added timetable export to the export funciton

.env.template

@@ -1,16 +1,29 @@
-# === SCHICHTPLANER DOCKER COMPOSE ENVIRONMENT VARIABLES ===
+# .env.template
-# Diese Datei wird von docker-compose automatisch geladen
+# ============================================
+# DOCKER COMPOSE ENVIRONMENT TEMPLATE
+# Copy this file to .env and adjust values
+# ============================================
 
-# Security
+# Application settings
-JWT_SECRET=${JWT_SECRET:-your-secret-key-please-change}
+NODE_ENV=production
-NODE_ENV=${NODE_ENV:-production}
+JWT_SECRET=your-secret-key-please-change
+HOSTNAME=localhost
+
+# Security & Network
+TRUST_PROXY_ENABLED=false
+TRUSTED_PROXY_IPS=127.0.0.1,::1
+FORCE_HTTPS=false
 
 # Database
-DB_PATH=${DB_PATH:-/app/data/database.db}
+DATABASE_PATH=/app/data/schichtplaner.db
 
-# Server
+# Optional features
-PORT=${PORT:-3002}
+ENABLE_PRO=false
+DEBUG=false
 
-# App Configuration
+# Port configuration
-APP_TITLE="Shift Planning App"
+APP_PORT=3002
-ENABLE_PRO=${ENABLE_PRO:-false}
+
+# ============================================
+# END OF TEMPLATE
+# ============================================

.github/workflows/docker.yml

@@ -83,9 +83,13 @@ jobs:
         with:
           node-version: '20'
 
+      - name: Create package-lock.json
+        working-directory: .
+        run: npm i --package-lock-only
+
       - name: Install backend dependencies
         working-directory: ./backend
-        run: npm install
+        run: npm ci
 
       - name: Run TypeScript check
         working-directory: ./backend

.gitignore

@@ -57,6 +57,7 @@ yarn-error.log*
 # Build outputs
 dist/
 build/
+package-lock.json
 
 # Environment variables
 .env

Dockerfile

@@ -1,22 +1,17 @@
 # Single stage build for workspaces
-FROM node:20-bullseye AS builder
+FROM node:20-bookworm AS builder
 
 WORKDIR /app
 
-# Install Python + OR-Tools
-RUN apt-get update && apt-get install -y python3 python3-pip build-essential \
-  && pip install --no-cache-dir ortools
-
-# Create symlink so python3 is callable as python
-RUN ln -sf /usr/bin/python3 /usr/bin/python
-
 # Copy root package files first
 COPY package*.json ./
 COPY tsconfig.base.json ./
 COPY ecosystem.config.cjs ./
 
 # Install root dependencies
-RUN npm install --only=production
+#RUN npm install --only=production
+RUN npm i --package-lock-only
+RUN npm ci
 
 # Copy workspace files
 COPY backend/ ./backend/
@@ -30,10 +25,7 @@ RUN npm install --workspace=frontend
 RUN npm run build --only=production --workspace=backend
 
 # Build frontend
-RUN npm run build --workspace=frontend
+RUN npm run build --only=production --workspace=frontend
-
-# Verify Python and OR-Tools installation
-RUN python -c "from ortools.sat.python import cp_model; print('OR-Tools installed successfully')"
 
 # Production stage
 FROM node:20-bookworm
@@ -57,7 +49,20 @@ COPY --from=builder /app/frontend/dist/ ./frontend-build/
 COPY --from=builder /app/ecosystem.config.cjs ./
 
 COPY --from=builder /app/backend/src/database/ ./dist/database/
-COPY --from=builder /app/backend/src/database/ ./database/
+# should be obsolete with the line above
+#COPY --from=builder /app/backend/src/database/ ./database/
+
+COPY --from=builder /app/backend/src/python-scripts/ ./python-scripts/
+
+# Install Python + OR-Tools
+RUN apt-get update && apt-get install -y python3 python3-pip build-essential \
+  && pip install --no-cache-dir --break-system-packages ortools
+
+# Create symlink so python3 is callable as python
+RUN ln -sf /usr/bin/python3 /usr/bin/python
+
+# Verify Python and OR-Tools installation
+RUN python -c "from ortools.sat.python import cp_model; print('OR-Tools installed successfully')"
 
 # Copy init script and env template
 COPY docker-init.sh /usr/local/bin/

backend/package.json

@@ -4,6 +4,7 @@
   "type": "module",
   "scripts": {
     "dev": "npm run build && npx tsx src/server.ts",
+    "dev:single": "cross-env NODE_ENV=development TRUST_PROXY_ENABLED=false npx tsx src/server.ts",
     "build": "tsc",
     "start": "node dist/server.js",
     "prestart": "npm run build",
@@ -14,6 +15,8 @@
   },
   "dependencies": {
     "@types/bcrypt": "^6.0.0",
+    "@types/node": "24.9.2",
+    "vite": "7.1.12",
     "bcrypt": "^6.0.0",
     "bcryptjs": "^2.4.3",
     "express": "^4.18.2",
@@ -22,7 +25,10 @@
     "uuid": "^9.0.0",
     "express-rate-limit": "8.1.0",
     "helmet": "8.1.0",
-    "express-validator": "7.3.0"
+    "express-validator": "7.3.0",
+    "exceljs": "4.4.0",
+    "pdfkit": "0.12.3",
+    "@types/pdfkit": "^0.12.3"
   },
   "devDependencies": {
     "@types/bcryptjs": "^2.4.2",
@@ -32,6 +38,7 @@
     "@types/jest": "^29.5.0",
     "ts-node": "^10.9.0",
     "typescript": "^5.0.0",
-    "tsx": "^4.0.0"
+    "tsx": "^4.0.0",
+    "cross-env": "10.1.0"
   }
 }

backend/src/controllers/authController.ts

@@ -64,7 +64,7 @@ export const login = async (req: Request, res: Response) => {
       return res.status(400).json({ error: 'E-Mail und Passwort sind erforderlich' });
     }
 
-    // UPDATED: Get user from database with role from employee_roles table
+    // Get user from database with role from employee_roles table
     const user = await db.get<any>(
       `SELECT 
         e.id, e.email, e.password, e.firstname, e.lastname, 
@@ -155,7 +155,7 @@ export const getCurrentUser = async (req: Request, res: Response) => {
       return res.status(401).json({ error: 'Nicht authentifiziert' });
     }
 
-    // UPDATED: Get user with role from employee_roles table
+    // Get user with role from employee_roles table
     const user = await db.get<any>(
       `SELECT 
         e.id, e.email, e.firstname, e.lastname,

backend/src/controllers/employeeController.ts

@@ -153,7 +153,7 @@ export const createEmployee = async (req: AuthRequest, res: Response): Promise<v
     }
 
     // ✅ ENHANCED: Validate employee type exists and get category info
-    const employeeTypeInfo = await db.get<{type: string, category: string, has_contract_type: number}>(
+    const employeeTypeInfo = await db.get<{ type: string, category: string, has_contract_type: number }>(
       'SELECT type, category, has_contract_type FROM employee_types WHERE type = ?',
       [employeeType]
     );
@@ -314,6 +314,56 @@ export const updateEmployee = async (req: AuthRequest, res: Response): Promise<v
       return;
     }
 
+    // Check if user is trying to remove their own admin role
+    const currentUser = req.user;
+    if (currentUser?.userId === id && roles) {
+      const currentUserRoles = await db.all<{ role: string }>(
+        'SELECT role FROM employee_roles WHERE employee_id = ?',
+        [currentUser.userId]
+      );
+
+      const isCurrentlyAdmin = currentUserRoles.some(role => role.role === 'admin');
+      const willBeAdmin = roles.includes('admin');
+
+      if (isCurrentlyAdmin && !willBeAdmin) {
+        res.status(400).json({ error: 'You cannot remove your own admin role' });
+        return;
+      }
+    }
+
+    // Check admin count if roles are being updated
+    if (roles) {
+      try {
+        await checkAdminCount(id, roles);
+      } catch (error: any) {
+        res.status(400).json({ error: error.message });
+        return;
+      }
+    }
+
+    // Check if trying to deactivate the last admin
+    if (isActive === false) {
+      const isEmployeeAdmin = await db.get<{ count: number }>(
+        `SELECT COUNT(*) as count FROM employee_roles WHERE employee_id = ? AND role = 'admin'`,
+        [id]
+      );
+
+      if (isEmployeeAdmin && isEmployeeAdmin.count > 0) {
+        const otherAdminCount = await db.get<{ count: number }>(
+          `SELECT COUNT(*) as count 
+           FROM employee_roles er
+           JOIN employees e ON er.employee_id = e.id
+           WHERE er.role = 'admin' AND e.is_active = 1 AND er.employee_id != ?`,
+          [id]
+        );
+
+        if (!otherAdminCount || otherAdminCount.count === 0) {
+          res.status(400).json({ error: 'Cannot deactivate the last admin user' });
+          return;
+        }
+      }
+    }
+
     // Validate employee type if provided
     if (employeeType) {
       const validEmployeeType = await db.get(
@@ -438,7 +488,15 @@ export const deleteEmployee = async (req: AuthRequest, res: Response): Promise<v
     const { id } = req.params;
     console.log('🗑️ Starting deletion process for employee ID:', id);
 
-    // UPDATED: Check if employee exists with role from employee_roles
+    const currentUser = req.user;
+
+    // Prevent self-deletion
+    if (currentUser?.userId === id) {
+      res.status(400).json({ error: 'You cannot delete yourself' });
+      return;
+    }
+
+    // Check if employee exists with role from employee_roles
     const existingEmployee = await db.get<any>(`
       SELECT 
         e.id, e.email, e.firstname, e.lastname, e.is_active,
@@ -455,6 +513,26 @@ export const deleteEmployee = async (req: AuthRequest, res: Response): Promise<v
       return;
     }
 
+    const employeeRoles = await db.all<{ role: string }>(`
+      SELECT role FROM employee_roles WHERE employee_id = ?
+    `, [id]);
+
+    const isEmployeeAdmin = employeeRoles.some(role => role.role === 'admin');
+
+    // Check if this is the last admin
+    if (isEmployeeAdmin) {
+      const adminCount = await db.get<{ count: number }>(
+        `SELECT COUNT(*) as count 
+         FROM employee_roles 
+         WHERE role = 'admin'`
+      );
+
+      if (adminCount && adminCount.count <= 1) {
+        res.status(400).json({ error: 'Cannot delete the last admin user' });
+        return;
+      }
+    }
+
     console.log('📝 Found employee to delete:', existingEmployee);
 
     // Start transaction
@@ -511,7 +589,6 @@ export const deleteEmployee = async (req: AuthRequest, res: Response): Promise<v
       console.error('Error during deletion transaction:', error);
       throw error;
     }
-
   } catch (error) {
     console.error('Error deleting employee:', error);
     res.status(500).json({ error: 'Internal server error' });
@@ -558,13 +635,49 @@ export const updateAvailabilities = async (req: AuthRequest, res: Response): Pro
     const { employeeId } = req.params;
     const { planId, availabilities } = req.body;
 
-    // Check if employee exists
+    // Check if employee exists and get contract type
-    const existingEmployee = await db.get('SELECT id FROM employees WHERE id = ?', [employeeId]);
+    const existingEmployee = await db.get<any>(`
+      SELECT e.*, er.role 
+      FROM employees e
+      LEFT JOIN employee_roles er ON e.id = er.employee_id
+      WHERE e.id = ?
+    `, [employeeId]);
+
     if (!existingEmployee) {
       res.status(404).json({ error: 'Employee not found' });
       return;
     }
 
+    // Check if employee is active
+    if (!existingEmployee.is_active) {
+      res.status(400).json({ error: 'Cannot set availability for inactive employee' });
+      return;
+    }
+
+    // Validate contract type requirements
+    const availableCount = availabilities.filter((avail: any) =>
+      avail.preferenceLevel === 1 || avail.preferenceLevel === 2
+    ).length;
+
+    const contractType = existingEmployee.contract_type;
+
+    // Apply contract type minimum requirements
+    if (contractType === 'small' && availableCount < 2) {
+      res.status(400).json({
+        error: 'Employees with small contract must have at least 2 available shifts'
+      });
+      return;
+    }
+
+    if (contractType === 'large' && availableCount < 3) {
+      res.status(400).json({
+        error: 'Employees with large contract must have at least 3 available shifts'
+      });
+      return;
+    }
+
+    // Flexible contract has no minimum requirement
+
     await db.run('BEGIN TRANSACTION');
 
     try {
@@ -643,8 +756,8 @@ export const changePassword = async (req: AuthRequest, res: Response): Promise<v
       return;
     }
 
-    // For non-admin users, verify current password
+    // Verify current password
-    if (currentUser?.role !== 'admin') {
+    if (employee) {
       const isValidPassword = await bcrypt.compare(currentPassword, employee.password);
       if (!isValidPassword) {
         res.status(400).json({ error: 'Current password is incorrect' });
@@ -653,8 +766,8 @@ export const changePassword = async (req: AuthRequest, res: Response): Promise<v
     }
 
     // Validate new password
-    if (!newPassword || newPassword.length < 6) {
+    if (!newPassword || newPassword.length < 8) {
-      res.status(400).json({ error: 'New password must be at least 6 characters long' });
+      res.status(400).json({ error: 'New password must be at least 8 characters long' });
       return;
     }
 
@@ -700,3 +813,35 @@ export const updateLastLogin = async (req: AuthRequest, res: Response): Promise<
     res.status(500).json({ error: 'Internal server error' });
   }
 };
+
+const checkAdminCount = async (employeeId: string, newRoles: string[]): Promise<void> => {
+  try {
+    // Count current admins excluding the employee being updated
+    const adminCountResult = await db.get<{ count: number }>(
+      `SELECT COUNT(DISTINCT employee_id) as count 
+       FROM employee_roles 
+       WHERE role = 'admin' AND employee_id != ?`,
+      [employeeId]
+    );
+
+    const currentAdminCount = adminCountResult?.count || 0;
+
+    // Check ALL current roles for the employee
+    const currentEmployeeRoles = await db.all<{ role: string }>(
+      `SELECT role FROM employee_roles WHERE employee_id = ?`,
+      [employeeId]
+    );
+
+    const currentRoles = currentEmployeeRoles.map(role => role.role);
+    const isCurrentlyAdmin = currentRoles.includes('admin');
+    const willBeAdmin = newRoles.includes('admin');
+
+    // If removing admin role from the last admin, throw error
+    if (isCurrentlyAdmin && !willBeAdmin && currentAdminCount === 0) {
+      throw new Error('Cannot remove admin role from the last admin user');
+    }
+
+  } catch (error) {
+    throw error;
+  }
+};

backend/src/controllers/setupController.ts

@@ -75,8 +75,8 @@ export const setupAdmin = async (req: Request, res: Response): Promise<void> =>
     }
 
     // Password length validation
-    if (password.length < 6) {
+    if (password.length < 8) {
-      res.status(400).json({ error: 'Das Passwort muss mindestens 6 Zeichen lang sein' });
+      res.status(400).json({ error: 'Das Passwort muss mindestens 8 Zeichen lang sein' });
       return;
     }
 

backend/src/controllers/shiftPlanController.ts

@@ -8,6 +8,8 @@ import {
 } from '../models/ShiftPlan.js';
 import { AuthRequest } from '../middleware/auth.js';
 import { TEMPLATE_PRESETS } from '../models/defaults/shiftPlanDefaults.js';
+import ExcelJS from 'exceljs';
+import PDFDocument from 'pdfkit';
 
 async function getPlanWithDetails(planId: string) {
   const plan = await db.get<any>(`
@@ -592,6 +594,26 @@ async function getShiftPlanById(planId: string): Promise<any> {
     `, [planId]);
   }
 
+  // Load employees without role column + join with employee_roles
+  const employees = await db.all<any>(`
+    SELECT 
+      e.id, 
+      e.firstname, 
+      e.lastname, 
+      e.email, 
+      e.employee_type,
+      e.contract_type,
+      e.can_work_alone,
+      e.is_trainee,
+      e.is_active as isActive,
+      GROUP_CONCAT(er.role) as roles
+    FROM employees e
+    LEFT JOIN employee_roles er ON e.id = er.employee_id
+    WHERE e.is_active = 1
+    GROUP BY e.id
+    ORDER BY e.firstname, e.lastname
+  `, []);
+
   return {
     ...plan,
     isTemplate: plan.is_template === 1,
@@ -629,12 +651,25 @@ async function getShiftPlanById(planId: string): Promise<any> {
       requiredEmployees: shift.required_employees,
       assignedEmployees: JSON.parse(shift.assigned_employees || '[]'),
       timeSlotName: shift.time_slot_name
+    })),
+    // Include employees with proper role handling
+    employees: employees.map(emp => ({
+      id: emp.id,
+      firstname: emp.firstname,
+      lastname: emp.lastname,
+      email: emp.email,
+      employeeType: emp.employee_type,
+      contractType: emp.contract_type,
+      canWorkAlone: emp.can_work_alone === 1,
+      isTrainee: emp.is_trainee === 1,
+      isActive: emp.isActive === 1,
+      roles: emp.roles ? emp.roles.split(',') : [] // Convert comma-separated roles to array
     }))
   };
 }
 
 // Helper function to generate scheduled shifts from template
-export const generateScheduledShifts = async(planId: string, startDate: string, endDate: string): Promise<void> => {
+export const generateScheduledShifts = async (planId: string, startDate: string, endDate: string): Promise<void> => {
   try {
     console.log(`🔄 Generating scheduled shifts for Plan ${planId} from ${startDate} to ${endDate}`);
 
@@ -933,3 +968,581 @@ export const clearAssignments = async (req: Request, res: Response): Promise<voi
     res.status(500).json({ error: 'Internal server error' });
   }
 };
+
+
+// Helper interfaces for export
+interface ExportDay {
+  id: number;
+  name: string;
+}
+
+interface ExportTimeSlot {
+  id: string;
+  name: string;
+  startTime: string;
+  endTime: string;
+  shiftsByDay: { [dayId: number]: any };
+}
+
+interface ExportTimetableData {
+  days: ExportDay[];
+  allTimeSlots: ExportTimeSlot[];
+}
+
+function getTimetableDataForExport(plan: any): ExportTimetableData {
+  const weekdays = [
+    { id: 1, name: 'Montag' },
+    { id: 2, name: 'Dienstag' },
+    { id: 3, name: 'Mittwoch' },
+    { id: 4, name: 'Donnerstag' },
+    { id: 5, name: 'Freitag' },
+    { id: 6, name: 'Samstag' },
+    { id: 7, name: 'Sonntag' }
+  ];
+
+  if (!plan.shifts || !plan.timeSlots) {
+    return { days: [], allTimeSlots: [] };
+  }
+
+  // Create a map for quick time slot lookups with proper typing
+  const timeSlotMap = new Map<string, any>();
+  plan.timeSlots.forEach((ts: any) => {
+    timeSlotMap.set(ts.id, ts);
+  });
+
+  // Group shifts by day
+  const shiftsByDay: { [dayId: number]: any[] } = plan.shifts.reduce((acc: any, shift: any) => {
+    if (!acc[shift.dayOfWeek]) {
+      acc[shift.dayOfWeek] = [];
+    }
+    
+    const timeSlot = timeSlotMap.get(shift.timeSlotId);
+    const enhancedShift = {
+      ...shift,
+      timeSlotName: timeSlot?.name,
+      startTime: timeSlot?.startTime,
+      endTime: timeSlot?.endTime
+    };
+    
+    acc[shift.dayOfWeek].push(enhancedShift);
+    return acc;
+  }, {});
+
+  // Sort shifts within each day by start time
+  Object.keys(shiftsByDay).forEach(day => {
+    const dayNum = parseInt(day);
+    shiftsByDay[dayNum].sort((a: any, b: any) => {
+      const timeA = a.startTime || '';
+      const timeB = b.startTime || '';
+      return timeA.localeCompare(timeB);
+    });
+  });
+
+  // Get unique days that have shifts
+  const days: ExportDay[] = Array.from(new Set(plan.shifts.map((shift: any) => shift.dayOfWeek)))
+    .sort()
+    .map(dayId => {
+      return weekdays.find(day => day.id === dayId) || { id: dayId as number, name: `Tag ${dayId}` };
+    });
+
+  // Get all unique time slots (rows) by collecting from all shifts
+  const allTimeSlotsMap = new Map<string, ExportTimeSlot>();
+  days.forEach(day => {
+    shiftsByDay[day.id]?.forEach((shift: any) => {
+      const timeSlot = timeSlotMap.get(shift.timeSlotId);
+      if (timeSlot && !allTimeSlotsMap.has(timeSlot.id)) {
+        const exportTimeSlot: ExportTimeSlot = {
+          id: timeSlot.id,
+          name: timeSlot.name,
+          startTime: timeSlot.startTime,
+          endTime: timeSlot.endTime,
+          shiftsByDay: {}
+        };
+        allTimeSlotsMap.set(timeSlot.id, exportTimeSlot);
+      }
+    });
+  });
+
+  // Populate shifts for each time slot by day
+  days.forEach(day => {
+    shiftsByDay[day.id]?.forEach((shift: any) => {
+      const timeSlot = allTimeSlotsMap.get(shift.timeSlotId);
+      if (timeSlot) {
+        timeSlot.shiftsByDay[day.id] = shift;
+      }
+    });
+  });
+
+  // Convert to array and sort by start time
+  const allTimeSlots = Array.from(allTimeSlotsMap.values()).sort((a: ExportTimeSlot, b: ExportTimeSlot) => {
+    return (a.startTime || '').localeCompare(b.startTime || '');
+  });
+
+  return { days, allTimeSlots };
+}
+
+// Update the Excel export function with proper typing
+export const exportShiftPlanToExcel = async (req: Request, res: Response): Promise<void> => {
+  try {
+    const { id } = req.params;
+
+    console.log('📊 Starting Excel export for plan:', id);
+
+    // Check if plan exists
+    const plan = await getShiftPlanById(id);
+    if (!plan) {
+      res.status(404).json({ error: 'Shift plan not found' });
+      return;
+    }
+
+    if (plan.status !== 'published') {
+      res.status(400).json({ error: 'Can only export published shift plans' });
+      return;
+    }
+
+    // Create workbook
+    const workbook = new ExcelJS.Workbook();
+    workbook.creator = 'Schichtplaner System';
+    workbook.created = new Date();
+
+    // Add Summary Sheet
+    const summarySheet = workbook.addWorksheet('Planübersicht');
+
+    // Summary data
+    summarySheet.columns = [
+      { header: 'Eigenschaft', key: 'property', width: 20 },
+      { header: 'Wert', key: 'value', width: 30 }
+    ];
+
+    summarySheet.addRows([
+      { property: 'Plan Name', value: plan.name },
+      { property: 'Beschreibung', value: plan.description || 'Keine' },
+      { property: 'Zeitraum', value: `${plan.startDate} bis ${plan.endDate}` },
+      { property: 'Status', value: plan.status },
+      { property: 'Erstellt von', value: plan.created_by_name || 'Unbekannt' },
+      { property: 'Erstellt am', value: plan.createdAt },
+      { property: 'Anzahl Schichten', value: plan.scheduledShifts?.length || 0 },
+      { property: 'Anzahl Mitarbeiter', value: plan.employees?.length || 0 }
+    ]);
+
+    // Style summary sheet
+    summarySheet.getRow(1).font = { bold: true };
+    summarySheet.getRow(1).fill = {
+      type: 'pattern',
+      pattern: 'solid',
+      fgColor: { argb: 'FF2C3E50' }
+    };
+    summarySheet.getRow(1).font = { color: { argb: 'FFFFFFFF' }, bold: true };
+
+    // Add Timetable Sheet (matching React component visualization)
+    const timetableSheet = workbook.addWorksheet('Schichtplan');
+
+    // Get timetable data structure similar to React component
+    const timetableData = getTimetableDataForExport(plan);
+    const { days, allTimeSlots } = timetableData;
+
+    // Create header row
+    const headerRow = ['Schicht (Zeit)', ...days.map(day => day.name)];
+    timetableSheet.addRow(headerRow);
+
+    // Add data rows for each time slot
+    allTimeSlots.forEach(timeSlot => {
+      const rowData: any[] = [
+        `${timeSlot.name}\n${timeSlot.startTime} - ${timeSlot.endTime}`
+      ];
+
+      days.forEach(day => {
+        const shift = timeSlot.shiftsByDay[day.id];
+        if (!shift) {
+          rowData.push('Keine Schicht');
+          return;
+        }
+
+        // Get assignments for this time slot and day
+        const scheduledShift = plan.scheduledShifts?.find((scheduled: any) => {
+          const scheduledDayOfWeek = getDayOfWeek(scheduled.date);
+          return scheduledDayOfWeek === day.id && 
+                scheduled.timeSlotId === timeSlot.id;
+        });
+
+        if (scheduledShift && scheduledShift.assignedEmployees.length > 0) {
+          const employeeNames = scheduledShift.assignedEmployees.map((empId: string) => {
+            const employee = plan.employees?.find((emp: any) => emp.id === empId);
+            if (!employee) return 'Unbekannt';
+            
+            // Add role indicator similar to React component
+            let roleIndicator = '';
+            if (employee.isTrainee) {
+              roleIndicator = ' (Trainee)';
+            } else if (employee.roles?.includes('manager')) {
+              roleIndicator = ' (Manager)';
+            }
+            
+            return `${employee.firstname} ${employee.lastname}${roleIndicator}`;
+          }).join('\n');
+          
+          rowData.push(employeeNames);
+        } else {
+          // Show required employees count like in React component
+          const shiftsForSlot = plan.shifts?.filter((s: any) => 
+            s.dayOfWeek === day.id && 
+            s.timeSlotId === timeSlot.id
+          ) || [];
+          const totalRequired = shiftsForSlot.reduce((sum: number, s: any) => sum + s.requiredEmployees, 0);
+          rowData.push(totalRequired === 0 ? '-' : `0/${totalRequired}`);
+        }
+      });
+
+      timetableSheet.addRow(rowData);
+    });
+
+    // Style timetable sheet
+    timetableSheet.getRow(1).font = { bold: true };
+    timetableSheet.getRow(1).fill = {
+      type: 'pattern',
+      pattern: 'solid',
+      fgColor: { argb: 'FF2C3E50' }
+    };
+    timetableSheet.getRow(1).font = { color: { argb: 'FFFFFFFF' }, bold: true };
+
+    // Set row heights and wrap text
+    timetableSheet.eachRow((row, rowNumber) => {
+      if (rowNumber > 1) {
+        row.height = 60;
+        row.alignment = { vertical: 'top', wrapText: true };
+      }
+      
+      row.eachCell((cell, colNumber) => {
+        cell.border = {
+          top: { style: 'thin' },
+          left: { style: 'thin' },
+          bottom: { style: 'thin' },
+          right: { style: 'thin' }
+        };
+        
+        if (rowNumber === 1) {
+          cell.alignment = { horizontal: 'center', vertical: 'middle' };
+        } else if (colNumber === 1) {
+          cell.alignment = { vertical: 'middle' };
+        } else {
+          cell.alignment = { vertical: 'top', wrapText: true };
+        }
+      });
+    });
+
+    // Auto-fit columns
+    timetableSheet.columns.forEach(column => {
+      if (column.width) {
+        column.width = Math.max(column.width, 12);
+      }
+    });
+
+    // Add Employee Overview Sheet
+    const employeeSheet = workbook.addWorksheet('Mitarbeiterübersicht');
+
+    employeeSheet.columns = [
+      { header: 'Name', key: 'name', width: 25 },
+      { header: 'E-Mail', key: 'email', width: 25 },
+      { header: 'Rolle', key: 'role', width: 15 },
+      { header: 'Mitarbeiter Typ', key: 'type', width: 15 },
+      { header: 'Vertragstyp', key: 'contract', width: 15 },
+      { header: 'Trainee', key: 'trainee', width: 10 }
+    ];
+
+    plan.employees?.forEach((employee: any) => {
+      employeeSheet.addRow({
+        name: `${employee.firstname} ${employee.lastname}`,
+        email: employee.email,
+        role: employee.roles?.join(', ') || 'Benutzer',
+        type: employee.employeeType,
+        contract: employee.contractType || 'Nicht angegeben',
+        trainee: employee.isTrainee ? 'Ja' : 'Nein'
+      });
+    });
+
+    // Style employee sheet
+    employeeSheet.getRow(1).font = { bold: true };
+    employeeSheet.getRow(1).fill = {
+      type: 'pattern',
+      pattern: 'solid',
+      fgColor: { argb: 'FF34495E' }
+    };
+    employeeSheet.getRow(1).font = { color: { argb: 'FFFFFFFF' }, bold: true };
+
+    // Set response headers
+    res.setHeader('Content-Type', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet');
+    res.setHeader('Content-Disposition', `attachment; filename="Schichtplan_${plan.name}_${new Date().toISOString().split('T')[0]}.xlsx"`);
+
+    // Write to response
+    await workbook.xlsx.write(res);
+
+    console.log('✅ Excel export completed for plan:', id);
+
+  } catch (error) {
+    console.error('❌ Error exporting to Excel:', error);
+    res.status(500).json({ error: 'Internal server error during Excel export' });
+  }
+};
+
+export const exportShiftPlanToPDF = async (req: Request, res: Response): Promise<void> => {
+  try {
+    const { id } = req.params;
+
+    console.log('📄 Starting PDF export for plan:', id);
+
+    // Check if plan exists
+    const plan = await getShiftPlanById(id);
+    if (!plan) {
+      res.status(404).json({ error: 'Shift plan not found' });
+      return;
+    }
+
+    if (plan.status !== 'published') {
+      res.status(400).json({ error: 'Can only export published shift plans' });
+      return;
+    }
+
+    // Create PDF document
+    const doc = new PDFDocument({ margin: 50 });
+
+    // Set response headers
+    res.setHeader('Content-Type', 'application/pdf');
+    res.setHeader('Content-Disposition', `attachment; filename="Schichtplan_${plan.name}_${new Date().toISOString().split('T')[0]}.pdf"`);
+
+    // Pipe PDF to response
+    doc.pipe(res);
+
+    // Add title
+    doc.fontSize(20).font('Helvetica-Bold').text(`Schichtplan: ${plan.name}`, 50, 50);
+    doc.fontSize(12).font('Helvetica').text(`Erstellt am: ${new Date().toLocaleDateString('de-DE')}`, 50, 80);
+
+    // Plan summary
+    let yPosition = 120;
+    doc.fontSize(14).font('Helvetica-Bold').text('Plan Informationen', 50, yPosition);
+    yPosition += 30;
+
+    doc.fontSize(10).font('Helvetica');
+    doc.text(`Plan Name: ${plan.name}`, 50, yPosition);
+    yPosition += 20;
+
+    if (plan.description) {
+      doc.text(`Beschreibung: ${plan.description}`, 50, yPosition);
+      yPosition += 20;
+    }
+
+    doc.text(`Zeitraum: ${plan.startDate} bis ${plan.endDate}`, 50, yPosition);
+    yPosition += 20;
+    doc.text(`Status: ${plan.status}`, 50, yPosition);
+    yPosition += 20;
+    doc.text(`Erstellt von: ${plan.created_by_name || 'Unbekannt'}`, 50, yPosition);
+    yPosition += 20;
+    doc.text(`Erstellt am: ${plan.createdAt}`, 50, yPosition);
+    yPosition += 20;
+    doc.text(`Anzahl Schichten: ${plan.scheduledShifts?.length || 0}`, 50, yPosition);
+    yPosition += 20;
+    doc.text(`Anzahl Mitarbeiter: ${plan.employees?.length || 0}`, 50, yPosition);
+    yPosition += 40;
+
+    // Get timetable data for PDF
+    const timetableData = getTimetableDataForExport(plan);
+    const { days, allTimeSlots } = timetableData;
+
+    // Add timetable section
+    doc.addPage();
+    doc.fontSize(16).font('Helvetica-Bold').text('Schichtplan Timetable', 50, 50);
+
+    let currentY = 80;
+
+    // Define column widths
+    const timeSlotColWidth = 100;
+    const dayColWidth = (500 - timeSlotColWidth) / days.length;
+
+    // Table headers
+    doc.fontSize(10).font('Helvetica-Bold');
+    
+    // Time slot header
+    doc.rect(50, currentY, timeSlotColWidth, 20).fillAndStroke('#2c3e50', '#2c3e50');
+    doc.fillColor('white').text('Schicht (Zeit)', 55, currentY + 5, { width: timeSlotColWidth - 10, align: 'left' });
+    
+    // Day headers
+    days.forEach((day, index) => {
+      const xPos = 50 + timeSlotColWidth + (index * dayColWidth);
+      doc.rect(xPos, currentY, dayColWidth, 20).fillAndStroke('#2c3e50', '#2c3e50');
+      doc.fillColor('white').text(day.name, xPos + 5, currentY + 5, { width: dayColWidth - 10, align: 'center' });
+    });
+
+    doc.fillColor('black');
+    currentY += 20;
+
+    // Time slot rows
+    allTimeSlots.forEach((timeSlot, rowIndex) => {
+      // Check if we need a new page
+      if (currentY > 650) {
+        doc.addPage();
+        currentY = 50;
+        
+        // Redraw headers on new page
+        doc.fontSize(10).font('Helvetica-Bold');
+        doc.rect(50, currentY, timeSlotColWidth, 20).fillAndStroke('#2c3e50', '#2c3e50');
+        doc.fillColor('white').text('Schicht (Zeit)', 55, currentY + 5, { width: timeSlotColWidth - 10, align: 'left' });
+        
+        days.forEach((day, index) => {
+          const xPos = 50 + timeSlotColWidth + (index * dayColWidth);
+          doc.rect(xPos, currentY, dayColWidth, 20).fillAndStroke('#2c3e50', '#2c3e50');
+          doc.fillColor('white').text(day.name, xPos + 5, currentY + 5, { width: dayColWidth - 10, align: 'center' });
+        });
+        
+        doc.fillColor('black');
+        currentY += 20;
+      }
+
+      // Alternate row background
+      const rowBgColor = rowIndex % 2 === 0 ? '#f8f9fa' : 'white';
+      
+      // Time slot cell
+      doc.rect(50, currentY, timeSlotColWidth, 40).fillAndStroke(rowBgColor, '#dee2e6');
+      doc.fontSize(9).font('Helvetica-Bold').text(timeSlot.name, 55, currentY + 5, { width: timeSlotColWidth - 10 });
+      doc.fontSize(8).font('Helvetica').text(`${timeSlot.startTime} - ${timeSlot.endTime}`, 55, currentY + 18, { width: timeSlotColWidth - 10 });
+
+      // Day cells
+      days.forEach((day, colIndex) => {
+        const xPos = 50 + timeSlotColWidth + (colIndex * dayColWidth);
+        const shift = timeSlot.shiftsByDay[day.id];
+        
+        doc.rect(xPos, currentY, dayColWidth, 40).fillAndStroke(rowBgColor, '#dee2e6');
+        
+        if (!shift) {
+          doc.fontSize(8).font('Helvetica-Oblique').fillColor('#ccc').text('Keine Schicht', xPos + 5, currentY + 15, { 
+            width: dayColWidth - 10, 
+            align: 'center' 
+          });
+        } else {
+          // Get assignments for this time slot and day
+          const scheduledShift = plan.scheduledShifts?.find((scheduled: any) => {
+            const scheduledDayOfWeek = getDayOfWeek(scheduled.date);
+            return scheduledDayOfWeek === day.id && 
+                  scheduled.timeSlotId === timeSlot.id;
+          });
+
+          doc.fillColor('black').fontSize(8).font('Helvetica');
+          
+          if (scheduledShift && scheduledShift.assignedEmployees.length > 0) {
+            let textY = currentY + 5;
+            scheduledShift.assignedEmployees.forEach((empId: string, empIndex: number) => {
+              if (textY < currentY + 35) { // Don't overflow cell
+                const employee = plan.employees?.find((emp: any) => emp.id === empId);
+                if (employee) {
+                  let roleIndicator = '';
+                  if (employee.isTrainee) {
+                    roleIndicator = ' (T)';
+                    doc.fillColor('#cda8f0'); // Trainee color
+                  } else if (employee.roles?.includes('manager')) {
+                    roleIndicator = ' (M)';
+                    doc.fillColor('#CC0000'); // Manager color
+                  } else {
+                    doc.fillColor('#642ab5'); // Regular personnel color
+                  }
+                  
+                  const name = `${employee.firstname} ${employee.lastname}${roleIndicator}`;
+                  doc.text(name, xPos + 5, textY, { width: dayColWidth - 10, align: 'left' });
+                  textY += 10;
+                }
+              }
+            });
+            doc.fillColor('black');
+          } else {
+            // Show required count like in React component
+            const shiftsForSlot = plan.shifts?.filter((s: any) => 
+              s.dayOfWeek === day.id && 
+              s.timeSlotId === timeSlot.id
+            ) || [];
+            const totalRequired = shiftsForSlot.reduce((sum: number, s: any) => sum + s.requiredEmployees, 0);
+            const displayText = totalRequired === 0 ? '-' : `0/${totalRequired}`;
+            
+            doc.fillColor('#666').fontSize(9).font('Helvetica-Oblique')
+               .text(displayText, xPos + 5, currentY + 15, { width: dayColWidth - 10, align: 'center' });
+            doc.fillColor('black');
+          }
+        }
+      });
+
+      currentY += 40;
+    });
+
+    // Add employee overview page
+    doc.addPage();
+    doc.fontSize(16).font('Helvetica-Bold').text('Mitarbeiterübersicht', 50, 50);
+
+    currentY = 80;
+
+    // Table headers
+    doc.fontSize(10).font('Helvetica-Bold');
+    doc.text('Name', 50, currentY);
+    doc.text('E-Mail', 200, currentY);
+    doc.text('Rolle', 350, currentY);
+    doc.text('Typ', 450, currentY);
+    currentY += 15;
+
+    // Horizontal line
+    doc.moveTo(50, currentY).lineTo(550, currentY).stroke();
+    currentY += 10;
+
+    doc.fontSize(9).font('Helvetica');
+
+    plan.employees?.forEach((employee: any) => {
+      if (currentY > 700) {
+        doc.addPage();
+        currentY = 50;
+        // Re-add headers
+        doc.fontSize(10).font('Helvetica-Bold');
+        doc.text('Name', 50, currentY);
+        doc.text('E-Mail', 200, currentY);
+        doc.text('Rolle', 350, currentY);
+        doc.text('Typ', 450, currentY);
+        currentY += 25;
+      }
+
+      doc.text(`${employee.firstname} ${employee.lastname}`, 50, currentY);
+      doc.text(employee.email, 200, currentY, { width: 140 });
+      doc.text(employee.roles?.join(', ') || 'Benutzer', 350, currentY, { width: 90 });
+      doc.text(employee.employeeType, 450, currentY);
+
+      currentY += 20;
+    });
+
+    // Add footer to each page
+    const pages = doc.bufferedPageRange();
+    for (let i = 0; i < pages.count; i++) {
+      doc.switchToPage(i);
+
+      doc.fontSize(8).font('Helvetica');
+      doc.text(
+        `Seite ${i + 1} von ${pages.count} • Erstellt am: ${new Date().toLocaleString('de-DE')} • Schichtplaner System`,
+        50,
+        800,
+        { align: 'center', width: 500 }
+      );
+    }
+
+    // Finalize PDF
+    doc.end();
+
+    console.log('✅ PDF export completed for plan:', id);
+
+  } catch (error) {
+    console.error('❌ Error exporting to PDF:', error);
+    res.status(500).json({ error: 'Internal server error during PDF export' });
+  }
+};
+
+// Helper function to get day of week from date string
+function getDayOfWeek(dateString: string): number {
+  const date = new Date(dateString);
+  return date.getDay() === 0 ? 7 : date.getDay();
+}
+
+// Helper function to get German day names
+function getGermanDayName(dayIndex: number): string {
+  const days = ['Sonntag', 'Montag', 'Dienstag', 'Mittwoch', 'Donnerstag', 'Freitag', 'Samstag'];
+  return days[dayIndex];
+}

backend/src/middleware/Validation/Access.md

@@ -0,0 +1,25 @@
+## User Settings
+
+### \[UPDATE\] Personal availability
+* Only the employee themselves can manage their availability
+* Must select a valid shift plan with defined shifts
+* All changes require explicit save action
+
+### \[VIEW\] ShiftPlan assignments
+* Published plans show actual assignments
+* Draft plans show preview assignments (if calculated)
+* Regular users can only view, not modify assignments
+
+## System-wide
+
+### \[ACCESS\] Role-based restrictions
+* `admin`: Full access to all features
+* `maintenance`: Access to shift plans and employee management (except admin users)
+* `user`: Read-only access to shift plans, can manage own availability and profile
+
+### \[DATA\] Validation rules
+* Email addresses are automatically generated from firstname/lastname
+* Employee status (`isActive`) controls login and planning eligibility
+* Trainee status affects independence (`canWorkAlone`) automatically
+* Date ranges must be valid (start before end)
+* All required fields must be filled before form submission

backend/src/middleware/Validation/Assignment.md

@@ -0,0 +1,37 @@
+## Shift Assignment
+
+### \[ACTION: update scheduled shift\]
+* Requires valid scheduled shift ID
+* Only updates assignedEmployees array
+* Requires authentication with valid token
+* Handles both JSON and non-JSON responses
+
+### \[ACTION: assign shifts automatically\]
+* Requires shift plan, employees, and availabilities
+* Availability preferenceLevel must be 1, 2, or 3
+* Constraints must be an array (converts non-array to empty array)
+* All employees must have valid availability data
+
+### \[ACTION: get scheduled shifts\]
+* Requires valid plan ID
+* Automatically fixes data structure inconsistencies:
+  - timeSlotId mapping (handles both naming conventions)
+  - requiredEmployees fallback to 2 if missing
+  - assignedEmployees fallback to empty array if missing
+
+## Availability
+
+### [UPDATE] availability
+* planId: required valid UUID
+* availabilities: required array with strict validation:
+  - shiftId: valid UUID
+  - preferenceLevel: 0 (unavailable), 1 (available), or 2 (preferred)
+  - notes: optional, max 500 characters
+
+## Scheduling
+
+### [ACTION: generate schedule]
+* shiftPlan: required object with id (valid UUID)
+* employees: required array with at least one employee, each with valid UUID
+* availabilities: required array
+* constraints: optional array

backend/src/middleware/Validation/Authentication.md

@@ -0,0 +1,23 @@
+## Authentication
+
+### \[ACTION: login\]
+* Requires valid email and password format:
+  - Minimum 8 characters
+  - Must contain uppercase, lowercase, number and special character
+* Server validates credentials before issuing token
+* Token and employee data stored in localStorage upon success
+
+### \[ACTION: register\]
+* `Password` optional but strict validation:
+  - Minimum 8 characters
+  - Must contain uppercase, lowercase, number and special character
+* `firstname` 1-100 characters and must not be empty
+* `lastname` 1-100 characters and must not be empty
+* Requires valid email
+* Role is optional during registration
+* Automatically logs in user after successful registration
+
+### \[ACTION: access protected resources\]
+* Requires valid JWT token in Authorization header
+* Token is automatically retrieved from localStorage
+* Unauthorized requests (401) trigger automatic logout

backend/src/middleware/Validation/DataIntegrity

@@ -0,0 +1,23 @@
+## Data Integrity
+
+### \[GENERAL\] API communication
+* All fetch requests include error handling
+* Failed responses throw descriptive errors
+* Token validation before protected operations
+* Automatic localStorage cleanup on logout
+
+### \[GENERAL\] data persistence
+* Employee data cached in localStorage after login
+* Token automatically retrieved from localStorage
+* Data structure normalization for scheduled shifts
+
+### \[GENERAL\] error handling
+* Network errors are caught and logged
+* HTTP errors include status codes and messages
+* Failed authentication triggers cleanup and logout
+
+## Role & Permission Notes
+* The frontend services don't explicitly restrict actions by role
+* Role-based restrictions are likely handled by the backend
+* Frontend assumes user has permissions for requested operations
+* 401 responses indicate insufficient permissions at backend level

backend/src/middleware/Validation/Employee.md

@@ -0,0 +1,75 @@
+## Employee Management
+
+### \[CREATE/UPDATE\] employee
+* All employee operations require authentication
+* Password changes require current password + new password
+* Only authenticated users can create/update employees
+
+### \[ACTION: delete employee\]
+* Requires authentication
+* Server validates permissions before deletion
+
+### \[ACTION: update availability\]
+* Requires employee ID and plan ID
+* Availability updates must include valid preference levels
+* Only authenticated users can update availabilities
+
+### \[ACTION: update last login\]
+* Requires employee ID
+* Fails silently if update fails (logs error but doesn`t block user)
+
+## Employee
+
+### \[CREATE\] Employee
+* `firstname` 1-100 characters and must not be empty
+* `lastname` 1-100 characters and must not be empty
+* `password` must be at least 8 characters (in create mode)
+* `employeeType` must be `manager`, `personell`, `apprentice`, or `guest`
+* `canWorkAlone` optional boolean
+* `isTrainee` optional boolean
+* `isActive` optional boolean (default true)
+* Contract type validation:
+  * `manager`, `apprentice` => `contractType` = flexible
+  * `guest` => `contractType` = undefined/NONE
+  * `personell` => `contractType` = small || large
+
+### \[UPDATE\] Employee profile
+* `firstname` 1-100 characters and must not be empty
+* `lastname` 1-100 characters and must not be empty
+* `employeeType` must be valid type if provided
+* `contractType` must be valid type if provided
+* `roles` must be valid array of roles if provided
+* Only the employee themselves or admins can update
+
+### \[UPDATE\] Employee password
+* `newPassword` optional but strict validation:
+  - Minimum 8 characters
+  - Must contain uppercase, lowercase, number and special character
+* `newPassword` must match `confirmPassword`
+* For admin password reset: no `currentPassword` required
+* For self-password change: `currentPassword` required
+
+### \[UPDATE\] Employee roles
+* Only users with role `admin` can modify roles
+* At least one employee must maintain `admin` role
+* Users cannot remove their own admin role
+
+### \[UPDATE\] Employee availability
+* Only active employees can set availability
+* Contract type requirements:
+  * `small` contract: minimum 2 available shifts (preference level 1 or 2)
+  * `large` contract: minimum 3 available shifts (preference level 1 or 2)
+  * `flexible` contract: no minimum requirement
+* Availability can only be set for valid shift patterns in selected plan
+* `shiftId` must be valid and exist in the current plan
+
+### \[ACTION: delete\] Employee
+* Only users with role `admin` can delete employees
+* Cannot delete yourself
+* Cannot delete the last admin user
+* User confirmation required before deletion
+
+### \[ACTION: edit\] Employee
+* Admins can edit all employees
+* Maintenance users can edit non-admin employees or themselves
+* Regular users can only edit themselves

backend/src/middleware/Validation/Shiftplan.md

@@ -0,0 +1,66 @@
+## Shift Plan Management
+
+### \[CREATE\] shift plan
+* All operations require authentication
+* 401 responses trigger automatic logout
+* Scheduled shifts array is guaranteed to exist (empty array if none)
+
+### \[CREATE\] shift plan from preset
+* presetName must match existing TEMPLATE_PRESETS
+* Requires name, startDate, and endDate
+* isTemplate is optional (defaults to false)
+
+### \[UPDATE\] shift plan
+* Requires valid shift plan ID
+* Partial updates allowed
+* Authentication required
+
+### \[ACTION: delete shift plan\]
+* Requires authentication
+* 401 responses trigger automatic logout
+
+### \[ACTION: regenerate scheduled shifts\]
+* Requires valid plan ID
+* Authentication required
+* Fails silently if regeneration fails (logs error but continues)
+
+### \[ACTION: clear assignments\]
+* Requires valid plan ID
+* Authentication required
+* Clears all employee assignments from scheduled shifts
+
+## ShiftPlan
+
+### \[CREATE\] ShiftPlan from template
+* `planName` must not be empty
+* `startDate` must be set
+* `endDate` must be set
+* `endDate` must be after `startDate`
+* `selectedPreset` must be chosen (template must be selected)
+* Only available template presets can be used
+
+### \[ACTION: publish\] ShiftPlan
+* Plan must be in 'draft' status
+* All active employees must have set their availabilities for the plan
+* Only users with roles \['admin', 'maintenance'\] can publish
+* Assignment algorithm must not have critical violations (ERROR or ❌ KRITISCH)
+* employee && employee.contract_type === small => mind. 1 mal availability === 1 || availability === 2
+* employee && employee.contract_type === large => mind. 3 mal availability === 1 || availability === 2
+
+### \[ACTION: recreate assignments\]
+* Plan must be in 'published' status
+* Only users with roles \['admin', 'maintenance'\] can recreate
+* User confirmation required before clearing all assignments
+
+### \[ACTION: delete\] ShiftPlan
+* Only users with roles \['admin', 'maintenance'\] can delete
+* User confirmation required before deletion
+
+### \[ACTION: edit\] ShiftPlan
+* Only users with roles \['admin', 'maintenance'\] can edit
+* Can only edit plans in 'draft' status
+
+### \[UPDATE\] ShiftPlan shifts
+* `timeSlotId` must be selected from available time slots
+* `requiredEmployees` must be at least 1
+* `dayOfWeek` must be between 1-7

backend/src/middleware/auth.ts

@@ -52,3 +52,35 @@ export const requireRole = (roles: string[]) => {
     next();
   };
 };
+
+export const getClientIP = (req: Request): string => {
+  const trustedHeader = process.env.TRUSTED_PROXY_HEADER || 'x-forwarded-for';
+  const forwarded = req.headers[trustedHeader];
+  const realIp = req.headers['x-real-ip'];
+  
+  if (forwarded) {
+    if (Array.isArray(forwarded)) {
+      return forwarded[0].split(',')[0].trim();
+    } else if (typeof forwarded === 'string') {
+      return forwarded.split(',')[0].trim();
+    }
+  }
+  
+  if (realIp) {
+    return realIp.toString();
+  }
+  
+  return req.socket.remoteAddress || req.ip || 'unknown';
+};
+
+export const ipSecurityCheck = (req: AuthRequest, res: Response, next: NextFunction): void => {
+  const clientIP = getClientIP(req);
+  
+  // Log suspicious activity
+  const suspiciousPaths = ['/api/auth/login', '/api/auth/register'];
+  if (suspiciousPaths.includes(req.path)) {
+    console.log(`🔐 Auth attempt from IP: ${clientIP}, Path: ${req.path}`);
+  }
+  
+  next();
+}

backend/src/middleware/rateLimit.ts

@@ -1,6 +1,46 @@
 import rateLimit from 'express-rate-limit';
 import { Request } from 'express';
 
+// Secure IP extraction that works with proxy settings
+const getClientIP = (req: Request): string => {
+  // Read from environment which header to trust
+  const trustedHeader = process.env.TRUSTED_PROXY_HEADER || 'x-forwarded-for';
+  
+  const forwarded = req.headers[trustedHeader];
+  const realIp = req.headers['x-real-ip'];
+  const cfConnectingIp = req.headers['cf-connecting-ip']; // Cloudflare
+  
+  // If we have a forwarded header and trust proxy is configured
+  if (forwarded) {
+    if (Array.isArray(forwarded)) {
+      const firstIP = forwarded[0].split(',')[0].trim();
+      console.log(`🔍 Extracted IP from ${trustedHeader}: ${firstIP} (from: ${forwarded[0]})`);
+      return firstIP;
+    } else if (typeof forwarded === 'string') {
+      const firstIP = forwarded.split(',')[0].trim();
+      console.log(`🔍 Extracted IP from ${trustedHeader}: ${firstIP} (from: ${forwarded})`);
+      return firstIP;
+    }
+  }
+  
+  // Cloudflare support
+  if (cfConnectingIp) {
+    console.log(`🔍 Using Cloudflare IP: ${cfConnectingIp}`);
+    return cfConnectingIp.toString();
+  }
+  
+  // Fallback to x-real-ip
+  if (realIp) {
+    console.log(`🔍 Using x-real-ip: ${realIp}`);
+    return realIp.toString();
+  }
+  
+  // Final fallback to connection remote address
+  const remoteAddress = req.socket.remoteAddress || req.ip || 'unknown';
+  console.log(`🔍 Using remote address: ${remoteAddress}`);
+  return remoteAddress;
+};
+
 // Helper to check if request should be limited
 const shouldSkipLimit = (req: Request): boolean => {
   const skipPaths = [
@@ -14,35 +54,92 @@ const shouldSkipLimit = (req: Request): boolean => {
     return true;
   }
   
+  // Skip for whitelisted IPs from environment
+  const whitelist = process.env.RATE_LIMIT_WHITELIST?.split(',') || [];
+  const clientIP = getClientIP(req);
+  if (whitelist.includes(clientIP)) {
+    console.log(`✅ IP whitelisted: ${clientIP}`);
+    return true;
+  }
+  
   return skipPaths.includes(req.path);
 };
 
+// Environment-based configuration
+const getRateLimitConfig = () => {
+  const isProduction = process.env.NODE_ENV === 'production';
+  
+  return {
+    windowMs: parseInt(process.env.RATE_LIMIT_WINDOW_MS || '900000'), // 15 minutes default
+    max: isProduction 
+      ? parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || '1000')  // Stricter in production
+      : parseInt(process.env.RATE_LIMIT_MAX_REQUESTS || '5000'), // More lenient in development
+    
+    // Development-specific relaxations
+    skip: (req: Request) => {
+      // Skip all GET requests in development for easier testing
+      if (!isProduction && req.method === 'GET') {
+        return true;
+      }
+      
+      return shouldSkipLimit(req);
+    }
+  };
+};
+
 // Main API limiter - nur für POST/PUT/DELETE
 export const apiLimiter = rateLimit({
-  windowMs: 15 * 60 * 1000, // 15 minutes
+  ...getRateLimitConfig(),
-  max: 200, // 200 non-GET requests per 15 minutes
   message: { 
     error: 'Zu viele Anfragen, bitte verlangsamen Sie Ihre Aktionen' 
   },
   standardHeaders: true,
   legacyHeaders: false,
-  skip: (req) => {
+  keyGenerator: (req) => getClientIP(req),
-    // ✅ Skip für GET requests (Data Fetching)
+  handler: (req, res) => {
-    if (req.method === 'GET') return true;
+    const clientIP = getClientIP(req);
+    console.warn(`🚨 Rate limit exceeded for IP: ${clientIP}, Path: ${req.path}, Method: ${req.method}`);
     
-    // ✅ Skip für Health/Status Checks
+    res.status(429).json({ 
-    return shouldSkipLimit(req);
+      error: 'Zu viele Anfragen',
+      message: 'Bitte versuchen Sie es später erneut',
+      retryAfter: '15 Minuten',
+      clientIP: process.env.NODE_ENV === 'development' ? clientIP : undefined // Only expose IP in dev
+    });
   }
 });
 
 // Strict limiter for auth endpoints
 export const authLimiter = rateLimit({
   windowMs: 15 * 60 * 1000,
-  max: 5,
+  max: parseInt(process.env.AUTH_RATE_LIMIT_MAX_REQUESTS || '100'),
   message: { 
     error: 'Zu viele Login-Versuche, bitte versuchen Sie es später erneut' 
   },
   standardHeaders: true,
   legacyHeaders: false,
   skipSuccessfulRequests: true,
+  keyGenerator: (req) => getClientIP(req),
+  handler: (req, res) => {
+    const clientIP = getClientIP(req);
+    console.warn(`🚨 Auth rate limit exceeded for IP: ${clientIP}`);
+    
+    res.status(429).json({ 
+      error: 'Zu viele Login-Versuche',
+      message: 'Aus Sicherheitsgründen wurde Ihr Konto temporär gesperrt',
+      retryAfter: '15 Minuten'
+    });
+  }
+});
+
+// Separate limiter for expensive endpoints
+export const expensiveEndpointLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: parseInt(process.env.EXPENSIVE_ENDPOINT_LIMIT || '100'),
+  message: {
+    error: 'Zu viele Anfragen für diese Ressource'
+  },
+  standardHeaders: true,
+  legacyHeaders: false,
+  keyGenerator: (req) => getClientIP(req)
 });

backend/src/middleware/validation.ts

@@ -9,43 +9,27 @@ export const validateLogin = [
     .normalizeEmail(),
 
   body('password')
-    .isLength({ min: 6 })
+    .optional()
-    .withMessage('Password must be at least 6 characters')
+    .isLength({ min: 8 })
-    .trim()
+    .withMessage('Password must be at least 8 characters')
-    .escape()
+    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?])/)
+    .withMessage('Password must contain uppercase, lowercase, number and special character'),
 ];
 
 export const validateRegister = [
   body('firstname')
     .isLength({ min: 1, max: 100 })
     .withMessage('First name must be between 1-100 characters')
+    .notEmpty()
+    .withMessage('First name must not be empty')
     .trim()
     .escape(),
 
   body('lastname')
     .isLength({ min: 1, max: 100 })
     .withMessage('Last name must be between 1-100 characters')
-    .trim()
+    .notEmpty()
-    .escape(),
+    .withMessage('Last name must not be empty')
-  
-  body('password')
-    .isLength({ min: 8 })
-    .withMessage('Password must be at least 8 characters')
-    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)/)
-    .withMessage('Password must contain uppercase, lowercase and number')
-];
-
-// ===== EMPLOYEE VALIDATION =====
-export const validateEmployee = [
-  body('firstname')
-    .isLength({ min: 1, max: 100 })
-    .withMessage('First name must be between 1-100 characters')
-    .trim()
-    .escape(),
-  
-  body('lastname')
-    .isLength({ min: 1, max: 100 })
-    .withMessage('Last name must be between 1-100 characters')
     .trim()
     .escape(),
 
@@ -53,13 +37,65 @@ export const validateEmployee = [
     .optional()
     .isLength({ min: 8 })
     .withMessage('Password must be at least 8 characters')
-    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)/)
+    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?])/)
-    .withMessage('Password must contain uppercase, lowercase and number'),
+    .withMessage('Password must contain uppercase, lowercase, number and special character'),
+];
+
+// ===== EMPLOYEE VALIDATION =====
+export const validateEmployee = [
+  body('firstname')
+    .isLength({ min: 1, max: 100 })
+    .withMessage('First name must be between 1-100 characters')
+    .notEmpty()
+    .withMessage('First name must not be empty')
+    .trim()
+    .escape(),
+
+  body('lastname')
+    .isLength({ min: 1, max: 100 })
+    .withMessage('Last name must be between 1-100 characters')
+    .notEmpty()
+    .withMessage('Last name must not be empty')
+    .trim()
+    .escape(),
+
+  body('password')
+    .optional()
+    .isLength({ min: 8 })
+    .withMessage('Password must be at least 8 characters')
+    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?])/)
+    .withMessage('Password must contain uppercase, lowercase, number and special character'),
 
   body('employeeType')
     .isIn(['manager', 'personell', 'apprentice', 'guest'])
     .withMessage('Employee type must be manager, personell, apprentice or guest'),
 
+  body('contractType')
+    .custom((value, { req }) => {
+      const employeeType = req.body.employeeType;
+
+      // Manager, apprentice => contractType must be flexible
+      if (['manager', 'apprentice'].includes(employeeType)) {
+        if (value !== 'flexible') {
+          throw new Error(`contractType must be 'flexible' for employeeType: ${employeeType}`);
+        }
+      }
+      // Guest => contractType must be undefined/NONE
+      else if (employeeType === 'guest') {
+        if (value !== undefined && value !== null) {
+          throw new Error(`contractType is not allowed for employeeType: ${employeeType}`);
+        }
+      }
+      // Personell => contractType must be small or large
+      else if (employeeType === 'personell') {
+        if (!['small', 'large'].includes(value)) {
+          throw new Error(`contractType must be 'small' or 'large' for employeeType: ${employeeType}`);
+        }
+      }
+
+      return true;
+    }),
+
   body('contractType')
     .optional()
     .isIn(['small', 'large', 'flexible'])
@@ -96,6 +132,8 @@ export const validateEmployeeUpdate = [
     .optional()
     .isLength({ min: 1, max: 100 })
     .withMessage('First name must be between 1-100 characters')
+    .notEmpty()
+    .withMessage('First name must not be empty')
     .trim()
     .escape(),
 
@@ -103,6 +141,8 @@ export const validateEmployeeUpdate = [
     .optional()
     .isLength({ min: 1, max: 100 })
     .withMessage('Last name must be between 1-100 characters')
+    .notEmpty()
+    .withMessage('Last name must not be empty')
     .trim()
     .escape(),
 
@@ -113,8 +153,29 @@ export const validateEmployeeUpdate = [
 
   body('contractType')
     .optional()
-    .isIn(['small', 'large', 'flexible'])
+    .custom((value, { req }) => {
-    .withMessage('Contract type must be small, large or flexible'),
+      const employeeType = req.body.employeeType;
+      if (!employeeType) return true; // Skip if employeeType not provided
+
+      // Same validation logic as create
+      if (['manager', 'apprentice'].includes(employeeType)) {
+        if (value !== 'flexible') {
+          throw new Error(`contractType must be 'flexible' for employeeType: ${employeeType}`);
+        }
+      }
+      else if (employeeType === 'guest') {
+        if (value !== undefined && value !== null) {
+          throw new Error(`contractType is not allowed for employeeType: ${employeeType}`);
+        }
+      }
+      else if (employeeType === 'personell') {
+        if (!['small', 'large'].includes(value)) {
+          throw new Error(`contractType must be 'small' or 'large' for employeeType: ${employeeType}`);
+        }
+      }
+
+      return true;
+    }),
 
   body('roles')
     .optional()
@@ -145,14 +206,22 @@ export const validateEmployeeUpdate = [
 export const validateChangePassword = [
   body('currentPassword')
     .optional()
-    .isLength({ min: 6 })
+    .isLength({ min: 1 })
-    .withMessage('Current password must be at least 6 characters'),
+    .withMessage('Current password is required for self-password change'),
 
   body('newPassword')
     .isLength({ min: 8 })
-    .withMessage('New password must be at least 8 characters')
+    .withMessage('Password must be at least 8 characters')
-    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)/)
+    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?])/)
-    .withMessage('New password must contain uppercase, lowercase and number')
+    .withMessage('Password must contain uppercase, lowercase, number and special character'),
+
+  body('confirmPassword')
+    .custom((value, { req }) => {
+      if (value !== req.body.newPassword) {
+        throw new Error('Passwords do not match');
+      }
+      return true;
+    })
 ];
 
 // ===== SHIFT PLAN VALIDATION =====
@@ -284,7 +353,7 @@ export const validateCreateFromPreset = [
   body('presetName')
     .isLength({ min: 1 })
     .withMessage('Preset name is required')
-    .isIn(['standardWeek', 'extendedWeek', 'weekendFocused', 'morningOnly', 'eveningOnly', 'ZEBRA_STANDARD'])
+    .isIn(['GENERAL_STANDARD', 'ZEBRA_STANDARD'])
     .withMessage('Invalid preset name'),
 
   body('name')
@@ -294,14 +363,24 @@ export const validateCreateFromPreset = [
     .escape(),
 
   body('startDate')
-    .optional()
     .isISO8601()
-    .withMessage('Must be a valid date (ISO format)'),
+    .withMessage('Must be a valid date (ISO format)')
+    .custom((value, { req }) => {
+      if (req.body.endDate && new Date(value) > new Date(req.body.endDate)) {
+        throw new Error('Start date must be before end date');
+      }
+      return true;
+    }),
 
   body('endDate')
-    .optional()
     .isISO8601()
-    .withMessage('Must be a valid date (ISO format)'),
+    .withMessage('Must be a valid date (ISO format)')
+    .custom((value, { req }) => {
+      if (req.body.startDate && new Date(value) < new Date(req.body.startDate)) {
+        throw new Error('End date must be after start date');
+      }
+      return true;
+    }),
 
   body('isTemplate')
     .optional()
@@ -340,10 +419,11 @@ export const validateSetupAdmin = [
     .escape(),
 
   body('password')
+    .optional()
     .isLength({ min: 8 })
     .withMessage('Password must be at least 8 characters')
-    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)/)
+    .matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?])/)
-    .withMessage('Password must contain uppercase, lowercase and number')
+    .withMessage('Password must contain uppercase, lowercase, number and special character'),
 ];
 
 // ===== SCHEDULING VALIDATION =====
@@ -382,7 +462,20 @@ export const validateAvailabilities = [
 
   body('availabilities')
     .isArray()
-    .withMessage('Availabilities must be an array'),
+    .withMessage('Availabilities must be an array')
+    .custom((availabilities, { req }) => {
+      // Count available shifts (preference level 1 or 2)
+      const availableCount = availabilities.filter((avail: any) =>
+        avail.preferenceLevel === 1 || avail.preferenceLevel === 2
+      ).length;
+
+      // Basic validation - at least one available shift
+      if (availableCount === 0) {
+        throw new Error('At least one available shift is required');
+      }
+
+      return true;
+    }),
 
   body('availabilities.*.shiftId')
     .isUUID()

backend/src/models/helpers/employeeHelpers.ts

@@ -18,12 +18,12 @@ function generateEmail(firstname: string, lastname: string): string {
   return `${cleanFirstname}.${cleanLastname}@sp.de`;
 }
 
-// UPDATED: Validation for new employee model with employee types
+// Validation for new employee model with employee types
 export function validateEmployeeData(employee: CreateEmployeeRequest): string[] {
   const errors: string[] = [];
 
-  if (employee.password?.length < 6) {
+  if (employee.password?.length < 8) {
-    errors.push('Password must be at least 6 characters long');
+    errors.push('Password must be at least 8 characters long');
   }
 
   if (!employee.firstname?.trim() || employee.firstname.trim().length < 2) {
@@ -71,7 +71,7 @@ export function generateEmployeeEmail(firstname: string, lastname: string): stri
   return generateEmail(firstname, lastname);
 }
 
-// UPDATED: Business logic helpers for new employee types
+// Business logic helpers for new employee types
 export const isManager = (employee: Employee): boolean =>
   employee.employeeType === 'manager';
 
@@ -90,7 +90,7 @@ export const isInternal = (employee: Employee): boolean =>
 export const isExternal = (employee: Employee): boolean =>
   employee.employeeType === 'guest';
 
-// UPDATED: Trainee logic - now based on isTrainee field for personell type
+// Trainee logic - now based on isTrainee field for personell type
 export const isTrainee = (employee: Employee): boolean =>
   employee.employeeType === 'personell' && employee.isTrainee;
 
@@ -107,7 +107,7 @@ export const isMaintenance = (employee: Employee): boolean =>
 export const isUser = (employee: Employee): boolean =>
   employee.roles?.includes('user') || false;
 
-// UPDATED: Work alone permission - managers and experienced personell can work alone
+// Work alone permission - managers and experienced personell can work alone
 export const canEmployeeWorkAlone = (employee: Employee): boolean =>
   employee.canWorkAlone && (isManager(employee) || isExperienced(employee));
 
@@ -134,7 +134,7 @@ export function validateAvailabilityData(availability: Omit<EmployeeAvailability
   return errors;
 }
 
-// UPDATED: Helper to get employee type category
+// Helper to get employee type category
 export const getEmployeeCategory = (employee: Employee): 'internal' | 'external' => {
   return isInternal(employee) ? 'internal' : 'external';
 };

backend/src/models/helpers/shiftPlanHelpers.ts

@@ -78,7 +78,7 @@ export function calculateTotalRequiredEmployees(plan: ShiftPlan): number {
   return plan.shifts.reduce((total, shift) => total + shift.requiredEmployees, 0);
 }
 
-// UPDATED: Get scheduled shift by date and time slot
+// Get scheduled shift by date and time slot
 export function getScheduledShiftByDateAndTime(
   plan: ShiftPlan, 
   date: string, 

backend/src/models/scheduling.ts

@@ -2,7 +2,7 @@
 import { Employee } from './Employee.js';
 import { ShiftPlan } from './ShiftPlan.js';
 
-// Updated Availability interface to match new schema
+// Availability interface
 export interface Availability {
   id: string;
   employeeId: string;

backend/src/routes/employees.ts

@@ -28,18 +28,18 @@ const router = express.Router();
 router.use(authMiddleware);
 
 // Employee CRUD Routes
-router.get('/', validatePagination, handleValidationErrors, getEmployees);
+router.get('/', validatePagination, handleValidationErrors, authMiddleware, getEmployees);
 router.get('/:id', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), getEmployee);
 router.post('/', validateEmployee, handleValidationErrors, requireRole(['admin']), createEmployee);
 router.put('/:id', validateId, validateEmployeeUpdate, handleValidationErrors, requireRole(['admin', 'maintenance']), updateEmployee);
 router.delete('/:id', validateId, handleValidationErrors, requireRole(['admin']), deleteEmployee);
 
 // Password & Login Routes
-router.put('/:id/password', validateId, validateChangePassword, handleValidationErrors, changePassword);
+router.put('/:id/password', validateId, validateChangePassword, handleValidationErrors, authMiddleware, changePassword);
-router.put('/:id/last-login', validateId, handleValidationErrors, updateLastLogin);
+router.put('/:id/last-login', validateId, handleValidationErrors, authMiddleware, updateLastLogin);
 
 // Availability Routes
-router.get('/:employeeId/availabilities', validateEmployeeId, handleValidationErrors, getAvailabilities);
+router.get('/:employeeId/availabilities', validateEmployeeId, handleValidationErrors, authMiddleware, getAvailabilities);
-router.put('/:employeeId/availabilities', validateEmployeeId, validateAvailabilities, handleValidationErrors, updateAvailabilities);
+router.put('/:employeeId/availabilities', validateEmployeeId, validateAvailabilities, handleValidationErrors, authMiddleware, updateAvailabilities);
 
 export default router;

backend/src/routes/shiftPlans.ts

@@ -7,7 +7,9 @@ import {
   updateShiftPlan, 
   deleteShiftPlan,
   createFromPreset,
-  clearAssignments
+  clearAssignments,
+  exportShiftPlanToExcel,
+  exportShiftPlanToPDF
 } from '../controllers/shiftPlanController.js';
 import { 
   validateShiftPlan, 
@@ -30,4 +32,7 @@ router.put('/:id', validateId, validateShiftPlanUpdate, handleValidationErrors,
 router.delete('/:id', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), deleteShiftPlan);
 router.post('/:id/clear-assignments', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), clearAssignments);
 
+router.get('/:id/export/excel', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), exportShiftPlanToExcel);
+router.get('/:id/export/pdf', validateId, handleValidationErrors, requireRole(['admin', 'maintenance']), exportShiftPlanToPDF);
+
 export default router;

backend/src/scripts/applyMigration.ts

@@ -53,7 +53,7 @@ async function markMigrationAsApplied(migrationName: string) {
   );
 }
 
-// UPDATED: Function to handle schema changes for the new employee type system
+// Function to handle schema changes for the new employee type system
 async function applySchemaUpdates() {
   console.log('🔄 Applying schema updates for new employee type system...');
   
@@ -80,7 +80,7 @@ async function applySchemaUpdates() {
       PRAGMA table_info(employees)
     `);
     
-    // FIXED: Check for employee_type column (not roles column)
+    // Check for employee_type column (not roles column)
     const hasEmployeeType = employeesTableInfo.some((col: TableColumnInfo) => col.name === 'employee_type');
     const hasIsTrainee = employeesTableInfo.some((col: TableColumnInfo) => col.name === 'is_trainee');
     

backend/src/scripts/initializeDatabase.ts

@@ -65,7 +65,7 @@ export async function initializeDatabase(): Promise<void> {
 
       console.log('Existing tables found:', existingTables.map(t => t.name).join(', ') || 'none');
 
-      // UPDATED: Drop tables in correct dependency order for new schema
+      // Drop tables in correct dependency order for new schema
       const tablesToDrop = [
         'employee_availability',
         'shift_assignments',
@@ -95,16 +95,40 @@ export async function initializeDatabase(): Promise<void> {
       // Continue with schema creation even if table dropping fails
     }
 
-    // Execute schema creation in a transaction
+    // NEU: PRAGMA-Anweisungen außerhalb der Transaktion ausführen
-    await db.run('BEGIN EXCLUSIVE TRANSACTION');
+    console.log('Executing PRAGMA statements outside transaction...');
-    
+    const pragmaStatements = schema
-    // Execute each statement separately for better error reporting
-    const statements = schema
       .split(';')
       .map(stmt => stmt.trim())
       .filter(stmt => stmt.length > 0)
+      .filter(stmt => stmt.toUpperCase().startsWith('PRAGMA'))
+      .map(stmt => {
+        return stmt.split('\n')
+          .filter(line => !line.trim().startsWith('--'))
+          .join('\n')
+          .trim();
+      });
+
+    for (const statement of pragmaStatements) {
+      try {
+        console.log('Executing PRAGMA:', statement);
+        await db.run(statement);
+      } catch (error) {
+        console.warn('PRAGMA statement might have failed:', statement, error);
+        // Continue even if PRAGMA fails
+      }
+    }
+
+    // Schema-Erstellung in Transaktion
+    await db.run('BEGIN EXCLUSIVE TRANSACTION');
+
+    // Nur die CREATE TABLE und andere Anweisungen (ohne PRAGMA)
+    const schemaStatements = schema
+      .split(';')
+      .map(stmt => stmt.trim())
+      .filter(stmt => stmt.length > 0)
+      .filter(stmt => !stmt.toUpperCase().startsWith('PRAGMA'))
       .map(stmt => {
-        // Remove any single-line comments
         return stmt.split('\n')
           .filter(line => !line.trim().startsWith('--'))
           .join('\n')
@@ -112,7 +136,7 @@ export async function initializeDatabase(): Promise<void> {
       })
       .filter(stmt => stmt.length > 0);
 
-    for (const statement of statements) {
+    for (const statement of schemaStatements) {
       try {
         console.log('Executing statement:', statement.substring(0, 50) + '...');
         await db.run(statement);
@@ -124,7 +148,7 @@ export async function initializeDatabase(): Promise<void> {
       }
     }
 
-    // UPDATED: Insert default data in correct order
+    // Insert default data in correct order
     try {
       console.log('Inserting default employee types...');
       await db.run(`INSERT OR IGNORE INTO employee_types (type, category, has_contract_type) VALUES ('manager', 'internal', 1)`);

backend/src/server.ts

@@ -5,6 +5,7 @@ import { fileURLToPath } from 'url';
 import { initializeDatabase } from './scripts/initializeDatabase.js';
 import fs from 'fs';
 import helmet from 'helmet';
+import type { ViteDevServer } from 'vite';
 
 // Route imports
 import authRoutes from './routes/auth.js';
@@ -13,7 +14,12 @@ import shiftPlanRoutes from './routes/shiftPlans.js';
 import setupRoutes from './routes/setup.js';
 import scheduledShifts from './routes/scheduledShifts.js';
 import schedulingRoutes from './routes/scheduling.js';
-import { authLimiter, apiLimiter } from './middleware/rateLimit.js';
+import { 
+  apiLimiter, 
+  authLimiter, 
+  expensiveEndpointLimiter
+} from './middleware/rateLimit.js';
+import { ipSecurityCheck as authIpCheck } from './middleware/auth.js';
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -22,6 +28,51 @@ const app = express();
 const PORT = 3002;
 const isDevelopment = process.env.NODE_ENV === 'development';
 
+app.use(authIpCheck);
+
+let vite: ViteDevServer | undefined;
+
+if (isDevelopment) {
+  // Dynamically import and setup Vite middleware
+  const setupViteDevServer = async () => {
+    try {
+      const { createServer } = await import('vite');
+      vite = await createServer({
+        server: { middlewareMode: true },
+        appType: 'spa'
+      });
+      app.use(vite.middlewares);
+      console.log('🔧 Vite dev server integrated with Express');
+    } catch (error) {
+      console.warn('⚠️ Vite integration failed, using static files:', error);
+    }
+  };
+  setupViteDevServer();
+}
+
+const configureStaticFiles = () => {
+  const staticConfig = {
+    maxAge: '1y',
+    etag: false,
+    immutable: true,
+    index: false
+  };
+
+  // Serve frontend build
+  const frontendPath = '/app/frontend-build';
+  if (fs.existsSync(frontendPath)) {
+    console.log('✅ Serving frontend from:', frontendPath);
+    app.use(express.static(frontendPath, staticConfig));
+  }
+
+  // Serve premium assets if available
+  const premiumPath = '/app/premium-dist';
+  if (fs.existsSync(premiumPath)) {
+    console.log('✅ Serving premium assets from:', premiumPath);
+    app.use('/premium-assets', express.static(premiumPath, staticConfig));
+  }
+};
+
 // Security configuration
 if (process.env.NODE_ENV === 'production') {
   console.info('Checking for JWT_SECRET');
@@ -32,16 +83,72 @@ if (process.env.NODE_ENV === 'production') {
   }
 }
 
+const configureTrustProxy = (): string | string[] | boolean | number => {
+  const trustedProxyIps = process.env.TRUSTED_PROXY_IPS;
+  const trustProxyEnabled = process.env.TRUST_PROXY_ENABLED !== 'false';
+
+  // If explicitly disabled
+  if (!trustProxyEnabled) {
+    console.log('🔒 Trust proxy: Disabled');
+    return false;
+  }
+
+  // If specific IPs are provided via environment variable
+  if (trustedProxyIps) {
+    console.log('🔒 Trust proxy: Using configured IPs:', trustedProxyIps);
+    
+    // Handle comma-separated list of IPs/CIDR ranges
+    if (trustedProxyIps.includes(',')) {
+      return trustedProxyIps.split(',').map(ip => ip.trim());
+    }
+    
+    // Handle single IP/CIDR
+    return trustedProxyIps.trim();
+  }
+
+  // Default behavior for reverse proxy setup
+  console.log('🔒 Trust proxy: Using reverse proxy defaults (trust all)');
+  return true; // Trust all proxies when behind nginx
+};
+
+app.set('trust proxy', configureTrustProxy());
+
+app.use((req, res, next) => {
+  const protocol = req.headers['x-forwarded-proto'] || req.protocol;
+  const isHttps = protocol === 'https';
+  
+  // Add security warning for HTTP requests
+  if (!isHttps && process.env.NODE_ENV === 'production') {
+    res.setHeader('X-Security-Warning', 'This application is being accessed over HTTP. For secure communication, please use HTTPS.');
+    
+    // Log HTTP access in production
+    console.warn(`⚠️  HTTP access detected: ${req.method} ${req.path} from ${req.ip}`);
+  }
+  
+  next();
+});
+
 // Security headers
 app.use(helmet({
-  contentSecurityPolicy: isDevelopment ? false : {
+  contentSecurityPolicy: {
     directives: {
       defaultSrc: ["'self'"],
       scriptSrc: ["'self'", "'unsafe-inline'"],
       styleSrc: ["'self'", "'unsafe-inline'"],
       imgSrc: ["'self'", "data:", "https:"],
+      connectSrc: ["'self'"],
+      fontSrc: ["'self'"],
+      objectSrc: ["'none'"],
+      mediaSrc: ["'self'"],
+      frameSrc: ["'none'"],
+      upgradeInsecureRequests: process.env.FORCE_HTTPS === 'true' ? [] : null
     },
   },
+  hsts: {
+    maxAge: 31536000,
+    includeSubDomains: true,
+    preload: true
+  }, // Enable HSTS for HTTPS
   crossOriginEmbedderPolicy: false
 }));
 
@@ -58,9 +165,12 @@ app.use(express.json());
 
 // Rate limiting - weniger restriktiv in Development
 if (process.env.NODE_ENV === 'production') {
+  console.log('🔒 Applying production rate limiting');
   app.use('/api/', apiLimiter);
 } else {
-  console.log('🔧 Development: Rate limiting relaxed');
+  console.log('🔧 Development: Relaxed rate limiting applied');
+  // In development, you might want to be more permissive
+  app.use('/api/', apiLimiter);
 }
 
 // API Routes
@@ -69,7 +179,7 @@ app.use('/api/auth', authLimiter, authRoutes);
 app.use('/api/employees', employeeRoutes);
 app.use('/api/shift-plans', shiftPlanRoutes);
 app.use('/api/scheduled-shifts', scheduledShifts);
-app.use('/api/scheduling', schedulingRoutes);
+app.use('/api/scheduling', expensiveEndpointLimiter, schedulingRoutes);
 
 // Health route
 app.get('/api/health', (req: express.Request, res: express.Response) => {
@@ -110,6 +220,7 @@ const findFrontendBuildPath = (): string | null => {
 };
 
 const frontendBuildPath = findFrontendBuildPath();
+configureStaticFiles();
 
 if (frontendBuildPath) {
   app.use(express.static(frontendBuildPath));
@@ -122,12 +233,25 @@ if (frontendBuildPath) {
 }
 
 // Root route
-app.get('/', (req, res) => {
+app.get('/', async (req, res) => {
-  if (!frontendBuildPath) {
+  // In development with Vite middleware
-    if (isDevelopment) {
+  if (vite) {
-      return res.redirect('http://localhost:3003');
+    try {
+      const template = fs.readFileSync(
+        path.resolve(__dirname, '../../frontend/index.html'),
+        'utf-8'
+      );
+      const html = await vite.transformIndexHtml(req.url, template);
+      res.send(html);
+    } catch (error) {
+      res.status(500).send('Vite dev server error');
     }
-    return res.status(500).send('Frontend build not found');
+    return;
+  }
+
+  // Fallback to static file serving
+  if (!frontendBuildPath) {
+    return res.status(500).send('Frontend not available');
   }
 
   const indexPath = path.join(frontendBuildPath, 'index.html');
@@ -135,20 +259,26 @@ app.get('/', (req, res) => {
 });
 
 // Client-side routing fallback
-app.get('*', (req, res) => {
+app.get('*', (req, res, next) => {
+  // Skip API routes
   if (req.path.startsWith('/api/')) {
-    return res.status(404).json({ error: 'API endpoint not found' });
+    return next();
   }
 
-  if (!frontendBuildPath) {
+  // Skip file extensions (assets)
-    if (isDevelopment) {
+  if (req.path.match(/\.[a-z0-9]+$/i)) {
-      return res.redirect(`http://localhost:3003${req.path}`);
+    return next();
-    }
-    return res.status(500).json({ error: 'Frontend application not available' });
   }
 
-  const indexPath = path.join(frontendBuildPath, 'index.html');
+  // Serve React app for all other routes
-  res.sendFile(indexPath);
+  const frontendPath = '/app/frontend-build';
+  const indexPath = path.join(frontendPath, 'index.html');
+  
+  if (fs.existsSync(indexPath)) {
+    res.sendFile(indexPath);
+  } else {
+    res.status(404).send('Frontend not available');
+  }
 });
 
 // Error handling

docker-compose.yml

@@ -6,17 +6,22 @@ services:
     image: ghcr.io/donpat1to/schichtenplaner:v1.0.0
     environment:
       - NODE_ENV=production
-      - JWT_SECRET=${JWT_SECRET:-your-secret-key-please-change}
+      - JWT_SECRET=${JWT_SECRET}
-    ports:
+      - TRUST_PROXY_ENABLED=true
-      - "3002:3002"
+      - TRUSTED_PROXY_IPS=nginx-proxy,172.0.0.0/8,10.0.0.0/8,192.168.0.0/16
+      - FORCE_HTTPS=${FORCE_HTTPS:-false}
+    networks:
+      - app-network
     volumes:
       - app_data:/app/data
     restart: unless-stopped
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:3002/api/health"]
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3002/api/health"]
       interval: 30s
       timeout: 10s
       retries: 3
+    expose:
+      - "3002"
 
 volumes:
   app_data:

docker-init.sh

@@ -3,47 +3,53 @@ set -e
 
 echo "🚀 Container Initialisierung gestartet..."
 
-# Funktion zum Generieren eines sicheren Secrets
 generate_secret() {
     length=$1
     tr -dc 'A-Za-z0-9!@#$%^&*()_+-=' < /dev/urandom | head -c $length
 }
 
-# Prüfe ob .env existiert, falls nicht erstelle sie
+# Create .env if it doesn't exist
 if [ ! -f /app/.env ]; then
     echo "📝 Erstelle .env Datei..."
     
-    # Generiere automatisch ein sicheres JWT Secret falls nicht gesetzt
     if [ -z "$JWT_SECRET" ] || [ "$JWT_SECRET" = "your-secret-key-please-change" ]; then
         export JWT_SECRET=$(generate_secret 64)
-        echo "🔑 Automatisch generiertes JWT Secret wurde erstellt"
+        echo "🔑 Automatisch sicheres JWT Secret generiert"
+    else
+        echo "🔑 Verwende vorhandenes JWT Secret aus Umgebungsvariable"
     fi
     
-    # Erstelle .env aus Template
+    # Create .env with all proxy settings
-    envsubst < /app/.env.template > /app/.env
+    cat > /app/.env << EOF
+NODE_ENV=production
+JWT_SECRET=${JWT_SECRET}
+TRUST_PROXY_ENABLED=${TRUST_PROXY_ENABLED:-true}
+TRUSTED_PROXY_IPS=${TRUSTED_PROXY_IPS:-172.0.0.0/8,10.0.0.0/8,192.168.0.0/16}
+HOSTNAME=${HOSTNAME:-localhost}
+EOF
     
-    # Logge die ersten Zeilen (ohne Secrets)
+    echo "✅ .env Datei erstellt"
-    echo "✅ .env Datei erstellt mit folgenden Einstellungen:"
-    head -n 5 /app/.env
 else
     echo "ℹ️  .env Datei existiert bereits"
     
-    # Validiere bestehende .env Datei
+    # Update JWT_SECRET if provided
-    if ! grep -q "JWT_SECRET=" /app/.env; then
+    if [ -n "$JWT_SECRET" ] && [ "$JWT_SECRET" != "your-secret-key-please-change" ]; then
-        echo "❌ Fehler: JWT_SECRET nicht in .env gefunden"
+        echo "🔑 Aktualisiere JWT Secret in .env Datei"
-        exit 1
+        sed -i "s/^JWT_SECRET=.*/JWT_SECRET=$JWT_SECRET/" /app/.env
     fi
 fi
 
-# Sicherheitsüberprüfungen
+# Validate JWT_SECRET
-if grep -q "your-secret-key" /app/.env; then
+if grep -q "JWT_SECRET=your-secret-key-please-change" /app/.env; then
-    echo "❌ FEHLER: Standard JWT Secret in .env gefunden - bitte ändern!"
+    echo "❌ FEHLER: Standard JWT Secret in .env gefunden!"
+    echo "❌ Bitte setzen Sie JWT_SECRET Umgebungsvariable"
     exit 1
 fi
 
-# Setze sichere Berechtigungen
 chmod 600 /app/.env
-chown -R schichtplaner:nodejs /app
 
+echo "🔧 Proxy Configuration:"
+echo "   - TRUST_PROXY_ENABLED: ${TRUST_PROXY_ENABLED:-true}"
+echo "   - TRUSTED_PROXY_IPS: ${TRUSTED_PROXY_IPS:-172.0.0.0/8,10.0.0.0/8,192.168.0.0/16}"
 echo "🔧 Starte Anwendung..."
 exec "$@"

frontend/index.html

@@ -2,7 +2,7 @@
 <html lang="en">
   <head>
     <meta charset="UTF-8" />
-    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
+    <link rel="icon" type="image/svg+xml" href="/donpat1to.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Shift Planning App</title>
   </head>

frontend/package.json

@@ -7,7 +7,9 @@
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "react-router-dom": "^6.28.0",
-    "date-fns": "4.1.0"
+    "date-fns": "4.1.0",
+    "@vitejs/plugin-react": "^4.3.3",
+    "vite": "^6.0.7"
   },
   "devDependencies": {
     "@types/node": "20.19.23",
@@ -15,14 +17,22 @@
     "@types/react-dom": "^19.0.0",
     "@types/react-router-dom": "^5.3.3",
     "@vitejs/plugin-react": "^4.3.3",
+    "@types/jest": "30.0.0",
+    "@testing-library/react": "10.4.1",
+    "@testing-library/jest-dom": "6.9.1",
+    "@testing-library/user-event": "14.6.1",
+    "@storybook/react": "10.0.1",
     "typescript": "^5.7.3",
     "vite": "^6.0.7",
     "esbuild": "^0.21.0",
     "terser": "5.44.0",
-    "babel-plugin-transform-remove-console": "6.9.4"
+    "babel-plugin-transform-remove-console": "6.9.4",
+    "framer-motion": "12.23.24",
+    "file-saver": "2.0.5",
+    "@types/file-saver": "2.0.5"
   },
   "scripts": {
-    "dev": "vite",
+    "dev": "vite dev",
     "build": "tsc && vite build",
     "preview": "vite preview"
   }

frontend/src/App.tsx

@@ -15,6 +15,8 @@ import EmployeeManagement from './pages/Employees/EmployeeManagement';
 import Settings from './pages/Settings/Settings';
 import Help from './pages/Help/Help';
 import Setup from './pages/Setup/Setup';
+import ErrorBoundary from './components/ErrorBoundary/ErrorBoundary';
+import SecurityWarning from './components/SecurityWarning/SecurityWarning';
 
 // Free Footer Link Pages (always available)
 import FAQ from './components/Layout/FooterLinks/FAQ/FAQ';
@@ -160,14 +162,17 @@ const AppContent: React.FC = () => {
 
 function App() {
   return (
-    <NotificationProvider>
+    <ErrorBoundary>
-      <AuthProvider>
+      <NotificationProvider>
-        <Router>
+        <AuthProvider>
-          <NotificationContainer />
+          <Router>
-          <AppContent />
+            <SecurityWarning />
-        </Router>
+            <NotificationContainer />
-      </AuthProvider>
+            <AppContent />
-    </NotificationProvider>
+          </Router>
+        </AuthProvider>
+      </NotificationProvider>
+    </ErrorBoundary>
   );
 }
 

frontend/src/components/ErrorBoundary/ErrorBoundary.tsx

@@ -0,0 +1,101 @@
+// src/components/ErrorBoundary/ErrorBoundary.tsx
+import React from 'react';
+
+interface Props {
+  children: React.ReactNode;
+  fallback?: React.ReactNode;
+}
+
+interface State {
+  hasError: boolean;
+  error?: Error;
+}
+
+class ErrorBoundary extends React.Component<Props, State> {
+  constructor(props: Props) {
+    super(props);
+    this.state = { hasError: false };
+  }
+
+  static getDerivedStateFromError(error: Error): State {
+    return { hasError: true, error };
+  }
+
+  componentDidCatch(error: Error, errorInfo: React.ErrorInfo) {
+    console.error('🚨 Application Error:', error);
+    console.error('📋 Error Details:', errorInfo);
+    
+    // In production, send to your error reporting service
+    // logErrorToService(error, errorInfo);
+  }
+
+  render() {
+    if (this.state.hasError) {
+      // You can render any custom fallback UI
+      return this.props.fallback || (
+        <div style={{ 
+          padding: '40px', 
+          textAlign: 'center',
+          fontFamily: 'Arial, sans-serif'
+        }}>
+          <div style={{ fontSize: '48px', marginBottom: '20px' }}>⚠️</div>
+          <h2>Oops! Something went wrong</h2>
+          <p style={{ margin: '20px 0', color: '#666' }}>
+            We encountered an unexpected error. Please try refreshing the page.
+          </p>
+          <div style={{ marginTop: '30px' }}>
+            <button
+              onClick={() => window.location.reload()}
+              style={{
+                padding: '10px 20px',
+                backgroundColor: '#007bff',
+                color: 'white',
+                border: 'none',
+                borderRadius: '4px',
+                cursor: 'pointer',
+                marginRight: '10px'
+              }}
+            >
+              Refresh Page
+            </button>
+            <button
+              onClick={() => this.setState({ hasError: false })}
+              style={{
+                padding: '10px 20px',
+                backgroundColor: '#6c757d',
+                color: 'white',
+                border: 'none',
+                borderRadius: '4px',
+                cursor: 'pointer'
+              }}
+            >
+              Try Again
+            </button>
+          </div>
+          {process.env.NODE_ENV === 'development' && this.state.error && (
+            <details style={{ 
+              marginTop: '20px', 
+              textAlign: 'left',
+              background: '#f8f9fa',
+              padding: '15px',
+              borderRadius: '4px'
+            }}>
+              <summary>Error Details (Development)</summary>
+              <pre style={{ 
+                whiteSpace: 'pre-wrap',
+                fontSize: '12px',
+                color: '#dc3545'
+              }}>
+                {this.state.error.stack}
+              </pre>
+            </details>
+          )}
+        </div>
+      );
+    }
+
+    return this.props.children;
+  }
+}
+
+export default ErrorBoundary;

frontend/src/components/Layout/FooterLinks/Features/Features.tsx

@@ -1,4 +1,4 @@
-// frontend/src/pages/Features/Features.tsx
+// frontend/src/components/Layou/FooterLinks/Features/Features.tsx
 import React from 'react';
 
 const Features: React.FC = () => {

frontend/src/components/SecurityWarning/SecurityWarning.tsx

@@ -0,0 +1,59 @@
+// src/components/SecurityWarning/SecurityWarning.tsx
+import React, { useState, useEffect } from 'react';
+
+const SecurityWarning: React.FC = () => {
+  const [isHttp, setIsHttp] = useState(false);
+  const [isDismissed, setIsDismissed] = useState(false);
+
+  useEffect(() => {
+    // Check if current protocol is HTTP
+    const checkProtocol = () => {
+      setIsHttp(window.location.protocol === 'http:');
+    };
+
+    checkProtocol();
+    window.addEventListener('load', checkProtocol);
+    
+    return () => window.removeEventListener('load', checkProtocol);
+  }, []);
+
+  if (!isHttp || isDismissed) {
+    return null;
+  }
+
+  return (
+    <div style={{
+      position: 'fixed',
+      top: 0,
+      left: 0,
+      right: 0,
+      backgroundColor: '#ff6b35',
+      color: 'white',
+      padding: '10px 20px',
+      textAlign: 'center',
+      zIndex: 10000,
+      fontSize: '14px',
+      fontWeight: 'bold',
+      boxShadow: '0 2px 4px rgba(0,0,0,0.2)'
+    }}>
+      ⚠️ SECURITY WARNING: This site is being accessed over HTTP. 
+      For secure communication, please use HTTPS.
+      <button 
+        onClick={() => setIsDismissed(true)}
+        style={{
+          marginLeft: '15px',
+          background: 'rgba(255,255,255,0.2)',
+          border: '1px solid white',
+          color: 'white',
+          padding: '2px 8px',
+          borderRadius: '3px',
+          cursor: 'pointer'
+        }}
+      >
+        Dismiss
+      </button>
+    </div>
+  );
+};
+
+export default SecurityWarning;

frontend/src/components/StepSetup/StepSetup.stories.tsx

@@ -0,0 +1,79 @@
+import React from 'react';
+import type { Meta, StoryObj } from '@storybook/react';
+import StepSetup from './StepSetup';
+
+const meta: Meta<typeof StepSetup> = {
+  title: 'Components/StepSetup',
+  component: StepSetup,
+  parameters: {
+    layout: 'padded',
+  },
+  tags: ['autodocs'],
+};
+
+export default meta;
+type Story = StoryObj<typeof StepSetup>;
+
+const defaultSteps = [
+  { id: 'step-1', title: 'Account Setup', subtitle: 'Create your account' },
+  { id: 'step-2', title: 'Profile Information', subtitle: 'Add personal details' },
+  { id: 'step-3', title: 'Preferences', subtitle: 'Customize your experience', optional: true },
+  { id: 'step-4', title: 'Confirmation', subtitle: 'Review and confirm' },
+];
+
+export const Horizontal: Story = {
+  args: {
+    steps: defaultSteps,
+    defaultCurrent: 1,
+    orientation: 'horizontal',
+  },
+};
+
+export const Vertical: Story = {
+  args: {
+    steps: defaultSteps,
+    defaultCurrent: 1,
+    orientation: 'vertical',
+  },
+  parameters: {
+    layout: 'padded',
+  },
+};
+
+export const ClickableFalse: Story = {
+  args: {
+    steps: defaultSteps,
+    current: 2,
+    clickable: false,
+  },
+  name: 'Non-Clickable Steps',
+};
+
+export const AnimatedFalse: Story = {
+  args: {
+    steps: defaultSteps,
+    defaultCurrent: 1,
+    animated: false,
+  },
+  name: 'Without Animation',
+};
+
+export const DifferentSizes: Story = {
+  render: () => (
+    <div className="space-y-8">
+      <div>
+        <h3 className="text-sm font-medium mb-2">Small</h3>
+        <StepSetup steps={defaultSteps} size="sm" defaultCurrent={1} />
+      </div>
+      <div>
+        <h3 className="text-sm font-medium mb-2">Medium (default)</h3>
+        <StepSetup steps={defaultSteps} size="md" defaultCurrent={1} />
+      </div>
+      <div>
+        <h3 className="text-sm font-medium mb-2">Large</h3>
+        <StepSetup steps={defaultSteps} size="lg" defaultCurrent={1} />
+      </div>
+    </div>
+  ),
+  name: 'Different Sizes',
+};

frontend/src/components/StepSetup/StepSetup.test.tsx

@@ -0,0 +1,127 @@
+import React from 'react';
+import { render, screen, fireEvent } from '@testing-library/react';
+import userEvent from '@testing-library/user-event';
+import '@testing-library/jest-dom';
+import StepSetup from './StepSetup';
+
+const mockSteps = [
+  { id: 'step-1', title: 'First Step', subtitle: 'Description 1' },
+  { id: 'step-2', title: 'Second Step' },
+  { id: 'step-3', title: 'Third Step', subtitle: 'Description 3', optional: true },
+];
+
+describe('StepSetup', () => {
+  // a) Test verschiedener Step-Counts
+  test('renders correct number of steps', () => {
+    render(<StepSetup steps={mockSteps} />);
+    
+    expect(screen.getByText('First Step')).toBeInTheDocument();
+    expect(screen.getByText('Second Step')).toBeInTheDocument();
+    expect(screen.getByText('Third Step')).toBeInTheDocument();
+  });
+
+  test('renders empty state correctly', () => {
+    render(<StepSetup steps={[]} />);
+    
+    expect(screen.getByText('No steps available')).toBeInTheDocument();
+  });
+
+  // b) Keyboard-Navigation und Klicks
+  test('handles click navigation when clickable', async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+    
+    render(<StepSetup steps={mockSteps} clickable={true} onChange={onChange} />);
+    
+    const secondStep = screen.getByRole('tab', { name: /second step/i });
+    await user.click(secondStep);
+    
+    expect(onChange).toHaveBeenCalledWith(1);
+  });
+
+  test('handles keyboard navigation', async () => {
+    const user = userEvent.setup();
+    const onChange = jest.fn();
+    
+    render(
+      <StepSetup 
+        steps={mockSteps} 
+        defaultCurrent={0} 
+        onChange={onChange} 
+      />
+    );
+
+    const firstStep = screen.getByRole('tab', { name: /first step/i });
+    firstStep.focus();
+    
+    // Right arrow to next step
+    await user.keyboard('{ArrowRight}');
+    expect(onChange).toHaveBeenCalledWith(1);
+    
+    // Home key to first step
+    await user.keyboard('{Home}');
+    expect(onChange).toHaveBeenCalledWith(0);
+    
+    // End key to last step  
+    await user.keyboard('{End}');
+    expect(onChange).toHaveBeenCalledWith(2);
+  });
+
+  // c) ARIA-Attribute Tests
+  test('has correct ARIA attributes', () => {
+    render(<StepSetup steps={mockSteps} current={1} />);
+    
+    const tablist = screen.getByRole('tablist');
+    expect(tablist).toBeInTheDocument();
+    
+    const tabs = screen.getAllByRole('tab');
+    expect(tabs).toHaveLength(3);
+    
+    // Second step should be selected
+    expect(tabs[1]).toHaveAttribute('aria-selected', 'true');
+    expect(tabs[1]).toHaveAttribute('aria-current', 'step');
+  });
+
+  // d) Controlled vs Uncontrolled Tests
+  test('works in controlled mode', () => {
+    const onChange = jest.fn();
+    
+    const { rerender } = render(
+      <StepSetup steps={mockSteps} current={0} onChange={onChange} />
+    );
+    
+    // Click should call onChange but not change internal state in controlled mode
+    const secondStep = screen.getByRole('tab', { name: /second step/i });
+    fireEvent.click(secondStep);
+    
+    expect(onChange).toHaveBeenCalledWith(1);
+    // Current step should still be first (controlled by prop)
+    expect(screen.getByRole('tab', { name: /first step/i }))
+      .toHaveAttribute('aria-selected', 'true');
+    
+    // Update prop should change current step
+    rerender(<StepSetup steps={mockSteps} current={1} onChange={onChange} />);
+    expect(screen.getByRole('tab', { name: /second step/i }))
+      .toHaveAttribute('aria-selected', 'true');
+  });
+
+  test('works in uncontrolled mode', () => {
+    const onChange = jest.fn();
+    
+    render(<StepSetup steps={mockSteps} defaultCurrent={0} onChange={onChange} />);
+    
+    const secondStep = screen.getByRole('tab', { name: /second step/i });
+    fireEvent.click(secondStep);
+    
+    expect(onChange).toHaveBeenCalledWith(1);
+    expect(secondStep).toHaveAttribute('aria-selected', 'true');
+  });
+
+  test('clamps out-of-range current values', () => {
+    render(<StepSetup steps={mockSteps} current={10} />);
+    
+    // Should clamp to last step
+    const lastStep = screen.getByRole('tab', { name: /third step/i });
+    expect(lastStep).toHaveAttribute('aria-selected', 'true');
+  });
+});

frontend/src/components/StepSetup/StepSetup.tsx

@@ -0,0 +1,516 @@
+import React, { 
+  useState, 
+  useEffect, 
+  useId, 
+  useCallback,
+  KeyboardEvent
+} from 'react';
+import { motion, MotionConfig, SpringOptions } from 'framer-motion';
+
+// ===== TYP-DEFINITIONEN =====
+export interface Step {
+  id: string;
+  title: string;
+  subtitle?: string;
+  optional?: boolean;
+}
+
+export interface StepSetupProps {
+  /** Array der Schritte mit ID, Titel und optionalen Eigenschaften */
+  steps: Step[];
+  /** Kontrollierter aktueller Schritt-Index */
+  current?: number;
+  /** Unkontrollierter Standard-Schritt-Index */
+  defaultCurrent?: number;
+  /** Callback bei Schrittänderung */
+  onChange?: (index: number) => void;
+  /** Ausrichtung des Steppers */
+  orientation?: 'horizontal' | 'vertical';
+  /** Ob Steps anklickbar sind */
+  clickable?: boolean;
+  /** Größe der Step-Komponente */
+  size?: 'sm' | 'md' | 'lg';
+  /** Animation aktivieren/deaktivieren */
+  animated?: boolean;
+  /** Zusätzliche CSS-Klassen */
+  className?: string;
+}
+
+export interface StepState {
+  currentStep: number;
+  isControlled: boolean;
+}
+
+// ===== HOOK FÜR ZUSTANDSVERWALTUNG =====
+export const useStepSetup = (props: StepSetupProps) => {
+  const {
+    steps,
+    current,
+    defaultCurrent = 0,
+    onChange,
+    clickable = true
+  } = props;
+
+  const [internalStep, setInternalStep] = useState(defaultCurrent);
+  const isControlled = current !== undefined;
+  
+  const currentStep = isControlled ? current : internalStep;
+
+  // Clamp den Schritt-Index auf gültigen Bereich
+  const clampedStep = Math.max(0, Math.min(currentStep, steps.length - 1));
+
+  const setStep = useCallback((newStep: number) => {
+    const clampedNewStep = Math.max(0, Math.min(newStep, steps.length - 1));
+    
+    if (!isControlled) {
+      setInternalStep(clampedNewStep);
+    }
+    
+    onChange?.(clampedNewStep);
+  }, [isControlled, onChange, steps.length]);
+
+  const goToNext = useCallback(() => {
+    if (clampedStep < steps.length - 1) {
+      setStep(clampedStep + 1);
+    }
+  }, [clampedStep, steps.length, setStep]);
+
+  const goToPrev = useCallback(() => {
+    if (clampedStep > 0) {
+      setStep(clampedStep - 1);
+    }
+  }, [clampedStep, setStep]);
+
+  const goToStep = useCallback((index: number) => {
+    if (clickable) {
+      setStep(index);
+    }
+  }, [clickable, setStep]);
+
+  // Warnung bei Duplicate IDs (nur in Development)
+  useEffect(() => {
+    if (process.env.NODE_ENV !== 'production') {
+      const stepIds = steps.map(step => step.id);
+      const duplicateIds = stepIds.filter((id, index) => stepIds.indexOf(id) !== index);
+      
+      if (duplicateIds.length > 0) {
+        console.warn(
+          `StepSetup: Duplicate step IDs found: ${duplicateIds.join(', ')}. ` +
+          `Step IDs should be unique.`
+        );
+      }
+    }
+  }, [steps]);
+
+  return {
+    currentStep: clampedStep,
+    setStep,
+    goToNext,
+    goToPrev,
+    goToStep,
+    isControlled
+  };
+};
+
+// ===== ANIMATIONS-KONFIGURATION =====
+const getAnimationConfig = (animated: boolean): { reduced: { duration: number }; normal: SpringOptions } => ({
+  reduced: { duration: 0 }, // Keine Animation
+  normal: {
+    stiffness: 500,
+    damping: 30,
+    mass: 0.5
+  }
+});
+
+// ===== HILFSFUNKTIONEN =====
+
+/**
+ * Berechnet die Step-Größenklassen basierend auf der size-Prop
+ */
+const getSizeClasses = (size: StepSetupProps['size'] = 'md') => {
+  const sizes = {
+    sm: {
+      step: 'w-8 h-8 text-sm',
+      icon: 'w-4 h-4',
+      title: 'text-sm',
+      subtitle: 'text-xs'
+    },
+    md: {
+      step: 'w-10 h-10 text-base',
+      icon: 'w-5 h-5',
+      title: 'text-base',
+      subtitle: 'text-sm'
+    },
+    lg: {
+      step: 'w-12 h-12 text-lg',
+      icon: 'w-6 h-6',
+      title: 'text-lg',
+      subtitle: 'text-base'
+    }
+  };
+  
+  return sizes[size];
+};
+
+/**
+ * Prüft ob prefers-reduced-motion aktiv ist
+ */
+const prefersReducedMotion = (): boolean => {
+  if (typeof window === 'undefined') return false;
+  return window.matchMedia('(prefers-reduced-motion: reduce)').matches;
+};
+
+// ===== STEP ICON KOMPONENTE =====
+interface StepIconProps {
+  stepIndex: number;
+  currentStep: number;
+  size: StepSetupProps['size'];
+  animated: boolean;
+}
+
+const StepNumber: React.FC<{ number: number; isCurrent?: boolean; isCompleted?: boolean }> = ({ 
+  number, 
+  isCurrent = false, 
+  isCompleted = false 
+}) => {
+  const baseClasses = `
+    w-6 h-6
+    flex items-center justify-center
+    rounded-full text-xs font-medium
+    transition-all duration-200
+  `;
+  
+  if (isCompleted) {
+    return (
+      <div className={`${baseClasses} bg-blue-500 text-white`}>
+        ✓
+      </div>
+    );
+  }
+  
+  if (isCurrent) {
+    return (
+      <div className={`${baseClasses} bg-blue-500 text-white ring-2 ring-blue-500 ring-opacity-20`}>
+        {number}
+      </div>
+    );
+  }
+  
+  return (
+    <div className={`${baseClasses} bg-gray-200 text-gray-600`}>
+      {number}
+    </div>
+  );
+};
+
+const StepIcon: React.FC<StepIconProps> = ({ 
+  stepIndex, 
+  currentStep, 
+  size,
+  animated 
+}) => {
+  const isCompleted = stepIndex < currentStep;
+  const isCurrent = stepIndex === currentStep;
+  
+  const sizeClasses = getSizeClasses(size);
+  const animationConfig = getAnimationConfig(animated);
+  const shouldAnimate = animated && !prefersReducedMotion();
+  
+  const baseClasses = `
+    ${sizeClasses.step}
+    flex items-center justify-center
+    rounded-full border-2 font-medium
+    transition-all duration-200
+  `;
+  
+  if (isCompleted) {
+    const completedClasses = `
+      ${baseClasses}
+      border-blue-500 bg-white
+    `;
+    
+    const iconContent = shouldAnimate ? (
+      <motion.div
+        initial={{ scale: 0, rotate: -180 }}
+        animate={{ scale: 1, rotate: 0 }}
+        transition={animationConfig.normal}
+      >
+        <StepNumber number={stepIndex + 1} isCompleted />
+      </motion.div>
+    ) : (
+      <StepNumber number={stepIndex + 1} isCompleted />
+    );
+    
+    return (
+      <div className={completedClasses}>
+        {iconContent}
+      </div>
+    );
+  }
+  
+  if (isCurrent) {
+    const currentClasses = `
+      ${baseClasses}
+      border-blue-500 bg-white
+    `;
+    
+    const stepNumber = shouldAnimate ? (
+      <motion.div
+        key={stepIndex}
+        initial={{ scale: 0 }}
+        animate={{ scale: 1 }}
+        transition={animationConfig.normal}
+      >
+        <StepNumber number={stepIndex + 1} isCurrent />
+      </motion.div>
+    ) : (
+      <StepNumber number={stepIndex + 1} isCurrent />
+    );
+    
+    return <div className={currentClasses}>{stepNumber}</div>;
+  }
+  
+  const upcomingClasses = `
+    ${baseClasses}
+    border-gray-300 bg-white
+  `;
+  
+  return (
+    <div className={upcomingClasses}>
+      <StepNumber number={stepIndex + 1} />
+    </div>
+  );
+};
+
+// ===== HAUPTKOMPONENTE =====
+
+/**
+ * Eine zugängliche, animierte Step/Progress-Komponente mit Unterstützung für 
+ * kontrollierte und unkontrollierte Verwendung.
+ * 
+ * @example
+ * ```tsx
+ * <StepSetup 
+ *   steps={[
+ *     { id: 's1', title: 'First Step', subtitle: 'Optional description' },
+ *     { id: 's2', title: 'Second Step' }
+ *   ]}
+ *   defaultCurrent={0}
+ *   onChange={(index) => console.log('Step changed:', index)}
+ * />
+ * ```
+ */
+const StepSetup: React.FC<StepSetupProps> = (props) => {
+  const {
+    steps,
+    orientation = 'horizontal',
+    clickable = true,
+    size = 'md',
+    animated = true,
+    className = ''
+  } = props;
+  
+  const {
+    currentStep,
+    goToStep
+  } = useStepSetup(props);
+  
+  const listId = useId();
+  const shouldAnimate = animated && !prefersReducedMotion();
+  const sizeClasses = getSizeClasses(size);
+  
+  // Fallback für leere Steps
+  if (!steps || steps.length === 0) {
+    return (
+      <div 
+        className={`flex items-center justify-center p-4 text-gray-500 ${className}`}
+        role="status"
+        aria-live="polite"
+      >
+        No steps available
+      </div>
+    );
+  }
+  
+  // Tastatur-Navigation Handler
+  const handleKeyDown = (
+    event: KeyboardEvent<HTMLButtonElement>, 
+    stepIndex: number
+  ) => {
+    if (!clickable) return;
+    
+    const isHorizontal = orientation === 'horizontal';
+    
+    switch (event.key) {
+      case 'Enter':
+      case ' ':
+        event.preventDefault();
+        goToStep(stepIndex);
+        break;
+        
+      case 'ArrowRight':
+      case 'ArrowDown':
+        if ((isHorizontal && event.key === 'ArrowRight') || 
+            (!isHorizontal && event.key === 'ArrowDown')) {
+          event.preventDefault();
+          const nextStep = Math.min(stepIndex + 1, steps.length - 1);
+          goToStep(nextStep);
+        }
+        break;
+        
+      case 'ArrowLeft':
+      case 'ArrowUp':
+        if ((isHorizontal && event.key === 'ArrowLeft') || 
+            (!isHorizontal && event.key === 'ArrowUp')) {
+          event.preventDefault();
+          const prevStep = Math.max(stepIndex - 1, 0);
+          goToStep(prevStep);
+        }
+        break;
+        
+      case 'Home':
+        event.preventDefault();
+        goToStep(0);
+        break;
+        
+      case 'End':
+        event.preventDefault();
+        goToStep(steps.length - 1);
+        break;
+    }
+  };
+  
+  // Container-Klassen basierend auf Ausrichtung
+  const containerClasses = `
+    flex ${orientation === 'vertical' ? 'flex-col' : 'flex-row'} 
+    ${orientation === 'horizontal' ? 'items-center justify-center gap-8' : 'gap-6'}
+    ${className}
+  `;
+  
+  const StepContent = shouldAnimate ? motion.div : 'div';
+  
+  return (
+    <MotionConfig reducedMotion={prefersReducedMotion() ? "always" : "user"}>
+      <nav 
+        className={containerClasses.trim()}
+        aria-label="Progress steps"
+        role="tablist"
+      >
+        {steps.map((step, index) => {
+          const isCompleted = index < currentStep;
+          const isCurrent = index === currentStep;
+          const isClickable = clickable && (isCompleted || isCurrent || step.optional);
+          
+          // Für horizontale Ausrichtung: flex-col mit zentrierten Items
+          const stepClasses = `
+            flex flex-col items-center
+            gap-3
+            ${isClickable ? 'cursor-pointer' : 'cursor-not-allowed'}
+            transition-colors duration-200
+            ${orientation === 'horizontal' ? 'flex-1' : ''}
+          `;
+          
+          const contentClasses = `
+            flex flex-col items-center text-center
+            ${orientation === 'vertical' ? 'flex-1' : ''}
+          `;
+          
+          // Verbindungslinie nur für horizontale Ausrichtung
+          const connectorClasses = `
+            flex-1 h-0.5 mt-5
+            ${isCompleted ? 'bg-blue-500' : 'bg-gray-200'}
+            transition-colors duration-200
+            ${orientation === 'horizontal' ? '' : 'hidden'}
+          `;
+          
+          return (
+            <React.Fragment key={step.id}>
+              <StepContent
+                className={stepClasses}
+                layout={shouldAnimate ? "position" : false}
+                transition={shouldAnimate ? getAnimationConfig(animated).normal : undefined}
+              >
+                <div className="flex items-center w-full">
+                  {/* Verbindungslinie vor dem Step (außer beim ersten) */}
+                  {index > 0 && orientation === 'horizontal' && (
+                    <div 
+                      className={connectorClasses}
+                      aria-hidden="true"
+                    />
+                  )}
+                  
+                  <button
+                    type="button"
+                    onClick={() => isClickable && goToStep(index)}
+                    onKeyDown={(e) => handleKeyDown(e, index)}
+                    disabled={!isClickable}
+                    className={`
+                      flex items-center justify-center
+                      focus:outline-none focus:ring-2 
+                      focus:ring-blue-500 focus:ring-offset-2 rounded-full
+                      ${!isClickable ? 'opacity-50' : ''}
+                      ${orientation === 'horizontal' ? 'mx-2' : ''}
+                    `}
+                    role="tab"
+                    aria-selected={isCurrent}
+                    aria-controls={`${listId}-${step.id}`}
+                    id={`${listId}-tab-${step.id}`}
+                    tabIndex={isCurrent ? 0 : -1}
+                    aria-current={isCurrent ? 'step' : undefined}
+                    aria-disabled={!isClickable}
+                  >
+                    <StepIcon 
+                      stepIndex={index}
+                      currentStep={currentStep}
+                      size={size}
+                      animated={animated}
+                    />
+                  </button>
+                  
+                  {/* Verbindungslinie nach dem Step (außer beim letzten) */}
+                  {index < steps.length - 1 && orientation === 'horizontal' && (
+                    <div 
+                      className={connectorClasses}
+                      aria-hidden="true"
+                    />
+                  )}
+                </div>
+                
+                {/* Step Titel und Untertitel */}
+                <div className={contentClasses}>
+                  <span 
+                    className={`
+                      font-medium
+                      ${isCurrent ? 'text-blue-600' : isCompleted ? 'text-gray-900' : 'text-gray-500'}
+                      ${sizeClasses.title}
+                    `}
+                    id={`${listId}-title-${step.id}`}
+                  >
+                    {step.title}
+                    {step.optional && (
+                      <span className="text-gray-400 text-sm ml-1">(Optional)</span>
+                    )}
+                  </span>
+                  
+                  {step.subtitle && (
+                    <span 
+                      className={`
+                        ${isCurrent ? 'text-gray-700' : 'text-gray-500'} 
+                        ${sizeClasses.subtitle}
+                      `}
+                      id={`${listId}-subtitle-${step.id}`}
+                    >
+                      {step.subtitle}
+                    </span>
+                  )}
+                </div>
+              </StepContent>
+            </React.Fragment>
+          );
+        })}
+      </nav>
+    </MotionConfig>
+  );
+};
+
+export default StepSetup;

frontend/src/contexts/AuthContext.tsx

@@ -20,7 +20,7 @@ interface AuthContextType {
 }
 
 const AuthContext = createContext<AuthContextType | undefined>(undefined);
-const API_BASE_URL = process.env.REACT_APP_API_BASE_URL || '/api';
+const API_BASE_URL = import.meta.env.VITE_API_URL || '/api';
 
 interface AuthProviderProps {
   children: ReactNode;
@@ -49,12 +49,21 @@ export const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
   const checkSetupStatus = async (): Promise<void> => {
     try {
       console.log('🔍 Checking setup status...');
-      const response = await fetch(`${API_BASE_URL}/setup/status`);
+      const startTime = Date.now();
+      
+      const response = await fetch(`${API_BASE_URL}/setup/status`, {
+        signal: AbortSignal.timeout(5000)
+      });
+      
+      console.log(`✅ Setup status response received in ${Date.now() - startTime}ms`);
+      
       if (!response.ok) {
+        console.error('❌ Setup status response not OK:', response.status, response.statusText);
         throw new Error('Setup status check failed');
       }
+      
       const data = await response.json();
-      console.log('✅ Setup status response:', data);
+      console.log('✅ Setup status response data:', data);
       setNeedsSetup(data.needsSetup === true);
     } catch (error) {
       console.error('❌ Error checking setup status:', error);
@@ -95,7 +104,6 @@ export const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
     }
   };
 
-  // Add the updateUser function
   const updateUser = (userData: Employee) => {
     console.log('🔄 Updating user in auth context:', userData);
     setUser(userData);
@@ -161,6 +169,8 @@ export const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
     initializeAuth();
   }, []);
 
+  const calculatedNeedsSetup = needsSetup === null ? true : needsSetup;
+
   const value: AuthContextType = {
     user,
     login,
@@ -168,7 +178,7 @@ export const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
     hasRole,
     loading,
     refreshUser,
-    needsSetup: needsSetup === null ? true : needsSetup,
+    needsSetup: calculatedNeedsSetup,
     checkSetupStatus,
     updateUser,
   };

frontend/src/design/DesignSystem.txt

@@ -20,6 +20,8 @@ export const designTokens = {
       10: '#ebd7fa',
     },
 
+    manager: '#CC0000',
+    
     // Semantic Colors
     primary: '#51258f',
     secondary: '#642ab5',

frontend/src/hooks/useBackendValidation.ts

@@ -0,0 +1,73 @@
+// frontend/src/hooks/useBackendValidation.ts
+import { useState, useCallback } from 'react';
+import { ValidationError } from '../services/errorService';
+import { useNotification } from '../contexts/NotificationContext';
+
+export const useBackendValidation = () => {
+  const [validationErrors, setValidationErrors] = useState<ValidationError[]>([]);
+  const [isSubmitting, setIsSubmitting] = useState(false);
+  const { showNotification } = useNotification();
+
+  const clearErrors = useCallback(() => {
+    setValidationErrors([]);
+  }, []);
+
+  const getFieldError = useCallback((fieldName: string): string | null => {
+    const error = validationErrors.find(error => error.field === fieldName);
+    return error ? error.message : null;
+  }, [validationErrors]);
+
+  const hasErrors = useCallback((fieldName?: string): boolean => {
+    if (fieldName) {
+      return validationErrors.some(error => error.field === fieldName);
+    }
+    return validationErrors.length > 0;
+  }, [validationErrors]);
+
+  const executeWithValidation = useCallback(
+    async <T>(apiCall: () => Promise<T>): Promise<T> => {
+      setIsSubmitting(true);
+      clearErrors();
+
+      try {
+        const result = await apiCall();
+        return result;
+      } catch (error: any) {
+        if (error.validationErrors && Array.isArray(error.validationErrors)) {
+          setValidationErrors(error.validationErrors);
+
+          // Show specific validation error messages from backend
+          error.validationErrors.forEach((validationError: ValidationError, index: number) => {
+            setTimeout(() => {
+              showNotification({
+                type: 'error',
+                title: 'Validierungsfehler',
+                message: `${validationError.field ? `${validationError.field}: ` : ''}${validationError.message}`
+              });
+            }, index * 500); // Stagger the notifications
+          });
+        } else {
+          // Show notification for other errors
+          showNotification({
+            type: 'error',
+            title: 'Fehler',
+            message: error.message || 'Ein unerwarteter Fehler ist aufgetreten'
+          });
+        }
+        throw error;
+      } finally {
+        setIsSubmitting(false);
+      }
+    },
+    [clearErrors, showNotification]
+  );
+
+  return {
+    validationErrors,
+    isSubmitting,
+    clearErrors,
+    getFieldError,
+    hasErrors,
+    executeWithValidation,
+  };
+};

frontend/src/models/defaults/employeeDefaults.ts

@@ -102,7 +102,7 @@ export const AVAILABILITY_PREFERENCES = {
 } as const;
 
 // Default availability for new employees (all shifts unavailable as level 3)
-// UPDATED: Now uses shiftId instead of timeSlotId + dayOfWeek
+// Now uses shiftId instead of timeSlotId + dayOfWeek
 export function createDefaultAvailabilities(employeeId: string, planId: string, shiftIds: string[]): Omit<EmployeeAvailability, 'id'>[] {
   const availabilities: Omit<EmployeeAvailability, 'id'>[] = [];
   

frontend/src/models/helpers/employeeHelpers.ts

@@ -18,12 +18,12 @@ function generateEmail(firstname: string, lastname: string): string {
   return `${cleanFirstname}.${cleanLastname}@sp.de`;
 }
 
-// UPDATED: Validation for new employee model with employee types
+// Validation for new employee model with employee types
 export function validateEmployeeData(employee: CreateEmployeeRequest): string[] {
   const errors: string[] = [];
 
-  if (employee.password?.length < 6) {
+  if (employee.password?.length < 8) {
-    errors.push('Password must be at least 6 characters long');
+    errors.push('Password must be at least 8 characters long');
   }
 
   if (!employee.firstname?.trim() || employee.firstname.trim().length < 2) {
@@ -71,7 +71,7 @@ export function generateEmployeeEmail(firstname: string, lastname: string): stri
   return generateEmail(firstname, lastname);
 }
 
-// UPDATED: Business logic helpers for new employee types
+// Business logic helpers for new employee types
 export const isManager = (employee: Employee): boolean =>
   employee.employeeType === 'manager';
 
@@ -90,7 +90,7 @@ export const isInternal = (employee: Employee): boolean =>
 export const isExternal = (employee: Employee): boolean =>
   employee.employeeType === 'guest';
 
-// UPDATED: Trainee logic - now based on isTrainee field for personell type
+// Trainee logic - now based on isTrainee field for personell type
 export const isTrainee = (employee: Employee): boolean =>
   employee.employeeType === 'personell' && employee.isTrainee;
 
@@ -107,7 +107,7 @@ export const isMaintenance = (employee: Employee): boolean =>
 export const isUser = (employee: Employee): boolean =>
   employee.roles?.includes('user') || false;
 
-// UPDATED: Work alone permission - managers and experienced personell can work alone
+// Work alone permission - managers and experienced personell can work alone
 export const canEmployeeWorkAlone = (employee: Employee): boolean =>
   employee.canWorkAlone && (isManager(employee) || isExperienced(employee));
 
@@ -134,7 +134,7 @@ export function validateAvailabilityData(availability: Omit<EmployeeAvailability
   return errors;
 }
 
-// UPDATED: Helper to get employee type category
+// Helper to get employee type category
 export const getEmployeeCategory = (employee: Employee): 'internal' | 'external' => {
   return isInternal(employee) ? 'internal' : 'external';
 };

frontend/src/models/helpers/shiftPlanHelpers.ts

@@ -78,7 +78,7 @@ export function calculateTotalRequiredEmployees(plan: ShiftPlan): number {
   return plan.shifts.reduce((total, shift) => total + shift.requiredEmployees, 0);
 }
 
-// UPDATED: Get scheduled shift by date and time slot
+// Get scheduled shift by date and time slot
 export function getScheduledShiftByDateAndTime(
   plan: ShiftPlan, 
   date: string, 

frontend/src/models/scheduling.ts

@@ -2,7 +2,7 @@
 import { Employee } from './Employee.js';
 import { ShiftPlan } from './ShiftPlan.js';
 
-// Updated Availability interface to match new schema
+// Availability interface to match
 export interface Availability {
   id: string;
   employeeId: string;

frontend/src/pages/Auth/Login.tsx

@@ -1,4 +1,4 @@
-// frontend/src/pages/Auth/Login.tsx - UPDATED PASSWORD SECTION
+// frontend/src/pages/Auth/Login.tsx
 import React, { useState, useEffect, useRef } from 'react';
 import { useNavigate } from 'react-router-dom';
 import { useAuth } from '../../contexts/AuthContext';

frontend/src/pages/Employees/components/AvailabilityManager.tsx

@@ -3,6 +3,8 @@ import { employeeService } from '../../../services/employeeService';
 import { shiftPlanService } from '../../../services/shiftPlanService';
 import { Employee, EmployeeAvailability } from '../../../models/Employee';
 import { ShiftPlan, TimeSlot, Shift } from '../../../models/ShiftPlan';
+import { useNotification } from '../../../contexts/NotificationContext';
+import { useBackendValidation } from '../../../hooks/useBackendValidation';
 
 interface AvailabilityManagerProps {
   employee: Employee;
@@ -36,7 +38,8 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
   const [selectedPlan, setSelectedPlan] = useState<ShiftPlan | null>(null);
   const [loading, setLoading] = useState(true);
   const [saving, setSaving] = useState(false);
-  const [error, setError] = useState('');
+  const { showNotification } = useNotification();
+  const { executeWithValidation, isSubmitting } = useBackendValidation();
 
   const daysOfWeek = [
     { id: 1, name: 'Montag' },
@@ -81,7 +84,11 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
 
       } catch (err: any) {
         console.error('❌ FEHLER BEIM LADEN DER INITIALDATEN:', err);
-        setError('Daten konnten nicht geladen werden: ' + (err.message || 'Unbekannter Fehler'));
+        showNotification({
+          type: 'error',
+          title: 'Fehler beim Laden',
+          message: 'Daten konnten nicht geladen werden: ' + (err.message || 'Unbekannter Fehler')
+        });
         setLoading(false);
       }
     };
@@ -134,9 +141,6 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
           );
           if (invalidAvailabilities.length > 0) {
             console.warn('⚠️ UNGÜLTIGE VERFÜGBARKEITEN (OHNE SHIFT-ID):', invalidAvailabilities.length);
-            invalidAvailabilities.forEach(invalid => {
-              console.warn('   - Ungültiger Eintrag:', invalid);
-            });
           }
           
           // Transformiere die Daten
@@ -149,20 +153,20 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
 
           // Debug: Zeige vorhandene Präferenzen
           if (planAvailabilities.length > 0) {
-            console.log('🎯 VORHANDENE PRÄFERENZEN:');
+            console.log('🎯 VORHANDENE PRÄFERENZEN:', planAvailabilities.length);
-            planAvailabilities.forEach(avail => {
-              const shift = plan.shifts?.find(s => s.id === avail.shiftId);
-              console.log(`   - Shift: ${avail.shiftId} (Day: ${shift?.dayOfWeek}), Level: ${avail.preferenceLevel}`);
-            });
           }
-      } catch (availError) {
+        } catch (availError) {
-        console.error('❌ FEHLER BEIM LADEN DER VERFÜGBARKEITEN:', availError);
+          console.error('❌ FEHLER BEIM LADEN DER VERFÜGBARKEITEN:', availError);
-        setAvailabilities([]);
+          setAvailabilities([]);
-      }
+        }
 
       } catch (err: any) {
         console.error('❌ FEHLER BEIM LADEN DES SCHICHTPLANS:', err);
-        setError('Schichtplan konnte nicht geladen werden: ' + (err.message || 'Unbekannter Fehler'));
+        showNotification({
+          type: 'error',
+          title: 'Fehler beim Laden',
+          message: 'Schichtplan konnte nicht geladen werden: ' + (err.message || 'Unbekannter Fehler')
+        });
       } finally {
         setLoading(false);
       }
@@ -316,26 +320,6 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
       return (a.startTime || '').localeCompare(b.startTime || '');
     });
 
-    // Validation: Check if shifts are correctly placed
-    const validationErrors: string[] = [];
-    
-    // Check for missing time slots
-    const usedTimeSlotIds = new Set(selectedPlan?.shifts?.map(s => s.timeSlotId) || []);
-    const availableTimeSlotIds = new Set(selectedPlan?.timeSlots?.map(ts => ts.id) || []);
-
-    usedTimeSlotIds.forEach(timeSlotId => {
-      if (!availableTimeSlotIds.has(timeSlotId)) {
-        validationErrors.push(`Zeitslot ${timeSlotId} wird verwendet, existiert aber nicht in timeSlots`);
-      }
-    });
-
-    // Check for shifts with invalid day numbers
-    selectedPlan?.shifts?.forEach(shift => {
-      if (shift.dayOfWeek < 1 || shift.dayOfWeek > 7) {
-        validationErrors.push(`Shift ${shift.id} hat ungültigen Wochentag: ${shift.dayOfWeek}`);
-      }
-    });
-
     return (
       <div style={{
         marginBottom: '30px',
@@ -355,23 +339,6 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
           </div>
         </div>
 
-        {/* Validation Warnings */}
-        {validationErrors.length > 0 && (
-          <div style={{
-            backgroundColor: '#fff3cd',
-            border: '1px solid #ffeaa7',
-            padding: '15px',
-            margin: '10px'
-          }}>
-            <h4 style={{ margin: '0 0 10px 0', color: '#856404' }}>⚠️ Validierungswarnungen:</h4>
-            <ul style={{ margin: 0, paddingLeft: '20px', fontSize: '12px' }}>
-              {validationErrors.map((error, index) => (
-                <li key={index}>{error}</li>
-              ))}
-            </ul>
-          </div>
-        )}
-
         <div style={{ overflowX: 'auto' }}>
           <table style={{
             width: '100%',
@@ -421,9 +388,6 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
                     <div style={{ fontSize: '14px', color: '#666' }}>
                       {formatTime(timeSlot.startTime)} - {formatTime(timeSlot.endTime)}
                     </div>
-                    <div style={{ fontSize: '11px', color: '#999', marginTop: '4px' }}>
-                      ID: {timeSlot.id.substring(0, 8)}...
-                    </div>
                   </td>
                   {days.map(weekday => {
                     const shift = timeSlot.shiftsByDay[weekday.id];
@@ -443,9 +407,6 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
                       );
                     }
 
-                    // Validation: Check if shift has correct timeSlotId and dayOfWeek
-                    const isValidShift = shift.timeSlotId === timeSlot.id && shift.dayOfWeek === weekday.id;
-                    
                     const currentLevel = getAvailabilityForShift(shift.id);
                     const levelConfig = availabilityLevels.find(l => l.level === currentLevel);
                     
@@ -454,31 +415,8 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
                         padding: '12px 16px',
                         border: '1px solid #dee2e6',
                         textAlign: 'center',
-                        backgroundColor: !isValidShift ? '#fff3cd' : (levelConfig?.bgColor || 'white'),
+                        backgroundColor: levelConfig?.bgColor || 'white'
-                        position: 'relative'
                       }}>
-                        {/* Validation indicator */}
-                        {!isValidShift && (
-                          <div style={{
-                            position: 'absolute',
-                            top: '2px',
-                            right: '2px',
-                            backgroundColor: '#f39c12',
-                            color: 'white',
-                            borderRadius: '50%',
-                            width: '16px',
-                            height: '16px',
-                            fontSize: '10px',
-                            display: 'flex',
-                            alignItems: 'center',
-                            justifyContent: 'center'
-                          }}
-                          title={`Shift Validierung: timeSlotId=${shift.timeSlotId}, dayOfWeek=${shift.dayOfWeek}`}
-                          >
-                            ⚠️
-                          </div>
-                        )}
-
                         <select
                           value={currentLevel}
                           onChange={(e) => {
@@ -487,10 +425,10 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
                           }}
                           style={{
                             padding: '8px 12px',
-                            border: `2px solid ${!isValidShift ? '#f39c12' : (levelConfig?.color || '#ddd')}`,
+                            border: `2px solid ${levelConfig?.color || '#ddd'}`,
                             borderRadius: '6px',
-                            backgroundColor: !isValidShift ? '#fff3cd' : (levelConfig?.bgColor || 'white'),
+                            backgroundColor: levelConfig?.bgColor || 'white',
-                            color: !isValidShift ? '#856404' : (levelConfig?.color || '#333'),
+                            color: levelConfig?.color || '#333',
                             fontWeight: 'bold',
                             minWidth: '140px',
                             cursor: 'pointer',
@@ -511,23 +449,6 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
                             </option>
                           ))}
                         </select>
-
-                        {/* Shift debug info */}
-                        <div style={{ 
-                          fontSize: '10px', 
-                          color: '#666', 
-                          marginTop: '4px',
-                          textAlign: 'left',
-                          fontFamily: 'monospace'
-                        }}>
-                          <div>Shift: {shift.id.substring(0, 6)}...</div>
-                          <div>Day: {shift.dayOfWeek}</div>
-                          {!isValidShift && (
-                            <div style={{ color: '#e74c3c', fontWeight: 'bold' }}>
-                              VALIDATION ERROR
-                            </div>
-                          )}
-                        </div>
                       </td>
                     );
                   })}
@@ -556,62 +477,34 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
   };
 
   const handleSave = async () => {
-    try {
+    if (!selectedPlanId) {
+      showNotification({
+        type: 'error',
+        title: 'Fehler',
+        message: 'Bitte wählen Sie einen Schichtplan aus'
+      });
+      return;
+    }
+
+    // Basic frontend validation: Check if we have any availabilities to save
+    const validAvailabilities = availabilities.filter(avail => {
+      return avail.shiftId && selectedPlan?.shifts?.some(shift => shift.id === avail.shiftId);
+    });
+
+    if (validAvailabilities.length === 0) {
+      showNotification({
+        type: 'error',
+        title: 'Fehler',
+        message: 'Keine gültigen Verfügbarkeiten zum Speichern gefunden'
+      });
+      return;
+    }
+
+    // Complex validation (contract type rules) is now handled by backend
+    // We only do basic required field validation in frontend
+
+    await executeWithValidation(async () => {
       setSaving(true);
-      setError('');
-      
-      if (!selectedPlanId) {
-        setError('Bitte wählen Sie einen Schichtplan aus');
-        return;
-      }
-
-      // Filter availabilities to only include those with actual shifts AND valid shiftIds
-      const validAvailabilities = availabilities.filter(avail => {
-        // Check if this shiftId exists and is valid
-        if (!avail.shiftId) {
-          console.warn('⚠️ Überspringe ungültige Verfügbarkeit ohne Shift-ID:', avail);
-          return false;
-        }
-        
-        // Check if this shiftId exists in the current plan
-        return selectedPlan?.shifts?.some(shift => shift.id === avail.shiftId);
-      });
-
-      console.log('💾 SPEICHERE VERFÜGBARKEITEN:', {
-        total: availabilities.length,
-        valid: validAvailabilities.length,
-        invalid: availabilities.length - validAvailabilities.length
-      });
-
-      if (validAvailabilities.length === 0) {
-        setError('Keine gültigen Verfügbarkeiten zum Speichern gefunden');
-        return;
-      }
-
-      // Contract type validation
-      const availableShifts = validAvailabilities.filter(avail => 
-        avail.preferenceLevel === 1 || avail.preferenceLevel === 2
-      ).length;
-
-      let contractRequirement = 0;
-      let contractTypeName = '';
-
-      if (employee.contractType === 'small') {
-        contractRequirement = 2;
-        contractTypeName = 'Kleiner Vertrag';
-      } else if (employee.contractType === 'large') {
-        contractRequirement = 3;
-        contractTypeName = 'Großer Vertrag';
-      }
-
-      if (contractRequirement > 0 && availableShifts < contractRequirement) {
-        setError(
-          `${contractTypeName} erfordert mindestens ${contractRequirement} verfügbare Shifts. ` +
-          `Aktuell sind nur ${availableShifts} Shifts mit Verfügbarkeit "Bevorzugt" oder "Möglich" ausgewählt.`
-        );
-        setSaving(false);
-        return;
-      }
       
       // Convert to the format expected by the API - using shiftId directly
       const requestData = {
@@ -627,15 +520,16 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
       await employeeService.updateAvailabilities(employee.id, requestData);
       console.log('✅ VERFÜGBARKEITEN ERFOLGREICH GESPEICHERT');
 
+      showNotification({
+        type: 'success',
+        title: 'Erfolg',
+        message: 'Verfügbarkeiten wurden erfolgreich gespeichert'
+      });
+
       window.dispatchEvent(new CustomEvent('availabilitiesChanged'));
       
       onSave();
-    } catch (err: any) {
+    });
-      console.error('❌ FEHLER BEIM SPEICHERN:', err);
-      setError(err.message || 'Fehler beim Speichern der Verfügbarkeiten');
-    } finally {
-      setSaving(false);
-    }
   };
 
   if (loading) {
@@ -658,12 +552,11 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
   // Get full name for display
   const employeeFullName = `${employee.firstname} ${employee.lastname}`;
 
-  // Mininmum amount of shifts per contract type
+  // Available shifts count for display only (not for validation)
   const availableShiftsCount = availabilities.filter(avail => 
     avail.preferenceLevel === 1 || avail.preferenceLevel === 2
   ).length;
 
-
   return (
     <div style={{
       maxWidth: '1900px',
@@ -694,26 +587,14 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
         {employee.contractType && (
           <p style={{ margin: '5px 0 0 0', color: employee.contractType === 'small' ? '#f39c12' : '#27ae60' }}>
             <strong>Vertrag:</strong> 
-            {employee.contractType === 'small' ? ' Kleiner Vertrag (min. 2 verfügbare Shifts)' : 
+            {employee.contractType === 'small' ? ' Kleiner Vertrag' : 
-            employee.contractType === 'large' ? ' Großer Vertrag (min. 3 verfügbare Shifts)' : 
+            employee.contractType === 'large' ? ' Großer Vertrag' : 
             ' Flexibler Vertrag'}
+            {/* Note: Contract validation is now handled by backend */}
           </p>
         )}
       </div>
 
-      {error && (
-        <div style={{
-          backgroundColor: '#fee',
-          border: '1px solid #f5c6cb',
-          color: '#721c24',
-          padding: '12px',
-          borderRadius: '6px',
-          marginBottom: '20px'
-        }}>
-          <strong>Fehler:</strong> {error}
-        </div>
-      )}
-
       {/* Availability Legend */}
       <div style={{
         marginBottom: '30px',
@@ -774,7 +655,6 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
                 const newPlanId = e.target.value;
                 console.log('🔄 PLAN WECHSELN ZU:', newPlanId);
                 setSelectedPlanId(newPlanId);
-                // Der useEffect wird automatisch ausgelöst
               }}
               style={{
                 padding: '8px 12px',
@@ -828,15 +708,15 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
       }}>
         <button
           onClick={onCancel}
-          disabled={saving}
+          disabled={isSubmitting}
           style={{
             padding: '12px 24px',
             backgroundColor: '#95a5a6',
             color: 'white',
             border: 'none',
             borderRadius: '6px',
-            cursor: saving ? 'not-allowed' : 'pointer',
+            cursor: isSubmitting ? 'not-allowed' : 'pointer',
-            opacity: saving ? 0.6 : 1
+            opacity: isSubmitting ? 0.6 : 1
           }}
         >
           Abbrechen
@@ -844,18 +724,18 @@ const AvailabilityManager: React.FC<AvailabilityManagerProps> = ({
         
         <button
           onClick={handleSave}
-          disabled={saving || shiftsCount === 0 || !selectedPlanId}
+          disabled={isSubmitting || shiftsCount === 0 || !selectedPlanId}
           style={{
             padding: '12px 24px',
-            backgroundColor: saving ? '#bdc3c7' : (shiftsCount === 0 || !selectedPlanId ? '#95a5a6' : '#3498db'),
+            backgroundColor: isSubmitting ? '#bdc3c7' : (shiftsCount === 0 || !selectedPlanId ? '#95a5a6' : '#3498db'),
             color: 'white',
             border: 'none',
             borderRadius: '6px',
-            cursor: (saving || shiftsCount === 0 || !selectedPlanId) ? 'not-allowed' : 'pointer',
+            cursor: (isSubmitting || shiftsCount === 0 || !selectedPlanId) ? 'not-allowed' : 'pointer',
             fontWeight: 'bold'
           }}
         >
-          {saving ? '⏳ Wird gespeichert...' : `Verfügbarkeiten speichern (${availableShiftsCount})`}
+          {isSubmitting ? '⏳ Wird gespeichert...' : `Verfügbarkeiten speichern (${availableShiftsCount})`}
         </button>
       </div>
     </div>

frontend/src/pages/Employees/components/EmployeeList.tsx

@@ -3,6 +3,7 @@ import React, { useState } from 'react';
 import { ROLE_CONFIG, EMPLOYEE_TYPE_CONFIG } from '../../../models/defaults/employeeDefaults';
 import { Employee } from '../../../models/Employee';
 import { useAuth } from '../../../contexts/AuthContext';
+import { useNotification } from '../../../contexts/NotificationContext';
 
 interface EmployeeListProps {
   employees: Employee[];
@@ -14,7 +15,7 @@ interface EmployeeListProps {
 type SortField = 'name' | 'employeeType' | 'canWorkAlone' | 'role' | 'lastLogin';
 type SortDirection = 'asc' | 'desc';
 
-// FIXED: Use the actual employee types from the Employee interface
+// Use the actual employee types from the Employee interface
 type EmployeeType = 'manager' | 'personell' | 'apprentice' | 'guest';
 
 const EmployeeList: React.FC<EmployeeListProps> = ({
@@ -28,6 +29,7 @@ const EmployeeList: React.FC<EmployeeListProps> = ({
   const [sortField, setSortField] = useState<SortField>('name');
   const [sortDirection, setSortDirection] = useState<SortDirection>('asc');
   const { user: currentUser, hasRole } = useAuth();
+  const { showNotification, confirmDialog } = useNotification();
 
   // Filter employees based on active/inactive and search term
   const filteredEmployees = employees.filter(employee => {
@@ -128,7 +130,7 @@ const EmployeeList: React.FC<EmployeeListProps> = ({
   const getEmployeeTypeBadge = (type: EmployeeType, isTrainee: boolean = false) => {
     const config = EMPLOYEE_TYPE_CONFIG[type];
 
-    // FIXED: Updated color mapping for actual employee types
+    // Color mapping for actual employee types
     const bgColor =
       type === 'manager'
         ? '#fadbd8' // light red
@@ -176,6 +178,31 @@ const EmployeeList: React.FC<EmployeeListProps> = ({
     return 'MITARBEITER';
   };
 
+  const handleDeleteClick = async (employee: Employee) => {
+    const confirmed = await confirmDialog({
+      title: 'Mitarbeiter löschen',
+      message: `Sind Sie sicher, dass Sie ${employee.firstname} ${employee.lastname} löschen möchten? Diese Aktion kann nicht rückgängig gemacht werden.`,
+      confirmText: 'Löschen',
+      cancelText: 'Abbrechen',
+      type: 'warning'
+    });
+
+    if (confirmed) {
+      try {
+        onDelete(employee);
+        showNotification({
+          type: 'success',
+          title: 'Erfolg',
+          message: `${employee.firstname} ${employee.lastname} wurde erfolgreich gelöscht.`
+        });
+      } catch (error: any) {
+        // Error will be handled by parent component through useBackendValidation
+        // We just need to re-throw it so the parent can catch it
+        throw error;
+      }
+    }
+  };
+
   if (employees.length === 0) {
     return (
       <div style={{
@@ -299,7 +326,7 @@ const EmployeeList: React.FC<EmployeeListProps> = ({
         </div>
 
         {sortedEmployees.map(employee => {
-          // FIXED: Type assertion to ensure type safety
+          // Type assertion to ensure type safety
           const employeeType = getEmployeeTypeBadge(employee.employeeType as EmployeeType, employee.isTrainee);
           const independence = getIndependenceBadge(employee.canWorkAlone);
           const roleInfo = getRoleBadge(employee.roles);
@@ -468,7 +495,7 @@ const EmployeeList: React.FC<EmployeeListProps> = ({
                 {/* Löschen Button */}
                 {canDelete && (
                   <button
-                    onClick={() => onDelete(employee)}
+                    onClick={() => handleDeleteClick(employee)}
                     style={{
                       padding: '6px 8px',
                       backgroundColor: '#e74c3c',

frontend/src/pages/Settings/Settings.tsx

@@ -1,8 +1,9 @@
-// frontend/src/pages/Settings/Settings.tsx - UPDATED WITH NEW STYLES
+// frontend/src/pages/Settings/Settings.tsx - UPDATED WITH VALIDATION STRATEGY
 import React, { useState, useEffect, useRef } from 'react';
 import { useAuth } from '../../contexts/AuthContext';
 import { employeeService } from '../../services/employeeService';
 import { useNotification } from '../../contexts/NotificationContext';
+import { useBackendValidation } from '../../hooks/useBackendValidation';
 import AvailabilityManager from '../Employees/components/AvailabilityManager';
 import { Employee } from '../../models/Employee';
 import { styles } from './type/SettingsType';
@@ -10,11 +11,12 @@ import { styles } from './type/SettingsType';
 const Settings: React.FC = () => {
   const { user: currentUser, updateUser } = useAuth();
   const { showNotification } = useNotification();
+  const { executeWithValidation, clearErrors, isSubmitting } = useBackendValidation();
+
   const [activeTab, setActiveTab] = useState<'profile' | 'password' | 'availability'>('profile');
-  const [loading, setLoading] = useState(false);
   const [showAvailabilityManager, setShowAvailabilityManager] = useState(false);
 
-  // Profile form state - updated for firstname/lastname
+  // Profile form state
   const [profileForm, setProfileForm] = useState({
     firstname: currentUser?.firstname || '',
     lastname: currentUser?.lastname || ''
@@ -73,7 +75,7 @@ const Settings: React.FC = () => {
     }));
   };
 
-  // Password visibility handlers for current password
+  // Password visibility handlers
   const handleCurrentPasswordMouseDown = () => {
     currentPasswordTimeoutRef.current = setTimeout(() => {
       setShowCurrentPassword(true);
@@ -88,7 +90,6 @@ const Settings: React.FC = () => {
     setShowCurrentPassword(false);
   };
 
-  // Password visibility handlers for new password
   const handleNewPasswordMouseDown = () => {
     newPasswordTimeoutRef.current = setTimeout(() => {
       setShowNewPassword(true);
@@ -103,7 +104,6 @@ const Settings: React.FC = () => {
     setShowNewPassword(false);
   };
 
-  // Password visibility handlers for confirm password
   const handleConfirmPasswordMouseDown = () => {
     confirmPasswordTimeoutRef.current = setTimeout(() => {
       setShowConfirmPassword(true);
@@ -129,7 +129,6 @@ const Settings: React.FC = () => {
     cleanup();
   };
 
-  // Prevent context menu
   const handleContextMenu = (e: React.MouseEvent) => {
     e.preventDefault();
   };
@@ -138,40 +137,46 @@ const Settings: React.FC = () => {
     e.preventDefault();
     if (!currentUser) return;
 
-    // Validation
+    // BASIC FRONTEND VALIDATION: Only check required fields
-    if (!profileForm.firstname.trim() || !profileForm.lastname.trim()) {
+    if (!profileForm.firstname.trim()) {
       showNotification({
         type: 'error',
         title: 'Fehler',
-        message: 'Vorname und Nachname sind erforderlich'
+        message: 'Vorname ist erforderlich'
+      });
+      return;
+    }
+
+    if (!profileForm.lastname.trim()) {
+      showNotification({
+        type: 'error',
+        title: 'Fehler',
+        message: 'Nachname ist erforderlich'
       });
       return;
     }
 
     try {
-      setLoading(true);
+      // Use executeWithValidation to handle backend validation
-      await employeeService.updateEmployee(currentUser.id, {
+      await executeWithValidation(async () => {
-        firstname: profileForm.firstname.trim(),
+        const updatedEmployee = await employeeService.updateEmployee(currentUser.id, {
-        lastname: profileForm.lastname.trim()
+          firstname: profileForm.firstname.trim(),
-      });
+          lastname: profileForm.lastname.trim()
+        });
 
-      // Update the auth context with new user data
+        // Update the auth context with new user data
-      const updatedUser = await employeeService.getEmployee(currentUser.id);
+        updateUser(updatedEmployee);
-      updateUser(updatedUser);
 
-      showNotification({
+        showNotification({
-        type: 'success',
+          type: 'success',
-        title: 'Erfolg',
+          title: 'Erfolg',
-        message: 'Profil erfolgreich aktualisiert'
+          message: 'Profil erfolgreich aktualisiert'
+        });
       });
-    } catch (error: any) {
+    } catch (error) {
-      showNotification({
+      // Backend validation errors are already handled by executeWithValidation
-        type: 'error',
+      // We only need to handle unexpected errors here
-        title: 'Fehler',
+      console.error('Unexpected error:', error);
-        message: error.message || 'Profil konnte nicht aktualisiert werden'
-      });
-    } finally {
-      setLoading(false);
     }
   };
 
@@ -179,12 +184,30 @@ const Settings: React.FC = () => {
     e.preventDefault();
     if (!currentUser) return;
 
-    // Validation
+    // BASIC FRONTEND VALIDATION: Only check minimum requirements
-    if (passwordForm.newPassword.length < 6) {
+    if (!passwordForm.currentPassword) {
       showNotification({
         type: 'error',
         title: 'Fehler',
-        message: 'Das neue Passwort muss mindestens 6 Zeichen lang sein'
+        message: 'Aktuelles Passwort ist erforderlich'
+      });
+      return;
+    }
+
+    if (!passwordForm.newPassword) {
+      showNotification({
+        type: 'error',
+        title: 'Fehler',
+        message: 'Neues Passwort ist erforderlich'
+      });
+      return;
+    }
+
+    if (passwordForm.newPassword.length < 8) {
+      showNotification({
+        type: 'error',
+        title: 'Fehler',
+        message: 'Das neue Passwort muss mindestens 8 Zeichen lang sein'
       });
       return;
     }
@@ -199,34 +222,30 @@ const Settings: React.FC = () => {
     }
 
     try {
-      setLoading(true);
+      // Use executeWithValidation to handle backend validation
+      await executeWithValidation(async () => {
+        await employeeService.changePassword(currentUser.id, {
+          currentPassword: passwordForm.currentPassword,
+          newPassword: passwordForm.newPassword,
+          confirmPassword: passwordForm.confirmPassword
+        });
 
-      // Use the actual password change endpoint
+        showNotification({
-      await employeeService.changePassword(currentUser.id, {
+          type: 'success',
-        currentPassword: passwordForm.currentPassword,
+          title: 'Erfolg',
-        newPassword: passwordForm.newPassword
+          message: 'Passwort erfolgreich geändert'
-      });
+        });
 
-      showNotification({
+        // Clear password form
-        type: 'success',
+        setPasswordForm({
-        title: 'Erfolg',
+          currentPassword: '',
-        message: 'Passwort erfolgreich geändert'
+          newPassword: '',
+          confirmPassword: ''
+        });
       });
-
+    } catch (error) {
-      // Clear password form
+      // Backend validation errors are already handled by executeWithValidation
-      setPasswordForm({
+      console.error('Unexpected error:', error);
-        currentPassword: '',
-        newPassword: '',
-        confirmPassword: ''
-      });
-    } catch (error: any) {
-      showNotification({
-        type: 'error',
-        title: 'Fehler',
-        message: error.message || 'Passwort konnte nicht geändert werden'
-      });
-    } finally {
-      setLoading(false);
     }
   };
 
@@ -243,6 +262,12 @@ const Settings: React.FC = () => {
     setShowAvailabilityManager(false);
   };
 
+  // Clear validation errors when switching tabs
+  const handleTabChange = (tab: 'profile' | 'password' | 'availability') => {
+    clearErrors();
+    setActiveTab(tab);
+  };
+
   if (!currentUser) {
     return <div style={{
       textAlign: 'center',
@@ -273,7 +298,7 @@ const Settings: React.FC = () => {
 
         <div style={styles.tabs}>
           <button
-            onClick={() => setActiveTab('profile')}
+            onClick={() => handleTabChange('profile')}
             style={{
               ...styles.tab,
               ...(activeTab === 'profile' ? styles.tabActive : {})
@@ -301,7 +326,7 @@ const Settings: React.FC = () => {
           </button>
 
           <button
-            onClick={() => setActiveTab('password')}
+            onClick={() => handleTabChange('password')}
             style={{
               ...styles.tab,
               ...(activeTab === 'password' ? styles.tabActive : {})
@@ -329,7 +354,7 @@ const Settings: React.FC = () => {
           </button>
 
           <button
-            onClick={() => setActiveTab('availability')}
+            onClick={() => handleTabChange('availability')}
             style={{
               ...styles.tab,
               ...(activeTab === 'availability' ? styles.tabActive : {})
@@ -480,28 +505,28 @@ const Settings: React.FC = () => {
               <div style={styles.actions}>
                 <button
                   type="submit"
-                  disabled={loading || !profileForm.firstname.trim() || !profileForm.lastname.trim()}
+                  disabled={isSubmitting || !profileForm.firstname.trim() || !profileForm.lastname.trim()}
                   style={{
                     ...styles.button,
                     ...styles.buttonPrimary,
-                    ...((loading || !profileForm.firstname.trim() || !profileForm.lastname.trim()) ? styles.buttonDisabled : {})
+                    ...((isSubmitting || !profileForm.firstname.trim() || !profileForm.lastname.trim()) ? styles.buttonDisabled : {})
                   }}
                   onMouseEnter={(e) => {
-                    if (!loading && profileForm.firstname.trim() && profileForm.lastname.trim()) {
+                    if (!isSubmitting && profileForm.firstname.trim() && profileForm.lastname.trim()) {
                       e.currentTarget.style.background = styles.buttonPrimaryHover.background;
                       e.currentTarget.style.transform = styles.buttonPrimaryHover.transform;
                       e.currentTarget.style.boxShadow = styles.buttonPrimaryHover.boxShadow;
                     }
                   }}
                   onMouseLeave={(e) => {
-                    if (!loading && profileForm.firstname.trim() && profileForm.lastname.trim()) {
+                    if (!isSubmitting && profileForm.firstname.trim() && profileForm.lastname.trim()) {
                       e.currentTarget.style.background = styles.buttonPrimary.background;
                       e.currentTarget.style.transform = 'none';
                       e.currentTarget.style.boxShadow = styles.buttonPrimary.boxShadow;
                     }
                   }}
                 >
-                  {loading ? '⏳ Wird gespeichert...' : 'Profil aktualisieren'}
+                  {isSubmitting ? '⏳ Wird gespeichert...' : 'Profil aktualisieren'}
                 </button>
               </div>
             </form>
@@ -575,9 +600,9 @@ const Settings: React.FC = () => {
                       value={passwordForm.newPassword}
                       onChange={handlePasswordChange}
                       required
-                      minLength={6}
+                      minLength={8}
                       style={styles.fieldInputWithIcon}
-                      placeholder="Mindestens 6 Zeichen"
+                      placeholder="Mindestens 8 Zeichen"
                       onFocus={(e) => {
                         e.target.style.borderColor = '#1a1325';
                         e.target.style.boxShadow = '0 0 0 3px rgba(26, 19, 37, 0.1)';
@@ -606,7 +631,7 @@ const Settings: React.FC = () => {
                     </button>
                   </div>
                   <div style={styles.fieldHint}>
-                    Das Passwort muss mindestens 6 Zeichen lang sein.
+                    Das Passwort muss mindestens 8 Zeichen lang sein.
                   </div>
                 </div>
 
@@ -657,28 +682,28 @@ const Settings: React.FC = () => {
               <div style={styles.actions}>
                 <button
                   type="submit"
-                  disabled={loading || !passwordForm.currentPassword || !passwordForm.newPassword || !passwordForm.confirmPassword}
+                  disabled={isSubmitting || !passwordForm.currentPassword || !passwordForm.newPassword || !passwordForm.confirmPassword}
                   style={{
                     ...styles.button,
                     ...styles.buttonPrimary,
-                    ...((loading || !passwordForm.currentPassword || !passwordForm.newPassword || !passwordForm.confirmPassword) ? styles.buttonDisabled : {})
+                    ...((isSubmitting || !passwordForm.currentPassword || !passwordForm.newPassword || !passwordForm.confirmPassword) ? styles.buttonDisabled : {})
                   }}
                   onMouseEnter={(e) => {
-                    if (!loading && passwordForm.currentPassword && passwordForm.newPassword && passwordForm.confirmPassword) {
+                    if (!isSubmitting && passwordForm.currentPassword && passwordForm.newPassword && passwordForm.confirmPassword) {
                       e.currentTarget.style.background = styles.buttonPrimaryHover.background;
                       e.currentTarget.style.transform = styles.buttonPrimaryHover.transform;
                       e.currentTarget.style.boxShadow = styles.buttonPrimaryHover.boxShadow;
                     }
                   }}
                   onMouseLeave={(e) => {
-                    if (!loading && passwordForm.currentPassword && passwordForm.newPassword && passwordForm.confirmPassword) {
+                    if (!isSubmitting && passwordForm.currentPassword && passwordForm.newPassword && passwordForm.confirmPassword) {
                       e.currentTarget.style.background = styles.buttonPrimary.background;
                       e.currentTarget.style.transform = 'none';
                       e.currentTarget.style.boxShadow = styles.buttonPrimary.boxShadow;
                     }
                   }}
                 >
-                  {loading ? '⏳ Wird geändert...' : 'Passwort ändern'}
+                  {isSubmitting ? '⏳ Wird geändert...' : 'Passwort ändern'}
                 </button>
               </div>
             </form>

frontend/src/pages/Settings/type/SettingsType.tsx

@@ -1,275 +1,275 @@
-// frontend/src/pages/Settings/type/SettingsType.tsx - CORRECTED
+// frontend/src/pages/Settings/type/SettingsType.tsx
 export const styles = {
-    container: {
+  container: {
-      display: 'flex',
+    display: 'flex',
-      minHeight: 'calc(100vh - 120px)',
+    minHeight: 'calc(100vh - 120px)',
-      background: '#FBFAF6',
+    background: '#FBFAF6',
-      padding: '2rem',
+    padding: '2rem',
-      maxWidth: '1200px',
+    maxWidth: '1200px',
-      margin: '0 auto',
+    margin: '0 auto',
-      gap: '2rem',
+    gap: '2rem',
-    },
+  },
-    sidebar: {
+  sidebar: {
-      width: '280px',
+    width: '280px',
-      background: '#FBFAF6',
+    background: '#FBFAF6',
-      borderRadius: '16px',
+    borderRadius: '16px',
-      border: '1px solid rgba(255, 255, 255, 0.8)',
+    border: '1px solid rgba(255, 255, 255, 0.8)',
-      boxShadow: '0 4px 20px rgba(0, 0, 0, 0.06), 0 1px 4px rgba(0, 0, 0, 0.04)',
+    boxShadow: '0 4px 20px rgba(0, 0, 0, 0.06), 0 1px 4px rgba(0, 0, 0, 0.04)',
-      padding: '1.5rem',
+    padding: '1.5rem',
-      height: 'fit-content',
+    height: 'fit-content',
-      position: 'sticky' as const,
+    position: 'sticky' as const,
-      top: '2rem',
+    top: '2rem',
-    },
+  },
-    header: {
+  header: {
-      marginBottom: '2rem',
+    marginBottom: '2rem',
-      paddingBottom: '1.5rem',
+    paddingBottom: '1.5rem',
-      borderBottom: '1px solid rgba(26, 19, 37, 0.1)',
+    borderBottom: '1px solid rgba(26, 19, 37, 0.1)',
-    },
+  },
-    title: {
+  title: {
-      fontSize: '1.5rem',
+    fontSize: '1.5rem',
-      fontWeight: 600,
+    fontWeight: 600,
-      color: '#161718',
+    color: '#161718',
-      margin: '0 0 0.5rem 0',
+    margin: '0 0 0.5rem 0',
-    },
+  },
-    subtitle: {
+  subtitle: {
-      fontSize: '0.95rem',
+    fontSize: '0.95rem',
-      color: '#666',
+    color: '#666',
-      fontWeight: 400,
+    fontWeight: 400,
-      lineHeight: 1.5,
+    lineHeight: 1.5,
-    },
+  },
-    tabs: {
+  tabs: {
-      display: 'flex',
+    display: 'flex',
-      flexDirection: 'column' as const,
+    flexDirection: 'column' as const,
-      gap: '0.5rem',
+    gap: '0.5rem',
-    },
+  },
-    tab: {
+  tab: {
-      display: 'flex',
+    display: 'flex',
-      alignItems: 'center',
+    alignItems: 'center',
-      gap: '1rem',
+    gap: '1rem',
-      padding: '1rem 1.25rem',
+    padding: '1rem 1.25rem',
-      background: 'transparent',
+    background: 'transparent',
-      color: '#666',
+    color: '#666',
-      border: 'none',
+    border: 'none',
-      borderRadius: '8px',
+    borderRadius: '8px',
-      cursor: 'pointer',
+    cursor: 'pointer',
-      fontWeight: 500,
+    fontWeight: 500,
-      transition: 'all 0.3s cubic-bezier(0.4, 0, 0.2, 1)',
+    transition: 'all 0.3s cubic-bezier(0.4, 0, 0.2, 1)',
-      textAlign: 'left' as const,
+    textAlign: 'left' as const,
-      width: '100%',
+    width: '100%',
-    },
+  },
-    tabActive: {
+  tabActive: {
-      background: '#51258f',
+    background: '#51258f',
-      color: '#FBFAF6',
+    color: '#FBFAF6',
-      boxShadow: '0 4px 12px rgba(26, 19, 37, 0.15)',
+    boxShadow: '0 4px 12px rgba(26, 19, 37, 0.15)',
-    },
+  },
-    tabHover: {
+  tabHover: {
-      background: 'rgba(81, 37, 143, 0.1)',
+    background: 'rgba(81, 37, 143, 0.1)',
-      color: '#1a1325',
+    color: '#1a1325',
-      transform: 'translateX(4px)',
+    transform: 'translateX(4px)',
-    },
+  },
-    content: {
+  content: {
-      flex: 1,
+    flex: 1,
-      background: '#FBFAF6',
+    background: '#FBFAF6',
-      padding: '2.5rem',
+    padding: '2.5rem',
-      borderRadius: '16px',
+    borderRadius: '16px',
-      border: '1px solid rgba(255, 255, 255, 0.8)',
+    border: '1px solid rgba(255, 255, 255, 0.8)',
-      boxShadow: '0 4px 20px rgba(0, 0, 0, 0.06), 0 1px 4px rgba(0, 0, 0, 0.04)',
+    boxShadow: '0 4px 20px rgba(0, 0, 0, 0.06), 0 1px 4px rgba(0, 0, 0, 0.04)',
-      backdropFilter: 'blur(10px)',
+    backdropFilter: 'blur(10px)',
-      minHeight: '100px',
+    minHeight: '100px',
-    },
+  },
-    section: {
+  section: {
-      marginBottom: '2rem',
+    marginBottom: '2rem',
-    },
+  },
-    sectionTitle: {
+  sectionTitle: {
-      fontSize: '1.75rem',
+    fontSize: '1.75rem',
-      fontWeight: 600,
+    fontWeight: 600,
-      color: '#161718',
+    color: '#161718',
-      margin: '0 0 0.5rem 0',
+    margin: '0 0 0.5rem 0',
-    },
+  },
-    sectionDescription: {
+  sectionDescription: {
-      color: '#666',
+    color: '#666',
-      fontSize: '1rem',
+    fontSize: '1rem',
-      margin: 0,
+    margin: 0,
-      lineHeight: 1.5,
+    lineHeight: 1.5,
-    },
+  },
-    formGrid: {
+  formGrid: {
-      display: 'grid',
+    display: 'grid',
-      gap: '1.5rem',
+    gap: '1.5rem',
-    },
+  },
-    formGridCompact: {
+  formGridCompact: {
-      display: 'grid',
+    display: 'grid',
-      gap: '1.5rem',
+    gap: '1.5rem',
-      maxWidth: '500px',
+    maxWidth: '500px',
-    },
+  },
-    infoCard: {
+  infoCard: {
-      padding: '1.5rem',
+    padding: '1.5rem',
-      background: 'rgba(26, 19, 37, 0.02)',
+    background: 'rgba(26, 19, 37, 0.02)',
-      borderRadius: '12px',
+    borderRadius: '12px',
-      border: '1px solid rgba(26, 19, 37, 0.1)',
+    border: '1px solid rgba(26, 19, 37, 0.1)',
-    },
+  },
-    infoCardTitle: {
+  infoCardTitle: {
-      fontSize: '1rem',
+    fontSize: '1rem',
-      fontWeight: 600,
+    fontWeight: 600,
-      color: '#1a1325',
+    color: '#1a1325',
-      margin: '0 0 1rem 0',
+    margin: '0 0 1rem 0',
-    },
+  },
-    infoGrid: {
+  infoGrid: {
-      display: 'grid',
+    display: 'grid',
-      gridTemplateColumns: '1fr 1fr',
+    gridTemplateColumns: '1fr 1fr',
-      gap: '1rem',
+    gap: '1rem',
-    },
+  },
-    field: {
+  field: {
-      display: 'flex',
+    display: 'flex',
-      flexDirection: 'column' as const,
+    flexDirection: 'column' as const,
-      gap: '0.5rem',
+    gap: '0.5rem',
-      width: '100%',
+    width: '100%',
-    },
+  },
-    fieldLabel: {
+  fieldLabel: {
-      fontSize: '0.9rem',
+    fontSize: '0.9rem',
-      fontWeight: 600,
+    fontWeight: 600,
-      color: '#161718',
+    color: '#161718',
-      width: '100%',
+    width: '100%',
-    },
+  },
-    fieldInputContainer: {
+  fieldInputContainer: {
-      position: 'relative' as const,
+    position: 'relative' as const,
-      width: '100%',
+    width: '100%',
-    },
+  },
-    fieldInput: {
+  fieldInput: {
-      padding: '0.875rem 1rem',
+    padding: '0.875rem 1rem',
-      border: '1.5px solid #e8e8e8',
+    border: '1.5px solid #e8e8e8',
-      borderRadius: '8px',
+    borderRadius: '8px',
-      fontSize: '0.95rem',
+    fontSize: '0.95rem',
-      background: '#FBFAF6',
+    background: '#FBFAF6',
-      transition: 'all 0.3s cubic-bezier(0.4, 0, 0.2, 1)',
+    transition: 'all 0.3s cubic-bezier(0.4, 0, 0.2, 1)',
-      color: '#161718',
+    color: '#161718',
-      width: '100%',
+    width: '100%',
-      boxSizing: 'border-box' as const,
+    boxSizing: 'border-box' as const,
-    },
+  },
-    fieldInputWithIcon: {
+  fieldInputWithIcon: {
-      padding: '0.875rem 1rem',
+    padding: '0.875rem 1rem',
-      border: '1.5px solid #e8e8e8',
+    border: '1.5px solid #e8e8e8',
-      borderRadius: '8px',
+    borderRadius: '8px',
-      fontSize: '0.95rem',
+    fontSize: '0.95rem',
-      background: '#FBFAF6',
+    background: '#FBFAF6',
-      transition: 'all 0.3s cubic-bezier(0.4, 0, 0.2, 1)',
+    transition: 'all 0.3s cubic-bezier(0.4, 0, 0.2, 1)',
-      color: '#161718',
+    color: '#161718',
-      width: '100%',
+    width: '100%',
-      paddingRight: '40px',
+    paddingRight: '40px',
-      boxSizing: 'border-box' as const,
+    boxSizing: 'border-box' as const,
-    },
+  },
-    fieldInputDisabled: {
+  fieldInputDisabled: {
-      padding: '0.875rem 1rem',
+    padding: '0.875rem 1rem',
-      border: '1.5px solid rgba(26, 19, 37, 0.1)',
+    border: '1.5px solid rgba(26, 19, 37, 0.1)',
-      borderRadius: '8px',
+    borderRadius: '8px',
-      fontSize: '0.95rem',
+    fontSize: '0.95rem',
-      background: 'rgba(26, 19, 37, 0.05)',
+    background: 'rgba(26, 19, 37, 0.05)',
-      color: '#666',
+    color: '#666',
-      cursor: 'not-allowed',
+    cursor: 'not-allowed',
-      width: '100%',
+    width: '100%',
-      boxSizing: 'border-box' as const,
+    boxSizing: 'border-box' as const,
-    },
+  },
-    fieldHint: {
+  fieldHint: {
-      fontSize: '0.8rem',
+    fontSize: '0.8rem',
-      color: '#888',
+    color: '#888',
-      marginTop: '0.25rem',
+    marginTop: '0.25rem',
-      width: '100%',
+    width: '100%',
-    },
+  },
-    passwordToggleButton: {
+  passwordToggleButton: {
-      position: 'absolute' as const,
+    position: 'absolute' as const,
-      right: '10px',
+    right: '10px',
-      top: '50%',
+    top: '50%',
-      transform: 'translateY(-50%)',
+    transform: 'translateY(-50%)',
-      background: 'none',
+    background: 'none',
-      border: 'none',
+    border: 'none',
-      cursor: 'pointer',
+    cursor: 'pointer',
-      padding: '5px',
+    padding: '5px',
-      borderRadius: '4px',
+    borderRadius: '4px',
-      transition: 'background-color 0.2s',
+    transition: 'background-color 0.2s',
-      userSelect: 'none' as const,
+    userSelect: 'none' as const,
-      WebkitUserSelect: 'none' as const,
+    WebkitUserSelect: 'none' as const,
-      touchAction: 'manipulation' as const,
+    touchAction: 'manipulation' as const,
-    },
+  },
-    actions: {
+  actions: {
-      display: 'flex',
+    display: 'flex',
-      justifyContent: 'flex-end',
+    justifyContent: 'flex-end',
-      marginTop: '2.5rem',
+    marginTop: '2.5rem',
-      paddingTop: '1.5rem',
+    paddingTop: '1.5rem',
-      borderTop: '1px solid rgba(26, 19, 37, 0.1)',
+    borderTop: '1px solid rgba(26, 19, 37, 0.1)',
-    },
+  },
-    button: {
+  button: {
-      padding: '0.875rem 2rem',
+    padding: '0.875rem 2rem',
-      border: 'none',
+    border: 'none',
-      borderRadius: '8px',
+    borderRadius: '8px',
-      fontSize: '0.95rem',
+    fontSize: '0.95rem',
-      fontWeight: 600,
+    fontWeight: 600,
-      cursor: 'pointer',
+    cursor: 'pointer',
-      transition: 'all 0.3s cubic-bezier(0.4, 0, 0.2, 1)',
+    transition: 'all 0.3s cubic-bezier(0.4, 0, 0.2, 1)',
-      position: 'relative' as const,
+    position: 'relative' as const,
-      overflow: 'hidden' as const,
+    overflow: 'hidden' as const,
-    },
+  },
-    buttonPrimary: {
+  buttonPrimary: {
-      background: '#1a1325',
+    background: '#1a1325',
-      color: '#FBFAF6',
+    color: '#FBFAF6',
-      boxShadow: '0 2px 8px rgba(26, 19, 37, 0.2)',
+    boxShadow: '0 2px 8px rgba(26, 19, 37, 0.2)',
-    },
+  },
-    buttonPrimaryHover: {
+  buttonPrimaryHover: {
-      background: '#24163a',
+    background: '#24163a',
-      transform: 'translateY(-1px)',
+    transform: 'translateY(-1px)',
-      boxShadow: '0 4px 16px rgba(26, 19, 37, 0.3)',
+    boxShadow: '0 4px 16px rgba(26, 19, 37, 0.3)',
-    },
+  },
-    buttonDisabled: {
+  buttonDisabled: {
-      background: '#ccc',
+    background: '#ccc',
-      color: '#666',
+    color: '#666',
-      cursor: 'not-allowed',
+    cursor: 'not-allowed',
-      transform: 'none',
+    transform: 'none',
-      boxShadow: 'none',
+    boxShadow: 'none',
-    },
+  },
-    availabilityCard: {
+  availabilityCard: {
-      padding: '3rem 2rem',
+    padding: '3rem 2rem',
-      textAlign: 'center' as const,
+    textAlign: 'center' as const,
-      background: 'rgba(26, 19, 37, 0.03)',
+    background: 'rgba(26, 19, 37, 0.03)',
-      borderRadius: '16px',
+    borderRadius: '16px',
-      border: '2px dashed rgba(26, 19, 37, 0.1)',
+    border: '2px dashed rgba(26, 19, 37, 0.1)',
-      backdropFilter: 'blur(10px)',
+    backdropFilter: 'blur(10px)',
-    },
+  },
-    availabilityIcon: {
+  availabilityIcon: {
-      fontSize: '3rem',
+    fontSize: '3rem',
-      marginBottom: '1.5rem',
+    marginBottom: '1.5rem',
-      opacity: 0.8,
+    opacity: 0.8,
-    },
+  },
-    availabilityTitle: {
+  availabilityTitle: {
-      fontSize: '1.5rem',
+    fontSize: '1.5rem',
-      fontWeight: 600,
+    fontWeight: 600,
-      color: '#161718',
+    color: '#161718',
-      margin: '0 0 1rem 0',
+    margin: '0 0 1rem 0',
-    },
+  },
-    availabilityDescription: {
+  availabilityDescription: {
-      color: '#666',
+    color: '#666',
-      marginBottom: '2rem',
+    marginBottom: '2rem',
-      lineHeight: 1.6,
+    lineHeight: 1.6,
-      maxWidth: '500px',
+    maxWidth: '500px',
-      marginLeft: 'auto',
+    marginLeft: 'auto',
-      marginRight: 'auto',
+    marginRight: 'auto',
-    },
+  },
-    infoHint: {
+  infoHint: {
-      padding: '1.25rem',
+    padding: '1.25rem',
-      background: 'rgba(26, 19, 37, 0.05)',
+    background: 'rgba(26, 19, 37, 0.05)',
-      border: '1px solid rgba(26, 19, 37, 0.1)',
+    border: '1px solid rgba(26, 19, 37, 0.1)',
-      borderRadius: '12px',
+    borderRadius: '12px',
-      fontSize: '0.9rem',
+    fontSize: '0.9rem',
-      color: '#161718',
+    color: '#161718',
-      textAlign: 'left' as const,
+    textAlign: 'left' as const,
-      maxWidth: '400px',
+    maxWidth: '400px',
-      margin: '0 auto',
+    margin: '0 auto',
-    },
+  },
-    infoList: {
+  infoList: {
-      margin: '0.75rem 0 0 1rem',
+    margin: '0.75rem 0 0 1rem',
-      padding: 0,
+    padding: 0,
-      listStyle: 'none',
+    listStyle: 'none',
-    },
+  },
-    infoListItem: {
+  infoListItem: {
-      marginBottom: '0.5rem',
+    marginBottom: '0.5rem',
-      position: 'relative' as const,
+    position: 'relative' as const,
-      paddingLeft: '1rem',
+    paddingLeft: '1rem',
-    },
+  },
-  };
+};

frontend/src/pages/Setup/Setup.tsx

@@ -1,12 +1,26 @@
-// frontend/src/pages/Setup/Setup.tsx - UPDATED
 import React, { useState } from 'react';
 import { useAuth } from '../../contexts/AuthContext';
 
 const API_BASE_URL = '/api';
 
-const Setup: React.FC = () => {
+// ===== TYP-DEFINITIONEN =====
-  const [step, setStep] = useState(1);
+interface SetupFormData {
-  const [formData, setFormData] = useState({
+  password: string;
+  confirmPassword: string;
+  firstname: string;
+  lastname: string;
+}
+
+interface SetupStep {
+  id: string;
+  title: string;
+  subtitle?: string;
+}
+
+// ===== HOOK FÜR SETUP-LOGIK =====
+const useSetup = () => {
+  const [currentStep, setCurrentStep] = useState(0);
+  const [formData, setFormData] = useState<SetupFormData>({
     password: '',
     confirmPassword: '',
     firstname: '',
@@ -16,27 +30,26 @@ const Setup: React.FC = () => {
   const [error, setError] = useState('');
   const { checkSetupStatus } = useAuth();
 
-  const handleInputChange = (e: React.ChangeEvent<HTMLInputElement>) => {
+  const steps: SetupStep[] = [
-    const { name, value } = e.target;
+    {
-    setFormData(prev => ({
+      id: 'profile-setup',
-      ...prev,
+      title: 'Profilinformationen',
-      [name]: value
+      subtitle: 'Geben Sie Ihre persönlichen Daten ein'
-    }));
+    },
-  };
+    {
-
+      id: 'password-setup',
-  const validateStep1 = () => {
+      title: 'Passwort erstellen',
-    if (formData.password.length < 6) {
+      subtitle: 'Legen Sie ein sicheres Passwort fest'
-      setError('Das Passwort muss mindestens 6 Zeichen lang sein.');
+    },
-      return false;
+    {
+      id: 'confirmation',
+      title: 'Bestätigung',
+      subtitle: 'Setup abschließen'
     }
-    if (formData.password !== formData.confirmPassword) {
+  ];
-      setError('Die Passwörter stimmen nicht überein.');
-      return false;
-    }
-    return true;
-  };
 
-  const validateStep2 = () => {
+  // ===== VALIDIERUNGS-FUNKTIONEN =====
+  const validateStep1 = (): boolean => {
     if (!formData.firstname.trim()) {
       setError('Bitte geben Sie einen Vornamen ein.');
       return false;
@@ -48,21 +61,78 @@ const Setup: React.FC = () => {
     return true;
   };
 
-  const handleNext = () => {
+  const validateStep2 = (): boolean => {
-    setError('');
+    if (formData.password.length < 8) {
-    if (step === 1 && validateStep1()) {
+      setError('Das Passwort muss mindestens 8 Zeichen lang sein.');
-      setStep(2);
+      return false;
-    } else if (step === 2 && validateStep2()) {
+    }
-      handleSubmit();
+    if (formData.password !== formData.confirmPassword) {
+      setError('Die Passwörter stimmen nicht überein.');
+      return false;
+    }
+    return true;
+  };
+
+  const validateCurrentStep = (stepIndex: number): boolean => {
+    switch (stepIndex) {
+      case 0:
+        return validateStep1();
+      case 1:
+        return validateStep2();
+      default:
+        return true;
     }
   };
 
-  const handleBack = () => {
+  // ===== NAVIGATIONS-FUNKTIONEN =====
+  const goToNextStep = async (): Promise<void> => {
     setError('');
-    setStep(1);
+
+    if (!validateCurrentStep(currentStep)) {
+      return;
+    }
+
+    // Wenn wir beim letzten Schritt sind, Submit ausführen
+    if (currentStep === steps.length - 1) {
+      await handleSubmit();
+      return;
+    }
+
+    // Ansonsten zum nächsten Schritt gehen
+    setCurrentStep(prev => prev + 1);
   };
 
-  const handleSubmit = async () => {
+  const goToPrevStep = (): void => {
+    setError('');
+    if (currentStep > 0) {
+      setCurrentStep(prev => prev - 1);
+    }
+  };
+
+  const handleStepChange = (stepIndex: number): void => {
+    setError('');
+
+    // Nur erlauben, zu bereits validierten Schritten zu springen
+    // oder zum nächsten Schritt nach dem aktuellen
+    if (stepIndex <= currentStep + 1) {
+      // Vor dem Wechsel validieren
+      if (stepIndex > currentStep && !validateCurrentStep(currentStep)) {
+        return;
+      }
+      setCurrentStep(stepIndex);
+    }
+  };
+
+  // ===== FORM HANDLER =====
+  const handleInputChange = (e: React.ChangeEvent<HTMLInputElement>): void => {
+    const { name, value } = e.target;
+    setFormData(prev => ({
+      ...prev,
+      [name]: value
+    }));
+  };
+
+  const handleSubmit = async (): Promise<void> => {
     try {
       setLoading(true);
       setError('');
@@ -102,8 +172,8 @@ const Setup: React.FC = () => {
     }
   };
 
-  // Helper to display generated email preview
+  // ===== HELPER FUNCTIONS =====
-  const getEmailPreview = () => {
+  const getEmailPreview = (): string => {
     if (!formData.firstname.trim() || !formData.lastname.trim()) {
       return 'vorname.nachname@sp.de';
     }
@@ -113,6 +183,377 @@ const Setup: React.FC = () => {
     return `${cleanFirstname}.${cleanLastname}@sp.de`;
   };
 
+  const isStepCompleted = (stepIndex: number): boolean => {
+    switch (stepIndex) {
+      case 0:
+        return formData.password.length >= 8 &&
+          formData.password === formData.confirmPassword;
+      case 1:
+        return !!formData.firstname.trim() && !!formData.lastname.trim();
+      default:
+        return false;
+    }
+  };
+
+  return {
+    // State
+    currentStep,
+    formData,
+    loading,
+    error,
+    steps,
+
+    // Actions
+    goToNextStep,
+    goToPrevStep,
+    handleStepChange,
+    handleInputChange,
+
+    // Helpers
+    getEmailPreview,
+    isStepCompleted
+  };
+};
+
+// ===== STEP-INHALTS-KOMPONENTEN =====
+interface StepContentProps {
+  formData: SetupFormData;
+  onInputChange: (e: React.ChangeEvent<HTMLInputElement>) => void;
+  getEmailPreview: () => string;
+  currentStep: number;
+}
+
+const Step1Content: React.FC<StepContentProps> = ({
+  formData,
+  onInputChange,
+  getEmailPreview
+}) => (
+  <div style={{ display: 'flex', flexDirection: 'column', gap: '1.5rem' }}>
+    <div>
+      <label style={{
+        display: 'block',
+        marginBottom: '0.5rem',
+        fontWeight: '600',
+        color: '#495057'
+      }}>
+        Vorname
+      </label>
+      <input
+        type="text"
+        name="firstname"
+        value={formData.firstname}
+        onChange={onInputChange}
+        style={{
+          width: '100%',
+          padding: '0.75rem',
+          border: '1px solid #ced4da',
+          borderRadius: '6px',
+          fontSize: '1rem'
+        }}
+        placeholder="Max"
+        required
+        autoComplete="given-name"
+      />
+    </div>
+
+    <div>
+      <label style={{
+        display: 'block',
+        marginBottom: '0.5rem',
+        fontWeight: '600',
+        color: '#495057'
+      }}>
+        Nachname
+      </label>
+      <input
+        type="text"
+        name="lastname"
+        value={formData.lastname}
+        onChange={onInputChange}
+        style={{
+          width: '100%',
+          padding: '0.75rem',
+          border: '1px solid #ced4da',
+          borderRadius: '6px',
+          fontSize: '1rem'
+        }}
+        placeholder="Mustermann"
+        required
+        autoComplete="family-name"
+      />
+    </div>
+
+    <div>
+      <label style={{
+        display: 'block',
+        marginBottom: '0.5rem',
+        fontWeight: '600',
+        color: '#495057'
+      }}>
+        Automatisch generierte E-Mail
+      </label>
+      <div style={{
+        padding: '0.75rem',
+        backgroundColor: '#e9ecef',
+        border: '1px solid #ced4da',
+        borderRadius: '6px',
+        color: '#495057',
+        fontWeight: '500',
+        fontFamily: 'monospace'
+      }}>
+        {getEmailPreview()}
+      </div>
+      <div style={{
+        fontSize: '0.875rem',
+        color: '#6c757d',
+        marginTop: '0.25rem'
+      }}>
+        Die E-Mail wird automatisch aus Vor- und Nachname generiert
+      </div>
+    </div>
+  </div>
+);
+
+
+const Step2Content: React.FC<StepContentProps> = ({
+  formData,
+  onInputChange
+}) => (
+  <div style={{ display: 'flex', flexDirection: 'column', gap: '1.5rem' }}>
+    <div>
+      <label style={{
+        display: 'block',
+        marginBottom: '0.5rem',
+        fontWeight: '600',
+        color: '#495057'
+      }}>
+        Passwort
+      </label>
+      <input
+        type="password"
+        name="password"
+        value={formData.password}
+        onChange={onInputChange}
+        style={{
+          width: '100%',
+          padding: '0.75rem',
+          border: '1px solid #ced4da',
+          borderRadius: '6px',
+          fontSize: '1rem',
+          transition: 'border-color 0.3s ease'
+        }}
+        placeholder="Mindestens 8 Zeichen"
+        required
+        autoComplete="new-password"
+      />
+    </div>
+
+    <div>
+      <label style={{
+        display: 'block',
+        marginBottom: '0.5rem',
+        fontWeight: '600',
+        color: '#495057'
+      }}>
+        Passwort bestätigen
+      </label>
+      <input
+        type="password"
+        name="confirmPassword"
+        value={formData.confirmPassword}
+        onChange={onInputChange}
+        style={{
+          width: '100%',
+          padding: '0.75rem',
+          border: '1px solid #ced4da',
+          borderRadius: '6px',
+          fontSize: '1rem',
+          transition: 'border-color 0.3s ease'
+        }}
+        placeholder="Passwort wiederholen"
+        required
+        autoComplete="new-password"
+      />
+    </div>
+  </div>
+);
+
+const Step3Content: React.FC<StepContentProps> = ({
+  formData,
+  getEmailPreview
+}) => (
+  <div style={{ display: 'flex', flexDirection: 'column', gap: '1.5rem' }}>
+    <div style={{
+      backgroundColor: '#f8f9fa',
+      padding: '1.5rem',
+      borderRadius: '8px',
+      border: '1px solid #e9ecef'
+    }}>
+      <h3 style={{
+        marginBottom: '1rem',
+        color: '#2c3e50',
+        fontSize: '1.1rem',
+        fontWeight: '600'
+      }}>
+        Zusammenfassung
+      </h3>
+
+      <div style={{ display: 'flex', flexDirection: 'column', gap: '0.75rem' }}>
+        <div style={{ display: 'flex', justifyContent: 'space-between' }}>
+          <span style={{ color: '#6c757d' }}>E-Mail:</span>
+          <span style={{ fontWeight: '500' }}>{getEmailPreview()}</span>
+        </div>
+        <div style={{ display: 'flex', justifyContent: 'space-between' }}>
+          <span style={{ color: '#6c757d' }}>Vorname:</span>
+          <span style={{ fontWeight: '500' }}>{formData.firstname || '-'}</span>
+        </div>
+        <div style={{ display: 'flex', justifyContent: 'space-between' }}>
+          <span style={{ color: '#6c757d' }}>Nachname:</span>
+          <span style={{ fontWeight: '500' }}>{formData.lastname || '-'}</span>
+        </div>
+      </div>
+    </div>
+
+    <div style={{
+      padding: '1rem',
+      backgroundColor: '#e7f3ff',
+      borderRadius: '6px',
+      border: '1px solid #b6d7e8',
+      color: '#2c3e50'
+    }}>
+      <strong>💡 Wichtig:</strong> Nach dem Setup können Sie sich mit Ihrer
+      automatisch generierten E-Mail anmelden.
+    </div>
+  </div>
+);
+
+// ===== HAUPTKOMPONENTE =====
+const Setup: React.FC = () => {
+  const {
+    currentStep,
+    formData,
+    loading,
+    error,
+    steps,
+    goToNextStep,
+    goToPrevStep,
+    handleStepChange,
+    handleInputChange,
+    getEmailPreview
+  } = useSetup();
+
+  const renderStepContent = (): React.ReactNode => {
+    const stepProps = {
+      formData,
+      onInputChange: handleInputChange,
+      getEmailPreview,
+      currentStep
+    };
+
+    switch (currentStep) {
+      case 0:
+        return <Step1Content {...stepProps} />;
+      case 1:
+        return <Step2Content {...stepProps} />;
+      case 2:
+        return <Step3Content {...stepProps} />;
+      default:
+        return null;
+    }
+  };
+
+  const getNextButtonText = (): string => {
+    if (loading) return '⏳ Wird verarbeitet...';
+
+    switch (currentStep) {
+      case 0:
+        return 'Weiter →';
+      case 1:
+        return 'Weiter →';
+      case 2:
+        return 'Setup abschließen';
+      default:
+        return 'Weiter →';
+    }
+  };
+
+  // Inline Step Indicator Komponente
+  const StepIndicator: React.FC = () => (
+    <div style={{
+      display: 'flex',
+      justifyContent: 'space-between',
+      alignItems: 'center',
+      marginBottom: '2.5rem',
+      position: 'relative',
+      width: '100%'
+    }}>
+      {/* Verbindungslinien */}
+      <div style={{
+        position: 'absolute',
+        top: '12px',
+        left: '0',
+        right: '0',
+        height: '2px',
+        backgroundColor: '#e9ecef',
+        zIndex: 1
+      }} />
+
+      {steps.map((step, index) => {
+        const isCompleted = index < currentStep;
+        const isCurrent = index === currentStep;
+        const isClickable = index <= currentStep + 1;
+
+        return (
+          <div
+            key={step.id}
+            style={{
+              display: 'flex',
+              flexDirection: 'column',
+              alignItems: 'center',
+              zIndex: 2,
+              position: 'relative',
+              flex: 1
+            }}
+          >
+            <button
+              onClick={() => isClickable && handleStepChange(index)}
+              disabled={!isClickable}
+              style={{
+                width: '28px',
+                height: '28px',
+                borderRadius: '50%',
+                border: '2px solid',
+                borderColor: isCompleted || isCurrent ? '#51258f' : '#e9ecef',
+                backgroundColor: isCompleted ? '#51258f' : 'white',
+                color: isCompleted ? 'white' : (isCurrent ? '#51258f' : '#6c757d'),
+                display: 'flex',
+                alignItems: 'center',
+                justifyContent: 'center',
+                fontSize: '14px',
+                fontWeight: 'bold',
+                cursor: isClickable ? 'pointer' : 'not-allowed',
+                transition: 'all 0.3s ease',
+                marginBottom: '8px'
+              }}
+            >
+              {index + 1}
+            </button>
+
+            <div style={{ textAlign: 'center' }}>
+              <div style={{
+                fontSize: '14px',
+                fontWeight: isCurrent ? '600' : '400',
+                color: isCurrent ? '#51258f' : '#6c757d'
+              }}>
+                {step.title}
+              </div>
+            </div>
+          </div>
+        );
+      })}
+    </div>
+  );
+
   return (
     <div style={{
       minHeight: '100vh',
@@ -128,10 +569,10 @@ const Setup: React.FC = () => {
         borderRadius: '12px',
         boxShadow: '0 10px 30px rgba(0,0,0,0.1)',
         width: '100%',
-        maxWidth: '500px',
+        maxWidth: '600px',
         border: '1px solid #e9ecef'
       }}>
-        <div style={{ textAlign: 'center', marginBottom: '2rem' }}>
+        <div style={{ textAlign: 'center', marginBottom: '1rem' }}>
           <h1 style={{
             fontSize: '2rem',
             fontWeight: 'bold',
@@ -142,12 +583,37 @@ const Setup: React.FC = () => {
           </h1>
           <p style={{
             color: '#6c757d',
-            fontSize: '1.1rem'
+            fontSize: '1.1rem',
+            marginBottom: '2rem'
           }}>
             Richten Sie Ihren Administrator-Account ein
           </p>
         </div>
 
+        {/* Aktueller Schritt Titel und Beschreibung */}
+        <div style={{ textAlign: 'center', marginBottom: '1.5rem' }}>
+          <h2 style={{
+            fontSize: '1.5rem',
+            fontWeight: 'bold',
+            marginBottom: '0.5rem',
+            color: '#2c3e50'
+          }}>
+            {steps[currentStep].title}
+          </h2>
+          {steps[currentStep].subtitle && (
+            <p style={{
+              color: '#6c757d',
+              fontSize: '1rem'
+            }}>
+              {steps[currentStep].subtitle}
+            </p>
+          )}
+        </div>
+
+        {/* Inline Step Indicator */}
+        <StepIndicator />
+
+        {/* Fehleranzeige */}
         {error && (
           <div style={{
             backgroundColor: '#f8d7da',
@@ -161,175 +627,37 @@ const Setup: React.FC = () => {
           </div>
         )}
 
-        {step === 1 && (
+        {/* Schritt-Inhalt */}
-          <div style={{ display: 'flex', flexDirection: 'column', gap: '1.5rem' }}>
+        <div style={{ minHeight: '200px' }}>
-            <div>
+          {renderStepContent()}
-              <label style={{ 
+        </div>
-                display: 'block', 
-                marginBottom: '0.5rem', 
-                fontWeight: '600',
-                color: '#495057'
-              }}>
-                Passwort
-              </label>
-              <input
-                type="password"
-                name="password"
-                value={formData.password}
-                onChange={handleInputChange}
-                style={{
-                  width: '100%',
-                  padding: '0.75rem',
-                  border: '1px solid #ced4da',
-                  borderRadius: '6px',
-                  fontSize: '1rem',
-                  transition: 'border-color 0.3s ease'
-                }}
-                placeholder="Mindestens 6 Zeichen"
-                required
-              />
-            </div>
-            
-            <div>
-              <label style={{ 
-                display: 'block', 
-                marginBottom: '0.5rem', 
-                fontWeight: '600',
-                color: '#495057'
-              }}>
-                Passwort bestätigen
-              </label>
-              <input
-                type="password"
-                name="confirmPassword"
-                value={formData.confirmPassword}
-                onChange={handleInputChange}
-                style={{
-                  width: '100%',
-                  padding: '0.75rem',
-                  border: '1px solid #ced4da',
-                  borderRadius: '6px',
-                  fontSize: '1rem',
-                  transition: 'border-color 0.3s ease'
-                }}
-                placeholder="Passwort wiederholen"
-                required
-              />
-            </div>
-          </div>
-        )}
-
-        {step === 2 && (
-          <div style={{ display: 'flex', flexDirection: 'column', gap: '1.5rem' }}>
-            <div>
-              <label style={{ 
-                display: 'block', 
-                marginBottom: '0.5rem', 
-                fontWeight: '600',
-                color: '#495057'
-              }}>
-                Vorname
-              </label>
-              <input
-                type="text"
-                name="firstname"
-                value={formData.firstname}
-                onChange={handleInputChange}
-                style={{
-                  width: '100%',
-                  padding: '0.75rem',
-                  border: '1px solid #ced4da',
-                  borderRadius: '6px',
-                  fontSize: '1rem'
-                }}
-                placeholder="Max"
-                required
-              />
-            </div>
-
-            <div>
-              <label style={{ 
-                display: 'block', 
-                marginBottom: '0.5rem', 
-                fontWeight: '600',
-                color: '#495057'
-              }}>
-                Nachname
-              </label>
-              <input
-                type="text"
-                name="lastname"
-                value={formData.lastname}
-                onChange={handleInputChange}
-                style={{
-                  width: '100%',
-                  padding: '0.75rem',
-                  border: '1px solid #ced4da',
-                  borderRadius: '6px',
-                  fontSize: '1rem'
-                }}
-                placeholder="Mustermann"
-                required
-              />
-            </div>
-
-            <div>
-              <label style={{ 
-                display: 'block', 
-                marginBottom: '0.5rem', 
-                fontWeight: '600',
-                color: '#495057'
-              }}>
-                Automatisch generierte E-Mail
-              </label>
-              <div style={{ 
-                padding: '0.75rem', 
-                backgroundColor: '#e9ecef', 
-                border: '1px solid #ced4da',
-                borderRadius: '6px',
-                color: '#495057',
-                fontWeight: '500',
-                fontFamily: 'monospace'
-              }}>
-                {getEmailPreview()}
-              </div>
-              <div style={{ 
-                fontSize: '0.875rem', 
-                color: '#6c757d',
-                marginTop: '0.25rem'
-              }}>
-                Die E-Mail wird automatisch aus Vor- und Nachname generiert
-              </div>
-            </div>
-          </div>
-        )}
 
+        {/* Navigations-Buttons */}
         <div style={{
           marginTop: '2rem',
           display: 'flex',
           justifyContent: 'space-between',
           alignItems: 'center'
         }}>
-          {step === 2 && (
+          <button
-            <button
+            onClick={goToPrevStep}
-              onClick={handleBack}
+            disabled={loading || currentStep === 0}
-              style={{
+            style={{
-                padding: '0.75rem 1.5rem',
+              padding: '0.75rem 1.5rem',
-                color: '#6c757d',
+              color: loading || currentStep === 0 ? '#adb5bd' : '#6c757d',
-                border: '1px solid #6c757d',
+              border: `1px solid ${loading || currentStep === 0 ? '#adb5bd' : '#6c757d'}`,
-                background: 'none',
+              background: 'none',
-                borderRadius: '6px',
+              borderRadius: '6px',
-                cursor: 'pointer',
+              cursor: loading || currentStep === 0 ? 'not-allowed' : 'pointer',
-                fontWeight: '500'
+              fontWeight: '500',
-              }}
+              opacity: loading || currentStep === 0 ? 0.6 : 1
-              disabled={loading}
+            }}
-            >
+          >
-              ← Zurück
+            ← Zurück
-            </button>
+          </button>
-          )}
 
           <button
-            onClick={handleNext}
+            onClick={goToNextStep}
             disabled={loading}
             style={{
               padding: '0.75rem 2rem',
@@ -340,28 +668,25 @@ const Setup: React.FC = () => {
               cursor: loading ? 'not-allowed' : 'pointer',
               fontWeight: '600',
               fontSize: '1rem',
-              marginLeft: step === 1 ? 'auto' : '0',
               transition: 'background-color 0.3s ease'
             }}
           >
-            {loading ? '⏳ Wird verarbeitet...' : 
+            {getNextButtonText()}
-             step === 1 ? 'Weiter →' : 'Setup abschließen'}
           </button>
         </div>
 
-        {step === 2 && (
+        {/* Zusätzliche Informationen */}
+        {currentStep === 2 && !loading && (
           <div style={{
             marginTop: '1.5rem',
             textAlign: 'center',
             color: '#6c757d',
             fontSize: '0.9rem',
             padding: '1rem',
-            backgroundColor: '#e7f3ff',
+            backgroundColor: '#f8f9fa',
-            borderRadius: '6px',
+            borderRadius: '6px'
-            border: '1px solid #b6d7e8'
           }}>
-            💡 Nach dem erfolgreichen Setup werden Sie zur Anmeldeseite weitergeleitet, 
+            Überprüfen Sie Ihre Daten, bevor Sie das Setup abschließen
-            wo Sie sich mit Ihrer automatisch generierten E-Mail anmelden können.
           </div>
         )}
       </div>

frontend/src/pages/ShiftPlans/ShiftPlanCreate.module.css

@@ -107,7 +107,7 @@
 
 .createButton {
   padding: 10px 20px;
-  background-color: #2ecc71;
+  background-color: #51258f;
   color: white;
   border: none;
   border-radius: 4px;
@@ -116,7 +116,7 @@
 }
 
 .createButton:hover {
-  background-color: #27ae60;
+  background-color: #51258f;
 }
 
 .createButton:disabled {

frontend/src/pages/ShiftPlans/ShiftPlanCreate.tsx

@@ -2,6 +2,8 @@
 import React, { useState, useEffect } from 'react';
 import { useNavigate, useSearchParams } from 'react-router-dom';
 import { shiftPlanService } from '../../services/shiftPlanService';
+import { useNotification } from '../../contexts/NotificationContext';
+import { useBackendValidation } from '../../hooks/useBackendValidation';
 import styles from './ShiftPlanCreate.module.css';
 
 // Interface für Template Presets
@@ -14,6 +16,8 @@ interface TemplatePreset {
 const ShiftPlanCreate: React.FC = () => {
   const navigate = useNavigate();
   const [searchParams] = useSearchParams();
+  const { showNotification } = useNotification();
+  const { executeWithValidation, isSubmitting } = useBackendValidation();
   
   const [planName, setPlanName] = useState('');
   const [startDate, setStartDate] = useState('');
@@ -21,8 +25,6 @@ const ShiftPlanCreate: React.FC = () => {
   const [selectedPreset, setSelectedPreset] = useState('');
   const [presets, setPresets] = useState<TemplatePreset[]>([]);
   const [loading, setLoading] = useState(true);
-  const [error, setError] = useState<string | null>(null);
-  const [success, setSuccess] = useState<string | null>(null);
 
   useEffect(() => {
     loadTemplatePresets();
@@ -42,36 +44,60 @@ const ShiftPlanCreate: React.FC = () => {
       }
     } catch (error) {
       console.error('❌ Fehler beim Laden der Vorlagen-Presets:', error);
-      setError('Vorlagen-Presets konnten nicht geladen werden');
+      showNotification({
+        type: 'error',
+        title: 'Fehler beim Laden',
+        message: 'Vorlagen-Presets konnten nicht geladen werden'
+      });
     } finally {
       setLoading(false);
     }
   };
 
   const handleCreate = async () => {
-    try {
+    // Basic frontend validation only
-      // Validierung
+    if (!planName.trim()) {
-      if (!planName.trim()) {
+      showNotification({
-        setError('Bitte geben Sie einen Namen für den Schichtplan ein');
+        type: 'error',
-        return;
+        title: 'Fehlende Angaben',
-      }
+        message: 'Bitte geben Sie einen Namen für den Schichtplan ein'
-      if (!startDate) {
+      });
-        setError('Bitte wählen Sie ein Startdatum');
+      return;
-        return;
+    }
-      }
+    if (!startDate) {
-      if (!endDate) {
+      showNotification({
-        setError('Bitte wählen Sie ein Enddatum');
+        type: 'error',
-        return;
+        title: 'Fehlende Angaben',
-      }
+        message: 'Bitte wählen Sie ein Startdatum'
-      if (new Date(endDate) < new Date(startDate)) {
+      });
-        setError('Das Enddatum muss nach dem Startdatum liegen');
+      return;
-        return;
+    }
-      }
+    if (!endDate) {
-      if (!selectedPreset) {
+      showNotification({
-        setError('Bitte wählen Sie eine Vorlage aus');
+        type: 'error',
-        return;
+        title: 'Fehlende Angaben', 
-      }
+        message: 'Bitte wählen Sie ein Enddatum'
+      });
+      return;
+    }
+    if (new Date(endDate) < new Date(startDate)) {
+      showNotification({
+        type: 'error',
+        title: 'Ungültige Daten',
+        message: 'Das Enddatum muss nach dem Startdatum liegen'
+      });
+      return;
+    }
+    if (!selectedPreset) {
+      showNotification({
+        type: 'error',
+        title: 'Fehlende Angaben',
+        message: 'Bitte wählen Sie eine Vorlage aus'
+      });
+      return;
+    }
 
+    await executeWithValidation(async () => {
       console.log('🔄 Erstelle Schichtplan aus Preset...', {
         presetName: selectedPreset,
         name: planName,
@@ -91,16 +117,16 @@ const ShiftPlanCreate: React.FC = () => {
       console.log('✅ Plan erstellt:', createdPlan);
       
       // Erfolgsmeldung und Weiterleitung
-      setSuccess('Schichtplan erfolgreich erstellt!');
+      showNotification({
+        type: 'success',
+        title: 'Erfolg',
+        message: 'Schichtplan erfolgreich erstellt!'
+      });
+      
       setTimeout(() => {
         navigate(`/shift-plans/${createdPlan.id}`);
       }, 1500);
-      
+    });
-    } catch (error) {
-      const err = error as Error;
-      console.error('❌ Fehler beim Erstellen des Plans:', err);
-      setError(`Plan konnte nicht erstellt werden: ${err.message}`);
-    } 
   };
 
   const getSelectedPresetDescription = () => {
@@ -120,23 +146,15 @@ const ShiftPlanCreate: React.FC = () => {
     <div className={styles.container}>
       <div className={styles.header}>
         <h1>Neuen Schichtplan erstellen</h1>
-        <button onClick={() => navigate(-1)} className={styles.backButton}>
+        <button 
+          onClick={() => navigate(-1)} 
+          className={styles.backButton}
+          disabled={isSubmitting}
+        >
           Zurück
         </button>
       </div>
       
-      {error && (
-        <div className={styles.error}>
-          {error}
-        </div>
-      )}
-
-      {success && (
-        <div className={styles.success}>
-          {success}
-        </div>
-      )}
-      
       <div className={styles.form}>
         <div className={styles.formGroup}>
           <label>Plan Name:</label>
@@ -146,6 +164,7 @@ const ShiftPlanCreate: React.FC = () => {
             onChange={(e) => setPlanName(e.target.value)}
             placeholder="z.B. KW 42 2025"
             className={styles.input}
+            disabled={isSubmitting}
           />
         </div>
 
@@ -157,6 +176,7 @@ const ShiftPlanCreate: React.FC = () => {
               value={startDate}
               onChange={(e) => setStartDate(e.target.value)}
               className={styles.input}
+              disabled={isSubmitting}
             />
           </div>
 
@@ -167,6 +187,7 @@ const ShiftPlanCreate: React.FC = () => {
               value={endDate}
               onChange={(e) => setEndDate(e.target.value)}
               className={styles.input}
+              disabled={isSubmitting}
             />
           </div>
         </div>
@@ -177,6 +198,7 @@ const ShiftPlanCreate: React.FC = () => {
             value={selectedPreset} 
             onChange={(e) => setSelectedPreset(e.target.value)}
             className={`${styles.select} ${presets.length === 0 ? styles.empty : ''}`}
+            disabled={isSubmitting}
           >
             <option value="">Bitte wählen...</option>
             {presets.map(preset => (
@@ -203,9 +225,9 @@ const ShiftPlanCreate: React.FC = () => {
           <button 
             onClick={handleCreate} 
             className={styles.createButton} 
-            disabled={!selectedPreset || !planName.trim() || !startDate || !endDate}
+            disabled={isSubmitting || !selectedPreset || !planName.trim() || !startDate || !endDate}
           >
-            Schichtplan erstellen
+            {isSubmitting ? 'Wird erstellt...' : 'Schichtplan erstellen'}
           </button>
         </div>
       </div>

frontend/src/pages/ShiftPlans/ShiftPlanEdit.tsx

@@ -4,11 +4,14 @@ import { useParams, useNavigate } from 'react-router-dom';
 import { shiftPlanService } from '../../services/shiftPlanService';
 import { ShiftPlan, Shift, ScheduledShift } from '../../models/ShiftPlan';
 import { useNotification } from '../../contexts/NotificationContext';
+import { useBackendValidation } from '../../hooks/useBackendValidation';
 
 const ShiftPlanEdit: React.FC = () => {
   const { id } = useParams<{ id: string }>();
   const navigate = useNavigate();
-  const { showNotification } = useNotification();
+  const { showNotification, confirmDialog } = useNotification();
+  const { executeWithValidation, isSubmitting } = useBackendValidation();
+  
   const [shiftPlan, setShiftPlan] = useState<ShiftPlan | null>(null);
   const [loading, setLoading] = useState(true);
   const [editingShift, setEditingShift] = useState<Shift | null>(null);
@@ -24,122 +27,150 @@ const ShiftPlanEdit: React.FC = () => {
 
   const loadShiftPlan = async () => {
     if (!id) return;
-    try {
+    
-      const plan = await shiftPlanService.getShiftPlan(id);
+    await executeWithValidation(async () => {
-      setShiftPlan(plan);
+      try {
-    } catch (error) {
+        const plan = await shiftPlanService.getShiftPlan(id);
-      console.error('Error loading shift plan:', error);
+        setShiftPlan(plan);
-      showNotification({
+      } catch (error) {
-        type: 'error',
+        console.error('Error loading shift plan:', error);
-        title: 'Fehler',
+        navigate('/shift-plans');
-        message: 'Der Schichtplan konnte nicht geladen werden.'
+      } finally {
-      });
+        setLoading(false);
-      navigate('/shift-plans');
+      }
-    } finally {
+    });
-      setLoading(false);
-    }
   };
 
   const handleUpdateShift = async (shift: Shift) => {
     if (!shiftPlan || !id) return;
     
-    try {
+    await executeWithValidation(async () => {
-      // Update logic here
+      // Update logic here - will be implemented when backend API is available
+      // For now, just simulate success
+      console.log('Updating shift:', shift);
+      
       loadShiftPlan();
       setEditingShift(null);
-    } catch (error) {
+      
-      console.error('Error updating shift:', error);
       showNotification({
-        type: 'error',
+        type: 'success',
-        title: 'Fehler',
+        title: 'Erfolg',
-        message: 'Die Schicht konnte nicht aktualisiert werden.'
+        message: 'Schicht wurde erfolgreich aktualisiert.'
       });
-    }
+    });
   };
 
   const handleAddShift = async () => {
     if (!shiftPlan || !id) return;
     
-    if (!newShift.timeSlotId || !newShift.requiredEmployees) {
+    // Basic frontend validation only
+    if (!newShift.timeSlotId) {
       showNotification({
         type: 'error',
-        title: 'Fehler',
+        title: 'Fehlende Angaben',
-        message: 'Bitte füllen Sie alle Pflichtfelder aus.'
+        message: 'Bitte wählen Sie einen Zeit-Slot aus.'
       });
       return;
     }
     
-    try {
+    if (!newShift.requiredEmployees || newShift.requiredEmployees < 1) {
-      // Add shift logic here
+      showNotification({
+        type: 'error',
+        title: 'Fehlende Angaben',
+        message: 'Bitte geben Sie die Anzahl der benötigten Mitarbeiter an.'
+      });
+      return;
+    }
+
+    await executeWithValidation(async () => {
+      // Add shift logic here - will be implemented when backend API is available
+      // For now, just simulate success
+      console.log('Adding shift:', newShift);
+      
       showNotification({
         type: 'success',
         title: 'Erfolg',
         message: 'Neue Schicht wurde hinzugefügt.'
       });
+      
       setNewShift({
         timeSlotId: '',
         dayOfWeek: 1,
         requiredEmployees: 1
       });
       loadShiftPlan();
-    } catch (error) {
+    });
-      console.error('Error adding shift:', error);
-      showNotification({
-        type: 'error',
-        title: 'Fehler',
-        message: 'Die Schicht konnte nicht hinzugefügt werden.'
-      });
-    }
   };
 
   const handleDeleteShift = async (shiftId: string) => {
-    if (!window.confirm('Möchten Sie diese Schicht wirklich löschen?')) {
+    const confirmed = await confirmDialog({
-      return;
+      title: 'Schicht löschen',
-    }
+      message: 'Möchten Sie diese Schicht wirklich löschen?',
+      confirmText: 'Löschen',
+      cancelText: 'Abbrechen',
+      type: 'warning'
+    });
+
+    if (!confirmed) return;
+
+    await executeWithValidation(async () => {
+      // Delete logic here - will be implemented when backend API is available
+      // For now, just simulate success
+      console.log('Deleting shift:', shiftId);
       
-    try {
-      // Delete logic here
       loadShiftPlan();
-    } catch (error) {
+      
-      console.error('Error deleting shift:', error);
       showNotification({
-        type: 'error',
+        type: 'success',
-        title: 'Fehler',
+        title: 'Erfolg',
-        message: 'Die Schicht konnte nicht gelöscht werden.'
+        message: 'Schicht wurde erfolgreich gelöscht.'
       });
-    }
+    });
   };
 
   const handlePublish = async () => {
     if (!shiftPlan || !id) return;
 
-    try {
+    await executeWithValidation(async () => {
       await shiftPlanService.updateShiftPlan(id, {
         ...shiftPlan,
         status: 'published'
       });
+      
       showNotification({
         type: 'success',
         title: 'Erfolg',
         message: 'Schichtplan wurde veröffentlicht.'
       });
+      
       loadShiftPlan();
-    } catch (error) {
+    });
-      console.error('Error publishing shift plan:', error);
-      showNotification({
-        type: 'error',
-        title: 'Fehler',
-        message: 'Der Schichtplan konnte nicht veröffentlicht werden.'
-      });
-    }
   };
 
   if (loading) {
-    return <div>Lade Schichtplan...</div>;
+    return (
+      <div style={{ 
+        textAlign: 'center', 
+        padding: '40px',
+        fontSize: '18px',
+        color: '#666'
+      }}>
+        Lade Schichtplan...
+      </div>
+    );
   }
 
   if (!shiftPlan) {
-    return <div>Schichtplan nicht gefunden</div>;
+    return (
+      <div style={{ 
+        textAlign: 'center', 
+        padding: '40px',
+        fontSize: '18px',
+        color: '#e74c3c'
+      }}>
+        Schichtplan nicht gefunden
+      </div>
+    );
   }
 
   // Group shifts by dayOfWeek
@@ -174,28 +205,32 @@ const ShiftPlanEdit: React.FC = () => {
           {shiftPlan.status === 'draft' && (
             <button
               onClick={handlePublish}
+              disabled={isSubmitting}
               style={{
                 padding: '8px 16px',
                 backgroundColor: '#2ecc71',
                 color: 'white',
                 border: 'none',
                 borderRadius: '4px',
-                cursor: 'pointer',
+                cursor: isSubmitting ? 'not-allowed' : 'pointer',
-                marginRight: '10px'
+                marginRight: '10px',
+                opacity: isSubmitting ? 0.6 : 1
               }}
             >
-              Veröffentlichen
+              {isSubmitting ? 'Wird veröffentlicht...' : 'Veröffentlichen'}
             </button>
           )}
           <button
             onClick={() => navigate('/shift-plans')}
+            disabled={isSubmitting}
             style={{
               padding: '8px 16px',
               backgroundColor: '#95a5a6',
               color: 'white',
               border: 'none',
               borderRadius: '4px',
-              cursor: 'pointer'
+              cursor: isSubmitting ? 'not-allowed' : 'pointer',
+              opacity: isSubmitting ? 0.6 : 1
             }}
           >
             Zurück
@@ -219,6 +254,7 @@ const ShiftPlanEdit: React.FC = () => {
               value={newShift.dayOfWeek}
               onChange={(e) => setNewShift({ ...newShift, dayOfWeek: parseInt(e.target.value) })}
               style={{ width: '100%', padding: '8px', borderRadius: '4px', border: '1px solid #ddd' }}
+              disabled={isSubmitting}
             >
               {daysOfWeek.map(day => (
                 <option key={day.id} value={day.id}>{day.name}</option>
@@ -231,6 +267,7 @@ const ShiftPlanEdit: React.FC = () => {
               value={newShift.timeSlotId}
               onChange={(e) => setNewShift({ ...newShift, timeSlotId: e.target.value })}
               style={{ width: '100%', padding: '8px', borderRadius: '4px', border: '1px solid #ddd' }}
+              disabled={isSubmitting}
             >
               <option value="">Bitte auswählen...</option>
               {shiftPlan.timeSlots.map(slot => (
@@ -246,25 +283,27 @@ const ShiftPlanEdit: React.FC = () => {
               type="number"
               min="1"
               value={newShift.requiredEmployees}
-              onChange={(e) => setNewShift({ ...newShift, requiredEmployees: parseInt(e.target.value) })}
+              onChange={(e) => setNewShift({ ...newShift, requiredEmployees: parseInt(e.target.value) || 1 })}
               style={{ width: '100%', padding: '8px', borderRadius: '4px', border: '1px solid #ddd' }}
+              disabled={isSubmitting}
             />
           </div>
         </div>
         <button
           onClick={handleAddShift}
-          disabled={!newShift.timeSlotId || !newShift.requiredEmployees}
+          disabled={isSubmitting || !newShift.timeSlotId || !newShift.requiredEmployees}
           style={{
             marginTop: '15px',
             padding: '8px 16px',
-            backgroundColor: '#3498db',
+            backgroundColor: isSubmitting ? '#bdc3c7' : '#3498db',
             color: 'white',
             border: 'none',
             borderRadius: '4px',
-            cursor: 'pointer'
+            cursor: isSubmitting ? 'not-allowed' : 'pointer',
+            opacity: (!newShift.timeSlotId || !newShift.requiredEmployees) ? 0.6 : 1
           }}
         >
-          Schicht hinzufügen
+          {isSubmitting ? 'Wird hinzugefügt...' : 'Schicht hinzufügen'}
         </button>
       </div>
 
@@ -300,6 +339,7 @@ const ShiftPlanEdit: React.FC = () => {
                               value={editingShift.timeSlotId}
                               onChange={(e) => setEditingShift({ ...editingShift, timeSlotId: e.target.value })}
                               style={{ width: '100%', padding: '8px', borderRadius: '4px', border: '1px solid #ddd' }}
+                              disabled={isSubmitting}
                             >
                               {shiftPlan.timeSlots.map(slot => (
                                 <option key={slot.id} value={slot.id}>
@@ -314,33 +354,37 @@ const ShiftPlanEdit: React.FC = () => {
                               type="number"
                               min="1"
                               value={editingShift.requiredEmployees}
-                              onChange={(e) => setEditingShift({ ...editingShift, requiredEmployees: parseInt(e.target.value) })}
+                              onChange={(e) => setEditingShift({ ...editingShift, requiredEmployees: parseInt(e.target.value) || 1 })}
                               style={{ width: '100%', padding: '8px', borderRadius: '4px', border: '1px solid #ddd' }}
+                              disabled={isSubmitting}
                             />
                           </div>
                           <div style={{ display: 'flex', gap: '10px', alignItems: 'flex-end' }}>
                             <button
                               onClick={() => handleUpdateShift(editingShift)}
+                              disabled={isSubmitting}
                               style={{
                                 padding: '8px 16px',
-                                backgroundColor: '#2ecc71',
+                                backgroundColor: isSubmitting ? '#bdc3c7' : '#2ecc71',
                                 color: 'white',
                                 border: 'none',
                                 borderRadius: '4px',
-                                cursor: 'pointer'
+                                cursor: isSubmitting ? 'not-allowed' : 'pointer'
                               }}
                             >
-                              Speichern
+                              {isSubmitting ? 'Speichern...' : 'Speichern'}
                             </button>
                             <button
                               onClick={() => setEditingShift(null)}
+                              disabled={isSubmitting}
                               style={{
                                 padding: '8px 16px',
                                 backgroundColor: '#95a5a6',
                                 color: 'white',
                                 border: 'none',
                                 borderRadius: '4px',
-                                cursor: 'pointer'
+                                cursor: isSubmitting ? 'not-allowed' : 'pointer',
+                                opacity: isSubmitting ? 0.6 : 1
                               }}
                             >
                               Abbrechen
@@ -359,27 +403,31 @@ const ShiftPlanEdit: React.FC = () => {
                             <div>
                               <button
                                 onClick={() => setEditingShift(shift)}
+                                disabled={isSubmitting}
                                 style={{
                                   padding: '6px 12px',
-                                  backgroundColor: '#f1c40f',
+                                  backgroundColor: isSubmitting ? '#bdc3c7' : '#f1c40f',
                                   color: 'white',
                                   border: 'none',
                                   borderRadius: '4px',
-                                  cursor: 'pointer',
+                                  cursor: isSubmitting ? 'not-allowed' : 'pointer',
-                                  marginRight: '8px'
+                                  marginRight: '8px',
+                                  opacity: isSubmitting ? 0.6 : 1
                                 }}
                               >
                                 Bearbeiten
                               </button>
                               <button
                                 onClick={() => handleDeleteShift(shift.id)}
+                                disabled={isSubmitting}
                                 style={{
                                   padding: '6px 12px',
-                                  backgroundColor: '#e74c3c',
+                                  backgroundColor: isSubmitting ? '#bdc3c7' : '#e74c3c',
                                   color: 'white',
                                   border: 'none',
                                   borderRadius: '4px',
-                                  cursor: 'pointer'
+                                  cursor: isSubmitting ? 'not-allowed' : 'pointer',
+                                  opacity: isSubmitting ? 0.6 : 1
                                 }}
                               >
                                 Löschen

frontend/src/pages/ShiftPlans/ShiftPlanList.tsx

@@ -5,12 +5,15 @@ import { useAuth } from '../../contexts/AuthContext';
 import { shiftPlanService } from '../../services/shiftPlanService';
 import { ShiftPlan } from '../../models/ShiftPlan';
 import { useNotification } from '../../contexts/NotificationContext';
+import { useBackendValidation } from '../../hooks/useBackendValidation';
 import { formatDate } from '../../utils/foramatters';
 
 const ShiftPlanList: React.FC = () => {
   const { hasRole } = useAuth();
   const navigate = useNavigate();
-  const { showNotification } = useNotification();
+  const { showNotification, confirmDialog } = useNotification();
+  const { executeWithValidation, isSubmitting } = useBackendValidation();
+  
   const [shiftPlans, setShiftPlans] = useState<ShiftPlan[]>([]);
   const [loading, setLoading] = useState(true);
 
@@ -19,46 +22,80 @@ const ShiftPlanList: React.FC = () => {
   }, []);
 
   const loadShiftPlans = async () => {
-    try {
+    await executeWithValidation(async () => {
-      const plans = await shiftPlanService.getShiftPlans();
+      try {
-      setShiftPlans(plans);
+        const plans = await shiftPlanService.getShiftPlans();
-    } catch (error) {
+        setShiftPlans(plans);
-      console.error('Error loading shift plans:', error);
+      } catch (error) {
-      showNotification({
+        console.error('Error loading shift plans:', error);
-        type: 'error',
+        // Error is automatically handled by executeWithValidation
-        title: 'Fehler',
+      } finally {
-        message: 'Die Schichtpläne konnten nicht geladen werden.'
+        setLoading(false);
-      });
+      }
-    } finally {
+    });
-      setLoading(false);
-    }
   };
 
-  const handleDelete = async (id: string) => {
+  const handleDelete = async (id: string, planName: string) => {
-    if (!window.confirm('Möchten Sie diesen Schichtplan wirklich löschen?')) {
+    const confirmed = await confirmDialog({
-      return;
+      title: 'Schichtplan löschen',
-    }
+      message: `Möchten Sie den Schichtplan "${planName}" wirklich löschen? Diese Aktion kann nicht rückgängig gemacht werden.`,
+      confirmText: 'Löschen',
+      cancelText: 'Abbrechen',
+      type: 'warning'
+    });
 
-    try {
+    if (!confirmed) return;
+
+    await executeWithValidation(async () => {
       await shiftPlanService.deleteShiftPlan(id);
+      
       showNotification({
         type: 'success',
         title: 'Erfolg',
         message: 'Der Schichtplan wurde erfolgreich gelöscht.'
       });
+      
       loadShiftPlans();
-    } catch (error) {
+    });
-      console.error('Error deleting shift plan:', error);
+  };
-      showNotification({
+
-        type: 'error',
+  const getStatusBadge = (status: string) => {
-        title: 'Fehler',
+    const config = {
-        message: 'Der Schichtplan konnte nicht gelöscht werden.'
+      draft: { text: 'Entwurf', color: '#f39c12', bgColor: '#fef5e7' },
-      });
+      published: { text: 'Veröffentlicht', color: '#27ae60', bgColor: '#d5f4e6' },
-    }
+      archived: { text: 'Archiviert', color: '#95a5a6', bgColor: '#f8f9fa' }
+    };
+
+    const statusConfig = config[status as keyof typeof config] || config.draft;
+
+    return (
+      <span
+        style={{
+          backgroundColor: statusConfig.bgColor,
+          color: statusConfig.color,
+          padding: '4px 8px',
+          borderRadius: '12px',
+          fontSize: '12px',
+          fontWeight: 'bold',
+          display: 'inline-block'
+        }}
+      >
+        {statusConfig.text}
+      </span>
+    );
   };
 
   if (loading) {
-    return <div>Lade Schichtpläne...</div>;
+    return (
+      <div style={{ 
+        textAlign: 'center', 
+        padding: '40px',
+        fontSize: '18px',
+        color: '#666'
+      }}>
+        Lade Schichtpläne...
+      </div>
+    );
   }
 
   return (
@@ -97,6 +134,21 @@ const ShiftPlanList: React.FC = () => {
           <div style={{ fontSize: '48px', marginBottom: '20px' }}>📋</div>
           <h3>Keine Schichtpläne vorhanden</h3>
           <p>Erstellen Sie Ihren ersten Schichtplan!</p>
+          {hasRole(['admin', 'maintenance']) && (
+            <Link to="/shift-plans/new">
+              <button style={{ 
+                marginTop: '15px',
+                padding: '10px 20px', 
+                backgroundColor: '#51258f', 
+                color: 'white', 
+                border: 'none', 
+                borderRadius: '4px',
+                cursor: 'pointer'
+              }}>
+                Ersten Plan erstellen
+              </button>
+            </Link>
+          )}
         </div>
       ) : (
         <div style={{ display: 'grid', gap: '20px' }}>
@@ -110,35 +162,35 @@ const ShiftPlanList: React.FC = () => {
                 boxShadow: '0 2px 4px rgba(0,0,0,0.1)',
                 display: 'flex',
                 justifyContent: 'space-between',
-                alignItems: 'center'
+                alignItems: 'center',
+                border: plan.status === 'published' ? '2px solid #d5f4e6' : '1px solid #e0e0e0'
               }}
             >
-              <div>
+              <div style={{ flex: 1 }}>
-                <h3 style={{ margin: '0 0 10px 0' }}>{plan.name}</h3>
+                <h3 style={{ margin: '0 0 10px 0', color: '#2c3e50' }}>{plan.name}</h3>
-                <div style={{ color: '#666', fontSize: '14px' }}>
+                <div style={{ color: '#666', fontSize: '14px', marginBottom: '10px' }}>
                   <p style={{ margin: '0' }}>
-                    Zeitraum: {formatDate(plan.startDate)} - {formatDate(plan.endDate)}
+                    <strong>Zeitraum:</strong> {formatDate(plan.startDate)} - {formatDate(plan.endDate)}
                   </p>
                   <p style={{ margin: '5px 0 0 0' }}>
-                    Status: <span style={{
+                    <strong>Status:</strong> {getStatusBadge(plan.status)}
-                      color: plan.status === 'published' ? '#2ecc71' : '#f1c40f',
-                      fontWeight: 'bold'
-                    }}>
-                      {plan.status === 'published' ? 'Veröffentlicht' : 'Entwurf'}
-                    </span>
                   </p>
                 </div>
+                <div style={{ fontSize: '12px', color: '#95a5a6' }}>
+                  Erstellt am: {formatDate(plan.createdAt || '')}
+                </div>
               </div>
-              <div style={{ display: 'flex', gap: '10px' }}>
+              <div style={{ display: 'flex', gap: '10px', flexWrap: 'wrap' }}>
                 <button
                   onClick={() => navigate(`/shift-plans/${plan.id}`)}
                   style={{
                     padding: '8px 16px',
-                    backgroundColor: '#2ecc71',
+                    backgroundColor: '#3498db',
                     color: 'white',
                     border: 'none',
                     borderRadius: '4px',
-                    cursor: 'pointer'
+                    cursor: 'pointer',
+                    minWidth: '80px'
                   }}
                 >
                   Anzeigen
@@ -149,27 +201,31 @@ const ShiftPlanList: React.FC = () => {
                       onClick={() => navigate(`/shift-plans/${plan.id}/edit`)}
                       style={{
                         padding: '8px 16px',
-                        backgroundColor: '#f1c40f',
+                        backgroundColor: '#f39c12',
                         color: 'white',
                         border: 'none',
                         borderRadius: '4px',
-                        cursor: 'pointer'
+                        cursor: 'pointer',
+                        minWidth: '80px'
                       }}
                     >
                       Bearbeiten
                     </button>
                     <button
-                      onClick={() => handleDelete(plan.id)}
+                      onClick={() => handleDelete(plan.id, plan.name)}
+                      disabled={isSubmitting}
                       style={{
                         padding: '8px 16px',
-                        backgroundColor: '#e74c3c',
+                        backgroundColor: isSubmitting ? '#bdc3c7' : '#e74c3c',
                         color: 'white',
                         border: 'none',
                         borderRadius: '4px',
-                        cursor: 'pointer'
+                        cursor: isSubmitting ? 'not-allowed' : 'pointer',
+                        minWidth: '80px',
+                        opacity: isSubmitting ? 0.6 : 1
                       }}
                     >
-                      Löschen
+                      {isSubmitting ? 'Löscht...' : 'Löschen'}
                     </button>
                   </>
                 )}
@@ -178,6 +234,22 @@ const ShiftPlanList: React.FC = () => {
           ))}
         </div>
       )}
+
+      {/* Info for users without edit permissions */}
+      {!hasRole(['admin', 'maintenance']) && shiftPlans.length > 0 && (
+        <div style={{
+          marginTop: '20px',
+          padding: '15px',
+          backgroundColor: '#e8f4fd',
+          border: '1px solid #b6d7e8',
+          borderRadius: '6px',
+          fontSize: '14px',
+          color: '#2c3e50'
+        }}>
+          <strong>ℹ️ Informationen:</strong> Sie können Schichtpläne nur anzeigen. 
+          Bearbeitungsrechte benötigen Admin- oder Instandhalter-Berechtigungen.
+        </div>
+      )}
     </div>
   );
 };

frontend/src/pages/ShiftPlans/ShiftPlanView.tsx

@@ -1,4 +1,4 @@
-// frontend/src/pages/ShiftPlans/ShiftPlanView.tsx - UPDATED
+// frontend/src/pages/ShiftPlans/ShiftPlanView.tsx
 import React, { useState, useEffect } from 'react';
 import { useParams, useNavigate } from 'react-router-dom';
 import { useAuth } from '../../contexts/AuthContext';
@@ -10,6 +10,7 @@ import { ShiftPlan, TimeSlot, ScheduledShift } from '../../models/ShiftPlan';
 import { Employee, EmployeeAvailability } from '../../models/Employee';
 import { useNotification } from '../../contexts/NotificationContext';
 import { formatDate, formatTime } from '../../utils/foramatters';
+import { saveAs } from 'file-saver';
 
 // Local interface extensions (same as AvailabilityManager)
 interface ExtendedTimeSlot extends TimeSlot {
@@ -54,6 +55,7 @@ const ShiftPlanView: React.FC = () => {
   const [scheduledShifts, setScheduledShifts] = useState<ScheduledShift[]>([]);
   const [showAssignmentPreview, setShowAssignmentPreview] = useState(false);
   const [recreating, setRecreating] = useState(false);
+  const [exporting, setExporting] = useState(false);
 
   useEffect(() => {
     loadShiftPlanData();
@@ -240,6 +242,66 @@ const ShiftPlanView: React.FC = () => {
     };
   };
 
+  const handleExportExcel = async () => {
+    if (!shiftPlan) return;
+
+    try {
+      setExporting(true);
+      
+      // Call the export service
+      const blob = await shiftPlanService.exportShiftPlanToExcel(shiftPlan.id);
+      
+      // Use file-saver to download the file
+      saveAs(blob, `Schichtplan_${shiftPlan.name}_${new Date().toISOString().split('T')[0]}.xlsx`);
+      
+      showNotification({
+        type: 'success',
+        title: 'Export erfolgreich',
+        message: 'Der Schichtplan wurde als Excel-Datei exportiert.'
+      });
+      
+    } catch (error) {
+      console.error('Error exporting to Excel:', error);
+      showNotification({
+        type: 'error',
+        title: 'Export fehlgeschlagen',
+        message: 'Der Excel-Export konnte nicht durchgeführt werden.'
+      });
+    } finally {
+      setExporting(false);
+    }
+  };
+
+  const handleExportPDF = async () => {
+    if (!shiftPlan) return;
+
+    try {
+      setExporting(true);
+      
+      // Call the PDF export service
+      const blob = await shiftPlanService.exportShiftPlanToPDF(shiftPlan.id);
+      
+      // Use file-saver to download the file
+      saveAs(blob, `Schichtplan_${shiftPlan.name}_${new Date().toISOString().split('T')[0]}.pdf`);
+      
+      showNotification({
+        type: 'success',
+        title: 'Export erfolgreich',
+        message: 'Der Schichtplan wurde als PDF exportiert.'
+      });
+      
+    } catch (error) {
+      console.error('Error exporting to PDF:', error);
+      showNotification({
+        type: 'error',
+        title: 'Export fehlgeschlagen',
+        message: 'Der PDF-Export konnte nicht durchgeführt werden.'
+      });
+    } finally {
+      setExporting(false);
+    }
+  };
+
   const loadShiftPlanData = async () => {
     if (!id) return;
     
@@ -399,12 +461,12 @@ const ShiftPlanView: React.FC = () => {
       console.log('- Scheduled Shifts:', scheduledShifts.length);
 
       // DEBUG: Show shift pattern IDs
-      if (shiftPlan.shifts) {
+      /*if (shiftPlan.shifts) {
         console.log('📋 SHIFT PATTERN IDs:');
         shiftPlan.shifts.forEach((shift, index) => {
           console.log(`   ${index + 1}. ${shift.id} (Day ${shift.dayOfWeek}, TimeSlot ${shift.timeSlotId})`);
         });
-      }
+      }*/
 
       const constraints = {
         enforceNoTraineeAlone: true,
@@ -650,6 +712,20 @@ const ShiftPlanView: React.FC = () => {
     return employeesWithoutAvailabilities.length === 0;
   };
 
+  const canPublishAssignment = (): boolean => {
+    if (!assignmentResult) return false;
+    
+    // Check if assignment was successful
+    if (assignmentResult.success === false) return false;
+    
+    // Check if there are any critical violations
+    const hasCriticalViolations = assignmentResult.violations.some(v => 
+      v.includes('ERROR:') || v.includes('KRITISCH:')
+    );
+    
+    return !hasCriticalViolations;
+  };
+
   const getAvailabilityStatus = () => {
     const totalEmployees = employees.length;
     const employeesWithAvailabilities = new Set(
@@ -820,9 +896,6 @@ const ShiftPlanView: React.FC = () => {
                     <div style={{ fontSize: '14px', color: '#666' }}>
                       {formatTime(timeSlot.startTime)} - {formatTime(timeSlot.endTime)}
                     </div>
-                    <div style={{ fontSize: '11px', color: '#999', marginTop: '4px' }}>
-                      ID: {timeSlot.id.substring(0, 8)}...
-                    </div>
                   </td>
                   {days.map(weekday => {
                     const shift = timeSlot.shiftsByDay[weekday.id];
@@ -846,7 +919,55 @@ const ShiftPlanView: React.FC = () => {
                     const isValidShift = shift.timeSlotId === timeSlot.id && shift.dayOfWeek === weekday.id;
                     
                     let assignedEmployees: string[] = [];
-                    let displayText = '';
+                    let displayContent: React.ReactNode = null;
+
+                    // Helper function to create employee boxes
+                    const createEmployeeBoxes = (employeeIds: string[]) => {
+                      return employeeIds.map(empId => {
+                        const employee = employees.find(emp => emp.id === empId);
+                        if (!employee) return null;
+                        
+                        // Determine background color based on employee role
+                        let backgroundColor = '#642ab5'; // Default: non-trainee personnel (purple)
+                        
+                        if (employee.isTrainee) {
+                          backgroundColor = '#cda8f0'; // Trainee
+                        } else if (employee.roles?.includes('manager')) {
+                          backgroundColor = '#CC0000'; // Manager
+                        }
+                        
+                        return (
+                          <div
+                            key={empId}
+                            style={{
+                              backgroundColor,
+                              color: 'white',
+                              padding: '4px 8px',
+                              borderRadius: '4px',
+                              marginBottom: '2px',
+                              fontSize: '12px',
+                              textAlign: 'center',
+                              whiteSpace: 'nowrap',
+                              overflow: 'hidden',
+                              textOverflow: 'ellipsis'
+                            }}
+                            title={`${employee.firstname} ${employee.lastname}${employee.isTrainee ? ' (Trainee)' : ''}`}
+                          >
+                            {employee.firstname} {employee.lastname}
+                          </div>
+                        );
+                      }).filter(Boolean);
+                    };
+
+                    // Helper function to get fallback content
+                    const getFallbackContent = () => {
+                      const shiftsForSlot = shiftPlan?.shifts?.filter(s => 
+                        s.dayOfWeek === weekday.id && 
+                        s.timeSlotId === timeSlot.id
+                      ) || [];
+                      const totalRequired = shiftsForSlot.reduce((sum, s) => sum + s.requiredEmployees, 0);
+                      return totalRequired === 0 ? '-' : `0/${totalRequired}`;
+                    };
 
                     if (shiftPlan?.status === 'published') {
                       // For published plans, use actual assignments from scheduled shifts
@@ -859,15 +980,21 @@ const ShiftPlanView: React.FC = () => {
                       if (scheduledShift) {
                         assignedEmployees = scheduledShift.assignedEmployees || [];
                         
-                        // DEBUG: Log if we're still seeing old data
+                        // Log if we're still seeing old data
                         if (assignedEmployees.length > 0) {
                           console.warn(`⚠️ Found non-empty assignments for ${weekday.name} ${timeSlot.name}:`, assignedEmployees);
                         }
                         
-                        displayText = assignedEmployees.map(empId => {
+                        const employeeBoxes = createEmployeeBoxes(assignedEmployees);
-                          const employee = employees.find(emp => emp.id === empId);
+                        displayContent = employeeBoxes.length > 0 ? (
-                          return employee ? `${employee.firstname} ${employee.lastname}` : 'Unbekannt';
+                          <div style={{ display: 'flex', flexDirection: 'column', gap: '2px' }}>
-                        }).join(', ');
+                            {employeeBoxes}
+                          </div>
+                        ) : (
+                          <div style={{ color: '#666', fontStyle: 'italic' }}>
+                            {getFallbackContent()}
+                          </div>
+                        );
                       }
                     } else if (assignmentResult) {
                       // For draft with preview, use assignment result
@@ -879,30 +1006,26 @@ const ShiftPlanView: React.FC = () => {
                       
                       if (scheduledShift) {
                         assignedEmployees = getAssignmentsForScheduledShift(scheduledShift);
-                        displayText = assignedEmployees.map(empId => {
+                        const employeeBoxes = createEmployeeBoxes(assignedEmployees);
-                          const employee = employees.find(emp => emp.id === empId);
+                        displayContent = employeeBoxes.length > 0 ? (
-                          return employee ? `${employee.firstname} ${employee.lastname}` : 'Unbekannt';
+                          <div style={{ display: 'flex', flexDirection: 'column', gap: '2px' }}>
-                        }).join(', ');
+                            {employeeBoxes}
+                          </div>
+                        ) : (
+                          <div style={{ color: '#666', fontStyle: 'italic' }}>
+                            {getFallbackContent()}
+                          </div>
+                        );
                       }
                     }
 
-                    // If no assignments yet, show empty or required count
+                    // If no display content set yet, use fallback
-                    if (!displayText) {
+                    if (!displayContent) {
-                      const shiftsForSlot = shiftPlan?.shifts?.filter(s => 
+                      displayContent = (
-                        s.dayOfWeek === weekday.id && 
+                        <div style={{ color: '#666', fontStyle: 'italic' }}>
-                        s.timeSlotId === timeSlot.id
+                          {getFallbackContent()}
-                      ) || [];
+                        </div>
-                      
+                      );
-                      const totalRequired = shiftsForSlot.reduce((sum, s) => 
-                        sum + s.requiredEmployees, 0);
-                      
-                      // Show "0/2" instead of just "0" to indicate it's empty
-                      displayText = `0/${totalRequired}`;
-                      
-                      // Optional: Show empty state more clearly
-                      if (totalRequired === 0) {
-                        displayText = '-';
-                      }
                     }
 
                     return (
@@ -937,7 +1060,7 @@ const ShiftPlanView: React.FC = () => {
                           </div>
                         )}
 
-                        {displayText}
+                        {displayContent}
 
                         {/* Shift debug info - SAME AS AVAILABILITYMANAGER */}
                         <div style={{ 
@@ -947,8 +1070,6 @@ const ShiftPlanView: React.FC = () => {
                           textAlign: 'left',
                           fontFamily: 'monospace'
                         }}>
-                          <div>Shift: {shift.id.substring(0, 6)}...</div>
-                          <div>Day: {shift.dayOfWeek}</div>
                           {!isValidShift && (
                             <div style={{ color: '#e74c3c', fontWeight: 'bold' }}>
                               VALIDATION ERROR
@@ -963,7 +1084,6 @@ const ShiftPlanView: React.FC = () => {
             </tbody>
           </table>
         </div>
-
       </div>
     );
   };
@@ -1005,7 +1125,50 @@ const ShiftPlanView: React.FC = () => {
           </div>
         </div>
           <div style={{ display: 'flex', gap: '10px', alignItems: 'center' }}>
-            {shiftPlan.status === 'published' && hasRole(['admin', 'maintenance']) && (
+          {shiftPlan.status === 'published' && hasRole(['admin', 'maintenance']) && (
+            <>
+              <button
+                onClick={handleExportExcel}
+                disabled={exporting}
+                style={{
+                  padding: '10px 20px',
+                  backgroundColor: '#27ae60',
+                  color: 'white',
+                  border: 'none',
+                  borderRadius: '4px',
+                  cursor: exporting ? 'not-allowed' : 'pointer',
+                  fontWeight: 'bold',
+                  display: 'flex',
+                  alignItems: 'center',
+                  gap: '8px'
+                }}
+              >
+                {exporting ? '🔄' : '📊'} {exporting ? 'Exportiert...' : 'Excel Export'}
+              </button>
+              
+              <button
+                onClick={handleExportPDF}
+                disabled={exporting}
+                style={{
+                  padding: '10px 20px',
+                  backgroundColor: '#e74c3c',
+                  color: 'white',
+                  border: 'none',
+                  borderRadius: '4px',
+                  cursor: exporting ? 'not-allowed' : 'pointer',
+                  fontWeight: 'bold',
+                  display: 'flex',
+                  alignItems: 'center',
+                  gap: '8px'
+                }}
+              >
+                {exporting ? '🔄' : '📄'} {exporting ? 'Exportiert...' : 'PDF Export'}
+              </button>
+            </>
+          )}
+          
+          {/* "Zuweisungen neu berechnen" button */}
+          {shiftPlan.status === 'published' && hasRole(['admin', 'maintenance']) && (
             <button
               onClick={handleRecreateAssignments}
               disabled={recreating}
@@ -1118,7 +1281,7 @@ const ShiftPlanView: React.FC = () => {
         </div>
       )}
 
-      {/* Assignment Preview Modal - FIXED CONDITION */}
+      {/* Assignment Preview Modal */}
       {(showAssignmentPreview || assignmentResult) && (
         <div style={{
           position: 'fixed',
@@ -1197,15 +1360,13 @@ const ShiftPlanView: React.FC = () => {
               </div>
             )}
               
-            {/* KORRIGIERTE ZUSAMMENFASSUNG */}
+            {/* ZUSAMMENFASSUNG */}
             {assignmentResult && (
               <div style={{ marginBottom: '20px' }}>
                 <h4>Zusammenfassung:</h4>
                 
                 {/* Entscheidung basierend auf tatsächlichen kritischen Problemen */}
-                {assignmentResult.violations.filter(v => 
+                {(assignmentResult.violations.length === 0) || assignmentResult.success == true ? (
-                  v.includes('ERROR:') || v.includes('❌ KRITISCH:')
-                ).length === 0 ? (
                   <div style={{
                     padding: '15px',
                     backgroundColor: '#d4edda',
@@ -1288,32 +1449,24 @@ const ShiftPlanView: React.FC = () => {
                 Abbrechen
               </button>
               
-              {/* KORRIGIERTER BUTTON MIT TYPESCRIPT-FIX */}
+              {/* BUTTON zum publishen */}
               <button
                 onClick={handlePublish}
-                disabled={publishing || (assignmentResult ? assignmentResult.violations.filter(v => 
+                disabled={publishing || !canPublishAssignment()}
-                  v.includes('ERROR:') || v.includes('❌ KRITISCH:')
-                ).length > 0 : true)}
                 style={{
                   padding: '10px 20px',
-                  backgroundColor: assignmentResult ? (assignmentResult.violations.filter(v => 
+                  backgroundColor: canPublishAssignment() ? '#2ecc71' : '#95a5a6',
-                    v.includes('ERROR:') || v.includes('❌ KRITISCH:')
-                  ).length === 0 ? '#2ecc71' : '#95a5a6') : '#95a5a6',
                   color: 'white',
                   border: 'none',
                   borderRadius: '4px',
-                  cursor: assignmentResult ? (assignmentResult.violations.filter(v => 
+                  cursor: canPublishAssignment() ? 'pointer' : 'not-allowed',
-                    v.includes('ERROR:') || v.includes('❌ KRITISCH:')
-                  ).length === 0 ? 'pointer' : 'not-allowed') : 'not-allowed',
                   fontWeight: 'bold',
                   fontSize: '16px'
                 }}
               >
                 {publishing ? 'Veröffentliche...' : (
                   assignmentResult ? (
-                    assignmentResult.violations.filter(v => 
+                    canPublishAssignment() 
-                      v.includes('ERROR:') || v.includes('❌ KRITISCH:')
-                    ).length === 0 
                       ? 'Schichtplan veröffentlichen' 
                       : 'Kritische Probleme müssen behoben werden'
                   ) : 'Lade Zuordnungen...'

frontend/src/services/apiClient.ts

@@ -0,0 +1,135 @@
+import { ValidationError, ErrorService } from './errorService';
+
+export class ApiError extends Error {
+  public validationErrors: ValidationError[];
+  public statusCode: number;
+  public originalError?: any;
+
+  constructor(message: string, validationErrors: ValidationError[] = [], statusCode: number = 0, originalError?: any) {
+    super(message);
+    this.name = 'ApiError';
+    this.validationErrors = validationErrors;
+    this.statusCode = statusCode;
+    this.originalError = originalError;
+  }
+}
+
+export class ApiClient {
+  private baseURL: string;
+
+  constructor() {
+    this.baseURL = import.meta.env.VITE_API_URL || '/api';
+  }
+
+  private getAuthHeaders(): HeadersInit {
+    const token = localStorage.getItem('token');
+    return token ? { 'Authorization': `Bearer ${token}` } : {};
+  }
+
+  private async handleApiResponse<T>(response: Response, responseType: 'json' | 'blob' = 'json'): Promise<T> {
+    if (!response.ok) {
+      let errorData;
+      
+      try {
+        // Try to parse error response as JSON
+        const responseText = await response.text();
+        errorData = responseText ? JSON.parse(responseText) : {};
+      } catch {
+        // If not JSON, create a generic error object
+        errorData = { error: `HTTP ${response.status}: ${response.statusText}` };
+      }
+      
+      // Extract validation errors using your existing ErrorService
+      const validationErrors = ErrorService.extractValidationErrors(errorData);
+
+      if (validationErrors.length > 0) {
+        // Throw error with validationErrors property for useBackendValidation hook
+        throw new ApiError(
+          errorData.error || 'Validation failed',
+          validationErrors,
+          response.status,
+          errorData
+        );
+      }
+
+      // Throw regular error for non-validation errors
+      throw new ApiError(
+        errorData.error || errorData.message || `HTTP error! status: ${response.status}`,
+        [],
+        response.status,
+        errorData
+      );
+    }
+
+    // Handle blob responses (for file downloads)
+    if (responseType === 'blob') {
+      return response.blob() as Promise<T>;
+    }
+
+    // For successful JSON responses, try to parse as JSON
+    try {
+      const responseText = await response.text();
+      return responseText ? JSON.parse(responseText) : {} as T;
+    } catch (error) {
+      // If response is not JSON but request succeeded (e.g., 204 No Content)
+      return {} as T;
+    }
+  }
+
+  async request<T>(endpoint: string, options: RequestInit = {}, responseType: 'json' | 'blob' = 'json'): Promise<T> {
+    const url = `${this.baseURL}${endpoint}`;
+    
+    const config: RequestInit = {
+      headers: {
+        'Content-Type': 'application/json',
+        ...this.getAuthHeaders(),
+        ...options.headers,
+      },
+      ...options,
+    };
+
+    try {
+      const response = await fetch(url, config);
+      return await this.handleApiResponse<T>(response, responseType);
+    } catch (error) {
+      // Re-throw the error to be caught by useBackendValidation
+      if (error instanceof ApiError) {
+        throw error;
+      }
+      
+      // Wrap non-ApiError errors
+      throw new ApiError(
+        error instanceof Error ? error.message : 'Unknown error occurred',
+        [],
+        0,
+        error
+      );
+    }
+  }
+
+  // Standardized HTTP methods
+  get = <T>(endpoint: string) => this.request<T>(endpoint);
+  
+  post = <T>(endpoint: string, data?: any) => 
+    this.request<T>(endpoint, { 
+      method: 'POST', 
+      body: data ? JSON.stringify(data) : undefined 
+    });
+  
+  put = <T>(endpoint: string, data?: any) => 
+    this.request<T>(endpoint, { 
+      method: 'PUT', 
+      body: data ? JSON.stringify(data) : undefined 
+    });
+  
+  patch = <T>(endpoint: string, data?: any) => 
+    this.request<T>(endpoint, { 
+      method: 'PATCH', 
+      body: data ? JSON.stringify(data) : undefined 
+    });
+  
+  delete = <T>(endpoint: string) => 
+    this.request<T>(endpoint, { method: 'DELETE' });
+}
+
+export const apiClient = new ApiClient();

frontend/src/services/authService.ts

@@ -1,6 +1,5 @@
-// frontend/src/services/authService.ts
 import { Employee } from '../models/Employee';
-const API_BASE = process.env.REACT_APP_API_BASE_URL || '/api';
+import { apiClient } from './apiClient';
 
 export interface LoginRequest {
   email: string;
@@ -24,37 +23,15 @@ class AuthService {
   private token: string | null = null;
 
   async login(credentials: LoginRequest): Promise<AuthResponse> {
-    const response = await fetch(`${API_BASE}/auth/login`, {
+    const data = await apiClient.post<AuthResponse>('/auth/login', credentials);
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify(credentials)
-    });
-
-    if (!response.ok) {
-      const errorData = await response.json();
-      throw new Error(errorData.error || 'Login fehlgeschlagen');
-    }
-
-    const data: AuthResponse = await response.json();
     this.token = data.token;
     localStorage.setItem('token', data.token);
     localStorage.setItem('employee', JSON.stringify(data.employee));
-    
     return data;
   }
 
   async register(userData: RegisterRequest): Promise<AuthResponse> {
-    const response = await fetch(`${API_BASE}/employees`, {
+    await apiClient.post('/employees', userData);
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify(userData)
-    });
-
-    if (!response.ok) {
-      const errorData = await response.json();
-      throw new Error(errorData.error || 'Registrierung fehlgeschlagen');
-    }
-
     return this.login({
       email: userData.email,
       password: userData.password
@@ -68,34 +45,23 @@ class AuthService {
 
   async fetchCurrentEmployee(): Promise<Employee | null> {
     const token = this.getToken();
-    if (!token) {
+    if (!token) return null;
-      return null;
-    }
 
     try {
-      const response = await fetch(`${API_BASE}/auth/me`, {
+      const data = await apiClient.get<{ user: Employee }>('/auth/me');
-        headers: {
+      localStorage.setItem('user', JSON.stringify(data.user));
-          'Authorization': `Bearer ${token}`
+      return data.user;
-        }
-      });
-
-      if (response.ok) {
-        const data = await response.json();
-        const user = data.user;
-        localStorage.setItem('user', JSON.stringify(user));
-        return user;
-      }
     } catch (error) {
       console.error('Error fetching current user:', error);
+      return null;
     }
-
-    return null;
   }
 
   logout(): void {
     this.token = null;
     localStorage.removeItem('token');
     localStorage.removeItem('user');
+    localStorage.removeItem('employee');
   }
 
   getToken(): string | null {

frontend/src/services/employeeService.ts

@@ -1,146 +1,58 @@
-// frontend/src/services/employeeService.ts
 import { Employee, CreateEmployeeRequest, UpdateEmployeeRequest, EmployeeAvailability } from '../models/Employee';
-
+import { apiClient } from './apiClient';
-const API_BASE_URL = '/api';
-
-const getAuthHeaders = () => {
-  const token = localStorage.getItem('token');
-  return {
-    'Content-Type': 'application/json',
-    'Authorization': `Bearer ${token}`
-  };
-};
 
 export class EmployeeService {
   async getEmployees(includeInactive: boolean = false): Promise<Employee[]> {
     console.log('🔄 Fetching employees from API...');
 
-    const token = localStorage.getItem('token');
+    try {
-    console.log('🔑 Token exists:', !!token);
+      const employees = await apiClient.get<Employee[]>(`/employees?includeInactive=${includeInactive}`);
-    
+      console.log('✅ Employees received:', employees.length);
-    const response = await fetch(`${API_BASE_URL}/employees?includeInactive=${includeInactive}`, {
+      return employees;
-      headers: getAuthHeaders(),
+    } catch (error) {
-    });
+      console.error('❌ Error fetching employees:', error);
-    
+      throw error; // Let useBackendValidation handle this
-    console.log('📡 Response status:', response.status);
-    
-    if (!response.ok) {
-      const errorText = await response.text();
-      console.error('❌ API Error:', errorText);
-      throw new Error('Failed to fetch employees');
     }
-    
-    const employees = await response.json();
-    console.log('✅ Employees received:', employees.length);
-    
-    return employees;
   }
 
   async getEmployee(id: string): Promise<Employee> {
-    const response = await fetch(`${API_BASE_URL}/employees/${id}`, {
+    return apiClient.get<Employee>(`/employees/${id}`);
-      headers: getAuthHeaders(),
-    });
-    
-    if (!response.ok) {
-      throw new Error('Failed to fetch employee');
-    }
-    
-    return response.json();
   }
 
   async createEmployee(employee: CreateEmployeeRequest): Promise<Employee> {
-    const response = await fetch(`${API_BASE_URL}/employees`, {
+    return apiClient.post<Employee>('/employees', employee);
-      method: 'POST',
-      headers: getAuthHeaders(),
-      body: JSON.stringify(employee),
-    });
-    
-    if (!response.ok) {
-      const error = await response.json();
-      throw new Error(error.error || 'Failed to create employee');
-    }
-    
-    return response.json();
   }
 
   async updateEmployee(id: string, employee: UpdateEmployeeRequest): Promise<Employee> {
-    const response = await fetch(`${API_BASE_URL}/employees/${id}`, {
+    return apiClient.put<Employee>(`/employees/${id}`, employee);
-      method: 'PUT',
-      headers: getAuthHeaders(),
-      body: JSON.stringify(employee),
-    });
-    
-    if (!response.ok) {
-      const error = await response.json();
-      throw new Error(error.error || 'Failed to update employee');
-    }
-    
-    return response.json();
   }
 
   async deleteEmployee(id: string): Promise<void> {
-    const response = await fetch(`${API_BASE_URL}/employees/${id}`, {
+    await apiClient.delete(`/employees/${id}`);
-      method: 'DELETE',
-      headers: getAuthHeaders(),
-    });
-    
-    if (!response.ok) {
-      const error = await response.json();
-      throw new Error(error.error || 'Failed to delete employee');
-    }
   }
 
   async getAvailabilities(employeeId: string): Promise<EmployeeAvailability[]> {
-    const response = await fetch(`${API_BASE_URL}/employees/${employeeId}/availabilities`, {
+    return apiClient.get<EmployeeAvailability[]>(`/employees/${employeeId}/availabilities`);
-      headers: getAuthHeaders(),
-    });
-    
-    if (!response.ok) {
-      throw new Error('Failed to fetch availabilities');
-    }
-    
-    return response.json();
   }
 
-  async updateAvailabilities(employeeId: string, data: { planId: string, availabilities: Omit<EmployeeAvailability, 'id' | 'employeeId'>[] }): Promise<EmployeeAvailability[]> {
+  async updateAvailabilities(
+    employeeId: string, 
+    data: { planId: string, availabilities: Omit<EmployeeAvailability, 'id' | 'employeeId'>[] }
+  ): Promise<EmployeeAvailability[]> {
     console.log('🔄 Updating availabilities for employee:', employeeId);
-    const response = await fetch(`${API_BASE_URL}/employees/${employeeId}/availabilities`, {
+    return apiClient.put<EmployeeAvailability[]>(`/employees/${employeeId}/availabilities`, data);
-      method: 'PUT',
-      headers: getAuthHeaders(),
-      body: JSON.stringify(data),
-    });
-    
-    if (!response.ok) {
-      const error = await response.json();
-      throw new Error(error.error || 'Failed to update availabilities');
-    }
-    
-    return response.json();
   }
 
-  async changePassword(id: string, data: { currentPassword: string, newPassword: string }): Promise<void> {
+  async changePassword(
-    const response = await fetch(`${API_BASE_URL}/employees/${id}/password`, {
+    id: string, 
-      method: 'PUT',
+    data: { currentPassword: string, newPassword: string, confirmPassword: string }
-      headers: getAuthHeaders(),
+  ): Promise<void> {
-      body: JSON.stringify(data),
+    return apiClient.put<void>(`/employees/${id}/password`, data);
-    });
-    
-    if (!response.ok) {
-      const error = await response.json();
-      throw new Error(error.error || 'Failed to change password');
-    }
   }
 
   async updateLastLogin(employeeId: string): Promise<void> {
     try {
-      const response = await fetch(`${API_BASE_URL}/employees/${employeeId}/last-login`, {
+      await apiClient.patch(`/employees/${employeeId}/last-login`);
-        method: 'PATCH',
-        headers: getAuthHeaders(),
-      });
-
-      if (!response.ok) {
-        throw new Error('Failed to update last login');
-      }
     } catch (error) {
       console.error('Error updating last login:', error);
       throw error;

frontend/src/services/errorService.ts

@@ -0,0 +1,38 @@
+// frontend/src/services/errorService.ts
+export interface ValidationError {
+  field: string;
+  message: string;
+  value?: any;
+}
+
+export interface ApiError {
+  error: string;
+  details?: ValidationError[];
+  message?: string;
+}
+
+export class ErrorService {
+  static extractValidationErrors(error: any): ValidationError[] {
+    if (error?.details && Array.isArray(error.details)) {
+      return error.details;
+    }
+    
+    // Fallback for different error formats
+    if (error.message && typeof error.message === 'string') {
+      return [{ field: 'general', message: error.message }];
+    }
+    
+    return [{ field: 'general', message: 'An unknown error occurred' }];
+  }
+
+  static getFieldErrors(errors: ValidationError[], fieldName: string): string[] {
+    return errors
+      .filter(error => error.field === fieldName)
+      .map(error => error.message);
+  }
+
+  static getFirstFieldError(errors: ValidationError[], fieldName: string): string | null {
+    const fieldErrors = this.getFieldErrors(errors, fieldName);
+    return fieldErrors.length > 0 ? fieldErrors[0] : null;
+  }
+}

frontend/src/services/scheduling/useScheduling.ts

@@ -1,71 +0,0 @@
-import { useState, useCallback } from 'react';
-import { ScheduleRequest, ScheduleResult } from '../../models/scheduling';
-
-export const useScheduling = () => {
-  const [loading, setLoading] = useState(false);
-  const [error, setError] = useState<string | null>(null);
-  const [result, setResult] = useState<ScheduleResult | null>(null);
-  
-  const generateSchedule = useCallback(async (request: ScheduleRequest) => {
-    setLoading(true);
-    setError(null);
-    
-    try {
-      console.log('📤 Sending scheduling request:', {
-        shiftPlan: request.shiftPlan.name,
-        employees: request.employees.length,
-        availabilities: request.availabilities.length,
-        constraints: request.constraints.length
-      });
-
-      const response = await fetch('/api/scheduling/generate-schedule', {
-        method: 'POST',
-        headers: { 
-          'Content-Type': 'application/json',
-        },
-        body: JSON.stringify(request)
-      });
-      
-      if (!response.ok) {
-        const errorText = await response.text();
-        throw new Error(`Scheduling request failed: ${response.status} ${errorText}`);
-      }
-      
-      const data: ScheduleResult = await response.json();
-      
-      console.log('📥 Received scheduling result:', {
-        success: data.success,
-        assignments: Object.keys(data.assignments).length,
-        violations: data.violations.length,
-        processingTime: data.processingTime
-      });
-      
-      setResult(data);
-      return data;
-    } catch (err) {
-      const errorMessage = err instanceof Error ? err.message : 'Unknown scheduling error';
-      console.error('❌ Scheduling error:', errorMessage);
-      setError(errorMessage);
-      throw err;
-    } finally {
-      setLoading(false);
-    }
-  }, []);
-  
-  const reset = useCallback(() => {
-    setLoading(false);
-    setError(null);
-    setResult(null);
-  }, []);
-  
-  return { 
-    generateSchedule, 
-    loading, 
-    error, 
-    result,
-    reset
-  };
-};
-
-// Export for backward compatibility
-export default useScheduling;

frontend/src/services/shiftAssignmentService.ts

@@ -1,65 +1,15 @@
-// frontend/src/services/shiftAssignmentService.ts - WEEKLY PATTERN VERSION
 import { ShiftPlan, ScheduledShift } from '../models/ShiftPlan';
 import { Employee, EmployeeAvailability } from '../models/Employee';
-import { authService } from './authService';
 import { AssignmentResult, ScheduleRequest } from '../models/scheduling';
-
+import { apiClient } from './apiClient';
-const API_BASE_URL = '/api';
-
-// Helper function to get auth headers
-const getAuthHeaders = () => {
-  const token = localStorage.getItem('token');
-  return {
-    'Content-Type': 'application/json',
-    ...(token && { 'Authorization': `Bearer ${token}` })
-  };
-};
 
 export class ShiftAssignmentService {
   async updateScheduledShift(id: string, updates: { assignedEmployees: string[] }): Promise<void> {
     try {
-      //console.log('🔄 Updating scheduled shift via API:', { id, updates });
+      console.log('🔄 Updating scheduled shift via API:', { id, updates });
       
-      const response = await fetch(`${API_BASE_URL}/scheduled-shifts/${id}`, {
+      await apiClient.put(`/scheduled-shifts/${id}`, updates);
-        method: 'PUT',
+      console.log('✅ Scheduled shift updated successfully');
-        headers: {
-          'Content-Type': 'application/json',
-          ...authService.getAuthHeaders()
-        },
-        body: JSON.stringify(updates)
-      });
-
-      // First, check if we got any response
-      if (!response.ok) {
-        // Try to get error message from response
-        const responseText = await response.text();
-        console.error('❌ Server response:', responseText);
-        
-        let errorMessage = `HTTP ${response.status}: ${response.statusText}`;
-        
-        // Try to parse as JSON if possible
-        try {
-          const errorData = JSON.parse(responseText);
-          errorMessage = errorData.error || errorMessage;
-        } catch (e) {
-          // If not JSON, use the text as is
-          errorMessage = responseText || errorMessage;
-        }
-        
-        throw new Error(errorMessage);
-      }
-
-      // Try to parse successful response
-      const responseText = await response.text();
-      let result;
-      try {
-        result = responseText ? JSON.parse(responseText) : {};
-      } catch (e) {
-        console.warn('⚠️ Response was not JSON, but request succeeded');
-        result = { message: 'Update successful' };
-      }
-      
-      console.log('✅ Scheduled shift updated successfully:', result);
       
     } catch (error) {
       console.error('❌ Error updating scheduled shift:', error);
@@ -69,48 +19,16 @@ export class ShiftAssignmentService {
 
   async getScheduledShift(id: string): Promise<any> {
     try {
-      const response = await fetch(`${API_BASE_URL}/scheduled-shifts/${id}`, {
+      return await apiClient.get(`/scheduled-shifts/${id}`);
-        headers: {
-          'Authorization': `Bearer ${localStorage.getItem('token')}`
-        }
-      });
-
-      if (!response.ok) {
-        const responseText = await response.text();
-        let errorMessage = `HTTP ${response.status}: ${response.statusText}`;
-        
-        try {
-          const errorData = JSON.parse(responseText);
-          errorMessage = errorData.error || errorMessage;
-        } catch (e) {
-          errorMessage = responseText || errorMessage;
-        }
-        
-        throw new Error(errorMessage);
-      }
-
-      const responseText = await response.text();
-      return responseText ? JSON.parse(responseText) : {};
     } catch (error) {
       console.error('Error fetching scheduled shift:', error);
       throw error;
     }
   }
 
-  // New method to get all scheduled shifts for a plan
   async getScheduledShiftsForPlan(planId: string): Promise<ScheduledShift[]> {
     try {
-      const response = await fetch(`${API_BASE_URL}/scheduled-shifts/plan/${planId}`, {
+      const shifts = await apiClient.get<ScheduledShift[]>(`/scheduled-shifts/plan/${planId}`);
-        headers: {
-          'Authorization': `Bearer ${localStorage.getItem('token')}`
-        }
-      });
-
-      if (!response.ok) {
-        throw new Error(`Failed to fetch scheduled shifts: ${response.status}`);
-      }
-
-      const shifts = await response.json();
       
       // DEBUG: Check the structure of returned shifts
       console.log('🔍 SCHEDULED SHIFTS STRUCTURE:', shifts.slice(0, 3));
@@ -132,21 +50,7 @@ export class ShiftAssignmentService {
   }
 
   private async callSchedulingAPI(request: ScheduleRequest): Promise<AssignmentResult> {
-    const response = await fetch(`${API_BASE_URL}/scheduling/generate-schedule`, {
+    return await apiClient.post<AssignmentResult>('/scheduling/generate-schedule', request);
-      method: 'POST',
-      headers: {
-          'Content-Type': 'application/json',
-          ...authService.getAuthHeaders()
-        },
-      body: JSON.stringify(request)
-    });
-
-    if (!response.ok) {
-      const errorData = await response.json();
-      throw new Error(errorData.error || 'Scheduling failed');
-    }
-
-    return response.json();
   }
 
   async assignShifts(

frontend/src/services/shiftPlanService.ts

@@ -1,199 +1,115 @@
-// frontend/src/services/shiftPlanService.ts
-import { authService } from './authService';
 import { ShiftPlan, CreateShiftPlanRequest } from '../models/ShiftPlan';
 import { TEMPLATE_PRESETS } from '../models/defaults/shiftPlanDefaults';
-
+import { apiClient } from './apiClient';
-const API_BASE_URL = '/api/shift-plans';
-
-// Helper function to get auth headers
-const getAuthHeaders = () => {
-  const token = localStorage.getItem('token');
-  return {
-    'Content-Type': 'application/json',
-    ...(token && { 'Authorization': `Bearer ${token}` })
-  };
-};
-
-// Helper function to handle responses
-const handleResponse = async (response: Response) => {
-  if (!response.ok) {
-    const errorData = await response.json().catch(() => ({ error: 'Unknown error' }));
-    throw new Error(errorData.error || `HTTP error! status: ${response.status}`);
-  }
-  return response.json();
-};
 
 export const shiftPlanService = {
   async getShiftPlans(): Promise<ShiftPlan[]> {
-    const response = await fetch(API_BASE_URL, {
+    try {
-      headers: {
+      const plans = await apiClient.get<ShiftPlan[]>('/shift-plans');
-        'Content-Type': 'application/json',
-        ...authService.getAuthHeaders()
-      }
-    });
       
-    if (!response.ok) {
+      // Ensure scheduledShifts is always an array
-      if (response.status === 401) {
+      return plans.map((plan: any) => ({
-        authService.logout();
+        ...plan,
+        scheduledShifts: plan.scheduledShifts || []
+      }));
+    } catch (error: any) {
+      if (error.statusCode === 401) {
+        // You might want to import and use authService here if needed
+        localStorage.removeItem('token');
+        localStorage.removeItem('employee');
         throw new Error('Nicht authorisiert - bitte erneut anmelden');
       }
       throw new Error('Fehler beim Laden der Schichtpläne');
     }
-    
-    const plans = await response.json();
-    
-    // Ensure scheduledShifts is always an array
-    return plans.map((plan: any) => ({
-      ...plan,
-      scheduledShifts: plan.scheduledShifts || []
-    }));
   },
 
   async getShiftPlan(id: string): Promise<ShiftPlan> {
-    const response = await fetch(`${API_BASE_URL}/${id}`, {
+    try {
-      headers: {
+      return await apiClient.get<ShiftPlan>(`/shift-plans/${id}`);
-        'Content-Type': 'application/json',
+    } catch (error: any) {
-        ...authService.getAuthHeaders()
+      if (error.statusCode === 401) {
-      }
+        localStorage.removeItem('token');
-    });
+        localStorage.removeItem('employee');
-    
-    if (!response.ok) {
-      if (response.status === 401) {
-        authService.logout();
         throw new Error('Nicht authorisiert - bitte erneut anmelden');
       }
       throw new Error('Schichtplan nicht gefunden');
     }
-    
-    return await response.json();
   },
 
   async createShiftPlan(plan: CreateShiftPlanRequest): Promise<ShiftPlan> {
-    const response = await fetch(API_BASE_URL, {
+    try {
-      method: 'POST',
+      return await apiClient.post<ShiftPlan>('/shift-plans', plan);
-      headers: {
+    } catch (error: any) {
-        'Content-Type': 'application/json',
+      if (error.statusCode === 401) {
-        ...authService.getAuthHeaders()
+        localStorage.removeItem('token');
-      },
+        localStorage.removeItem('employee');
-      body: JSON.stringify(plan)
-    });
-
-    if (!response.ok) {
-      if (response.status === 401) {
-        authService.logout();
         throw new Error('Nicht authorisiert - bitte erneut anmelden');
       }
       throw new Error('Fehler beim Erstellen des Schichtplans');
     }
-
-    return response.json();
   },
 
   async updateShiftPlan(id: string, plan: Partial<ShiftPlan>): Promise<ShiftPlan> {
-    const response = await fetch(`${API_BASE_URL}/${id}`, {
+    try {
-      method: 'PUT',
+      return await apiClient.put<ShiftPlan>(`/shift-plans/${id}`, plan);
-      headers: {
+    } catch (error: any) {
-        'Content-Type': 'application/json',
+      if (error.statusCode === 401) {
-        ...authService.getAuthHeaders()
+        localStorage.removeItem('token');
-      },
+        localStorage.removeItem('employee');
-      body: JSON.stringify(plan)
-    });
-
-    if (!response.ok) {
-      if (response.status === 401) {
-        authService.logout();
         throw new Error('Nicht authorisiert - bitte erneut anmelden');
       }
       throw new Error('Fehler beim Aktualisieren des Schichtplans');
     }
-
-    return response.json();
   },
 
   async deleteShiftPlan(id: string): Promise<void> {
-    const response = await fetch(`${API_BASE_URL}/${id}`, {
+    try {
-      method: 'DELETE',
+      await apiClient.delete(`/shift-plans/${id}`);
-      headers: {
+    } catch (error: any) {
-        'Content-Type': 'application/json',
+      if (error.statusCode === 401) {
-        ...authService.getAuthHeaders()
+        localStorage.removeItem('token');
-      }
+        localStorage.removeItem('employee');
-    });
-
-    if (!response.ok) {
-      if (response.status === 401) {
-        authService.logout();
         throw new Error('Nicht authorisiert - bitte erneut anmelden');
       }
       throw new Error('Fehler beim Löschen des Schichtplans');
     }
   },
 
-  // Get specific template or plan
+  async getTemplate(id: string): Promise<ShiftPlan> {
-  getTemplate: async (id: string): Promise<ShiftPlan> => {
+    return await apiClient.get<ShiftPlan>(`/shift-plans/${id}`);
-    const response = await fetch(`${API_BASE_URL}/${id}`, {
-      headers: getAuthHeaders()
-    });
-    return handleResponse(response);
   },
 
-
+  async regenerateScheduledShifts(planId: string): Promise<void> {
-  async regenerateScheduledShifts(planId: string):Promise<void> {
     try {
-        console.log('🔄 Attempting to regenerate scheduled shifts...');
+      console.log('🔄 Attempting to regenerate scheduled shifts...');
-        
+      await apiClient.post(`/shift-plans/${planId}/regenerate-shifts`);
-        // You'll need to add this API endpoint to your backend
+      console.log('✅ Scheduled shifts regenerated');
-        const response = await fetch(`${API_BASE_URL}/${planId}/regenerate-shifts`, {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json',
-            'Authorization': `Bearer ${localStorage.getItem('token')}`
-        }
-        });
-
-        if (response.ok) {
-        console.log('✅ Scheduled shifts regenerated');
-        } else {
-        console.error('❌ Failed to regenerate shifts');
-        }
     } catch (error) {
-        console.error('❌ Error regenerating shifts:', error);
+      console.error('❌ Error regenerating shifts:', error);
+      throw error;
     }
   },
 
-  // Create new plan
+  async createPlan(data: CreateShiftPlanRequest): Promise<ShiftPlan> {
-  createPlan: async (data: CreateShiftPlanRequest): Promise<ShiftPlan> => {
+    return await apiClient.post<ShiftPlan>('/shift-plans', data);
-    const response = await fetch(`${API_BASE_URL}`, {
-      method: 'POST',
-      headers: getAuthHeaders(),
-      body: JSON.stringify(data),
-    });
-    return handleResponse(response);
   },
 
-  createFromPreset: async (data: {
+  async createFromPreset(data: {
     presetName: string;
     name: string;
     startDate: string;
     endDate: string;
     isTemplate?: boolean;
-  }): Promise<ShiftPlan> => {
+  }): Promise<ShiftPlan> {
-    const response = await fetch(`${API_BASE_URL}/from-preset`, {
+    try {
-      method: 'POST',
+      return await apiClient.post<ShiftPlan>('/shift-plans/from-preset', data);
-      headers: getAuthHeaders(),
+    } catch (error: any) {
-      body: JSON.stringify(data),
+      throw new Error(error.message || `HTTP error! status: ${error.statusCode}`);
-    });
-    
-    if (!response.ok) {
-      const errorData = await response.json().catch(() => ({ error: 'Unknown error' }));
-      throw new Error(errorData.error || `HTTP error! status: ${response.status}`);
     }
-    
-    return response.json();
   },
 
-  getTemplatePresets: async (): Promise<{name: string, label: string, description: string}[]> => {
+  async getTemplatePresets(): Promise<{name: string, label: string, description: string}[]> {
-    // name = label
+    return Object.entries(TEMPLATE_PRESETS).map(([key, preset]) => ({
-     return Object.entries(TEMPLATE_PRESETS).map(([key, preset]) => ({
       name: key,
       label: preset.name,
       description: preset.description
@@ -203,25 +119,67 @@ export const shiftPlanService = {
   async clearAssignments(planId: string): Promise<void> {
     try {
       console.log('🔄 Clearing assignments for plan:', planId);
-      
+      await apiClient.post(`/shift-plans/${planId}/clear-assignments`);
-      const response = await fetch(`${API_BASE_URL}/${planId}/clear-assignments`, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          ...authService.getAuthHeaders()
-        }
-      });
-
-      if (!response.ok) {
-        const errorData = await response.json().catch(() => ({ error: 'Unknown error' }));
-        throw new Error(errorData.error || `Failed to clear assignments: ${response.status}`);
-      }
-
       console.log('✅ Assignments cleared successfully');
-      
     } catch (error) {
       console.error('❌ Error clearing assignments:', error);
       throw error;
     }
   },
+
+  async exportShiftPlanToExcel(planId: string): Promise<Blob> {
+    try {
+      console.log('📊 Exporting shift plan to Excel:', planId);
+      
+      // Use the apiClient with blob response handling
+      const blob = await apiClient.request<Blob>(`/shift-plans/${planId}/export/excel`, {
+        method: 'GET',
+      }, 'blob');
+      
+      console.log('✅ Excel export successful');
+      return blob;
+    } catch (error: any) {
+      console.error('❌ Error exporting to Excel:', error);
+      
+      if (error.statusCode === 401) {
+        localStorage.removeItem('token');
+        localStorage.removeItem('employee');
+        throw new Error('Nicht authorisiert - bitte erneut anmelden');
+      }
+      
+      if (error.statusCode === 404) {
+        throw new Error('Schichtplan nicht gefunden');
+      }
+      
+      throw new Error('Fehler beim Excel-Export des Schichtplans');
+    }
+  },
+
+  async exportShiftPlanToPDF(planId: string): Promise<Blob> {
+    try {
+      console.log('📄 Exporting shift plan to PDF:', planId);
+      
+      // Use the apiClient with blob response handling
+      const blob = await apiClient.request<Blob>(`/shift-plans/${planId}/export/pdf`, {
+        method: 'GET',
+      }, 'blob');
+      
+      console.log('✅ PDF export successful');
+      return blob;
+    } catch (error: any) {
+      console.error('❌ Error exporting to PDF:', error);
+      
+      if (error.statusCode === 401) {
+        localStorage.removeItem('token');
+        localStorage.removeItem('employee');
+        throw new Error('Nicht authorisiert - bitte erneut anmelden');
+      }
+      
+      if (error.statusCode === 404) {
+        throw new Error('Schichtplan nicht gefunden');
+      }
+      
+      throw new Error('Fehler beim PDF-Export des Schichtplans');
+    }
+  },
 };

frontend/vite.config.ts

@@ -2,163 +2,58 @@ import { defineConfig, loadEnv } from 'vite'
 import react from '@vitejs/plugin-react'
 import { resolve } from 'path'
 
-// Security-focused Vite configuration
 export default defineConfig(({ mode }) => {
   const isProduction = mode === 'production'
-  const isDevelopment = mode === 'development'
-  
-  // Load environment variables securely
   const env = loadEnv(mode, process.cwd(), '')
 
-  // Strictly defined client-safe environment variables
-  const clientEnv = {
-    NODE_ENV: mode,
-    ENABLE_PRO: env.ENABLE_PRO || 'false',
-    VITE_APP_TITLE: env.APP_TITLE || 'Shift Planning App',
-    VITE_API_URL: isProduction ? '/api' : 'http://localhost:3002/api',
-  }
-
   return {
-    plugins: [
+    plugins: [react()],
-      react({
-        // React specific security settings
-        jsxRuntime: 'automatic',
-        babel: {
-          plugins: [
-            // Remove console in production
-            isProduction && ['babel-plugin-transform-remove-console', { exclude: ['error', 'warn'] }]
-          ].filter(Boolean)
-        }
-      })
-    ],
 
-    server: {
+    // Development proxy
+    server: isProduction ? undefined : {
       port: 3003,
       host: true,
-      open: isDevelopment,
-      // Security headers for dev server
-      headers: {
-        'X-Content-Type-Options': 'nosniff',
-        'X-Frame-Options': 'DENY',
-        'X-XSS-Protection': '1; mode=block',
-        'Referrer-Policy': 'strict-origin-when-cross-origin',
-        'Permissions-Policy': 'camera=(), microphone=(), location=()'
-      },
       proxy: {
         '/api': {
           target: 'http://localhost:3002',
           changeOrigin: true,
           secure: false,
         }
-      },
+      }
-      // Security: disable HMR in non-dev environments
-      hmr: isDevelopment
     },
 
+    // Production build optimized for Express serving
     build: {
       outDir: 'dist',
-      // Security: No source maps in production
+      sourcemap: false, // Disable in production
-      sourcemap: isDevelopment ? 'inline' : false,
+      minify: 'terser',
-      // Generate deterministic hashes for better caching and security
+      
-      assetsDir: 'assets',
+      // Bundle optimization
       rollupOptions: {
         output: {
-          // Security: Use content hashes for cache busting and integrity
+          // Efficient chunking
+          manualChunks: {
+            vendor: ['react', 'react-dom', 'react-router-dom'],
+            utils: ['date-fns']
+          },
+          // Cache-friendly naming
           chunkFileNames: 'assets/[name]-[hash].js',
           entryFileNames: 'assets/[name]-[hash].js',
           assetFileNames: 'assets/[name]-[hash].[ext]',
-          // Security: Manual chunks to separate vendor code
-          manualChunks: (id) => {
-            if (id.includes('node_modules')) {
-              if (id.includes('react') || id.includes('react-dom')) {
-                return 'vendor-react'
-              }
-              if (id.includes('react-router-dom')) {
-                return 'vendor-router'
-              }
-              return 'vendor'
-            }
-          }
         }
       },
-      // Minification with security-focused settings
+      
-      minify: isProduction ? 'terser' : false,
+      // Performance optimizations
-      terserOptions: isProduction ? {
+      terserOptions: {
         compress: {
           drop_console: true,
           drop_debugger: true,
-          // Security: Remove potentially sensitive code
+          pure_funcs: ['console.log', 'console.debug']
-          pure_funcs: [
-            'console.log',
-            'console.info',
-            'console.debug',
-            'console.warn',
-            'console.trace',
-            'console.table',
-            'debugger'
-          ],
-          dead_code: true,
-          if_return: true,
-          comparisons: true,
-          loops: true,
-          hoist_funs: true,
-          hoist_vars: true,
-          reduce_vars: true,
-          booleans: true,
-          conditionals: true,
-          evaluate: true,
-          sequences: true,
-          unused: true
-        },
-        mangle: {
-          // Security: Obfuscate code
-          toplevel: true,
-          keep_classnames: false,
-          keep_fnames: false,
-          reserved: [
-            'React',
-            'ReactDOM',
-            'useState',
-            'useEffect',
-            'useContext',
-            'createElement'
-          ]
-        },
-        format: {
-          comments: false,
-          beautify: false,
-          // Security: ASCII only to prevent encoding attacks
-          ascii_only: true
         }
-      } : undefined,
+      },
-      // Security: Report bundle size issues
-      reportCompressedSize: true,
-      chunkSizeWarningLimit: 1000,
-      // Security: Don't expose source paths
-      assetsInlineLimit: 4096
-    },
       
-    preview: {
+      // Reduce chunking overhead
-      port: 3004,
+      chunkSizeWarningLimit: 800
-      headers: {
-        // Security headers for preview server
-        'X-Content-Type-Options': 'nosniff',
-        'X-Frame-Options': 'DENY',
-        'X-XSS-Protection': '1; mode=block',
-        'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
-        'Referrer-Policy': 'strict-origin-when-cross-origin',
-        'Content-Security-Policy': `
-          default-src 'self';
-          script-src 'self' 'unsafe-inline';
-          style-src 'self' 'unsafe-inline';
-          img-src 'self' data: https:;
-          font-src 'self';
-          connect-src 'self';
-          base-uri 'self';
-          form-action 'self';
-          frame-ancestors 'none';
-        `.replace(/\s+/g, ' ').trim()
-      }
     },
 
     resolve: {
@@ -174,30 +69,11 @@ export default defineConfig(({ mode }) => {
       }
     },
 
-    // ✅ SICHER: Strict environment variable control
+    // Environment variables
-    define: Object.keys(clientEnv).reduce((acc, key) => {
+    define: {
-      acc[`import.meta.env.${key}`] = JSON.stringify(clientEnv[key])
+      'import.meta.env.VITE_API_URL': JSON.stringify(isProduction ? '/api' : '/api'),
-      return acc
+      'import.meta.env.ENABLE_PRO': JSON.stringify(env.ENABLE_PRO || 'false'),
-    }, {} as Record<string, string>),
+      'import.meta.env.NODE_ENV': JSON.stringify(mode)
-    
-    // Security: Clear build directory
-    emptyOutDir: true,
-    
-    // Security: Optimize dependencies
-    optimizeDeps: {
-      include: ['react', 'react-dom', 'react-router-dom'],
-      exclude: ['@vitejs/plugin-react']
-    },
-    
-    // Security: CSS configuration
-    css: {
-      devSourcemap: isDevelopment,
-      modules: {
-        localsConvention: 'camelCase',
-        generateScopedName: isProduction 
-          ? '[hash:base64:8]' 
-          : '[name]__[local]--[hash:base64:5]'
-      }
     }
   }
 })

package.json

@@ -9,9 +9,13 @@
   "scripts": {
     "docker:build": "docker build -t schichtplan-app .",
     "docker:run": "docker run -p 3002:3002 schichtplan-app",
-    "build:all": "npm run build --workspace=backend && npm run build --workspace=frontend"
+    "build:all": "npm run build --workspace=backend && npm run build --workspace=frontend",
+    "dev": "concurrently \"npm run dev:backend\" \"npm run dev:frontend\"",
+    "dev:frontend": "cd frontend && npm run dev",
+    "dev:backend": "cd backend && npm run dev:single"
   },
   "devDependencies": {
-    "typescript": "^5.3.3"
+    "typescript": "^5.3.3",
+    "concurrently": "9.2.1"
   }
 }