added vite dependency to the backend

removed unnecessary comments
fixed ipSecurityCheck
2025-12-01 06:55:45 +01:00 · 2025-11-01 15:58:14 +01:00 · 2025-11-01 15:22:47 +01:00 · 2025-11-01 15:17:09 +01:00 · 2025-11-01 14:29:55 +01:00 · 2025-11-01 13:47:29 +01:00
27 changed files with 1021 additions and 587 deletions
--- a/.env.template
+++ b/.env.template
@@ -14,3 +14,14 @@ PORT=${PORT:-3002}
 # App Configuration
 APP_TITLE="Shift Planning App"
 ENABLE_PRO=${ENABLE_PRO:-false}
 # Trust Proxy Configuration
 TRUST_PROXY_ENABLED=false
 TRUSTED_PROXY_IPS=  # Your load balancer/reverse proxy IPs
 TRUSTED_PROXY_HEADER=x-forwarded-for
 # Rate Limiting Configuration  
 RATE_LIMIT_WINDOW_MS=900000
 RATE_LIMIT_MAX_REQUESTS=100
 RATE_LIMIT_SKIP_PATHS=/api/health,/api/status
 RATE_LIMIT_WHITELIST=127.0.0.1,::1
--- a/backend/package.json
+++ b/backend/package.json
@@ -4,6 +4,7 @@
  "type": "module",
  "scripts": {
    "dev": "npm run build && npx tsx src/server.ts",
    "dev:single": "cross-env NODE_ENV=development TRUST_PROXY_ENABLED=false npx tsx src/server.ts",
    "build": "tsc",
    "start": "node dist/server.js",
    "prestart": "npm run build",
@@ -14,6 +15,8 @@
  },
  "dependencies": {
    "@types/bcrypt": "^6.0.0",
    "@types/node": "24.9.2",
    "vite":"7.1.12",
    "bcrypt": "^6.0.0",
    "bcryptjs": "^2.4.3",
    "express": "^4.18.2",
@@ -32,6 +35,7 @@
    "@types/jest": "^29.5.0",
    "ts-node": "^10.9.0",
    "typescript": "^5.0.0",
-    "tsx": "^4.0.0"
+    "tsx": "^4.0.0",
    "cross-env": "10.1.0"
  }
 }
--- a/backend/src/controllers/authController.ts
+++ b/backend/src/controllers/authController.ts
@@ -64,7 +64,7 @@ export const login = async (req: Request, res: Response) => {
      return res.status(400).json({ error: 'E-Mail und Passwort sind erforderlich' });
    }
-    // UPDATED: Get user from database with role from employee_roles table
+    // Get user from database with role from employee_roles table
    const user = await db.get<any>(
      `SELECT 
        e.id, e.email, e.password, e.firstname, e.lastname, 
@@ -155,7 +155,7 @@ export const getCurrentUser = async (req: Request, res: Response) => {
      return res.status(401).json({ error: 'Nicht authentifiziert' });
    }
-    // UPDATED: Get user with role from employee_roles table
+    // Get user with role from employee_roles table
    const user = await db.get<any>(
      `SELECT 
        e.id, e.email, e.firstname, e.lastname,
--- a/backend/src/middleware/auth.ts
+++ b/backend/src/middleware/auth.ts
@@ -52,3 +52,35 @@ export const requireRole = (roles: string[]) => {
    next();
  };
 };
 export const getClientIP = (req: Request): string => {
  const trustedHeader = process.env.TRUSTED_PROXY_HEADER || 'x-forwarded-for';
  const forwarded = req.headers[trustedHeader];
  const realIp = req.headers['x-real-ip'];
  if (forwarded) {
    if (Array.isArray(forwarded)) {
      return forwarded[0].split(',')[0].trim();
    } else if (typeof forwarded === 'string') {
      return forwarded.split(',')[0].trim();
    }
  }
  if (realIp) {
    return realIp.toString();
  }
  return req.socket.remoteAddress || req.ip || 'unknown';
 };
 export const ipSecurityCheck = (req: AuthRequest, res: Response, next: NextFunction): void => {
  const clientIP = getClientIP(req);
  // Log suspicious activity
  const suspiciousPaths = ['/api/auth/login', '/api/auth/register'];
  if (suspiciousPaths.includes(req.path)) {
    console.log(`🔐 Auth attempt from IP: ${clientIP}, Path: ${req.path}`);
  }
  next();
 }
--- a/backend/src/middleware/rateLimit.ts
+++ b/backend/src/middleware/rateLimit.ts
@@ -1,6 +1,46 @@
 import rateLimit from 'express-rate-limit';
 import { Request } from 'express';
 // Secure IP extraction that works with proxy settings
 const getClientIP = (req: Request): string => {
  // Read from environment which header to trust
  const trustedHeader = process.env.TRUSTED_PROXY_HEADER || 'x-forwarded-for';
  const forwarded = req.headers[trustedHeader];
  const realIp = req.headers['x-real-ip'];
  const cfConnectingIp = req.headers['cf-connecting-ip']; // Cloudflare
  // If we have a forwarded header and trust proxy is configured
  if (forwarded) {
    if (Array.isArray(forwarded)) {
      const firstIP = forwarded[0].split(',')[0].trim();
      console.log(`🔍 Extracted IP from ${trustedHeader}: ${firstIP} (from: ${forwarded[0]})`);
      return firstIP;
    } else if (typeof forwarded === 'string') {
      const firstIP = forwarded.split(',')[0].trim();
      console.log(`🔍 Extracted IP from ${trustedHeader}: ${firstIP} (from: ${forwarded})`);
      return firstIP;
    }
  }
  // Cloudflare support
  if (cfConnectingIp) {
    console.log(`🔍 Using Cloudflare IP: ${cfConnectingIp}`);
    return cfConnectingIp.toString();
  }
  // Fallback to x-real-ip
  if (realIp) {
    console.log(`🔍 Using x-real-ip: ${realIp}`);
    return realIp.toString();
  }
  // Final fallback to connection remote address
  const remoteAddress = req.socket.remoteAddress || req.ip || 'unknown';
  console.log(`🔍 Using remote address: ${remoteAddress}`);
  return remoteAddress;
 };
 // Helper to check if request should be limited
 const shouldSkipLimit = (req: Request): boolean => {
  const skipPaths = [
@@ -14,35 +54,92 @@ const shouldSkipLimit = (req: Request): boolean => {
    return true;
  }
  // Skip for whitelisted IPs from environment
  const whitelist = process.env.RATE_LIMIT_WHITELIST?.split(',') || [];
  const clientIP = getClientIP(req);
  if (whitelist.includes(clientIP)) {
    console.log(`✅ IP whitelisted: ${clientIP}`);
    return true;
  }
  return skipPaths.includes(req.path);
 };
 // Environment-based configuration
 const getRateLimitConfig = () => {
  const isProduction = process.env.NODE_ENV === 'production';
  return {
    windowMs: parseInt(process.env.RATE_LIMIT_WINDOW_MS || '900000'), // 15 minutes default
    max: isProduction 
      ? parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || '100')  // Stricter in production
      : parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || '1000'), // More lenient in development
    // Development-specific relaxations
    skip: (req: Request) => {
      // Skip all GET requests in development for easier testing
      if (!isProduction && req.method === 'GET') {
        return true;
      }
      return shouldSkipLimit(req);
    }
  };
 };
 // Main API limiter - nur für POST/PUT/DELETE
 export const apiLimiter = rateLimit({
-  windowMs: 15 * 60 * 1000, // 15 minutes
+  ...getRateLimitConfig(),
  max: 200, // 200 non-GET requests per 15 minutes
  message: { 
    error: 'Zu viele Anfragen, bitte verlangsamen Sie Ihre Aktionen' 
  },
  standardHeaders: true,
  legacyHeaders: false,
-  skip: (req) => {
+  keyGenerator: (req) => getClientIP(req),
-    // ✅ Skip für GET requests (Data Fetching)
+  handler: (req, res) => {
-    if (req.method === 'GET') return true;
+    const clientIP = getClientIP(req);
    console.warn(`🚨 Rate limit exceeded for IP: ${clientIP}, Path: ${req.path}, Method: ${req.method}`);
-    // ✅ Skip für Health/Status Checks
+    res.status(429).json({ 
-    return shouldSkipLimit(req);
+      error: 'Zu viele Anfragen',
      message: 'Bitte versuchen Sie es später erneut',
      retryAfter: '15 Minuten',
      clientIP: process.env.NODE_ENV === 'development' ? clientIP : undefined // Only expose IP in dev
    });
  }
 });
 // Strict limiter for auth endpoints
 export const authLimiter = rateLimit({
  windowMs: 15 * 60 * 1000,
-  max: 5,
+  max: parseInt(process.env.AUTH_RATE_LIMIT_MAX_REQUESTS || '5'),
  message: { 
    error: 'Zu viele Login-Versuche, bitte versuchen Sie es später erneut' 
  },
  standardHeaders: true,
  legacyHeaders: false,
  skipSuccessfulRequests: true,
  keyGenerator: (req) => getClientIP(req),
  handler: (req, res) => {
    const clientIP = getClientIP(req);
    console.warn(`🚨 Auth rate limit exceeded for IP: ${clientIP}`);
    res.status(429).json({ 
      error: 'Zu viele Login-Versuche',
      message: 'Aus Sicherheitsgründen wurde Ihr Konto temporär gesperrt',
      retryAfter: '15 Minuten'
    });
  }
 });
 // Separate limiter for expensive endpoints
 export const expensiveEndpointLimiter = rateLimit({
  windowMs: 15 * 60 * 1000,
  max: parseInt(process.env.EXPENSIVE_ENDPOINT_LIMIT || '10'),
  message: {
    error: 'Zu viele Anfragen für diese Ressource'
  },
  standardHeaders: true,
  legacyHeaders: false,
  keyGenerator: (req) => getClientIP(req)
 });
--- a/backend/src/models/helpers/employeeHelpers.ts
+++ b/backend/src/models/helpers/employeeHelpers.ts
@@ -18,7 +18,7 @@ function generateEmail(firstname: string, lastname: string): string {
  return `${cleanFirstname}.${cleanLastname}@sp.de`;
 }
-// UPDATED: Validation for new employee model with employee types
+// Validation for new employee model with employee types
 export function validateEmployeeData(employee: CreateEmployeeRequest): string[] {
  const errors: string[] = [];
@@ -71,7 +71,7 @@ export function generateEmployeeEmail(firstname: string, lastname: string): stri
  return generateEmail(firstname, lastname);
 }
-// UPDATED: Business logic helpers for new employee types
+// Business logic helpers for new employee types
 export const isManager = (employee: Employee): boolean =>
  employee.employeeType === 'manager';
@@ -90,7 +90,7 @@ export const isInternal = (employee: Employee): boolean =>
 export const isExternal = (employee: Employee): boolean =>
  employee.employeeType === 'guest';
-// UPDATED: Trainee logic - now based on isTrainee field for personell type
+// Trainee logic - now based on isTrainee field for personell type
 export const isTrainee = (employee: Employee): boolean =>
  employee.employeeType === 'personell' && employee.isTrainee;
@@ -107,7 +107,7 @@ export const isMaintenance = (employee: Employee): boolean =>
 export const isUser = (employee: Employee): boolean =>
  employee.roles?.includes('user') || false;
-// UPDATED: Work alone permission - managers and experienced personell can work alone
+// Work alone permission - managers and experienced personell can work alone
 export const canEmployeeWorkAlone = (employee: Employee): boolean =>
  employee.canWorkAlone && (isManager(employee) || isExperienced(employee));
@@ -134,7 +134,7 @@ export function validateAvailabilityData(availability: Omit<EmployeeAvailability
  return errors;
 }
-// UPDATED: Helper to get employee type category
+// Helper to get employee type category
 export const getEmployeeCategory = (employee: Employee): 'internal' | 'external' => {
  return isInternal(employee) ? 'internal' : 'external';
 };
--- a/backend/src/models/helpers/shiftPlanHelpers.ts
+++ b/backend/src/models/helpers/shiftPlanHelpers.ts
@@ -78,7 +78,7 @@ export function calculateTotalRequiredEmployees(plan: ShiftPlan): number {
  return plan.shifts.reduce((total, shift) => total + shift.requiredEmployees, 0);
 }
-// UPDATED: Get scheduled shift by date and time slot
+// Get scheduled shift by date and time slot
 export function getScheduledShiftByDateAndTime(
  plan: ShiftPlan, 
  date: string, 
--- a/backend/src/models/scheduling.ts
+++ b/backend/src/models/scheduling.ts
@@ -2,7 +2,7 @@
 import { Employee } from './Employee.js';
 import { ShiftPlan } from './ShiftPlan.js';
-// Updated Availability interface to match new schema
+// Availability interface
 export interface Availability {
  id: string;
  employeeId: string;
--- a/backend/src/scripts/applyMigration.ts
+++ b/backend/src/scripts/applyMigration.ts
@@ -53,7 +53,7 @@ async function markMigrationAsApplied(migrationName: string) {
  );
 }
-// UPDATED: Function to handle schema changes for the new employee type system
+// Function to handle schema changes for the new employee type system
 async function applySchemaUpdates() {
  console.log('🔄 Applying schema updates for new employee type system...');
@@ -80,7 +80,7 @@ async function applySchemaUpdates() {
      PRAGMA table_info(employees)
    `);
-    // FIXED: Check for employee_type column (not roles column)
+    // Check for employee_type column (not roles column)
    const hasEmployeeType = employeesTableInfo.some((col: TableColumnInfo) => col.name === 'employee_type');
    const hasIsTrainee = employeesTableInfo.some((col: TableColumnInfo) => col.name === 'is_trainee');
--- a/backend/src/server.ts
+++ b/backend/src/server.ts
@@ -5,6 +5,7 @@ import { fileURLToPath } from 'url';
 import { initializeDatabase } from './scripts/initializeDatabase.js';
 import fs from 'fs';
 import helmet from 'helmet';
 import type { ViteDevServer } from 'vite';
 // Route imports
 import authRoutes from './routes/auth.js';
@@ -13,7 +14,12 @@ import shiftPlanRoutes from './routes/shiftPlans.js';
 import setupRoutes from './routes/setup.js';
 import scheduledShifts from './routes/scheduledShifts.js';
 import schedulingRoutes from './routes/scheduling.js';
-import { authLimiter, apiLimiter } from './middleware/rateLimit.js';
+import { 
  apiLimiter, 
  authLimiter, 
  expensiveEndpointLimiter
 } from './middleware/rateLimit.js';
 import { ipSecurityCheck as authIpCheck } from './middleware/auth.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -22,7 +28,50 @@ const app = express();
 const PORT = 3002;
 const isDevelopment = process.env.NODE_ENV === 'development';
-app.set('trust proxy', true);
+app.use(authIpCheck);
 let vite: ViteDevServer | undefined;
 if (isDevelopment) {
  // Dynamically import and setup Vite middleware
  const setupViteDevServer = async () => {
    try {
      const { createServer } = await import('vite');
      vite = await createServer({
        server: { middlewareMode: true },
        appType: 'spa'
      });
      app.use(vite.middlewares);
      console.log('🔧 Vite dev server integrated with Express');
    } catch (error) {
      console.warn('⚠️ Vite integration failed, using static files:', error);
    }
  };
  setupViteDevServer();
 }
 const configureStaticFiles = () => {
  const staticConfig = {
    maxAge: '1y',
    etag: false,
    immutable: true,
    index: false
  };
  // Serve frontend build
  const frontendPath = '/app/frontend-build';
  if (fs.existsSync(frontendPath)) {
    console.log('✅ Serving frontend from:', frontendPath);
    app.use(express.static(frontendPath, staticConfig));
  }
  // Serve premium assets if available
  const premiumPath = '/app/premium-dist';
  if (fs.existsSync(premiumPath)) {
    console.log('✅ Serving premium assets from:', premiumPath);
    app.use('/premium-assets', express.static(premiumPath, staticConfig));
  }
 };
 // Security configuration
 if (process.env.NODE_ENV === 'production') {
@@ -34,6 +83,48 @@ if (process.env.NODE_ENV === 'production') {
  }
 }
 const configureTrustProxy = (): string | string[] | boolean | number => {
  const trustedProxyIps = process.env.TRUSTED_PROXY_IPS;
  const trustProxyEnabled = process.env.TRUST_PROXY_ENABLED !== 'false'; // Default true for production
  // If explicitly disabled
  if (!trustProxyEnabled) {
    console.log('🔒 Trust proxy: Disabled');
    return false;
  }
  // If specific IPs are provided via environment variable
  if (trustedProxyIps) {
    console.log('🔒 Trust proxy: Using configured IPs:', trustedProxyIps);
    // Handle comma-separated list of IPs/CIDR ranges
    if (trustedProxyIps.includes(',')) {
      return trustedProxyIps.split(',').map(ip => ip.trim());
    }
    // Handle single IP/CIDR
    return trustedProxyIps.trim();
  }
  // Default behavior based on environment
  if (process.env.NODE_ENV === 'production') {
    console.log('🔒 Trust proxy: Using production defaults (private networks)');
    return [
      'loopback', 
      'linklocal', 
      'uniquelocal',
      '10.0.0.0/8',
      '172.16.0.0/12', 
      '192.168.0.0/16'
    ];
  } else {
    console.log('🔒 Trust proxy: Development mode (disabled)');
    return false;
  }
 };
 app.set('trust proxy', configureTrustProxy());
 // Security headers
 app.use(helmet({
  contentSecurityPolicy: {
@@ -66,9 +157,12 @@ app.use(express.json());
 // Rate limiting - weniger restriktiv in Development
 if (process.env.NODE_ENV === 'production') {
  console.log('🔒 Applying production rate limiting');
  app.use('/api/', apiLimiter);
 } else {
-  console.log('🔧 Development: Rate limiting relaxed');
+  console.log('🔧 Development: Relaxed rate limiting applied');
  // In development, you might want to be more permissive
  app.use('/api/', apiLimiter);
 }
 // API Routes
@@ -77,7 +171,7 @@ app.use('/api/auth', authLimiter, authRoutes);
 app.use('/api/employees', employeeRoutes);
 app.use('/api/shift-plans', shiftPlanRoutes);
 app.use('/api/scheduled-shifts', scheduledShifts);
-app.use('/api/scheduling', schedulingRoutes);
+app.use('/api/scheduling', expensiveEndpointLimiter, schedulingRoutes);
 // Health route
 app.get('/api/health', (req: express.Request, res: express.Response) => {
@@ -118,6 +212,7 @@ const findFrontendBuildPath = (): string | null => {
 };
 const frontendBuildPath = findFrontendBuildPath();
 configureStaticFiles();
 if (frontendBuildPath) {
  app.use(express.static(frontendBuildPath));
@@ -130,12 +225,25 @@ if (frontendBuildPath) {
 }
 // Root route
-app.get('/', (req, res) => {
+app.get('/', async (req, res) => {
-  if (!frontendBuildPath) {
+  // In development with Vite middleware
-    if (isDevelopment) {
+  if (vite) {
-      return res.redirect('http://localhost:3003');
+    try {
      const template = fs.readFileSync(
        path.resolve(__dirname, '../../frontend/index.html'),
        'utf-8'
      );
      const html = await vite.transformIndexHtml(req.url, template);
      res.send(html);
    } catch (error) {
      res.status(500).send('Vite dev server error');
    }
-    return res.status(500).send('Frontend build not found');
+    return;
  }
  // Fallback to static file serving
  if (!frontendBuildPath) {
    return res.status(500).send('Frontend not available');
  }
  const indexPath = path.join(frontendBuildPath, 'index.html');
@@ -143,20 +251,26 @@ app.get('/', (req, res) => {
 });
 // Client-side routing fallback
-app.get('*', (req, res) => {
+app.get('*', (req, res, next) => {
  // Skip API routes
  if (req.path.startsWith('/api/')) {
-    return res.status(404).json({ error: 'API endpoint not found' });
+    return next();
  }
-  if (!frontendBuildPath) {
+  // Skip file extensions (assets)
-    if (isDevelopment) {
+  if (req.path.match(/\.[a-z0-9]+$/i)) {
-      return res.redirect(`http://localhost:3003${req.path}`);
+    return next();
    }
    return res.status(500).json({ error: 'Frontend application not available' });
  }
-  const indexPath = path.join(frontendBuildPath, 'index.html');
+  // Serve React app for all other routes
  const frontendPath = '/app/frontend-build';
  const indexPath = path.join(frontendPath, 'index.html');
  if (fs.existsSync(indexPath)) {
    res.sendFile(indexPath);
  } else {
    res.status(404).send('Frontend not available');
  }
 });
 // Error handling
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -28,7 +28,7 @@
    "framer-motion": "12.23.24"
  },
  "scripts": {
-    "dev": "vite",
+    "dev": "vite dev",
    "build": "tsc && vite build",
    "preview": "vite preview"
  }
--- a/frontend/src/contexts/AuthContext.tsx
+++ b/frontend/src/contexts/AuthContext.tsx
@@ -49,12 +49,21 @@ export const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
  const checkSetupStatus = async (): Promise<void> => {
    try {
      console.log('🔍 Checking setup status...');
-      const response = await fetch(`${API_BASE_URL}/setup/status`);
+      const startTime = Date.now();
      const response = await fetch(`${API_BASE_URL}/setup/status`, {
        signal: AbortSignal.timeout(5000)
      });
      console.log(`✅ Setup status response received in ${Date.now() - startTime}ms`);
      if (!response.ok) {
        console.error('❌ Setup status response not OK:', response.status, response.statusText);
        throw new Error('Setup status check failed');
      }
      const data = await response.json();
-      console.log('✅ Setup status response:', data);
+      console.log('✅ Setup status response data:', data);
      setNeedsSetup(data.needsSetup === true);
    } catch (error) {
      console.error('❌ Error checking setup status:', error);
@@ -95,7 +104,6 @@ export const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
    }
  };
  // Add the updateUser function
  const updateUser = (userData: Employee) => {
    console.log('🔄 Updating user in auth context:', userData);
    setUser(userData);
@@ -161,6 +169,8 @@ export const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
    initializeAuth();
  }, []);
  const calculatedNeedsSetup = needsSetup === null ? true : needsSetup;
  const value: AuthContextType = {
    user,
    login,
@@ -168,7 +178,7 @@ export const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
    hasRole,
    loading,
    refreshUser,
-    needsSetup: needsSetup === null ? true : needsSetup,
+    needsSetup: calculatedNeedsSetup,
    checkSetupStatus,
    updateUser,
  };
--- a/frontend/src/models/defaults/employeeDefaults.ts
+++ b/frontend/src/models/defaults/employeeDefaults.ts
@@ -102,7 +102,7 @@ export const AVAILABILITY_PREFERENCES = {
 } as const;
 // Default availability for new employees (all shifts unavailable as level 3)
-// UPDATED: Now uses shiftId instead of timeSlotId + dayOfWeek
+// Now uses shiftId instead of timeSlotId + dayOfWeek
 export function createDefaultAvailabilities(employeeId: string, planId: string, shiftIds: string[]): Omit<EmployeeAvailability, 'id'>[] {
  const availabilities: Omit<EmployeeAvailability, 'id'>[] = [];
--- a/frontend/src/models/helpers/employeeHelpers.ts
+++ b/frontend/src/models/helpers/employeeHelpers.ts
@@ -18,7 +18,7 @@ function generateEmail(firstname: string, lastname: string): string {
  return `${cleanFirstname}.${cleanLastname}@sp.de`;
 }
-// UPDATED: Validation for new employee model with employee types
+// Validation for new employee model with employee types
 export function validateEmployeeData(employee: CreateEmployeeRequest): string[] {
  const errors: string[] = [];
@@ -71,7 +71,7 @@ export function generateEmployeeEmail(firstname: string, lastname: string): stri
  return generateEmail(firstname, lastname);
 }
-// UPDATED: Business logic helpers for new employee types
+// Business logic helpers for new employee types
 export const isManager = (employee: Employee): boolean =>
  employee.employeeType === 'manager';
@@ -90,7 +90,7 @@ export const isInternal = (employee: Employee): boolean =>
 export const isExternal = (employee: Employee): boolean =>
  employee.employeeType === 'guest';
-// UPDATED: Trainee logic - now based on isTrainee field for personell type
+// Trainee logic - now based on isTrainee field for personell type
 export const isTrainee = (employee: Employee): boolean =>
  employee.employeeType === 'personell' && employee.isTrainee;
@@ -107,7 +107,7 @@ export const isMaintenance = (employee: Employee): boolean =>
 export const isUser = (employee: Employee): boolean =>
  employee.roles?.includes('user') || false;
-// UPDATED: Work alone permission - managers and experienced personell can work alone
+// Work alone permission - managers and experienced personell can work alone
 export const canEmployeeWorkAlone = (employee: Employee): boolean =>
  employee.canWorkAlone && (isManager(employee) || isExperienced(employee));
@@ -134,7 +134,7 @@ export function validateAvailabilityData(availability: Omit<EmployeeAvailability
  return errors;
 }
-// UPDATED: Helper to get employee type category
+// Helper to get employee type category
 export const getEmployeeCategory = (employee: Employee): 'internal' | 'external' => {
  return isInternal(employee) ? 'internal' : 'external';
 };
--- a/frontend/src/models/helpers/shiftPlanHelpers.ts
+++ b/frontend/src/models/helpers/shiftPlanHelpers.ts
@@ -78,7 +78,7 @@ export function calculateTotalRequiredEmployees(plan: ShiftPlan): number {
  return plan.shifts.reduce((total, shift) => total + shift.requiredEmployees, 0);
 }
-// UPDATED: Get scheduled shift by date and time slot
+// Get scheduled shift by date and time slot
 export function getScheduledShiftByDateAndTime(
  plan: ShiftPlan, 
  date: string, 
--- a/frontend/src/models/scheduling.ts
+++ b/frontend/src/models/scheduling.ts
@@ -2,7 +2,7 @@
 import { Employee } from './Employee.js';
 import { ShiftPlan } from './ShiftPlan.js';
-// Updated Availability interface to match new schema
+// Availability interface to match
 export interface Availability {
  id: string;
  employeeId: string;
--- a/frontend/src/pages/Auth/Login.tsx
+++ b/frontend/src/pages/Auth/Login.tsx
@@ -1,4 +1,4 @@
-// frontend/src/pages/Auth/Login.tsx - UPDATED PASSWORD SECTION
+// frontend/src/pages/Auth/Login.tsx
 import React, { useState, useEffect, useRef } from 'react';
 import { useNavigate } from 'react-router-dom';
 import { useAuth } from '../../contexts/AuthContext';
--- a/frontend/src/pages/Employees/components/EmployeeList.tsx
+++ b/frontend/src/pages/Employees/components/EmployeeList.tsx
@@ -15,7 +15,7 @@ interface EmployeeListProps {
 type SortField = 'name' | 'employeeType' | 'canWorkAlone' | 'role' | 'lastLogin';
 type SortDirection = 'asc' | 'desc';
-// FIXED: Use the actual employee types from the Employee interface
+// Use the actual employee types from the Employee interface
 type EmployeeType = 'manager' | 'personell' | 'apprentice' | 'guest';
 const EmployeeList: React.FC<EmployeeListProps> = ({
@@ -130,7 +130,7 @@ const EmployeeList: React.FC<EmployeeListProps> = ({
  const getEmployeeTypeBadge = (type: EmployeeType, isTrainee: boolean = false) => {
    const config = EMPLOYEE_TYPE_CONFIG[type];
-    // FIXED: Updated color mapping for actual employee types
+    // Color mapping for actual employee types
    const bgColor =
      type === 'manager'
        ? '#fadbd8' // light red
@@ -326,7 +326,7 @@ const EmployeeList: React.FC<EmployeeListProps> = ({
        </div>
        {sortedEmployees.map(employee => {
-          // FIXED: Type assertion to ensure type safety
+          // Type assertion to ensure type safety
          const employeeType = getEmployeeTypeBadge(employee.employeeType as EmployeeType, employee.isTrainee);
          const independence = getIndependenceBadge(employee.canWorkAlone);
          const roleInfo = getRoleBadge(employee.roles);
--- a/frontend/src/pages/ShiftPlans/ShiftPlanView.tsx
+++ b/frontend/src/pages/ShiftPlans/ShiftPlanView.tsx
@@ -1,4 +1,4 @@
-// frontend/src/pages/ShiftPlans/ShiftPlanView.tsx - UPDATED
+// frontend/src/pages/ShiftPlans/ShiftPlanView.tsx
 import React, { useState, useEffect } from 'react';
 import { useParams, useNavigate } from 'react-router-dom';
 import { useAuth } from '../../contexts/AuthContext';
@@ -1118,7 +1118,7 @@ const ShiftPlanView: React.FC = () => {
        </div>
      )}
-      {/* Assignment Preview Modal - FIXED CONDITION */}
+      {/* Assignment Preview Modal */}
      {(showAssignmentPreview || assignmentResult) && (
        <div style={{
          position: 'fixed',
--- a/frontend/src/services/apiClient.ts
+++ b/frontend/src/services/apiClient.ts
@@ -0,0 +1,130 @@
 import { ValidationError, ErrorService } from './errorService';
 export class ApiError extends Error {
  public validationErrors: ValidationError[];
  public statusCode: number;
  public originalError?: any;
  constructor(message: string, validationErrors: ValidationError[] = [], statusCode: number = 0, originalError?: any) {
    super(message);
    this.name = 'ApiError';
    this.validationErrors = validationErrors;
    this.statusCode = statusCode;
    this.originalError = originalError;
  }
 }
 export class ApiClient {
  private baseURL: string;
  constructor() {
    this.baseURL = import.meta.env.VITE_API_URL || '/api';
  }
  private getAuthHeaders(): HeadersInit {
    const token = localStorage.getItem('token');
    return token ? { 'Authorization': `Bearer ${token}` } : {};
  }
  private async handleApiResponse<T>(response: Response): Promise<T> {
    if (!response.ok) {
      let errorData;
      try {
        // Try to parse error response as JSON
        const responseText = await response.text();
        errorData = responseText ? JSON.parse(responseText) : {};
      } catch {
        // If not JSON, create a generic error object
        errorData = { error: `HTTP ${response.status}: ${response.statusText}` };
      }
      // Extract validation errors using your existing ErrorService
      const validationErrors = ErrorService.extractValidationErrors(errorData);
      if (validationErrors.length > 0) {
        // Throw error with validationErrors property for useBackendValidation hook
        throw new ApiError(
          errorData.error || 'Validation failed',
          validationErrors,
          response.status,
          errorData
        );
      }
      // Throw regular error for non-validation errors
      throw new ApiError(
        errorData.error || errorData.message || `HTTP error! status: ${response.status}`,
        [],
        response.status,
        errorData
      );
    }
    // For successful responses, try to parse as JSON
    try {
      const responseText = await response.text();
      return responseText ? JSON.parse(responseText) : {} as T;
    } catch (error) {
      // If response is not JSON but request succeeded (e.g., 204 No Content)
      return {} as T;
    }
  }
  async request<T>(endpoint: string, options: RequestInit = {}): Promise<T> {
    const url = `${this.baseURL}${endpoint}`;
    const config: RequestInit = {
      headers: {
        'Content-Type': 'application/json',
        ...this.getAuthHeaders(),
        ...options.headers,
      },
      ...options,
    };
    try {
      const response = await fetch(url, config);
      return await this.handleApiResponse<T>(response);
    } catch (error) {
      // Re-throw the error to be caught by useBackendValidation
      if (error instanceof ApiError) {
        throw error;
      }
      // Wrap non-ApiError errors
      throw new ApiError(
        error instanceof Error ? error.message : 'Unknown error occurred',
        [],
        0,
        error
      );
    }
  }
  // Standardized HTTP methods
  get = <T>(endpoint: string) => this.request<T>(endpoint);
  post = <T>(endpoint: string, data?: any) => 
    this.request<T>(endpoint, { 
      method: 'POST', 
      body: data ? JSON.stringify(data) : undefined 
    });
  put = <T>(endpoint: string, data?: any) => 
    this.request<T>(endpoint, { 
      method: 'PUT', 
      body: data ? JSON.stringify(data) : undefined 
    });
  patch = <T>(endpoint: string, data?: any) => 
    this.request<T>(endpoint, { 
      method: 'PATCH', 
      body: data ? JSON.stringify(data) : undefined 
    });
  delete = <T>(endpoint: string) => 
    this.request<T>(endpoint, { method: 'DELETE' });
 }
 export const apiClient = new ApiClient();
--- a/frontend/src/services/authService.ts
+++ b/frontend/src/services/authService.ts
@@ -1,8 +1,5 @@
 // frontend/src/services/authService.ts - UPDATED
 import { Employee } from '../models/Employee';
-import { ErrorService } from './errorService';
+import { apiClient } from './apiClient';
 const API_BASE_URL = import.meta.env.VITE_API_URL || '/api';
 export interface LoginRequest {
  email: string;
@@ -25,31 +22,8 @@ export interface AuthResponse {
 class AuthService {
  private token: string | null = null;
  private async handleApiResponse<T>(response: Response): Promise<T> {
    if (!response.ok) {
      const errorData = await response.json().catch(() => ({}));
      const validationErrors = ErrorService.extractValidationErrors(errorData);
      if (validationErrors.length > 0) {
        const error = new Error('Validation failed');
        (error as any).validationErrors = validationErrors;
        throw error;
      }
      throw new Error(errorData.error || errorData.message || 'Authentication failed');
    }
    return response.json();
  }
  async login(credentials: LoginRequest): Promise<AuthResponse> {
-    const response = await fetch(`${API_BASE_URL}/auth/login`, {
+    const data = await apiClient.post<AuthResponse>('/auth/login', credentials);
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(credentials)
    });
    const data = await this.handleApiResponse<AuthResponse>(response);
    this.token = data.token;
    localStorage.setItem('token', data.token);
    localStorage.setItem('employee', JSON.stringify(data.employee));
@@ -57,13 +31,7 @@ class AuthService {
  }
  async register(userData: RegisterRequest): Promise<AuthResponse> {
-    const response = await fetch(`${API_BASE_URL}/employees`, {
+    await apiClient.post('/employees', userData);
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(userData)
    });
    const data = await this.handleApiResponse<AuthResponse>(response);
    return this.login({
      email: userData.email,
      password: userData.password
@@ -77,29 +45,17 @@ class AuthService {
  async fetchCurrentEmployee(): Promise<Employee | null> {
    const token = this.getToken();
-    if (!token) {
+    if (!token) return null;
      return null;
    }
    try {
-      const response = await fetch(`${API_BASE_URL}/auth/me`, {
+      const data = await apiClient.get<{ user: Employee }>('/auth/me');
-        headers: {
+      localStorage.setItem('user', JSON.stringify(data.user));
-          'Authorization': `Bearer ${token}`
+      return data.user;
        }
      });
      if (response.ok) {
        const data = await response.json();
        const user = data.user;
        localStorage.setItem('user', JSON.stringify(user));
        return user;
      }
    } catch (error) {
      console.error('Error fetching current user:', error);
    }
      return null;
    }
  }
  logout(): void {
    this.token = null;
--- a/frontend/src/services/employeeService.ts
+++ b/frontend/src/services/employeeService.ts
@@ -1,138 +1,58 @@
 // frontend/src/services/employeeService.ts
 import { Employee, CreateEmployeeRequest, UpdateEmployeeRequest, EmployeeAvailability } from '../models/Employee';
-import { ErrorService, ValidationError } from './errorService';
+import { apiClient } from './apiClient';
 const API_BASE_URL = '/api';
 const getAuthHeaders = () => {
  const token = localStorage.getItem('token');
  return {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${token}`
  };
 };
 export class EmployeeService {
  private async handleApiResponse<T>(response: Response): Promise<T> {
    if (!response.ok) {
      const errorData = await response.json().catch(() => ({}));
      const validationErrors = ErrorService.extractValidationErrors(errorData);
      if (validationErrors.length > 0) {
        const error = new Error('Validation failed');
        (error as any).validationErrors = validationErrors;
        throw error;
      }
      throw new Error(errorData.error || errorData.message || `HTTP error! status: ${response.status}`);
    }
    return response.json();
  }
  async getEmployees(includeInactive: boolean = false): Promise<Employee[]> {
    console.log('🔄 Fetching employees from API...');
-    const token = localStorage.getItem('token');
+    try {
-    console.log('🔑 Token exists:', !!token);
+      const employees = await apiClient.get<Employee[]>(`/employees?includeInactive=${includeInactive}`);
    const response = await fetch(`${API_BASE_URL}/employees?includeInactive=${includeInactive}`, {
      headers: getAuthHeaders(),
    });
    console.log('📡 Response status:', response.status);
    if (!response.ok) {
      const errorText = await response.text();
      console.error('❌ API Error:', errorText);
      throw new Error('Failed to fetch employees');
    }
    const employees = await response.json();
      console.log('✅ Employees received:', employees.length);
      return employees;
    } catch (error) {
      console.error('❌ Error fetching employees:', error);
      throw error; // Let useBackendValidation handle this
    }
  }
  async getEmployee(id: string): Promise<Employee> {
-    const response = await fetch(`${API_BASE_URL}/employees/${id}`, {
+    return apiClient.get<Employee>(`/employees/${id}`);
      headers: getAuthHeaders(),
    });
    return this.handleApiResponse<Employee>(response);
  }
  async createEmployee(employee: CreateEmployeeRequest): Promise<Employee> {
-    const response = await fetch(`${API_BASE_URL}/employees`, {
+    return apiClient.post<Employee>('/employees', employee);
      method: 'POST',
      headers: getAuthHeaders(),
      body: JSON.stringify(employee),
    });
    return this.handleApiResponse<Employee>(response);
  }
  async updateEmployee(id: string, employee: UpdateEmployeeRequest): Promise<Employee> {
-    const response = await fetch(`${API_BASE_URL}/employees/${id}`, {
+    return apiClient.put<Employee>(`/employees/${id}`, employee);
      method: 'PUT',
      headers: getAuthHeaders(),
      body: JSON.stringify(employee),
    });
    return this.handleApiResponse<Employee>(response);
  }
  async deleteEmployee(id: string): Promise<void> {
-    const response = await fetch(`${API_BASE_URL}/employees/${id}`, {
+    await apiClient.delete(`/employees/${id}`);
      method: 'DELETE',
      headers: getAuthHeaders(),
    });
    if (!response.ok) {
      const error = await response.json();
      throw new Error(error.error || 'Failed to delete employee');
    }
  }
  async getAvailabilities(employeeId: string): Promise<EmployeeAvailability[]> {
-    const response = await fetch(`${API_BASE_URL}/employees/${employeeId}/availabilities`, {
+    return apiClient.get<EmployeeAvailability[]>(`/employees/${employeeId}/availabilities`);
      headers: getAuthHeaders(),
    });
    return this.handleApiResponse<EmployeeAvailability[]>(response);
  }
-  async updateAvailabilities(employeeId: string, data: { planId: string, availabilities: Omit<EmployeeAvailability, 'id' | 'employeeId'>[] }): Promise<EmployeeAvailability[]> {
+  async updateAvailabilities(
    employeeId: string, 
    data: { planId: string, availabilities: Omit<EmployeeAvailability, 'id' | 'employeeId'>[] }
  ): Promise<EmployeeAvailability[]> {
    console.log('🔄 Updating availabilities for employee:', employeeId);
-    const response = await fetch(`${API_BASE_URL}/employees/${employeeId}/availabilities`, {
+    return apiClient.put<EmployeeAvailability[]>(`/employees/${employeeId}/availabilities`, data);
      method: 'PUT',
      headers: getAuthHeaders(),
      body: JSON.stringify(data),
    });
    return this.handleApiResponse<EmployeeAvailability[]>(response);
  }
-  async changePassword(id: string, data: { currentPassword: string, newPassword: string, confirmPassword: string }): Promise<void> {
+  async changePassword(
-    const response = await fetch(`${API_BASE_URL}/employees/${id}/password`, {
+    id: string, 
-      method: 'PUT',
+    data: { currentPassword: string, newPassword: string, confirmPassword: string }
-      headers: getAuthHeaders(),
+  ): Promise<void> {
-      body: JSON.stringify(data),
+    return apiClient.put<void>(`/employees/${id}/password`, data);
    });
    return this.handleApiResponse<void>(response);
  }
  async updateLastLogin(employeeId: string): Promise<void> {
    try {
-      const response = await fetch(`${API_BASE_URL}/employees/${employeeId}/last-login`, {
+      await apiClient.patch(`/employees/${employeeId}/last-login`);
        method: 'PATCH',
        headers: getAuthHeaders(),
      });
      if (!response.ok) {
        throw new Error('Failed to update last login');
      }
    } catch (error) {
      console.error('Error updating last login:', error);
      throw error;
--- a/frontend/src/services/shiftAssignmentService.ts
+++ b/frontend/src/services/shiftAssignmentService.ts
@@ -1,65 +1,15 @@
 // frontend/src/services/shiftAssignmentService.ts - WEEKLY PATTERN VERSION
 import { ShiftPlan, ScheduledShift } from '../models/ShiftPlan';
 import { Employee, EmployeeAvailability } from '../models/Employee';
 import { authService } from './authService';
 import { AssignmentResult, ScheduleRequest } from '../models/scheduling';
-
+import { apiClient } from './apiClient';
 const API_BASE_URL = '/api';
 // Helper function to get auth headers
 const getAuthHeaders = () => {
  const token = localStorage.getItem('token');
  return {
    'Content-Type': 'application/json',
    ...(token && { 'Authorization': `Bearer ${token}` })
  };
 };
 export class ShiftAssignmentService {
  async updateScheduledShift(id: string, updates: { assignedEmployees: string[] }): Promise<void> {
    try {
-      //console.log('🔄 Updating scheduled shift via API:', { id, updates });
+      console.log('🔄 Updating scheduled shift via API:', { id, updates });
-      const response = await fetch(`${API_BASE_URL}/scheduled-shifts/${id}`, {
+      await apiClient.put(`/scheduled-shifts/${id}`, updates);
-        method: 'PUT',
+      console.log('✅ Scheduled shift updated successfully');
        headers: {
          'Content-Type': 'application/json',
          ...authService.getAuthHeaders()
        },
        body: JSON.stringify(updates)
      });
      // First, check if we got any response
      if (!response.ok) {
        // Try to get error message from response
        const responseText = await response.text();
        console.error('❌ Server response:', responseText);
        let errorMessage = `HTTP ${response.status}: ${response.statusText}`;
        // Try to parse as JSON if possible
        try {
          const errorData = JSON.parse(responseText);
          errorMessage = errorData.error || errorMessage;
        } catch (e) {
          // If not JSON, use the text as is
          errorMessage = responseText || errorMessage;
        }
        throw new Error(errorMessage);
      }
      // Try to parse successful response
      const responseText = await response.text();
      let result;
      try {
        result = responseText ? JSON.parse(responseText) : {};
      } catch (e) {
        console.warn('⚠️ Response was not JSON, but request succeeded');
        result = { message: 'Update successful' };
      }
      console.log('✅ Scheduled shift updated successfully:', result);
    } catch (error) {
      console.error('❌ Error updating scheduled shift:', error);
@@ -69,48 +19,16 @@ export class ShiftAssignmentService {
  async getScheduledShift(id: string): Promise<any> {
    try {
-      const response = await fetch(`${API_BASE_URL}/scheduled-shifts/${id}`, {
+      return await apiClient.get(`/scheduled-shifts/${id}`);
        headers: {
          'Authorization': `Bearer ${localStorage.getItem('token')}`
        }
      });
      if (!response.ok) {
        const responseText = await response.text();
        let errorMessage = `HTTP ${response.status}: ${response.statusText}`;
        try {
          const errorData = JSON.parse(responseText);
          errorMessage = errorData.error || errorMessage;
        } catch (e) {
          errorMessage = responseText || errorMessage;
        }
        throw new Error(errorMessage);
      }
      const responseText = await response.text();
      return responseText ? JSON.parse(responseText) : {};
    } catch (error) {
      console.error('Error fetching scheduled shift:', error);
      throw error;
    }
  }
  // New method to get all scheduled shifts for a plan
  async getScheduledShiftsForPlan(planId: string): Promise<ScheduledShift[]> {
    try {
-      const response = await fetch(`${API_BASE_URL}/scheduled-shifts/plan/${planId}`, {
+      const shifts = await apiClient.get<ScheduledShift[]>(`/scheduled-shifts/plan/${planId}`);
        headers: {
          'Authorization': `Bearer ${localStorage.getItem('token')}`
        }
      });
      if (!response.ok) {
        throw new Error(`Failed to fetch scheduled shifts: ${response.status}`);
      }
      const shifts = await response.json();
      // DEBUG: Check the structure of returned shifts
      console.log('🔍 SCHEDULED SHIFTS STRUCTURE:', shifts.slice(0, 3));
@@ -132,21 +50,7 @@ export class ShiftAssignmentService {
  }
  private async callSchedulingAPI(request: ScheduleRequest): Promise<AssignmentResult> {
-    const response = await fetch(`${API_BASE_URL}/scheduling/generate-schedule`, {
+    return await apiClient.post<AssignmentResult>('/scheduling/generate-schedule', request);
      method: 'POST',
      headers: {
          'Content-Type': 'application/json',
          ...authService.getAuthHeaders()
        },
      body: JSON.stringify(request)
    });
    if (!response.ok) {
      const errorData = await response.json();
      throw new Error(errorData.error || 'Scheduling failed');
    }
    return response.json();
  }
  async assignShifts(
--- a/frontend/src/services/shiftPlanService.ts
+++ b/frontend/src/services/shiftPlanService.ts
@@ -1,198 +1,114 @@
 // frontend/src/services/shiftPlanService.ts
 import { authService } from './authService';
 import { ShiftPlan, CreateShiftPlanRequest } from '../models/ShiftPlan';
 import { TEMPLATE_PRESETS } from '../models/defaults/shiftPlanDefaults';
-
+import { apiClient } from './apiClient';
 const API_BASE_URL = '/api/shift-plans';
 // Helper function to get auth headers
 const getAuthHeaders = () => {
  const token = localStorage.getItem('token');
  return {
    'Content-Type': 'application/json',
    ...(token && { 'Authorization': `Bearer ${token}` })
  };
 };
 // Helper function to handle responses
 const handleResponse = async (response: Response) => {
  if (!response.ok) {
    const errorData = await response.json().catch(() => ({ error: 'Unknown error' }));
    throw new Error(errorData.error || `HTTP error! status: ${response.status}`);
  }
  return response.json();
 };
 export const shiftPlanService = {
  async getShiftPlans(): Promise<ShiftPlan[]> {
-    const response = await fetch(API_BASE_URL, {
+    try {
-      headers: {
+      const plans = await apiClient.get<ShiftPlan[]>('/shift-plans');
        'Content-Type': 'application/json',
        ...authService.getAuthHeaders()
      }
    });
    if (!response.ok) {
      if (response.status === 401) {
        authService.logout();
        throw new Error('Nicht authorisiert - bitte erneut anmelden');
      }
      throw new Error('Fehler beim Laden der Schichtpläne');
    }
    const plans = await response.json();
      // Ensure scheduledShifts is always an array
      return plans.map((plan: any) => ({
        ...plan,
        scheduledShifts: plan.scheduledShifts || []
      }));
    } catch (error: any) {
      if (error.statusCode === 401) {
        // You might want to import and use authService here if needed
        localStorage.removeItem('token');
        localStorage.removeItem('employee');
        throw new Error('Nicht authorisiert - bitte erneut anmelden');
      }
      throw new Error('Fehler beim Laden der Schichtpläne');
    }
  },
  async getShiftPlan(id: string): Promise<ShiftPlan> {
-    const response = await fetch(`${API_BASE_URL}/${id}`, {
+    try {
-      headers: {
+      return await apiClient.get<ShiftPlan>(`/shift-plans/${id}`);
-        'Content-Type': 'application/json',
+    } catch (error: any) {
-        ...authService.getAuthHeaders()
+      if (error.statusCode === 401) {
-      }
+        localStorage.removeItem('token');
-    });
+        localStorage.removeItem('employee');
    if (!response.ok) {
      if (response.status === 401) {
        authService.logout();
        throw new Error('Nicht authorisiert - bitte erneut anmelden');
      }
      throw new Error('Schichtplan nicht gefunden');
    }
    return await response.json();
  },
  async createShiftPlan(plan: CreateShiftPlanRequest): Promise<ShiftPlan> {
-    const response = await fetch(API_BASE_URL, {
+    try {
-      method: 'POST',
+      return await apiClient.post<ShiftPlan>('/shift-plans', plan);
-      headers: {
+    } catch (error: any) {
-        'Content-Type': 'application/json',
+      if (error.statusCode === 401) {
-        ...authService.getAuthHeaders()
+        localStorage.removeItem('token');
-      },
+        localStorage.removeItem('employee');
      body: JSON.stringify(plan)
    });
    if (!response.ok) {
      if (response.status === 401) {
        authService.logout();
        throw new Error('Nicht authorisiert - bitte erneut anmelden');
      }
      throw new Error('Fehler beim Erstellen des Schichtplans');
    }
    return response.json();
  },
  async updateShiftPlan(id: string, plan: Partial<ShiftPlan>): Promise<ShiftPlan> {
-    const response = await fetch(`${API_BASE_URL}/${id}`, {
+    try {
-      method: 'PUT',
+      return await apiClient.put<ShiftPlan>(`/shift-plans/${id}`, plan);
-      headers: {
+    } catch (error: any) {
-        'Content-Type': 'application/json',
+      if (error.statusCode === 401) {
-        ...authService.getAuthHeaders()
+        localStorage.removeItem('token');
-      },
+        localStorage.removeItem('employee');
      body: JSON.stringify(plan)
    });
    if (!response.ok) {
      if (response.status === 401) {
        authService.logout();
        throw new Error('Nicht authorisiert - bitte erneut anmelden');
      }
      throw new Error('Fehler beim Aktualisieren des Schichtplans');
    }
    return response.json();
  },
  async deleteShiftPlan(id: string): Promise<void> {
-    const response = await fetch(`${API_BASE_URL}/${id}`, {
+    try {
-      method: 'DELETE',
+      await apiClient.delete(`/shift-plans/${id}`);
-      headers: {
+    } catch (error: any) {
-        'Content-Type': 'application/json',
+      if (error.statusCode === 401) {
-        ...authService.getAuthHeaders()
+        localStorage.removeItem('token');
-      }
+        localStorage.removeItem('employee');
    });
    if (!response.ok) {
      if (response.status === 401) {
        authService.logout();
        throw new Error('Nicht authorisiert - bitte erneut anmelden');
      }
      throw new Error('Fehler beim Löschen des Schichtplans');
    }
  },
-  // Get specific template or plan
+  async getTemplate(id: string): Promise<ShiftPlan> {
-  getTemplate: async (id: string): Promise<ShiftPlan> => {
+    return await apiClient.get<ShiftPlan>(`/shift-plans/${id}`);
    const response = await fetch(`${API_BASE_URL}/${id}`, {
      headers: getAuthHeaders()
    });
    return handleResponse(response);
  },
-
+  async regenerateScheduledShifts(planId: string): Promise<void> {
  async regenerateScheduledShifts(planId: string):Promise<void> {
    try {
      console.log('🔄 Attempting to regenerate scheduled shifts...');
-        
+      await apiClient.post(`/shift-plans/${planId}/regenerate-shifts`);
        // You'll need to add this API endpoint to your backend
        const response = await fetch(`${API_BASE_URL}/${planId}/regenerate-shifts`, {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
            'Authorization': `Bearer ${localStorage.getItem('token')}`
        }
        });
        if (response.ok) {
      console.log('✅ Scheduled shifts regenerated');
        } else {
        console.error('❌ Failed to regenerate shifts');
        }
    } catch (error) {
      console.error('❌ Error regenerating shifts:', error);
      throw error;
    }
  },
-  // Create new plan
+  async createPlan(data: CreateShiftPlanRequest): Promise<ShiftPlan> {
-  createPlan: async (data: CreateShiftPlanRequest): Promise<ShiftPlan> => {
+    return await apiClient.post<ShiftPlan>('/shift-plans', data);
    const response = await fetch(`${API_BASE_URL}`, {
      method: 'POST',
      headers: getAuthHeaders(),
      body: JSON.stringify(data),
    });
    return handleResponse(response);
  },
-  createFromPreset: async (data: {
+  async createFromPreset(data: {
    presetName: string;
    name: string;
    startDate: string;
    endDate: string;
    isTemplate?: boolean;
-  }): Promise<ShiftPlan> => {
+  }): Promise<ShiftPlan> {
-    const response = await fetch(`${API_BASE_URL}/from-preset`, {
+    try {
-      method: 'POST',
+      return await apiClient.post<ShiftPlan>('/shift-plans/from-preset', data);
-      headers: getAuthHeaders(),
+    } catch (error: any) {
-      body: JSON.stringify(data),
+      throw new Error(error.message || `HTTP error! status: ${error.statusCode}`);
    });
    if (!response.ok) {
      const errorData = await response.json().catch(() => ({ error: 'Unknown error' }));
      throw new Error(errorData.error || `HTTP error! status: ${response.status}`);
    }
    return response.json();
  },
-  getTemplatePresets: async (): Promise<{name: string, label: string, description: string}[]> => {
+  async getTemplatePresets(): Promise<{name: string, label: string, description: string}[]> {
    // name = label
    return Object.entries(TEMPLATE_PRESETS).map(([key, preset]) => ({
      name: key,
      label: preset.name,
@@ -203,22 +119,8 @@ export const shiftPlanService = {
  async clearAssignments(planId: string): Promise<void> {
    try {
      console.log('🔄 Clearing assignments for plan:', planId);
-      
+      await apiClient.post(`/shift-plans/${planId}/clear-assignments`);
      const response = await fetch(`${API_BASE_URL}/${planId}/clear-assignments`, {
        method: 'POST',
        headers: {
          'Content-Type': 'application/json',
          ...authService.getAuthHeaders()
        }
      });
      if (!response.ok) {
        const errorData = await response.json().catch(() => ({ error: 'Unknown error' }));
        throw new Error(errorData.error || `Failed to clear assignments: ${response.status}`);
      }
      console.log('✅ Assignments cleared successfully');
    } catch (error) {
      console.error('❌ Error clearing assignments:', error);
      throw error;
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -1,29 +1,18 @@
 // vite.config.ts
 import { defineConfig, loadEnv } from 'vite'
 import react from '@vitejs/plugin-react'
 import { resolve } from 'path'
 export default defineConfig(({ mode }) => {
  const isProduction = mode === 'production'
  const isDevelopment = mode === 'development'
  const env = loadEnv(mode, process.cwd(), '')
  // 🆕 WICHTIG: Relative Pfade für Production
  const clientEnv = {
    NODE_ENV: mode,
    ENABLE_PRO: env.ENABLE_PRO || 'false',
    VITE_APP_TITLE: env.APP_TITLE || 'Shift Planning App',
    VITE_API_URL: isProduction ? '/api' : '/api',
  }
  return {
    plugins: [react()],
-    server: {
+    // Development proxy
    server: isProduction ? undefined : {
      port: 3003,
      host: true,
      //open: isDevelopment,
      proxy: {
        '/api': {
          target: 'http://localhost:3002',
@@ -33,25 +22,38 @@ export default defineConfig(({ mode }) => {
      }
    },
    // Production build optimized for Express serving
    build: {
      outDir: 'dist',
-      sourcemap: isDevelopment,
+      sourcemap: false, // Disable in production
-      base: isProduction ? '/' : '/',
+      minify: 'terser',
      // Bundle optimization
      rollupOptions: {
        output: {
          // Efficient chunking
          manualChunks: {
            vendor: ['react', 'react-dom', 'react-router-dom'],
            utils: ['date-fns']
          },
          // Cache-friendly naming
          chunkFileNames: 'assets/[name]-[hash].js',
          entryFileNames: 'assets/[name]-[hash].js',
          assetFileNames: 'assets/[name]-[hash].[ext]',
        }
      },
-      minify: isProduction ? 'terser' : false,
+      
-      terserOptions: isProduction ? {
+      // Performance optimizations
      terserOptions: {
        compress: {
          drop_console: true,
          drop_debugger: true,
-          pure_funcs: ['console.log', 'console.debug', 'console.info']
+          pure_funcs: ['console.log', 'console.debug']
        }
-      } : undefined,
+      },
      // Reduce chunking overhead
      chunkSizeWarningLimit: 800
    },
    resolve: {
@@ -67,9 +69,11 @@ export default defineConfig(({ mode }) => {
      }
    },
-    define: Object.keys(clientEnv).reduce((acc, key) => {
+    // Environment variables
-      acc[`import.meta.env.${key}`] = JSON.stringify(clientEnv[key])
+    define: {
-      return acc
+      'import.meta.env.VITE_API_URL': JSON.stringify(isProduction ? '/api' : '/api'),
-    }, {} as Record<string, string>)
+      'import.meta.env.ENABLE_PRO': JSON.stringify(env.ENABLE_PRO || 'false'),
      'import.meta.env.NODE_ENV': JSON.stringify(mode)
    }
  }
 })
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,6 +11,7 @@
        "premium"
      ],
      "devDependencies": {
        "concurrently": "9.2.1",
        "typescript": "^5.3.3"
      }
    },
@@ -19,6 +20,7 @@
      "version": "1.0.0",
      "dependencies": {
        "@types/bcrypt": "^6.0.0",
        "@types/node": "24.9.2",
        "bcrypt": "^6.0.0",
        "bcryptjs": "^2.4.3",
        "express": "^4.18.2",
@@ -27,7 +29,8 @@
        "helmet": "8.1.0",
        "jsonwebtoken": "^9.0.2",
        "sqlite3": "^5.1.6",
-        "uuid": "^9.0.0"
+        "uuid": "^9.0.0",
        "vite": "7.1.12"
      },
      "devDependencies": {
        "@types/bcryptjs": "^2.4.2",
@@ -35,6 +38,7 @@
        "@types/jest": "^29.5.0",
        "@types/jsonwebtoken": "^9.0.2",
        "@types/uuid": "^9.0.2",
        "cross-env": "10.1.0",
        "ts-node": "^10.9.0",
        "tsx": "^4.0.0",
        "typescript": "^5.0.0"
@@ -56,7 +60,6 @@
      "cpu": [
        "x64"
      ],
      "dev": true,
      "license": "MIT",
      "optional": true,
      "os": [
@@ -257,10 +260,12 @@
      "license": "MIT"
    },
    "backend/node_modules/@types/node": {
-      "version": "24.7.0",
+      "version": "24.9.2",
      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.9.2.tgz",
      "integrity": "sha512-uWN8YqxXxqFMX2RqGOrumsKeti4LlmIMIyV0lgut4jx7KQBcBiW6vkDtIBvHnHIquwNfJhk8v2OtmO8zXWHfPA==",
      "license": "MIT",
      "dependencies": {
-        "undici-types": "~7.14.0"
+        "undici-types": "~7.16.0"
      }
    },
    "backend/node_modules/@types/qs": {
@@ -609,11 +614,6 @@
        "safe-buffer": "^5.0.1"
      }
    },
    "backend/node_modules/emoji-regex": {
      "version": "8.0.0",
      "license": "MIT",
      "optional": true
    },
    "backend/node_modules/encoding": {
      "version": "0.1.13",
      "license": "MIT",
@@ -644,7 +644,6 @@
    },
    "backend/node_modules/esbuild": {
      "version": "0.25.11",
      "dev": true,
      "hasInstallScript": true,
      "license": "MIT",
      "bin": {
@@ -747,7 +746,7 @@
    },
    "backend/node_modules/get-tsconfig": {
      "version": "4.12.0",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT",
      "dependencies": {
        "resolve-pkg-maps": "^1.0.0"
@@ -877,24 +876,11 @@
      "version": "1.3.8",
      "license": "ISC"
    },
    "backend/node_modules/is-fullwidth-code-point": {
      "version": "3.0.0",
      "license": "MIT",
      "optional": true,
      "engines": {
        "node": ">=8"
      }
    },
    "backend/node_modules/is-lambda": {
      "version": "1.0.1",
      "license": "MIT",
      "optional": true
    },
    "backend/node_modules/isexe": {
      "version": "2.0.0",
      "license": "ISC",
      "optional": true
    },
    "backend/node_modules/jest-diff": {
      "version": "29.7.0",
      "dev": true,
@@ -1422,7 +1408,7 @@
    },
    "backend/node_modules/resolve-pkg-maps": {
      "version": "1.0.0",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT",
      "funding": {
        "url": "https://github.com/privatenumber/resolve-pkg-maps?sponsor=1"
@@ -1586,30 +1572,6 @@
        "safe-buffer": "~5.2.0"
      }
    },
    "backend/node_modules/string-width": {
      "version": "4.2.3",
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "emoji-regex": "^8.0.0",
        "is-fullwidth-code-point": "^3.0.0",
        "strip-ansi": "^6.0.1"
      },
      "engines": {
        "node": ">=8"
      }
    },
    "backend/node_modules/strip-ansi": {
      "version": "6.0.1",
      "license": "MIT",
      "optional": true,
      "dependencies": {
        "ansi-regex": "^5.0.1"
      },
      "engines": {
        "node": ">=8"
      }
    },
    "backend/node_modules/strip-json-comments": {
      "version": "2.0.1",
      "license": "MIT",
@@ -1711,7 +1673,7 @@
    },
    "backend/node_modules/tsx": {
      "version": "4.20.6",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT",
      "dependencies": {
        "esbuild": "~0.25.0",
@@ -1738,7 +1700,9 @@
      }
    },
    "backend/node_modules/undici-types": {
-      "version": "7.14.0",
+      "version": "7.16.0",
      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
      "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
      "license": "MIT"
    },
    "backend/node_modules/unique-filename": {
@@ -1777,18 +1741,90 @@
      "dev": true,
      "license": "MIT"
    },
-    "backend/node_modules/which": {
+    "backend/node_modules/vite": {
-      "version": "2.0.2",
+      "version": "7.1.12",
-      "license": "ISC",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.12.tgz",
-      "optional": true,
+      "integrity": "sha512-ZWyE8YXEXqJrrSLvYgrRP7p62OziLW7xI5HYGWFzOvupfAlrLvURSzv/FyGyy0eidogEM3ujU+kUG1zuHgb6Ug==",
      "license": "MIT",
      "dependencies": {
-        "isexe": "^2.0.0"
+        "esbuild": "^0.25.0",
        "fdir": "^6.5.0",
        "picomatch": "^4.0.3",
        "postcss": "^8.5.6",
        "rollup": "^4.43.0",
        "tinyglobby": "^0.2.15"
      },
      "bin": {
-        "node-which": "bin/node-which"
+        "vite": "bin/vite.js"
      },
      "engines": {
-        "node": ">= 8"
+        "node": "^20.19.0 || >=22.12.0"
      },
      "funding": {
        "url": "https://github.com/vitejs/vite?sponsor=1"
      },
      "optionalDependencies": {
        "fsevents": "~2.3.3"
      },
      "peerDependencies": {
        "@types/node": "^20.19.0 || >=22.12.0",
        "jiti": ">=1.21.0",
        "less": "^4.0.0",
        "lightningcss": "^1.21.0",
        "sass": "^1.70.0",
        "sass-embedded": "^1.70.0",
        "stylus": ">=0.54.8",
        "sugarss": "^5.0.0",
        "terser": "^5.16.0",
        "tsx": "^4.8.1",
        "yaml": "^2.4.2"
      },
      "peerDependenciesMeta": {
        "@types/node": {
          "optional": true
        },
        "jiti": {
          "optional": true
        },
        "less": {
          "optional": true
        },
        "lightningcss": {
          "optional": true
        },
        "sass": {
          "optional": true
        },
        "sass-embedded": {
          "optional": true
        },
        "stylus": {
          "optional": true
        },
        "sugarss": {
          "optional": true
        },
        "terser": {
          "optional": true
        },
        "tsx": {
          "optional": true
        },
        "yaml": {
          "optional": true
        }
      }
    },
    "backend/node_modules/vite/node_modules/picomatch": {
      "version": "4.0.3",
      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
      "license": "MIT",
      "engines": {
        "node": ">=12"
      },
      "funding": {
        "url": "https://github.com/sponsors/jonschlinkert"
      }
    },
    "backend/node_modules/wide-align": {
@@ -2116,6 +2152,13 @@
        "node": ">=6.9.0"
      }
    },
    "node_modules/@epic-web/invariant": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/@epic-web/invariant/-/invariant-1.0.0.tgz",
      "integrity": "sha512-lrTPqgvfFQtR/eY/qkIzp98OGdNJu0m5ji3q/nJI8v3SXkRKEnWiOxMmbvcSoAIzv/cGiuvRy57k4suKQSAdwA==",
      "dev": true,
      "license": "MIT"
    },
    "node_modules/@esbuild/win32-x64": {
      "version": "0.21.5",
      "cpu": [
@@ -2212,7 +2255,7 @@
    },
    "node_modules/@jridgewell/gen-mapping": {
      "version": "0.3.13",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT",
      "dependencies": {
        "@jridgewell/sourcemap-codec": "^1.5.0",
@@ -2230,7 +2273,7 @@
    },
    "node_modules/@jridgewell/resolve-uri": {
      "version": "3.1.2",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT",
      "engines": {
        "node": ">=6.0.0"
@@ -2240,7 +2283,7 @@
      "version": "0.3.11",
      "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.11.tgz",
      "integrity": "sha512-ZMp1V8ZFcPG5dIWnQLr3NSI1MiCU7UETdS/A0G8V/XWHvJv3ZsFqutJn1Y5RPmAPX6F3BiE397OqveU/9NCuIA==",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT",
      "dependencies": {
        "@jridgewell/gen-mapping": "^0.3.5",
@@ -2249,12 +2292,12 @@
    },
    "node_modules/@jridgewell/sourcemap-codec": {
      "version": "1.5.5",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT"
    },
    "node_modules/@jridgewell/trace-mapping": {
      "version": "0.3.31",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT",
      "dependencies": {
        "@jridgewell/resolve-uri": "^3.1.0",
@@ -2278,7 +2321,6 @@
      "cpu": [
        "x64"
      ],
      "dev": true,
      "license": "MIT",
      "optional": true,
      "os": [
@@ -2290,7 +2332,6 @@
      "cpu": [
        "x64"
      ],
      "dev": true,
      "license": "MIT",
      "optional": true,
      "os": [
@@ -2581,7 +2622,6 @@
    },
    "node_modules/@types/estree": {
      "version": "1.0.8",
      "dev": true,
      "license": "MIT"
    },
    "node_modules/@types/history": {
@@ -2820,7 +2860,7 @@
      "version": "8.15.0",
      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
      "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT",
      "bin": {
        "acorn": "bin/acorn"
@@ -2999,7 +3039,7 @@
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
      "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT"
    },
    "node_modules/bytes": {
@@ -3121,6 +3161,21 @@
        "node": ">=8"
      }
    },
    "node_modules/cliui": {
      "version": "8.0.1",
      "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz",
      "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==",
      "dev": true,
      "license": "ISC",
      "dependencies": {
        "string-width": "^4.2.0",
        "strip-ansi": "^6.0.1",
        "wrap-ansi": "^7.0.0"
      },
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/color-convert": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
@@ -3145,9 +3200,50 @@
      "version": "2.20.3",
      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT"
    },
    "node_modules/concurrently": {
      "version": "9.2.1",
      "resolved": "https://registry.npmjs.org/concurrently/-/concurrently-9.2.1.tgz",
      "integrity": "sha512-fsfrO0MxV64Znoy8/l1vVIjjHa29SZyyqPgQBwhiDcaW8wJc2W3XWVOGx4M3oJBnv/zdUZIIp1gDeS98GzP8Ng==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "chalk": "4.1.2",
        "rxjs": "7.8.2",
        "shell-quote": "1.8.3",
        "supports-color": "8.1.1",
        "tree-kill": "1.2.2",
        "yargs": "17.7.2"
      },
      "bin": {
        "conc": "dist/bin/concurrently.js",
        "concurrently": "dist/bin/concurrently.js"
      },
      "engines": {
        "node": ">=18"
      },
      "funding": {
        "url": "https://github.com/open-cli-tools/concurrently?sponsor=1"
      }
    },
    "node_modules/concurrently/node_modules/supports-color": {
      "version": "8.1.1",
      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
      "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "has-flag": "^4.0.0"
      },
      "engines": {
        "node": ">=10"
      },
      "funding": {
        "url": "https://github.com/chalk/supports-color?sponsor=1"
      }
    },
    "node_modules/content-disposition": {
      "version": "0.5.4",
      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
@@ -3201,6 +3297,39 @@
        "url": "https://opencollective.com/core-js"
      }
    },
    "node_modules/cross-env": {
      "version": "10.1.0",
      "resolved": "https://registry.npmjs.org/cross-env/-/cross-env-10.1.0.tgz",
      "integrity": "sha512-GsYosgnACZTADcmEyJctkJIoqAhHjttw7RsFrVoJNXbsWWqaq6Ym+7kZjq6mS45O0jij6vtiReppKQEtqWy6Dw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@epic-web/invariant": "^1.0.0",
        "cross-spawn": "^7.0.6"
      },
      "bin": {
        "cross-env": "dist/bin/cross-env.js",
        "cross-env-shell": "dist/bin/cross-env-shell.js"
      },
      "engines": {
        "node": ">=20"
      }
    },
    "node_modules/cross-spawn": {
      "version": "7.0.6",
      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "path-key": "^3.1.0",
        "shebang-command": "^2.0.0",
        "which": "^2.0.1"
      },
      "engines": {
        "node": ">= 8"
      }
    },
    "node_modules/css.escape": {
      "version": "1.5.1",
      "resolved": "https://registry.npmjs.org/css.escape/-/css.escape-1.5.1.tgz",
@@ -3301,6 +3430,13 @@
      "dev": true,
      "license": "ISC"
    },
    "node_modules/emoji-regex": {
      "version": "8.0.0",
      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
      "devOptional": true,
      "license": "MIT"
    },
    "node_modules/encodeurl": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
@@ -3548,7 +3684,6 @@
    },
    "node_modules/fdir": {
      "version": "6.5.0",
      "dev": true,
      "license": "MIT",
      "engines": {
        "node": ">=12.0.0"
@@ -3658,6 +3793,20 @@
      "resolved": "frontend",
      "link": true
    },
    "node_modules/fsevents": {
      "version": "2.3.3",
      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
      "hasInstallScript": true,
      "license": "MIT",
      "optional": true,
      "os": [
        "darwin"
      ],
      "engines": {
        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
      }
    },
    "node_modules/function-bind": {
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
@@ -3675,6 +3824,16 @@
        "node": ">=6.9.0"
      }
    },
    "node_modules/get-caller-file": {
      "version": "2.0.5",
      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
      "dev": true,
      "license": "ISC",
      "engines": {
        "node": "6.* || 8.* || >= 10.*"
      }
    },
    "node_modules/get-intrinsic": {
      "version": "1.3.0",
      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
@@ -3836,6 +3995,16 @@
        "node": ">= 0.10"
      }
    },
    "node_modules/is-fullwidth-code-point": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
      "devOptional": true,
      "license": "MIT",
      "engines": {
        "node": ">=8"
      }
    },
    "node_modules/is-number": {
      "version": "7.0.0",
      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
@@ -3846,6 +4015,13 @@
        "node": ">=0.12.0"
      }
    },
    "node_modules/isexe": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
      "devOptional": true,
      "license": "ISC"
    },
    "node_modules/jest-diff": {
      "version": "30.2.0",
      "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-30.2.0.tgz",
@@ -4141,7 +4317,6 @@
    },
    "node_modules/nanoid": {
      "version": "3.3.11",
      "dev": true,
      "funding": [
        {
          "type": "github",
@@ -4203,6 +4378,16 @@
        "node": ">= 0.8"
      }
    },
    "node_modules/path-key": {
      "version": "3.1.1",
      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
      "dev": true,
      "license": "MIT",
      "engines": {
        "node": ">=8"
      }
    },
    "node_modules/path-to-regexp": {
      "version": "0.1.12",
      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
@@ -4222,12 +4407,10 @@
    },
    "node_modules/picocolors": {
      "version": "1.1.1",
      "dev": true,
      "license": "ISC"
    },
    "node_modules/picomatch": {
      "version": "4.0.3",
      "dev": true,
      "license": "MIT",
      "engines": {
        "node": ">=12"
@@ -4238,7 +4421,6 @@
    },
    "node_modules/postcss": {
      "version": "8.5.6",
      "dev": true,
      "funding": [
        {
          "type": "opencollective",
@@ -4435,9 +4617,18 @@
        "node": ">=8"
      }
    },
    "node_modules/require-directory": {
      "version": "2.1.1",
      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
      "dev": true,
      "license": "MIT",
      "engines": {
        "node": ">=0.10.0"
      }
    },
    "node_modules/rollup": {
      "version": "4.52.5",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@types/estree": "1.0.8"
@@ -4475,6 +4666,16 @@
        "fsevents": "~2.3.2"
      }
    },
    "node_modules/rxjs": {
      "version": "7.8.2",
      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.2.tgz",
      "integrity": "sha512-dhKf903U/PQZY6boNNtAGdWbG85WAbjT/1xYoZIC7FAY0yWapOBQVsVrDl58W86//e1VpMNBtRV4MaXfdMySFA==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
        "tslib": "^2.1.0"
      }
    },
    "node_modules/safe-buffer": {
      "version": "5.2.1",
      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
@@ -4586,6 +4787,42 @@
      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==",
      "license": "ISC"
    },
    "node_modules/shebang-command": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "shebang-regex": "^3.0.0"
      },
      "engines": {
        "node": ">=8"
      }
    },
    "node_modules/shebang-regex": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
      "dev": true,
      "license": "MIT",
      "engines": {
        "node": ">=8"
      }
    },
    "node_modules/shell-quote": {
      "version": "1.8.3",
      "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.3.tgz",
      "integrity": "sha512-ObmnIF4hXNg1BqhnHmgbDETF8dLPCggZWBjkQfhZpbszZnYur5DUljTcCHii5LC3J5E0yeO/1LIMyH+UvHQgyw==",
      "dev": true,
      "license": "MIT",
      "engines": {
        "node": ">= 0.4"
      },
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
      }
    },
    "node_modules/side-channel": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
@@ -4672,7 +4909,7 @@
      "version": "0.6.1",
      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
-      "dev": true,
+      "devOptional": true,
      "license": "BSD-3-Clause",
      "engines": {
        "node": ">=0.10.0"
@@ -4680,7 +4917,6 @@
    },
    "node_modules/source-map-js": {
      "version": "1.2.1",
      "dev": true,
      "license": "BSD-3-Clause",
      "engines": {
        "node": ">=0.10.0"
@@ -4690,7 +4926,7 @@
      "version": "0.5.21",
      "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz",
      "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==",
-      "dev": true,
+      "devOptional": true,
      "license": "MIT",
      "dependencies": {
        "buffer-from": "^1.0.0",
@@ -4769,6 +5005,34 @@
        "node": ">=10"
      }
    },
    "node_modules/string-width": {
      "version": "4.2.3",
      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
      "devOptional": true,
      "license": "MIT",
      "dependencies": {
        "emoji-regex": "^8.0.0",
        "is-fullwidth-code-point": "^3.0.0",
        "strip-ansi": "^6.0.1"
      },
      "engines": {
        "node": ">=8"
      }
    },
    "node_modules/strip-ansi": {
      "version": "6.0.1",
      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
      "devOptional": true,
      "license": "MIT",
      "dependencies": {
        "ansi-regex": "^5.0.1"
      },
      "engines": {
        "node": ">=8"
      }
    },
    "node_modules/strip-indent": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz",
@@ -4799,7 +5063,7 @@
      "version": "5.44.0",
      "resolved": "https://registry.npmjs.org/terser/-/terser-5.44.0.tgz",
      "integrity": "sha512-nIVck8DK+GM/0Frwd+nIhZ84pR/BX7rmXMfYwyg+Sri5oGVE99/E3KvXqpC2xHFxyqXyGHTKBSioxxplrO4I4w==",
-      "dev": true,
+      "devOptional": true,
      "license": "BSD-2-Clause",
      "dependencies": {
        "@jridgewell/source-map": "^0.3.3",
@@ -4824,7 +5088,6 @@
    },
    "node_modules/tinyglobby": {
      "version": "0.2.15",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "fdir": "^6.5.0",
@@ -4881,6 +5144,16 @@
        "node": ">=0.6"
      }
    },
    "node_modules/tree-kill": {
      "version": "1.2.2",
      "resolved": "https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.2.tgz",
      "integrity": "sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A==",
      "dev": true,
      "license": "MIT",
      "bin": {
        "tree-kill": "cli.js"
      }
    },
    "node_modules/tslib": {
      "version": "2.8.1",
      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
@@ -5111,6 +5384,40 @@
        "@esbuild/win32-x64": "0.25.11"
      }
    },
    "node_modules/which": {
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
      "devOptional": true,
      "license": "ISC",
      "dependencies": {
        "isexe": "^2.0.0"
      },
      "bin": {
        "node-which": "bin/node-which"
      },
      "engines": {
        "node": ">= 8"
      }
    },
    "node_modules/wrap-ansi": {
      "version": "7.0.0",
      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "ansi-styles": "^4.0.0",
        "string-width": "^4.1.0",
        "strip-ansi": "^6.0.0"
      },
      "engines": {
        "node": ">=10"
      },
      "funding": {
        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
      }
    },
    "node_modules/ws": {
      "version": "8.18.3",
      "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.3.tgz",
@@ -5134,11 +5441,50 @@
        }
      }
    },
    "node_modules/y18n": {
      "version": "5.0.8",
      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
      "dev": true,
      "license": "ISC",
      "engines": {
        "node": ">=10"
      }
    },
    "node_modules/yallist": {
      "version": "3.1.1",
      "dev": true,
      "license": "ISC"
    },
    "node_modules/yargs": {
      "version": "17.7.2",
      "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz",
      "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "cliui": "^8.0.1",
        "escalade": "^3.1.1",
        "get-caller-file": "^2.0.5",
        "require-directory": "^2.1.1",
        "string-width": "^4.2.3",
        "y18n": "^5.0.5",
        "yargs-parser": "^21.1.1"
      },
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/yargs-parser": {
      "version": "21.1.1",
      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz",
      "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==",
      "dev": true,
      "license": "ISC",
      "engines": {
        "node": ">=12"
      }
    },
    "premium": {
      "name": "@schichtenplaner/premium",
      "version": "1.0.0",
--- a/package.json
+++ b/package.json
@@ -9,9 +9,13 @@
  "scripts": {
    "docker:build": "docker build -t schichtplan-app .",
    "docker:run": "docker run -p 3002:3002 schichtplan-app",
-    "build:all": "npm run build --workspace=backend && npm run build --workspace=frontend"
+    "build:all": "npm run build --workspace=backend && npm run build --workspace=frontend",
    "dev": "concurrently \"npm run dev:backend\" \"npm run dev:frontend\"",
    "dev:frontend": "cd frontend && npm run dev",
    "dev:backend": "cd backend && npm run dev:single"
  },
  "devDependencies": {
-    "typescript": "^5.3.3"
+    "typescript": "^5.3.3",
    "concurrently": "9.2.1"
  }
 }
Author	SHA1	Message	Date
donpat1to	ebe9d4aa19	added vite dependency to the backend	2025-11-01 15:58:14 +01:00
donpat1to	07ab9586cc	removed unnecessary comments	2025-11-01 15:22:47 +01:00
donpat1to	72430462f6	fixed ipSecurityCheck	2025-11-01 15:17:09 +01:00
donpat1to	c7016b5d04	added simulatnously starting frontend backend dev	2025-11-01 14:29:55 +01:00
donpat1to	41ddad6fa9	added apiClient class handling api auth and validation response from backend	2025-11-01 13:47:29 +01:00
donpat1to	29c66f0228	cleaned up vite.config.ts	2025-11-01 12:06:55 +01:00
donpat1to	0614b2f3f8	updated network for proxy use	2025-11-01 11:28:16 +01:00
donpat1to	00b48c1f41	changed dev routing away from faulty proxy	2025-10-31 14:24:56 +01:00