2. Zwischenstand

This reverts commit 6c3c318f86.

.idea/.gitignore

@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml

.idea/FEDEO.iml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
+      <excludeFolder url="file://$MODULE_DIR$/temp" />
+      <excludeFolder url="file://$MODULE_DIR$/tmp" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/FEDEO.iml" filepath="$PROJECT_DIR$/.idea/FEDEO.iml" />
+    </modules>
+  </component>
+</project>

.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>

README.md

@@ -1,109 +1,439 @@
+# FEDEO Hosting Guide
 
+Diese Anleitung beschreibt ein produktionsnahes Self-Hosting von FEDEO mit Docker Compose, Traefik, PostgreSQL und optionalem S3-kompatiblem Objektspeicher via MinIO.
 
+## Architektur
 
-# Docker Compose Setup
+Der Stack besteht aus:
 
-## ENV Vars
+- `frontend`: Nuxt-Frontend auf Port `3000`
+- `backend`: Node/Fastify-API auf Port `3100`
+- `db`: PostgreSQL
+- `traefik`: Reverse Proxy mit automatischen Let's-Encrypt-Zertifikaten
+- optional `minio`: S3-kompatibler Objektspeicher fur Dateiuploads
 
-- DOMAIN
+Die Konfiguration erfolgt uber Umgebungsvariablen beziehungsweise eine `.env`-Datei im Deploy-Verzeichnis.
-- PDF_LICENSE
-- DB_PASS
-- DB_USER
-- CONTACT_EMAIL
 
-## Docker Compose File
+## Voraussetzungen
-~~~
+
+Vor dem Deployment sollten folgende Punkte erfullt sein:
+
+- Ein Linux-Server oder VPS mit offentlichen Ports `80` und `443`
+- Docker Engine inkl. Compose Plugin
+- Eine Domain, die auf den Server zeigt, z. B. `app.example.com`
+- Optional: SMTP-Zugang fur E-Mails
+- Optional: S3-Bucket oder MinIO fur Dateispeicher
+
+Empfohlen:
+
+- mindestens 2 vCPU
+- mindestens 4 GB RAM
+- SSD-Speicher fur PostgreSQL und Dateiuploads
+
+## DNS und Netzwerk
+
+Lege mindestens einen A- oder AAAA-Record an:
+
+- `app.example.com -> <SERVER-IP>`
+
+Traefik terminiert TLS direkt im Compose-Stack. Es ist kein zusatzlicher Reverse Proxy davor erforderlich.
+
+## Benotigte Backend-Umgebungsvariablen
+
+Das Backend erwartet mindestens diese Umgebungsvariablen:
+
+- `COOKIE_SECRET`
+- `JWT_SECRET`
+- `PORT`
+- `HOST`
+- `DATABASE_URL`
+- `S3_BUCKET`
+- `ENCRYPTION_KEY`
+- `MAILER_SMTP_HOST`
+- `MAILER_SMTP_PORT`
+- `MAILER_SMTP_SSL`
+- `MAILER_SMTP_USER`
+- `MAILER_SMTP_PASS`
+- `MAILER_FROM`
+- `S3_ENDPOINT`
+- `S3_REGION`
+- `S3_ACCESS_KEY`
+- `S3_SECRET_KEY`
+- `M2M_API_KEY`
+- `API_BASE_URL`
+- `GOCARDLESS_BASE_URL`
+- `GOCARDLESS_SECRET_ID`
+- `GOCARDLESS_SECRET_KEY`
+- `DOKUBOX_IMAP_HOST`
+- `DOKUBOX_IMAP_PORT`
+- `DOKUBOX_IMAP_SECURE`
+- `DOKUBOX_IMAP_USER`
+- `DOKUBOX_IMAP_PASSWORD`
+- `OPENAI_API_KEY`
+- `STIRLING_API_KEY`
+
+Minimal wichtige Werte fur den ersten Start:
+
+- `HOST=0.0.0.0`
+- `PORT=3100`
+- `DATABASE_URL=postgres://fedeo:<starkes-passwort>@db:5432/fedeo`
+- `API_BASE_URL=https://app.example.com/backend`
+
+Wenn du MinIO verwendest, setze zusatzlich:
+
+- `S3_ENDPOINT=http://minio:9000`
+- `S3_REGION=eu-central-1`
+- `S3_ACCESS_KEY=<MINIO_ROOT_USER>`
+- `S3_SECRET_KEY=<MINIO_ROOT_PASSWORD>`
+- `S3_BUCKET=fedeo`
+
+## Deploy-Struktur
+
+Deploye den Stack direkt aus einem geklonten Checkout dieses Repositories, weil die Compose-Datei die lokalen Build-Kontexte `./frontend` und `./backend` verwendet.
+
+Beispiel:
+
+```bash
+git clone <DEIN-REPO-URL> /opt/fedeo
+cd /opt/fedeo
+```
+
+Die Verzeichnisstruktur sollte dann mindestens so aussehen:
+
+```text
+/opt/fedeo/
+  docker-compose.yml
+  .env
+  backend/
+  frontend/
+  traefik/
+    letsencrypt/
+    logs/
+  postgres/
+  minio/
+```
+
+Danach:
+
+```bash
+mkdir -p /opt/fedeo/traefik/letsencrypt
+mkdir -p /opt/fedeo/traefik/logs
+mkdir -p /opt/fedeo/postgres
+mkdir -p /opt/fedeo/minio
+touch /opt/fedeo/traefik/letsencrypt/acme.json
+chmod 600 /opt/fedeo/traefik/letsencrypt/acme.json
+```
+
+## Beispiel `.env`
+
+Diese Datei liegt neben der `docker-compose.yml`:
+
+```env
+DOMAIN=app.example.com
+CONTACT_EMAIL=admin@example.com
+
+DB_NAME=fedeo
+DB_USER=fedeo
+DB_PASSWORD=change-this-db-password
+DATABASE_URL=postgres://fedeo:change-this-db-password@db:5432/fedeo
+
+MINIO_ROOT_USER=fedeo-minio
+MINIO_ROOT_PASSWORD=change-this-minio-password
+MINIO_BUCKET=fedeo
+
+HOST=0.0.0.0
+PORT=3100
+COOKIE_SECRET=change-this-cookie-secret
+JWT_SECRET=change-this-jwt-secret
+ENCRYPTION_KEY=change-this-encryption-key
+
+MAILER_SMTP_HOST=smtp.example.com
+MAILER_SMTP_PORT=587
+MAILER_SMTP_SSL=false
+MAILER_SMTP_USER=mailer@example.com
+MAILER_SMTP_PASS=change-this-mail-password
+MAILER_FROM=FEDEO <no-reply@example.com>
+
+S3_ENDPOINT=http://minio:9000
+S3_REGION=eu-central-1
+S3_ACCESS_KEY=fedeo-minio
+S3_SECRET_KEY=change-this-minio-password
+S3_BUCKET=fedeo
+
+M2M_API_KEY=change-this-m2m-key
+API_BASE_URL=https://app.example.com/backend
+GOCARDLESS_BASE_URL=https://api.gocardless.com
+GOCARDLESS_SECRET_ID=replace-this
+GOCARDLESS_SECRET_KEY=replace-this
+
+DOKUBOX_IMAP_HOST=imap.example.com
+DOKUBOX_IMAP_PORT=993
+DOKUBOX_IMAP_SECURE=true
+DOKUBOX_IMAP_USER=dokubox@example.com
+DOKUBOX_IMAP_PASSWORD=change-this-imap-password
+
+OPENAI_API_KEY=replace-this
+STIRLING_API_KEY=replace-this
+
+NUXT_PUBLIC_PDF_LICENSE=replace-with-your-pdf-license
+```
+
+## Vollstandiges Docker Compose mit optionaler S3-MinIO-Option
+
+Hinweis: Der Stack unten startet MinIO standardmassig mit. Wenn du stattdessen AWS S3, Hetzner Object Storage, Backblaze B2 S3 oder einen anderen externen S3-Dienst nutzen willst, kannst du die Services `minio` und `createbuckets` entfernen und nur die entsprechenden S3-Umgebungsvariablen auf den externen Anbieter zeigen lassen.
+
+```yaml
 services:
-    frontend:
+  traefik:
-        image: git.federspiel.tech/flfeders/fedeo/frontend:main
+    image: traefik:v2.11
-        restart: always
+    container_name: fedeo-traefik
-        environment:
+    restart: unless-stopped
-            - NUXT_PUBLIC_API_BASE=https://${DOMAIN}/backend
+    command:
-            - NUXT_PUBLIC_PDF_LICENSE=${PDF_LICENSE}
+      - --api.insecure=false
-        networks:
+      - --api.dashboard=false
-            - traefik
+      - --providers.docker=true
-        labels:
+      - --providers.docker.exposedbydefault=false
-            - "traefik.enable=true"
+      - --entrypoints.web.address=:80
-            - "traefik.docker.network=traefik"
+      - --entrypoints.websecure.address=:443
-            - "traefik.port=3000"
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
-            # Middlewares
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
-            - "traefik.http.middlewares.fedeo-frontend-redirect-web-secure.redirectscheme.scheme=https"
+      - --certificatesresolvers.letsencrypt.acme.tlschallenge=true
-            # Web Entrypoint
+      - --certificatesresolvers.letsencrypt.acme.email=${CONTACT_EMAIL}
-            - "traefik.http.routers.fedeo-frontend.middlewares=fedeo-frontend-redirect-web-secure"
+      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
-            - "traefik.http.routers.fedeo-frontend.rule=Host(`${DOMAIN}`) && PathPrefix(`/`)"
+      - --accesslog=true
-            - "traefik.http.routers.fedeo-frontend.entrypoints=web"
+      - --accesslog.filepath=/logs/access.log
-            # Web Secure Entrypoint
+    ports:
-            - "traefik.http.routers.fedeo-frontend-secure.rule=Host(`${DOMAIN}`) && PathPrefix(`/`)"
+      - "80:80"
-            - "traefik.http.routers.fedeo-frontend-secure.entrypoints=web-secured" #
+      - "443:443"
-            - "traefik.http.routers.fedeo-frontend-secure.tls.certresolver=mytlschallenge"
+    volumes:
-    backend:
+      - ./traefik/letsencrypt:/letsencrypt
-        image: git.federspiel.tech/flfeders/fedeo/backend:main
+      - ./traefik/logs:/logs
-        restart: always
+      - /var/run/docker.sock:/var/run/docker.sock:ro
-        environment:
+    networks:
-            - INFISICAL_CLIENT_ID=
+      - web
-            - INFISICAL_CLIENT_SECRET=
+
-            - NODE_ENV=production
+  db:
-        networks:
+    image: postgres:16
-            - traefik
+    container_name: fedeo-db
-        labels:
+    restart: unless-stopped
-            - "traefik.enable=true"
+    environment:
-            - "traefik.docker.network=traefik"
+      POSTGRES_DB: ${DB_NAME}
-            - "traefik.port=3100"
+      POSTGRES_USER: ${DB_USER}
-            # Middlewares
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
-            - "traefik.http.middlewares.fedeo-backend-redirect-web-secure.redirectscheme.scheme=https"
+    volumes:
-            - "traefik.http.middlewares.fedeo-backend-strip.stripprefix.prefixes=/backend"
+      - ./postgres:/var/lib/postgresql/data
-            # Web Entrypoint
+    healthcheck:
-            - "traefik.http.routers.fedeo-backend.middlewares=fedeo-backend-redirect-web-secure"
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"]
-            - "traefik.http.routers.fedeo-backend.rule=Host(`${DOMAIN}`) && PathPrefix(`/backend`)"
+      interval: 10s
-            - "traefik.http.routers.fedeo-backend.entrypoints=web"
+      timeout: 5s
-            # Web Secure Entrypoint
+      retries: 10
-            - "traefik.http.routers.fedeo-backend-secure.rule=Host(`${DOMAIN}`) && PathPrefix(`/backend`)"
+    networks:
-            - "traefik.http.routers.fedeo-backend-secure.entrypoints=web-secured" #
+      - internal
-            - "traefik.http.routers.fedeo-backend-secure.tls.certresolver=mytlschallenge"
+
-            - "traefik.http.routers.fedeo-backend-secure.middlewares=fedeo-backend-strip"
+  minio:
-    #  db:
+    image: minio/minio:latest
-    #    image: postgres
+    container_name: fedeo-minio
-    #    restart: always
+    restart: unless-stopped
-    #    shm_size: 128mb
+    command: server /data --console-address ":9001"
-    #    environment:
+    environment:
-    #      POSTGRES_PASSWORD: 
+      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
-    #      POSTGRES_USER: 
+      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
-    #      POSTGRES_DB: 
+    volumes:
-    #    volumes:
+      - ./minio:/data
-    #      - ./pg-data:/var/lib/postgresql/data
+    healthcheck:
-    #    ports:
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
-    #      - "5432:5432"
+      interval: 10s
-    traefik:
+      timeout: 5s
-        image: traefik:v2.11
+      retries: 10
-        restart: unless-stopped
+    networks:
-        container_name: traefik
+      - internal
-        command:
+
-            - "--api.insecure=false"
+  createbuckets:
-            - "--api.dashboard=false"
+    image: minio/mc:latest
-            - "--api.debug=false"
+    container_name: fedeo-minio-init
-            - "--providers.docker=true"
+    depends_on:
-            - "--providers.docker.exposedbydefault=false"
+      minio:
-            - "--providers.docker.network=traefik"
+        condition: service_healthy
-            - "--entrypoints.web.address=:80"
+    entrypoint: >
-            - "--entrypoints.web-secured.address=:443"
+      /bin/sh -c "
-            - "--accesslog=true"
+      mc alias set local http://minio:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD};
-            - "--accesslog.filepath=/logs/access.log"
+      mc mb --ignore-existing local/${MINIO_BUCKET};
-            - "--accesslog.bufferingsize=5000"
+      mc anonymous set private local/${MINIO_BUCKET};
-            - "--accesslog.fields.defaultMode=keep"
+      exit 0;
-            - "--accesslog.fields.headers.defaultMode=keep"
+      "
-            - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true" #
+    restart: "no"
-            - "--certificatesresolvers.mytlschallenge.acme.email=${CONTACT_EMAIL}"
+    networks:
-            - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
+      - internal
-        ports:
+
-            - 80:80
+  backend:
-            - 443:443
+    build:
-        volumes:
+      context: ./backend
-            - "./traefik/letsencrypt:/letsencrypt" # <== Volume for certs (TLS)
+    container_name: fedeo-backend
-            - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    restart: unless-stopped
-            - "./traefik/logs:/logs"
+    depends_on:
-        networks:
+      db:
-            - traefik
+        condition: service_healthy
+      minio:
+        condition: service_healthy
+      createbuckets:
+        condition: service_completed_successfully
+    environment:
+      NODE_ENV: production
+      HOST: ${HOST}
+      PORT: ${PORT}
+      COOKIE_SECRET: ${COOKIE_SECRET}
+      JWT_SECRET: ${JWT_SECRET}
+      ENCRYPTION_KEY: ${ENCRYPTION_KEY}
+      DATABASE_URL: ${DATABASE_URL}
+      MAILER_SMTP_HOST: ${MAILER_SMTP_HOST}
+      MAILER_SMTP_PORT: ${MAILER_SMTP_PORT}
+      MAILER_SMTP_SSL: ${MAILER_SMTP_SSL}
+      MAILER_SMTP_USER: ${MAILER_SMTP_USER}
+      MAILER_SMTP_PASS: ${MAILER_SMTP_PASS}
+      MAILER_FROM: ${MAILER_FROM}
+      S3_ENDPOINT: ${S3_ENDPOINT}
+      S3_REGION: ${S3_REGION}
+      S3_ACCESS_KEY: ${S3_ACCESS_KEY}
+      S3_SECRET_KEY: ${S3_SECRET_KEY}
+      S3_BUCKET: ${S3_BUCKET}
+      M2M_API_KEY: ${M2M_API_KEY}
+      API_BASE_URL: ${API_BASE_URL}
+      GOCARDLESS_BASE_URL: ${GOCARDLESS_BASE_URL}
+      GOCARDLESS_SECRET_ID: ${GOCARDLESS_SECRET_ID}
+      GOCARDLESS_SECRET_KEY: ${GOCARDLESS_SECRET_KEY}
+      DOKUBOX_IMAP_HOST: ${DOKUBOX_IMAP_HOST}
+      DOKUBOX_IMAP_PORT: ${DOKUBOX_IMAP_PORT}
+      DOKUBOX_IMAP_SECURE: ${DOKUBOX_IMAP_SECURE}
+      DOKUBOX_IMAP_USER: ${DOKUBOX_IMAP_USER}
+      DOKUBOX_IMAP_PASSWORD: ${DOKUBOX_IMAP_PASSWORD}
+      OPENAI_API_KEY: ${OPENAI_API_KEY}
+      STIRLING_API_KEY: ${STIRLING_API_KEY}
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.fedeo-backend.rule=Host(`${DOMAIN}`) && PathPrefix(`/backend`)
+      - traefik.http.routers.fedeo-backend.entrypoints=websecure
+      - traefik.http.routers.fedeo-backend.tls.certresolver=letsencrypt
+      - traefik.http.middlewares.fedeo-backend-strip.stripprefix.prefixes=/backend
+      - traefik.http.routers.fedeo-backend.middlewares=fedeo-backend-strip
+      - traefik.http.services.fedeo-backend.loadbalancer.server.port=3100
+    networks:
+      - web
+      - internal
+
+  frontend:
+    build:
+      context: ./frontend
+    container_name: fedeo-frontend
+    restart: unless-stopped
+    depends_on:
+      - backend
+    environment:
+      NODE_ENV: production
+      NUXT_PUBLIC_API_BASE: https://${DOMAIN}/backend
+      NUXT_PUBLIC_PDF_LICENSE: ${NUXT_PUBLIC_PDF_LICENSE}
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.fedeo-frontend.rule=Host(`${DOMAIN}`)
+      - traefik.http.routers.fedeo-frontend.entrypoints=websecure
+      - traefik.http.routers.fedeo-frontend.tls.certresolver=letsencrypt
+      - traefik.http.services.fedeo-frontend.loadbalancer.server.port=3000
+    networks:
+      - web
+
 networks:
-    traefik:
+  web:
-        external: false
+    driver: bridge
-~~~
+  internal:
+    driver: bridge
+```
+
+## Externe S3-Provider statt MinIO
+
+Wenn du keinen lokalen MinIO-Container betreiben willst:
+
+1. Entferne die Services `minio` und `createbuckets` aus der Compose-Datei.
+2. Entferne im Backend `depends_on` fur `minio` und `createbuckets`.
+3. Trage in `.env` die Zugangsdaten des externen S3-Dienstes ein.
+
+Beispiel fur die relevanten Werte:
+
+```env
+S3_ENDPOINT=https://s3.eu-central-1.amazonaws.com
+S3_REGION=eu-central-1
+S3_ACCESS_KEY=...
+S3_SECRET_KEY=...
+S3_BUCKET=fedeo
+```
+
+Hinweis: Das Backend nutzt `forcePathStyle: true`. Das funktioniert sauber mit MinIO und vielen S3-kompatiblen Providern. Bei reinem AWS S3 kann je nach Endpoint-Setup ein abweichendes Verhalten sinnvoll sein. Falls du AWS S3 einsetzen willst, sollte die S3-Initialisierung im Backend gegen den konkreten Zielprovider getestet werden.
+
+## Start des Stacks
+
+Im Deploy-Verzeichnis:
+
+```bash
+docker compose build
+docker compose up -d
+```
+
+Danach Status prufen:
+
+```bash
+docker compose ps
+docker compose logs -f traefik
+docker compose logs -f backend
+```
+
+## Funktionsprufung
+
+Nach dem ersten Start sollten mindestens diese Checks erfolgreich sein:
+
+```bash
+curl -I https://app.example.com
+curl https://app.example.com/backend/health
+```
+
+Erwartung:
+
+- Frontend liefert `200` oder `302`
+- Backend liefert JSON wie `{"status":"ok"}`
+
+## Updates
+
+Bei neuen Versionen:
+
+```bash
+git pull
+docker compose build
+docker compose up -d
+```
+
+Falls du statt lokaler Builds vorgebaute Images verwenden willst, kannst du in der Compose-Datei `build:` durch passende `image:`-Eintrage ersetzen. Erst dann ist ein vorgelagertes `docker compose pull` sinnvoll.
+
+## Backup-Empfehlung
+
+Regelmassig sichern:
+
+- `./postgres`
+- `./minio` falls MinIO lokal genutzt wird
+- `./traefik/letsencrypt/acme.json`
+- deine `.env`
+- deine dokumentierten Secret-Werte aus der `.env` oder deinem Secret-Management
+
+## Bekannte Betriebsbesonderheiten
+
+- Das Backend startet nur sauber, wenn alle Pflichtvariablen gesetzt sind.
+- Ohne korrekt gesetzte S3-Secrets funktionieren Dateiuploads und dateibasierte Funktionen nicht.
+- Fur die Frontend-PDF-Funktion wird eine gueltige `NUXT_PUBLIC_PDF_LICENSE` benotigt.
+- PostgreSQL ist im Projekt vorgesehen; andere SQL-Datenbanken sind in dieser Compose-Datei nicht berucksichtigt.
+
+## Optional: Nur mit bestehender externer Infrastruktur
+
+Wenn bereits vorhanden:
+
+- externer Reverse Proxy
+- externer PostgreSQL-Server
+- externer S3-Speicher
+- externe Zertifikatsverwaltung
+
+dann konnen `traefik`, `db` und `minio` aus dem Stack entfernt werden. In diesem Fall mussen die zugehorigen Hostnamen und Zugangsdaten in der `.env` beziehungsweise im Frontend-Environment auf die externe Infrastruktur zeigen.

backend/.gitignore

@@ -3,3 +3,4 @@ node_modules
 .env
 
 /src/generated/prisma
+/dist/

backend/Dockerfile

@@ -1,6 +1,14 @@
-FROM node:20-alpine
+FROM node:20-bookworm-slim
 WORKDIR /usr/src/app
 
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        poppler-utils \
+        tesseract-ocr \
+        tesseract-ocr-deu \
+        tesseract-ocr-eng \
+    && rm -rf /var/lib/apt/lists/*
+
 # Package-Dateien
 COPY package*.json ./
 

backend/db/index.ts

@@ -2,11 +2,12 @@
 import { drizzle } from "drizzle-orm/node-postgres";
 import { Pool } from "pg";
 import * as schema from "./schema";
+import {secrets} from "../src/utils/secrets";
 
 console.log("[DB INIT] 1. Suche Connection String...");
 
 // Checken woher die URL kommt
-let connectionString = process.env.DATABASE_URL;
+let connectionString = process.env.DATABASE_URL || secrets.DATABASE_URL;
 if (connectionString) {
     console.log("[DB INIT] -> Gefunden in process.env.DATABASE_URL");
 } else {

backend/db/migrations/0007_bright_default_tax_type.sql

@@ -0,0 +1 @@
+ALTER TABLE "customers" ADD COLUMN "customTaxType" text;

backend/db/migrations/0008_quick_contracttypes.sql

@@ -0,0 +1,16 @@
+CREATE TABLE "contracttypes" (
+	"id" bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY (sequence name "contracttypes_id_seq" INCREMENT BY 1 MINVALUE 1 MAXVALUE 9223372036854775807 START WITH 1 CACHE 1),
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"tenant" bigint NOT NULL,
+	"name" text NOT NULL,
+	"description" text,
+	"paymentType" text,
+	"recurring" boolean DEFAULT false NOT NULL,
+	"archived" boolean DEFAULT false NOT NULL,
+	"updated_at" timestamp with time zone,
+	"updated_by" uuid
+);
+--> statement-breakpoint
+ALTER TABLE "contracttypes" ADD CONSTRAINT "contracttypes_tenant_tenants_id_fk" FOREIGN KEY ("tenant") REFERENCES "public"."tenants"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "contracttypes" ADD CONSTRAINT "contracttypes_updated_by_auth_users_id_fk" FOREIGN KEY ("updated_by") REFERENCES "public"."auth_users"("id") ON DELETE no action ON UPDATE no action;

backend/db/migrations/0009_heavy_contract_contracttype.sql

@@ -0,0 +1,3 @@
+ALTER TABLE "contracts" ADD COLUMN "contracttype" bigint;
+--> statement-breakpoint
+ALTER TABLE "contracts" ADD CONSTRAINT "contracts_contracttype_contracttypes_id_fk" FOREIGN KEY ("contracttype") REFERENCES "public"."contracttypes"("id") ON DELETE no action ON UPDATE no action;

backend/db/migrations/0010_sudden_billing_interval.sql

@@ -0,0 +1,3 @@
+ALTER TABLE "contracttypes" ADD COLUMN "billingInterval" text;
+--> statement-breakpoint
+ALTER TABLE "contracts" ADD COLUMN "billingInterval" text;

backend/db/migrations/0011_mighty_member_bankaccounts.sql

@@ -0,0 +1,16 @@
+CREATE TABLE "entitybankaccounts" (
+	"id" bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY (sequence name "entitybankaccounts_id_seq" INCREMENT BY 1 MINVALUE 1 MAXVALUE 9223372036854775807 START WITH 1 CACHE 1),
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"tenant" bigint NOT NULL,
+	"iban_encrypted" jsonb NOT NULL,
+	"bic_encrypted" jsonb NOT NULL,
+	"bank_name_encrypted" jsonb NOT NULL,
+	"description" text,
+	"updated_at" timestamp with time zone,
+	"updated_by" uuid,
+	"archived" boolean DEFAULT false NOT NULL
+);
+--> statement-breakpoint
+ALTER TABLE "entitybankaccounts" ADD CONSTRAINT "entitybankaccounts_tenant_tenants_id_fk" FOREIGN KEY ("tenant") REFERENCES "public"."tenants"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "entitybankaccounts" ADD CONSTRAINT "entitybankaccounts_updated_by_auth_users_id_fk" FOREIGN KEY ("updated_by") REFERENCES "public"."auth_users"("id") ON DELETE no action ON UPDATE no action;

backend/db/migrations/0012_shiny_customer_inventory.sql

@@ -0,0 +1,73 @@
+CREATE TABLE "customerspaces" (
+	"id" bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY (sequence name "customerspaces_id_seq" INCREMENT BY 1 MINVALUE 1 MAXVALUE 9223372036854775807 START WITH 1 CACHE 1),
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"name" text NOT NULL,
+	"type" text NOT NULL,
+	"tenant" bigint NOT NULL,
+	"customer" bigint NOT NULL,
+	"spaceNumber" text NOT NULL,
+	"parentSpace" bigint,
+	"infoData" jsonb DEFAULT '{"zip":"","city":"","streetNumber":""}'::jsonb NOT NULL,
+	"description" text,
+	"archived" boolean DEFAULT false NOT NULL,
+	"updated_at" timestamp with time zone,
+	"updated_by" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "customerinventoryitems" (
+	"id" bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY (sequence name "customerinventoryitems_id_seq" INCREMENT BY 1 MINVALUE 1 MAXVALUE 9223372036854775807 START WITH 1 CACHE 1),
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"name" text NOT NULL,
+	"description" text,
+	"tenant" bigint NOT NULL,
+	"customer" bigint NOT NULL,
+	"customerspace" bigint,
+	"customerInventoryId" text NOT NULL,
+	"serialNumber" text,
+	"quantity" bigint DEFAULT 0 NOT NULL,
+	"manufacturer" text,
+	"manufacturerNumber" text,
+	"purchaseDate" date,
+	"purchasePrice" double precision DEFAULT 0,
+	"currentValue" double precision,
+	"product" bigint,
+	"archived" boolean DEFAULT false NOT NULL,
+	"updated_at" timestamp with time zone,
+	"updated_by" uuid
+);
+--> statement-breakpoint
+ALTER TABLE "customerspaces" ADD CONSTRAINT "customerspaces_tenant_tenants_id_fk" FOREIGN KEY ("tenant") REFERENCES "public"."tenants"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "customerspaces" ADD CONSTRAINT "customerspaces_customer_customers_id_fk" FOREIGN KEY ("customer") REFERENCES "public"."customers"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "customerspaces" ADD CONSTRAINT "customerspaces_parentSpace_customerspaces_id_fk" FOREIGN KEY ("parentSpace") REFERENCES "public"."customerspaces"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "customerspaces" ADD CONSTRAINT "customerspaces_updated_by_auth_users_id_fk" FOREIGN KEY ("updated_by") REFERENCES "public"."auth_users"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_tenant_tenants_id_fk" FOREIGN KEY ("tenant") REFERENCES "public"."tenants"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_customer_customers_id_fk" FOREIGN KEY ("customer") REFERENCES "public"."customers"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_customerspace_customerspaces_id_fk" FOREIGN KEY ("customerspace") REFERENCES "public"."customerspaces"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_product_products_id_fk" FOREIGN KEY ("product") REFERENCES "public"."products"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_updated_by_auth_users_id_fk" FOREIGN KEY ("updated_by") REFERENCES "public"."auth_users"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+CREATE UNIQUE INDEX "customerinventoryitems_tenant_customerInventoryId_idx" ON "customerinventoryitems" USING btree ("tenant","customerInventoryId");
+--> statement-breakpoint
+ALTER TABLE "historyitems" ADD COLUMN "customerspace" bigint;
+--> statement-breakpoint
+ALTER TABLE "historyitems" ADD COLUMN "customerinventoryitem" bigint;
+--> statement-breakpoint
+ALTER TABLE "historyitems" ADD CONSTRAINT "historyitems_customerspace_customerspaces_id_fk" FOREIGN KEY ("customerspace") REFERENCES "public"."customerspaces"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "historyitems" ADD CONSTRAINT "historyitems_customerinventoryitem_customerinventoryitems_id_fk" FOREIGN KEY ("customerinventoryitem") REFERENCES "public"."customerinventoryitems"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "tenants" ALTER COLUMN "numberRanges" SET DEFAULT '{"vendors":{"prefix":"","suffix":"","nextNumber":10000},"customers":{"prefix":"","suffix":"","nextNumber":10000},"products":{"prefix":"AT-","suffix":"","nextNumber":1000},"quotes":{"prefix":"AN-","suffix":"","nextNumber":1000},"confirmationOrders":{"prefix":"AB-","suffix":"","nextNumber":1000},"invoices":{"prefix":"RE-","suffix":"","nextNumber":1000},"spaces":{"prefix":"LP-","suffix":"","nextNumber":1000},"customerspaces":{"prefix":"KLP-","suffix":"","nextNumber":1000},"inventoryitems":{"prefix":"IA-","suffix":"","nextNumber":1000},"customerinventoryitems":{"prefix":"KIA-","suffix":"","nextNumber":1000},"projects":{"prefix":"PRJ-","suffix":"","nextNumber":1000},"costcentres":{"prefix":"KST-","suffix":"","nextNumber":1000}}'::jsonb;
+--> statement-breakpoint
+UPDATE "tenants"
+SET "numberRanges" = COALESCE("numberRanges", '{}'::jsonb) || jsonb_build_object(
+    'customerspaces', COALESCE("numberRanges"->'customerspaces', '{"prefix":"KLP-","suffix":"","nextNumber":1000}'::jsonb),
+    'customerinventoryitems', COALESCE("numberRanges"->'customerinventoryitems', '{"prefix":"KIA-","suffix":"","nextNumber":1000}'::jsonb)
+);

backend/db/migrations/0013_brisk_customer_inventory_vendor.sql

@@ -0,0 +1,3 @@
+ALTER TABLE "customerinventoryitems" ADD COLUMN "vendor" bigint;
+--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_vendor_vendors_id_fk" FOREIGN KEY ("vendor") REFERENCES "public"."vendors"("id") ON DELETE no action ON UPDATE no action;

backend/db/migrations/0014_smart_memberrelations.sql

@@ -0,0 +1,20 @@
+CREATE TABLE "memberrelations" (
+	"id" bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY (sequence name "memberrelations_id_seq" INCREMENT BY 1 MINVALUE 1 MAXVALUE 9223372036854775807 START WITH 1 CACHE 1),
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"tenant" bigint NOT NULL,
+	"type" text NOT NULL,
+	"billingInterval" text NOT NULL,
+	"billingAmount" double precision DEFAULT 0 NOT NULL,
+	"archived" boolean DEFAULT false NOT NULL,
+	"updated_at" timestamp with time zone,
+	"updated_by" uuid
+);
+--> statement-breakpoint
+ALTER TABLE "customers" ADD COLUMN "memberrelation" bigint;
+--> statement-breakpoint
+ALTER TABLE "memberrelations" ADD CONSTRAINT "memberrelations_tenant_tenants_id_fk" FOREIGN KEY ("tenant") REFERENCES "public"."tenants"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "memberrelations" ADD CONSTRAINT "memberrelations_updated_by_auth_users_id_fk" FOREIGN KEY ("updated_by") REFERENCES "public"."auth_users"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "customers" ADD CONSTRAINT "customers_memberrelation_memberrelations_id_fk" FOREIGN KEY ("memberrelation") REFERENCES "public"."memberrelations"("id") ON DELETE no action ON UPDATE no action;
+

backend/db/migrations/0015_wise_memberrelation_history.sql

@@ -0,0 +1,4 @@
+ALTER TABLE "historyitems" ADD COLUMN "memberrelation" bigint;
+--> statement-breakpoint
+ALTER TABLE "historyitems" ADD CONSTRAINT "historyitems_memberrelation_memberrelations_id_fk" FOREIGN KEY ("memberrelation") REFERENCES "public"."memberrelations"("id") ON DELETE no action ON UPDATE no action;
+

backend/db/migrations/0016_fix_memberrelation_column_usage.sql

@@ -0,0 +1,33 @@
+ALTER TABLE "customers" ADD COLUMN IF NOT EXISTS "memberrelation" bigint;
+
+DO $$
+BEGIN
+    IF NOT EXISTS (
+        SELECT 1
+        FROM pg_constraint
+        WHERE conname = 'customers_memberrelation_memberrelations_id_fk'
+    ) THEN
+        ALTER TABLE "customers"
+            ADD CONSTRAINT "customers_memberrelation_memberrelations_id_fk"
+            FOREIGN KEY ("memberrelation")
+            REFERENCES "public"."memberrelations"("id")
+            ON DELETE no action
+            ON UPDATE no action;
+    END IF;
+END $$;
+
+UPDATE "customers"
+SET "memberrelation" = ("infoData"->>'memberrelation')::bigint
+WHERE
+    "memberrelation" IS NULL
+    AND "type" = 'Mitglied'
+    AND jsonb_typeof(COALESCE("infoData", '{}'::jsonb)) = 'object'
+    AND COALESCE("infoData", '{}'::jsonb) ? 'memberrelation'
+    AND ("infoData"->>'memberrelation') ~ '^[0-9]+$';
+
+UPDATE "customers"
+SET "infoData" = COALESCE("infoData", '{}'::jsonb) - 'memberrelation'
+WHERE
+    "type" = 'Mitglied'
+    AND jsonb_typeof(COALESCE("infoData", '{}'::jsonb)) = 'object'
+    AND COALESCE("infoData", '{}'::jsonb) ? 'memberrelation';

backend/db/migrations/0017_slow_the_hood.sql

@@ -0,0 +1,108 @@
+CREATE TABLE "contracttypes" (
+	"id" bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY (sequence name "contracttypes_id_seq" INCREMENT BY 1 MINVALUE 1 MAXVALUE 9223372036854775807 START WITH 1 CACHE 1),
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"tenant" bigint NOT NULL,
+	"name" text NOT NULL,
+	"description" text,
+	"paymentType" text,
+	"recurring" boolean DEFAULT false NOT NULL,
+	"billingInterval" text,
+	"archived" boolean DEFAULT false NOT NULL,
+	"updated_at" timestamp with time zone,
+	"updated_by" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "customerinventoryitems" (
+	"id" bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY (sequence name "customerinventoryitems_id_seq" INCREMENT BY 1 MINVALUE 1 MAXVALUE 9223372036854775807 START WITH 1 CACHE 1),
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"name" text NOT NULL,
+	"description" text,
+	"tenant" bigint NOT NULL,
+	"customer" bigint NOT NULL,
+	"customerspace" bigint,
+	"customerInventoryId" text NOT NULL,
+	"serialNumber" text,
+	"quantity" bigint DEFAULT 0 NOT NULL,
+	"manufacturer" text,
+	"manufacturerNumber" text,
+	"purchaseDate" date,
+	"purchasePrice" double precision DEFAULT 0,
+	"currentValue" double precision,
+	"product" bigint,
+	"vendor" bigint,
+	"archived" boolean DEFAULT false NOT NULL,
+	"updated_at" timestamp with time zone,
+	"updated_by" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "customerspaces" (
+	"id" bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY (sequence name "customerspaces_id_seq" INCREMENT BY 1 MINVALUE 1 MAXVALUE 9223372036854775807 START WITH 1 CACHE 1),
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"name" text NOT NULL,
+	"type" text NOT NULL,
+	"tenant" bigint NOT NULL,
+	"customer" bigint NOT NULL,
+	"spaceNumber" text NOT NULL,
+	"parentSpace" bigint,
+	"infoData" jsonb DEFAULT '{"zip":"","city":"","streetNumber":""}'::jsonb NOT NULL,
+	"description" text,
+	"archived" boolean DEFAULT false NOT NULL,
+	"updated_at" timestamp with time zone,
+	"updated_by" uuid
+);
+--> statement-breakpoint
+CREATE TABLE "entitybankaccounts" (
+	"id" bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY (sequence name "entitybankaccounts_id_seq" INCREMENT BY 1 MINVALUE 1 MAXVALUE 9223372036854775807 START WITH 1 CACHE 1),
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"tenant" bigint NOT NULL,
+	"iban_encrypted" jsonb NOT NULL,
+	"bic_encrypted" jsonb NOT NULL,
+	"bank_name_encrypted" jsonb NOT NULL,
+	"description" text,
+	"updated_at" timestamp with time zone,
+	"updated_by" uuid,
+	"archived" boolean DEFAULT false NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "memberrelations" (
+	"id" bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY (sequence name "memberrelations_id_seq" INCREMENT BY 1 MINVALUE 1 MAXVALUE 9223372036854775807 START WITH 1 CACHE 1),
+	"created_at" timestamp with time zone DEFAULT now() NOT NULL,
+	"tenant" bigint NOT NULL,
+	"type" text NOT NULL,
+	"billingInterval" text NOT NULL,
+	"billingAmount" double precision DEFAULT 0 NOT NULL,
+	"archived" boolean DEFAULT false NOT NULL,
+	"updated_at" timestamp with time zone,
+	"updated_by" uuid
+);
+--> statement-breakpoint
+ALTER TABLE "tenants" ALTER COLUMN "numberRanges" SET DEFAULT '{"vendors":{"prefix":"","suffix":"","nextNumber":10000},"customers":{"prefix":"","suffix":"","nextNumber":10000},"products":{"prefix":"AT-","suffix":"","nextNumber":1000},"quotes":{"prefix":"AN-","suffix":"","nextNumber":1000},"confirmationOrders":{"prefix":"AB-","suffix":"","nextNumber":1000},"invoices":{"prefix":"RE-","suffix":"","nextNumber":1000},"spaces":{"prefix":"LP-","suffix":"","nextNumber":1000},"customerspaces":{"prefix":"KLP-","suffix":"","nextNumber":1000},"inventoryitems":{"prefix":"IA-","suffix":"","nextNumber":1000},"customerinventoryitems":{"prefix":"KIA-","suffix":"","nextNumber":1000},"projects":{"prefix":"PRJ-","suffix":"","nextNumber":1000},"costcentres":{"prefix":"KST-","suffix":"","nextNumber":1000}}'::jsonb;--> statement-breakpoint
+ALTER TABLE "contracts" ADD COLUMN "contracttype" bigint;--> statement-breakpoint
+ALTER TABLE "contracts" ADD COLUMN "billingInterval" text;--> statement-breakpoint
+ALTER TABLE "customers" ADD COLUMN "customTaxType" text;--> statement-breakpoint
+ALTER TABLE "customers" ADD COLUMN "memberrelation" bigint;--> statement-breakpoint
+ALTER TABLE "historyitems" ADD COLUMN "customerspace" bigint;--> statement-breakpoint
+ALTER TABLE "historyitems" ADD COLUMN "customerinventoryitem" bigint;--> statement-breakpoint
+ALTER TABLE "historyitems" ADD COLUMN "memberrelation" bigint;--> statement-breakpoint
+ALTER TABLE "services" ADD COLUMN "priceUpdateLocked" boolean DEFAULT false NOT NULL;--> statement-breakpoint
+ALTER TABLE "contracttypes" ADD CONSTRAINT "contracttypes_tenant_tenants_id_fk" FOREIGN KEY ("tenant") REFERENCES "public"."tenants"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "contracttypes" ADD CONSTRAINT "contracttypes_updated_by_auth_users_id_fk" FOREIGN KEY ("updated_by") REFERENCES "public"."auth_users"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_tenant_tenants_id_fk" FOREIGN KEY ("tenant") REFERENCES "public"."tenants"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_customer_customers_id_fk" FOREIGN KEY ("customer") REFERENCES "public"."customers"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_customerspace_customerspaces_id_fk" FOREIGN KEY ("customerspace") REFERENCES "public"."customerspaces"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_product_products_id_fk" FOREIGN KEY ("product") REFERENCES "public"."products"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_vendor_vendors_id_fk" FOREIGN KEY ("vendor") REFERENCES "public"."vendors"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "customerinventoryitems" ADD CONSTRAINT "customerinventoryitems_updated_by_auth_users_id_fk" FOREIGN KEY ("updated_by") REFERENCES "public"."auth_users"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "customerspaces" ADD CONSTRAINT "customerspaces_tenant_tenants_id_fk" FOREIGN KEY ("tenant") REFERENCES "public"."tenants"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "customerspaces" ADD CONSTRAINT "customerspaces_customer_customers_id_fk" FOREIGN KEY ("customer") REFERENCES "public"."customers"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "customerspaces" ADD CONSTRAINT "customerspaces_parentSpace_customerspaces_id_fk" FOREIGN KEY ("parentSpace") REFERENCES "public"."customerspaces"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "customerspaces" ADD CONSTRAINT "customerspaces_updated_by_auth_users_id_fk" FOREIGN KEY ("updated_by") REFERENCES "public"."auth_users"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "entitybankaccounts" ADD CONSTRAINT "entitybankaccounts_tenant_tenants_id_fk" FOREIGN KEY ("tenant") REFERENCES "public"."tenants"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "entitybankaccounts" ADD CONSTRAINT "entitybankaccounts_updated_by_auth_users_id_fk" FOREIGN KEY ("updated_by") REFERENCES "public"."auth_users"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "memberrelations" ADD CONSTRAINT "memberrelations_tenant_tenants_id_fk" FOREIGN KEY ("tenant") REFERENCES "public"."tenants"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "memberrelations" ADD CONSTRAINT "memberrelations_updated_by_auth_users_id_fk" FOREIGN KEY ("updated_by") REFERENCES "public"."auth_users"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "contracts" ADD CONSTRAINT "contracts_contracttype_contracttypes_id_fk" FOREIGN KEY ("contracttype") REFERENCES "public"."contracttypes"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "customers" ADD CONSTRAINT "customers_memberrelation_memberrelations_id_fk" FOREIGN KEY ("memberrelation") REFERENCES "public"."memberrelations"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "historyitems" ADD CONSTRAINT "historyitems_customerspace_customerspaces_id_fk" FOREIGN KEY ("customerspace") REFERENCES "public"."customerspaces"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "historyitems" ADD CONSTRAINT "historyitems_customerinventoryitem_customerinventoryitems_id_fk" FOREIGN KEY ("customerinventoryitem") REFERENCES "public"."customerinventoryitems"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "historyitems" ADD CONSTRAINT "historyitems_memberrelation_memberrelations_id_fk" FOREIGN KEY ("memberrelation") REFERENCES "public"."memberrelations"("id") ON DELETE no action ON UPDATE no action;

backend/db/migrations/0018_account_chart.sql

@@ -0,0 +1,3 @@
+ALTER TABLE "accounts" ADD COLUMN "accountChart" text DEFAULT 'skr03' NOT NULL;
+--> statement-breakpoint
+ALTER TABLE "tenants" ADD COLUMN "accountChart" text DEFAULT 'skr03' NOT NULL;

backend/db/migrations/0019_custom_surcharge_percentage_decimal.sql

@@ -0,0 +1,3 @@
+ALTER TABLE "createddocuments"
+ALTER COLUMN "customSurchargePercentage" TYPE double precision
+USING "customSurchargePercentage"::double precision;

backend/db/migrations/0020_file_extracted_text.sql

@@ -0,0 +1 @@
+ALTER TABLE "files" ADD COLUMN "extracted_text" text;

backend/db/migrations/0021_admin_user_flag.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "auth_users"
+ADD COLUMN "is_admin" boolean NOT NULL DEFAULT false;

backend/db/migrations/0022_task_dependencies.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "tasks"
+ADD COLUMN "dependency_ids" jsonb NOT NULL DEFAULT '[]'::jsonb;

backend/db/migrations/0023_tax_evaluation_period.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "tenants"
+ADD COLUMN "taxEvaluationPeriod" text DEFAULT 'monthly' NOT NULL;

backend/db/migrations/meta/_journal.json

@@ -36,6 +36,132 @@
       "when": 1765716877146,
       "tag": "0004_stormy_onslaught",
       "breakpoints": true
+    },
+    {
+      "idx": 5,
+      "version": "7",
+      "when": 1771096926109,
+      "tag": "0005_green_shinobi_shaw",
+      "breakpoints": true
+    },
+    {
+      "idx": 6,
+      "version": "7",
+      "when": 1772000000000,
+      "tag": "0006_nifty_price_lock",
+      "breakpoints": true
+    },
+    {
+      "idx": 7,
+      "version": "7",
+      "when": 1772000100000,
+      "tag": "0007_bright_default_tax_type",
+      "breakpoints": true
+    },
+    {
+      "idx": 8,
+      "version": "7",
+      "when": 1773000000000,
+      "tag": "0008_quick_contracttypes",
+      "breakpoints": true
+    },
+    {
+      "idx": 9,
+      "version": "7",
+      "when": 1773000100000,
+      "tag": "0009_heavy_contract_contracttype",
+      "breakpoints": true
+    },
+    {
+      "idx": 10,
+      "version": "7",
+      "when": 1773000200000,
+      "tag": "0010_sudden_billing_interval",
+      "breakpoints": true
+    },
+    {
+      "idx": 11,
+      "version": "7",
+      "when": 1773000300000,
+      "tag": "0011_mighty_member_bankaccounts",
+      "breakpoints": true
+    },
+    {
+      "idx": 12,
+      "version": "7",
+      "when": 1773000400000,
+      "tag": "0012_shiny_customer_inventory",
+      "breakpoints": true
+    },
+    {
+      "idx": 13,
+      "version": "7",
+      "when": 1773000500000,
+      "tag": "0013_brisk_customer_inventory_vendor",
+      "breakpoints": true
+    },
+    {
+      "idx": 14,
+      "version": "7",
+      "when": 1773000600000,
+      "tag": "0014_smart_memberrelations",
+      "breakpoints": true
+    },
+    {
+      "idx": 15,
+      "version": "7",
+      "when": 1773000700000,
+      "tag": "0015_wise_memberrelation_history",
+      "breakpoints": true
+    },
+    {
+      "idx": 16,
+      "version": "7",
+      "when": 1773000800000,
+      "tag": "0016_fix_memberrelation_column_usage",
+      "breakpoints": true
+    },
+    {
+      "idx": 17,
+      "version": "7",
+      "when": 1771704862789,
+      "tag": "0017_slow_the_hood",
+      "breakpoints": true
+    },
+    {
+      "idx": 18,
+      "version": "7",
+      "when": 1773000900000,
+      "tag": "0018_account_chart",
+      "breakpoints": true
+    },
+    {
+      "idx": 19,
+      "version": "7",
+      "when": 1773572400000,
+      "tag": "0020_file_extracted_text",
+      "breakpoints": true
+    },
+    {
+      "idx": 20,
+      "version": "7",
+      "when": 1773835200000,
+      "tag": "0021_admin_user_flag",
+      "breakpoints": true
+    },
+    {
+      "idx": 21,
+      "version": "7",
+      "when": 1773925200000,
+      "tag": "0022_task_dependencies",
+      "breakpoints": true
+    },
+    {
+      "idx": 22,
+      "version": "7",
+      "when": 1774080000000,
+      "tag": "0023_tax_evaluation_period",
+      "breakpoints": true
     }
   ]
-}
+}

backend/db/schema/accounts.ts

@@ -16,6 +16,7 @@ export const accounts = pgTable("accounts", {
 
     number: text("number").notNull(),
     label: text("label").notNull(),
+    accountChart: text("accountChart").notNull().default("skr03"),
 
     description: text("description"),
 })

backend/db/schema/auth_users.ts

@@ -12,6 +12,7 @@ export const authUsers = pgTable("auth_users", {
 
     multiTenant: boolean("multi_tenant").notNull().default(true),
     must_change_password: boolean("must_change_password").notNull().default(false),
+    is_admin: boolean("is_admin").notNull().default(false),
 
     updatedAt: timestamp("updated_at", { withTimezone: true }),
 

backend/db/schema/contracts.ts

@@ -11,6 +11,7 @@ import {
 import { tenants } from "./tenants"
 import { customers } from "./customers"
 import { contacts } from "./contacts"
+import { contracttypes } from "./contracttypes"
 import { authUsers } from "./auth_users"
 
 export const contracts = pgTable(
@@ -48,6 +49,9 @@ export const contracts = pgTable(
         contact: bigint("contact", { mode: "number" }).references(
             () => contacts.id
         ),
+        contracttype: bigint("contracttype", { mode: "number" }).references(
+            () => contracttypes.id
+        ),
 
         bankingIban: text("bankingIban"),
         bankingBIC: text("bankingBIC"),
@@ -57,6 +61,7 @@ export const contracts = pgTable(
         sepaDate: timestamp("sepaDate", { withTimezone: true }),
 
         paymentType: text("paymentType"),
+        billingInterval: text("billingInterval"),
         invoiceDispatch: text("invoiceDispatch"),
 
         ownFields: jsonb("ownFields").notNull().default({}),

backend/db/schema/contracttypes.ts

@@ -0,0 +1,40 @@
+import {
+    pgTable,
+    bigint,
+    timestamp,
+    text,
+    boolean,
+    uuid,
+} from "drizzle-orm/pg-core"
+
+import { tenants } from "./tenants"
+import { authUsers } from "./auth_users"
+
+export const contracttypes = pgTable("contracttypes", {
+    id: bigint("id", { mode: "number" })
+        .primaryKey()
+        .generatedByDefaultAsIdentity(),
+
+    createdAt: timestamp("created_at", { withTimezone: true })
+        .notNull()
+        .defaultNow(),
+
+    tenant: bigint("tenant", { mode: "number" })
+        .notNull()
+        .references(() => tenants.id),
+
+    name: text("name").notNull(),
+    description: text("description"),
+
+    paymentType: text("paymentType"),
+    recurring: boolean("recurring").notNull().default(false),
+    billingInterval: text("billingInterval"),
+
+    archived: boolean("archived").notNull().default(false),
+
+    updatedAt: timestamp("updated_at", { withTimezone: true }),
+    updatedBy: uuid("updated_by").references(() => authUsers.id),
+})
+
+export type ContractType = typeof contracttypes.$inferSelect
+export type NewContractType = typeof contracttypes.$inferInsert

backend/db/schema/createddocuments.ts

@@ -6,6 +6,7 @@ import {
     jsonb,
     boolean,
     smallint,
+    doublePrecision,
     uuid,
 } from "drizzle-orm/pg-core"
 
@@ -96,7 +97,7 @@ export const createddocuments = pgTable("createddocuments", {
 
     taxType: text("taxType"),
 
-    customSurchargePercentage: smallint("customSurchargePercentage")
+    customSurchargePercentage: doublePrecision("customSurchargePercentage")
         .notNull()
         .default(0),
 

backend/db/schema/customerinventoryitems.ts

@@ -0,0 +1,66 @@
+import {
+    pgTable,
+    bigint,
+    timestamp,
+    text,
+    boolean,
+    doublePrecision,
+    uuid,
+    date,
+} from "drizzle-orm/pg-core"
+
+import { tenants } from "./tenants"
+import { customers } from "./customers"
+import { customerspaces } from "./customerspaces"
+import { products } from "./products"
+import { vendors } from "./vendors"
+import { authUsers } from "./auth_users"
+
+export const customerinventoryitems = pgTable("customerinventoryitems", {
+    id: bigint("id", { mode: "number" })
+        .primaryKey()
+        .generatedByDefaultAsIdentity(),
+
+    createdAt: timestamp("created_at", { withTimezone: true })
+        .notNull()
+        .defaultNow(),
+
+    name: text("name").notNull(),
+
+    description: text("description"),
+
+    tenant: bigint("tenant", { mode: "number" })
+        .notNull()
+        .references(() => tenants.id),
+
+    customer: bigint("customer", { mode: "number" })
+        .notNull()
+        .references(() => customers.id),
+
+    customerspace: bigint("customerspace", { mode: "number" }).references(
+        () => customerspaces.id
+    ),
+
+    customerInventoryId: text("customerInventoryId").notNull(),
+    serialNumber: text("serialNumber"),
+
+    quantity: bigint("quantity", { mode: "number" }).notNull().default(0),
+
+    manufacturer: text("manufacturer"),
+    manufacturerNumber: text("manufacturerNumber"),
+
+    purchaseDate: date("purchaseDate"),
+    purchasePrice: doublePrecision("purchasePrice").default(0),
+    currentValue: doublePrecision("currentValue"),
+
+    product: bigint("product", { mode: "number" }).references(() => products.id),
+    vendor: bigint("vendor", { mode: "number" }).references(() => vendors.id),
+
+    archived: boolean("archived").notNull().default(false),
+
+    updatedAt: timestamp("updated_at", { withTimezone: true }),
+    updatedBy: uuid("updated_by").references(() => authUsers.id),
+})
+
+export type CustomerInventoryItem = typeof customerinventoryitems.$inferSelect
+export type NewCustomerInventoryItem = typeof customerinventoryitems.$inferInsert

backend/db/schema/customers.ts

@@ -10,6 +10,7 @@ import {
 } from "drizzle-orm/pg-core"
 import { tenants } from "./tenants"
 import { authUsers } from "./auth_users"
+import { memberrelations } from "./memberrelations"
 
 export const customers = pgTable(
     "customers",
@@ -62,6 +63,8 @@ export const customers = pgTable(
         updatedBy: uuid("updated_by").references(() => authUsers.id),
 
         customPaymentType: text("custom_payment_type"), // ENUM payment_types separat?
+        customTaxType: text("customTaxType"),
+        memberrelation: bigint("memberrelation", { mode: "number" }).references(() => memberrelations.id),
     }
 )
 

backend/db/schema/customerspaces.ts

@@ -0,0 +1,54 @@
+import {
+    pgTable,
+    bigint,
+    timestamp,
+    text,
+    boolean,
+    jsonb,
+    uuid,
+} from "drizzle-orm/pg-core"
+
+import { tenants } from "./tenants"
+import { customers } from "./customers"
+import { authUsers } from "./auth_users"
+
+export const customerspaces = pgTable("customerspaces", {
+    id: bigint("id", { mode: "number" })
+        .primaryKey()
+        .generatedByDefaultAsIdentity(),
+
+    createdAt: timestamp("created_at", { withTimezone: true })
+        .notNull()
+        .defaultNow(),
+
+    name: text("name").notNull(),
+    type: text("type").notNull(),
+
+    tenant: bigint("tenant", { mode: "number" })
+        .notNull()
+        .references(() => tenants.id),
+
+    customer: bigint("customer", { mode: "number" })
+        .notNull()
+        .references(() => customers.id),
+
+    space_number: text("spaceNumber").notNull(),
+
+    parentSpace: bigint("parentSpace", { mode: "number" }).references(
+        () => customerspaces.id
+    ),
+
+    info_data: jsonb("infoData")
+        .notNull()
+        .default({ zip: "", city: "", streetNumber: "" }),
+
+    description: text("description"),
+
+    archived: boolean("archived").notNull().default(false),
+
+    updatedAt: timestamp("updated_at", { withTimezone: true }),
+    updatedBy: uuid("updated_by").references(() => authUsers.id),
+})
+
+export type CustomerSpace = typeof customerspaces.$inferSelect
+export type NewCustomerSpace = typeof customerspaces.$inferInsert

backend/db/schema/entitybankaccounts.ts

@@ -0,0 +1,39 @@
+import {
+    pgTable,
+    bigint,
+    timestamp,
+    text,
+    boolean,
+    jsonb,
+    uuid,
+} from "drizzle-orm/pg-core"
+import { tenants } from "./tenants"
+import { authUsers } from "./auth_users"
+
+export const entitybankaccounts = pgTable("entitybankaccounts", {
+    id: bigint("id", { mode: "number" })
+        .primaryKey()
+        .generatedByDefaultAsIdentity(),
+
+    createdAt: timestamp("created_at", { withTimezone: true })
+        .notNull()
+        .defaultNow(),
+
+    tenant: bigint("tenant", { mode: "number" })
+        .notNull()
+        .references(() => tenants.id),
+
+    ibanEncrypted: jsonb("iban_encrypted").notNull(),
+    bicEncrypted: jsonb("bic_encrypted").notNull(),
+    bankNameEncrypted: jsonb("bank_name_encrypted").notNull(),
+
+    description: text("description"),
+
+    updatedAt: timestamp("updated_at", { withTimezone: true }),
+    updatedBy: uuid("updated_by").references(() => authUsers.id),
+
+    archived: boolean("archived").notNull().default(false),
+})
+
+export type EntityBankAccount = typeof entitybankaccounts.$inferSelect
+export type NewEntityBankAccount = typeof entitybankaccounts.$inferInsert

backend/db/schema/files.ts

@@ -66,6 +66,7 @@ export const files = pgTable("files", {
     documentbox: uuid("documentbox").references(() => documentboxes.id),
 
     name: text("name"),
+    extractedText: text("extracted_text"),
 
     updatedAt: timestamp("updated_at", { withTimezone: true }),
     updatedBy: uuid("updated_by").references(() => authUsers.id),

backend/db/schema/historyitems.ts

@@ -20,6 +20,8 @@ import { tasks } from "./tasks"
 import { vehicles } from "./vehicles"
 import { bankstatements } from "./bankstatements"
 import { spaces } from "./spaces"
+import { customerspaces } from "./customerspaces"
+import { customerinventoryitems } from "./customerinventoryitems"
 import { costcentres } from "./costcentres"
 import { ownaccounts } from "./ownaccounts"
 import { createddocuments } from "./createddocuments"
@@ -32,6 +34,7 @@ import { events } from "./events"
 import { inventoryitemgroups } from "./inventoryitemgroups"
 import { authUsers } from "./auth_users"
 import {files} from "./files";
+import { memberrelations } from "./memberrelations";
 
 export const historyitems = pgTable("historyitems", {
     id: bigint("id", { mode: "number" })
@@ -99,6 +102,12 @@ export const historyitems = pgTable("historyitems", {
 
     space: bigint("space", { mode: "number" }).references(() => spaces.id),
 
+    customerspace: bigint("customerspace", { mode: "number" }).references(() => customerspaces.id),
+
+    customerinventoryitem: bigint("customerinventoryitem", { mode: "number" }).references(() => customerinventoryitems.id),
+
+    memberrelation: bigint("memberrelation", { mode: "number" }).references(() => memberrelations.id),
+
     config: jsonb("config"),
 
     projecttype: bigint("projecttype", { mode: "number" }).references(

backend/db/schema/index.ts

@@ -13,15 +13,19 @@ export * from "./checks"
 export * from "./citys"
 export * from "./contacts"
 export * from "./contracts"
+export * from "./contracttypes"
 export * from "./costcentres"
 export * from "./countrys"
 export * from "./createddocuments"
 export * from "./createdletters"
 export * from "./customers"
+export * from "./customerspaces"
+export * from "./customerinventoryitems"
 export * from "./devices"
 export * from "./documentboxes"
 export * from "./enums"
 export * from "./events"
+export * from "./entitybankaccounts"
 export * from "./files"
 export * from "./filetags"
 export * from "./folders"
@@ -42,7 +46,9 @@ export * from "./incominginvoices"
 export * from "./inventoryitemgroups"
 export * from "./inventoryitems"
 export * from "./letterheads"
+export * from "./memberrelations"
 export * from "./movements"
+export * from "./m2m_api_keys"
 export * from "./notifications_event_types"
 export * from "./notifications_items"
 export * from "./notifications_preferences"
@@ -72,4 +78,4 @@ export * from "./staff_time_events"
 export * from "./serialtypes"
 export * from "./serialexecutions"
 export * from "./public_links"
-export * from "./wikipages"
+export * from "./wikipages"

backend/db/schema/m2m_api_keys.ts

@@ -0,0 +1,48 @@
+import {
+    pgTable,
+    uuid,
+    bigint,
+    text,
+    timestamp,
+    boolean,
+} from "drizzle-orm/pg-core"
+
+import { tenants } from "./tenants"
+import { authUsers } from "./auth_users"
+
+export const m2mApiKeys = pgTable("m2m_api_keys", {
+    id: uuid("id").primaryKey().defaultRandom(),
+
+    createdAt: timestamp("created_at", { withTimezone: true })
+        .notNull()
+        .defaultNow(),
+
+    updatedAt: timestamp("updated_at", { withTimezone: true })
+        .notNull()
+        .defaultNow(),
+
+    tenantId: bigint("tenant_id", { mode: "number" })
+        .notNull()
+        .references(() => tenants.id, { onDelete: "cascade", onUpdate: "cascade" }),
+
+    userId: uuid("user_id")
+        .notNull()
+        .references(() => authUsers.id, { onDelete: "cascade", onUpdate: "cascade" }),
+
+    createdBy: uuid("created_by").references(() => authUsers.id, {
+        onDelete: "set null",
+        onUpdate: "cascade",
+    }),
+
+    name: text("name").notNull(),
+    keyPrefix: text("key_prefix").notNull(),
+    keyHash: text("key_hash").notNull().unique(),
+
+    active: boolean("active").notNull().default(true),
+
+    lastUsedAt: timestamp("last_used_at", { withTimezone: true }),
+    expiresAt: timestamp("expires_at", { withTimezone: true }),
+})
+
+export type M2mApiKey = typeof m2mApiKeys.$inferSelect
+export type NewM2mApiKey = typeof m2mApiKeys.$inferInsert

backend/db/schema/memberrelations.ts

@@ -0,0 +1,39 @@
+import {
+    pgTable,
+    bigint,
+    timestamp,
+    text,
+    boolean,
+    uuid,
+    doublePrecision,
+} from "drizzle-orm/pg-core"
+
+import { tenants } from "./tenants"
+import { authUsers } from "./auth_users"
+
+export const memberrelations = pgTable("memberrelations", {
+    id: bigint("id", { mode: "number" })
+        .primaryKey()
+        .generatedByDefaultAsIdentity(),
+
+    createdAt: timestamp("created_at", { withTimezone: true })
+        .notNull()
+        .defaultNow(),
+
+    tenant: bigint("tenant", { mode: "number" })
+        .notNull()
+        .references(() => tenants.id),
+
+    type: text("type").notNull(),
+    billingInterval: text("billingInterval").notNull(),
+    billingAmount: doublePrecision("billingAmount").notNull().default(0),
+
+    archived: boolean("archived").notNull().default(false),
+
+    updatedAt: timestamp("updated_at", { withTimezone: true }),
+    updatedBy: uuid("updated_by").references(() => authUsers.id),
+})
+
+export type MemberRelation = typeof memberrelations.$inferSelect
+export type NewMemberRelation = typeof memberrelations.$inferInsert
+

backend/db/schema/tenants.ts

@@ -74,6 +74,48 @@ export const tenants = pgTable(
             timeTracking: true,
             planningBoard: true,
             workingTimeTracking: true,
+            dashboard: true,
+            historyitems: true,
+            tasks: true,
+            wiki: true,
+            files: true,
+            createdletters: true,
+            documentboxes: true,
+            helpdesk: true,
+            email: true,
+            members: true,
+            customers: true,
+            vendors: true,
+            contactsList: true,
+            staffTime: true,
+            createDocument: true,
+            serialInvoice: true,
+            incomingInvoices: true,
+            costcentres: true,
+            accounts: true,
+            ownaccounts: true,
+            banking: true,
+            spaces: true,
+            customerspaces: true,
+            customerinventoryitems: true,
+            inventoryitems: true,
+            inventoryitemgroups: true,
+            products: true,
+            productcategories: true,
+            services: true,
+            servicecategories: true,
+            memberrelations: true,
+            staffProfiles: true,
+            hourrates: true,
+            projecttypes: true,
+            contracttypes: true,
+            plants: true,
+            settingsNumberRanges: true,
+            settingsEmailAccounts: true,
+            settingsBanking: true,
+            settingsTexttemplates: true,
+            settingsTenant: true,
+            export: true,
         }),
 
         ownFields: jsonb("ownFields"),
@@ -88,10 +130,13 @@ export const tenants = pgTable(
                 confirmationOrders: { prefix: "AB-", suffix: "", nextNumber: 1000 },
                 invoices: { prefix: "RE-", suffix: "", nextNumber: 1000 },
                 spaces: { prefix: "LP-", suffix: "", nextNumber: 1000 },
+                customerspaces: { prefix: "KLP-", suffix: "", nextNumber: 1000 },
                 inventoryitems: { prefix: "IA-", suffix: "", nextNumber: 1000 },
+                customerinventoryitems: { prefix: "KIA-", suffix: "", nextNumber: 1000 },
                 projects: { prefix: "PRJ-", suffix: "", nextNumber: 1000 },
                 costcentres: { prefix: "KST-", suffix: "", nextNumber: 1000 },
             }),
+        accountChart: text("accountChart").notNull().default("skr03"),
 
         standardEmailForInvoices: text("standardEmailForInvoices"),
 
@@ -116,6 +161,10 @@ export const tenants = pgTable(
             .notNull()
             .default(14),
 
+        taxEvaluationPeriod: text("taxEvaluationPeriod")
+            .notNull()
+            .default("monthly"),
+
         dokuboxEmailAddresses: jsonb("dokuboxEmailAddresses").default([]),
 
         dokuboxkey: uuid("dokuboxkey").notNull().defaultRandom(),

backend/drizzle.config.ts

@@ -6,6 +6,6 @@ export default defineConfig({
     schema: "./db/schema",
     out: "./db/migrations",
     dbCredentials: {
-        url: secrets.DATABASE_URL,
+        url: secrets.DATABASE_URL || "postgres://postgres:wJw7aNpEBJdcxgoct6GXNpvY4Cn6ECqu@fedeo-db-001.vpn.internal:5432/fedeo",
     },
 })

backend/package.json

@@ -9,7 +9,10 @@
     "dev:dav": "tsx watch src/webdav/server.ts",
     "build": "tsc",
     "start": "node dist/src/index.js",
-    "schema:index": "ts-node scripts/generate-schema-index.ts"
+    "schema:index": "ts-node scripts/generate-schema-index.ts",
+    "bankcodes:update": "tsx scripts/generate-de-bank-codes.ts",
+    "members:import:csv": "tsx scripts/import-members-csv.ts",
+    "accounts:import:skr42": "ts-node scripts/import-skr42-accounts.ts"
   },
   "repository": {
     "type": "git",

backend/scripts/generate-de-bank-codes.ts

@@ -0,0 +1,95 @@
+import fs from "node:fs/promises"
+import path from "node:path"
+import https from "node:https"
+
+const DEFAULT_SOURCE_URL =
+    "https://www.bundesbank.de/resource/blob/602632/bec25ca5df1eb62fefadd8325dafe67c/472B63F073F071307366337C94F8C870/blz-aktuell-txt-data.txt"
+
+const OUTPUT_NAME_FILE = path.resolve("src/utils/deBankCodes.ts")
+const OUTPUT_BIC_FILE = path.resolve("src/utils/deBankBics.ts")
+
+function fetchBuffer(url: string): Promise<Buffer> {
+    return new Promise((resolve, reject) => {
+        https
+            .get(url, (res) => {
+                if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+                    return resolve(fetchBuffer(res.headers.location))
+                }
+
+                if (res.statusCode !== 200) {
+                    return reject(new Error(`Download failed with status ${res.statusCode}`))
+                }
+
+                const chunks: Buffer[] = []
+                res.on("data", (chunk) => chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk)))
+                res.on("end", () => resolve(Buffer.concat(chunks)))
+                res.on("error", reject)
+            })
+            .on("error", reject)
+    })
+}
+
+function escapeTsString(value: string) {
+    return value.replace(/\\/g, "\\\\").replace(/"/g, '\\"')
+}
+
+async function main() {
+    const source = process.env.BLZ_SOURCE_URL || DEFAULT_SOURCE_URL
+    const sourceFile = process.env.BLZ_SOURCE_FILE
+    let raw: Buffer
+
+    if (sourceFile) {
+        console.log(`Reading BLZ source file: ${sourceFile}`)
+        raw = await fs.readFile(sourceFile)
+    } else {
+        console.log(`Downloading BLZ source: ${source}`)
+        raw = await fetchBuffer(source)
+    }
+    const content = raw.toString("latin1")
+
+    const lines = content.split(/\r?\n/)
+    const nameMap = new Map<string, string>()
+    const bicMap = new Map<string, string>()
+
+    for (const line of lines) {
+        if (!line || line.length < 150) continue
+        const blz = line.slice(0, 8).trim()
+        const name = line.slice(9, 67).trim()
+        const bic = line.slice(139, 150).trim()
+
+        if (!/^\d{8}$/.test(blz) || !name) continue
+        if (!nameMap.has(blz)) nameMap.set(blz, name)
+        if (bic && !bicMap.has(blz)) bicMap.set(blz, bic)
+    }
+
+    const sortedNames = [...nameMap.entries()].sort(([a], [b]) => a.localeCompare(b))
+    const sortedBics = [...bicMap.entries()].sort(([a], [b]) => a.localeCompare(b))
+
+    const nameOutputLines = [
+        "// Lokale Bankleitzahl-zu-Institut Zuordnung (DE).",
+        "// Quelle: Deutsche Bundesbank, BLZ-Datei (vollstaendig).",
+        "export const DE_BANK_CODE_TO_NAME: Record<string, string> = {",
+        ...sortedNames.map(([blz, name]) => `    "${blz}": "${escapeTsString(name)}",`),
+        "}",
+        "",
+    ]
+
+    const bicOutputLines = [
+        "// Lokale Bankleitzahl-zu-BIC Zuordnung (DE).",
+        "// Quelle: Deutsche Bundesbank, BLZ-Datei (vollstaendig).",
+        "export const DE_BANK_CODE_TO_BIC: Record<string, string> = {",
+        ...sortedBics.map(([blz, bic]) => `    "${blz}": "${escapeTsString(bic)}",`),
+        "}",
+        "",
+    ]
+
+    await fs.writeFile(OUTPUT_NAME_FILE, nameOutputLines.join("\n"), "utf8")
+    await fs.writeFile(OUTPUT_BIC_FILE, bicOutputLines.join("\n"), "utf8")
+    console.log(`Wrote ${sortedNames.length} bank names to ${OUTPUT_NAME_FILE}`)
+    console.log(`Wrote ${sortedBics.length} bank BICs to ${OUTPUT_BIC_FILE}`)
+}
+
+main().catch((err) => {
+    console.error(err)
+    process.exit(1)
+})

backend/scripts/import-members-csv.ts

@@ -0,0 +1,270 @@
+import fs from "node:fs"
+import path from "node:path"
+import { and, eq } from "drizzle-orm"
+
+import { db, pool } from "../db"
+import { customers, entitybankaccounts } from "../db/schema"
+import { decrypt, encrypt } from "../src/utils/crypt"
+import { loadSecrets, secrets } from "../src/utils/secrets"
+
+type CsvMemberRow = {
+    number: string
+    lastname: string
+    firstname: string
+    street: string
+    zip: string
+    city: string
+    birthdate: string
+    mobile: string
+    email: string
+    bankInstitute: string
+    iban: string
+    bic: string
+    date: string
+    memberStatus: string
+}
+
+const TENANT_ID = 38
+const DEFAULT_CSV_PATH = "/Users/florianfederspiel/Downloads/Mitglieder Übersicht 2026_1.csv"
+
+const args = process.argv.slice(2)
+const dryRun = args.includes("--dry-run")
+const csvArg = args.find((arg) => !arg.startsWith("--"))
+const csvPath = csvArg || DEFAULT_CSV_PATH
+
+function normalizeIban(value: string) {
+    return String(value || "").replace(/\s+/g, "").toUpperCase()
+}
+
+function parseGermanDate(value: string): string | null {
+    const v = String(value || "").trim()
+    if (!v) return null
+
+    const m = v.match(/^(\d{1,2})\.(\d{1,2})\.(\d{2}|\d{4})$/)
+    if (!m) return null
+
+    const day = m[1].padStart(2, "0")
+    const month = m[2].padStart(2, "0")
+    const yy = m[3]
+    const year = yy.length === 4 ? yy : (Number(yy) >= 70 ? `19${yy}` : `20${yy}`)
+
+    return `${year}-${month}-${day}`
+}
+
+function parseBoolFromStatus(value: string) {
+    const normalized = String(value || "").trim().toLowerCase()
+    return normalized !== "inaktiv"
+}
+
+function parseCsv(content: string): CsvMemberRow[] {
+    const lines = content
+        .split(/\r?\n/)
+        .map((l) => l.trim())
+        .filter((l) => l.length > 0)
+
+    if (!lines.length) return []
+
+    // Header:
+    // Nr;Name;Vorname;Straße, Hausnr.;PLZ;Wohnort;Geburtsdatum;Mobilfunknummer;Private Mail-Adresse;Kreditinstitut;IBAN;BIC;Datum;Mitgliedsstatus
+    const rows: CsvMemberRow[] = []
+    for (let i = 1; i < lines.length; i++) {
+        const cols = lines[i].split(";").map((v) => v.trim())
+        if (cols.length < 14) continue
+
+        const number = cols[0]
+        const lastname = cols[1]
+        const firstname = cols[2]
+        if (!number || !lastname || !firstname) continue
+
+        rows.push({
+            number,
+            lastname,
+            firstname,
+            street: cols[3] || "",
+            zip: cols[4] || "",
+            city: cols[5] || "",
+            birthdate: cols[6] || "",
+            mobile: cols[7] || "",
+            email: cols[8] || "",
+            bankInstitute: cols[9] || "",
+            iban: cols[10] || "",
+            bic: cols[11] || "",
+            date: cols[12] || "",
+            memberStatus: cols[13] || "",
+        })
+    }
+
+    return rows
+}
+
+async function loadBankAccountByIban(tenantId: number) {
+    const rows = await db
+        .select({
+            id: entitybankaccounts.id,
+            ibanEncrypted: entitybankaccounts.ibanEncrypted,
+        })
+        .from(entitybankaccounts)
+        .where(eq(entitybankaccounts.tenant, tenantId))
+
+    const map = new Map<string, number>()
+    for (const row of rows) {
+        try {
+            const iban = normalizeIban(decrypt(row.ibanEncrypted as any))
+            if (iban) map.set(iban, Number(row.id))
+        } catch {
+            // skip broken ciphertext rows
+        }
+    }
+    return map
+}
+
+async function main() {
+    if (!secrets.ENCRYPTION_KEY && process.env.ENCRYPTION_KEY) {
+        secrets.ENCRYPTION_KEY = process.env.ENCRYPTION_KEY
+    }
+
+    if (!secrets.ENCRYPTION_KEY && process.env.INFISICAL_CLIENT_ID && process.env.INFISICAL_CLIENT_SECRET) {
+        await loadSecrets()
+    }
+
+    if (!secrets.ENCRYPTION_KEY) {
+        throw new Error("ENCRYPTION_KEY fehlt. Bitte ENCRYPTION_KEY setzen oder Infisical-Zugang (INFISICAL_CLIENT_ID/INFISICAL_CLIENT_SECRET) bereitstellen.")
+    }
+
+    const absoluteCsvPath = path.resolve(csvPath)
+    if (!fs.existsSync(absoluteCsvPath)) {
+        throw new Error(`CSV nicht gefunden: ${absoluteCsvPath}`)
+    }
+
+    const raw = fs.readFileSync(absoluteCsvPath, "utf8")
+    const csvRows = parseCsv(raw)
+    if (!csvRows.length) {
+        throw new Error("Keine importierbaren Zeilen gefunden.")
+    }
+
+    const existingMembers = await db
+        .select()
+        .from(customers)
+        .where(and(eq(customers.tenant, TENANT_ID), eq(customers.type, "Mitglied")))
+
+    const memberByNumber = new Map(existingMembers.map((m) => [String(m.customerNumber), m]))
+    const bankAccountByIban = await loadBankAccountByIban(TENANT_ID)
+
+    let createdMembers = 0
+    let updatedMembers = 0
+    let createdBankAccounts = 0
+    let skippedNoIban = 0
+
+    for (const row of csvRows) {
+        const iban = normalizeIban(row.iban)
+        if (!iban) {
+            skippedNoIban += 1
+            continue
+        }
+
+
+        const fullName = `${row.firstname} ${row.lastname}`.trim()
+        const birthdate = parseGermanDate(row.birthdate)
+        const sepaSignedAt = parseGermanDate(row.date)
+        const active = parseBoolFromStatus(row.memberStatus)
+
+        let bankAccountId = bankAccountByIban.get(iban) || null
+
+        if (!bankAccountId) {
+            if (!dryRun) {
+                const [created] = await db
+                    .insert(entitybankaccounts)
+                    .values({
+                        tenant: TENANT_ID,
+                        ibanEncrypted: encrypt(iban),
+                        bicEncrypted: encrypt(row.bic || "UNBEKANNT"),
+                        bankNameEncrypted: encrypt(row.bankInstitute || "Unbekannt"),
+                        description: "Import Mitglieder Uebersicht 2026_1",
+                    })
+                    .returning({ id: entitybankaccounts.id })
+                bankAccountId = created?.id || null
+            } else {
+                bankAccountId = -1
+            }
+            if (bankAccountId) {
+                bankAccountByIban.set(iban, bankAccountId)
+                createdBankAccounts += 1
+            }
+        }
+
+        const existing = memberByNumber.get(String(row.number))
+        const existingInfo = (existing?.infoData && typeof existing.infoData === "object")
+            ? { ...(existing.infoData as Record<string, any>) }
+            : {}
+
+        const existingIds = Array.isArray(existingInfo.bankAccountIds) ? existingInfo.bankAccountIds : []
+        const mergedBankAccountIds = bankAccountId && !existingIds.includes(bankAccountId)
+            ? [...existingIds, bankAccountId]
+            : existingIds
+
+        const infoData = {
+            ...existingInfo,
+            street: row.street || existingInfo.street || "",
+            zip: row.zip || existingInfo.zip || "",
+            city: row.city || existingInfo.city || "",
+            phone: row.mobile || existingInfo.phone || "",
+            email: row.email || existingInfo.email || "",
+            birthdate: birthdate || existingInfo.birthdate || null,
+            hasSEPA: Boolean(sepaSignedAt || existingInfo.sepaSignedAt || existingInfo.hasSEPA),
+            sepaSignedAt: sepaSignedAt || existingInfo.sepaSignedAt || null,
+            bankAccountIds: mergedBankAccountIds,
+        }
+
+        const payload = {
+            tenant: TENANT_ID,
+            customerNumber: String(row.number),
+            type: "Mitglied",
+            isCompany: false,
+            firstname: row.firstname,
+            lastname: row.lastname,
+            name: fullName,
+            active,
+            infoData,
+            archived: false,
+        }
+
+        if (!existing) {
+            if (!dryRun) {
+                const [created] = await db.insert(customers).values(payload).returning()
+                if (created) memberByNumber.set(String(row.number), created)
+            }
+            createdMembers += 1
+        } else {
+            if (!dryRun) {
+                await db
+                    .update(customers)
+                    .set({
+                        ...payload,
+                        updatedAt: new Date(),
+                    })
+                    .where(and(eq(customers.id, existing.id), eq(customers.tenant, TENANT_ID)))
+            }
+            updatedMembers += 1
+        }
+    }
+
+    console.log("")
+    console.log(`[IMPORT MEMBERS] Tenant: ${TENANT_ID}`)
+    console.log(`[IMPORT MEMBERS] CSV: ${absoluteCsvPath}`)
+    console.log(`[IMPORT MEMBERS] Dry-Run: ${dryRun ? "JA" : "NEIN"}`)
+    console.log(`[IMPORT MEMBERS] Zeilen: ${csvRows.length}`)
+    console.log(`[IMPORT MEMBERS] Mitglieder erstellt: ${createdMembers}`)
+    console.log(`[IMPORT MEMBERS] Mitglieder aktualisiert: ${updatedMembers}`)
+    console.log(`[IMPORT MEMBERS] Bankkonten erstellt: ${createdBankAccounts}`)
+    console.log(`[IMPORT MEMBERS] Ohne IBAN übersprungen: ${skippedNoIban}`)
+    console.log("")
+}
+
+main()
+    .catch((err) => {
+        console.error("[IMPORT MEMBERS] Fehler:", err)
+        process.exitCode = 1
+    })
+    .finally(async () => {
+        await pool.end()
+    })

backend/scripts/import-skr42-accounts.ts

@@ -0,0 +1,265 @@
+import fs from "node:fs"
+import path from "node:path"
+import zlib from "node:zlib"
+
+type ParsedAccount = {
+    number: string
+    label: string
+}
+
+const DEFAULT_PDF_PATH = "/Users/florianfederspiel/Downloads/12901_DATEV-Kontenrahmen SKR 42 Vereine, Stiftungen, gGmbH (Bilanz).pdf"
+const ACCOUNT_CHART = "skr42"
+
+const args = process.argv.slice(2)
+const dryRun = args.includes("--dry-run")
+const parseOnly = args.includes("--parse-only")
+const pdfArg = args.find((arg) => !arg.startsWith("--"))
+const pdfPath = path.resolve(pdfArg || DEFAULT_PDF_PATH)
+
+function decodePdfString(raw: string) {
+    let out = ""
+
+    for (let i = 0; i < raw.length; i += 1) {
+        const ch = raw[i]
+
+        if (ch !== "\\") {
+            out += ch
+            continue
+        }
+
+        const next = raw[i + 1]
+        if (!next) break
+
+        if (next === "n") {
+            out += "\n"
+            i += 1
+            continue
+        }
+
+        if (next === "r") {
+            out += "\r"
+            i += 1
+            continue
+        }
+
+        if (next === "t") {
+            out += "\t"
+            i += 1
+            continue
+        }
+
+        if (next === "b") {
+            out += "\b"
+            i += 1
+            continue
+        }
+
+        if (next === "f") {
+            out += "\f"
+            i += 1
+            continue
+        }
+
+        if (next === "(" || next === ")" || next === "\\") {
+            out += next
+            i += 1
+            continue
+        }
+
+        if (/[0-7]/.test(next)) {
+            let oct = next
+            let advance = 1
+
+            for (let j = 2; j <= 3; j += 1) {
+                const c = raw[i + j]
+                if (!c || !/[0-7]/.test(c)) break
+                oct += c
+                advance += 1
+            }
+
+            out += String.fromCharCode(parseInt(oct, 8))
+            i += advance
+            continue
+        }
+
+        out += next
+        i += 1
+    }
+
+    return out
+}
+
+function extractTextFromTjOperator(segment: string) {
+    const parts = segment.match(/\((?:\\.|[^\\)])*\)/g)
+    if (!parts) return ""
+
+    return parts
+        .map((p) => decodePdfString(p.slice(1, -1)))
+        .join("")
+}
+
+function extractPdfTextStreams(pdfBuffer: Buffer) {
+    const pdfLatin = pdfBuffer.toString("latin1")
+    const texts: string[] = []
+
+    let cursor = 0
+    while (true) {
+        const streamPos = pdfLatin.indexOf("stream", cursor)
+        if (streamPos < 0) break
+
+        let dataStart = streamPos + 6
+        if (pdfLatin[dataStart] === "\r" && pdfLatin[dataStart + 1] === "\n") {
+            dataStart += 2
+        } else if (pdfLatin[dataStart] === "\n") {
+            dataStart += 1
+        }
+
+        const streamEnd = pdfLatin.indexOf("endstream", dataStart)
+        if (streamEnd < 0) break
+
+        const sliceEnd = streamEnd > dataStart && pdfBuffer[streamEnd - 1] === 0x0d
+            ? streamEnd - 1
+            : streamEnd
+
+        const compressed = pdfBuffer.subarray(dataStart, sliceEnd)
+
+        try {
+            const inflated = zlib.inflateSync(compressed).toString("latin1")
+            texts.push(inflated)
+        } catch {
+            // ignore non-flate streams
+        }
+
+        cursor = streamEnd + 9
+    }
+
+    return texts
+}
+
+function normalizeLabel(value: string) {
+    return value
+        .replace(/\s+/g, " ")
+        .replace(/\s+-\s+/g, "-")
+        .trim()
+}
+
+function looksLikeAccountLabel(value: string) {
+    const letters = (value.match(/[A-Za-zÄÖÜäöüß]/g) || []).length
+    return letters >= 3
+}
+
+function parseAccountsFromPdf(pdfBuffer: Buffer): ParsedAccount[] {
+    const streams = extractPdfTextStreams(pdfBuffer)
+    const found = new Map<string, string>()
+
+    const accountPattern = /^\s*([A-Z])?\s*(\d{3,5})\s+0\s+(.+)$/
+
+    for (const stream of streams) {
+        const operators = stream.match(/\[(?:.|\r|\n)*?\]TJ|\((?:\\.|[^\\)])*\)Tj/g)
+        if (!operators) continue
+
+        for (const op of operators) {
+            const text = normalizeLabel(extractTextFromTjOperator(op))
+            if (!text) continue
+
+            const m = text.match(accountPattern)
+            if (m) {
+                const number = m[2]
+                const label = normalizeLabel(m[3])
+                if (!looksLikeAccountLabel(label)) continue
+
+                const existing = found.get(number)
+                if (!existing || label.length > existing.length) {
+                    found.set(number, label)
+                }
+            }
+        }
+    }
+
+    return [...found.entries()]
+        .map(([number, label]) => ({ number, label }))
+        .sort((a, b) => Number(a.number) - Number(b.number))
+}
+
+async function main() {
+    if (!fs.existsSync(pdfPath)) {
+        throw new Error(`PDF nicht gefunden: ${pdfPath}`)
+    }
+
+    const pdfBuffer = fs.readFileSync(pdfPath)
+    const parsed = parseAccountsFromPdf(pdfBuffer)
+
+    if (!parsed.length) {
+        throw new Error("Keine Konten aus PDF extrahiert.")
+    }
+
+    if (parseOnly) {
+        console.log("")
+        console.log(`[SKR42 IMPORT] PDF: ${pdfPath}`)
+        console.log(`[SKR42 IMPORT] Gefundene Konten: ${parsed.length}`)
+        console.log(`[SKR42 IMPORT] Parse-Only: JA`)
+        console.log("")
+        console.log("[SKR42 IMPORT] Beispiel (erste 15):")
+        for (const item of parsed.slice(0, 15)) {
+            console.log(`  ${item.number} ${item.label}`)
+        }
+        console.log("")
+        return
+    }
+
+    const { eq } = await import("drizzle-orm")
+    const { db, pool } = await import("../db")
+    const { accounts } = await import("../db/schema")
+
+    const existing = await db
+        .select({ number: accounts.number })
+        .from(accounts)
+        .where(eq(accounts.accountChart, ACCOUNT_CHART))
+
+    const existingSet = new Set(existing.map((r) => String(r.number)))
+
+    const toInsert = parsed
+        .filter((a) => !existingSet.has(a.number))
+        .map((a) => ({
+            number: a.number,
+            label: a.label,
+            accountChart: ACCOUNT_CHART,
+            description: "DATEV SKR42 Import",
+        }))
+
+    if (!dryRun && toInsert.length > 0) {
+        const batchSize = 500
+        for (let i = 0; i < toInsert.length; i += batchSize) {
+            const batch = toInsert.slice(i, i + batchSize)
+            await db.insert(accounts).values(batch)
+        }
+    }
+
+    console.log("")
+    console.log(`[SKR42 IMPORT] PDF: ${pdfPath}`)
+    console.log(`[SKR42 IMPORT] Gefundene Konten: ${parsed.length}`)
+    console.log(`[SKR42 IMPORT] Bereits vorhanden (skr42): ${existing.length}`)
+    console.log(`[SKR42 IMPORT] Neu einzufuegen: ${toInsert.length}`)
+    console.log(`[SKR42 IMPORT] Dry-Run: ${dryRun ? "JA" : "NEIN"}`)
+    console.log("")
+
+    if (parsed.length > 0) {
+        console.log("[SKR42 IMPORT] Beispiel (erste 15):")
+        for (const item of parsed.slice(0, 15)) {
+            console.log(`  ${item.number} ${item.label}`)
+        }
+        console.log("")
+    }
+}
+
+main()
+    .catch((err) => {
+        console.error("[SKR42 IMPORT] Fehler:", err)
+        process.exitCode = 1
+    })
+    .finally(async () => {
+        if (!parseOnly) {
+            const { pool } = await import("../db")
+            await pool.end()
+        }
+    })

backend/src/index.ts

@@ -42,6 +42,7 @@ import helpdeskInboundEmailRoutes from "./routes/helpdesk.inbound.email";
 import deviceRoutes from "./routes/internal/devices";
 import tenantRoutesInternal from "./routes/internal/tenant";
 import staffTimeRoutesInternal from "./routes/internal/time";
+import authM2mInternalRoutes from "./routes/internal/auth.m2m";
 
 //Devices
 import devicesRFIDRoutes from "./routes/devices/rfid";
@@ -107,6 +108,7 @@ async function main() {
 
     await app.register(async (m2mApp) => {
         await m2mApp.register(authM2m)
+        await m2mApp.register(authM2mInternalRoutes)
         await m2mApp.register(helpdeskInboundEmailRoutes)
         await m2mApp.register(deviceRoutes)
         await m2mApp.register(tenantRoutesInternal)
@@ -167,4 +169,4 @@ async function main() {
     }
 }
 
-main();
+main();

backend/src/modules/cron/dokuboximport.service.ts

@@ -27,6 +27,10 @@ export function syncDokuboxService (server: FastifyInstance)  {
     let client: ImapFlow | null = null
 
     async function initDokuboxClient() {
+        if (client?.usable) {
+            return client
+        }
+
         client = new ImapFlow({
             host: secrets.DOKUBOX_IMAP_HOST,
             port: secrets.DOKUBOX_IMAP_PORT,
@@ -41,6 +45,7 @@ export function syncDokuboxService (server: FastifyInstance)  {
         console.log("Dokubox E-Mail Client Initialized")
 
         await client.connect()
+        return client
     }
 
     const syncDokubox = async () => {
@@ -92,7 +97,8 @@ export function syncDokuboxService (server: FastifyInstance)  {
                         if (!badMessageMessageSent) {
                             badMessageMessageSent = true
                         }
-                        return
+                        server.log.warn({ messageId: message.id, subject: message.subject }, "Dokubox message could not be mapped to a tenant")
+                        continue
                     }
 
                     if (message.attachments.length > 0) {
@@ -248,7 +254,6 @@ export function syncDokuboxService (server: FastifyInstance)  {
 
     return {
         run: async () => {
-            await initDokuboxClient()
             await syncDokubox()
             console.log("Service: Dokubox sync finished")
         }

backend/src/modules/cron/prepareIncomingInvoices.ts

@@ -8,107 +8,20 @@ import {
     files,
     filetags,
     incominginvoices,
-    vendors,
 } from "../../../db/schema"
 
-import { eq, and, isNull, not, desc } from "drizzle-orm"
+import { eq, and, isNull, not } from "drizzle-orm"
 
-type InvoiceAccount = {
+const formatInvoiceItemDescription = (item: any) => {
-    account?: number | null
+    const parts = [
-    description?: string | null
+        typeof item.description === "string" ? item.description.trim() : "",
-    taxType?: string | number | null
+        item.quantity !== null && item.quantity !== undefined
-}
+            ? [item.quantity, item.unit].filter(Boolean).join(" ")
+            : (typeof item.unit === "string" ? item.unit.trim() : ""),
+        typeof item.total === "number" ? `${item.total.toFixed(2)} EUR` : "",
+    ].filter(Boolean)
 
-const normalizeAccounts = (accounts: unknown): InvoiceAccount[] => {
+    return parts.join(" - ")
-    if (!Array.isArray(accounts)) return []
-    return accounts
-        .map((entry: any) => ({
-            account: typeof entry?.account === "number" ? entry.account : null,
-            description: typeof entry?.description === "string" ? entry.description : null,
-            taxType: entry?.taxType ?? null,
-        }))
-        .filter((entry) => entry.account !== null || entry.description || entry.taxType !== null)
-}
-
-const buildLearningContext = (historicalInvoices: any[]) => {
-    if (!historicalInvoices.length) return null
-
-    const vendorProfiles = new Map<number, {
-        vendorName: string
-        paymentTypes: Map<string, number>
-        accountUsage: Map<number, number>
-        sampleDescriptions: string[]
-    }>()
-
-    const recentExamples: any[] = []
-
-    for (const invoice of historicalInvoices) {
-        const accounts = normalizeAccounts(invoice.accounts)
-        const vendorId = typeof invoice.vendorId === "number" ? invoice.vendorId : null
-        const vendorName = typeof invoice.vendorName === "string" ? invoice.vendorName : "Unknown"
-
-        if (vendorId) {
-            if (!vendorProfiles.has(vendorId)) {
-                vendorProfiles.set(vendorId, {
-                    vendorName,
-                    paymentTypes: new Map(),
-                    accountUsage: new Map(),
-                    sampleDescriptions: [],
-                })
-            }
-
-            const profile = vendorProfiles.get(vendorId)!
-            if (invoice.paymentType) {
-                const key = String(invoice.paymentType)
-                profile.paymentTypes.set(key, (profile.paymentTypes.get(key) ?? 0) + 1)
-            }
-            for (const account of accounts) {
-                if (typeof account.account === "number") {
-                    profile.accountUsage.set(account.account, (profile.accountUsage.get(account.account) ?? 0) + 1)
-                }
-            }
-            if (invoice.description && profile.sampleDescriptions.length < 3) {
-                profile.sampleDescriptions.push(String(invoice.description).slice(0, 120))
-            }
-        }
-
-        if (recentExamples.length < 20) {
-            recentExamples.push({
-                vendorId,
-                vendorName,
-                paymentType: invoice.paymentType ?? null,
-                accounts: accounts.map((entry) => ({
-                    account: entry.account,
-                    description: entry.description ?? null,
-                    taxType: entry.taxType ?? null,
-                })),
-            })
-        }
-    }
-
-    const vendorPatterns = Array.from(vendorProfiles.entries())
-        .map(([vendorId, profile]) => {
-            const commonPaymentType = Array.from(profile.paymentTypes.entries())
-                .sort((a, b) => b[1] - a[1])[0]?.[0] ?? null
-            const topAccounts = Array.from(profile.accountUsage.entries())
-                .sort((a, b) => b[1] - a[1])
-                .slice(0, 4)
-                .map(([accountId, count]) => ({ accountId, count }))
-
-            return {
-                vendorId,
-                vendorName: profile.vendorName,
-                commonPaymentType,
-                topAccounts,
-                sampleDescriptions: profile.sampleDescriptions,
-            }
-        })
-        .slice(0, 50)
-
-    return JSON.stringify({
-        vendorPatterns,
-        recentExamples,
-    })
 }
 
 export function prepareIncomingInvoices(server: FastifyInstance) {
@@ -171,34 +84,13 @@ export function prepareIncomingInvoices(server: FastifyInstance) {
                 continue
             }
 
-            const historicalInvoices = await server.db
-                .select({
-                    vendorId: incominginvoices.vendor,
-                    vendorName: vendors.name,
-                    paymentType: incominginvoices.paymentType,
-                    description: incominginvoices.description,
-                    accounts: incominginvoices.accounts,
-                })
-                .from(incominginvoices)
-                .leftJoin(vendors, eq(incominginvoices.vendor, vendors.id))
-                .where(
-                    and(
-                        eq(incominginvoices.tenant, tenantId),
-                        eq(incominginvoices.archived, false)
-                    )
-                )
-                .orderBy(desc(incominginvoices.createdAt))
-                .limit(120)
-
-            const learningContext = buildLearningContext(historicalInvoices)
-
             // -------------------------------------------------------------
             // 3️⃣ Jede Datei einzeln durch GPT jagen & IncomingInvoice erzeugen
             // -------------------------------------------------------------
             for (const file of filesRes) {
                 console.log(`Processing file ${file.id} for tenant ${tenantId}`)
 
-                const data = await getInvoiceDataFromGPT(server,file, tenantId, learningContext ?? undefined)
+                const data = await getInvoiceDataFromGPT(server,file, tenantId)
 
                 if (!data) {
                     server.log.warn(`GPT returned no data for file ${file.id}`)
@@ -214,9 +106,9 @@ export function prepareIncomingInvoices(server: FastifyInstance) {
                 }
 
                 if (data.invoice_number) itemInfo.reference = data.invoice_number
-                if (data.invoice_date) itemInfo.date = dayjs(data.invoice_date).toISOString()
+                if (data.invoice_date && dayjs(data.invoice_date).isValid()) itemInfo.date = dayjs(data.invoice_date).toISOString()
                 if (data.issuer?.id) itemInfo.vendor = data.issuer.id
-                if (data.invoice_duedate) itemInfo.dueDate = dayjs(data.invoice_duedate).toISOString()
+                if (data.invoice_duedate && dayjs(data.invoice_duedate).isValid()) itemInfo.dueDate = dayjs(data.invoice_duedate).toISOString()
 
                 // Payment terms mapping
                 const mapPayment: any = {
@@ -229,16 +121,26 @@ export function prepareIncomingInvoices(server: FastifyInstance) {
 
                 // 3.2 Positionszeilen konvertieren
                 if (data.invoice_items?.length > 0) {
-                    itemInfo.accounts = data.invoice_items.map(item => ({
+                    itemInfo.accounts = data.invoice_items
-                        account: item.account_id,
+                        .filter(item => item.description || item.total !== null || item.total_without_tax !== null)
-                        description: item.description,
+                        .map(item => {
-                        amountNet: item.total_without_tax,
+                            const total = typeof item.total === "number" ? item.total : null
-                        amountTax: Number((item.total - item.total_without_tax).toFixed(2)),
+                            const totalWithoutTax = typeof item.total_without_tax === "number" ? item.total_without_tax : null
-                        taxType: String(item.tax_rate),
+                            const amountTax = total !== null && totalWithoutTax !== null
-                        amountGross: item.total,
+                                ? Number((total - totalWithoutTax).toFixed(2))
-                        costCentre: null,
+                                : null
-                        quantity: item.quantity,
+
-                    }))
+                            return {
+                                account: item.account_id,
+                                description: item.description,
+                                amountNet: totalWithoutTax,
+                                amountTax,
+                                taxType: item.tax_rate !== null ? String(item.tax_rate) : null,
+                                amountGross: total,
+                                costCentre: null,
+                                quantity: item.quantity,
+                            }
+                        })
                 }
 
                 // 3.3 Beschreibung generieren
@@ -247,7 +149,8 @@ export function prepareIncomingInvoices(server: FastifyInstance) {
                 if (data.reference) description += `Referenz: ${data.reference}\n`
                 if (data.invoice_items) {
                     for (const item of data.invoice_items) {
-                        description += `${item.description} - ${item.quantity} ${item.unit} - ${item.total}\n`
+                        const line = formatInvoiceItemDescription(item)
+                        if (line) description += `${line}\n`
                     }
                 }
                 itemInfo.description = description.trim()

backend/src/modules/serialexecution.service.ts

@@ -1,6 +1,5 @@
 import dayjs from "dayjs";
 import quarterOfYear from "dayjs/plugin/quarterOfYear";
-import Handlebars from "handlebars";
 import axios from "axios";
 import { eq, inArray, and } from "drizzle-orm"; // Drizzle Operatoren
 
@@ -10,6 +9,7 @@ import { saveFile } from "../utils/files";
 import {FastifyInstance} from "fastify";
 import {useNextNumberRangeNumber} from "../utils/functions";
 import {createInvoicePDF} from "../utils/pdf"; // Achtung: Muss Node.js Buffer unterstützen!
+import { documentTemplateHandlebars } from "../utils/handlebars";
 
 dayjs.extend(quarterOfYear);
 
@@ -609,8 +609,8 @@ export function getDocumentDataBackend(
         };
     };
 
-    const templateStartText = Handlebars.compile(itemInfo.startText || "");
+    const templateStartText = documentTemplateHandlebars.compile(itemInfo.startText || "");
-    const templateEndText = Handlebars.compile(itemInfo.endText || "");
+    const templateEndText = documentTemplateHandlebars.compile(itemInfo.endText || "");
 
     // --- 6. Title Sums Formatting ---
     let returnTitleSums: Record<string, string> = {};

backend/src/modules/service-price-recalculation.service.ts

@@ -0,0 +1,249 @@
+import { and, eq } from "drizzle-orm";
+import * as schema from "../../db/schema";
+import { FastifyInstance } from "fastify";
+
+type CompositionRow = {
+    product?: number | string | null;
+    service?: number | string | null;
+    hourrate?: string | null;
+    quantity?: number | string | null;
+    price?: number | string | null;
+    purchasePrice?: number | string | null;
+    [key: string]: any;
+};
+
+function toNumber(value: any): number {
+    const num = Number(value ?? 0);
+    return Number.isFinite(num) ? num : 0;
+}
+
+function round2(value: number): number {
+    return Number(value.toFixed(2));
+}
+
+function getJsonNumber(source: unknown, key: string): number {
+    if (!source || typeof source !== "object") return 0;
+    return toNumber((source as Record<string, unknown>)[key]);
+}
+
+function normalizeId(value: unknown): number | null {
+    if (value === null || value === undefined || value === "") return null;
+    const num = Number(value);
+    return Number.isFinite(num) ? num : null;
+}
+
+function normalizeUuid(value: unknown): string | null {
+    if (typeof value !== "string") return null;
+    const trimmed = value.trim();
+    return trimmed.length ? trimmed : null;
+}
+
+function sanitizeCompositionRows(value: unknown): CompositionRow[] {
+    if (!Array.isArray(value)) return [];
+    return value.filter((entry): entry is CompositionRow => !!entry && typeof entry === "object");
+}
+
+export async function recalculateServicePricesForTenant(server: FastifyInstance, tenantId: number, updatedBy?: string | null) {
+    const [services, products, hourrates] = await Promise.all([
+        server.db.select().from(schema.services).where(eq(schema.services.tenant, tenantId)),
+        server.db.select().from(schema.products).where(eq(schema.products.tenant, tenantId)),
+        server.db.select().from(schema.hourrates).where(eq(schema.hourrates.tenant, tenantId)),
+    ]);
+
+    const serviceMap = new Map(services.map((item) => [item.id, item]));
+    const productMap = new Map(products.map((item) => [item.id, item]));
+    const hourrateMap = new Map(hourrates.map((item) => [item.id, item]));
+
+    const memo = new Map<number, {
+        sellingTotal: number;
+        purchaseTotal: number;
+        materialTotal: number;
+        materialPurchaseTotal: number;
+        workerTotal: number;
+        workerPurchaseTotal: number;
+        materialComposition: CompositionRow[];
+        personalComposition: CompositionRow[];
+    }>();
+    const stack = new Set<number>();
+
+    const calculateService = (serviceId: number) => {
+        if (memo.has(serviceId)) return memo.get(serviceId)!;
+
+        const service = serviceMap.get(serviceId);
+        const emptyResult = {
+            sellingTotal: 0,
+            purchaseTotal: 0,
+            materialTotal: 0,
+            materialPurchaseTotal: 0,
+            workerTotal: 0,
+            workerPurchaseTotal: 0,
+            materialComposition: [],
+            personalComposition: [],
+        };
+
+        if (!service) return emptyResult;
+        if (stack.has(serviceId)) return emptyResult;
+
+        // Gesperrte Leistungen bleiben bei automatischen Preis-Updates unverändert.
+        if (service.priceUpdateLocked) {
+            const lockedResult = {
+                sellingTotal: getJsonNumber(service.sellingPriceComposed, "total") || toNumber(service.sellingPrice),
+                purchaseTotal: getJsonNumber(service.purchasePriceComposed, "total"),
+                materialTotal: getJsonNumber(service.sellingPriceComposed, "material"),
+                materialPurchaseTotal: getJsonNumber(service.purchasePriceComposed, "material"),
+                workerTotal: getJsonNumber(service.sellingPriceComposed, "worker"),
+                workerPurchaseTotal: getJsonNumber(service.purchasePriceComposed, "worker"),
+                materialComposition: sanitizeCompositionRows(service.materialComposition),
+                personalComposition: sanitizeCompositionRows(service.personalComposition),
+            };
+            memo.set(serviceId, lockedResult);
+            return lockedResult;
+        }
+
+        stack.add(serviceId);
+        try {
+            const materialComposition = sanitizeCompositionRows(service.materialComposition);
+            const personalComposition = sanitizeCompositionRows(service.personalComposition);
+            const hasMaterialComposition = materialComposition.length > 0;
+            const hasPersonalComposition = personalComposition.length > 0;
+
+            // Ohne Zusammensetzung keine automatische Überschreibung:
+            // manuell gepflegte Preise sollen erhalten bleiben.
+            if (!hasMaterialComposition && !hasPersonalComposition) {
+                const manualResult = {
+                    sellingTotal: getJsonNumber(service.sellingPriceComposed, "total") || toNumber(service.sellingPrice),
+                    purchaseTotal: getJsonNumber(service.purchasePriceComposed, "total"),
+                    materialTotal: getJsonNumber(service.sellingPriceComposed, "material"),
+                    materialPurchaseTotal: getJsonNumber(service.purchasePriceComposed, "material"),
+                    workerTotal: getJsonNumber(service.sellingPriceComposed, "worker"),
+                    workerPurchaseTotal: getJsonNumber(service.purchasePriceComposed, "worker"),
+                    materialComposition,
+                    personalComposition,
+                };
+                memo.set(serviceId, manualResult);
+                return manualResult;
+            }
+
+            let materialTotal = 0;
+            let materialPurchaseTotal = 0;
+
+            const normalizedMaterialComposition = materialComposition.map((entry) => {
+                const quantity = toNumber(entry.quantity);
+                const productId = normalizeId(entry.product);
+                const childServiceId = normalizeId(entry.service);
+
+                let sellingPrice = toNumber(entry.price);
+                let purchasePrice = toNumber(entry.purchasePrice);
+
+                if (productId) {
+                    const product = productMap.get(productId);
+                    sellingPrice = toNumber(product?.selling_price);
+                    purchasePrice = toNumber(product?.purchase_price);
+                } else if (childServiceId) {
+                    const child = calculateService(childServiceId);
+                    sellingPrice = toNumber(child.sellingTotal);
+                    purchasePrice = toNumber(child.purchaseTotal);
+                }
+
+                materialTotal += quantity * sellingPrice;
+                materialPurchaseTotal += quantity * purchasePrice;
+
+                return {
+                    ...entry,
+                    price: round2(sellingPrice),
+                    purchasePrice: round2(purchasePrice),
+                };
+            });
+
+            let workerTotal = 0;
+            let workerPurchaseTotal = 0;
+            const normalizedPersonalComposition = personalComposition.map((entry) => {
+                const quantity = toNumber(entry.quantity);
+                const hourrateId = normalizeUuid(entry.hourrate);
+
+                let sellingPrice = toNumber(entry.price);
+                let purchasePrice = toNumber(entry.purchasePrice);
+
+                if (hourrateId) {
+                    const hourrate = hourrateMap.get(hourrateId);
+                    if (hourrate) {
+                        sellingPrice = toNumber(hourrate.sellingPrice);
+                        purchasePrice = toNumber(hourrate.purchase_price);
+                    }
+                }
+
+                workerTotal += quantity * sellingPrice;
+                workerPurchaseTotal += quantity * purchasePrice;
+
+                return {
+                    ...entry,
+                    price: round2(sellingPrice),
+                    purchasePrice: round2(purchasePrice),
+                };
+            });
+
+            const result = {
+                sellingTotal: round2(materialTotal + workerTotal),
+                purchaseTotal: round2(materialPurchaseTotal + workerPurchaseTotal),
+                materialTotal: round2(materialTotal),
+                materialPurchaseTotal: round2(materialPurchaseTotal),
+                workerTotal: round2(workerTotal),
+                workerPurchaseTotal: round2(workerPurchaseTotal),
+                materialComposition: normalizedMaterialComposition,
+                personalComposition: normalizedPersonalComposition,
+            };
+
+            memo.set(serviceId, result);
+            return result;
+        } finally {
+            stack.delete(serviceId);
+        }
+    };
+
+    for (const service of services) {
+        calculateService(service.id);
+    }
+
+    const updates = services
+        .filter((service) => !service.priceUpdateLocked)
+        .map(async (service) => {
+            const calc = memo.get(service.id);
+            if (!calc) return;
+
+            const sellingPriceComposed = {
+                worker: calc.workerTotal,
+                material: calc.materialTotal,
+                total: calc.sellingTotal,
+            };
+
+            const purchasePriceComposed = {
+                worker: calc.workerPurchaseTotal,
+                material: calc.materialPurchaseTotal,
+                total: calc.purchaseTotal,
+            };
+
+            const unchanged =
+                JSON.stringify(service.materialComposition ?? []) === JSON.stringify(calc.materialComposition) &&
+                JSON.stringify(service.personalComposition ?? []) === JSON.stringify(calc.personalComposition) &&
+                JSON.stringify(service.sellingPriceComposed ?? {}) === JSON.stringify(sellingPriceComposed) &&
+                JSON.stringify(service.purchasePriceComposed ?? {}) === JSON.stringify(purchasePriceComposed) &&
+                round2(toNumber(service.sellingPrice)) === calc.sellingTotal;
+
+            if (unchanged) return;
+
+            await server.db
+                .update(schema.services)
+                .set({
+                    materialComposition: calc.materialComposition,
+                    personalComposition: calc.personalComposition,
+                    sellingPriceComposed,
+                    purchasePriceComposed,
+                    sellingPrice: calc.sellingTotal,
+                    updatedAt: new Date(),
+                    updatedBy: updatedBy ?? null,
+                })
+                .where(and(eq(schema.services.id, service.id), eq(schema.services.tenant, tenantId)));
+        });
+
+    await Promise.all(updates);
+}

backend/src/plugins/auth.m2m.ts

@@ -1,6 +1,9 @@
 import { FastifyInstance } from "fastify";
 import fp from "fastify-plugin";
 import { secrets } from "../utils/secrets";
+import { and, eq } from "drizzle-orm";
+import { authUsers, m2mApiKeys } from "../../db/schema";
+import { createHash } from "node:crypto";
 
 /**
  * Fastify Plugin für Machine-to-Machine Authentifizierung.
@@ -12,26 +15,99 @@ import { secrets } from "../utils/secrets";
  *   server.register(m2mAuthPlugin, { allowedPrefix: '/internal' })
  */
 export default fp(async (server: FastifyInstance, opts: { allowedPrefix?: string } = {}) => {
-    //const allowedPrefix = opts.allowedPrefix || "/internal";
+    const hashApiKey = (apiKey: string) =>
+        createHash("sha256").update(apiKey, "utf8").digest("hex")
 
     server.addHook("preHandler", async (req, reply) => {
         try {
-            // Nur prüfen, wenn Route unterhalb des Prefix liegt
+            const apiKeyHeader = req.headers["x-api-key"];
-            //if (!req.url.startsWith(allowedPrefix)) return;
+            const apiKey = Array.isArray(apiKeyHeader) ? apiKeyHeader[0] : apiKeyHeader;
 
-            const apiKey = req.headers["x-api-key"];
+            if (!apiKey) {
-
-            if (!apiKey || apiKey !== secrets.M2M_API_KEY) {
                 server.log.warn(`[M2M Auth] Ungültiger oder fehlender API-Key bei ${req.url}`);
                 return reply.status(401).send({ error: "Unauthorized" });
             }
 
-            // Zusatzinformationen im Request (z. B. interne Kennung)
+            const keyHash = hashApiKey(apiKey);
+
+            const keyRows = await server.db
+                .select({
+                    id: m2mApiKeys.id,
+                    tenantId: m2mApiKeys.tenantId,
+                    userId: m2mApiKeys.userId,
+                    active: m2mApiKeys.active,
+                    expiresAt: m2mApiKeys.expiresAt,
+                    name: m2mApiKeys.name,
+                    userEmail: authUsers.email,
+                })
+                .from(m2mApiKeys)
+                .innerJoin(authUsers, eq(authUsers.id, m2mApiKeys.userId))
+                .where(and(
+                    eq(m2mApiKeys.keyHash, keyHash),
+                    eq(m2mApiKeys.active, true)
+                ))
+                .limit(1)
+
+            let key = keyRows[0]
+            if (!key) {
+                const fallbackValid = apiKey === secrets.M2M_API_KEY
+                if (!fallbackValid) {
+                    server.log.warn(`[M2M Auth] Ungültiger API-Key bei ${req.url}`)
+                    return reply.status(401).send({ error: "Unauthorized" })
+                }
+
+                // Backward compatibility mode for one global key.
+                // The caller must provide user/tenant identifiers in headers.
+                const tenantIdHeader = req.headers["x-tenant-id"]
+                const userIdHeader = req.headers["x-user-id"]
+                const tenantId = Number(Array.isArray(tenantIdHeader) ? tenantIdHeader[0] : tenantIdHeader)
+                const userId = Array.isArray(userIdHeader) ? userIdHeader[0] : userIdHeader
+
+                if (!tenantId || !userId) {
+                    return reply.status(401).send({ error: "Missing x-tenant-id or x-user-id for legacy M2M key" })
+                }
+
+                const users = await server.db
+                    .select({ email: authUsers.email })
+                    .from(authUsers)
+                    .where(eq(authUsers.id, userId))
+                    .limit(1)
+
+                if (!users[0]) {
+                    return reply.status(401).send({ error: "Unknown user for legacy M2M key" })
+                }
+
+                req.user = {
+                    user_id: userId,
+                    email: users[0].email,
+                    tenant_id: tenantId
+                }
+            } else {
+                if (key.expiresAt && new Date(key.expiresAt).getTime() < Date.now()) {
+                    return reply.status(401).send({ error: "Expired API key" })
+                }
+
+                req.user = {
+                    user_id: key.userId,
+                    email: key.userEmail,
+                    tenant_id: key.tenantId
+                }
+
+                await server.db
+                    .update(m2mApiKeys)
+                    .set({ lastUsedAt: new Date(), updatedAt: new Date() })
+                    .where(eq(m2mApiKeys.id, key.id))
+            }
+
             (req as any).m2m = {
                 verified: true,
                 type: "internal",
                 key: apiKey,
             };
+
+            req.role = "m2m"
+            req.permissions = []
+            req.hasPermission = () => false
         } catch (err) {
             // @ts-ignore
             server.log.error("[M2M Auth] Fehler beim Prüfen des API-Keys:", err);

backend/src/plugins/auth.ts

@@ -6,6 +6,7 @@ import { secrets } from "../utils/secrets"
 import {
     authUserRoles,
     authRolePermissions,
+    authUsers,
 } from "../../db/schema"
 
 import { eq, and } from "drizzle-orm"
@@ -43,6 +44,16 @@ export default fp(async (server: FastifyInstance) => {
             // Payload an Request hängen
             req.user = payload
 
+            const [currentUser] = await server.db
+                .select({
+                    is_admin: authUsers.is_admin,
+                })
+                .from(authUsers)
+                .where(eq(authUsers.id, payload.user_id))
+                .limit(1)
+
+            req.user.is_admin = Boolean(currentUser?.is_admin)
+
             // Multi-Tenant Modus ohne ausgewählten Tenant → keine Rollenprüfung
             if (!req.user.tenant_id) {
                 return
@@ -66,6 +77,13 @@ export default fp(async (server: FastifyInstance) => {
                 .limit(1)
 
             if (roleRows.length === 0) {
+                if (req.user.is_admin) {
+                    req.role = ""
+                    req.permissions = []
+                    req.hasPermission = () => false
+                    return
+                }
+
                 return reply
                     .code(403)
                     .send({ error: "No role assigned for this tenant" })
@@ -107,6 +125,7 @@ declare module "fastify" {
             user_id: string
             email: string
             tenant_id: number | null
+            is_admin?: boolean
         }
         role: string
         permissions: string[]

backend/src/plugins/db.ts

@@ -1,31 +1,25 @@
-import fp from "fastify-plugin"
+// src/plugins/db.ts
-import {drizzle, NodePgDatabase} from "drizzle-orm/node-postgres"
+import fp from "fastify-plugin";
-import * as schema from "../../db/schema"
+import { NodePgDatabase } from "drizzle-orm/node-postgres";
-import {secrets} from "../utils/secrets";
+import * as schema from "../../db/schema";
-import { Pool } from "pg"
+import { db, pool } from "../../db"; // <--- Importiert jetzt die globale Instanz
 
 export default fp(async (server, opts) => {
 
-    const pool = new Pool({
+    // Wir nutzen die db, die wir in src/db/index.ts erstellt haben
-        connectionString: secrets.DATABASE_URL,
+    server.decorate("db", db);
-        max: 10, // je nach Last
-    })
 
-    const db = drizzle(pool , {schema})
+    // Graceful Shutdown: Wenn Fastify ausgeht, schließen wir den Pool
-
-    // Dekorieren -> überall server.db
-    server.decorate("db", db)
-
-    // Graceful Shutdown
     server.addHook("onClose", async () => {
-        await pool.end()
+        console.log("[DB] Closing connection pool...");
-    })
+        await pool.end();
+    });
 
-    console.log("Drizzle database connected")
+    console.log("[Fastify] Database attached from shared instance");
-})
+});
 
 declare module "fastify" {
     interface FastifyInstance {
-        db:NodePgDatabase<typeof  schema>
+        db: NodePgDatabase<typeof schema>
     }
-}
+}

backend/src/plugins/queryconfig.ts

@@ -58,8 +58,6 @@ const queryConfigPlugin: FastifyPluginAsync<QueryConfigPluginOptions> = async (
 
         const query = req.query as Record<string, any>
 
-        console.log(query)
-
         // Pagination deaktivieren?
         const disablePagination =
             query.noPagination === 'true' ||

backend/src/routes/admin.ts

@@ -1,19 +1,761 @@
-import { FastifyInstance } from "fastify";
+import { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
-import { eq } from "drizzle-orm";
+import { and, eq, inArray, isNull } from "drizzle-orm";
 
 import {
     authTenantUsers,
+    authProfiles,
+    authRoles,
+    authUserRoles,
     authUsers,
+    filetags,
+    folders,
     tenants,
 } from "../../db/schema";
+import { generateRandomPassword, hashPassword } from "../utils/password";
 
 export default async function adminRoutes(server: FastifyInstance) {
+    const deriveNameFromEmail = (email: string) => {
+        const localPart = email.split("@")[0] || "Benutzer";
+        const normalized = localPart.replace(/[._-]+/g, " ").trim();
+        const parts = normalized.split(/\s+/).filter(Boolean);
+        const firstName = parts[0]
+            ? parts[0].charAt(0).toUpperCase() + parts[0].slice(1)
+            : "Neuer";
+        const lastName = parts.length > 1
+            ? parts.slice(1).map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join(" ")
+            : "Benutzer";
+
+        return { first_name: firstName, last_name: lastName };
+    };
+
+    const createTenantSeeds = async (tenantId: number, createdBy: string) => {
+        const currentYear = new Date().getFullYear();
+        const timestamp = new Date();
+
+        const insertedTags = await server.db
+            .insert(filetags)
+            .values([
+                {
+                    tenant: tenantId,
+                    name: "Rechnungen",
+                    color: "#16a34a",
+                    createdDocumentType: "invoices",
+                },
+                {
+                    tenant: tenantId,
+                    name: "Angebote",
+                    color: "#2563eb",
+                    createdDocumentType: "quotes",
+                },
+                {
+                    tenant: tenantId,
+                    name: "Auftragsbestätigungen",
+                    color: "#7c3aed",
+                    createdDocumentType: "confirmationOrders",
+                },
+                {
+                    tenant: tenantId,
+                    name: "Lieferscheine",
+                    color: "#ea580c",
+                    createdDocumentType: "deliveryNotes",
+                },
+                {
+                    tenant: tenantId,
+                    name: "Eingangsrechnungen",
+                    color: "#dc2626",
+                    incomingDocumentType: "invoices",
+                },
+                {
+                    tenant: tenantId,
+                    name: "Mahnungen",
+                    color: "#b91c1c",
+                    incomingDocumentType: "reminders",
+                },
+            ])
+            .returning({
+                id: filetags.id,
+                name: filetags.name,
+                createdDocumentType: filetags.createdDocumentType,
+                incomingDocumentType: filetags.incomingDocumentType,
+            });
+
+        const invoiceTag = insertedTags.find((tag) => tag.createdDocumentType === "invoices");
+        const quoteTag = insertedTags.find((tag) => tag.createdDocumentType === "quotes");
+        const confirmationTag = insertedTags.find((tag) => tag.createdDocumentType === "confirmationOrders");
+        const deliveryTag = insertedTags.find((tag) => tag.createdDocumentType === "deliveryNotes");
+        const incomingInvoiceTag = insertedTags.find((tag) => tag.incomingDocumentType === "invoices");
+
+        const insertedFolders = await server.db
+            .insert(folders)
+            .values([
+                {
+                    tenant: tenantId,
+                    name: "Ausgangsrechnungen",
+                    function: "yearSubCategory",
+                    icon: "i-heroicons-document-text",
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+                {
+                    tenant: tenantId,
+                    name: "Angebote",
+                    function: "yearSubCategory",
+                    icon: "i-heroicons-document-duplicate",
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+                {
+                    tenant: tenantId,
+                    name: "Auftragsbestätigungen",
+                    function: "yearSubCategory",
+                    icon: "i-heroicons-clipboard-document-check",
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+                {
+                    tenant: tenantId,
+                    name: "Lieferscheine",
+                    function: "yearSubCategory",
+                    icon: "i-heroicons-truck",
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+                {
+                    tenant: tenantId,
+                    name: "Eingangsrechnungen",
+                    function: "yearSubCategory",
+                    icon: "i-heroicons-inbox-arrow-down",
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+                {
+                    tenant: tenantId,
+                    name: "Belege Bankeinzahlung",
+                    function: "yearSubCategory",
+                    icon: "i-heroicons-banknotes",
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+            ])
+            .returning({
+                id: folders.id,
+                name: folders.name,
+            });
+
+        const folderByName = new Map(insertedFolders.map((folder) => [folder.name, folder.id]));
+
+        await server.db
+            .insert(folders)
+            .values([
+                {
+                    tenant: tenantId,
+                    name: String(currentYear),
+                    parent: folderByName.get("Ausgangsrechnungen"),
+                    function: "invoices",
+                    year: currentYear,
+                    icon: "i-heroicons-document-text",
+                    standardFiletype: invoiceTag?.id,
+                    standardFiletypeIsOptional: false,
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+                {
+                    tenant: tenantId,
+                    name: String(currentYear),
+                    parent: folderByName.get("Angebote"),
+                    function: "quotes",
+                    year: currentYear,
+                    icon: "i-heroicons-document-duplicate",
+                    standardFiletype: quoteTag?.id,
+                    standardFiletypeIsOptional: false,
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+                {
+                    tenant: tenantId,
+                    name: String(currentYear),
+                    parent: folderByName.get("Auftragsbestätigungen"),
+                    function: "confirmationOrders",
+                    year: currentYear,
+                    icon: "i-heroicons-clipboard-document-check",
+                    standardFiletype: confirmationTag?.id,
+                    standardFiletypeIsOptional: false,
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+                {
+                    tenant: tenantId,
+                    name: String(currentYear),
+                    parent: folderByName.get("Lieferscheine"),
+                    function: "deliveryNotes",
+                    year: currentYear,
+                    icon: "i-heroicons-truck",
+                    standardFiletype: deliveryTag?.id,
+                    standardFiletypeIsOptional: false,
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+                {
+                    tenant: tenantId,
+                    name: String(currentYear),
+                    parent: folderByName.get("Eingangsrechnungen"),
+                    function: "incomingInvoices",
+                    year: currentYear,
+                    icon: "i-heroicons-inbox-arrow-down",
+                    standardFiletype: incomingInvoiceTag?.id,
+                    standardFiletypeIsOptional: false,
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+                {
+                    tenant: tenantId,
+                    name: String(currentYear),
+                    parent: folderByName.get("Belege Bankeinzahlung"),
+                    function: "deposit",
+                    year: currentYear,
+                    icon: "i-heroicons-banknotes",
+                    isSystemUsed: true,
+                    updatedAt: timestamp,
+                    updatedBy: createdBy,
+                },
+            ]);
+    };
+
+    const requireAdmin = async (req: FastifyRequest, reply: FastifyReply) => {
+        if (!req.user?.user_id) {
+            reply.code(401).send({ error: "Unauthorized" });
+            return null;
+        }
+
+        const [currentUser] = await server.db
+            .select({
+                id: authUsers.id,
+                is_admin: authUsers.is_admin,
+            })
+            .from(authUsers)
+            .where(eq(authUsers.id, req.user.user_id))
+            .limit(1);
+
+        if (!currentUser?.is_admin) {
+            reply.code(403).send({ error: "Admin access required" });
+            return null;
+        }
+
+        return currentUser;
+    };
+
+    // -------------------------------------------------------------
+    // GET /admin/overview
+    // -------------------------------------------------------------
+    server.get("/admin/overview", async (req, reply) => {
+        try {
+            const currentUser = await requireAdmin(req, reply);
+            if (!currentUser) return;
+
+            const [tenantRows, userRows, profileRows, membershipRows, roleRows, roleAssignmentRows] = await Promise.all([
+                server.db
+                    .select({
+                        id: tenants.id,
+                        name: tenants.name,
+                        short: tenants.short,
+                        createdAt: tenants.createdAt,
+                        locked: tenants.locked,
+                    })
+                    .from(tenants),
+                server.db
+                    .select({
+                        id: authUsers.id,
+                        email: authUsers.email,
+                        created_at: authUsers.created_at,
+                        multiTenant: authUsers.multiTenant,
+                        must_change_password: authUsers.must_change_password,
+                        is_admin: authUsers.is_admin,
+                    })
+                    .from(authUsers),
+                server.db
+                    .select({
+                        id: authProfiles.id,
+                        user_id: authProfiles.user_id,
+                        tenant_id: authProfiles.tenant_id,
+                        first_name: authProfiles.first_name,
+                        last_name: authProfiles.last_name,
+                        full_name: authProfiles.full_name,
+                        email: authProfiles.email,
+                        active: authProfiles.active,
+                    })
+                    .from(authProfiles),
+                server.db
+                    .select()
+                    .from(authTenantUsers),
+                server.db
+                    .select({
+                        id: authRoles.id,
+                        name: authRoles.name,
+                        description: authRoles.description,
+                        tenant_id: authRoles.tenant_id,
+                    })
+                    .from(authRoles),
+                server.db
+                    .select({
+                        user_id: authUserRoles.user_id,
+                        role_id: authUserRoles.role_id,
+                        tenant_id: authUserRoles.tenant_id,
+                    })
+                    .from(authUserRoles),
+            ]);
+
+            const users = userRows.map((user) => {
+                const profiles = profileRows.filter((profile) => profile.user_id === user.id);
+                const memberships = membershipRows.filter((membership) => membership.user_id === user.id);
+                const roleAssignments = roleAssignmentRows.filter((assignment) => assignment.user_id === user.id);
+                const preferredProfile = profiles.find((profile) => profile.active) || profiles[0];
+                const fallbackName = deriveNameFromEmail(user.email);
+
+                return {
+                    ...user,
+                    display_name: preferredProfile?.full_name || user.email,
+                    profile_defaults: {
+                        first_name: preferredProfile?.first_name || fallbackName.first_name,
+                        last_name: preferredProfile?.last_name || fallbackName.last_name,
+                    },
+                    profiles,
+                    tenant_ids: memberships.map((membership) => membership.tenant_id),
+                    role_assignments: roleAssignments,
+                };
+            });
+
+            const tenantsWithCounts = tenantRows.map((tenant) => ({
+                ...tenant,
+                user_count: membershipRows.filter((membership) => membership.tenant_id === tenant.id).length,
+            }));
+
+            return {
+                users,
+                tenants: tenantsWithCounts,
+                roles: roleRows,
+                unassignedProfiles: profileRows.filter((profile) => !profile.user_id),
+                memberships: membershipRows,
+                roleAssignments: roleAssignmentRows,
+            };
+        } catch (err) {
+            console.error("ERROR /admin/overview:", err);
+            return reply.code(500).send({ error: "Internal Server Error" });
+        }
+    });
+
+    // -------------------------------------------------------------
+    // POST /admin/users
+    // -------------------------------------------------------------
+    server.post("/admin/users", async (req, reply) => {
+        try {
+            const currentUser = await requireAdmin(req, reply);
+            if (!currentUser) return;
+
+            const body = req.body as {
+                email?: string;
+                password?: string;
+                is_admin?: boolean;
+                multiTenant?: boolean;
+                first_name?: string;
+                last_name?: string;
+            };
+
+            const email = body.email?.trim().toLowerCase();
+            if (!email) {
+                return reply.code(400).send({ error: "email required" });
+            }
+
+            const existingUsers = await server.db
+                .select({ id: authUsers.id })
+                .from(authUsers)
+                .where(eq(authUsers.email, email))
+                .limit(1);
+
+            if (existingUsers.length) {
+                return reply.code(409).send({ error: "User with this email already exists" });
+            }
+
+            const initialPassword = body.password?.trim() || generateRandomPassword(14);
+            const passwordHash = await hashPassword(initialPassword);
+
+            const [createdUser] = await server.db
+                .insert(authUsers)
+                .values({
+                    email,
+                    passwordHash,
+                    is_admin: Boolean(body.is_admin),
+                    multiTenant: typeof body.multiTenant === "boolean" ? body.multiTenant : true,
+                    must_change_password: true,
+                    updatedAt: new Date(),
+                })
+                .returning({
+                    id: authUsers.id,
+                    email: authUsers.email,
+                    created_at: authUsers.created_at,
+                    multiTenant: authUsers.multiTenant,
+                    must_change_password: authUsers.must_change_password,
+                    is_admin: authUsers.is_admin,
+                });
+
+            return {
+                user: createdUser,
+                initialPassword,
+                profile_defaults: {
+                    first_name: body.first_name?.trim() || deriveNameFromEmail(email).first_name,
+                    last_name: body.last_name?.trim() || deriveNameFromEmail(email).last_name,
+                },
+            };
+        } catch (err) {
+            console.error("ERROR /admin/users:", err);
+            return reply.code(500).send({ error: "Internal Server Error" });
+        }
+    });
+
+    // -------------------------------------------------------------
+    // POST /admin/tenants
+    // -------------------------------------------------------------
+    server.post("/admin/tenants", async (req, reply) => {
+        try {
+            const currentUser = await requireAdmin(req, reply);
+            if (!currentUser) return;
+
+            const body = req.body as {
+                name?: string;
+                short?: string;
+            };
+
+            const name = body.name?.trim();
+            const short = body.short?.trim();
+
+            if (!name || !short) {
+                return reply.code(400).send({ error: "name and short required" });
+            }
+
+            const [createdTenant] = await server.db
+                .insert(tenants)
+                .values({
+                    name,
+                    short,
+                    updatedAt: new Date(),
+                    updatedBy: currentUser.id,
+                })
+                .returning({
+                    id: tenants.id,
+                    name: tenants.name,
+                    short: tenants.short,
+                    createdAt: tenants.createdAt,
+                    locked: tenants.locked,
+                });
+
+            await createTenantSeeds(createdTenant.id, currentUser.id);
+
+            return { tenant: createdTenant };
+        } catch (err) {
+            console.error("ERROR /admin/tenants:", err);
+            return reply.code(500).send({ error: "Internal Server Error" });
+        }
+    });
+
+    // -------------------------------------------------------------
+    // PUT /admin/users/:user_id
+    // -------------------------------------------------------------
+    server.put("/admin/users/:user_id", async (req, reply) => {
+        try {
+            const currentUser = await requireAdmin(req, reply);
+            if (!currentUser) return;
+
+            const { user_id } = req.params as { user_id: string };
+            const body = req.body as {
+                email?: string;
+                multiTenant?: boolean;
+                must_change_password?: boolean;
+                is_admin?: boolean;
+            };
+
+            const updateData: Record<string, any> = {
+                updatedAt: new Date(),
+            };
+
+            if (typeof body.email === "string") updateData.email = body.email.trim().toLowerCase();
+            if (typeof body.multiTenant === "boolean") updateData.multiTenant = body.multiTenant;
+            if (typeof body.must_change_password === "boolean") updateData.must_change_password = body.must_change_password;
+            if (typeof body.is_admin === "boolean") updateData.is_admin = body.is_admin;
+
+            const [updatedUser] = await server.db
+                .update(authUsers)
+                .set(updateData)
+                .where(eq(authUsers.id, user_id))
+                .returning({
+                    id: authUsers.id,
+                    email: authUsers.email,
+                    created_at: authUsers.created_at,
+                    multiTenant: authUsers.multiTenant,
+                    must_change_password: authUsers.must_change_password,
+                    is_admin: authUsers.is_admin,
+                });
+
+            if (!updatedUser) {
+                return reply.code(404).send({ error: "User not found" });
+            }
+
+            return { user: updatedUser };
+        } catch (err) {
+            console.error("ERROR /admin/users/:user_id:", err);
+            return reply.code(500).send({ error: "Internal Server Error" });
+        }
+    });
+
+    // -------------------------------------------------------------
+    // PUT /admin/tenants/:tenant_id
+    // -------------------------------------------------------------
+    server.put("/admin/tenants/:tenant_id", async (req, reply) => {
+        try {
+            const currentUser = await requireAdmin(req, reply);
+            if (!currentUser) return;
+
+            const { tenant_id } = req.params as { tenant_id: string };
+            const body = req.body as {
+                name?: string;
+                short?: string;
+            };
+
+            const updateData: Record<string, any> = {
+                updatedAt: new Date(),
+                updatedBy: currentUser.id,
+            };
+
+            if (typeof body.name === "string") updateData.name = body.name.trim();
+            if (typeof body.short === "string") updateData.short = body.short.trim();
+
+            const [updatedTenant] = await server.db
+                .update(tenants)
+                .set(updateData)
+                .where(eq(tenants.id, Number(tenant_id)))
+                .returning({
+                    id: tenants.id,
+                    name: tenants.name,
+                    short: tenants.short,
+                    createdAt: tenants.createdAt,
+                    locked: tenants.locked,
+                });
+
+            if (!updatedTenant) {
+                return reply.code(404).send({ error: "Tenant not found" });
+            }
+
+            return { tenant: updatedTenant };
+        } catch (err) {
+            console.error("ERROR /admin/tenants/:tenant_id:", err);
+            return reply.code(500).send({ error: "Internal Server Error" });
+        }
+    });
+
+    // -------------------------------------------------------------
+    // PUT /admin/users/:user_id/access
+    // -------------------------------------------------------------
+    server.put("/admin/users/:user_id/access", async (req, reply) => {
+        try {
+            const currentUser = await requireAdmin(req, reply);
+            if (!currentUser) return;
+
+            const { user_id } = req.params as { user_id: string };
+            const body = req.body as {
+                tenant_ids?: number[];
+                role_assignments?: { tenant_id: number; role_id: string }[];
+                profile_defaults?: { first_name?: string; last_name?: string };
+                profile_assignments?: { tenant_id: number; profile_id?: string | null }[];
+            };
+
+            const tenantIds = Array.from(new Set((body.tenant_ids || []).map((tenantId) => Number(tenantId)).filter(Boolean)));
+            const requestedAssignments = (body.role_assignments || [])
+                .map((assignment) => ({
+                    tenant_id: Number(assignment.tenant_id),
+                    role_id: assignment.role_id,
+                }))
+                .filter((assignment) => assignment.tenant_id && assignment.role_id && tenantIds.includes(assignment.tenant_id));
+
+            const [targetUser] = await server.db
+                .select({ id: authUsers.id, email: authUsers.email })
+                .from(authUsers)
+                .where(eq(authUsers.id, user_id))
+                .limit(1);
+
+            if (!targetUser) {
+                return reply.code(404).send({ error: "User not found" });
+            }
+
+            const availableRoles = requestedAssignments.length
+                ? await server.db
+                    .select({
+                        id: authRoles.id,
+                        tenant_id: authRoles.tenant_id,
+                    })
+                    .from(authRoles)
+                    .where(
+                        inArray(
+                            authRoles.id,
+                            requestedAssignments.map((assignment) => assignment.role_id)
+                        )
+                    )
+                : [];
+
+            const validRoleIds = new Set(
+                availableRoles
+                    .filter((role) =>
+                        role.tenant_id === null ||
+                        requestedAssignments.some((assignment) => assignment.role_id === role.id && assignment.tenant_id === role.tenant_id)
+                    )
+                    .map((role) => role.id)
+            );
+
+            const validAssignments = requestedAssignments.filter((assignment) => validRoleIds.has(assignment.role_id));
+            const existingMemberships = await server.db
+                .select()
+                .from(authTenantUsers)
+                .where(eq(authTenantUsers.user_id, user_id));
+            const removedTenantIds = existingMemberships
+                .map((membership) => membership.tenant_id)
+                .filter((tenantId) => !tenantIds.includes(tenantId));
+
+            const existingUserProfiles = await server.db
+                .select({
+                    id: authProfiles.id,
+                    tenant_id: authProfiles.tenant_id,
+                })
+                .from(authProfiles)
+                .where(eq(authProfiles.user_id, user_id));
+
+            const unassignedProfiles = tenantIds.length
+                ? await server.db
+                    .select({
+                        id: authProfiles.id,
+                        tenant_id: authProfiles.tenant_id,
+                    })
+                    .from(authProfiles)
+                    .where(
+                        and(
+                            inArray(authProfiles.tenant_id, tenantIds),
+                            isNull(authProfiles.user_id)
+                        )
+                    )
+                : [];
+
+            const fallbackName = deriveNameFromEmail(targetUser.email);
+            const profileDefaults = {
+                first_name: body.profile_defaults?.first_name?.trim() || fallbackName.first_name,
+                last_name: body.profile_defaults?.last_name?.trim() || fallbackName.last_name,
+            };
+            const requestedProfileAssignments = new Map<number, string>(
+                (body.profile_assignments || [])
+                    .filter((assignment) => assignment?.tenant_id && assignment.profile_id)
+                    .map((assignment) => [Number(assignment.tenant_id), String(assignment.profile_id)])
+            );
+
+            await server.db
+                .delete(authUserRoles)
+                .where(eq(authUserRoles.user_id, user_id));
+
+            await server.db
+                .delete(authTenantUsers)
+                .where(eq(authTenantUsers.user_id, user_id));
+
+            if (tenantIds.length) {
+                await server.db
+                    .insert(authTenantUsers)
+                    .values(
+                        tenantIds.map((tenantId) => ({
+                            tenant_id: tenantId,
+                            user_id,
+                            created_by: currentUser.id,
+                        }))
+                    );
+            }
+
+            if (validAssignments.length) {
+                await server.db
+                    .insert(authUserRoles)
+                    .values(
+                        validAssignments.map((assignment) => ({
+                            user_id,
+                            tenant_id: assignment.tenant_id,
+                            role_id: assignment.role_id,
+                            created_by: currentUser.id,
+                        }))
+                    );
+            }
+
+            if (removedTenantIds.length) {
+                await server.db
+                    .update(authProfiles)
+                    .set({ user_id: null })
+                    .where(
+                        and(
+                            eq(authProfiles.user_id, user_id),
+                            inArray(authProfiles.tenant_id, removedTenantIds)
+                        )
+                    );
+            }
+
+            const existingProfileTenantIds = new Set(existingUserProfiles.map((profile) => profile.tenant_id));
+
+            for (const tenantId of tenantIds) {
+                if (existingProfileTenantIds.has(tenantId)) continue;
+
+                const requestedProfileId = requestedProfileAssignments.get(tenantId);
+                const freeProfile = requestedProfileId
+                    ? unassignedProfiles.find((profile) => profile.id === requestedProfileId && profile.tenant_id === tenantId)
+                    : null;
+
+                if (freeProfile) {
+                    await server.db
+                        .update(authProfiles)
+                        .set({ user_id })
+                        .where(eq(authProfiles.id, freeProfile.id));
+                    continue;
+                }
+
+                await server.db
+                    .insert(authProfiles)
+                    .values({
+                        user_id,
+                        tenant_id: tenantId,
+                        first_name: profileDefaults.first_name,
+                        last_name: profileDefaults.last_name,
+                        email: targetUser.email,
+                        active: true,
+                    });
+            }
+
+            return {
+                success: true,
+                tenant_ids: tenantIds,
+                role_assignments: validAssignments,
+            };
+        } catch (err) {
+            console.error("ERROR /admin/users/:user_id/access:", err);
+            return reply.code(500).send({ error: "Internal Server Error" });
+        }
+    });
 
     // -------------------------------------------------------------
     // POST /admin/add-user-to-tenant
     // -------------------------------------------------------------
     server.post("/admin/add-user-to-tenant", async (req, reply) => {
         try {
+            const currentUser = await requireAdmin(req, reply);
+            if (!currentUser) return;
+
             const body = req.body as {
                 user_id: string;
                 tenant_id: number;
@@ -44,11 +786,10 @@ export default async function adminRoutes(server: FastifyInstance) {
 
             await server.db
                 .insert(authTenantUsers)
-                // @ts-ignore
                 .values({
                     user_id: body.user_id,
-                    tenantId: body.tenant_id,
+                    tenant_id: body.tenant_id,
-                    role: body.role ?? "member",
+                    created_by: currentUser.id,
                 });
 
             return { success: true, mode };
@@ -65,6 +806,9 @@ export default async function adminRoutes(server: FastifyInstance) {
     // -------------------------------------------------------------
     server.get("/admin/user-tenants/:user_id", async (req, reply) => {
         try {
+            const currentUser = await requireAdmin(req, reply);
+            if (!currentUser) return;
+
             const { user_id } = req.params as { user_id: string };
 
             if (!user_id) {
@@ -94,6 +838,7 @@ export default async function adminRoutes(server: FastifyInstance) {
                     short: tenants.short,
                     locked: tenants.locked,
                     numberRanges: tenants.numberRanges,
+                    accountChart: tenants.accountChart,
                     extraModules: tenants.extraModules,
                 })
                 .from(authTenantUsers)

backend/src/routes/auth/me.ts

@@ -31,6 +31,7 @@ export default async function meRoutes(server: FastifyInstance) {
                     email: authUsers.email,
                     created_at: authUsers.created_at,
                     must_change_password: authUsers.must_change_password,
+                    is_admin: authUsers.is_admin,
                 })
                 .from(authUsers)
                 .where(eq(authUsers.id, userId))
@@ -51,9 +52,12 @@ export default async function meRoutes(server: FastifyInstance) {
                     name: tenants.name,
                     short: tenants.short,
                     locked: tenants.locked,
+                    features: tenants.features,
                     extraModules: tenants.extraModules,
                     businessInfo: tenants.businessInfo,
                     numberRanges: tenants.numberRanges,
+                    accountChart: tenants.accountChart,
+                    taxEvaluationPeriod: tenants.taxEvaluationPeriod,
                     dokuboxkey: tenants.dokuboxkey,
                     standardEmailForInvoices: tenants.standardEmailForInvoices,
                     standardPaymentDays: tenants.standardPaymentDays,

backend/src/routes/banking.ts

@@ -4,10 +4,19 @@ import dayjs from "dayjs"
 
 import { secrets } from "../utils/secrets"
 import { insertHistoryItem } from "../utils/history"
+import { decrypt, encrypt } from "../utils/crypt"
+import { DE_BANK_CODE_TO_NAME } from "../utils/deBankCodes"
+import { DE_BANK_CODE_TO_BIC } from "../utils/deBankBics"
 
 import {
     bankrequisitions,
+    bankstatements,
+    createddocuments,
+    customers,
+    entitybankaccounts,
+    incominginvoices,
     statementallocations,
+    vendors,
 } from "../../db/schema"
 
 import {
@@ -17,6 +26,520 @@ import {
 
 
 export default async function bankingRoutes(server: FastifyInstance) {
+    const normalizeIban = (value?: string | null) =>
+        String(value || "").replace(/\s+/g, "").toUpperCase()
+
+    const normalizeName = (value?: string | null) =>
+        String(value || "")
+            .toLowerCase()
+            .replace(/[^a-z0-9äöüß]+/gi, " ")
+            .replace(/\s+/g, " ")
+            .trim()
+
+    const pickPartnerBankData = (statement: any, partnerType: "customer" | "vendor") => {
+        if (!statement) return null
+
+        const prefersDebit = partnerType === "customer"
+            ? Number(statement.amount) >= 0
+            : Number(statement.amount) > 0
+
+        const primary = prefersDebit
+            ? { iban: statement.debIban }
+            : { iban: statement.credIban }
+        const fallback = prefersDebit
+            ? { iban: statement.credIban }
+            : { iban: statement.debIban }
+
+        const primaryIban = normalizeIban(primary.iban)
+        if (primaryIban) {
+            return {
+                iban: primaryIban,
+            }
+        }
+
+        const fallbackIban = normalizeIban(fallback.iban)
+        if (fallbackIban) {
+            return {
+                iban: fallbackIban,
+            }
+        }
+
+        return null
+    }
+
+    const pickPartnerReference = (statement: any, partnerType: "customer" | "vendor") => {
+        if (!statement) return null
+
+        const prefersDebit = partnerType === "customer"
+            ? Number(statement.amount) >= 0
+            : Number(statement.amount) > 0
+
+        const primary = prefersDebit
+            ? { iban: statement.debIban, name: statement.debName }
+            : { iban: statement.credIban, name: statement.credName }
+        const fallback = prefersDebit
+            ? { iban: statement.credIban, name: statement.credName }
+            : { iban: statement.debIban, name: statement.debName }
+
+        return {
+            iban: normalizeIban(primary.iban) || normalizeIban(fallback.iban) || null,
+            name: String(primary.name || fallback.name || "").trim() || null,
+        }
+    }
+
+    const mergePartnerIban = (infoData: Record<string, any>, iban: string, bankAccountId?: number | null) => {
+        if (!iban && !bankAccountId) return infoData || {}
+        const info = infoData && typeof infoData === "object" ? { ...infoData } : {}
+
+        if (iban) {
+            const existing = Array.isArray(info.bankingIbans) ? info.bankingIbans : []
+            const merged = [...new Set([...existing.map((i: string) => normalizeIban(i)), iban])]
+            info.bankingIbans = merged
+            if (!info.bankingIban) info.bankingIban = iban
+        }
+
+        if (bankAccountId) {
+            const existingIds = Array.isArray(info.bankAccountIds) ? info.bankAccountIds : []
+            if (!existingIds.includes(bankAccountId)) {
+                info.bankAccountIds = [...existingIds, bankAccountId]
+            }
+        }
+
+        return info
+    }
+
+    const ibanLengthByCountry: Record<string, number> = {
+        DE: 22,
+        AT: 20,
+        CH: 21,
+        NL: 18,
+        BE: 16,
+        FR: 27,
+        ES: 24,
+        IT: 27,
+        LU: 20,
+    }
+
+    const isValidIbanLocal = (iban: string) => {
+        const normalized = normalizeIban(iban)
+        if (!normalized || normalized.length < 15 || normalized.length > 34) return false
+        if (!/^[A-Z]{2}[0-9]{2}[A-Z0-9]+$/.test(normalized)) return false
+
+        const country = normalized.slice(0, 2)
+        const expectedLength = ibanLengthByCountry[country]
+        if (expectedLength && normalized.length !== expectedLength) return false
+
+        const rearranged = normalized.slice(4) + normalized.slice(0, 4)
+        let numeric = ""
+        for (const ch of rearranged) {
+            if (ch >= "A" && ch <= "Z") numeric += (ch.charCodeAt(0) - 55).toString()
+            else numeric += ch
+        }
+
+        let remainder = 0
+        for (const digit of numeric) {
+            remainder = (remainder * 10 + Number(digit)) % 97
+        }
+
+        return remainder === 1
+    }
+
+    const resolveGermanBankDataFromIbanLocal = (iban: string) => {
+        const normalized = normalizeIban(iban)
+        if (!isValidIbanLocal(normalized)) return null
+
+        // Für DE-IBANs kann die BLZ aus Position 5-12 lokal gelesen werden.
+        if (normalized.startsWith("DE") && normalized.length === 22) {
+            const bankCode = normalized.slice(4, 12)
+            const bankName = DE_BANK_CODE_TO_NAME[bankCode] || `Unbekannt (BLZ ${bankCode})`
+            const bic = DE_BANK_CODE_TO_BIC[bankCode] || null
+            return {
+                bankName,
+                bic,
+                bankCode,
+            }
+        }
+
+        return null
+    }
+
+    const resolveEntityBankAccountId = async (
+        tenantId: number,
+        userId: string,
+        iban: string
+    ) => {
+        const normalizedIban = normalizeIban(iban)
+        if (!normalizedIban) return null
+
+        const bankData = resolveGermanBankDataFromIbanLocal(normalizedIban)
+
+        const allAccounts = await server.db
+            .select({
+                id: entitybankaccounts.id,
+                ibanEncrypted: entitybankaccounts.ibanEncrypted,
+                bankNameEncrypted: entitybankaccounts.bankNameEncrypted,
+                bicEncrypted: entitybankaccounts.bicEncrypted,
+            })
+            .from(entitybankaccounts)
+            .where(eq(entitybankaccounts.tenant, tenantId))
+
+        const existing = allAccounts.find((row) => {
+            if (!row.ibanEncrypted) return false
+            try {
+                const decryptedIban = decrypt(row.ibanEncrypted as any)
+                return normalizeIban(decryptedIban) === normalizedIban
+            } catch {
+                return false
+            }
+        })
+
+        if (existing?.id) {
+            if (bankData) {
+                let currentBankName = ""
+                let currentBic = ""
+                try {
+                    currentBankName = String(decrypt(existing.bankNameEncrypted as any) || "").trim()
+                } catch {
+                    currentBankName = ""
+                }
+                try {
+                    currentBic = String(decrypt((existing as any).bicEncrypted as any) || "").trim()
+                } catch {
+                    currentBic = ""
+                }
+
+                const nextBankName = bankData?.bankName || "Unbekannt"
+                const nextBic = bankData?.bic || "UNBEKANNT"
+                if (currentBankName !== nextBankName || currentBic !== nextBic) {
+                    await server.db
+                        .update(entitybankaccounts)
+                        .set({
+                            bankNameEncrypted: encrypt(nextBankName),
+                            bicEncrypted: encrypt(nextBic),
+                            updatedAt: new Date(),
+                            updatedBy: userId,
+                        })
+                        .where(and(eq(entitybankaccounts.id, Number(existing.id)), eq(entitybankaccounts.tenant, tenantId)))
+                }
+            }
+
+            return Number(existing.id)
+        }
+
+        const [created] = await server.db
+            .insert(entitybankaccounts)
+            .values({
+                tenant: tenantId,
+                ibanEncrypted: encrypt(normalizedIban),
+                bicEncrypted: encrypt(bankData?.bic || "UNBEKANNT"),
+                bankNameEncrypted: encrypt(bankData?.bankName || "Unbekannt"),
+                description: "Automatisch aus Bankbuchung übernommen",
+                updatedAt: new Date(),
+                updatedBy: userId,
+            })
+            .returning({ id: entitybankaccounts.id })
+
+        return created?.id ? Number(created.id) : null
+    }
+
+    server.get("/banking/iban/:iban", async (req, reply) => {
+        try {
+            const { iban } = req.params as { iban: string }
+            const normalized = normalizeIban(iban)
+            if (!normalized) {
+                return reply.code(400).send({ error: "IBAN missing" })
+            }
+
+            const valid = isValidIbanLocal(normalized)
+            const bankData = resolveGermanBankDataFromIbanLocal(normalized)
+
+            return reply.send({
+                iban: normalized,
+                valid,
+                bic: bankData?.bic || null,
+                bankName: bankData?.bankName || null,
+                bankCode: bankData?.bankCode || null,
+            })
+        } catch (err) {
+            server.log.error(err)
+            return reply.code(500).send({ error: "Failed to resolve IBAN data" })
+        }
+    })
+
+    server.get("/banking/statements/:id/suggestions", async (req, reply) => {
+        try {
+            if (!req.user) return reply.code(401).send({ error: "Unauthorized" })
+
+            const { id } = req.params as { id: string }
+            const statementId = Number(id)
+            if (!statementId) return reply.code(400).send({ error: "Invalid statement id" })
+
+            const [statement] = await server.db
+                .select()
+                .from(bankstatements)
+                .where(and(eq(bankstatements.id, statementId), eq(bankstatements.tenant, req.user.tenant_id)))
+                .limit(1)
+
+            if (!statement) return reply.code(404).send({ error: "Statement not found" })
+
+            const partnerType: "customer" | "vendor" = Number(statement.amount) >= 0 ? "customer" : "vendor"
+            const partnerRef = pickPartnerReference(statement, partnerType)
+
+            const suggestions: Array<Record<string, any>> = []
+            let matchedBankAccountId: number | null = null
+
+            if (partnerRef?.iban) {
+                const allAccounts = await server.db
+                    .select({
+                        id: entitybankaccounts.id,
+                        ibanEncrypted: entitybankaccounts.ibanEncrypted,
+                    })
+                    .from(entitybankaccounts)
+                    .where(eq(entitybankaccounts.tenant, req.user.tenant_id))
+
+                const matchingAccount = allAccounts.find((row) => {
+                    if (!row.ibanEncrypted) return false
+                    try {
+                        return normalizeIban(decrypt(row.ibanEncrypted as any)) === partnerRef.iban
+                    } catch {
+                        return false
+                    }
+                })
+
+                matchedBankAccountId = matchingAccount?.id ? Number(matchingAccount.id) : null
+            }
+
+            if (partnerType === "customer") {
+                const customerRows = await server.db
+                    .select({
+                        id: customers.id,
+                        name: customers.name,
+                        customerNumber: customers.customerNumber,
+                        infoData: customers.infoData,
+                    })
+                    .from(customers)
+                    .where(and(eq(customers.tenant, req.user.tenant_id), eq(customers.archived, false)))
+
+                for (const row of customerRows) {
+                    const infoData = row.infoData && typeof row.infoData === "object" ? row.infoData as Record<string, any> : {}
+                    const bankAccountIds = Array.isArray(infoData.bankAccountIds) ? infoData.bankAccountIds.map(Number) : []
+                    const bankingIbans = Array.isArray(infoData.bankingIbans) ? infoData.bankingIbans.map((iban) => normalizeIban(String(iban))) : []
+                    const normalizedEntityName = normalizeName(row.name)
+                    const normalizedStatementName = normalizeName(partnerRef?.name)
+
+                    const matchesBankAccountId = matchedBankAccountId ? bankAccountIds.includes(matchedBankAccountId) : false
+                    const matchesIban = partnerRef?.iban ? bankingIbans.includes(partnerRef.iban) : false
+                    const exactNameMatch = normalizedEntityName && normalizedStatementName && normalizedEntityName === normalizedStatementName
+                    const partialNameMatch = normalizedEntityName && normalizedStatementName
+                        ? normalizedEntityName.includes(normalizedStatementName) || normalizedStatementName.includes(normalizedEntityName)
+                        : false
+
+                    let score = 0
+                    let reason = ""
+
+                    if (matchesBankAccountId && matchesIban) {
+                        score = 100
+                        reason = "IBAN und hinterlegte Bankverbindung stimmen ueberein"
+                    } else if (matchesBankAccountId) {
+                        score = 95
+                        reason = "Hinterlegte Bankverbindung passt zur IBAN"
+                    } else if (matchesIban) {
+                        score = 90
+                        reason = "IBAN wurde bereits bei diesem Kunden verwendet"
+                    } else if (exactNameMatch) {
+                        score = 60
+                        reason = "Name passt exakt zur Buchung"
+                    } else if (partialNameMatch) {
+                        score = 45
+                        reason = "Name aehnelt der Buchung"
+                    }
+
+                    if (!score) continue
+
+                    suggestions.push({
+                        type: "customer",
+                        id: row.id,
+                        name: row.name,
+                        number: row.customerNumber,
+                        score,
+                        reason,
+                    })
+                }
+            } else {
+                const vendorRows = await server.db
+                    .select({
+                        id: vendors.id,
+                        name: vendors.name,
+                        vendorNumber: vendors.vendorNumber,
+                        infoData: vendors.infoData,
+                    })
+                    .from(vendors)
+                    .where(and(eq(vendors.tenant, req.user.tenant_id), eq(vendors.archived, false)))
+
+                for (const row of vendorRows) {
+                    const infoData = row.infoData && typeof row.infoData === "object" ? row.infoData as Record<string, any> : {}
+                    const bankAccountIds = Array.isArray(infoData.bankAccountIds) ? infoData.bankAccountIds.map(Number) : []
+                    const bankingIbans = Array.isArray(infoData.bankingIbans) ? infoData.bankingIbans.map((iban) => normalizeIban(String(iban))) : []
+                    const normalizedEntityName = normalizeName(row.name)
+                    const normalizedStatementName = normalizeName(partnerRef?.name)
+
+                    const matchesBankAccountId = matchedBankAccountId ? bankAccountIds.includes(matchedBankAccountId) : false
+                    const matchesIban = partnerRef?.iban ? bankingIbans.includes(partnerRef.iban) : false
+                    const exactNameMatch = normalizedEntityName && normalizedStatementName && normalizedEntityName === normalizedStatementName
+                    const partialNameMatch = normalizedEntityName && normalizedStatementName
+                        ? normalizedEntityName.includes(normalizedStatementName) || normalizedStatementName.includes(normalizedEntityName)
+                        : false
+
+                    let score = 0
+                    let reason = ""
+
+                    if (matchesBankAccountId && matchesIban) {
+                        score = 100
+                        reason = "IBAN und hinterlegte Bankverbindung stimmen ueberein"
+                    } else if (matchesBankAccountId) {
+                        score = 95
+                        reason = "Hinterlegte Bankverbindung passt zur IBAN"
+                    } else if (matchesIban) {
+                        score = 90
+                        reason = "IBAN wurde bereits bei diesem Lieferanten verwendet"
+                    } else if (exactNameMatch) {
+                        score = 60
+                        reason = "Name passt exakt zur Buchung"
+                    } else if (partialNameMatch) {
+                        score = 45
+                        reason = "Name aehnelt der Buchung"
+                    }
+
+                    if (!score) continue
+
+                    suggestions.push({
+                        type: "vendor",
+                        id: row.id,
+                        name: row.name,
+                        number: row.vendorNumber,
+                        score,
+                        reason,
+                    })
+                }
+            }
+
+            suggestions.sort((a, b) => b.score - a.score || String(a.name).localeCompare(String(b.name), "de"))
+
+            return reply.send({
+                partnerType,
+                partnerName: partnerRef?.name || null,
+                partnerIban: partnerRef?.iban || null,
+                suggestions: suggestions.slice(0, 5),
+            })
+        } catch (err) {
+            server.log.error(err)
+            return reply.code(500).send({ error: "Failed to load statement suggestions" })
+        }
+    })
+
+    const assignIbanFromStatementToCustomer = async (tenantId: number, userId: string, statementId: number, createdDocumentId?: number) => {
+        if (!createdDocumentId) return
+
+        const [statement] = await server.db
+            .select()
+            .from(bankstatements)
+            .where(and(eq(bankstatements.id, statementId), eq(bankstatements.tenant, tenantId)))
+            .limit(1)
+
+        if (!statement) return
+
+        const [doc] = await server.db
+            .select({ customer: createddocuments.customer })
+            .from(createddocuments)
+            .where(and(eq(createddocuments.id, createdDocumentId), eq(createddocuments.tenant, tenantId)))
+            .limit(1)
+
+        const customerId = doc?.customer
+        if (!customerId) return
+
+        const partnerBank = pickPartnerBankData(statement, "customer")
+        if (!partnerBank?.iban) return
+
+        const [customer] = await server.db
+            .select({ id: customers.id, infoData: customers.infoData })
+            .from(customers)
+            .where(and(eq(customers.id, customerId), eq(customers.tenant, tenantId)))
+            .limit(1)
+
+        if (!customer) return
+
+        const bankAccountId = await resolveEntityBankAccountId(
+            tenantId,
+            userId,
+            partnerBank.iban
+        )
+
+        const newInfoData = mergePartnerIban(
+            (customer.infoData || {}) as Record<string, any>,
+            partnerBank.iban,
+            bankAccountId
+        )
+        await server.db
+            .update(customers)
+            .set({
+                infoData: newInfoData,
+                updatedAt: new Date(),
+                updatedBy: userId,
+            })
+            .where(and(eq(customers.id, customerId), eq(customers.tenant, tenantId)))
+    }
+
+    const assignIbanFromStatementToVendor = async (tenantId: number, userId: string, statementId: number, incomingInvoiceId?: number) => {
+        if (!incomingInvoiceId) return
+
+        const [statement] = await server.db
+            .select()
+            .from(bankstatements)
+            .where(and(eq(bankstatements.id, statementId), eq(bankstatements.tenant, tenantId)))
+            .limit(1)
+
+        if (!statement) return
+
+        const [invoice] = await server.db
+            .select({ vendor: incominginvoices.vendor })
+            .from(incominginvoices)
+            .where(and(eq(incominginvoices.id, incomingInvoiceId), eq(incominginvoices.tenant, tenantId)))
+            .limit(1)
+
+        const vendorId = invoice?.vendor
+        if (!vendorId) return
+
+        const partnerBank = pickPartnerBankData(statement, "vendor")
+        if (!partnerBank?.iban) return
+
+        const [vendor] = await server.db
+            .select({ id: vendors.id, infoData: vendors.infoData })
+            .from(vendors)
+            .where(and(eq(vendors.id, vendorId), eq(vendors.tenant, tenantId)))
+            .limit(1)
+
+        if (!vendor) return
+
+        const bankAccountId = await resolveEntityBankAccountId(
+            tenantId,
+            userId,
+            partnerBank.iban
+        )
+
+        const newInfoData = mergePartnerIban(
+            (vendor.infoData || {}) as Record<string, any>,
+            partnerBank.iban,
+            bankAccountId
+        )
+        await server.db
+            .update(vendors)
+            .set({
+                infoData: newInfoData,
+                updatedAt: new Date(),
+                updatedBy: userId,
+            })
+            .where(and(eq(vendors.id, vendorId), eq(vendors.tenant, tenantId)))
+    }
 
     // ------------------------------------------------------------------
     // 🔐 GoCardLess Token Handling
@@ -171,9 +694,35 @@ export default async function bankingRoutes(server: FastifyInstance) {
 
             const createdRecord = inserted[0]
 
+            if (createdRecord?.createddocument) {
+                try {
+                    await assignIbanFromStatementToCustomer(
+                        req.user.tenant_id,
+                        req.user.user_id,
+                        Number(createdRecord.bankstatement),
+                        Number(createdRecord.createddocument)
+                    )
+                } catch (err) {
+                    server.log.warn({ err, allocationId: createdRecord.id }, "Konnte IBAN nicht automatisch beim Kunden hinterlegen")
+                }
+            }
+
+            if (createdRecord?.incominginvoice) {
+                try {
+                    await assignIbanFromStatementToVendor(
+                        req.user.tenant_id,
+                        req.user.user_id,
+                        Number(createdRecord.bankstatement),
+                        Number(createdRecord.incominginvoice)
+                    )
+                } catch (err) {
+                    server.log.warn({ err, allocationId: createdRecord.id }, "Konnte IBAN nicht automatisch beim Lieferanten hinterlegen")
+                }
+            }
+
             await insertHistoryItem(server, {
                 entity: "bankstatements",
-                entityId: createdRecord.id,
+                entityId: Number(createdRecord.bankstatement),
                 action: "created",
                 created_by: req.user.user_id,
                 tenant_id: req.user.tenant_id,
@@ -216,7 +765,7 @@ export default async function bankingRoutes(server: FastifyInstance) {
 
             await insertHistoryItem(server, {
                 entity: "bankstatements",
-                entityId: id,
+                entityId: Number(old.bankstatement),
                 action: "deleted",
                 created_by: req.user.user_id,
                 tenant_id: req.user.tenant_id,

backend/src/routes/files.ts

@@ -2,12 +2,12 @@ import { FastifyInstance } from "fastify"
 import multipart from "@fastify/multipart"
 import { s3 } from "../utils/s3"
 import {
-    GetObjectCommand,
+    GetObjectCommand
-    PutObjectCommand
 } from "@aws-sdk/client-s3"
 import { getSignedUrl } from "@aws-sdk/s3-request-presigner"
 import archiver from "archiver"
 import { secrets } from "../utils/secrets"
+import { saveFile } from "../utils/files"
 
 import { eq, inArray } from "drizzle-orm"
 import {
@@ -40,39 +40,28 @@ export default async function fileRoutes(server: FastifyInstance) {
             const fileBuffer = await data.toBuffer()
 
             const meta = data.fields?.meta?.value ? JSON.parse(data.fields.meta.value) : {}
+            const { folder = null, type = null, ...otherMeta } = meta
 
-            // 1️⃣ DB-Eintrag erzeugen
+            const created = await saveFile(
-            const inserted = await server.db
+                server,
-                .insert(files)
+                tenantId,
-                .values({ tenant: tenantId })
+                null,
-                .returning()
+                {
+                    filename: data.filename,
+                    content: fileBuffer,
+                    contentType: data.mimetype
+                },
+                folder,
+                type,
+                otherMeta
+            )
 
-            const created = inserted[0]
             if (!created) throw new Error("Could not create DB entry")
 
-            // 2️⃣ Datei in S3 speichern
-            const fileKey = `${tenantId}/filesbyid/${created.id}/${data.filename}`
-
-            await s3.send(new PutObjectCommand({
-                Bucket: secrets.S3_BUCKET,
-                Key: fileKey,
-                Body: fileBuffer,
-                ContentType: data.mimetype
-            }))
-
-            // 3️⃣ DB updaten: meta + path
-            await server.db
-                .update(files)
-                .set({
-                    ...meta,
-                    path: fileKey
-                })
-                .where(eq(files.id, created.id))
-
             return {
                 id: created.id,
-                filename: data.filename,
+                filename: created.filename,
-                path: fileKey
+                path: created.key
             }
         } catch (err) {
             console.error(err)
@@ -248,7 +237,7 @@ export default async function fileRoutes(server: FastifyInstance) {
                 // MULTIPLE PRESIGNED URLs
                 // -------------------------------------------------
                 if (!ids || !Array.isArray(ids) || ids.length === 0) {
-                    return reply.code(400).send({ error: "No ids provided" })
+                    return { files: [] }
                 }
 
                 const rows = await server.db

backend/src/routes/functions.ts

@@ -1,6 +1,11 @@
 import { FastifyInstance } from "fastify";
 import {createInvoicePDF, createTimeSheetPDF} from "../utils/pdf";
-//import {encodeBase64ToNiimbot, generateLabel, useNextNumberRangeNumber} from "../utils/functions";
+import {encodeBase64ToNiimbot, generateLabel, useNextNumberRangeNumber} from "../utils/functions";
+import { GetObjectCommand } from "@aws-sdk/client-s3";
+import { execFile } from "node:child_process";
+import { existsSync } from "node:fs";
+import path from "node:path";
+import { promisify } from "node:util";
 import dayjs from "dayjs";
 //import { ready as zplReady } from 'zpl-renderer-js'
 //import { renderZPL } from "zpl-image";
@@ -13,10 +18,12 @@ import isSameOrBefore from "dayjs/plugin/isSameOrBefore.js"
 import duration from "dayjs/plugin/duration.js";
 import timezone from "dayjs/plugin/timezone.js";
 import {generateTimesEvaluation} from "../modules/time/evaluation.service";
-import {citys} from "../../db/schema";
+import {citys, files} from "../../db/schema";
-import {eq} from "drizzle-orm";
+import {and, eq, isNull, not} from "drizzle-orm";
-import {useNextNumberRangeNumber} from "../utils/functions";
 import {executeManualGeneration, finishManualGeneration} from "../modules/serialexecution.service";
+import { s3 } from "../utils/s3";
+import { secrets } from "../utils/secrets";
+import { storeExtractedTextForFile } from "../utils/documentText";
 dayjs.extend(customParseFormat)
 dayjs.extend(isoWeek)
 dayjs.extend(isBetween)
@@ -25,7 +32,40 @@ dayjs.extend(isSameOrBefore)
 dayjs.extend(duration)
 dayjs.extend(timezone)
 
+const execFileAsync = promisify(execFile)
+
+function resolveGitRoot() {
+    const searchRoots = [
+        process.cwd(),
+        path.resolve(process.cwd(), ".."),
+        path.resolve(__dirname, "../../.."),
+        path.resolve(__dirname, "../../../.."),
+    ]
+
+    for (const startDir of searchRoots) {
+        let currentDir = startDir
+
+        while (currentDir && currentDir !== path.dirname(currentDir)) {
+            if (existsSync(path.join(currentDir, ".git"))) {
+                return currentDir
+            }
+
+            currentDir = path.dirname(currentDir)
+        }
+    }
+
+    return null
+}
+
 export default async function functionRoutes(server: FastifyInstance) {
+    const streamToBuffer = async (stream: any): Promise<Buffer> =>
+        new Promise((resolve, reject) => {
+            const chunks: Buffer[] = [];
+            stream.on("data", (chunk: Buffer) => chunks.push(chunk));
+            stream.on("error", reject);
+            stream.on("end", () => resolve(Buffer.concat(chunks)));
+        });
+
     server.post("/functions/pdf/:type", async (req, reply) => {
         const body = req.body as {
             data: any
@@ -151,6 +191,55 @@ export default async function functionRoutes(server: FastifyInstance) {
         }
     })
 
+    server.get('/functions/changelog', async (req, reply) => {
+        const { limit } = req.query as { limit?: string | number }
+        const parsedLimit = Number(limit)
+        const safeLimit = Number.isFinite(parsedLimit)
+            ? Math.min(Math.max(parsedLimit, 1), 50)
+            : 15
+
+        const gitRoot = resolveGitRoot()
+
+        if (!gitRoot) {
+            return reply.code(500).send({ error: 'Git repository not found' })
+        }
+
+        try {
+            const { stdout } = await execFileAsync('git', [
+                '-C',
+                gitRoot,
+                'log',
+                `--max-count=${safeLimit}`,
+                '--date=iso-strict',
+                '--pretty=format:%H%x1f%h%x1f%s%x1f%an%x1f%aI%x1e'
+            ])
+
+            const entries = stdout
+                .split('\x1e')
+                .map(entry => entry.trim())
+                .filter(Boolean)
+                .map(entry => {
+                    const [hash, shortHash, subject, authorName, committedAt] = entry.split('\x1f')
+
+                    return {
+                        hash,
+                        shortHash,
+                        subject,
+                        authorName,
+                        committedAt
+                    }
+                })
+
+            return reply.send({
+                repositoryRoot: gitRoot,
+                entries
+            })
+        } catch (err) {
+            req.log.error(err)
+            return reply.code(500).send({ error: 'Failed to load changelog' })
+        }
+    })
+
     server.post('/functions/serial/start', async (req, reply) => {
         console.log(req.body)
         const {executionDate,templateIds,tenantId} = req.body as {executionDate:string,templateIds:Number[],tenantId:Number}
@@ -172,49 +261,77 @@ export default async function functionRoutes(server: FastifyInstance) {
         await server.services.prepareIncomingInvoices.run(req.user.tenant_id)
     })
 
+    server.post('/functions/services/backfillfiletext', async (req, reply) => {
+        const tenantId = req.user.tenant_id
+
+        const pendingFiles = await server.db
+            .select()
+            .from(files)
+            .where(
+                and(
+                    eq(files.tenant, tenantId),
+                    eq(files.archived, false),
+                    not(isNull(files.path)),
+                    isNull(files.extractedText)
+                )
+            )
+
+        let processed = 0
+        let withText = 0
+        let errors = 0
+
+        for (const file of pendingFiles) {
+            try {
+                const response: any = await s3.send(new GetObjectCommand({
+                    Bucket: secrets.S3_BUCKET,
+                    Key: file.path!
+                }))
+
+                const fileBuffer = await streamToBuffer(response.Body)
+                const result = await storeExtractedTextForFile(
+                    server,
+                    file.id,
+                    fileBuffer,
+                    file.mimeType,
+                    file.name || file.path?.split("/").pop()
+                )
+
+                processed += 1
+                if (result.text) withText += 1
+            } catch (err) {
+                errors += 1
+                server.log.error(`Failed to backfill extracted text for file ${file.id}`)
+                server.log.error(err)
+            }
+        }
+
+        return {
+            pending: pendingFiles.length,
+            processed,
+            withText,
+            errors
+        }
+    })
+
     server.post('/functions/services/syncdokubox', async (req, reply) => {
 
         await server.services.dokuboxSync.run()
     })
 
-
-    /*server.post('/print/zpl/preview', async (req, reply) => {
-        const { zpl, widthMm = 50, heightMm = 30, dpmm = 8, asBase64 = false } = req.body as {zpl:string,widthMm:number,heightMm:number,dpmm:number,asBase64:string}
-
-        console.log(widthMm,heightMm,dpmm)
-
-        if (!zpl) {
-            return reply.code(400).send({ error: 'Missing ZPL string' })
-        }
-
-        try {
-            // 1️⃣ Renderer initialisieren
-            const { api } = await zplReady
-
-            // 2️⃣ Rendern (liefert base64-encoded PNG)
-            const base64Png = await api.zplToBase64Async(zpl, widthMm, heightMm, dpmm)
-
-            return await encodeBase64ToNiimbot(base64Png, 'top')
-        } catch (err) {
-            console.error('[ZPL Preview Error]', err)
-            return reply.code(500).send({ error: err.message || 'Failed to render ZPL' })
-        }
-    })
-
     server.post('/print/label', async (req, reply) => {
-        const { context, width=584, heigth=354 } = req.body as {context:any,width:number,heigth:number}
+        const { context, width = 584, height = 354 } = req.body as {context:any,width:number,height:number}
 
         try {
-            const base64 = await generateLabel(context,width,heigth)
+            const base64 = await generateLabel(context,width,height)
 
             return {
                 encoded: await encodeBase64ToNiimbot(base64, 'top'),
                 base64: base64
             }
         } catch (err) {
-            console.error('[ZPL Preview Error]', err)
+            console.error('[Label Render Error]', err)
-            return reply.code(500).send({ error: err.message || 'Failed to render ZPL' })
+            return reply.code(500).send({ error: err.message || 'Failed to render label' })
         }
-    })*/
+    })
 
 }

backend/src/routes/history.ts

@@ -5,6 +5,7 @@ import { authProfiles, historyitems } from "../../db/schema";
 
 const columnMap: Record<string, any> = {
     customers: historyitems.customer,
+    members: historyitems.customer,
     vendors: historyitems.vendor,
     projects: historyitems.project,
     plants: historyitems.plant,
@@ -22,10 +23,14 @@ const columnMap: Record<string, any> = {
     documentboxes: historyitems.documentbox,
     hourrates: historyitems.hourrate,
     services: historyitems.service,
+    customerspaces: historyitems.customerspace,
+    customerinventoryitems: historyitems.customerinventoryitem,
+    memberrelations: historyitems.memberrelation,
 };
 
 const insertFieldMap: Record<string, string> = {
     customers: "customer",
+    members: "customer",
     vendors: "vendor",
     projects: "project",
     plants: "plant",
@@ -43,6 +48,9 @@ const insertFieldMap: Record<string, string> = {
     documentboxes: "documentbox",
     hourrates: "hourrate",
     services: "service",
+    customerspaces: "customerspace",
+    customerinventoryitems: "customerinventoryitem",
+    memberrelations: "memberrelation",
 }
 
 const parseId = (value: string) => {
@@ -51,6 +59,44 @@ const parseId = (value: string) => {
 }
 
 export default async function resourceHistoryRoutes(server: FastifyInstance) {
+    server.get("/history", {
+        schema: {
+            tags: ["History"],
+            summary: "Get all history entries for the active tenant",
+        },
+    }, async (req: any) => {
+        const data = await server.db
+            .select()
+            .from(historyitems)
+            .where(eq(historyitems.tenant, req.user?.tenant_id))
+            .orderBy(asc(historyitems.createdAt));
+
+        const userIds = Array.from(
+            new Set(data.map((item) => item.createdBy).filter(Boolean))
+        ) as string[];
+
+        const profiles = userIds.length > 0
+            ? await server.db
+                .select()
+                .from(authProfiles)
+                .where(and(
+                    eq(authProfiles.tenant_id, req.user?.tenant_id),
+                    inArray(authProfiles.user_id, userIds)
+                ))
+            : [];
+
+        const profileByUserId = new Map(
+            profiles.map((profile) => [profile.user_id, profile])
+        );
+
+        return data.map((historyitem) => ({
+            ...historyitem,
+            created_at: historyitem.createdAt,
+            created_by: historyitem.createdBy,
+            created_by_profile: historyitem.createdBy ? profileByUserId.get(historyitem.createdBy) || null : null,
+        }));
+    });
+
     server.get<{
         Params: { resource: string; id: string }
     }>("/resource/:resource/:id/history", {

backend/src/routes/internal/auth.m2m.ts

@@ -0,0 +1,63 @@
+import { FastifyInstance } from "fastify"
+import jwt from "jsonwebtoken"
+import { and, eq } from "drizzle-orm"
+import { authTenantUsers } from "../../../db/schema"
+import { secrets } from "../../utils/secrets"
+
+export default async function authM2mInternalRoutes(server: FastifyInstance) {
+    server.post("/auth/m2m/token", {
+        schema: {
+            tags: ["Auth"],
+            summary: "Exchange M2M API key for a short-lived JWT",
+            body: {
+                type: "object",
+                properties: {
+                    expires_in_seconds: { type: "number" }
+                }
+            }
+        }
+    }, async (req, reply) => {
+        try {
+            if (!req.user?.user_id || !req.user?.tenant_id || !req.user?.email) {
+                return reply.code(401).send({ error: "Unauthorized" })
+            }
+
+            const membership = await server.db
+                .select()
+                .from(authTenantUsers)
+                .where(and(
+                    eq(authTenantUsers.user_id, req.user.user_id),
+                    eq(authTenantUsers.tenant_id, Number(req.user.tenant_id))
+                ))
+                .limit(1)
+
+            if (!membership[0]) {
+                return reply.code(403).send({ error: "User is not assigned to tenant" })
+            }
+
+            const requestedTtl = Number((req.body as any)?.expires_in_seconds ?? 900)
+            const ttlSeconds = Math.min(3600, Math.max(60, requestedTtl))
+
+            const token = jwt.sign(
+                {
+                    user_id: req.user.user_id,
+                    email: req.user.email,
+                    tenant_id: req.user.tenant_id,
+                },
+                secrets.JWT_SECRET!,
+                { expiresIn: ttlSeconds }
+            )
+
+            return {
+                token_type: "Bearer",
+                access_token: token,
+                expires_in_seconds: ttlSeconds,
+                user_id: req.user.user_id,
+                tenant_id: req.user.tenant_id
+            }
+        } catch (err) {
+            console.error("POST /internal/auth/m2m/token ERROR:", err)
+            return reply.code(500).send({ error: "Internal Server Error" })
+        }
+    })
+}

backend/src/routes/resources/main.ts

@@ -7,12 +7,16 @@ import {
     and,
     count,
     inArray,
-    or
+    or,
+    sql,
 } from "drizzle-orm"
 
 import { resourceConfig } from "../../utils/resource.config";
 import { useNextNumberRangeNumber } from "../../utils/functions";
+import { getHistoryEntityLabel, insertHistoryItem } from "../../utils/history";
+import { diffObjects } from "../../utils/diff";
 import { recalculateServicePricesForTenant } from "../../modules/service-price-recalculation.service";
+import { decrypt, encrypt } from "../../utils/crypt";
 
 // -------------------------------------------------------------
 // SQL Suche auf mehreren Feldern (Haupttabelle + Relationen)
@@ -20,15 +24,208 @@ import { recalculateServicePricesForTenant } from "../../modules/service-price-r
 function buildSearchCondition(columns: any[], search: string) {
     if (!search || !columns.length) return null
 
-    const term = `%${search.toLowerCase()}%`
+    const normalizeForSearch = (value: string) =>
+        value
+            .toLowerCase()
+            .normalize("NFD")
+            .replace(/[\u0300-\u036f]/g, "")
+            .replace(/ß/g, "ss")
 
-    const conditions = columns
+    const searchTermsRaw = search
+        .trim()
+        .toLowerCase()
+        .split(/\s+/)
         .filter(Boolean)
-        .map((col) => ilike(col, term))
 
-    if (conditions.length === 0) return null
+    const searchTermsNormalized = searchTermsRaw.map(normalizeForSearch)
 
-    return or(...conditions)
+    const normalizeSqlExpr = (valueExpr: any) => sql`
+        lower(
+            replace(
+                replace(
+                    replace(
+                        replace(
+                            replace(
+                                replace(
+                                    replace(cast(${valueExpr} as text), 'Ä', 'A'),
+                                    'Ö', 'O'
+                                ),
+                                'Ü', 'U'
+                            ),
+                            'ä', 'a'
+                        ),
+                        'ö', 'o'
+                    ),
+                    'ü', 'u'
+                ),
+                'ß', 'ss'
+            )
+        )
+    `
+
+    const validColumns = columns.filter(Boolean)
+    if (validColumns.length === 0) return null
+
+    // Alle Suchspalten zu einem String zusammenführen, damit Vor-/Nachname zuverlässig
+    // gemeinsam durchsuchbar sind (auch wenn in getrennten Feldern gespeichert).
+    const combinedRawExpr = sql`concat_ws(' ', ${sql.join(validColumns.map((col) => sql`coalesce(cast(${col} as text), '')`), sql`, `)})`
+    const combinedNormalizedExpr = normalizeSqlExpr(combinedRawExpr)
+
+    const perTermConditions = searchTermsRaw.map((rawTerm, idx) => {
+        const normalizedTerm = searchTermsNormalized[idx]
+        const rawLike = `%${rawTerm}%`
+        const normalizedLike = `%${normalizedTerm}%`
+
+        const rawCondition = ilike(combinedRawExpr, rawLike)
+        const normalizedCondition = sql`${combinedNormalizedExpr} like ${normalizedLike}`
+
+        return or(rawCondition, normalizedCondition)
+    })
+
+    if (perTermConditions.length === 0) return null
+    return and(...perTermConditions)
+}
+
+function formatDiffValue(value: any): string {
+    if (value === null || value === undefined) return "-"
+    if (typeof value === "boolean") return value ? "Ja" : "Nein"
+    if (typeof value === "object") {
+        try {
+            return JSON.stringify(value)
+        } catch {
+            return "[Objekt]"
+        }
+    }
+    return String(value)
+}
+
+const TECHNICAL_HISTORY_KEYS = new Set([
+    "id",
+    "tenant",
+    "tenant_id",
+    "createdAt",
+    "created_at",
+    "createdBy",
+    "created_by",
+    "updatedAt",
+    "updated_at",
+    "updatedBy",
+    "updated_by",
+    "archived",
+])
+
+function getUserVisibleChanges(oldRecord: Record<string, any>, updated: Record<string, any>) {
+    return diffObjects(oldRecord, updated).filter((c) => !TECHNICAL_HISTORY_KEYS.has(c.key))
+}
+
+function buildFieldUpdateHistoryText(resource: string, label: string, oldValue: any, newValue: any) {
+    const resourceLabel = getHistoryEntityLabel(resource)
+    return `${resourceLabel}: ${label} geändert von "${formatDiffValue(oldValue)}" zu "${formatDiffValue(newValue)}"`
+}
+
+function applyResourceWhereFilters(resource: string, table: any, whereCond: any) {
+    if (resource === "members") {
+        return and(whereCond, eq(table.type, "Mitglied"))
+    }
+    return whereCond
+}
+
+function getTenantColumn(resource: string, table: any) {
+    const config = resourceConfig[resource]
+    const tenantKey = config?.tenantKey || "tenant"
+    return table[tenantKey]
+}
+
+function isDateLikeField(key: string) {
+    if (key === "deliveryDateType") return false
+    if (key.includes("_at") || key.endsWith("At")) return true
+    if (/Date$/.test(key)) return true
+    return /(^|_|-)date($|_|-)/i.test(key)
+}
+
+function normalizeMemberPayload(payload: Record<string, any>) {
+    const infoData = payload.infoData && typeof payload.infoData === "object" ? payload.infoData : {}
+    const normalized = {
+        ...payload,
+        type: "Mitglied",
+        isCompany: false,
+        infoData,
+    }
+
+    return normalized
+}
+
+function validateMemberPayload(payload: Record<string, any>) {
+    const infoData = payload.infoData && typeof payload.infoData === "object" ? payload.infoData : {}
+    const bankAccountIds = Array.isArray(infoData.bankAccountIds) ? infoData.bankAccountIds.filter(Boolean) : []
+    const firstname = typeof payload.firstname === "string" ? payload.firstname.trim() : ""
+    const lastname = typeof payload.lastname === "string" ? payload.lastname.trim() : ""
+
+    if (!firstname || !lastname) {
+        return "Für Mitglieder sind Vorname und Nachname erforderlich."
+    }
+
+    if (!bankAccountIds.length) {
+        return "Für Mitglieder muss mindestens ein Bankkonto hinterlegt werden."
+    }
+
+    if (infoData.hasSEPA && !infoData.sepaSignedAt) {
+        return "Wenn ein SEPA-Mandat hinterlegt ist, muss ein Unterschriftsdatum gesetzt werden."
+    }
+
+    return null
+}
+
+function maskIban(iban: string) {
+    if (!iban) return ""
+    const cleaned = iban.replace(/\s+/g, "")
+    if (cleaned.length <= 8) return cleaned
+    return `${cleaned.slice(0, 4)} **** **** ${cleaned.slice(-4)}`
+}
+
+function decryptEntityBankAccount(row: Record<string, any>) {
+    const iban = row.ibanEncrypted ? decrypt(row.ibanEncrypted as any) : null
+    const bic = row.bicEncrypted ? decrypt(row.bicEncrypted as any) : null
+    const bankName = row.bankNameEncrypted ? decrypt(row.bankNameEncrypted as any) : null
+
+    return {
+        ...row,
+        iban,
+        bic,
+        bankName,
+        displayLabel: `${maskIban(iban || "")}${bankName ? ` | ${bankName}` : ""}${row.description ? ` (${row.description})` : ""}`.trim(),
+    }
+}
+
+function prepareEntityBankAccountPayload(payload: Record<string, any>, requireAll: boolean) {
+    const iban = typeof payload.iban === "string" ? payload.iban.trim() : ""
+    const bic = typeof payload.bic === "string" ? payload.bic.trim() : ""
+    const bankName = typeof payload.bankName === "string" ? payload.bankName.trim() : ""
+
+    const hasAnyPlainField = Object.prototype.hasOwnProperty.call(payload, "iban")
+        || Object.prototype.hasOwnProperty.call(payload, "bic")
+        || Object.prototype.hasOwnProperty.call(payload, "bankName")
+
+    if (!hasAnyPlainField && !requireAll) {
+        return { data: payload }
+    }
+
+    if (!iban || !bic || !bankName) {
+        return { error: "IBAN, BIC und Bankinstitut sind Pflichtfelder." }
+    }
+
+    const result: Record<string, any> = {
+        ...payload,
+        ibanEncrypted: encrypt(iban),
+        bicEncrypted: encrypt(bic),
+        bankNameEncrypted: encrypt(bankName),
+    }
+
+    delete result.iban
+    delete result.bic
+    delete result.bankName
+
+    return { data: result }
 }
 
 export default async function resourceRoutes(server: FastifyInstance) {
@@ -50,9 +247,14 @@ export default async function resourceRoutes(server: FastifyInstance) {
 
             const { resource } = req.params as { resource: string }
             const config = resourceConfig[resource]
+            if (!config) {
+                return reply.code(404).send({ error: "Unknown resource" })
+            }
             const table = config.table
 
-            let whereCond: any = eq(table.tenant, tenantId)
+            const tenantColumn = getTenantColumn(resource, table)
+            let whereCond: any = tenantColumn ? eq(tenantColumn, tenantId) : undefined
+            whereCond = applyResourceWhereFilters(resource, table, whereCond)
             let q = server.db.select().from(table).$dynamic()
 
             const searchCols: any[] = (config.searchColumns || []).map(c => table[c])
@@ -122,7 +324,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
             if(config.mtmListLoad) {
                 for await (const relation of config.mtmListLoad) {
                     const relTable = resourceConfig[relation].table
-                    const parentKey = resource.substring(0, resource.length - 1)
+                    const parentKey = config.relationKey || resource.substring(0, resource.length - 1)
                     const relationRows = await server.db.select().from(relTable).where(inArray(relTable[parentKey], data.map(i => i.id)))
                     data = data.map(row => ({
                         ...row,
@@ -131,6 +333,10 @@ export default async function resourceRoutes(server: FastifyInstance) {
                 }
             }
 
+            if (resource === "entitybankaccounts") {
+                return data.map((row) => decryptEntityBankAccount(row))
+            }
+
             return data
 
         } catch (err) {
@@ -149,14 +355,21 @@ export default async function resourceRoutes(server: FastifyInstance) {
 
             const { resource } = req.params as { resource: string };
             const config = resourceConfig[resource];
+            if (!config) {
+                return reply.code(404).send({ error: "Unknown resource" });
+            }
             const table = config.table;
 
             const { queryConfig } = req;
             const { pagination, sort, filters } = queryConfig;
             const { search, distinctColumns } = req.query as { search?: string; distinctColumns?: string; };
 
-            let whereCond: any = eq(table.tenant, tenantId);
+            const tenantColumn = getTenantColumn(resource, table);
+            let whereCond: any = tenantColumn ? eq(tenantColumn, tenantId) : undefined;
+            whereCond = applyResourceWhereFilters(resource, table, whereCond)
             const searchCols: any[] = (config.searchColumns || []).map(c => table[c]);
+            const debugSearchColumnNames: string[] = [...(config.searchColumns || [])];
+            const parsedFilters: Array<{ key: string; value: any }> = []
 
             let countQuery = server.db.select({ value: count(table.id) }).from(table).$dynamic();
             let mainQuery = server.db.select().from(table).$dynamic();
@@ -174,7 +387,10 @@ export default async function resourceRoutes(server: FastifyInstance) {
                             mainQuery = mainQuery.leftJoin(relTable, eq(table[rel], relTable.id));
                             if (relConfig.searchColumns) {
                                 relConfig.searchColumns.forEach(c => {
-                                    if (relTable[c]) searchCols.push(relTable[c]);
+                                    if (relTable[c]) {
+                                        searchCols.push(relTable[c]);
+                                        debugSearchColumnNames.push(`${rel}.${c}`);
+                                    }
                                 });
                             }
                         }
@@ -183,6 +399,23 @@ export default async function resourceRoutes(server: FastifyInstance) {
             }
 
             if (search) {
+                if (resource === "customers") {
+                    const rawSearch = search.trim()
+                    const terms = rawSearch.toLowerCase().split(/\s+/).filter(Boolean)
+                    const normalizedTerms = terms
+                        .map((t) => t.normalize("NFD").replace(/[\u0300-\u036f]/g, "").replace(/ß/g, "ss"))
+
+                    server.log.info({
+                        tag: "customer-search-debug",
+                        search: rawSearch,
+                        terms,
+                        normalizedTerms,
+                        searchColumns: debugSearchColumnNames,
+                        page: pagination?.page ?? 1,
+                        limit: pagination?.limit ?? 100,
+                    }, "Paginated customer search request")
+                }
+
                 const searchCond = buildSearchCondition(searchCols, search.trim());
                 if (searchCond) whereCond = and(whereCond, searchCond);
             }
@@ -191,6 +424,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
                 for (const [key, val] of Object.entries(filters)) {
                     const col = (table as any)[key];
                     if (!col) continue;
+                    parsedFilters.push({ key, value: val })
                     whereCond = Array.isArray(val) ? and(whereCond, inArray(col, val)) : and(whereCond, eq(col, val as any));
                 }
             }
@@ -220,7 +454,35 @@ export default async function resourceRoutes(server: FastifyInstance) {
                 for (const colName of distinctColumns.split(",").map(c => c.trim())) {
                     const col = (table as any)[colName];
                     if (!col) continue;
-                    const dRows = await server.db.select({ v: col }).from(table).where(eq(table.tenant, tenantId));
+                    let distinctQuery = server.db.select({ v: col }).from(table).$dynamic();
+                    if (config.mtoLoad) {
+                        config.mtoLoad.forEach(rel => {
+                            const relConfig = resourceConfig[rel + "s"] || resourceConfig[rel];
+                            if (!relConfig) return;
+                            const relTable = relConfig.table;
+                            if (relTable !== table) {
+                                distinctQuery = distinctQuery.leftJoin(relTable, eq(table[rel], relTable.id));
+                            }
+                        });
+                    }
+                    let distinctWhereCond: any = tenantColumn ? eq(tenantColumn, tenantId) : undefined
+                    distinctWhereCond = applyResourceWhereFilters(resource, table, distinctWhereCond)
+
+                    if (search) {
+                        const searchCond = buildSearchCondition(searchCols, search.trim())
+                        if (searchCond) distinctWhereCond = and(distinctWhereCond, searchCond)
+                    }
+
+                    for (const f of parsedFilters) {
+                        if (f.key === colName) continue
+                        const filterCol = (table as any)[f.key]
+                        if (!filterCol) continue
+                        distinctWhereCond = Array.isArray(f.value)
+                            ? and(distinctWhereCond, inArray(filterCol, f.value))
+                            : and(distinctWhereCond, eq(filterCol, f.value as any))
+                    }
+
+                    const dRows = await distinctQuery.where(distinctWhereCond);
                     distinctValues[colName] = [...new Set(dRows.map(r => r.v).filter(v => v != null && v !== ""))].sort();
                 }
             }
@@ -251,7 +513,7 @@ export default async function resourceRoutes(server: FastifyInstance) {
             if (config.mtmListLoad) {
                 for await (const relation of config.mtmListLoad) {
                     const relTable = resourceConfig[relation].table;
-                    const parentKey = resource.substring(0, resource.length - 1);
+                    const parentKey = config.relationKey || resource.substring(0, resource.length - 1);
                     const relationRows = await server.db.select().from(relTable).where(inArray(relTable[parentKey], data.map(i => i.id)));
                     data = data.map(row => ({
                         ...row,
@@ -260,6 +522,10 @@ export default async function resourceRoutes(server: FastifyInstance) {
                 }
             }
 
+            if (resource === "entitybankaccounts") {
+                data = data.map((row) => decryptEntityBankAccount(row))
+            }
+
             return {
                 data,
                 queryConfig: { ...queryConfig, total, totalPages: Math.ceil(total / limit), distinctValues }
@@ -283,10 +549,13 @@ export default async function resourceRoutes(server: FastifyInstance) {
             const { resource, no_relations } = req.params as { resource: string, no_relations?: boolean }
             const table = resourceConfig[resource].table
 
+            let whereCond: any = and(eq(table.id, id), eq(table.tenant, tenantId))
+            whereCond = applyResourceWhereFilters(resource, table, whereCond)
+
             const projRows = await server.db
                 .select()
                 .from(table)
-                .where(and(eq(table.id, id), eq(table.tenant, tenantId)))
+                .where(whereCond)
                 .limit(1)
 
             if (!projRows.length)
@@ -309,12 +578,16 @@ export default async function resourceRoutes(server: FastifyInstance) {
                 if (resourceConfig[resource].mtmLoad) {
                     for await (const relation of resourceConfig[resource].mtmLoad) {
                         const relTable = resourceConfig[relation].table
-                        const parentKey = resource.substring(0, resource.length - 1)
+                        const parentKey = resourceConfig[resource].relationKey || resource.substring(0, resource.length - 1)
                         data[relation] = await server.db.select().from(relTable).where(eq(relTable[parentKey], id))
                     }
                 }
             }
 
+            if (resource === "entitybankaccounts") {
+                return decryptEntityBankAccount(data)
+            }
+
             return data
         } catch (err) {
             console.error("ERROR /resource/:resource/:id", err)
@@ -327,14 +600,32 @@ export default async function resourceRoutes(server: FastifyInstance) {
         try {
             if (!req.user?.tenant_id) return reply.code(400).send({ error: "No tenant selected" });
             const { resource } = req.params as { resource: string };
+            if (resource === "accounts") {
+                return reply.code(403).send({ error: "Accounts are read-only" })
+            }
             const body = req.body as Record<string, any>;
             const config = resourceConfig[resource];
             const table = config.table;
 
-            let createData = { ...body, tenant: req.user.tenant_id, archived: false };
+            let createData: Record<string, any> = { ...body, tenant: req.user.tenant_id, archived: false };
+
+            if (resource === "members") {
+                createData = normalizeMemberPayload(createData)
+                const validationError = validateMemberPayload(createData)
+                if (validationError) {
+                    return reply.code(400).send({ error: validationError })
+                }
+            }
+
+            if (resource === "entitybankaccounts") {
+                const prepared = prepareEntityBankAccountPayload(createData, true)
+                if (prepared.error) return reply.code(400).send({ error: prepared.error })
+                createData = prepared.data!
+            }
 
             if (config.numberRangeHolder && !body[config.numberRangeHolder]) {
-                const result = await useNextNumberRangeNumber(server, req.user.tenant_id, resource)
+                const numberRangeResource = resource === "members" ? "customers" : resource
+                const result = await useNextNumberRangeNumber(server, req.user.tenant_id, numberRangeResource)
                 createData[config.numberRangeHolder] = result.usedNumber
             }
 
@@ -349,6 +640,28 @@ export default async function resourceRoutes(server: FastifyInstance) {
                 await recalculateServicePricesForTenant(server, req.user.tenant_id, req.user?.user_id || null);
             }
 
+            if (created) {
+                try {
+                    const resourceLabel = getHistoryEntityLabel(resource)
+                    await insertHistoryItem(server, {
+                        tenant_id: req.user.tenant_id,
+                        created_by: req.user?.user_id || null,
+                        entity: resource,
+                        entityId: created.id,
+                        action: "created",
+                        oldVal: null,
+                        newVal: created,
+                        text: `Neuer Eintrag in ${resourceLabel} erstellt`,
+                    })
+                } catch (historyError) {
+                    server.log.warn({ err: historyError, resource }, "Failed to write create history entry")
+                }
+            }
+
+            if (resource === "entitybankaccounts") {
+                return decryptEntityBankAccount(created as Record<string, any>)
+            }
+
             return created;
         } catch (error) {
             console.error(error);
@@ -360,6 +673,9 @@ export default async function resourceRoutes(server: FastifyInstance) {
     server.put("/resource/:resource/:id", async (req, reply) => {
         try {
             const { resource, id } = req.params as { resource: string; id: string }
+            if (resource === "accounts") {
+                return reply.code(403).send({ error: "Accounts are read-only" })
+            }
             const body = req.body as Record<string, any>
             const tenantId = req.user?.tenant_id
             const userId = req.user?.user_id
@@ -369,22 +685,93 @@ export default async function resourceRoutes(server: FastifyInstance) {
             const table = resourceConfig[resource].table
             const normalizeDate = (val: any) => { const d = new Date(val); return isNaN(d.getTime()) ? null : d; }
 
-            let data = { ...body, updated_at: new Date().toISOString(), updated_by: userId }
+            const [oldRecord] = await server.db
+                .select()
+                .from(table)
+                .where(and(eq(table.id, id), eq(table.tenant, tenantId)))
+                .limit(1)
+
+            let data: Record<string, any> = { ...body, updated_at: new Date().toISOString(), updated_by: userId }
             //@ts-ignore
             delete data.updatedBy; delete data.updatedAt;
 
+            if (resource === "members") {
+                data = normalizeMemberPayload(data)
+                const validationError = validateMemberPayload(data)
+                if (validationError) {
+                    return reply.code(400).send({ error: validationError })
+                }
+            }
+
+            if (resource === "entitybankaccounts") {
+                const prepared = prepareEntityBankAccountPayload(data, false)
+                if (prepared.error) return reply.code(400).send({ error: prepared.error })
+                data = {
+                    ...prepared.data,
+                    updated_at: data.updated_at,
+                    updated_by: data.updated_by,
+                }
+            }
+
             Object.keys(data).forEach((key) => {
-                if ((key.includes("_at") || key.includes("At") || key.toLowerCase().includes("date")) && key !== "deliveryDateType") {
+                const value = data[key]
-                    data[key] = normalizeDate(data[key])
+                const shouldNormalize =
+                    isDateLikeField(key) &&
+                    value !== null &&
+                    value !== undefined &&
+                    (typeof value === "string" || typeof value === "number" || value instanceof Date)
+
+                if (shouldNormalize) {
+                    data[key] = normalizeDate(value)
                 }
             })
 
-            const [updated] = await server.db.update(table).set(data).where(and(eq(table.id, id), eq(table.tenant, tenantId))).returning()
+            let updateWhereCond: any = and(eq(table.id, id), eq(table.tenant, tenantId))
+            updateWhereCond = applyResourceWhereFilters(resource, table, updateWhereCond)
+            const [updated] = await server.db.update(table).set(data).where(updateWhereCond).returning()
 
             if (["products", "services", "hourrates"].includes(resource)) {
                 await recalculateServicePricesForTenant(server, tenantId, userId);
             }
 
+            if (updated) {
+                try {
+                    const resourceLabel = getHistoryEntityLabel(resource)
+                    const changes = oldRecord ? getUserVisibleChanges(oldRecord, updated) : []
+                    if (!changes.length) {
+                        await insertHistoryItem(server, {
+                            tenant_id: tenantId,
+                            created_by: userId,
+                            entity: resource,
+                            entityId: updated.id,
+                            action: "updated",
+                            oldVal: oldRecord || null,
+                            newVal: updated,
+                            text: `Eintrag in ${resourceLabel} geändert`,
+                        })
+                    } else {
+                        for (const change of changes) {
+                            await insertHistoryItem(server, {
+                                tenant_id: tenantId,
+                                created_by: userId,
+                                entity: resource,
+                                entityId: updated.id,
+                                action: "updated",
+                                oldVal: change.oldValue,
+                                newVal: change.newValue,
+                                text: buildFieldUpdateHistoryText(resource, change.label, change.oldValue, change.newValue),
+                            })
+                        }
+                    }
+                } catch (historyError) {
+                    server.log.warn({ err: historyError, resource, id }, "Failed to write update history entry")
+                }
+            }
+
+            if (resource === "entitybankaccounts") {
+                return decryptEntityBankAccount(updated as Record<string, any>)
+            }
+
             return updated
         } catch (err) {
             console.error(err)

backend/src/routes/resourcesSpecial.ts

@@ -1,9 +1,9 @@
 import { FastifyInstance } from "fastify"
-import { asc, desc } from "drizzle-orm"
+import { asc, desc, eq } from "drizzle-orm"
 import { sortData } from "../utils/sort"
 
 // Schema imports
-import { accounts, units,countrys } from "../../db/schema"
+import { accounts, units, countrys, tenants } from "../../db/schema"
 
 const TABLE_MAP: Record<string, any> = {
     accounts,
@@ -40,6 +40,44 @@ export default async function resourceRoutesSpecial(server: FastifyInstance) {
             // Wir geben IMMER alle Spalten zurück → kompatibel zum Frontend
             // ---------------------------------------
 
+            if (resource === "accounts") {
+                const [tenant] = await server.db
+                    .select({
+                        accountChart: tenants.accountChart,
+                    })
+                    .from(tenants)
+                    .where(eq(tenants.id, Number(req.user.tenant_id)))
+                    .limit(1)
+
+                const activeAccountChart = tenant?.accountChart || "skr03"
+                let data
+                if (sort && (accounts as any)[sort]) {
+                    const col = (accounts as any)[sort]
+                    data = ascQuery === "true"
+                        ? await server.db
+                            .select()
+                            .from(accounts)
+                            .where(eq(accounts.accountChart, activeAccountChart))
+                            .orderBy(asc(col))
+                        : await server.db
+                            .select()
+                            .from(accounts)
+                            .where(eq(accounts.accountChart, activeAccountChart))
+                            .orderBy(desc(col))
+                } else {
+                    data = await server.db
+                        .select()
+                        .from(accounts)
+                        .where(eq(accounts.accountChart, activeAccountChart))
+                }
+
+                return sortData(
+                    data,
+                    sort as any,
+                    ascQuery === "true"
+                )
+            }
+
             let query = server.db.select().from(table)
 
             // ---------------------------------------

backend/src/routes/tenant.ts

@@ -1,18 +1,26 @@
 import { FastifyInstance } from "fastify"
 import jwt from "jsonwebtoken"
 import { secrets } from "../utils/secrets"
+import { createHash, randomBytes } from "node:crypto"
 
 import {
     authTenantUsers,
     authUsers,
     authProfiles,
-    tenants
+    tenants,
+    m2mApiKeys
 } from "../../db/schema"
 
-import {and, eq, inArray} from "drizzle-orm"
+import {and, desc, eq, inArray} from "drizzle-orm"
 
 
 export default async function tenantRoutes(server: FastifyInstance) {
+    const generateApiKey = () => {
+        const raw = randomBytes(32).toString("base64url")
+        return `fedeo_m2m_${raw}`
+    }
+    const hashApiKey = (apiKey: string) =>
+        createHash("sha256").update(apiKey, "utf8").digest("hex")
 
 
     // -------------------------------------------------------------
@@ -73,7 +81,7 @@ export default async function tenantRoutes(server: FastifyInstance) {
                 httpOnly: true,
                 sameSite: process.env.NODE_ENV === "production" ? "none" : "lax",
                 secure: process.env.NODE_ENV === "production",
-                maxAge: 60 * 60 * 3,
+                maxAge: 60 * 60 * 6,
             })
 
             return { token }
@@ -241,4 +249,172 @@ export default async function tenantRoutes(server: FastifyInstance) {
         }
     })
 
+    // -------------------------------------------------------------
+    // M2M API KEYS
+    // -------------------------------------------------------------
+    server.get("/tenant/api-keys", async (req, reply) => {
+        try {
+            const tenantId = req.user?.tenant_id
+            if (!tenantId) return reply.code(401).send({ error: "Unauthorized" })
+
+            const keys = await server.db
+                .select({
+                    id: m2mApiKeys.id,
+                    name: m2mApiKeys.name,
+                    tenant_id: m2mApiKeys.tenantId,
+                    user_id: m2mApiKeys.userId,
+                    active: m2mApiKeys.active,
+                    key_prefix: m2mApiKeys.keyPrefix,
+                    created_at: m2mApiKeys.createdAt,
+                    updated_at: m2mApiKeys.updatedAt,
+                    expires_at: m2mApiKeys.expiresAt,
+                    last_used_at: m2mApiKeys.lastUsedAt,
+                })
+                .from(m2mApiKeys)
+                .where(eq(m2mApiKeys.tenantId, tenantId))
+                .orderBy(desc(m2mApiKeys.createdAt))
+
+            return keys
+        } catch (err) {
+            console.error("/tenant/api-keys GET ERROR:", err)
+            return reply.code(500).send({ error: "Internal Server Error" })
+        }
+    })
+
+    server.post("/tenant/api-keys", async (req, reply) => {
+        try {
+            const tenantId = req.user?.tenant_id
+            const creatorUserId = req.user?.user_id
+            if (!tenantId || !creatorUserId) {
+                return reply.code(401).send({ error: "Unauthorized" })
+            }
+
+            const { name, user_id, expires_at } = req.body as {
+                name: string
+                user_id: string
+                expires_at?: string | null
+            }
+
+            if (!name || !user_id) {
+                return reply.code(400).send({ error: "name and user_id are required" })
+            }
+
+            const userMembership = await server.db
+                .select()
+                .from(authTenantUsers)
+                .where(and(
+                    eq(authTenantUsers.tenant_id, tenantId),
+                    eq(authTenantUsers.user_id, user_id)
+                ))
+                .limit(1)
+
+            if (!userMembership[0]) {
+                return reply.code(400).send({ error: "user_id is not assigned to this tenant" })
+            }
+
+            const plainApiKey = generateApiKey()
+            const keyPrefix = plainApiKey.slice(0, 16)
+            const keyHash = hashApiKey(plainApiKey)
+
+            const inserted = await server.db
+                .insert(m2mApiKeys)
+                .values({
+                    tenantId,
+                    userId: user_id,
+                    createdBy: creatorUserId,
+                    name,
+                    keyPrefix,
+                    keyHash,
+                    expiresAt: expires_at ? new Date(expires_at) : null,
+                })
+                .returning({
+                    id: m2mApiKeys.id,
+                    name: m2mApiKeys.name,
+                    tenant_id: m2mApiKeys.tenantId,
+                    user_id: m2mApiKeys.userId,
+                    key_prefix: m2mApiKeys.keyPrefix,
+                    created_at: m2mApiKeys.createdAt,
+                    expires_at: m2mApiKeys.expiresAt,
+                    active: m2mApiKeys.active,
+                })
+
+            return reply.code(201).send({
+                ...inserted[0],
+                api_key: plainApiKey, // only returned once
+            })
+        } catch (err) {
+            console.error("/tenant/api-keys POST ERROR:", err)
+            return reply.code(500).send({ error: "Internal Server Error" })
+        }
+    })
+
+    server.patch("/tenant/api-keys/:id", async (req, reply) => {
+        try {
+            const tenantId = req.user?.tenant_id
+            if (!tenantId) return reply.code(401).send({ error: "Unauthorized" })
+
+            const { id } = req.params as { id: string }
+            const { name, active, expires_at } = req.body as {
+                name?: string
+                active?: boolean
+                expires_at?: string | null
+            }
+
+            const updateData: any = {
+                updatedAt: new Date()
+            }
+            if (name !== undefined) updateData.name = name
+            if (active !== undefined) updateData.active = active
+            if (expires_at !== undefined) updateData.expiresAt = expires_at ? new Date(expires_at) : null
+
+            const updated = await server.db
+                .update(m2mApiKeys)
+                .set(updateData)
+                .where(and(
+                    eq(m2mApiKeys.id, id),
+                    eq(m2mApiKeys.tenantId, tenantId)
+                ))
+                .returning({
+                    id: m2mApiKeys.id,
+                    name: m2mApiKeys.name,
+                    tenant_id: m2mApiKeys.tenantId,
+                    user_id: m2mApiKeys.userId,
+                    active: m2mApiKeys.active,
+                    key_prefix: m2mApiKeys.keyPrefix,
+                    updated_at: m2mApiKeys.updatedAt,
+                    expires_at: m2mApiKeys.expiresAt,
+                    last_used_at: m2mApiKeys.lastUsedAt,
+                })
+
+            if (!updated[0]) {
+                return reply.code(404).send({ error: "API key not found" })
+            }
+
+            return updated[0]
+        } catch (err) {
+            console.error("/tenant/api-keys PATCH ERROR:", err)
+            return reply.code(500).send({ error: "Internal Server Error" })
+        }
+    })
+
+    server.delete("/tenant/api-keys/:id", async (req, reply) => {
+        try {
+            const tenantId = req.user?.tenant_id
+            if (!tenantId) return reply.code(401).send({ error: "Unauthorized" })
+
+            const { id } = req.params as { id: string }
+            await server.db
+                .delete(m2mApiKeys)
+                .where(and(
+                    eq(m2mApiKeys.id, id),
+                    eq(m2mApiKeys.tenantId, tenantId)
+                ))
+
+            return { success: true }
+        } catch (err) {
+            console.error("/tenant/api-keys DELETE ERROR:", err)
+            return reply.code(500).send({ error: "Internal Server Error" })
+        }
+    })
+
 }

backend/src/routes/wiki.ts

@@ -10,6 +10,8 @@ import {
     plants,
     products,
     inventoryitems,
+    customerinventoryitems,
+    customerspaces,
     // NEU HINZUGEFÜGT (Basierend auf deinem DataStore)
     tasks,
     contacts,
@@ -34,6 +36,8 @@ const ENTITY_CONFIG: Record<string, { table: any, labelField: any, rootLabel: st
     'plants': { table: plants, labelField: plants.name, rootLabel: 'Objekte', idField: 'id' },
     'products': { table: products, labelField: products.name, rootLabel: 'Artikel', idField: 'id' },
     'inventoryitems': { table: inventoryitems, labelField: inventoryitems.name, rootLabel: 'Inventarartikel', idField: 'id' },
+    'customerinventoryitems': { table: customerinventoryitems, labelField: customerinventoryitems.name, rootLabel: 'Kundeninventar', idField: 'id' },
+    'customerspaces': { table: customerspaces, labelField: customerspaces.name, rootLabel: 'Kundenlagerplätze', idField: 'id' },
 
     // --- NEU BASIEREND AUF DATASTORE ---
     'tasks': { table: tasks, labelField: tasks.name, rootLabel: 'Aufgaben', idField: 'id' },
@@ -337,4 +341,4 @@ export default async function wikiRoutes(server: FastifyInstance) {
 
         return { success: true, deletedId: result[0].id }
     })
-}
+}

backend/src/utils/diff.ts

@@ -1,5 +1,5 @@
 
-import {diffTranslations} from "./diffTranslations";
+import {diffTranslations, getDiffLabel} from "./diffTranslations";
 
 export type DiffChange = {
     key: string;
@@ -43,8 +43,6 @@ export function diffObjects(
         const oldVal = obj1?.[key];
         const newVal = obj2?.[key];
 
-        console.log(oldVal, key, newVal);
-
         // Wenn beides null/undefined → ignorieren
         if (
             (oldVal === null || oldVal === undefined || oldVal === "" || JSON.stringify(oldVal) === "[]") &&
@@ -72,12 +70,11 @@ export function diffObjects(
         if (type === "unchanged") continue;
 
         const translation = diffTranslations[key];
-        let label = key;
+        let label = getDiffLabel(key);
         let resolvedOld = oldVal;
         let resolvedNew = newVal;
 
         if (translation) {
-            label = translation.label;
             if (translation.resolve) {
                 const { oldVal: resOld, newVal: resNew } = translation.resolve(
                     oldVal,
@@ -100,4 +97,4 @@ export function diffObjects(
     }
 
     return diffs;
-}
+}

backend/src/utils/diffTranslations.ts

@@ -6,6 +6,149 @@ type ValueResolver = (
     ctx?: Record<string, any>
 ) => { oldVal: any; newVal: any };
 
+const TOKEN_TRANSLATIONS: Record<string, string> = {
+    account: "Konto",
+    active: "Aktiv",
+    address: "Adresse",
+    amount: "Betrag",
+    archived: "Archiviert",
+    article: "Artikel",
+    bank: "Bank",
+    barcode: "Barcode",
+    birthday: "Geburtstag",
+    category: "Kategorie",
+    city: "Ort",
+    color: "Farbe",
+    comment: "Kommentar",
+    company: "Firma",
+    contact: "Kontakt",
+    contract: "Vertrag",
+    cost: "Kosten",
+    country: "Land",
+    created: "Erstellt",
+    customer: "Kunde",
+    date: "Datum",
+    default: "Standard",
+    deleted: "Gelöscht",
+    delivery: "Lieferung",
+    description: "Beschreibung",
+    document: "Dokument",
+    driver: "Fahrer",
+    due: "Fällig",
+    duration: "Dauer",
+    email: "E-Mail",
+    employee: "Mitarbeiter",
+    enabled: "Aktiviert",
+    end: "Ende",
+    event: "Ereignis",
+    file: "Datei",
+    first: "Vorname",
+    fixed: "Festgeschrieben",
+    group: "Gruppe",
+    hour: "Stunde",
+    iban: "IBAN",
+    id: "ID",
+    incoming: "Eingang",
+    invoice: "Rechnung",
+    item: "Eintrag",
+    language: "Sprache",
+    last: "Nachname",
+    license: "Kennzeichen",
+    link: "Link",
+    list: "Liste",
+    location: "Standort",
+    manufacturer: "Hersteller",
+    markup: "Verkaufsaufschlag",
+    message: "Nachricht",
+    mobile: "Mobil",
+    name: "Name",
+    note: "Notiz",
+    notes: "Notizen",
+    number: "Nummer",
+    order: "Bestellung",
+    own: "Eigen",
+    payment: "Zahlung",
+    phone: "Telefon",
+    plant: "Objekt",
+    postal: "Post",
+    price: "Preis",
+    percentage: "%",
+    product: "Produkt",
+    profile: "Profil",
+    project: "Projekt",
+    purchase: "Kauf",
+    quantity: "Menge",
+    rate: "Satz",
+    reference: "Referenz",
+    requisition: "Anfrage",
+    resource: "Ressource",
+    role: "Rolle",
+    serial: "Serien",
+    service: "Leistung",
+    selling: "Verkauf",
+    sellign: "Verkauf",
+    space: "Lagerplatz",
+    start: "Start",
+    statement: "Buchung",
+    status: "Status",
+    street: "Straße",
+    surcharge: "Aufschlag",
+    tax: "Steuer",
+    tel: "Telefon",
+    tenant: "Mandant",
+    time: "Zeit",
+    title: "Titel",
+    total: "Gesamt",
+    type: "Typ",
+    unit: "Einheit",
+    updated: "Aktualisiert",
+    user: "Benutzer",
+    ustid: "USt-ID",
+    value: "Wert",
+    vendor: "Lieferant",
+    vehicle: "Fahrzeug",
+    weekly: "Wöchentlich",
+    working: "Arbeits",
+    zip: "Postleitzahl",
+    composed: "Zusammensetzung",
+    material: "Material",
+    worker: "Arbeit",
+};
+
+function tokenizeKey(key: string): string[] {
+    return key
+        .replace(/([a-z0-9])([A-Z])/g, "$1_$2")
+        .replace(/[^a-zA-Z0-9]+/g, "_")
+        .split("_")
+        .filter(Boolean)
+        .map((p) => p.toLowerCase());
+}
+
+function capitalize(word: string) {
+    if (!word) return word;
+    return word.charAt(0).toUpperCase() + word.slice(1);
+}
+
+function fallbackLabelFromKey(key: string): string {
+    const parts = tokenizeKey(key);
+    if (!parts.length) return key;
+
+    if (parts.length > 1 && parts[parts.length - 1] === "id") {
+        const base = parts.slice(0, -1).map((p) => TOKEN_TRANSLATIONS[p] || capitalize(p)).join(" ");
+        return `${base} ID`.trim();
+    }
+
+    return parts
+        .map((p) => TOKEN_TRANSLATIONS[p] || capitalize(p))
+        .join(" ")
+        .replace(/\s+/g, " ")
+        .trim();
+}
+
+export function getDiffLabel(key: string): string {
+    return diffTranslations[key]?.label || fallbackLabelFromKey(key);
+}
+
 export const diffTranslations: Record<
     string,
     { label: string; resolve?: ValueResolver }
@@ -44,7 +187,7 @@ export const diffTranslations: Record<
         }),
     },
     resources: {
-        label: "Resourcen",
+        label: "Ressourcen",
         resolve: (o, n) => ({
             oldVal: Array.isArray(o) ? o.map((i: any) => i.title).join(", ") : "-",
             newVal: Array.isArray(n) ? n.map((i: any) => i.title).join(", ") : "-",
@@ -74,6 +217,7 @@ export const diffTranslations: Record<
     web: { label: "Webseite" },
     email: { label: "E-Mail" },
     tel: { label: "Telefon" },
+    mobileTel: { label: "Mobilnummer" },
     ustid: { label: "USt-ID" },
     role: { label: "Rolle" },
     phoneHome: { label: "Festnetz" },
@@ -86,10 +230,18 @@ export const diffTranslations: Record<
     approved: { label: "Genehmigt" },
     manufacturer: { label: "Hersteller" },
     purchasePrice: { label: "Kaufpreis" },
+    markupPercentage: { label: "Verkaufsaufschlag in %" },
+    markup_percentage: { label: "Verkaufsaufschlag in %" },
+    sellingPrice: { label: "Verkaufspreis" },
+    selling_price: { label: "Verkaufspreis" },
+    sellingPriceComposed: { label: "Verkaufspreis Zusammensetzung" },
     purchaseDate: { label: "Kaufdatum" },
     serialNumber: { label: "Seriennummer" },
+    customerInventoryId: { label: "Kundeninventar-ID" },
+    customerinventoryitems: { label: "Kundeninventar" },
     usePlanning: { label: "In Plantafel verwenden" },
     currentSpace: { label: "Lagerplatz" },
+    customerspace: { label: "Kundenlagerplatz" },
 
     customer: {
         label: "Kunde",
@@ -108,6 +260,7 @@ export const diffTranslations: Record<
 
     description: { label: "Beschreibung" },
     categorie: { label: "Kategorie" },
+    category: { label: "Kategorie" },
 
     profile: {
         label: "Mitarbeiter",
@@ -147,6 +300,8 @@ export const diffTranslations: Record<
     },
 
     projecttype: { label: "Projekttyp" },
+    contracttype: { label: "Vertragstyp" },
+    billingInterval: { label: "Abrechnungsintervall" },
 
     fixed: {
         label: "Festgeschrieben",

backend/src/utils/documentText.ts

@@ -0,0 +1,315 @@
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import zlib from "node:zlib";
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
+import { FastifyInstance } from "fastify";
+import { eq } from "drizzle-orm";
+import { files } from "../../db/schema";
+
+const execFileAsync = promisify(execFile);
+
+type ExtractionMethod = "text" | "ocr" | "none";
+
+type ExtractedDocumentText = {
+    text: string | null;
+    method: ExtractionMethod;
+};
+
+function normalizeExtractedText(text: string) {
+    return text
+        .replace(/\u0000/g, "")
+        .replace(/\r/g, "\n")
+        .replace(/[ \t]+\n/g, "\n")
+        .replace(/\n{3,}/g, "\n\n")
+        .trim();
+}
+
+function decodePdfString(raw: string) {
+    let out = "";
+
+    for (let i = 0; i < raw.length; i += 1) {
+        const ch = raw[i];
+
+        if (ch !== "\\") {
+            out += ch;
+            continue;
+        }
+
+        const next = raw[i + 1];
+        if (!next) break;
+
+        if (next === "n") {
+            out += "\n";
+            i += 1;
+            continue;
+        }
+
+        if (next === "r") {
+            out += "\r";
+            i += 1;
+            continue;
+        }
+
+        if (next === "t") {
+            out += "\t";
+            i += 1;
+            continue;
+        }
+
+        if (next === "b") {
+            out += "\b";
+            i += 1;
+            continue;
+        }
+
+        if (next === "f") {
+            out += "\f";
+            i += 1;
+            continue;
+        }
+
+        if (next === "(" || next === ")" || next === "\\") {
+            out += next;
+            i += 1;
+            continue;
+        }
+
+        if (/[0-7]/.test(next)) {
+            let oct = next;
+            let advance = 1;
+
+            for (let j = 2; j <= 3; j += 1) {
+                const c = raw[i + j];
+                if (!c || !/[0-7]/.test(c)) break;
+                oct += c;
+                advance += 1;
+            }
+
+            out += String.fromCharCode(parseInt(oct, 8));
+            i += advance;
+            continue;
+        }
+
+        out += next;
+        i += 1;
+    }
+
+    return out;
+}
+
+function extractTextFromTjOperator(segment: string) {
+    const parts = segment.match(/\((?:\\.|[^\\)])*\)/g);
+    if (!parts) return "";
+
+    return parts
+        .map((part) => decodePdfString(part.slice(1, -1)))
+        .join("");
+}
+
+function extractTextStreamsFromPdf(pdfBuffer: Buffer) {
+    const pdfLatin = pdfBuffer.toString("latin1");
+    const texts: string[] = [];
+
+    let cursor = 0;
+    while (true) {
+        const streamPos = pdfLatin.indexOf("stream", cursor);
+        if (streamPos < 0) break;
+
+        let dataStart = streamPos + 6;
+        if (pdfLatin[dataStart] === "\r" && pdfLatin[dataStart + 1] === "\n") {
+            dataStart += 2;
+        } else if (pdfLatin[dataStart] === "\n") {
+            dataStart += 1;
+        }
+
+        const streamEnd = pdfLatin.indexOf("endstream", dataStart);
+        if (streamEnd < 0) break;
+
+        const sliceEnd = streamEnd > dataStart && pdfBuffer[streamEnd - 1] === 0x0d
+            ? streamEnd - 1
+            : streamEnd;
+
+        const compressed = pdfBuffer.subarray(dataStart, sliceEnd);
+
+        try {
+            texts.push(zlib.inflateSync(compressed).toString("latin1"));
+        } catch {
+            // Ignore non-Flate streams.
+        }
+
+        cursor = streamEnd + 9;
+    }
+
+    return texts;
+}
+
+function extractTextFromPdfBufferFallback(pdfBuffer: Buffer) {
+    const streams = extractTextStreamsFromPdf(pdfBuffer);
+    const extracted: string[] = [];
+
+    for (const stream of streams) {
+        const operators = stream.match(/\[(?:.|\r|\n)*?\]TJ|\((?:\\.|[^\\)])*\)Tj/g);
+        if (!operators) continue;
+
+        for (const operator of operators) {
+            const text = extractTextFromTjOperator(operator)
+                .replace(/[ \t]+/g, " ")
+                .trim();
+
+            if (text) {
+                extracted.push(text);
+            }
+        }
+    }
+
+    return normalizeExtractedText(extracted.join("\n"));
+}
+
+async function runCommand(command: string, args: string[]) {
+    try {
+        return await execFileAsync(command, args, { maxBuffer: 50 * 1024 * 1024 });
+    } catch (err: any) {
+        if (err?.code === "ENOENT") {
+            return null;
+        }
+
+        throw err;
+    }
+}
+
+async function extractPdfTextWithPoppler(pdfPath: string) {
+    const result = await runCommand("pdftotext", ["-layout", "-enc", "UTF-8", pdfPath, "-"]);
+    if (!result) return null;
+    return normalizeExtractedText(result.stdout);
+}
+
+async function renderPdfPagesToPng(pdfPath: string, outputDir: string) {
+    const pdftoppmResult = await runCommand("pdftoppm", ["-png", "-r", "200", pdfPath, path.join(outputDir, "page")]);
+    if (pdftoppmResult) {
+        return (await fs.readdir(outputDir))
+            .filter((file) => /^page-\d+\.png$/.test(file))
+            .sort((a, b) => a.localeCompare(b, undefined, { numeric: true }))
+            .map((file) => path.join(outputDir, file));
+    }
+
+    const qlmanageResult = await runCommand("qlmanage", ["-t", "-s", "2000", "-o", outputDir, pdfPath]);
+    if (!qlmanageResult) return null;
+
+    const quickLookFile = path.join(outputDir, `${path.basename(pdfPath)}.png`);
+
+    try {
+        await fs.access(quickLookFile);
+        return [quickLookFile];
+    } catch {
+        return null;
+    }
+}
+
+async function getAvailableTesseractLanguages() {
+    const result = await runCommand("tesseract", ["--list-langs"]);
+    if (!result) return [];
+
+    return result.stdout
+        .split("\n")
+        .map((line) => line.trim())
+        .filter((line) => line && !line.startsWith("List of available languages"));
+}
+
+async function runOcrForPdf(pdfPath: string) {
+    const tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "fedeo-ocr-"));
+
+    try {
+        const pagePaths = await renderPdfPagesToPng(pdfPath, tmpDir);
+        if (!pagePaths?.length) return null;
+
+        const texts: string[] = [];
+        const configuredLanguages = (process.env.TESSERACT_LANGS || "deu+eng")
+            .split("+")
+            .map((lang) => lang.trim())
+            .filter(Boolean);
+        const availableLanguages = await getAvailableTesseractLanguages();
+        const selectedLanguages = configuredLanguages.filter((lang) => availableLanguages.includes(lang));
+        const languages = selectedLanguages.length ? selectedLanguages.join("+") : "eng";
+
+        for (const pagePath of pagePaths) {
+            const result = await runCommand("tesseract", [
+                pagePath,
+                "stdout",
+                "-l",
+                languages,
+            ]);
+
+            if (!result) return null;
+            const pageText = normalizeExtractedText(result.stdout);
+            if (pageText) texts.push(pageText);
+        }
+
+        return normalizeExtractedText(texts.join("\n\n"));
+    } finally {
+        await fs.rm(tmpDir, { recursive: true, force: true });
+    }
+}
+
+export async function extractDocumentText(
+    fileBuffer: Buffer,
+    mimeType?: string | null,
+    fileName?: string | null
+): Promise<ExtractedDocumentText> {
+    const normalizedMimeType = mimeType?.toLowerCase() || "";
+    const normalizedFileName = fileName?.toLowerCase() || "";
+    const isPdf = normalizedMimeType === "application/pdf" || normalizedFileName.endsWith(".pdf");
+
+    if (normalizedMimeType.startsWith("text/")) {
+        const text = normalizeExtractedText(fileBuffer.toString("utf-8"));
+        return { text: text || null, method: text ? "text" : "none" };
+    }
+
+    if (!isPdf) {
+        return { text: null, method: "none" };
+    }
+
+    const tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "fedeo-pdf-"));
+    const pdfPath = path.join(tmpDir, fileName || "document.pdf");
+
+    try {
+        await fs.writeFile(pdfPath, fileBuffer);
+
+        const cliText = await extractPdfTextWithPoppler(pdfPath);
+        if (cliText) {
+            return { text: cliText, method: "text" };
+        }
+
+        const ocrText = await runOcrForPdf(pdfPath);
+        if (ocrText) {
+            return { text: ocrText, method: "ocr" };
+        }
+
+        const fallbackText = extractTextFromPdfBufferFallback(fileBuffer);
+        if (fallbackText) {
+            return { text: fallbackText, method: "text" };
+        }
+
+        return { text: null, method: "none" };
+    } finally {
+        await fs.rm(tmpDir, { recursive: true, force: true });
+    }
+}
+
+export async function storeExtractedTextForFile(
+    server: FastifyInstance,
+    fileId: string,
+    fileBuffer: Buffer,
+    mimeType?: string | null,
+    fileName?: string | null
+) {
+    const result = await extractDocumentText(fileBuffer, mimeType, fileName);
+
+    await server.db
+        .update(files)
+        .set({ extractedText: result.text })
+        .where(eq(files.id, fileId));
+
+    return result;
+}

backend/src/utils/filename.ts

@@ -0,0 +1,53 @@
+const UMLAUT_REPLACEMENTS: Record<string, string> = {
+    Ae: "Ae",
+    Oe: "Oe",
+    Ue: "Ue",
+    ae: "ae",
+    oe: "oe",
+    ue: "ue",
+    ss: "ss",
+    Ä: "Ae",
+    Ö: "Oe",
+    Ü: "Ue",
+    ä: "ae",
+    ö: "oe",
+    ü: "ue",
+    ß: "ss"
+}
+
+function replaceGermanCharacters(value: string) {
+    return value.replace(/[ÄÖÜäöüß]/g, (char) => UMLAUT_REPLACEMENTS[char] || char)
+}
+
+function sanitizeFileNamePart(value: string) {
+    return value
+        .normalize("NFKD")
+        .replace(/[\u0300-\u036f]/g, "")
+        .replace(/[^A-Za-z0-9._-]+/g, "-")
+        .replace(/-+/g, "-")
+        .replace(/[._-]{2,}/g, (match) => match[0])
+        .replace(/^[._-]+|[._-]+$/g, "")
+}
+
+export function sanitizeFilename(filename?: string | null, fallback = "file") {
+    const rawName = (filename || "").trim()
+
+    if (!rawName) {
+        return fallback
+    }
+
+    const normalized = replaceGermanCharacters(rawName)
+        .replace(/[\u0000-\u001f\u007f]/g, "")
+        .replace(/[\\/]/g, "-")
+
+    const lastDotIndex = normalized.lastIndexOf(".")
+    const hasExtension = lastDotIndex > 0 && lastDotIndex < normalized.length - 1
+
+    const basename = hasExtension ? normalized.slice(0, lastDotIndex) : normalized
+    const extension = hasExtension ? normalized.slice(lastDotIndex + 1) : ""
+
+    const safeBasename = sanitizeFileNamePart(basename) || fallback
+    const safeExtension = extension ? sanitizeFileNamePart(extension).toLowerCase() : ""
+
+    return safeExtension ? `${safeBasename}.${safeExtension}` : safeBasename
+}

backend/src/utils/files.ts

@@ -6,6 +6,8 @@ import { secrets } from "./secrets"
 import { files } from "../../db/schema"
 import { eq } from "drizzle-orm"
 import { FastifyInstance } from "fastify"
+import { storeExtractedTextForFile } from "./documentText"
+import { sanitizeFilename } from "./filename"
 
 export const saveFile = async (
     server: FastifyInstance,
@@ -17,6 +19,13 @@ export const saveFile = async (
     other: Record<string, any> = {}
 ) => {
     try {
+        const {
+            filename: providedFilename,
+            filesize: _providedFilesize,
+            mimeType: providedMimeType,
+            ...dbFields
+        } = other
+
         // ---------------------------------------------------
         // 1️⃣ FILE ENTRY ANLEGEN
         // ---------------------------------------------------
@@ -26,7 +35,7 @@ export const saveFile = async (
                 tenant,
                 folder,
                 type,
-                ...other
+                ...dbFields
             })
             .returning()
 
@@ -38,13 +47,16 @@ export const saveFile = async (
 
         // Name ermitteln (Fallback Logik)
         // Wenn attachment ein Buffer ist, muss der Name in 'other' stehen oder generiert werden
-        const filename = attachment.filename || other.filename || `${created.id}.pdf`
+        const filename = sanitizeFilename(
+            attachment.filename || providedFilename || `${created.id}.pdf`,
+            `${created.id}.pdf`
+        )
 
         // ---------------------------------------------------
         // 2️⃣ BODY & CONTENT TYPE ERMITTELN
         // ---------------------------------------------------
         let body: Buffer | Uint8Array | string
-        let contentType = type || "application/octet-stream"
+        let contentType = providedMimeType || "application/octet-stream"
 
         if (Buffer.isBuffer(attachment)) {
             // FALL 1: RAW BUFFER (von finishManualGeneration)
@@ -83,13 +95,26 @@ export const saveFile = async (
         // ---------------------------------------------------
         await server.db
             .update(files)
-            .set({ path: key })
+            .set({
+                path: key,
+                mimeType: contentType,
+                name: filename,
+                size: body.length
+            })
             .where(eq(files.id, created.id))
 
+        await storeExtractedTextForFile(
+            server,
+            created.id,
+            Buffer.isBuffer(body) ? body : Buffer.from(body),
+            contentType,
+            filename
+        )
+
         console.log(`File saved: ${key}`)
-        return { id: created.id, key }
+        return { id: created.id, key, filename }
     } catch (err) {
         console.error("saveFile error:", err)
         return null
     }
-}
+}

backend/src/utils/functions.ts

@@ -1,11 +1,8 @@
-import {FastifyInstance} from "fastify";
+import { FastifyInstance } from "fastify"
-// import { PNG } from 'pngjs'
+import { PNG } from "pngjs"
-// import { ready as zplReady } from 'zpl-renderer-js'
+import { Utils } from "@mmote/niimbluelib"
-// import { Utils } from '@mmote/niimbluelib'
+import bwipjs from "bwip-js"
-// import { createCanvas } from 'canvas'
+import Sharp from "sharp"
-// import bwipjs from 'bwip-js'
-// import Sharp from 'sharp'
-// import fs from 'fs'
 
 import { tenants } from "../../db/schema"
 import { eq } from "drizzle-orm"
@@ -15,7 +12,6 @@ export const useNextNumberRangeNumber = async (
     tenantId: number,
     numberRange: string
 ) => {
-    // 1️⃣ Tenant laden
     const [tenant] = await server.db
         .select()
         .from(tenants)
@@ -33,23 +29,20 @@ export const useNextNumberRangeNumber = async (
 
     const current = numberRanges[numberRange]
 
-    // 2️⃣ Used Number generieren
     const usedNumber =
         (current.prefix || "") +
         current.nextNumber +
         (current.suffix || "")
 
-    // 3️⃣ nextNumber erhöhen
     const updatedRanges = {
         // @ts-ignore
         ...numberRanges,
         [numberRange]: {
             ...current,
-            nextNumber: current.nextNumber + 1
+            nextNumber: current.nextNumber + 1,
-        }
+        },
     }
 
-    // 4️⃣ Tenant aktualisieren
     await server.db
         .update(tenants)
         .set({ numberRanges: updatedRanges })
@@ -58,24 +51,17 @@ export const useNextNumberRangeNumber = async (
     return { usedNumber }
 }
 
-
+export async function encodeBase64ToNiimbot(base64Png: string, printDirection: "top" | "left" = "top") {
-/*
+    const buffer = Buffer.from(base64Png, "base64")
-export async function encodeBase64ToNiimbot(base64Png, printDirection = 'top') {
+    const png = PNG.sync.read(buffer)
-    // 1️⃣ PNG dekodieren
-    const buffer = Buffer.from(base64Png, 'base64')
-    const png = PNG.sync.read(buffer) // liefert {width, height, data: Uint8Array(RGBA)}
 
     const { width, height, data } = png
-    console.log(width, height, data)
+    const cols = printDirection === "left" ? height : width
-    const cols = printDirection === 'left' ? height : width
+    const rows = printDirection === "left" ? width : height
-    const rows = printDirection === 'left' ? width : height
+    const rowsData: any[] = []
-    const rowsData = []
 
-    console.log(cols)
+    if (cols % 8 !== 0) throw new Error("Column count must be multiple of 8")
 
-    if (cols % 8 !== 0) throw new Error('Column count must be multiple of 8')
-
-    // 2️⃣ Zeilenweise durchgehen und Bits bilden
     for (let row = 0; row < rows; row++) {
         let isVoid = true
         let blackPixelsCount = 0
@@ -84,8 +70,8 @@ export async function encodeBase64ToNiimbot(base64Png, printDirection = 'top') {
         for (let colOct = 0; colOct < cols / 8; colOct++) {
             let pixelsOctet = 0
             for (let colBit = 0; colBit < 8; colBit++) {
-                const x = printDirection === 'left' ? row : colOct * 8 + colBit
+                const x = printDirection === "left" ? row : colOct * 8 + colBit
-                const y = printDirection === 'left' ? height - 1 - (colOct * 8 + colBit) : row
+                const y = printDirection === "left" ? height - 1 - (colOct * 8 + colBit) : row
                 const idx = (y * width + x) * 4
                 const lum = 0.299 * data[idx] + 0.587 * data[idx + 1] + 0.114 * data[idx + 2]
                 const isBlack = lum < 128
@@ -99,7 +85,7 @@ export async function encodeBase64ToNiimbot(base64Png, printDirection = 'top') {
         }
 
         const newPart = {
-            dataType: isVoid ? 'void' : 'pixels',
+            dataType: isVoid ? "void" : "pixels",
             rowNumber: row,
             repeat: 1,
             rowData: isVoid ? undefined : rowData,
@@ -111,14 +97,15 @@ export async function encodeBase64ToNiimbot(base64Png, printDirection = 'top') {
         } else {
             const last = rowsData[rowsData.length - 1]
             let same = newPart.dataType === last.dataType
-            if (same && newPart.dataType === 'pixels') {
+            if (same && newPart.dataType === "pixels") {
                 same = Utils.u8ArraysEqual(newPart.rowData, last.rowData)
             }
             if (same) last.repeat++
             else rowsData.push(newPart)
+
             if (row % 200 === 199) {
                 rowsData.push({
-                    dataType: 'check',
+                    dataType: "check",
                     rowNumber: row,
                     repeat: 0,
                     rowData: undefined,
@@ -131,44 +118,69 @@ export async function encodeBase64ToNiimbot(base64Png, printDirection = 'top') {
     return { cols, rows, rowsData }
 }
 
-export async function generateLabel(context,width,height) {
+function escapeXml(value: string) {
-    // Canvas für Hintergrund & Text
+    return String(value)
-    const canvas = createCanvas(width, height)
+        .replace(/&/g, "&amp;")
-    const ctx = canvas.getContext('2d')
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/\"/g, "&quot;")
+        .replace(/'/g, "&apos;")
+}
 
-    // Hintergrund weiß
+export async function generateLabel(context: any = {}, width = 584, height = 354) {
-    ctx.fillStyle = '#FFFFFF'
+    const normalizedWidth = Math.ceil(Number(width) / 8) * 8
-    ctx.fillRect(0, 0, width, height)
+    const normalizedHeight = Math.max(1, Number(height) || 203)
 
-    // Überschrift
+    const idFont = Math.max(24, Math.round(normalizedHeight * 0.125))
-    ctx.fillStyle = '#000000'
+    const nameFont = Math.max(17, Math.round(normalizedHeight * 0.078))
-    ctx.font = '32px Arial'
+    const customerFont = Math.max(14, Math.round(normalizedHeight * 0.06))
-    ctx.fillText(context.text, 20, 40)
+    const serialFont = Math.max(12, Math.round(normalizedHeight * 0.052))
+
+    const labelId = context.customerInventoryId || context.datamatrix || context.id || "N/A"
+    const labelName = context.name || context.text || "Kundeninventarartikel"
+    const customerName = context.customerName || ""
+    const serial = context.serialNumber ? `SN: ${context.serialNumber}` : ""
+    const nameLine1 = String(labelName).slice(0, 30)
+    const nameLine2 = String(labelName).slice(30, 60)
 
-    // 3) DataMatrix
     const dataMatrixPng = await bwipjs.toBuffer({
-        bcid:  'datamatrix',
+        bcid: "datamatrix",
-        text:  context.datamatrix,
+        text: String(labelId),
-        scale: 6,
+        scale: normalizedWidth >= 560 ? 7 : 5,
+        includetext: false,
     })
+    const dataMatrixMeta = await Sharp(dataMatrixPng).metadata()
+    const dataMatrixWidth = dataMatrixMeta.width || 0
+    const dataMatrixHeight = dataMatrixMeta.height || 0
+    const dmLeft = Math.max(8, normalizedWidth - dataMatrixWidth - 28)
+    const dmTop = Math.max(8, Math.floor((normalizedHeight - dataMatrixHeight) / 2))
+    const textMaxWidth = Math.max(120, dmLeft - 20)
 
-    // Basisbild aus Canvas
+    const textSvg = `
-    const base = await Sharp(canvas.toBuffer())
+<svg width="${normalizedWidth}" height="${normalizedHeight}" xmlns="http://www.w3.org/2000/svg">
-        .png()
+  <rect width="100%" height="100%" fill="white"/>
-        .toBuffer()
+  <text x="12" y="${Math.round(normalizedHeight * 0.15)}" font-size="${idFont}" font-family="Arial, Helvetica, sans-serif" font-weight="700" fill="black">${escapeXml(String(labelId).slice(0, 26))}</text>
+  <text x="12" y="${Math.round(normalizedHeight * 0.29)}" font-size="${nameFont}" font-family="Arial, Helvetica, sans-serif" fill="black">${escapeXml(nameLine1)}</text>
+  <text x="12" y="${Math.round(normalizedHeight * 0.37)}" font-size="${nameFont}" font-family="Arial, Helvetica, sans-serif" fill="black">${escapeXml(nameLine2)}</text>
+  <text x="12" y="${Math.round(normalizedHeight * 0.49)}" font-size="${customerFont}" font-family="Arial, Helvetica, sans-serif" fill="black">${escapeXml(String(customerName).slice(0, 40))}</text>
+  <text x="12" y="${Math.round(normalizedHeight * 0.58)}" font-size="${serialFont}" font-family="Arial, Helvetica, sans-serif" fill="black">${escapeXml(String(serial).slice(0, 42))}</text>
+  <rect x="0" y="0" width="${textMaxWidth}" height="${normalizedHeight}" fill="none"/>
+</svg>`.trim()
 
-    // Alles zusammen compositen
+    const final = await Sharp({
-    const final = await Sharp(base)
+        create: {
+            width: normalizedWidth,
+            height: normalizedHeight,
+            channels: 3,
+            background: { r: 255, g: 255, b: 255 },
+        },
+    })
         .composite([
-            { input: dataMatrixPng, top: 60, left: 20 },
+            { input: Buffer.from(textSvg), top: 0, left: 0 },
+            { input: dataMatrixPng, top: dmTop, left: dmLeft },
         ])
         .png()
         .toBuffer()
 
-    fs.writeFileSync('label.png', final)
+    return final.toString("base64")
-
+}
-    // Optional: Base64 zurückgeben (z.B. für API)
-    const base64 = final.toString('base64')
-
-    return base64
-}*/

backend/src/utils/gpt.ts

@@ -1,21 +1,23 @@
 import dayjs from "dayjs";
-import axios from "axios";
 import OpenAI from "openai";
 import { z } from "zod";
 import { zodResponseFormat } from "openai/helpers/zod";
 import { GetObjectCommand } from "@aws-sdk/client-s3";
-import { Blob } from "buffer";
 import { FastifyInstance } from "fastify";
 
 import { s3 } from "./s3";
 import { secrets } from "./secrets";
+import { storeExtractedTextForFile } from "./documentText";
 
 // Drizzle schema
-import { vendors, accounts } from "../../db/schema";
+import { vendors, accounts, tenants } from "../../db/schema";
 import {eq} from "drizzle-orm";
 
 let openai: OpenAI | null = null;
 
+const nullableString = z.string().trim().nullable();
+const nullableNumber = z.number().nullable();
+
 // ---------------------------------------------------------
 // INITIALIZE OPENAI
 // ---------------------------------------------------------
@@ -41,48 +43,48 @@ async function streamToBuffer(stream: any): Promise<Buffer> {
 // GPT RESPONSE FORMAT (Zod Schema)
 // ---------------------------------------------------------
 const InstructionFormat = z.object({
-    invoice_number: z.string(),
+    invoice_number: nullableString,
-    invoice_date: z.string(),
+    invoice_date: nullableString,
-    invoice_duedate: z.string(),
+    invoice_duedate: nullableString,
-    invoice_type: z.string(),
+    invoice_type: nullableString,
-    delivery_type: z.string(),
+    delivery_type: nullableString,
-    delivery_note_number: z.string(),
+    delivery_note_number: nullableString,
-    reference: z.string(),
+    reference: nullableString,
     issuer: z.object({
-        id: z.number().nullable().optional(),
+        id: nullableNumber.optional(),
-        name: z.string(),
+        name: nullableString,
-        address: z.string(),
+        address: nullableString,
-        phone: z.string(),
+        phone: nullableString,
-        email: z.string(),
+        email: nullableString,
-        bank: z.string(),
+        bank: nullableString,
-        bic: z.string(),
+        bic: nullableString,
-        iban: z.string(),
+        iban: nullableString,
     }),
     recipient: z.object({
-        name: z.string(),
+        name: nullableString,
-        address: z.string(),
+        address: nullableString,
-        phone: z.string(),
+        phone: nullableString,
-        email: z.string(),
+        email: nullableString,
     }),
     invoice_items: z.array(
         z.object({
-            description: z.string(),
+            description: nullableString,
-            unit: z.string(),
+            unit: nullableString,
-            quantity: z.number(),
+            quantity: nullableNumber,
-            total: z.number(),
+            total: nullableNumber,
-            total_without_tax: z.number(),
+            total_without_tax: nullableNumber,
-            tax_rate: z.number(),
+            tax_rate: nullableNumber,
-            ean: z.number().nullable().optional(),
+            ean: nullableNumber.optional(),
-            article_number: z.number().nullable().optional(),
+            article_number: nullableNumber.optional(),
-            account_number: z.number().nullable().optional(),
+            account_number: nullableNumber.optional(),
-            account_id: z.number().nullable().optional(),
+            account_id: nullableNumber.optional(),
         })
     ),
-    subtotal: z.number(),
+    subtotal: nullableNumber,
-    tax_rate: z.number(),
+    tax_rate: nullableNumber,
-    tax: z.number(),
+    tax: nullableNumber,
-    total: z.number(),
+    total: nullableNumber,
-    terms: z.string(),
+    terms: nullableString,
 });
 
 // ---------------------------------------------------------
@@ -91,8 +93,7 @@ const InstructionFormat = z.object({
 export const getInvoiceDataFromGPT = async function (
     server: FastifyInstance,
     file: any,
-    tenantId: number,
+    tenantId: number
-    learningContext?: string
 ) {
     await initOpenAi();
 
@@ -126,32 +127,27 @@ export const getInvoiceDataFromGPT = async function (
         return null;
     }
 
-    const fileBlob = new Blob([fileData], { type: "application/pdf" });
+    let extractedText = file.extractedText;
 
-    // ---------------------------------------------------------
+    if (!extractedText?.trim()) {
-    // 2) SEND FILE TO PDF → TEXT API
+        try {
-    // ---------------------------------------------------------
+            const result = await storeExtractedTextForFile(
-    const form = new FormData();
+                server,
-    form.append("fileInput", fileBlob, file.path.split("/").pop());
+                file.id,
-    form.append("outputFormat", "txt");
+                fileData,
+                file.mimeType,
+                file.name || file.path?.split("/").pop()
+            );
+            extractedText = result.text;
+            server.log.info(`Invoice text extraction for file ${file.id} used method: ${result.method}`)
+        } catch (err) {
+            console.log("❌ Local PDF text extraction failed", err);
+            return null;
+        }
+    }
 
-    let extractedText: string;
+    if (!extractedText?.trim()) {
-
+        server.log.warn(`No extractable PDF text found for file ${file.id}. Scanned PDFs require OCR.`);
-    try {
-        const res = await axios.post(
-            "http://23.88.52.85:8080/api/v1/convert/pdf/text",
-            form,
-            {
-                headers: {
-                    "Content-Type": "multipart/form-data",
-                    Authorization: `Bearer ${secrets.STIRLING_API_KEY}`,
-                },
-            }
-        );
-
-        extractedText = res.data;
-    } catch (err) {
-        console.log("❌ PDF OCR API failed", err);
         return null;
     }
 
@@ -163,13 +159,22 @@ export const getInvoiceDataFromGPT = async function (
         .from(vendors)
         .where(eq(vendors.tenant,tenantId));
 
+    const [tenant] = await server.db
+        .select({ accountChart: tenants.accountChart })
+        .from(tenants)
+        .where(eq(tenants.id, tenantId))
+        .limit(1)
+
+    const activeAccountChart = tenant?.accountChart || "skr03"
+
     const accountList = await server.db
         .select({
             id: accounts.id,
             label: accounts.label,
             number: accounts.number,
         })
-        .from(accounts);
+        .from(accounts)
+        .where(eq(accounts.accountChart, activeAccountChart));
 
     // ---------------------------------------------------------
     // 4) GPT ANALYSIS
@@ -189,13 +194,16 @@ export const getInvoiceDataFromGPT = async function (
                     "You extract structured invoice data.\n\n" +
                     `VENDORS: ${JSON.stringify(vendorList)}\n` +
                     `ACCOUNTS: ${JSON.stringify(accountList)}\n\n` +
-                    (learningContext
+                    "Use only values that are explicitly present in the invoice text.\n" +
-                        ? `HISTORICAL_PATTERNS: ${learningContext}\n\n`
+                    "If a field is missing or unclear, return null. If line items are missing or unclear, return an empty array.\n" +
-                        : "") +
+                    "Do not guess invoice numbers, dates, totals, payment terms, bank data, or references.\n" +
+                    "Do not derive values from vendor defaults or likely patterns.\n" +
+                    "Only set issuer.id when the issuer name clearly matches a vendor name from VENDORS.\n" +
+                    "Only set account_id when the invoice line clearly matches an account label or number from ACCOUNTS.\n" +
+                    "If multiple accounts are plausible, set account_id to null.\n" +
+                    "Do not merge summary totals into fabricated invoice_items.\n" +
                     "Match issuer by name to vendor.id.\n" +
                     "Match invoice items to account id based on label/number.\n" +
-                    "Use historical patterns as soft hints for vendor/account/payment mapping.\n" +
-                    "Do not invent values when the invoice text contradicts the hints.\n" +
                     "Convert dates to YYYY-MM-DD.\n" +
                     "Keep invoice items in original order.\n",
             },

backend/src/utils/handlebars.ts

@@ -0,0 +1,26 @@
+import Handlebars from "handlebars";
+
+const createDocumentTemplateHandlebars = () => {
+    const instance = Handlebars.create();
+
+    instance.registerHelper("eq", (left, right) => left === right);
+    instance.registerHelper("ne", (left, right) => left !== right);
+    instance.registerHelper("gt", (left, right) => left > right);
+    instance.registerHelper("gte", (left, right) => left >= right);
+    instance.registerHelper("lt", (left, right) => left < right);
+    instance.registerHelper("lte", (left, right) => left <= right);
+    instance.registerHelper("and", (...args) => args.slice(0, -1).every(Boolean));
+    instance.registerHelper("or", (...args) => args.slice(0, -1).some(Boolean));
+    instance.registerHelper("not", (value) => !value);
+    instance.registerHelper("includes", (collection, value) => {
+        if (Array.isArray(collection) || typeof collection === "string") {
+            return collection.includes(value);
+        }
+
+        return false;
+    });
+
+    return instance;
+};
+
+export const documentTemplateHandlebars = createDocumentTemplateHandlebars();

backend/src/utils/history.ts

@@ -1,6 +1,43 @@
 import { FastifyInstance } from "fastify"
 import { historyitems } from "../../db/schema";
 
+const HISTORY_ENTITY_LABELS: Record<string, string> = {
+    customers: "Kunden",
+    members: "Mitglieder",
+    vendors: "Lieferanten",
+    projects: "Projekte",
+    plants: "Objekte",
+    contacts: "Kontakte",
+    inventoryitems: "Inventarartikel",
+    customerinventoryitems: "Kundeninventar",
+    products: "Artikel",
+    profiles: "Mitarbeiter",
+    absencerequests: "Abwesenheiten",
+    events: "Termine",
+    tasks: "Aufgaben",
+    vehicles: "Fahrzeuge",
+    costcentres: "Kostenstellen",
+    ownaccounts: "zusätzliche Buchungskonten",
+    documentboxes: "Dokumentenboxen",
+    hourrates: "Stundensätze",
+    services: "Leistungen",
+    roles: "Rollen",
+    checks: "Überprüfungen",
+    spaces: "Lagerplätze",
+    customerspaces: "Kundenlagerplätze",
+    trackingtrips: "Fahrten",
+    createddocuments: "Dokumente",
+    inventoryitemgroups: "Inventarartikelgruppen",
+    bankstatements: "Buchungen",
+    incominginvoices: "Eingangsrechnungen",
+    files: "Dateien",
+    memberrelations: "Mitgliedsverhältnisse",
+}
+
+export function getHistoryEntityLabel(entity: string) {
+    return HISTORY_ENTITY_LABELS[entity] || entity
+}
+
 export async function insertHistoryItem(
     server: FastifyInstance,
     params: {
@@ -14,15 +51,18 @@ export async function insertHistoryItem(
         text?: string
     }
 ) {
+    const entityLabel = getHistoryEntityLabel(params.entity)
     const textMap = {
-        created: `Neuer Eintrag in ${params.entity} erstellt`,
+        created: `Neuer Eintrag in ${entityLabel} erstellt`,
-        updated: `Eintrag in ${params.entity} geändert`,
+        updated: `Eintrag in ${entityLabel} geändert`,
-        archived: `Eintrag in ${params.entity} archiviert`,
+        unchanged: `Eintrag in ${entityLabel} unverändert`,
-        deleted: `Eintrag in ${params.entity} gelöscht`
+        archived: `Eintrag in ${entityLabel} archiviert`,
+        deleted: `Eintrag in ${entityLabel} gelöscht`
     }
 
     const columnMap: Record<string, string> = {
         customers: "customer",
+        members: "customer",
         vendors: "vendor",
         projects: "project",
         plants: "plant",
@@ -42,10 +82,15 @@ export async function insertHistoryItem(
         roles: "role",
         checks: "check",
         spaces: "space",
+        customerspaces: "customerspace",
+        customerinventoryitems: "customerinventoryitem",
         trackingtrips: "trackingtrip",
         createddocuments: "createddocument",
         inventoryitemgroups: "inventoryitemgroup",
-        bankstatements: "bankstatement"
+        bankstatements: "bankstatement",
+        incominginvoices: "incomingInvoice",
+        files: "file",
+        memberrelations: "memberrelation",
     }
 
     const fkColumn = columnMap[params.entity]
@@ -54,14 +99,19 @@ export async function insertHistoryItem(
         return
     }
 
+    const stringifyHistoryValue = (value: any) => {
+        if (value === undefined || value === null) return null
+        return typeof value === "string" ? value : JSON.stringify(value)
+    }
+
     const entry = {
         tenant: params.tenant_id,
-        created_by: params.created_by,
+        createdBy: params.created_by,
         text: params.text || textMap[params.action],
         action: params.action,
         [fkColumn]: params.entityId,
-        oldVal: params.oldVal ? JSON.stringify(params.oldVal) : null,
+        oldVal: stringifyHistoryValue(params.oldVal),
-        newVal: params.newVal ? JSON.stringify(params.newVal) : null
+        newVal: stringifyHistoryValue(params.newVal)
     }
 
     await server.db.insert(historyitems).values(entry as any)

backend/src/utils/resource.config.ts

@@ -1,12 +1,18 @@
 import {
     accounts,
+    authProfiles,
     bankaccounts,
     bankrequisitions,
     bankstatements,
+    entitybankaccounts,
+    events,
     contacts,
     contracts,
+    contracttypes,
     costcentres,
     createddocuments,
+    customerinventoryitems,
+    customerspaces,
     customers,
     files,
     filetags,
@@ -16,6 +22,7 @@ import {
     inventoryitemgroups,
     inventoryitems,
     letterheads,
+    memberrelations,
     ownaccounts,
     plants,
     productcategories,
@@ -43,10 +50,21 @@ export const resourceConfig = {
         numberRangeHolder: "projectNumber"
     },
     customers: {
-        searchColumns: ["name", "customerNumber", "firstname", "lastname", "notes"],
+        searchColumns: ["name", "nameAddition", "customerNumber", "firstname", "lastname", "notes"],
+        mtmLoad: ["contacts","projects","plants","createddocuments","contracts","customerinventoryitems","customerspaces"],
+        table: customers,
+        numberRangeHolder: "customerNumber",
+    },
+    members: {
+        searchColumns: ["name", "nameAddition", "customerNumber", "firstname", "lastname", "notes"],
         mtmLoad: ["contacts","projects","plants","createddocuments","contracts"],
         table: customers,
         numberRangeHolder: "customerNumber",
+        relationKey: "customer",
+    },
+    memberrelations: {
+        table: memberrelations,
+        searchColumns: ["type", "billingInterval"],
     },
     contacts: {
         searchColumns: ["firstName", "lastName", "email", "phone", "notes"],
@@ -55,9 +73,13 @@ export const resourceConfig = {
     },
     contracts: {
         table: contracts,
-        searchColumns: ["name", "notes", "contractNumber", "paymentType", "sepaRef", "bankingName"],
+        searchColumns: ["name", "notes", "contractNumber", "paymentType", "billingInterval", "sepaRef", "bankingName"],
         numberRangeHolder: "contractNumber",
-        mtoLoad: ["customer"],
+        mtoLoad: ["customer", "contracttype"],
+    },
+    contracttypes: {
+        table: contracttypes,
+        searchColumns: ["name", "description", "paymentType", "billingInterval"],
     },
     plants: {
         table: plants,
@@ -86,6 +108,12 @@ export const resourceConfig = {
         table: inventoryitems,
         numberRangeHolder: "articleNumber",
     },
+    customerinventoryitems: {
+        table: customerinventoryitems,
+        numberRangeHolder: "customerInventoryId",
+        mtoLoad: ["customer", "customerspace", "product", "vendor"],
+        searchColumns: ["name", "customerInventoryId", "serialNumber", "description", "manufacturer", "manufacturerNumber"],
+    },
     inventoryitemgroups: {
         table: inventoryitemgroups
     },
@@ -120,6 +148,13 @@ export const resourceConfig = {
         searchColumns: ["name","space_number","type","info_data"],
         numberRangeHolder: "spaceNumber",
     },
+    customerspaces: {
+        table: customerspaces,
+        searchColumns: ["name","space_number","type","info_data","description"],
+        numberRangeHolder: "space_number",
+        mtoLoad: ["customer"],
+        mtmLoad: ["customerinventoryitems"],
+    },
     ownaccounts: {
         table: ownaccounts,
         searchColumns: ["name","description","number"],
@@ -133,6 +168,16 @@ export const resourceConfig = {
     tasks: {
         table: tasks,
     },
+    events: {
+        table: events,
+        mtoLoad: ["project", "customer"],
+        searchColumns: ["name", "notes", "link", "eventtype"],
+    },
+    profiles: {
+        table: authProfiles,
+        tenantKey: "tenant_id",
+        searchColumns: ["first_name", "last_name", "full_name", "email", "employee_number"],
+    },
     letterheads: {
         table: letterheads,
 
@@ -170,7 +215,11 @@ export const resourceConfig = {
     bankrequisitions: {
         table: bankrequisitions,
     },
+    entitybankaccounts: {
+        table: entitybankaccounts,
+        searchColumns: ["description"],
+    },
     serialexecutions: {
         table: serialExecutions
     }
-}
+}

docker-compose.yml

@@ -1,37 +1,70 @@
-version: "3"
-
 services:
-  web:
+  frontend:
-    image: reg.federspiel.software/fedeo/software:beta
+    image: git.federspiel.tech/flfeders/fedeo/frontend:dev
     restart: always
     environment:
-      - INFISICAL_CLIENT_ID=abc
+      - NUXT_PUBLIC_API_BASE=https://app.fedeo.de/backend
-      - INFISICAL_CLIENT_SECRET=abc
+      - NUXT_PUBLIC_PDF_LICENSE=eyJkYXRhIjoiZXlKMElqb2laR1YyWld4dmNHVnlJaXdpWVhaMUlqb3hOemt3TmpNNU9UazVMQ0prYlNJNkltRndjQzVtWldSbGJ5NWtaU0lzSW00aU9pSXpOemt3Wm1Vek5UazBZbVU0TlRRNElpd2laWGh3SWpveE56a3dOak01T1RrNUxDSmtiWFFpT2lKemNHVmphV1pwWXlJc0luQWlPaUoyYVdWM1pYSWlmUT09Iiwic2lnbmF0dXJlIjoicWU4K0ZxQUJDNUp5bEJUU094Vkd5RTJMbk9UNmpyc2EyRStsN2tNNWhkM21KK2ZvVjYwaTFKeFdhZGtqSDRNWXZxQklMc0dpdWh5d2pMbUFjRHZuWGxOcTRMcXFLRm53dzVtaG1LK3lTeDRXbzVaS1loK1VZdFBzWUZjV3oyUHVGMmJraGJrVjJ6RzRlTGtRU09wdmJKY3JUZU1rN0N1VkN6Q1UraHF5T0ZVVXllWnRmaHlmcWswZEFFL0RMR1hvTDFSQXFjNkNkYU9FTDRTdC9Idy9DQnFieTE2aisvT3RxQUlLcy9NWTR6SVk3RTI3bWo4RUx5VjhXNkdXNXhqc0VUVzNKN0RRMUVlb3RhVlNLT29kc3pVRlhUYzVlbHVuSm04ZlcwM1ErMUhtSnpmWGoyS1dwM1dnamJDazZYSHozamFML2lOdUYvZFZNaWYvc2FoR3NnPT0ifQ==
+    networks:
+      - traefik
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.port=3000"
+      # Middlewares
+      - "traefik.http.middlewares.fedeo-frontend-redirect-web-secure.redirectscheme.scheme=https"
+      # Web Entrypoint
+      - "traefik.http.routers.fedeo-frontend.middlewares=fedeo-frontend-redirect-web-secure"
+      - "traefik.http.routers.fedeo-frontend.rule=Host(`app.fedeo.de`) && PathPrefix(`/`)"
+      - "traefik.http.routers.fedeo-frontend.entrypoints=web"
+      # Web Secure Entrypoint
+      - "traefik.http.routers.fedeo-frontend-secure.rule=Host(`app.fedeo.de`) && PathPrefix(`/`)"
+      - "traefik.http.routers.fedeo-frontend-secure.entrypoints=web-secured" #
+      - "traefik.http.routers.fedeo-frontend-secure.tls.certresolver=mytlschallenge"
   backend:
-    image: reg.federspiel.software/fedeo/backend:main
+    image: git.federspiel.tech/flfeders/fedeo/backend:dev
     restart: always
     environment:
-      - NUXT_PUBLIC_API_BASE=
+      - INFISICAL_CLIENT_ID=a6838bd6-9983-4bf4-9be2-ace830b9abdf
-      - NUXT_PUBLIC_PDF_LICENSE=
+      - INFISICAL_CLIENT_SECRET=4e3441acc0adbffd324aa50e668a95a556a3f55ec6bb85954e176e35a3392003
-  db:
+      - NODE_ENV=production
-    image: postgres
+    networks:
-    restart: always
+      - traefik
-    shm_size: 128mb
+    labels:
-    environment:
+      - "traefik.enable=true"
-      POSTGRES_PASSWORD: abc
+      - "traefik.docker.network=traefik"
-      POSTGRES_USER: sandelcom
+      - "traefik.port=3100"
-      POSTGRES_DB: sensorfy
+      # Middlewares
-    volumes:
+      - "traefik.http.middlewares.fedeo-backend-redirect-web-secure.redirectscheme.scheme=https"
-      - ./pg-data:/var/lib/postgresql/data
+      - "traefik.http.middlewares.fedeo-backend-strip.stripprefix.prefixes=/backend"
-    ports:
+      # Web Entrypoint
-      - "5432:5432"
+      - "traefik.http.routers.fedeo-backend.middlewares=fedeo-backend-redirect-web-secure"
+      - "traefik.http.routers.fedeo-backend.rule=Host(`app.fedeo.de`) && PathPrefix(`/backend`)"
+      - "traefik.http.routers.fedeo-backend.entrypoints=web"
+      # Web Secure Entrypoint
+      - "traefik.http.routers.fedeo-backend-secure.rule=Host(`app.fedeo.de`) && PathPrefix(`/backend`)"
+      - "traefik.http.routers.fedeo-backend-secure.entrypoints=web-secured" #
+      - "traefik.http.routers.fedeo-backend-secure.tls.certresolver=mytlschallenge"
+      - "traefik.http.routers.fedeo-backend-secure.middlewares=fedeo-backend-strip"
+  #  db:
+  #    image: postgres
+  #    restart: always
+  #    shm_size: 128mb
+  #    environment:
+  #      POSTGRES_PASSWORD: abc
+  #      POSTGRES_USER: sandelcom
+  #      POSTGRES_DB: sensorfy
+  #    volumes:
+  #      - ./pg-data:/var/lib/postgresql/data
+  #    ports:
+  #      - "5432:5432"
   traefik:
-    image: traefik:v2.2
+    image: traefik:v2.11
     restart: unless-stopped
     container_name: traefik
     command:
       - "--api.insecure=false"
-      - "--api.dashboard=true"
+      - "--api.dashboard=false"
       - "--api.debug=false"
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
@@ -43,19 +76,18 @@ services:
       - "--accesslog.bufferingsize=5000"
       - "--accesslog.fields.defaultMode=keep"
       - "--accesslog.fields.headers.defaultMode=keep"
-      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true" # <== Enable TLS-ALPN-01 to generate and renew ACME certs
+      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true" #
-      - "--certificatesresolvers.mytlschallenge.acme.email=info@sandelcom.de" # <== Setting email for certs
+      - "--certificatesresolvers.mytlschallenge.acme.email=moin@fedeo.de"
-      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json" # <== Defining acme file to store cert information
+      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
     ports:
       - 80:80
-      - 8080:8080
       - 443:443
     volumes:
       - "./traefik/letsencrypt:/letsencrypt" # <== Volume for certs (TLS)
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "./traefik/logs:/logs"
-    labels:
+    networks:
-      #### Labels define the behavior and rules of the traefik proxy for this container ####
+      - traefik
-      - "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to view it
+networks:
-      - "traefik.http.routers.api.rule=Host(`srv1.drinkingteam.de`)" # <== Setting the domain for the dashboard
+  traefik:
-      - "traefik.http.routers.api.service=api@internal" # <== Enabling the api to be a service to access
+    external: false

frontend/app.config.ts

@@ -1,7 +1,9 @@
 export default defineAppConfig({
     ui: {
-        primary: 'green',
+        colors: {
-        gray: 'slate',
+            primary: 'green',
+            neutral: 'slate'
+        },
         tooltip: {
             background: '!bg-background'
         },
@@ -35,4 +37,4 @@ export default defineAppConfig({
             }
         }
     }
-})
+})

frontend/app.vue

@@ -47,14 +47,16 @@ useSeoMeta({
 </script>
 
 <template>
-  <div class="safearea">
+  <UApp>
-    <NuxtLayout>
+    <div class="safearea">
-      <NuxtPage/>
+      <NuxtLayout>
-    </NuxtLayout>
+        <NuxtPage/>
-    <UNotifications/>
+      </NuxtLayout>
-    <USlideovers />
+      <UNotifications/>
-    <UModals/>
+      <USlideovers />
-  </div>
+      <UModals/>
+    </div>
+  </UApp>
 
 
 
@@ -136,4 +138,4 @@ useSeoMeta({
 .scroll {
   overflow-y: scroll;
 }
-</style>
+</style>

frontend/assets/css/main.css

@@ -0,0 +1,26 @@
+@import "tailwindcss";
+@import "@nuxt/ui-pro";
+
+@theme static {
+  --font-sans: "SF Pro Text", "SF Pro Display", "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+  --font-mono: "SF Mono", "Cascadia Code", "JetBrains Mono", Consolas, "Liberation Mono", Menlo, monospace;
+  --color-green-50: #f4fbf2;
+  --color-green-100: #e7f7e1;
+  --color-green-200: #cdeec4;
+  --color-green-300: #a6e095;
+  --color-green-400: #69c350;
+  --color-green-500: #53ad3a;
+  --color-green-600: #418e2b;
+  --color-green-700: #357025;
+  --color-green-800: #2d5922;
+  --color-green-900: #254a1d;
+  --color-green-950: #10280b;
+}
+
+:root {
+  --ui-container: 90rem;
+}
+
+body {
+  font-family: var(--font-sans);
+}

frontend/components/ArchiveButton.vue

@@ -38,37 +38,39 @@ const emitConfirm = () => {
   >
     Archivieren
   </UButton>
-  <UModal v-model="showModal">
+  <UModal v-model:open="showModal">
-    <UCard>
+    <template #content>
-      <template #header>
+      <UCard>
-        <span class="text-md font-bold">Archivieren bestätigen</span>
+        <template #header>
-      </template>
+          <span class="text-md font-bold">Archivieren bestätigen</span>
-      Möchten Sie diese/-s/-n {{dataType.labelSingle}} wirklich archivieren?
+        </template>
+        Möchten Sie diese/-s/-n {{dataType.labelSingle}} wirklich archivieren?
 
-      <template #footer>
+        <template #footer>
-        <div class="text-right">
+          <div class="text-right">
-          <UButtonGroup>
+            <UButtonGroup>
-            <UButton
+              <UButton
-                variant="outline"
+                  variant="outline"
-                @click="showModal = false"
+                  @click="showModal = false"
-            >
+              >
-              Abbrechen
+                Abbrechen
-            </UButton>
+              </UButton>
-            <UButton
+              <UButton
-                @click="emitConfirm"
+                  @click="emitConfirm"
-                class="ml-2"
+                  class="ml-2"
-                color="rose"
+                  color="error"
-            >
+              >
-              Archivieren
+                Archivieren
-            </UButton>
+              </UButton>
-          </UButtonGroup>
+            </UButtonGroup>
 
-        </div>
+          </div>
-      </template>
+        </template>
-    </UCard>
+      </UCard>
+    </template>
   </UModal>
 </template>
 
 <style scoped>
 
-</style>
+</style>

frontend/components/BankAccountAssignInput.vue

@@ -0,0 +1,184 @@
+<script setup>
+const props = defineProps({
+  modelValue: {
+    type: Array,
+    default: () => []
+  },
+  disabled: {
+    type: Boolean,
+    default: false
+  }
+})
+
+const emit = defineEmits(["update:modelValue"])
+const toast = useToast()
+
+const accounts = ref([])
+const ibanSearch = ref("")
+const showCreate = ref(false)
+const resolvingIban = ref(false)
+
+const createPayload = ref({
+  iban: "",
+  bic: "",
+  bankName: "",
+  description: ""
+})
+
+const normalizeIban = (value) => String(value || "").replace(/\s+/g, "").toUpperCase()
+
+const loadAccounts = async () => {
+  accounts.value = await useEntities("entitybankaccounts").select()
+}
+
+const assignedIds = computed(() => {
+  return Array.isArray(props.modelValue) ? props.modelValue : []
+})
+
+const assignedAccounts = computed(() => {
+  return accounts.value.filter((a) => assignedIds.value.includes(a.id))
+})
+
+const updateAssigned = (ids) => {
+  emit("update:modelValue", ids)
+}
+
+const assignByIban = async () => {
+  const search = normalizeIban(ibanSearch.value)
+  if (!search) return
+
+  const match = accounts.value.find((a) => normalizeIban(a.iban) === search)
+  if (!match) {
+    toast.add({ title: "Kein Bankkonto mit dieser IBAN gefunden.", color: "error" })
+    return
+  }
+
+  if (assignedIds.value.includes(match.id)) {
+    toast.add({ title: "Dieses Bankkonto ist bereits zugewiesen.", color: "amber" })
+    return
+  }
+
+  updateAssigned([...assignedIds.value, match.id])
+  ibanSearch.value = ""
+}
+
+const removeAssigned = (id) => {
+  updateAssigned(assignedIds.value.filter((i) => i !== id))
+}
+
+const createAndAssign = async () => {
+  if (!createPayload.value.iban || !createPayload.value.bic || !createPayload.value.bankName) {
+    toast.add({ title: "IBAN, BIC und Bankinstitut sind Pflichtfelder.", color: "error" })
+    return
+  }
+
+  const created = await useEntities("entitybankaccounts").create(createPayload.value, true)
+  await loadAccounts()
+  updateAssigned([...assignedIds.value, created.id])
+  createPayload.value = { iban: "", bic: "", bankName: "", description: "" }
+  showCreate.value = false
+}
+
+const resolveCreatePayloadFromIban = async () => {
+  const normalized = normalizeIban(createPayload.value.iban)
+  if (!normalized) return
+
+  resolvingIban.value = true
+  try {
+    const data = await useFunctions().useBankingResolveIban(normalized)
+    if (!data) return
+
+    createPayload.value.iban = data.iban || normalized
+    if (data.bic) createPayload.value.bic = data.bic
+    if (data.bankName) createPayload.value.bankName = data.bankName
+  } catch (e) {
+    // intentionally ignored: user can still enter fields manually
+  } finally {
+    resolvingIban.value = false
+  }
+}
+
+loadAccounts()
+</script>
+
+<template>
+  <div class="flex flex-col gap-2 w-full">
+    <div class="flex flex-wrap gap-2" v-if="assignedAccounts.length > 0">
+      <UBadge
+          v-for="account in assignedAccounts"
+          :key="account.id"
+          color="primary"
+          variant="subtle"
+      >
+        {{ account.displayLabel || account.iban }}
+        <UButton
+            v-if="!disabled"
+            variant="ghost"
+            color="gray"
+            size="2xs"
+            icon="i-heroicons-x-mark"
+            class="ml-1"
+            @click="removeAssigned(account.id)"
+        />
+      </UBadge>
+    </div>
+
+    <InputGroup class="w-full">
+      <UInput
+          v-model="ibanSearch"
+          class="flex-auto"
+          placeholder="IBAN eingeben und zuweisen"
+          :disabled="disabled"
+          @keydown.enter.prevent="assignByIban"
+      />
+      <UButton :disabled="disabled" @click="assignByIban">
+        Zuweisen
+      </UButton>
+      <UButton :disabled="disabled" color="gray" variant="outline" @click="showCreate = true">
+        Neu
+      </UButton>
+    </InputGroup>
+  </div>
+
+  <UModal v-model:open="showCreate">
+    <template #content>
+      <UCard>
+        <template #header>Neue Bankverbindung erstellen</template>
+        <div class="space-y-3">
+          <UFormField label="IBAN">
+            <InputGroup>
+              <UInput
+                  v-model="createPayload.iban"
+                  @blur="resolveCreatePayloadFromIban"
+                  @keydown.enter.prevent="resolveCreatePayloadFromIban"
+              />
+              <UButton
+                  color="gray"
+                  variant="outline"
+                  :loading="resolvingIban"
+                  @click="resolveCreatePayloadFromIban"
+              >
+                Ermitteln
+              </UButton>
+            </InputGroup>
+          </UFormField>
+          <UFormField label="BIC">
+            <UInput v-model="createPayload.bic" />
+          </UFormField>
+          <UFormField label="Bankinstitut">
+            <UInput v-model="createPayload.bankName" />
+          </UFormField>
+          <UFormField label="Beschreibung (optional)">
+            <UInput v-model="createPayload.description" />
+          </UFormField>
+        </div>
+        <template #footer>
+          <div class="flex justify-end gap-2">
+            <UButton color="gray" variant="outline" @click="showCreate = false">Abbrechen</UButton>
+            <UButton @click="createAndAssign">Erstellen und zuweisen</UButton>
+          </div>
+        </template>
+      </UCard>
+    </template>
+  </UModal>
+</template>

frontend/components/ButtonWithConfirm.vue

@@ -31,36 +31,38 @@ const emitConfirm = () => {
   >
     <slot name="button"></slot>
   </UButton>
-  <UModal v-model="showModal">
+  <UModal v-model:open="showModal">
-    <UCard>
+    <template #content>
-      <template #header>
+      <UCard>
-        <slot name="header"></slot>
+        <template #header>
-      </template>
+          <slot name="header"></slot>
-      <slot/>
+        </template>
-      <template #footer>
+        <slot/>
-        <div class="text-right">
+        <template #footer>
-          <UButtonGroup>
+          <div class="text-right">
-            <UButton
+            <UButtonGroup>
-                variant="outline"
+              <UButton
-                @click="showModal = false"
+                  variant="outline"
-            >
+                  @click="showModal = false"
-              Abbrechen
+              >
-            </UButton>
+                Abbrechen
-            <UButton
+              </UButton>
-                @click="emitConfirm"
+              <UButton
-                class="ml-2"
+                  @click="emitConfirm"
-                color="rose"
+                  class="ml-2"
-            >
+                  color="error"
-              Archivieren
+              >
-            </UButton>
+                Archivieren
-          </UButtonGroup>
+              </UButton>
+            </UButtonGroup>
 
-        </div>
+          </div>
-      </template>
+        </template>
-    </UCard>
+      </UCard>
+    </template>
   </UModal>
 </template>
 
 <style scoped>
 
-</style>
+</style>

frontend/components/Calculator.vue

@@ -51,8 +51,8 @@
       <div class="grid grid-cols-4 gap-2">
         <UTooltip text="Brutto (+19%)"><UButton color="green" variant="soft" block size="xs" @click="applyTax(19)">+19%</UButton></UTooltip>
         <UTooltip text="Brutto (+7%)"><UButton color="green" variant="soft" block size="xs" @click="applyTax(7)">+7%</UButton></UTooltip>
-        <UTooltip text="Netto (-19%)"><UButton color="rose" variant="soft" block size="xs" @click="removeTax(19)">-19%</UButton></UTooltip>
+        <UTooltip text="Netto (-19%)"><UButton color="error" variant="soft" block size="xs" @click="removeTax(19)">-19%</UButton></UTooltip>
-        <UTooltip text="Netto (-7%)"><UButton color="rose" variant="soft" block size="xs" @click="removeTax(7)">-7%</UButton></UTooltip>
+        <UTooltip text="Netto (-7%)"><UButton color="error" variant="soft" block size="xs" @click="removeTax(7)">-7%</UButton></UTooltip>
 
         <UTooltip text="Löschen"><UButton color="gray" variant="ghost" block @click="clear">C</UButton></UTooltip>
         <UTooltip text="Speicher +"><UButton color="gray" variant="ghost" block @click="addToSum">M+</UButton></UTooltip>
@@ -227,9 +227,14 @@ defineShortcuts({
   width: 4px;
 }
 .custom-scrollbar::-webkit-scrollbar-track {
-  @apply bg-transparent;
+  background: transparent;
 }
 .custom-scrollbar::-webkit-scrollbar-thumb {
-  @apply bg-gray-200 dark:bg-gray-700 rounded-full;
+  background: #e5e7eb;
+  border-radius: 9999px;
 }
-</style>
+
+:global(.dark) .custom-scrollbar::-webkit-scrollbar-thumb {
+  background: #374151;
+}
+</style>

frontend/components/DatePicker.vue

@@ -27,6 +27,11 @@ const date = computed({
   }
 })
 
+const selectToday = () => {
+  emit('update:model-value', new Date())
+  emit('close')
+}
+
 const attrs = [{
   key: 'today',
   highlight: {
@@ -37,18 +42,31 @@ const attrs = [{
 </script>
 
 <template>
-  <VCalendarDatePicker
+  <div class="space-y-3">
-      show-weeknumbers
+    <VCalendarDatePicker
-      v-model="date"
+        show-weeknumbers
-      :mode="props.mode"
+        v-model="date"
-      is24hr
+        :mode="props.mode"
-      transparent
+        is24hr
-      borderless
+        transparent
-      color="green"
+        borderless
-      :attributes="attrs"
+        color="green"
-      :is-dark="isDark"
+        :attributes="attrs"
-      title-position="left"
+        :is-dark="isDark"
-      trim-weeks
+        title-position="left"
-      :first-day-of-week="2"
+        trim-weeks
-  />
+        :first-day-of-week="2"
-</template>
+    />
+
+    <div class="flex justify-end px-2 pb-2">
+      <UButton
+          size="xs"
+          color="gray"
+          variant="soft"
+          icon="i-heroicons-calendar-days"
+          label="Heute"
+          @click="selectToday"
+      />
+    </div>
+  </div>
+</template>

frontend/components/DocumentDisplayModal.vue

@@ -156,7 +156,8 @@ const moveFile = async () => {
 
 <template>
   <UModal fullscreen >
-    <UCard :ui="{ body: { base: 'flex-1' }, ring: '', divide: 'divide-y divide-gray-100 dark:divide-gray-800' }" class="h-full">
+    <template #content>
+      <UCard :ui="{ body: { base: 'flex-1' }, ring: '', divide: 'divide-y divide-gray-100 dark:divide-gray-800' }" class="h-full">
       <template #header>
         <div class="flex flex-row justify-between">
           <div class="flex items-center gap-2">
@@ -186,7 +187,7 @@ const moveFile = async () => {
         <div class="w-2/3 p-5" v-if="!false">
           <UButtonGroup>
             <ArchiveButton
-                color="rose"
+                color="error"
                 variant="outline"
                 type="files"
                 @confirmed="archiveDocument"
@@ -202,7 +203,7 @@ const moveFile = async () => {
             </UButton>
           </UButtonGroup>
 
-          <UDivider>Zuweisungen</UDivider>
+          <USeparator label="Zuweisungen"/>
           <table class="w-full">
             <tr v-if="props.documentData.project">
               <td>Projekt</td>
@@ -278,44 +279,44 @@ const moveFile = async () => {
             </tr>
           </table>
 
-          <UDivider class="my-3">Datei zuweisen</UDivider>
+          <USeparator class="my-3" label="Datei zuweisen"/>
 
-          <UFormGroup
+          <UFormField
               label="Resource auswählen"
           >
             <USelectMenu
-                :options="resourceOptions"
+                :items="resourceOptions"
                 v-model="resourceToAssign"
-                value-attribute="value"
+                value-key="value"
-                option-attribute="label"
+                label-key="label"
                 @change="getItemsBySelectedResource"
             >
 
             </USelectMenu>
-          </UFormGroup>
+          </UFormField>
-          <UFormGroup
+          <UFormField
               label="Eintrag auswählen:"
           >
             <USelectMenu
-                :options="itemOptions"
+                :items="itemOptions"
                 v-model="idToAssign"
-                :option-attribute="resourceOptions.find(i => i.value === resourceToAssign)? resourceOptions.find(i => i.value === resourceToAssign).optionAttr : 'name'"
+                :label-key="resourceOptions.find(i => i.value === resourceToAssign)? resourceOptions.find(i => i.value === resourceToAssign).optionAttr : 'name'"
-                value-attribute="id"
+                value-key="id"
                 @change="updateDocumentAssignment"
             ></USelectMenu>
-          </UFormGroup>
+          </UFormField>
 
 
 
-          <UDivider class="my-5">Datei verschieben</UDivider>
+          <USeparator class="my-5" label="Datei verschieben"/>
 
           <InputGroup class="w-full">
             <USelectMenu
                 class="flex-auto"
                 v-model="folderToMoveTo"
-                value-attribute="id"
+                value-key="id"
-                option-attribute="name"
+                label-key="name"
-                :options="folders"
+                :items="folders"
             />
             <UButton
               @click="moveFile"
@@ -324,34 +325,35 @@ const moveFile = async () => {
             >Verschieben</UButton>
           </InputGroup>
 
-          <UDivider class="my-5">Dateityp</UDivider>
+          <USeparator class="my-5" label="Dateityp"/>
 
           <InputGroup class="w-full">
             <USelectMenu
                 class="flex-auto"
                 v-model="props.documentData.type"
-                value-attribute="id"
+                value-key="id"
-                option-attribute="name"
+                label-key="name"
-                :options="filetypes"
+                :items="filetypes"
                 @change="updateDocument"
             />
           </InputGroup>
-          <UDivider class="my-5">Dokumentenbox</UDivider>
+          <USeparator class="my-5" label="Dokumentenbox" />
 
           <InputGroup class="w-full">
             <USelectMenu
                 class="flex-auto"
                 v-model="props.documentData.documentbox"
-                value-attribute="id"
+                value-key="id"
-                option-attribute="key"
+                label-key="key"
-                :options="documentboxes"
+                :items="documentboxes"
                 @change="updateDocument"
             />
           </InputGroup>
 
         </div>
       </div>
-    </UCard>
+      </UCard>
+    </template>
   </UModal>
 </template>
 
@@ -362,4 +364,4 @@ const moveFile = async () => {
   aspect-ratio: 1/ 1.414;
 }
 
-</style>
+</style>

frontend/components/DocumentUploadModal.vue

@@ -78,84 +78,86 @@ const fileNames = computed(() => {
 
 <template>
   <UModal>
-    <div ref="dropZoneRef" class="relative h-full flex flex-col">
+    <template #content>
+      <div ref="dropZoneRef" class="relative h-full flex flex-col">
 
-      <div
+        <div
-          v-if="isOverDropZone"
+            v-if="isOverDropZone"
-          class="absolute inset-0 z-50 flex items-center justify-center bg-primary-500/10 border-2 border-primary-500 border-dashed rounded-lg backdrop-blur-sm transition-all"
+            class="absolute inset-0 z-50 flex items-center justify-center bg-primary-500/10 border-2 border-primary-500 border-dashed rounded-lg backdrop-blur-sm transition-all"
-      >
-        <span class="text-xl font-bold text-primary-600 bg-white/80 px-4 py-2 rounded shadow-sm">
-          Dateien hier ablegen
-        </span>
-      </div>
-
-      <UCard :ui="{ body: { base: 'flex-1' }, ring: '', divide: 'divide-y divide-gray-100 dark:divide-gray-800' }">
-        <template #header>
-          <div class="flex items-center justify-between">
-            <h3 class="text-base font-semibold leading-6 text-gray-900 dark:text-white">
-              Datei hochladen
-            </h3>
-            <UButton
-                color="gray"
-                variant="ghost"
-                icon="i-heroicons-x-mark-20-solid"
-                class="-my-1"
-                @click="modal.close()"
-                :disabled="uploadInProgress"
-            />
-          </div>
-        </template>
-
-        <UFormGroup
-            label="Datei:"
-            :help="selectedFiles.length > 0 ? `${selectedFiles.length} Datei(en) ausgewählt` : 'Ziehen Sie Dateien hierher oder klicken Sie'"
         >
-          <UInput
+          <span class="text-xl font-bold text-primary-600 bg-white/80 px-4 py-2 rounded shadow-sm">
-              v-if="selectedFiles.length === 0"
+            Dateien hier ablegen
-              type="file"
+          </span>
-              id="fileUploadInput"
+        </div>
-              multiple
-              accept="image/jpeg, image/png, image/gif, application/pdf"
-              @change="onFileInputChange"
-          />
 
-          <div v-if="selectedFiles.length > 0" class="mt-2 text-sm text-gray-500">
+        <UCard :ui="{ body: { base: 'flex-1' }, ring: '', divide: 'divide-y divide-gray-100 dark:divide-gray-800' }">
-            Ausgewählt: <span class="font-medium text-gray-700 dark:text-gray-300">{{ fileNames }}</span>
+          <template #header>
-          </div>
+            <div class="flex items-center justify-between">
-        </UFormGroup>
+              <h3 class="text-base font-semibold leading-6 text-gray-900 dark:text-white">
+                Datei hochladen
+              </h3>
+              <UButton
+                  color="gray"
+                  variant="ghost"
+                  icon="i-heroicons-x-mark-20-solid"
+                  class="-my-1"
+                  @click="modal.close()"
+                  :disabled="uploadInProgress"
+              />
+            </div>
+          </template>
 
-        <UFormGroup
+          <UFormField
-            label="Typ:"
+              label="Datei:"
-            class="mt-3"
+              :help="selectedFiles.length > 0 ? `${selectedFiles.length} Datei(en) ausgewählt` : 'Ziehen Sie Dateien hierher oder klicken Sie'"
-        >
-          <USelectMenu
-              option-attribute="name"
-              value-attribute="id"
-              searchable
-              searchable-placeholder="Suchen..."
-              :options="availableFiletypes"
-              v-model="props.fileData.type"
-              :disabled="!props.fileData.typeEnabled"
           >
-            <template #label>
+            <UInput
-              <span v-if="availableFiletypes.find(x => x.id === props.fileData.type)">{{availableFiletypes.find(x => x.id === props.fileData.type).name}}</span>
+                v-if="selectedFiles.length === 0"
-              <span v-else>Kein Typ ausgewählt</span>
+                type="file"
-            </template>
+                id="fileUploadInput"
-          </USelectMenu>
+                multiple
-        </UFormGroup>
+                accept="image/jpeg, image/png, image/gif, application/pdf"
+                @change="onFileInputChange"
+            />
 
-        <template #footer>
+            <div v-if="selectedFiles.length > 0" class="mt-2 text-sm text-gray-500">
-          <UButton
+              Ausgewählt: <span class="font-medium text-gray-700 dark:text-gray-300">{{ fileNames }}</span>
-              @click="uploadFiles"
+            </div>
-              :loading="uploadInProgress"
+          </UFormField>
-              :disabled="uploadInProgress || selectedFiles.length === 0"
+
-          >Hochladen</UButton>
+          <UFormField
-        </template>
+              label="Typ:"
-      </UCard>
+              class="mt-3"
-    </div>
+          >
+            <USelectMenu
+                option-attribute="name"
+                value-attribute="id"
+                searchable
+                searchable-placeholder="Suchen..."
+                :options="availableFiletypes"
+                v-model="props.fileData.type"
+                :disabled="!props.fileData.typeEnabled"
+            >
+              <template #label>
+                <span v-if="availableFiletypes.find(x => x.id === props.fileData.type)">{{availableFiletypes.find(x => x.id === props.fileData.type).name}}</span>
+                <span v-else>Kein Typ ausgewählt</span>
+              </template>
+            </USelectMenu>
+          </UFormField>
+
+          <template #footer>
+            <UButton
+                @click="uploadFiles"
+                :loading="uploadInProgress"
+                :disabled="uploadInProgress || selectedFiles.length === 0"
+            >Hochladen</UButton>
+          </template>
+        </UCard>
+      </div>
+    </template>
   </UModal>
 </template>
 
 <style scoped>
 /* Optional: Animationen für das Overlay */
-</style>
+</style>

frontend/components/EntityEdit.vue

@@ -69,20 +69,31 @@ generateOldItemData()
 const saveAllowed = computed(() => {
   if (!item.value) return false
 
+  const isFilledValue = (value) => {
+    if (Array.isArray(value)) return value.length > 0
+    if (typeof value === "string") return value.trim().length > 0
+    return value !== null && value !== undefined && value !== false
+  }
+
   let allowedCount = 0
   // Nur Input-Felder berücksichtigen
-  const relevantColumns = dataType.templateColumns.filter(i => i.inputType)
+  const relevantColumns = dataType.templateColumns.filter(i => {
+    if (!i.inputType) return false
+    if (i.showFunction && !i.showFunction(item.value)) return false
+    if (i.disabledFunction && i.disabledFunction(item.value)) return false
+    return true
+  })
 
   relevantColumns.forEach(datapoint => {
     if(datapoint.required) {
       if(datapoint.key.includes(".")){
         const [parentKey, childKey] = datapoint.key.split('.')
         // Prüfung: Existiert Parent UND ist Child "truthy" (nicht null/undefined/empty)
-        if(item.value[parentKey] && item.value[parentKey][childKey]) {
+        if(item.value[parentKey] && isFilledValue(item.value[parentKey][childKey])) {
           allowedCount += 1
         }
       } else {
-        if(item.value[datapoint.key]) {
+        if(isFilledValue(item.value[datapoint.key])) {
           allowedCount += 1
         }
       }
@@ -200,6 +211,22 @@ const contentChanged = (content, datapoint) => {
   }
 }
 
+const getSelectItems = (datapoint) => {
+  return datapoint.selectManualOptions || loadedOptions.value[datapoint.selectDataType] || []
+}
+
+const getSelectValueKey = (datapoint) => {
+  return datapoint.selectValueAttribute || 'id'
+}
+
+const getSelectLabelKey = (datapoint) => {
+  return datapoint.selectOptionAttribute || 'label'
+}
+
+const getSelectSearchInput = (datapoint) => {
+  return datapoint.selectSearchAttributes ? { placeholder: 'Suche...' } : false
+}
+
 
 const createItem = async () => {
   let ret = null
@@ -253,7 +280,7 @@ const updateItem = async () => {
     </template>
     <template #right>
       <ArchiveButton
-          color="rose"
+          color="error"
           v-if="platform !== 'mobile'"
           variant="outline"
           :type="type"
@@ -325,12 +352,12 @@ const updateItem = async () => {
             v-for="(columnName,index) in dataType.inputColumns"
             :class="platform === 'mobile' ? ['w-full'] : [`w-1/${dataType.inputColumns.length}`, ... index < dataType.inputColumns.length -1 ? ['mr-5'] : []]"
         >
-          <UDivider>{{ columnName }}</UDivider>
+          <USeparator :label="columnName"/>
 
           <div
               v-for="datapoint in dataType.templateColumns.filter(i => i.inputType && i.inputColumn === columnName)"
           >
-            <UFormGroup
+            <UFormField
                 v-if="(datapoint.showFunction ? datapoint.showFunction(item) : true)"
                 :label="datapoint.label"
             >
@@ -343,7 +370,7 @@ const updateItem = async () => {
               </template>
               <InputGroup class="w-full" v-if="datapoint.key.includes('.')">
                 <UInput
-                    :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'white'"
+                    :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'white'"
                     class="flex-auto"
                     @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
                     v-if="['text','number'].includes(datapoint.inputType)"
@@ -356,25 +383,25 @@ const updateItem = async () => {
                     <span class="text-gray-500 dark:text-gray-400 text-xs">{{ datapoint.inputTrailing }}</span>
                   </template>
                 </UInput>
-                <UToggle
+                <USwitch
-                    :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'primary'"
+                    :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'primary'"
                     @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
                     v-else-if="datapoint.inputType === 'bool'"
                     v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]"
                     :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                 />
                 <USelectMenu
-                    :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'white'"
+                    :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'white'"
                     class="flex-auto"
                     @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
                     v-else-if="datapoint.inputType === 'select'"
                     v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]"
                     :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
-                    :option-attribute="datapoint.selectOptionAttribute"
+                    :items="getSelectItems(datapoint)"
-                    :value-attribute="datapoint.selectValueAttribute || 'id'"
+                    :label-key="getSelectLabelKey(datapoint)"
-                    :options="datapoint.selectManualOptions || loadedOptions[datapoint.selectDataType]"
+                    :value-key="getSelectValueKey(datapoint)"
-                    :searchable="datapoint.selectSearchAttributes"
+                    :search-input="getSelectSearchInput(datapoint)"
-                    :search-attributes="datapoint.selectSearchAttributes"
+                    :filter-fields="datapoint.selectSearchAttributes"
                     :multiple="datapoint.selectMultiple"
                 >
                   <template #empty>
@@ -382,7 +409,7 @@ const updateItem = async () => {
                   </template>
                 </USelectMenu>
                 <UTextarea
-                    :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'white'"
+                    :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'white'"
                     class="flex-auto"
                     @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
                     v-else-if="datapoint.inputType === 'textarea'"
@@ -390,9 +417,9 @@ const updateItem = async () => {
                     :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                     rows="4"
                 />
-                <UPopover :popper="{ placement: 'bottom-start' }" v-else-if="datapoint.inputType === 'date'">
+                <UPopover :content="{ side: 'bottom', align: 'start' }" v-else-if="datapoint.inputType === 'date'">
                   <UButton
-                      :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'white'"
+                      :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'white'"
                       icon="i-heroicons-calendar-days-20-solid"
                       :label="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? dayjs(item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]).format('DD.MM.YYYY') : 'Datum auswählen'"
                       variant="outline"
@@ -400,17 +427,17 @@ const updateItem = async () => {
 
                   />
 
-                  <template #panel="{ close }">
+                  <template #content>
                     <LazyDatePicker
                         @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
-                        v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]" @close="close"
+                        v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]"
                         :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                     />
                   </template>
                 </UPopover>
-                <UPopover :popper="{ placement: 'bottom-start' }" v-else-if="datapoint.inputType === 'datetime'">
+                <UPopover :content="{ side: 'bottom', align: 'start' }" v-else-if="datapoint.inputType === 'datetime'">
                   <UButton
-                      :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'white'"
+                      :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'white'"
                       icon="i-heroicons-calendar-days-20-solid"
                       :label="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? dayjs(item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]).format('DD.MM.YY HH:mm') : 'Datum auswählen'"
                       variant="outline"
@@ -418,15 +445,20 @@ const updateItem = async () => {
 
                   />
 
-                  <template #panel="{ close }">
+                  <template #content>
                     <LazyDatePicker
                         @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
-                        v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]" @close="close"
+                        v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]"
                         :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                         mode="datetime"
                     />
                   </template>
                 </UPopover>
+                <BankAccountAssignInput
+                    v-else-if="datapoint.inputType === 'bankaccountassign'"
+                    v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]"
+                    :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
+                />
                 <Tiptap
                     v-else-if="datapoint.inputType === 'editor'"
                     @updateContent="(i) => contentChanged(i,datapoint)"
@@ -444,7 +476,7 @@ const updateItem = async () => {
               <InputGroup class="w-full" v-else>
                 <UInput
                     class="flex-auto"
-                    :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'white'"
+                    :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'white'"
                     @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
                     v-if="['text','number'].includes(datapoint.inputType)"
                     v-model="item[datapoint.key]"
@@ -456,34 +488,33 @@ const updateItem = async () => {
                     {{ datapoint.inputTrailing }}
                   </template>
                 </UInput>
-                <UToggle
+                <USwitch
-                    :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'primary'"
+                    :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'primary'"
                     @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
                     v-else-if="datapoint.inputType === 'bool'"
                     v-model="item[datapoint.key]"
                     :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                 />
                 <USelectMenu
-                    :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'white'"
+                    :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'white'"
                     class="flex-auto"
                     @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
                     v-else-if="datapoint.inputType === 'select'"
                     v-model="item[datapoint.key]"
                     :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
-                    :option-attribute="datapoint.selectOptionAttribute"
+                    :items="getSelectItems(datapoint)"
-                    :value-attribute="datapoint.selectValueAttribute || 'id'"
+                    :label-key="getSelectLabelKey(datapoint)"
-                    :options="datapoint.selectManualOptions || loadedOptions[datapoint.selectDataType]"
+                    :value-key="getSelectValueKey(datapoint)"
-                    :searchable="datapoint.selectSearchAttributes"
+                    :search-input="getSelectSearchInput(datapoint)"
-                    :search-attributes="datapoint.selectSearchAttributes"
+                    :filter-fields="datapoint.selectSearchAttributes"
                     :multiple="datapoint.selectMultiple"
-                    searchable-placeholder="Suche..."
                 >
                   <template #empty>
                     Keine Optionen verfügbar
                   </template>
                 </USelectMenu>
                 <UTextarea
-                    :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'white'"
+                    :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'white'"
                     class="flex-auto"
                     @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
                     v-else-if="datapoint.inputType === 'textarea'"
@@ -491,42 +522,46 @@ const updateItem = async () => {
                     :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                     rows="4"
                 />
-                <UPopover :popper="{ placement: 'bottom-start' }" v-else-if="datapoint.inputType === 'date'">
+                <UPopover :content="{ side: 'bottom', align: 'start' }" v-else-if="datapoint.inputType === 'date'">
                   <UButton
-                      :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'white'"
+                      :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'white'"
                       icon="i-heroicons-calendar-days-20-solid"
                       :label="item[datapoint.key] ? dayjs(item[datapoint.key]).format('DD.MM.YYYY') : 'Datum auswählen'"
                       variant="outline"
                       :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                   />
 
-                  <template #panel="{ close }">
+                  <template #content>
                     <LazyDatePicker
                         @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
-                        v-model="item[datapoint.key]" @close="close"
+                        v-model="item[datapoint.key]"
                         :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                     />
                   </template>
                 </UPopover>
-                <UPopover :popper="{ placement: 'bottom-start' }" v-else-if="datapoint.inputType === 'datetime'">
+                <UPopover :content="{ side: 'bottom', align: 'start' }" v-else-if="datapoint.inputType === 'datetime'">
                   <UButton
-                      :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'white'"
+                      :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'white'"
                       icon="i-heroicons-calendar-days-20-solid"
                       :label="item[datapoint.key] ? dayjs(item[datapoint.key]).format('DD.MM.YY HH:mm') : 'Datum auswählen'"
                       variant="outline"
                       :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                   />
 
-                  <template #panel="{ close }">
+                  <template #content>
                     <LazyDatePicker
                         @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
                         v-model="item[datapoint.key]"
-                        @close="close"
                         :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                         mode="datetime"
                     />
                   </template>
                 </UPopover>
+                <BankAccountAssignInput
+                    v-else-if="datapoint.inputType === 'bankaccountassign'"
+                    v-model="item[datapoint.key]"
+                    :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
+                />
                 <Tiptap
                     v-else-if="datapoint.inputType === 'editor'"
                     @updateContent="(i) => contentChanged(i,datapoint)"
@@ -551,11 +586,11 @@ const updateItem = async () => {
                     icon="i-heroicons-x-mark"
                 />
               </InputGroup>
-            </UFormGroup>
+            </UFormField>
           </div>
         </div>
       </div>
-      <UFormGroup
+      <UFormField
           v-for="datapoint in dataType.templateColumns.filter(i => i.inputType && !i.inputColumn)"
           :label="datapoint.label"
       >
@@ -568,7 +603,7 @@ const updateItem = async () => {
         </template>
         <InputGroup class="w-full" v-if="datapoint.key.includes('.')">
           <UInput
-              :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'white'"
+              :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'white'"
               class="flex-auto"
               @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
               v-if="['text','number'].includes(datapoint.inputType)"
@@ -581,25 +616,25 @@ const updateItem = async () => {
               <span class="text-gray-500 dark:text-gray-400 text-xs">{{ datapoint.inputTrailing }}</span>
             </template>
           </UInput>
-          <UToggle
+          <USwitch
-              :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'primary'"
+              :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'primary'"
               @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
               v-else-if="datapoint.inputType === 'bool'"
               v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]"
               :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
           />
           <USelectMenu
-              :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'white'"
+              :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'white'"
               class="flex-auto"
               @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
               v-else-if="datapoint.inputType === 'select'"
               v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]"
               :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
-              :option-attribute="datapoint.selectOptionAttribute"
+              :items="getSelectItems(datapoint)"
-              :value-attribute="datapoint.selectValueAttribute || 'id'"
+              :label-key="getSelectLabelKey(datapoint)"
-              :options="datapoint.selectManualOptions || loadedOptions[datapoint.selectDataType]"
+              :value-key="getSelectValueKey(datapoint)"
-              :searchable="datapoint.selectSearchAttributes"
+              :search-input="getSelectSearchInput(datapoint)"
-              :search-attributes="datapoint.selectSearchAttributes"
+              :filter-fields="datapoint.selectSearchAttributes"
               :multiple="datapoint.selectMultiple"
           >
             <template #empty>
@@ -607,7 +642,7 @@ const updateItem = async () => {
             </template>
           </USelectMenu>
           <UTextarea
-              :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'white'"
+              :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'white'"
               class="flex-auto"
               @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
               v-else-if="datapoint.inputType === 'textarea'"
@@ -615,9 +650,9 @@ const updateItem = async () => {
               :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
               rows="4"
           />
-          <UPopover :popper="{ placement: 'bottom-start' }" v-else-if="datapoint.inputType === 'date'">
+          <UPopover :content="{ side: 'bottom', align: 'start' }" v-else-if="datapoint.inputType === 'date'">
             <UButton
-                :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'white'"
+                :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'white'"
                 icon="i-heroicons-calendar-days-20-solid"
                 :label="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? dayjs(item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]).format('DD.MM.YYYY') : 'Datum auswählen'"
                 variant="outline"
@@ -625,17 +660,17 @@ const updateItem = async () => {
 
             />
 
-            <template #panel="{ close }">
+            <template #content>
               <LazyDatePicker
                   @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
-                  v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]" @close="close"
+                  v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]"
                   :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
               />
             </template>
           </UPopover>
-          <UPopover :popper="{ placement: 'bottom-start' }" v-else-if="datapoint.inputType === 'datetime'">
+          <UPopover :content="{ side: 'bottom', align: 'start' }" v-else-if="datapoint.inputType === 'datetime'">
             <UButton
-                :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'rose') : 'white'"
+                :color="datapoint.required ? (item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? 'primary' : 'error') : 'white'"
                 icon="i-heroicons-calendar-days-20-solid"
                 :label="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]] ? dayjs(item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]).format('DD.MM.YY HH:mm') : 'Datum auswählen'"
                 variant="outline"
@@ -643,15 +678,20 @@ const updateItem = async () => {
 
             />
 
-            <template #panel="{ close }">
+            <template #content>
               <LazyDatePicker
                   @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
-                  v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]" @close="close"
+                  v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]"
                   :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                   mode="datetime"
               />
             </template>
           </UPopover>
+          <BankAccountAssignInput
+              v-else-if="datapoint.inputType === 'bankaccountassign'"
+              v-model="item[datapoint.key.split('.')[0]][datapoint.key.split('.')[1]]"
+              :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
+          />
           <Tiptap
               v-else-if="datapoint.inputType === 'editor'"
               @updateContent="(i) => contentChanged(i,datapoint)"
@@ -669,7 +709,7 @@ const updateItem = async () => {
         <InputGroup class="w-full" v-else>
           <UInput
               class="flex-auto"
-              :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'white'"
+              :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'white'"
               @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
               v-if="['text','number'].includes(datapoint.inputType)"
               v-model="item[datapoint.key]"
@@ -681,34 +721,33 @@ const updateItem = async () => {
               {{ datapoint.inputTrailing }}
             </template>
           </UInput>
-          <UToggle
+          <USwitch
-              :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'primary'"
+              :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'primary'"
               @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
               v-else-if="datapoint.inputType === 'bool'"
               v-model="item[datapoint.key]"
               :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
           />
           <USelectMenu
-              :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'white'"
+              :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'white'"
               class="flex-auto"
               @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
               v-else-if="datapoint.inputType === 'select'"
               v-model="item[datapoint.key]"
               :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
-              :option-attribute="datapoint.selectOptionAttribute"
+              :items="getSelectItems(datapoint)"
-              :value-attribute="datapoint.selectValueAttribute || 'id'"
+              :label-key="getSelectLabelKey(datapoint)"
-              :options="datapoint.selectManualOptions || loadedOptions[datapoint.selectDataType]"
+              :value-key="getSelectValueKey(datapoint)"
-              :searchable="datapoint.selectSearchAttributes"
+              :search-input="getSelectSearchInput(datapoint)"
-              :search-attributes="datapoint.selectSearchAttributes"
+              :filter-fields="datapoint.selectSearchAttributes"
               :multiple="datapoint.selectMultiple"
-              searchable-placeholder="Suche..."
           >
             <template #empty>
               Keine Optionen verfügbar
             </template>
           </USelectMenu>
           <UTextarea
-              :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'white'"
+              :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'white'"
               class="flex-auto"
               @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
               v-else-if="datapoint.inputType === 'textarea'"
@@ -716,42 +755,46 @@ const updateItem = async () => {
               :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
               rows="4"
           />
-          <UPopover :popper="{ placement: 'bottom-start' }" v-else-if="datapoint.inputType === 'date'">
+          <UPopover :content="{ side: 'bottom', align: 'start' }" v-else-if="datapoint.inputType === 'date'">
             <UButton
-                :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'white'"
+                :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'white'"
                 icon="i-heroicons-calendar-days-20-solid"
                 :label="item[datapoint.key] ? dayjs(item[datapoint.key]).format('DD.MM.YYYY') : 'Datum auswählen'"
                 variant="outline"
                 :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
             />
 
-            <template #panel="{ close }">
+            <template #content>
               <LazyDatePicker
                   @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
-                  v-model="item[datapoint.key]" @close="close"
+                  v-model="item[datapoint.key]"
                   :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
               />
             </template>
           </UPopover>
-          <UPopover :popper="{ placement: 'bottom-start' }" v-else-if="datapoint.inputType === 'datetime'">
+          <UPopover :content="{ side: 'bottom', align: 'start' }" v-else-if="datapoint.inputType === 'datetime'">
             <UButton
-                :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'rose') : 'white'"
+                :color="datapoint.required ? (item[datapoint.key] ? 'primary' : 'error') : 'white'"
                 icon="i-heroicons-calendar-days-20-solid"
                 :label="item[datapoint.key] ? dayjs(item[datapoint.key]).format('DD.MM.YY HH:mm') : 'Datum auswählen'"
                 variant="outline"
                 :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
             />
 
-            <template #panel="{ close }">
+            <template #content>
               <LazyDatePicker
                   @change="datapoint.inputChangeFunction ? datapoint.inputChangeFunction(item,loadedOptions) : null"
                   v-model="item[datapoint.key]"
-                  @close="close"
                   :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
                   mode="datetime"
               />
             </template>
           </UPopover>
+          <BankAccountAssignInput
+              v-else-if="datapoint.inputType === 'bankaccountassign'"
+              v-model="item[datapoint.key]"
+              :disabled="datapoint.disabledFunction ? datapoint.disabledFunction(item) : false"
+          />
           <Tiptap
               v-else-if="datapoint.inputType === 'editor'"
               @updateContent="(i) => contentChanged(i,datapoint)"
@@ -776,7 +819,7 @@ const updateItem = async () => {
               icon="i-heroicons-x-mark"
           />
         </InputGroup>
-      </UFormGroup>
+      </UFormField>
     </UForm>
   </UDashboardPanelContent>
 </template>
@@ -788,4 +831,4 @@ td {
   padding-bottom: 0.15em;
   padding-top: 0.15em;
 }
-</style>
+</style>

frontend/components/EntityList.vue

@@ -69,6 +69,12 @@ const profileStore = useProfileStore()
 const tempStore = useTempStore()
 
 const dataType = dataStore.dataTypes[type]
+const canCreate = computed(() => {
+  if (type === "members") {
+    return has("members-create") || has("customers-create")
+  }
+  return has(`${type}-create`)
+})
 
 const selectedColumns = ref(tempStore.columns[type] ? tempStore.columns[type] : dataType.templateColumns.filter(i => !i.disabledInTable))
 const columns = computed(() => dataType.templateColumns.filter((column) => !column.disabledInTable && selectedColumns.value.find(i => i.key === column.key)))
@@ -104,12 +110,6 @@ const filteredRows = computed(() => {
 </script>
 
 <template>
-  <FloatingActionButton
-   :label="`+ ${dataType.labelSingle}`"
-   variant="outline"
-   v-if="platform === 'mobile'"
-   @click="router.push(`/standardEntity/${type}/create`)"
-  />
   <UDashboardNavbar :title="dataType.label" :badge="filteredRows.length">
     <template #toggle>
       <div v-if="platform === 'mobile'"></div>
@@ -132,13 +132,13 @@ const filteredRows = computed(() => {
       <UButton
         icon="i-heroicons-x-mark"
         variant="outline"
-        color="rose"
+        color="error"
         @click="clearSearchString()"
         v-if="searchString.length > 0"
       />
 
       <UButton
-          v-if="platform !== 'mobile' && has(`${type}-create`)/*&& useRole().checkRight(`${type}-create`)*/"
+          v-if="platform !== 'mobile' && canCreate/*&& useRole().checkRight(`${type}-create`)*/"
           @click="router.push(`/standardEntity/${type}/create`)"
           class="ml-3"
       >+ {{dataType.labelSingle}}</UButton>
@@ -155,15 +155,15 @@ const filteredRows = computed(() => {
       <USelectMenu
           v-model="selectedColumns"
           icon="i-heroicons-adjustments-horizontal-solid"
-          :options="dataType.templateColumns.filter(i => !i.disabledInTable)"
+          :items="dataType.templateColumns.filter(i => !i.disabledInTable)"
           multiple
           class="hidden lg:block"
           by="key"
           :color="selectedColumns.length !== dataType.templateColumns.filter(i => !i.disabledInTable).length ? 'primary' : 'white'"
-          :ui-menu="{ width: 'min-w-max' }"
+          :content="{ width: 'min-w-max' }"
           @change="tempStore.modifyColumns(type,selectedColumns)"
       >
-        <template #label>
+        <template #default>
           Spalten
         </template>
       </USelectMenu>
@@ -172,11 +172,11 @@ const filteredRows = computed(() => {
           icon="i-heroicons-adjustments-horizontal-solid"
           multiple
           v-model="selectedFilters"
-          :options="selectableFilters"
+          :items="selectableFilters"
           :color="selectedFilters.length > 0 ? 'primary' : 'white'"
-          :ui-menu="{ width: 'min-w-max' }"
+          :content="{ width: 'min-w-max' }"
       >
-        <template #label>
+        <template #default>
           Filter
         </template>
       </USelectMenu>
@@ -185,14 +185,14 @@ const filteredRows = computed(() => {
   <EntityTableMobile
     v-if="platform === 'mobile'"
     :type="props.type"
-    :columns="columns"
+    :columns="normalizeTableColumns(columns)"
     :rows="filteredRows"
   />
   <EntityTable
     v-else
     @sort="(i) => emit('sort',i)"
     :type="props.type"
-    :columns="columns"
+    :columns="normalizeTableColumns(columns)"
     :rows="filteredRows"
     :loading="props.loading"
   />
@@ -200,4 +200,4 @@ const filteredRows = computed(() => {
 
 <style scoped>
 
-</style>
+</style>

frontend/components/EntityShow.vue

@@ -2,6 +2,7 @@
 
 import EntityShowSubTimes from "~/components/EntityShowSubTimes.vue";
 import WikiEntityWidget from "~/components/wiki/WikiEntityWidget.vue";
+import LabelPrintModal from "~/components/LabelPrintModal.vue";
 
 const props = defineProps({
   type: {
@@ -27,14 +28,16 @@ defineShortcuts({
     router.back()
   },
   'arrowleft': () => {
-    if(openTab.value > 0){
+    const currentIndex = Number(openTab.value)
-      openTab.value -= 1
+    if(currentIndex > 0){
+      openTab.value = String(currentIndex - 1)
       router.push(`${router.currentRoute.value.path}?tabIndex=${openTab.value}`)
     }
   },
   'arrowright': () => {
-    if(openTab.value < dataType.showTabs.length - 1) {
+    const currentIndex = Number(openTab.value)
-      openTab.value += 1
+    if(currentIndex < dataType.showTabs.length - 1) {
+      openTab.value = String(currentIndex + 1)
       router.push(`${router.currentRoute.value.path}?tabIndex=${openTab.value}`)
     }
   },
@@ -50,7 +53,7 @@ const auth = useAuthStore()
 
 const dataType = dataStore.dataTypes[type]
 
-const openTab = ref(route.query.tabIndex || 0)
+const openTab = ref(String(route.query.tabIndex || 0))
 
 
 
@@ -69,7 +72,7 @@ const getAvailableQueryStringData = (keys) => {
 
   if(props.item.customer) {
     addParam("customer", props.item.customer.id)
-  } else if(type === "customers") {
+  } else if(type === "customers" || type === "members") {
     addParam("customer", props.item.id)
   }
 
@@ -96,7 +99,8 @@ const getAvailableQueryStringData = (keys) => {
 }
 
 const onTabChange = (index) => {
-  router.push(`${router.currentRoute.value.path}?tabIndex=${index}`)
+  openTab.value = String(index)
+  router.push(`${router.currentRoute.value.path}?tabIndex=${openTab.value}`)
 }
 
 const changePinned = async () => {
@@ -136,6 +140,18 @@ const changePinned = async () => {
 
 }
 
+const openCustomerInventoryLabelPrint = () => {
+  modal.open(LabelPrintModal, {
+    context: {
+      id: props.item.id,
+      customerInventoryId: props.item.customerInventoryId,
+      name: props.item.name,
+      customerName: props.item.customer?.name,
+      serialNumber: props.item.serialNumber
+    }
+  })
+}
+
 </script>
 
 <template>
@@ -193,6 +209,14 @@ const changePinned = async () => {
         color="yellow"
         @click="changePinned"
       ></UButton>
+      <UButton
+          v-if="type === 'customerinventoryitems'"
+          icon="i-heroicons-printer"
+          variant="outline"
+          @click="openCustomerInventoryLabelPrint"
+      >
+        Label
+      </UButton>
       <UButton
           @click="router.push(`/standardEntity/${type}/edit/${item.id}`)"
       >
@@ -214,6 +238,14 @@ const changePinned = async () => {
       >{{item ? `${dataType.labelSingle}${props.item[dataType.templateColumns.find(i => i.title).key] ? ': ' + props.item[dataType.templateColumns.find(i => i.title).key] : ''}`: '' }}</h1>
     </template>
     <template #right>
+      <UButton
+          v-if="type === 'customerinventoryitems'"
+          icon="i-heroicons-printer"
+          variant="outline"
+          @click="openCustomerInventoryLabelPrint"
+      >
+        Label
+      </UButton>
       <UButton
           @click="router.push(`/standardEntity/${type}/edit/${item.id}`)"
       >
@@ -226,9 +258,9 @@ const changePinned = async () => {
       v-if="props.item.id && platform !== 'mobile'"
       class="p-5"
       v-model="openTab"
-      @change="onTabChange"
+      @update:model-value="onTabChange"
   >
-    <template #item="{item:tab}">
+    <template #content="{item:tab}">
       <div v-if="tab.label === 'Informationen'" class="flex flex-row">
 
         <EntityShowSubInformation
@@ -372,4 +404,4 @@ const changePinned = async () => {
 <style scoped>
 
 
-</style>
+</style>

frontend/components/EntityShowSub.vue

@@ -31,6 +31,7 @@ const dataStore = useDataStore()
 const tempStore = useTempStore()
 
 const router = useRouter()
+const createRoute = computed(() => type.value === "tasks" ? `/tasks/create?${props.queryStringData}` : `/standardEntity/${type.value}/create?${props.queryStringData}`)
 
 let dataType = null
 
@@ -80,7 +81,7 @@ setup()
     </template>
     <Toolbar>
       <UButton
-          @click="router.push(`/standardEntity/${type}/create?${props.queryStringData}`)"
+          @click="router.push(createRoute)"
       >
         + {{dataType.labelSingle}}
       </UButton>
@@ -95,15 +96,15 @@ setup()
         <USelectMenu
             v-model="selectedColumns"
             icon="i-heroicons-adjustments-horizontal-solid"
-            :options="dataType.templateColumns.filter(i => !i.disabledInTable)"
+            :items="dataType.templateColumns.filter(i => !i.disabledInTable)"
             multiple
             class="hidden lg:block"
             by="key"
             :color="selectedColumns.length !== dataType.templateColumns.filter(i => !i.disabledInTable).length ? 'primary' : 'white'"
-            :ui-menu="{ width: 'min-w-max' }"
+            :content="{ width: 'min-w-max' }"
             @change="tempStore.modifyColumns(type,selectedColumns)"
         >
-          <template #label>
+          <template #default>
             Spalten
           </template>
         </USelectMenu>
@@ -113,7 +114,7 @@ setup()
     <div class="scroll" style="height: 70vh">
       <EntityTable
           :type="type"
-          :columns="columns"
+          :columns="normalizeTableColumns(columns)"
           :rows="props.item[type]"
           style
       />
@@ -125,4 +126,4 @@ setup()
 
 <style scoped>
 
-</style>
+</style>

frontend/components/EntityShowSubCreatedDocuments.vue

@@ -181,49 +181,51 @@ const selectItem = (item) => {
       </UButton>
       <UModal
           prevent-close
-          v-model="showFinalInvoiceConfig"
+          v-model:open="showFinalInvoiceConfig"
       >
-        <UCard>
+        <template #content>
-          <template #header>
+          <UCard>
-            <div class="flex items-center justify-between">
+            <template #header>
-              <h3 class="text-base font-semibold leading-6 text-gray-900 dark:text-white">
+              <div class="flex items-center justify-between">
-                Schlussrechnung konfigurieren
+                <h3 class="text-base font-semibold leading-6 text-gray-900 dark:text-white">
-              </h3>
+                  Schlussrechnung konfigurieren
-              <UButton color="gray" variant="ghost" icon="i-heroicons-x-mark-20-solid" class="-my-1" @click="isOpen = false" />
+                </h3>
-            </div>
+                <UButton color="gray" variant="ghost" icon="i-heroicons-x-mark-20-solid" class="-my-1" @click="showFinalInvoiceConfig = false" />
-          </template>
+              </div>
+            </template>
 
-          <UFormGroup
+            <UFormField
-              label="Rechnungsvorlage"
+                label="Rechnungsvorlage"
-          >
-            <USelectMenu
-                :options="props.item.createddocuments.filter(i => ['confirmationOrders','quotes'].includes(i.type))"
-                value-attribute="id"
-                option-attribute="documentNumber"
-                v-model="referenceDocument"
-            />
-          </UFormGroup>
-
-          <UFormGroup
-              label="Abschlagsrechnungen"
-          >
-            <USelectMenu
-                :options="props.item.createddocuments.filter(i => ['advanceInvoices'].includes(i.type))"
-                multiple
-                value-attribute="id"
-                option-attribute="documentNumber"
-                v-model="advanceInvoicesToAdd"
-            />
-          </UFormGroup>
-
-          <template #footer>
-            <UButton
-                @click="invoiceAdvanceInvoices"
             >
-              Weiter
+              <USelectMenu
-            </UButton>
+                  :items="props.item.createddocuments.filter(i => ['confirmationOrders','quotes'].includes(i.type))"
-          </template>
+                  value-key="id"
-        </UCard>
+                  label-key="documentNumber"
+                  v-model="referenceDocument"
+              />
+            </UFormField>
+
+            <UFormField
+                label="Abschlagsrechnungen"
+            >
+              <USelectMenu
+                  :items="props.item.createddocuments.filter(i => ['advanceInvoices'].includes(i.type))"
+                  multiple
+                  value-key="id"
+                  label-key="documentNumber"
+                  v-model="advanceInvoicesToAdd"
+              />
+            </UFormField>
+
+            <template #footer>
+              <UButton
+                  @click="invoiceAdvanceInvoices"
+              >
+                Weiter
+              </UButton>
+            </template>
+          </UCard>
+        </template>
       </UModal>
       <UButton
           @click="router.push(`/createDocument/edit/?${getAvailableQueryStringData({type: 'invoices'})}`)"
@@ -235,48 +237,48 @@ const selectItem = (item) => {
         <USelectMenu
             v-model="selectedColumns"
             icon="i-heroicons-adjustments-horizontal-solid"
-            :options="templateColumns"
+            :items="templateColumns"
             multiple
             class="hidden lg:block"
             by="key"
             @change="tempStore.modifyColumns('createddocuments',selectedColumns)"
         >
-          <template #label>
+          <template #default>
             Spalten
           </template>
         </USelectMenu>
       </template>
     </Toolbar>
     <UTable
-        :rows="props.item.createddocuments.filter(i => !i.archived)"
+        :data="props.item.createddocuments.filter(i => !i.archived)"
-        :columns="columns"
+        :columns="normalizeTableColumns(columns)"
         class="w-full"
         :ui="{ divide: 'divide-gray-200 dark:divide-gray-800' }"
-        @select="selectItem"
+        :on-select="(row) => selectItem(row.original)"
-        :empty-state="{ icon: 'i-heroicons-circle-stack-20-solid', label: 'Keine Belege anzuzeigen' }"
+        :empty="{ icon: 'i-heroicons-circle-stack-20-solid', label: 'Keine Belege anzuzeigen' }"
         style="height: 70vh"
     >
-      <template #type-data="{row}">
+      <template #type-cell="{ row }">
-        {{dataStore.documentTypesForCreation[row.type].labelSingle}}
+        {{ dataStore.documentTypesForCreation[row.original.type].labelSingle }}
       </template>
-      <template #state-data="{row}">
+      <template #state-cell="{ row }">
         <span
-            v-if="row.state === 'Entwurf'"
+            v-if="row.original.state === 'Entwurf'"
-            class="text-rose-500"
+            class="text-error-500"
         >
-          {{row.state}}
+          {{ row.original.state }}
         </span>
         <span
-            v-if="row.state === 'Gebucht'"
+            v-if="row.original.state === 'Gebucht'"
             class="text-cyan-500"
         >
-          {{row.state}}
+          {{ row.original.state }}
         </span>
         <span
-            v-if="row.state === 'Abgeschlossen'"
+            v-if="row.original.state === 'Abgeschlossen'"
             class="text-primary-500"
         >
-          {{row.state}}
+          {{ row.original.state }}
         </span>
       </template>
 <!--      <template #paid-data="{row}">
@@ -285,19 +287,19 @@ const selectItem = (item) => {
           <span v-else class="text-rose-600">Offen</span>
         </div>
       </template>-->
-      <template #reference-data="{row}">
+      <template #reference-cell="{ row }">
-        <span v-if="row === props.item.createddocuments[selectedItem]" class="text-primary-500 font-bold">{{row.documentNumber}}</span>
+        <span v-if="row.original === props.item.createddocuments[selectedItem]" class="text-primary-500 font-bold">{{ row.original.documentNumber }}</span>
-        <span v-else>{{row.documentNumber}}</span>
+        <span v-else>{{ row.original.documentNumber }}</span>
       </template>
-      <template #date-data="{row}">
+      <template #date-cell="{ row }">
-        <span v-if="row.date">{{row.date ? dayjs(row.date).format("DD.MM.YY") : ''}}</span>
+        <span v-if="row.original.date">{{ row.original.date ? dayjs(row.original.date).format("DD.MM.YY") : '' }}</span>
-        <span v-if="row.documentDate">{{row.documentDate ? dayjs(row.documentDate).format("DD.MM.YY") : ''}}</span>
+        <span v-if="row.original.documentDate">{{ row.original.documentDate ? dayjs(row.original.documentDate).format("DD.MM.YY") : '' }}</span>
       </template>
-      <template #dueDate-data="{row}">
+      <template #dueDate-cell="{ row }">
-        <span v-if="row.paymentDays && ['invoices','advanceInvoices'].includes(row.type)" >{{row.documentDate ? dayjs(row.documentDate).add(row.paymentDays,'day').format("DD.MM.YY") : ''}}</span>
+        <span v-if="row.original.paymentDays && ['invoices','advanceInvoices'].includes(row.original.type)">{{ row.original.documentDate ? dayjs(row.original.documentDate).add(row.original.paymentDays,'day').format("DD.MM.YY") : '' }}</span>
       </template>
-      <template #amount-data="{row}">
+      <template #amount-cell="{ row }">
-        <span v-if="row.type !== 'deliveryNotes'">{{useCurrency(useSum().getCreatedDocumentSum(row, createddocuments))}}</span>
+        <span v-if="row.original.type !== 'deliveryNotes'">{{ useCurrency(useSum().getCreatedDocumentSum(row.original, createddocuments)) }}</span>
       </template>
     </UTable>
 

frontend/components/EntityShowSubFiles.vue

@@ -94,41 +94,43 @@ function isImage(file) {
   </UCard>
 
   <!-- 📱 PDF / IMG Viewer Slideover -->
-  <UModal v-model="showViewer" side="bottom" class="h-[100dvh]" fullscreen>
+  <UModal v-model:open="showViewer" side="bottom" class="h-[100dvh]" fullscreen>
-    <!-- Header -->
+    <template #content>
-    <div class="p-4 border-b flex justify-between items-center flex-shrink-0">
+      <!-- Header -->
-      <h3 class="font-bold truncate max-w-[70vw]">{{ activeFile?.path?.split("/").pop() }}</h3>
+      <div class="p-4 border-b flex justify-between items-center flex-shrink-0">
-      <UButton icon="i-heroicons-x-mark" variant="ghost" @click="closeViewer" />
+        <h3 class="font-bold truncate max-w-[70vw]">{{ activeFile?.path?.split("/").pop() }}</h3>
-    </div>
+        <UButton icon="i-heroicons-x-mark" variant="ghost" @click="closeViewer" />
-
-    <!-- Content -->
-    <div class="flex-1 overflow-y-auto m-2">
-      <!-- PDF -->
-      <div v-if="activeFile && isPdf(activeFile)" class="h-full">
-        <PDFViewer
-            :no-controls="true"
-            :file-id="activeFile.id"
-            location="fileviewer-mobile"
-            class="h-full"
-        />
       </div>
 
-      <!-- IMAGE -->
+      <!-- Content -->
-      <div
+      <div class="flex-1 overflow-y-auto m-2">
-          v-else-if="activeFile && isImage(activeFile)"
+        <!-- PDF -->
-          class="p-4 flex justify-center"
+        <div v-if="activeFile && isPdf(activeFile)" class="h-full">
-      >
+          <PDFViewer
-        <img
+              :no-controls="true"
-            :src="activeFile.url"
+              :file-id="activeFile.id"
-            class="max-w-full max-h-[80vh] rounded-lg shadow"
+              location="fileviewer-mobile"
+              class="h-full"
+          />
+        </div>
+
+        <!-- IMAGE -->
+        <div
+            v-else-if="activeFile && isImage(activeFile)"
+            class="p-4 flex justify-center"
+        >
+          <img
+              :src="activeFile.url"
+              class="max-w-full max-h-[80vh] rounded-lg shadow"
+          />
+        </div>
+
+        <UAlert
+            v-else
+            title="Nicht unterstützter Dateityp"
+            icon="i-heroicons-exclamation-triangle"
         />
       </div>
-
+    </template>
-      <UAlert
-          v-else
-          title="Nicht unterstützter Dateityp"
-          icon="i-heroicons-exclamation-triangle"
-      />
-    </div>
   </UModal>
 </template>

frontend/components/EntityShowSubHistoryDisplay.vue

@@ -21,13 +21,20 @@ const props = defineProps({
 const dataStore = useDataStore()
 
 const dataType = dataStore.dataTypes[props.topLevelType]
+const historyType = computed(() => {
+  const holder = dataType?.historyItemHolder
+  if (!holder) return props.topLevelType
+
+  const normalized = String(holder).toLowerCase()
+  return normalized.endsWith("s") ? normalized : `${normalized}s`
+})
 
 </script>
 
 <template>
   <UCard class="mt-5 scroll" :style="props.platform !== 'mobile' ? 'height: 80vh' : ''">
     <HistoryDisplay
-        :type="props.topLevelType"
+        :type="historyType"
         v-if="props.item.id"
         :element-id="props.item.id"
         render-headline
@@ -39,4 +46,4 @@ const dataType = dataStore.dataTypes[props.topLevelType]
 
 <style scoped>
 
-</style>
+</style>