/${itemId}`,
+      `https://backend.insta.the1s.de/api/deleteItem/${itemId}`,
      {
        method: "DELETE",
        headers: {
@@ -139,14 +145,17 @@ export const createItem = async (
  can_borrow_role: number
 ) => {
  try {
-    const response = await fetch(`http://localhost:8002/api/createItem`, {
+    const response = await fetch(
      `https://backend.insta.the1s.de/api/createItem`,
      {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
          Authorization: `Bearer ${Cookies.get("token")}`,
        },
        body: JSON.stringify({ item_name, can_borrow_role }),
-    });
+      }
    );
    if (!response.ok) {
      throw new Error("Failed to create item");
    }
@@ -163,14 +172,17 @@ export const handleEditItems = async (
  can_borrow_role: string
 ) => {
  try {
-    const response = await fetch("http://localhost:8002/api/updateItemByID", {
+    const response = await fetch(
      "https://backend.insta.the1s.de/api/updateItemByID",
      {
        method: "POST",
        headers: {
          "Content-Type": "application/json",
          Authorization: `Bearer ${Cookies.get("token")}`,
        },
        body: JSON.stringify({ itemId, item_name, can_borrow_role }),
-    });
+      }
    );
    if (!response.ok) {
      throw new Error("Failed to edit item");
    }
@@ -184,7 +196,7 @@ export const handleEditItems = async (
 export const changeSafeState = async (itemId: number) => {
  try {
    const response = await fetch(
-      `http://localhost:8002/api/changeSafeState/${itemId}`,
+      `https://backend.insta.the1s.de/api/changeSafeState/${itemId}`,
      {
        method: "PUT",
        headers: {
@@ -201,44 +213,3 @@ export const changeSafeState = async (itemId: number) => {
    return { success: false };
  }
 };
 export const createAPIentry = async (apiKey: string, user: string) => {
  try {
    const response = await fetch(`http://localhost:8002/api/createAPIentry`, {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
        Authorization: `Bearer ${Cookies.get("token")}`,
      },
      body: JSON.stringify({ apiKey, user }),
    });
    if (!response.ok) {
      throw new Error("Failed to create API entry");
    }
    return { success: true };
  } catch (error) {
    console.error("Error creating API entry:", error);
    return { success: false };
  }
 };
 export const deleteAPKey = async (apiKeyId: number) => {
  try {
    const response = await fetch(
      `http://localhost:8002/api/deleteAPKey/${apiKeyId}`,
      {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${Cookies.get("token")}`,
        },
      }
    );
    if (!response.ok) {
      throw new Error("Failed to delete API key");
    }
    return { success: true };
  } catch (error) {
    console.error("Error deleting API key:", error);
    return { success: false };
  }
 };
--- a/admin/vite.config.ts
+++ b/admin/vite.config.ts
@@ -8,9 +8,13 @@ export default defineConfig({
  plugins: [react(), svgr(), tailwindcss(), tsconfigPaths()],
  server: {
    host: "0.0.0.0",
-    port: 8003,
+    allowedHosts: ["admin.insta.the1s.de"],
-    watch: {
+    port: 8103,
-      usePolling: true,
+    watch: { usePolling: true },
    hmr: {
      host: "admin.insta.the1s.de",
      port: 8103,
      protocol: "wss",
    },
  },
 });
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -7,6 +7,6 @@ RUN npm install
 COPY . .
-EXPOSE 8002
+EXPOSE 8102
 CMD ["npm", "start"]
--- a/backend/routes/api.js
+++ b/backend/routes/api.js
@@ -22,9 +22,6 @@ import {
  changeUserPasswordFRONTEND,
  changeInSafeStateV2,
  updateItemByID,
  getAllApiKeys,
  createAPIentry,
  deleteAPKey,
 } from "../services/database.js";
 import { authenticate, generateToken } from "../services/tokenService.js";
 const router = express.Router();
@@ -333,66 +330,4 @@ router.put("/changeSafeState/:itemId", authenticate, async (req, res) => {
  return res.status(500).json({ message: "Failed to update item safe state" });
 });
 router.get("/apiKeys", authenticate, async (req, res) => {
  const result = await getAllApiKeys();
  if (result.success) {
    return res.status(200).json(result.data);
  }
  return res.status(500).json({ message: "Failed to fetch API keys" });
 });
 router.delete("/deleteAPKey/:id", authenticate, async (req, res) => {
  const apiKeyId = req.params.id;
  const result = await deleteAPKey(apiKeyId);
  if (result.success) {
    return res.status(200).json({ message: "API key deleted successfully" });
  }
  return res.status(500).json({ message: "Failed to delete API key" });
 });
 router.post("/createAPIentry", authenticate, async (req, res) => {
  const apiKey = req.body.apiKey;
  const user = req.body.user;
  if (!apiKey || !user) {
    return res.status(400).json({ message: "API key and user are required" });
  }
  // Ensure apiKey is a number
  const apiKeyNum = Number(apiKey);
  if (!Number.isFinite(apiKeyNum)) {
    return res.status(400).json({ message: "API key must be a number" });
  }
  const result = await createAPIentry(apiKeyNum, user);
  if (result.success) {
    return res.status(201).json({ message: "API key created successfully" });
  }
  if (result.code === "DUPLICATE") {
    return res.status(409).json({ message: "API key already exists" });
  }
  return res.status(500).json({ message: "Failed to create API key" });
 });
 router.get("/apiKeys/validate/:key", async (req, res) => {
  try {
    const rawKey = req.params.key;
    const result = await getAllApiKeys();
    if (!result.success || !Array.isArray(result.data)) {
      return res.status(500).json({ valid: false });
    }
    const isValid = result.data.some((entry) => {
      const val = String(
        entry?.key ?? entry?.apiKey ?? entry?.api_key ?? entry
      );
      return val === String(rawKey);
    });
    return res.status(200).json({ valid: isValid });
  } catch (err) {
    console.error("validate api key error:", err);
    return res.status(500).json({ valid: false });
  }
 });
 export default router;
--- a/backend/routes/apiV2.js
+++ b/backend/routes/apiV2.js
@@ -6,65 +6,30 @@ import {
  setReturnDateV2,
  setTakeDateV2,
  getLoanByCodeV2,
  getAllLoansV2,
  getAPIkey,
 } from "../services/database.js";
 dotenv.config();
 const router = express.Router();
 async function validateAPIKey(apiKey) {
  try {
    if (!apiKey) return false;
    const result = await getAPIkey();
    if (!result?.success || !Array.isArray(result.data)) return false;
    return result.data.some((row) => String(row.apiKey) === String(apiKey));
  } catch (err) {
    console.error("validateAPIKey error:", err);
    return false;
  }
 }
 // Add a guard that returns Access Denied instead of hanging
 const apiKeyGuard = async (req, res, next) => {
  try {
    const key = req.params.key;
    if (!key) {
      return res
        .status(401)
        .json({ message: "Access denied: missing API key" });
    }
    const ok = await validateAPIKey(key);
    if (!ok) {
      return res
        .status(401)
        .json({ message: "Access denied: invalid API key" });
    }
    next();
  } catch (e) {
    console.error("apiKeyGuard error:", e);
    res.status(500).json({ message: "Internal server error" });
  }
 };
 // Route for API to get ALL items from the database
-router.get("/items/:key", apiKeyGuard, async (req, res) => {
+router.get("/items/:key", async (req, res) => {
  if (req.params.key === process.env.ADMIN_ID) {
    const result = await getItemsFromDatabaseV2();
    if (result.success) {
      res.status(200).json({ data: result.data });
    } else {
      res.status(500).json({ message: "Failed to fetch items" });
    }
  } else {
    res.status(403).json({ message: "Access denied" });
  }
 });
 // Route for API to control the position of an item
-router.post(
+router.post("/controlInSafe/:key/:itemId/:state", async (req, res) => {
-  "/controlInSafe/:key/:itemId/:state",
+  if (req.params.key === process.env.ADMIN_ID) {
  apiKeyGuard,
  async (req, res) => {
    const itemId = req.params.itemId;
    const state = req.params.state;
    if (state === "1" || state === "0") {
      const result = await changeInSafeStateV2(itemId, state);
      if (result.success) {
@@ -75,58 +40,53 @@ router.post(
    } else {
      res.status(400).json({ message: "Invalid state value" });
    }
  } else {
    res.status(403).json({ message: "Access denied" });
  }
-);
+});
-// Route for API to get a loan by its code
+router.get("/getLoanByCode/:key/:loan_code", async (req, res) => {
-router.get("/getLoanByCode/:key/:loan_code", apiKeyGuard, async (req, res) => {
+  if (req.params.key === process.env.ADMIN_ID) {
    const loan_code = req.params.loan_code;
    const result = await getLoanByCodeV2(loan_code);
    if (result.success) {
      res.status(200).json({ data: result.data });
    } else {
      res.status(404).json({ message: "Loan not found" });
    }
  }
 });
-// Route for API to set the return date by the loan code
+// Route for API to set the return date
-router.post("/setReturnDate/:key/:loan_code", apiKeyGuard, async (req, res) => {
+router.post("/setReturnDate/:key/:loan_code", async (req, res) => {
  if (req.params.key === process.env.ADMIN_ID) {
    const loanCode = req.params.loan_code;
    const result = await setReturnDateV2(loanCode);
    if (result.success) {
      res.status(200).json({ data: result.data });
    } else {
      res.status(500).json({ message: "Failed to set return date" });
    }
  } else {
    res.status(403).json({ message: "Access denied" });
  }
 });
-// Route for API to set the take away date by the loan code
+// Route for API to set the take away date
-router.post("/setTakeDate/:key/:loan_code", apiKeyGuard, async (req, res) => {
+router.post("/setTakeDate/:key/:loan_code", async (req, res) => {
  if (req.params.key === process.env.ADMIN_ID) {
    const loanCode = req.params.loan_code;
    const result = await setTakeDateV2(loanCode);
    if (result.success) {
      res.status(200).json({ data: result.data });
    } else {
      res.status(500).json({ message: "Failed to set take date" });
    }
 });
 // Route for API to get ALL loans from the database without sensitive info (only for landingpage)
 router.get("/allLoans", async (req, res) => {
  const result = await getAllLoansV2();
  if (result.success) {
    return res.status(200).json(result.data);
  }
  return res.status(500).json({ message: "Failed to fetch loans" });
 });
 // Route for API to get ALL items from the database (only for landingpage)
 router.get("/allItems", async (req, res) => {
  const result = await getItemsFromDatabaseV2();
  if (result.success) {
    res.status(200).json(result.data);
  } else {
-    res.status(500).json({ message: "Failed to fetch items" });
+    res.status(403).json({ message: "Access denied" });
  }
 });
--- a/backend/scheme.sql
+++ b/backend/scheme.sql
@@ -58,14 +58,6 @@ CREATE TABLE `lockers` (
  UNIQUE KEY `locker_number` (`locker_number`)
 );
 CREATE TABLE `apiKeys` (
  `id` int NOT NULL AUTO_INCREMENT,
  `apiKey` int NOT NULL UNIQUE,
  `user` VARCHAR(255) NOT NULL,
  `entry_created_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`)
 );
 INSERT INTO `items` (`item_name`, `can_borrow_role`, `inSafe`) VALUES
 ('DJI 1er Mikro', 4, 1),
 ('DJI 2er Mikro 1', 4, 1),
--- a/backend/server.js
+++ b/backend/server.js
@@ -5,7 +5,7 @@ import apiRouter from "./routes/api.js";
 import apiRouterV2 from "./routes/apiV2.js";
 env.config();
 const app = express();
-const port = 8002;
+const port = 8102;
 app.use(cors());
 // Increase body size limits to support large CSV JSON payloads
--- a/backend/services/database.js
+++ b/backend/services/database.js
@@ -8,6 +8,7 @@ const pool = mysql
    user: process.env.DB_USER,
    password: process.env.DB_PASSWORD,
    database: process.env.DB_NAME,
    port: process.env.DB_PORT,
  })
  .promise();
@@ -447,46 +448,3 @@ export const updateItemByID = async (itemId, item_name, can_borrow_role) => {
  if (result.affectedRows > 0) return { success: true };
  return { success: false };
 };
 export const getAllLoansV2 = async () => {
  const [rows] = await pool.query(
    "SELECT id, username, start_date, end_date, loaned_items_name, returned_date, take_date FROM loans"
  );
  if (rows.length > 0) {
    return { success: true, data: rows };
  }
  return { success: false };
 };
 export const getAllApiKeys = async () => {
  const [rows] = await pool.query("SELECT * FROM apiKeys");
  if (rows.length > 0) {
    return { success: true, data: rows };
  }
  return { success: false };
 };
 export const createAPIentry = async (apiKey, user) => {
  const [result] = await pool.query(
    "INSERT INTO apiKeys (apiKey, user) VALUES (?, ?)",
    [apiKey, user]
  );
  if (result.affectedRows > 0) return { success: true };
  return { success: false };
 };
 export const deleteAPKey = async (apiKeyId) => {
  const [result] = await pool.query("DELETE FROM apiKeys WHERE id = ?", [
    apiKeyId,
  ]);
  if (result.affectedRows > 0) return { success: true };
  return { success: false };
 };
 export const getAPIkey = async () => {
  const [rows] = await pool.query("SELECT apiKey FROM apiKeys");
  if (rows.length > 0) {
    return { success: true, data: rows };
  }
  return { success: false };
 };
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,35 +1,45 @@
 services:
-  #  borrow_system-frontend:
+  borrow_system-frontend:
-  #    container_name: borrow_system-frontend
+    container_name: borrow_system-frontend
-  #    build: ./frontend
+    build: ./frontend
-  #    ports:
+    ports:
-  #      - "8001:8001"
+      - "8101:8101"
-  #    environment:
+    networks:
-  #      - CHOKIDAR_USEPOLLING=true
+      - proxynet
-  #    volumes:
+      - borrow_system-internal
-  #      - ./frontend:/app
+    environment:
-  #      - /app/node_modules
+      - CHOKIDAR_USEPOLLING=true
-  #    restart: unless-stopped
+    volumes:
      - ./frontend:/app
      - /app/node_modules
    restart: unless-stopped
-  #  admin-frontend:
+  admin-frontend:
-  #    container_name: admin-frontend
+    container_name: admin-frontend
-  #    build: ./admin
+    build: ./admin
-  #    ports:
+    networks:
-  #      - "8003:8003"
+      - proxynet
-  #    environment:
+      - borrow_system-internal
-  #      - CHOKIDAR_USEPOLLING=true
+    ports:
-  #    volumes:
+      - "8103:8103"
-  #      - ./admin:/app
+    environment:
-  #      - /app/node_modules
+      - CHOKIDAR_USEPOLLING=true
-  #    restart: unless-stopped
+    volumes:
      - ./admin:/app
      - /app/node_modules
    restart: unless-stopped
  borrow_system-backend:
    container_name: borrow_system-backend
    build: ./backend
    ports:
-      - "8002:8002"
+      - "8102:8102"
    networks:
      - proxynet
      - borrow_system-internal
    environment:
      DB_HOST: mysql
      DB_PORT: 3306
      DB_USER: root
      DB_PASSWORD: ${DB_PASSWORD}
      DB_NAME: borrow_system
@@ -52,6 +62,14 @@ services:
      - ./mysql-timezone.cnf:/etc/mysql/conf.d/timezone.cnf:ro
    ports:
      - "3309:3306"
    networks:
      - borrow_system-internal
 volumes:
  mysql-data:
 networks:
  proxynet:
    external: true
  borrow_system-internal:
    external: false
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -7,6 +7,6 @@ RUN npm install
 COPY . .
-EXPOSE 8001
+EXPOSE 8101
 CMD ["npm", "run", "dev"]
--- a/frontend/src/components/Form4.tsx
+++ b/frontend/src/components/Form4.tsx
@@ -28,7 +28,7 @@ const formatDate = (iso: string | null) => {
 };
 async function fetchUserLoans(): Promise<Loan[]> {
-  const res = await fetch("http://localhost:8002/api/userLoans", {
+  const res = await fetch("https://backend.insta.the1s.de/api/userLoans", {
    method: "GET",
    headers: { Authorization: `Bearer ${Cookies.get("token") || ""}` },
  });
--- a/frontend/src/utils/fetchData.ts
+++ b/frontend/src/utils/fetchData.ts
@@ -25,7 +25,7 @@ export const fetchAllData = async (token: string | undefined) => {
  if (!token) return;
  // First we fetch all items that are potentially available for borrowing
  try {
-    const response = await fetch("http://localhost:8002/api/items", {
+    const response = await fetch("https://backend.insta.the1s.de/api/items", {
      method: "GET",
      headers: {
        Authorization: `Bearer ${token}`,
@@ -57,7 +57,7 @@ export const fetchAllData = async (token: string | undefined) => {
  // get all loans
  try {
-    const response = await fetch("http://localhost:8002/api/loans", {
+    const response = await fetch("https://backend.insta.the1s.de/api/loans", {
      method: "GET",
      headers: {
        Authorization: `Bearer ${token}`,
@@ -89,7 +89,7 @@ export const fetchAllData = async (token: string | undefined) => {
  // get user loans
  try {
-    const response = await fetch("http://localhost:8002/api/userLoans", {
+    const response = await fetch("https://backend.insta.the1s.de/api/userLoans", {
      method: "GET",
      headers: {
        Authorization: `Bearer ${token}`,
@@ -122,7 +122,7 @@ export const fetchAllData = async (token: string | undefined) => {
 export const loginUser = async (username: string, password: string) => {
  try {
-    const response = await fetch("http://localhost:8002/api/login", {
+    const response = await fetch("https://backend.insta.the1s.de/api/login", {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
@@ -158,7 +158,7 @@ export const getBorrowableItems = async () => {
  }
  try {
-    const response = await fetch("http://localhost:8002/api/borrowableItems", {
+    const response = await fetch("https://backend.insta.the1s.de/api/borrowableItems", {
      method: "POST",
      headers: {
        Authorization: `Bearer ${Cookies.get("token") || ""}`,
--- a/frontend/src/utils/userHandler.ts
+++ b/frontend/src/utils/userHandler.ts
@@ -5,7 +5,7 @@ import { queryClient } from "./queryClient";
 export const handleDeleteLoan = async (loanID: number): Promise<boolean> => {
  try {
    const response = await fetch(
-      `http://localhost:8002/api/deleteLoan/${loanID}`,
+      `https://backend.insta.the1s.de/api/deleteLoan/${loanID}`,
      {
        method: "DELETE",
        headers: {
@@ -75,14 +75,17 @@ export const rmFromRemove = (itemID: number) => {
 export const createLoan = async (startDate: string, endDate: string) => {
  const items = removeArr;
-  const response = await fetch("http://localhost:8002/api/createLoan", {
+  const response = await fetch(
    "https://backend.insta.the1s.de/api/createLoan",
    {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
        Authorization: `Bearer ${Cookies.get("token") || ""}`,
      },
      body: JSON.stringify({ items, startDate, endDate }),
-  });
+    }
  );
  if (!response.ok) {
    myToast("Fehler beim Erstellen der Ausleihe", "error");
@@ -103,7 +106,7 @@ export const createLoan = async (startDate: string, endDate: string) => {
 export const onReturn = async (loanID: number) => {
  const response = await fetch(
-    `http://localhost:8002/api/returnLoan/${loanID}`,
+    `https://backend.insta.the1s.de/api/returnLoan/${loanID}`,
    {
      method: "POST",
      headers: {
@@ -122,12 +125,15 @@ export const onReturn = async (loanID: number) => {
 };
 export const onTake = async (loanID: number) => {
-  const response = await fetch(`http://localhost:8002/api/takeLoan/${loanID}`, {
+  const response = await fetch(
    `https://backend.insta.the1s.de/api/takeLoan/${loanID}`,
    {
      method: "POST",
      headers: {
        Authorization: `Bearer ${Cookies.get("token") || ""}`,
      },
-  });
+    }
  );
  if (!response.ok) {
    myToast("Fehler beim Ausleihen der Ausleihe", "error");
@@ -139,14 +145,17 @@ export const onTake = async (loanID: number) => {
 };
 export const changePW = async (oldPassword: string, newPassword: string) => {
-  const response = await fetch("http://localhost:8002/api/changePassword", {
+  const response = await fetch(
    "https://backend.insta.the1s.de/api/changePassword",
    {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
        Authorization: `Bearer ${Cookies.get("token") || ""}`,
      },
      body: JSON.stringify({ oldPassword, newPassword }),
-  });
+    }
  );
  if (!response.ok) {
    myToast("Fehler beim Ändern des Passworts", "error");
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -1,15 +1,17 @@
 import { defineConfig } from "vite";
 import react from "@vitejs/plugin-react";
 import svgr from "vite-plugin-svgr";
 import tailwindcss from "@tailwindcss/vite";
 export default defineConfig({
-  plugins: [react(), svgr(), tailwindcss()],
+  plugins: [tailwindcss()],
  server: {
    host: "0.0.0.0",
-    port: 8001,
+    allowedHosts: ["insta.the1s.de"],
-    watch: {
+    port: 8101,
-      usePolling: true,
+    watch: { usePolling: true },
    hmr: {
      host: "insta.the1s.de",
      port: 8101,
      protocol: "wss",
    },
  },
 });
Author	SHA1	Message	Date
Theis Gaedigk	a0be100db5	update changeSafeState function to use PUT method for state changes	2025-09-16 13:40:23 +02:00
Theis Gaedigk	2143d53eb5	chaged ports accordingly	2025-09-16 13:04:13 +02:00
Theis Gaedigk	c4d5ebd9ae	Merge branch 'dev_v1-admin' into debian12_v1-admin	2025-09-16 13:03:35 +02:00
Theis Gaedigk	938e9000f8	chnaged port config	2025-09-16 11:26:31 +02:00
Theis Gaedigk	558a8330af	Merge branch 'dev_v1-admin' into debian12_v1-admin	2025-09-16 11:20:37 +02:00
Theis Gaedigk	ad2395f98b	Merge branch 'dev_v1-admin' into debian12_v1-admin	2025-09-05 11:27:39 +02:00
Theis Gaedigk	51baf8d970	Merge branch 'dev_v1-admin' into debian12_v1-admin	2025-09-03 15:25:05 +02:00
Theis Gaedigk	d18465ff1d	changed urls	2025-09-03 14:54:20 +02:00
Theis Gaedigk	b36f1ba9ba	Merge branch 'dev_v1-admin' into debian12_v1-admin	2025-09-03 14:53:25 +02:00
Theis Gaedigk	784bd1e8ce	Merge branch 'dev_v1-admin' into debian12_v1-admin	2025-09-02 20:55:55 +02:00
Theis Gaedigk	ae7aec8d3b	fix: add missing network configuration for admin-frontend service	2025-09-02 20:45:02 +02:00
Theis Gaedigk	3f9381a80c	changed docker and ports	2025-09-02 20:37:32 +02:00
Theis Gaedigk	1826086186	changed docker config	2025-09-02 20:35:42 +02:00
Theis Gaedigk	af4abfc8f9	changed links for hosting	2025-09-02 20:34:20 +02:00
Theis Gaedigk	ba0f06e104	Merge branch 'dev_v1-admin' into debian12_v1-admin	2025-09-02 20:31:28 +02:00
Theis Gaedigk	a932144e94	Update README.md	2025-08-21 19:02:13 +02:00
theis.gaedigk	36ad60b782	Merge branch 'dev' into debian12	2025-08-21 18:55:50 +02:00
theis.gaedigk	e4467dba32	Merge branch 'dev' into debian12	2025-08-20 18:10:27 +02:00
theis.gaedigk	410923af92	Merge branch 'dev' into debian12	2025-08-20 13:39:19 +02:00
theis.gaedigk	24c405386b	fixed url bug	2025-08-20 13:21:55 +02:00
theis.gaedigk	d5296bd3fa	Merge branch 'dev' into debian12	2025-08-20 13:18:01 +02:00
theis.gaedigk	3ee2f6b670	Merge branch 'dev' into debian12	2025-08-20 01:08:15 +02:00
theis.gaedigk	09af4c760c	fix: update database connection settings in docker-compose and database service	2025-08-20 00:49:44 +02:00
theis.gaedigk	3fd0fd9584	fix: add borrow_system-internal network to frontend, backend, and mysql services in docker-compose	2025-08-20 00:45:43 +02:00
theis.gaedigk	27984ebac8	added	2025-08-20 00:42:56 +02:00
theis.gaedigk	3d4aab74d5	changed back	2025-08-20 00:30:49 +02:00
theis.gaedigk	4076630eec	changed	2025-08-20 00:27:06 +02:00
theis.gaedigk	6025212e93	refactor: remove redundant environment variable validation and connection check in database service fix: update dependency reference for backend service in docker-compose	2025-08-20 00:25:35 +02:00
theis.gaedigk	de554048eb	added tester	2025-08-20 00:20:35 +02:00
theis.gaedigk	e1d79d2c79	fix: update port numbers and API endpoints for consistency across backend and frontend	2025-08-19 23:55:13 +02:00