From db5efd8ed9c8b054d2de81c3bdf3bfe7ff7000ad Mon Sep 17 00:00:00 2001
From: Simon <hey@smelly.zip>
Date: Fri, 17 Apr 2026 00:12:47 +0200
Subject: [PATCH] clean initial commit

---
 .gitignore              |    4 +
 index.js                |   23 +
 package-lock.json       | 1533 ++++++++++++++++++++++++++++++
 package.json            |   21 +
 public/admin.html       |  601 ++++++++++++
 public/datenschutz.html |  149 +++
 public/favicon.svg      |    7 +
 public/index.html       | 1967 +++++++++++++++++++++++++++++++++++++++
 public/login.html       |  341 +++++++
 src/auth.js             |   25 +
 src/db.js               |  146 +++
 src/files.js            |  181 ++++
 src/routes.js           |  394 ++++++++
 13 files changed, 5392 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 index.js
 create mode 100644 package-lock.json
 create mode 100644 package.json
 create mode 100644 public/admin.html
 create mode 100644 public/datenschutz.html
 create mode 100644 public/favicon.svg
 create mode 100644 public/index.html
 create mode 100644 public/login.html
 create mode 100644 src/auth.js
 create mode 100644 src/db.js
 create mode 100644 src/files.js
 create mode 100644 src/routes.js

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3bb9b42
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+node_modules/
+data.db
+storage/
+CLAUDE.md
diff --git a/index.js b/index.js
new file mode 100644
index 0000000..9cd64cd
--- /dev/null
+++ b/index.js
@@ -0,0 +1,23 @@
+const express = require('express');
+const cookieParser = require('cookie-parser');
+const path = require('path');
+const routes = require('./src/routes');
+const { router: filesRouter } = require('./src/files');
+
+const app = express();
+const PORT = 3010;
+
+app.use(express.json());
+app.use(cookieParser());
+app.use(express.static(path.join(__dirname, 'public')));
+app.use('/api', routes);
+app.use('/api/files', filesRouter);
+
+const html = f => (req, res) => res.sendFile(path.join(__dirname, 'public', f));
+
+app.get('/login', html('login.html'));
+app.get('/admin', html('admin.html'));
+app.get('/datenschutz', html('datenschutz.html'));
+app.get('/{*path}', html('index.html'));
+
+app.listen(PORT, '127.0.0.1', () => console.log(`info1 läuft auf :${PORT}`));
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 0000000..7f68bf2
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,1533 @@
+{
+  "name": "info1",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "info1",
+      "version": "1.0.0",
+      "license": "ISC",
+      "dependencies": {
+        "bcryptjs": "^3.0.3",
+        "better-sqlite3": "^12.9.0",
+        "cookie-parser": "^1.4.7",
+        "express": "^5.2.1",
+        "express-rate-limit": "^8.3.2",
+        "jsonwebtoken": "^9.0.3",
+        "multer": "^2.1.1"
+      }
+    },
+    "node_modules/accepts": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-2.0.0.tgz",
+      "integrity": "sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-types": "^3.0.0",
+        "negotiator": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/append-field": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz",
+      "integrity": "sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw==",
+      "license": "MIT"
+    },
+    "node_modules/base64-js": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
+      "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/bcryptjs": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-3.0.3.tgz",
+      "integrity": "sha512-GlF5wPWnSa/X5LKM1o0wz0suXIINz1iHRLvTS+sLyi7XPbe5ycmYI3DlZqVGZZtDgl4DmasFg7gOB3JYbphV5g==",
+      "license": "BSD-3-Clause",
+      "bin": {
+        "bcrypt": "bin/bcrypt"
+      }
+    },
+    "node_modules/better-sqlite3": {
+      "version": "12.9.0",
+      "resolved": "https://registry.npmjs.org/better-sqlite3/-/better-sqlite3-12.9.0.tgz",
+      "integrity": "sha512-wqUv4Gm3toFpHDQmaKD4QhZm3g1DjUBI0yzS4UBl6lElUmXFYdTQmmEDpAFa5o8FiFiymURypEnfVHzILKaxqQ==",
+      "hasInstallScript": true,
+      "license": "MIT",
+      "dependencies": {
+        "bindings": "^1.5.0",
+        "prebuild-install": "^7.1.1"
+      },
+      "engines": {
+        "node": "20.x || 22.x || 23.x || 24.x || 25.x"
+      }
+    },
+    "node_modules/bindings": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz",
+      "integrity": "sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==",
+      "license": "MIT",
+      "dependencies": {
+        "file-uri-to-path": "1.0.0"
+      }
+    },
+    "node_modules/bl": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz",
+      "integrity": "sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==",
+      "license": "MIT",
+      "dependencies": {
+        "buffer": "^5.5.0",
+        "inherits": "^2.0.4",
+        "readable-stream": "^3.4.0"
+      }
+    },
+    "node_modules/body-parser": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.2.tgz",
+      "integrity": "sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA==",
+      "license": "MIT",
+      "dependencies": {
+        "bytes": "^3.1.2",
+        "content-type": "^1.0.5",
+        "debug": "^4.4.3",
+        "http-errors": "^2.0.0",
+        "iconv-lite": "^0.7.0",
+        "on-finished": "^2.4.1",
+        "qs": "^6.14.1",
+        "raw-body": "^3.0.1",
+        "type-is": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/buffer": {
+      "version": "5.7.1",
+      "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz",
+      "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "base64-js": "^1.3.1",
+        "ieee754": "^1.1.13"
+      }
+    },
+    "node_modules/buffer-equal-constant-time": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
+      "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/buffer-from": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
+      "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==",
+      "license": "MIT"
+    },
+    "node_modules/busboy": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz",
+      "integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==",
+      "dependencies": {
+        "streamsearch": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=10.16.0"
+      }
+    },
+    "node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/call-bind-apply-helpers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/call-bound": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "get-intrinsic": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/chownr": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz",
+      "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==",
+      "license": "ISC"
+    },
+    "node_modules/concat-stream": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-2.0.0.tgz",
+      "integrity": "sha512-MWufYdFw53ccGjCA+Ol7XJYpAlW6/prSMzuPOTRnJGcGzuhLn4Scrz7qf6o8bROZ514ltazcIFJZevcfbo0x7A==",
+      "engines": [
+        "node >= 6.0"
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "buffer-from": "^1.0.0",
+        "inherits": "^2.0.3",
+        "readable-stream": "^3.0.2",
+        "typedarray": "^0.0.6"
+      }
+    },
+    "node_modules/content-disposition": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.1.0.tgz",
+      "integrity": "sha512-5jRCH9Z/+DRP7rkvY83B+yGIGX96OYdJmzngqnw2SBSxqCFPd0w2km3s5iawpGX8krnwSGmF0FW5Nhr0Hfai3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/content-type": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie-parser": {
+      "version": "1.4.7",
+      "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.7.tgz",
+      "integrity": "sha512-nGUvgXnotP3BsjiLX2ypbQnWoGUPIIfHQNZkkC668ntrzGWEZVW70HDEB1qnNGMicPje6EttlIgzo51YSwNQGw==",
+      "license": "MIT",
+      "dependencies": {
+        "cookie": "0.7.2",
+        "cookie-signature": "1.0.6"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/cookie-signature": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
+      "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==",
+      "license": "MIT"
+    },
+    "node_modules/debug": {
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/decompress-response": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz",
+      "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==",
+      "license": "MIT",
+      "dependencies": {
+        "mimic-response": "^3.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/deep-extend": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz",
+      "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
+    "node_modules/depd": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/detect-libc": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
+      "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/ecdsa-sig-formatter": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
+      "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "node_modules/ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==",
+      "license": "MIT"
+    },
+    "node_modules/encodeurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/end-of-stream": {
+      "version": "1.4.5",
+      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz",
+      "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==",
+      "license": "MIT",
+      "dependencies": {
+        "once": "^1.4.0"
+      }
+    },
+    "node_modules/es-define-property": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-object-atoms": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
+      "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==",
+      "license": "MIT"
+    },
+    "node_modules/etag": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/expand-template": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/expand-template/-/expand-template-2.0.3.tgz",
+      "integrity": "sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==",
+      "license": "(MIT OR WTFPL)",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/express": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz",
+      "integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==",
+      "license": "MIT",
+      "dependencies": {
+        "accepts": "^2.0.0",
+        "body-parser": "^2.2.1",
+        "content-disposition": "^1.0.0",
+        "content-type": "^1.0.5",
+        "cookie": "^0.7.1",
+        "cookie-signature": "^1.2.1",
+        "debug": "^4.4.0",
+        "depd": "^2.0.0",
+        "encodeurl": "^2.0.0",
+        "escape-html": "^1.0.3",
+        "etag": "^1.8.1",
+        "finalhandler": "^2.1.0",
+        "fresh": "^2.0.0",
+        "http-errors": "^2.0.0",
+        "merge-descriptors": "^2.0.0",
+        "mime-types": "^3.0.0",
+        "on-finished": "^2.4.1",
+        "once": "^1.4.0",
+        "parseurl": "^1.3.3",
+        "proxy-addr": "^2.0.7",
+        "qs": "^6.14.0",
+        "range-parser": "^1.2.1",
+        "router": "^2.2.0",
+        "send": "^1.1.0",
+        "serve-static": "^2.2.0",
+        "statuses": "^2.0.1",
+        "type-is": "^2.0.1",
+        "vary": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/express-rate-limit": {
+      "version": "8.3.2",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.3.2.tgz",
+      "integrity": "sha512-77VmFeJkO0/rvimEDuUC5H30oqUC4EyOhyGccfqoLebB0oiEYfM7nwPrsDsBL1gsTpwfzX8SFy2MT3TDyRq+bg==",
+      "license": "MIT",
+      "dependencies": {
+        "ip-address": "10.1.0"
+      },
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/express-rate-limit"
+      },
+      "peerDependencies": {
+        "express": ">= 4.11"
+      }
+    },
+    "node_modules/express/node_modules/cookie-signature": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz",
+      "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.6.0"
+      }
+    },
+    "node_modules/file-uri-to-path": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz",
+      "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==",
+      "license": "MIT"
+    },
+    "node_modules/finalhandler": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.1.tgz",
+      "integrity": "sha512-S8KoZgRZN+a5rNwqTxlZZePjT/4cnm0ROV70LedRHZ0p8u9fRID0hJUZQpkKLzro8LfmC8sx23bY6tVNxv8pQA==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.4.0",
+        "encodeurl": "^2.0.0",
+        "escape-html": "^1.0.3",
+        "on-finished": "^2.4.1",
+        "parseurl": "^1.3.3",
+        "statuses": "^2.0.1"
+      },
+      "engines": {
+        "node": ">= 18.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/forwarded": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fresh": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-2.0.0.tgz",
+      "integrity": "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/fs-constants": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz",
+      "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==",
+      "license": "MIT"
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-intrinsic": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
+        "function-bind": "^1.1.2",
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "license": "MIT",
+      "dependencies": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/github-from-package": {
+      "version": "0.0.0",
+      "resolved": "https://registry.npmjs.org/github-from-package/-/github-from-package-0.0.0.tgz",
+      "integrity": "sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw==",
+      "license": "MIT"
+    },
+    "node_modules/gopd": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-symbols": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/hasown": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
+      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+      "license": "MIT",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/http-errors": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
+      "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
+      "license": "MIT",
+      "dependencies": {
+        "depd": "~2.0.0",
+        "inherits": "~2.0.4",
+        "setprototypeof": "~1.2.0",
+        "statuses": "~2.0.2",
+        "toidentifier": "~1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.2.tgz",
+      "integrity": "sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw==",
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/ieee754": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
+      "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+      "license": "ISC"
+    },
+    "node_modules/ini": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz",
+      "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==",
+      "license": "ISC"
+    },
+    "node_modules/ip-address": {
+      "version": "10.1.0",
+      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.1.0.tgz",
+      "integrity": "sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
+    "node_modules/ipaddr.js": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/is-promise": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz",
+      "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==",
+      "license": "MIT"
+    },
+    "node_modules/jsonwebtoken": {
+      "version": "9.0.3",
+      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz",
+      "integrity": "sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==",
+      "license": "MIT",
+      "dependencies": {
+        "jws": "^4.0.1",
+        "lodash.includes": "^4.3.0",
+        "lodash.isboolean": "^3.0.3",
+        "lodash.isinteger": "^4.0.4",
+        "lodash.isnumber": "^3.0.3",
+        "lodash.isplainobject": "^4.0.6",
+        "lodash.isstring": "^4.0.1",
+        "lodash.once": "^4.0.0",
+        "ms": "^2.1.1",
+        "semver": "^7.5.4"
+      },
+      "engines": {
+        "node": ">=12",
+        "npm": ">=6"
+      }
+    },
+    "node_modules/jwa": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz",
+      "integrity": "sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==",
+      "license": "MIT",
+      "dependencies": {
+        "buffer-equal-constant-time": "^1.0.1",
+        "ecdsa-sig-formatter": "1.0.11",
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "node_modules/jws": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.1.tgz",
+      "integrity": "sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==",
+      "license": "MIT",
+      "dependencies": {
+        "jwa": "^2.0.1",
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "node_modules/lodash.includes": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
+      "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isboolean": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
+      "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isinteger": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
+      "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isnumber": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
+      "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isplainobject": {
+      "version": "4.0.6",
+      "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
+      "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isstring": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
+      "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.once": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
+      "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==",
+      "license": "MIT"
+    },
+    "node_modules/math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/media-typer": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz",
+      "integrity": "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/merge-descriptors": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-2.0.0.tgz",
+      "integrity": "sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.54.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz",
+      "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.2.tgz",
+      "integrity": "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-db": "^1.54.0"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/mimic-response": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz",
+      "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/minimist": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
+      "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/mkdirp-classic": {
+      "version": "0.5.3",
+      "resolved": "https://registry.npmjs.org/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz",
+      "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==",
+      "license": "MIT"
+    },
+    "node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
+    },
+    "node_modules/multer": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/multer/-/multer-2.1.1.tgz",
+      "integrity": "sha512-mo+QTzKlx8R7E5ylSXxWzGoXoZbOsRMpyitcht8By2KHvMbf3tjwosZ/Mu/XYU6UuJ3VZnODIrak5ZrPiPyB6A==",
+      "license": "MIT",
+      "dependencies": {
+        "append-field": "^1.0.0",
+        "busboy": "^1.6.0",
+        "concat-stream": "^2.0.0",
+        "type-is": "^1.6.18"
+      },
+      "engines": {
+        "node": ">= 10.16.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/multer/node_modules/media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/multer/node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/multer/node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/multer/node_modules/type-is": {
+      "version": "1.6.18",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+      "license": "MIT",
+      "dependencies": {
+        "media-typer": "0.3.0",
+        "mime-types": "~2.1.24"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/napi-build-utils": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/napi-build-utils/-/napi-build-utils-2.0.0.tgz",
+      "integrity": "sha512-GEbrYkbfF7MoNaoh2iGG84Mnf/WZfB0GdGEsM8wz7Expx/LlWf5U8t9nvJKXSp3qr5IsEbK04cBGhol/KwOsWA==",
+      "license": "MIT"
+    },
+    "node_modules/negotiator": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz",
+      "integrity": "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/node-abi": {
+      "version": "3.89.0",
+      "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.89.0.tgz",
+      "integrity": "sha512-6u9UwL0HlAl21+agMN3YAMXcKByMqwGx+pq+P76vii5f7hTPtKDp08/H9py6DY+cfDw7kQNTGEj/rly3IgbNQA==",
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.3.5"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/object-inspect": {
+      "version": "1.13.4",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "license": "MIT",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
+      "license": "ISC",
+      "dependencies": {
+        "wrappy": "1"
+      }
+    },
+    "node_modules/parseurl": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/path-to-regexp": {
+      "version": "8.4.2",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz",
+      "integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==",
+      "license": "MIT",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/prebuild-install": {
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-7.1.3.tgz",
+      "integrity": "sha512-8Mf2cbV7x1cXPUILADGI3wuhfqWvtiLA1iclTDbFRZkgRQS0NqsPZphna9V+HyTEadheuPmjaJMsbzKQFOzLug==",
+      "deprecated": "No longer maintained. Please contact the author of the relevant native addon; alternatives are available.",
+      "license": "MIT",
+      "dependencies": {
+        "detect-libc": "^2.0.0",
+        "expand-template": "^2.0.3",
+        "github-from-package": "0.0.0",
+        "minimist": "^1.2.3",
+        "mkdirp-classic": "^0.5.3",
+        "napi-build-utils": "^2.0.0",
+        "node-abi": "^3.3.0",
+        "pump": "^3.0.0",
+        "rc": "^1.2.7",
+        "simple-get": "^4.0.0",
+        "tar-fs": "^2.0.0",
+        "tunnel-agent": "^0.6.0"
+      },
+      "bin": {
+        "prebuild-install": "bin.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/proxy-addr": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+      "license": "MIT",
+      "dependencies": {
+        "forwarded": "0.2.0",
+        "ipaddr.js": "1.9.1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/pump": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.4.tgz",
+      "integrity": "sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA==",
+      "license": "MIT",
+      "dependencies": {
+        "end-of-stream": "^1.1.0",
+        "once": "^1.3.1"
+      }
+    },
+    "node_modules/qs": {
+      "version": "6.15.1",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.1.tgz",
+      "integrity": "sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/range-parser": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/raw-body": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.2.tgz",
+      "integrity": "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==",
+      "license": "MIT",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.7.0",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/rc": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz",
+      "integrity": "sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==",
+      "license": "(BSD-2-Clause OR MIT OR Apache-2.0)",
+      "dependencies": {
+        "deep-extend": "^0.6.0",
+        "ini": "~1.3.0",
+        "minimist": "^1.2.0",
+        "strip-json-comments": "~2.0.1"
+      },
+      "bin": {
+        "rc": "cli.js"
+      }
+    },
+    "node_modules/readable-stream": {
+      "version": "3.6.2",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
+      "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==",
+      "license": "MIT",
+      "dependencies": {
+        "inherits": "^2.0.3",
+        "string_decoder": "^1.1.1",
+        "util-deprecate": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/router": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/router/-/router-2.2.0.tgz",
+      "integrity": "sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.4.0",
+        "depd": "^2.0.0",
+        "is-promise": "^4.0.0",
+        "parseurl": "^1.3.3",
+        "path-to-regexp": "^8.0.0"
+      },
+      "engines": {
+        "node": ">= 18"
+      }
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+      "license": "MIT"
+    },
+    "node_modules/semver": {
+      "version": "7.7.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
+      "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/send": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/send/-/send-1.2.1.tgz",
+      "integrity": "sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.4.3",
+        "encodeurl": "^2.0.0",
+        "escape-html": "^1.0.3",
+        "etag": "^1.8.1",
+        "fresh": "^2.0.0",
+        "http-errors": "^2.0.1",
+        "mime-types": "^3.0.2",
+        "ms": "^2.1.3",
+        "on-finished": "^2.4.1",
+        "range-parser": "^1.2.1",
+        "statuses": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/serve-static": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-2.2.1.tgz",
+      "integrity": "sha512-xRXBn0pPqQTVQiC8wyQrKs2MOlX24zQ0POGaj0kultvoOCstBQM5yvOhAVSUwOMjQtTvsPWoNCHfPGwaaQJhTw==",
+      "license": "MIT",
+      "dependencies": {
+        "encodeurl": "^2.0.0",
+        "escape-html": "^1.0.3",
+        "parseurl": "^1.3.3",
+        "send": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/setprototypeof": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==",
+      "license": "ISC"
+    },
+    "node_modules/side-channel": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
+      "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3",
+        "side-channel-list": "^1.0.0",
+        "side-channel-map": "^1.0.1",
+        "side-channel-weakmap": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-list": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz",
+      "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==",
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-map": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
+      "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-weakmap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
+      "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3",
+        "side-channel-map": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/simple-concat": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/simple-concat/-/simple-concat-1.0.1.tgz",
+      "integrity": "sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/simple-get": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/simple-get/-/simple-get-4.0.1.tgz",
+      "integrity": "sha512-brv7p5WgH0jmQJr1ZDDfKDOSeWWg+OVypG99A/5vYGPqJ6pxiaHLy8nxtFjBA7oMa01ebA9gfh1uMCFqOuXxvA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "decompress-response": "^6.0.0",
+        "once": "^1.3.1",
+        "simple-concat": "^1.0.0"
+      }
+    },
+    "node_modules/statuses": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
+      "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/streamsearch": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz",
+      "integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==",
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/string_decoder": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz",
+      "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==",
+      "license": "MIT",
+      "dependencies": {
+        "safe-buffer": "~5.2.0"
+      }
+    },
+    "node_modules/strip-json-comments": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
+      "integrity": "sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/tar-fs": {
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.4.tgz",
+      "integrity": "sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==",
+      "license": "MIT",
+      "dependencies": {
+        "chownr": "^1.1.1",
+        "mkdirp-classic": "^0.5.2",
+        "pump": "^3.0.0",
+        "tar-stream": "^2.1.4"
+      }
+    },
+    "node_modules/tar-stream": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.2.0.tgz",
+      "integrity": "sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==",
+      "license": "MIT",
+      "dependencies": {
+        "bl": "^4.0.3",
+        "end-of-stream": "^1.4.1",
+        "fs-constants": "^1.0.0",
+        "inherits": "^2.0.3",
+        "readable-stream": "^3.1.1"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/toidentifier": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.6"
+      }
+    },
+    "node_modules/tunnel-agent": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
+      "integrity": "sha512-McnNiV1l8RYeY8tBgEpuodCC1mLUdbSN+CYBL7kJsJNInOP8UjDDEwdk6Mw60vdLLrr5NHKZhMAOSrR2NZuQ+w==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "safe-buffer": "^5.0.1"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/type-is": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz",
+      "integrity": "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==",
+      "license": "MIT",
+      "dependencies": {
+        "content-type": "^1.0.5",
+        "media-typer": "^1.1.0",
+        "mime-types": "^3.0.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/typedarray": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz",
+      "integrity": "sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==",
+      "license": "MIT"
+    },
+    "node_modules/unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/util-deprecate": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==",
+      "license": "MIT"
+    },
+    "node_modules/vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
+      "license": "ISC"
+    }
+  }
+}
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..6de29c9
--- /dev/null
+++ b/package.json
@@ -0,0 +1,21 @@
+{
+  "name": "info1",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "bcryptjs": "^3.0.3",
+    "better-sqlite3": "^12.9.0",
+    "cookie-parser": "^1.4.7",
+    "express": "^5.2.1",
+    "express-rate-limit": "^8.3.2",
+    "jsonwebtoken": "^9.0.3",
+    "multer": "^2.1.1"
+  }
+}
diff --git a/public/admin.html b/public/admin.html
new file mode 100644
index 0000000..3f14492
--- /dev/null
+++ b/public/admin.html
@@ -0,0 +1,601 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>IFB · Admin</title>
+<link rel="icon" type="image/svg+xml" href="/favicon.svg">
+<link rel="preconnect" href="https://fonts.googleapis.com">
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap" rel="stylesheet">
+<script src="https://unpkg.com/lucide@latest/dist/umd/lucide.min.js"></script>
+<style>
+:root {
+  --blue: #2563eb; --blue-d: #1d4ed8; --blue-50: #eff6ff;
+  --slate-50: #f8fafc; --slate-100: #f1f5f9; --slate-200: #e2e8f0;
+  --slate-400: #94a3b8; --slate-500: #64748b; --slate-600: #475569; --slate-900: #0f172a;
+  --green: #16a34a; --red: #dc2626; --amber: #d97706;
+  --shadow: 0 1px 3px rgba(0,0,0,.07), 0 4px 12px rgba(0,0,0,.04);
+  --shadow-lg: 0 4px 20px rgba(0,0,0,.10), 0 1px 4px rgba(0,0,0,.06);
+  --r: 12px; --r-sm: 8px;
+}
+* { box-sizing: border-box; margin: 0; padding: 0; }
+body { font-family: 'Inter', -apple-system, sans-serif; background: var(--slate-50); color: var(--slate-900); min-height: 100vh; display: flex; flex-direction: column; }
+
+header { background: #fff; border-bottom: 1px solid var(--slate-200); padding: 0 28px; height: 58px; display: flex; align-items: center; gap: 14px; position: sticky; top: 0; z-index: 100; }
+.brand { display: flex; flex-direction: column; }
+.brand-school { font-size: 10px; color: var(--slate-400); font-weight: 600; letter-spacing: .6px; text-transform: uppercase; }
+.brand-class { font-size: 20px; font-weight: 800; color: var(--blue); letter-spacing: -1px; line-height: 1.1; }
+.h-spacer { flex: 1; }
+.back-link { font-size: 13px; color: var(--slate-500); text-decoration: none; font-weight: 500; padding: 6px 12px; border-radius: var(--r-sm); border: 1.5px solid var(--slate-200); }
+.back-link:hover { background: var(--slate-100); }
+.admin-badge { background: #fef3c7; color: #92400e; font-size: 11px; font-weight: 700; padding: 3px 10px; border-radius: 99px; border: 1px solid #fde68a; }
+
+.page-title { padding: 24px 28px 0; }
+.page-title h1 { font-size: 22px; font-weight: 800; }
+.page-title p { font-size: 13px; color: var(--slate-500); margin-top: 4px; }
+
+/* TABS */
+.tabs { display: flex; gap: 4px; padding: 16px 28px 0; border-bottom: 1px solid var(--slate-200); background: var(--slate-50); position: sticky; top: 58px; z-index: 90; }
+.tab { padding: 8px 16px; font-size: 13px; font-weight: 600; border: none; background: none; cursor: pointer; color: var(--slate-500); border-bottom: 2px solid transparent; margin-bottom: -1px; font-family: inherit; border-radius: var(--r-sm) var(--r-sm) 0 0; transition: color .15s; }
+.tab:hover { color: var(--blue); background: var(--slate-100); }
+.tab.active { color: var(--blue); border-bottom-color: var(--blue); }
+.tab-badge { background: var(--red); color: #fff; font-size: 10px; font-weight: 700; padding: 1px 6px; border-radius: 99px; margin-left: 5px; }
+
+.content { padding: 24px 28px; flex: 1; }
+
+/* SECTION */
+.section { display: none; }
+.section.active { display: block; }
+
+/* FILTER BAR */
+.filter-bar { display: flex; gap: 8px; margin-bottom: 16px; flex-wrap: wrap; align-items: center; }
+.filter-bar input, .filter-bar select { padding: 7px 12px; border: 1.5px solid var(--slate-200); border-radius: var(--r-sm); font-size: 13px; font-family: inherit; outline: none; background: #fff; }
+.filter-bar input:focus, .filter-bar select:focus { border-color: var(--blue); }
+.filter-bar input { flex: 1; min-width: 180px; }
+.filter-count { font-size: 12px; color: var(--slate-400); font-weight: 500; margin-left: auto; }
+
+/* TABLE */
+.tbl-wrap { overflow-x: auto; border-radius: var(--r); border: 1px solid var(--slate-200); background: #fff; }
+table { width: 100%; border-collapse: collapse; font-size: 13px; }
+thead th { background: var(--slate-50); padding: 10px 14px; text-align: left; font-size: 11px; font-weight: 700; color: var(--slate-500); letter-spacing: .4px; text-transform: uppercase; border-bottom: 1px solid var(--slate-200); white-space: nowrap; }
+tbody tr { border-bottom: 1px solid var(--slate-100); transition: background .1s; }
+tbody tr:last-child { border-bottom: none; }
+tbody tr:hover { background: var(--slate-50); }
+tbody td { padding: 10px 14px; vertical-align: middle; }
+.td-actions { display: flex; gap: 6px; flex-wrap: wrap; }
+
+/* BADGES */
+.badge { font-size: 10px; font-weight: 700; padding: 2px 8px; border-radius: 99px; white-space: nowrap; }
+.badge-green { background: #dcfce7; color: #166534; }
+.badge-red { background: #fee2e2; color: #991b1b; }
+.badge-orange { background: #fef3c7; color: #92400e; }
+.badge-blue { background: #dbeafe; color: #1d4ed8; }
+.badge-gray { background: var(--slate-100); color: var(--slate-500); }
+.badge-purple { background: #f3e8ff; color: #6b21a8; }
+
+/* BUTTONS */
+.btn { font-size: 12px; font-weight: 600; padding: 5px 12px; border-radius: var(--r-sm); border: none; cursor: pointer; font-family: inherit; white-space: nowrap; transition: opacity .15s; }
+.btn:hover { opacity: .85; }
+.btn-green { background: #dcfce7; color: #166534; }
+.btn-red { background: #fee2e2; color: #991b1b; }
+.btn-orange { background: #fef3c7; color: #92400e; }
+.btn-blue { background: var(--blue-50); color: var(--blue); }
+.btn-gray { background: var(--slate-100); color: var(--slate-600); }
+
+/* STATS ROW */
+.stats-row { display: flex; gap: 14px; margin-bottom: 20px; flex-wrap: wrap; }
+.stat-card { background: #fff; border: 1px solid var(--slate-200); border-radius: var(--r); padding: 14px 18px; flex: 1; min-width: 120px; }
+.stat-val { font-size: 24px; font-weight: 800; color: var(--blue); }
+.stat-label { font-size: 12px; color: var(--slate-500); margin-top: 2px; }
+
+/* TICKET */
+.ticket-msg { font-size: 12px; color: var(--slate-500); max-width: 340px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
+
+/* LOG */
+.log-action { font-family: monospace; font-size: 12px; background: var(--slate-100); padding: 2px 6px; border-radius: 4px; }
+.log-details { font-size: 11px; color: var(--slate-400); max-width: 200px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
+
+/* EMPTY */
+.empty { text-align: center; color: var(--slate-300); font-size: 13px; padding: 32px; font-weight: 500; }
+
+/* TOAST */
+#toasts { position: fixed; bottom: 24px; right: 24px; z-index: 400; display: flex; flex-direction: column; gap: 8px; pointer-events: none; }
+.toast { background: #1e293b; color: #fff; font-size: 13px; font-weight: 500; padding: 10px 16px; border-radius: var(--r-sm); box-shadow: var(--shadow-lg); opacity: 0; transform: translateY(8px); transition: opacity .2s, transform .2s; pointer-events: none; max-width: 280px; }
+.toast.show { opacity: 1; transform: none; }
+.toast.success { background: #166534; }
+.toast.error { background: #991b1b; }
+
+/* CONFIRM MODAL */
+.overlay { position: fixed; inset: 0; background: rgba(0,0,0,.4); z-index: 300; display: flex; align-items: center; justify-content: center; padding: 16px; }
+.modal { background: #fff; border-radius: var(--r); padding: 24px; width: 100%; max-width: 380px; box-shadow: var(--shadow-lg); }
+.modal h3 { font-size: 16px; font-weight: 700; margin-bottom: 10px; }
+.modal p { font-size: 13px; color: var(--slate-600); margin-bottom: 18px; }
+.modal-actions { display: flex; gap: 8px; justify-content: flex-end; }
+.btn-cancel { padding: 8px 16px; border: 1.5px solid var(--slate-200); border-radius: var(--r-sm); background: none; cursor: pointer; font-size: 13px; font-family: inherit; color: var(--slate-600); }
+.btn-confirm { padding: 8px 16px; background: var(--red); color: #fff; border: none; border-radius: var(--r-sm); font-size: 13px; font-weight: 600; font-family: inherit; cursor: pointer; }
+
+/* TICKET DETAIL */
+.ticket-detail { background: var(--slate-50); border: 1px solid var(--slate-200); border-radius: var(--r-sm); padding: 12px 14px; margin-top: 8px; font-size: 13px; white-space: pre-wrap; word-break: break-word; max-height: 200px; overflow-y: auto; }
+
+/* Icons */
+.lucide { display: inline-block; vertical-align: -0.125em; flex-shrink: 0; width: 1em; height: 1em; stroke-width: 2; }
+.tab .lucide { width: 14px; height: 14px; }
+</style>
+</head>
+<body>
+
+<header>
+  <div class="brand">
+    <div class="brand-school">IFB-Berufsfachschule Rosenheim</div>
+    <div class="brand-class">INFO1</div>
+  </div>
+  <div class="h-spacer"></div>
+  <span class="admin-badge">Admin-Panel</span>
+  <a href="/" class="back-link">← Dashboard</a>
+</header>
+
+<div class="page-title">
+  <h1>Admin-Dashboard</h1>
+  <p id="admin-username-line">Eingeloggt als …</p>
+</div>
+
+<div class="tabs">
+  <button class="tab active" onclick="switchTab('users')"><i data-lucide="users" aria-hidden="true"></i> Benutzer <span id="tab-badge-users" class="tab-badge" style="display:none"></span></button>
+  <button class="tab" onclick="switchTab('pending')"><i data-lucide="clock" aria-hidden="true"></i> Ausstehend <span id="tab-badge-pending" class="tab-badge" style="display:none"></span></button>
+  <button class="tab" onclick="switchTab('tickets')"><i data-lucide="life-buoy" aria-hidden="true"></i> Tickets <span id="tab-badge-tickets" class="tab-badge" style="display:none"></span></button>
+  <button class="tab" onclick="switchTab('usage')"><i data-lucide="bar-chart-2" aria-hidden="true"></i> Datennutzung</button>
+  <button class="tab" onclick="switchTab('logs')"><i data-lucide="clipboard" aria-hidden="true"></i> Aktionslog</button>
+</div>
+
+<div class="content">
+
+  <!-- USERS TAB -->
+  <div class="section active" id="section-users">
+    <div class="stats-row" id="stats-row"></div>
+    <div class="filter-bar">
+      <input type="search" id="user-search" placeholder="Suche nach Benutzername / E-Mail …" oninput="filterUsers()">
+      <select id="user-role-filter" onchange="filterUsers()">
+        <option value="">Alle Rollen</option>
+        <option value="student">Student</option>
+        <option value="teacher">Lehrer</option>
+        <option value="admin">Admin</option>
+      </select>
+      <select id="user-status-filter" onchange="filterUsers()">
+        <option value="">Alle Status</option>
+        <option value="active">Aktiv</option>
+        <option value="pending">Ausstehend</option>
+        <option value="banned">Gesperrt</option>
+        <option value="rejected">Abgelehnt</option>
+      </select>
+      <span class="filter-count" id="user-count"></span>
+    </div>
+    <div class="tbl-wrap">
+      <table>
+        <thead><tr>
+          <th>ID</th><th>Benutzername</th><th>E-Mail</th><th>Rolle</th><th>Status</th><th>Registriert</th><th>Aktionen</th>
+        </tr></thead>
+        <tbody id="users-tbody"></tbody>
+      </table>
+    </div>
+  </div>
+
+  <!-- PENDING TAB -->
+  <div class="section" id="section-pending">
+    <p style="font-size:13px;color:var(--slate-500);margin-bottom:16px">Lehrerkkonten warten auf Genehmigung.</p>
+    <div class="tbl-wrap">
+      <table>
+        <thead><tr>
+          <th>ID</th><th>Benutzername</th><th>E-Mail</th><th>Registriert</th><th>Aktionen</th>
+        </tr></thead>
+        <tbody id="pending-tbody"></tbody>
+      </table>
+    </div>
+  </div>
+
+  <!-- TICKETS TAB -->
+  <div class="section" id="section-tickets">
+    <div class="filter-bar">
+      <select id="ticket-status-filter" onchange="filterTickets()">
+        <option value="">Alle Status</option>
+        <option value="open">Offen</option>
+        <option value="in_progress">In Bearbeitung</option>
+        <option value="closed">Geschlossen</option>
+      </select>
+      <span class="filter-count" id="ticket-count"></span>
+    </div>
+    <div class="tbl-wrap">
+      <table>
+        <thead><tr>
+          <th>ID</th><th>Von</th><th>Betreff</th><th>Status</th><th>Erstellt</th><th>Aktionen</th>
+        </tr></thead>
+        <tbody id="tickets-tbody"></tbody>
+      </table>
+    </div>
+  </div>
+
+  <!-- USAGE TAB -->
+  <div class="section" id="section-usage">
+    <div class="tbl-wrap">
+      <table>
+        <thead><tr>
+          <th>Benutzername</th><th>Rolle</th><th>Stundenplan</th><th>Hausaufgaben</th><th>Noten</th><th>Fehlzeiten</th><th>Todos</th><th>Countdowns</th><th>Links</th><th>Tickets</th>
+        </tr></thead>
+        <tbody id="usage-tbody"></tbody>
+      </table>
+    </div>
+  </div>
+
+  <!-- LOGS TAB -->
+  <div class="section" id="section-logs">
+    <div class="tbl-wrap">
+      <table>
+        <thead><tr>
+          <th>Zeit</th><th>Admin</th><th>Aktion</th><th>Ziel-ID</th><th>Details</th>
+        </tr></thead>
+        <tbody id="logs-tbody"></tbody>
+      </table>
+    </div>
+  </div>
+
+</div>
+
+<!-- CONFIRM MODAL -->
+<div class="overlay" id="confirm-overlay" style="display:none">
+  <div class="modal">
+    <h3 id="confirm-title">Bestätigung</h3>
+    <p id="confirm-msg"></p>
+    <div class="modal-actions">
+      <button class="btn-cancel" onclick="closeConfirm()">Abbrechen</button>
+      <button class="btn-confirm" id="confirm-ok">Bestätigen</button>
+    </div>
+  </div>
+</div>
+
+<!-- TICKET DETAIL MODAL -->
+<div class="overlay" id="ticket-overlay" style="display:none" onclick="if(event.target===this)closeTicket()">
+  <div class="modal" style="max-width:540px">
+    <h3 id="ticket-modal-title" style="word-break:break-word"></h3>
+    <p id="ticket-modal-meta" style="font-size:12px;color:var(--slate-500);margin-bottom:8px"></p>
+    <div id="ticket-modal-thread" style="display:flex;flex-direction:column;gap:8px;max-height:320px;overflow-y:auto;padding-right:2px;margin-bottom:10px"></div>
+    <div id="ticket-modal-reply-area" style="display:flex;gap:8px;margin-bottom:4px">
+      <textarea id="ticket-modal-reply" placeholder="Als Admin antworten…" rows="2" maxlength="5000"
+        style="flex:1;border:1.5px solid var(--slate-200);border-radius:var(--r-sm);padding:8px 10px;font-size:13px;font-family:inherit;resize:none;outline:none"></textarea>
+      <button class="btn btn-blue" style="align-self:flex-end;padding:7px 14px" onclick="sendAdminReply()">Senden</button>
+    </div>
+    <div class="modal-actions" style="margin-top:8px">
+      <button class="btn-cancel" onclick="closeTicket()">Schließen</button>
+    </div>
+  </div>
+</div>
+
+<div id="toasts"></div>
+
+<script>
+function esc(s){ return String(s??'').replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;'); }
+
+function toast(msg, type='success'){
+  const el=document.createElement('div');
+  el.className=`toast ${type}`; el.textContent=msg;
+  document.getElementById('toasts').appendChild(el);
+  requestAnimationFrame(()=>requestAnimationFrame(()=>el.classList.add('show')));
+  setTimeout(()=>{ el.classList.remove('show'); setTimeout(()=>el.remove(),300); },3200);
+}
+
+async function api(method, path, body){
+  const r=await fetch('/api/'+path,{method,headers:{'Content-Type':'application/json'},body:body?JSON.stringify(body):undefined});
+  if(!r.ok){ const d=await r.json().catch(()=>({})); throw new Error(d.error||r.status); }
+  return r.json();
+}
+
+// ── AUTH GUARD ─────────────────────────────────────────────────
+async function authGuard(){
+  const r = await fetch('/api/me');
+  if(!r.ok){ location.href='/login'; return false; }
+  const d = await r.json();
+  if(d.role !== 'admin'){ location.href='/'; return false; }
+  document.getElementById('admin-username-line').textContent = `Eingeloggt als ${d.username}`;
+  return true;
+}
+
+// ── TABS ───────────────────────────────────────────────────────
+let currentTab = 'users';
+function switchTab(name){
+  document.querySelectorAll('.tab').forEach((t,i)=>{
+    const tabs=['users','pending','tickets','usage','logs'];
+    t.classList.toggle('active', tabs[i]===name);
+  });
+  document.querySelectorAll('.section').forEach(s=>s.classList.remove('active'));
+  document.getElementById('section-'+name).classList.add('active');
+  currentTab=name;
+}
+
+// ── DATA STORES ────────────────────────────────────────────────
+let allUsers=[], allTickets=[], allLogs=[], allUsage=[];
+
+// ── USERS ──────────────────────────────────────────────────────
+async function loadUsers(){
+  allUsers = await api('GET','admin/users');
+  renderStats();
+  renderUsers();
+  renderPending();
+}
+
+function renderStats(){
+  const total=allUsers.length;
+  const active=allUsers.filter(u=>u.status==='active').length;
+  const pending=allUsers.filter(u=>u.status==='pending').length;
+  const banned=allUsers.filter(u=>u.status==='banned').length;
+  document.getElementById('stats-row').innerHTML=`
+    <div class="stat-card"><div class="stat-val">${total}</div><div class="stat-label">Benutzer gesamt</div></div>
+    <div class="stat-card"><div class="stat-val" style="color:var(--green)">${active}</div><div class="stat-label">Aktiv</div></div>
+    <div class="stat-card"><div class="stat-val" style="color:var(--amber)">${pending}</div><div class="stat-label">Ausstehend</div></div>
+    <div class="stat-card"><div class="stat-val" style="color:var(--red)">${banned}</div><div class="stat-label">Gesperrt</div></div>
+  `;
+  const pb=document.getElementById('tab-badge-pending');
+  pb.textContent=pending; pb.style.display=pending?'':'none';
+}
+
+function filterUsers(){
+  const q=document.getElementById('user-search').value.toLowerCase();
+  const role=document.getElementById('user-role-filter').value;
+  const status=document.getElementById('user-status-filter').value;
+  const filtered=allUsers.filter(u=>
+    (!q || u.username.toLowerCase().includes(q) || u.email.toLowerCase().includes(q)) &&
+    (!role || u.role===role) &&
+    (!status || u.status===status)
+  );
+  document.getElementById('user-count').textContent=`${filtered.length} von ${allUsers.length}`;
+  renderUsersRows(filtered, document.getElementById('users-tbody'));
+}
+
+function renderUsers(){
+  filterUsers();
+}
+
+function renderUsersRows(users, tbody){
+  if(!users.length){ tbody.innerHTML=`<tr><td colspan="7" class="empty">Keine Benutzer gefunden</td></tr>`; return; }
+  tbody.innerHTML=users.map(u=>`
+    <tr>
+      <td style="color:var(--slate-400);font-size:12px">${u.id}</td>
+      <td><strong>${esc(u.username)}</strong></td>
+      <td style="font-size:12px;color:var(--slate-500)">${esc(u.email)}</td>
+      <td>${roleBadge(u.role)}</td>
+      <td>${statusBadge(u.status)}</td>
+      <td style="font-size:12px;color:var(--slate-400)">${fmtDate(u.created_at)}</td>
+      <td><div class="td-actions">${userActions(u)}</div></td>
+    </tr>`).join('');
+}
+
+function roleBadge(r){
+  const m={admin:'badge-purple',teacher:'badge-blue',student:'badge-green'};
+  return `<span class="badge ${m[r]||'badge-gray'}">${esc(r)}</span>`;
+}
+function statusBadge(s){
+  const m={active:'badge-green',pending:'badge-orange',banned:'badge-red',rejected:'badge-gray'};
+  return `<span class="badge ${m[s]||'badge-gray'}">${esc(s)}</span>`;
+}
+
+function userActions(u){
+  const parts=[];
+  if(u.status==='active') parts.push(`<button class="btn btn-red" onclick="banUser(${u.id},'${esc(u.username)}')">Sperren</button>`);
+  if(u.status==='banned') parts.push(`<button class="btn btn-green" onclick="unbanUser(${u.id},'${esc(u.username)}')">Entsperren</button>`);
+  if(u.role!=='admin') parts.push(`<button class="btn btn-gray" onclick="deleteUser(${u.id},'${esc(u.username)}')">Löschen</button>`);
+  return parts.join('');
+}
+
+function renderPending(){
+  const pending=allUsers.filter(u=>u.status==='pending'&&u.role==='teacher');
+  const tbody=document.getElementById('pending-tbody');
+  if(!pending.length){ tbody.innerHTML=`<tr><td colspan="5" class="empty">Keine ausstehenden Anfragen</td></tr>`; return; }
+  tbody.innerHTML=pending.map(u=>`
+    <tr>
+      <td style="color:var(--slate-400);font-size:12px">${u.id}</td>
+      <td><strong>${esc(u.username)}</strong></td>
+      <td style="font-size:12px;color:var(--slate-500)">${esc(u.email)}</td>
+      <td style="font-size:12px;color:var(--slate-400)">${fmtDate(u.created_at)}</td>
+      <td><div class="td-actions">
+        <button class="btn btn-green" onclick="approveTeacher(${u.id},'${esc(u.username)}')">Genehmigen</button>
+        <button class="btn btn-red" onclick="rejectTeacher(${u.id},'${esc(u.username)}')">Ablehnen</button>
+      </div></td>
+    </tr>`).join('');
+}
+
+async function banUser(id, name){
+  confirm2(`Benutzer "${name}" sperren?`, `Der Benutzer kann sich bis zur Entsperrung nicht anmelden.`, async()=>{
+    await api('PATCH',`admin/users/${id}`,{status:'banned'});
+    toast(`${name} gesperrt`,'success'); loadUsers();
+  });
+}
+async function unbanUser(id, name){
+  confirm2(`Benutzer "${name}" entsperren?`, `Der Benutzer kann sich wieder anmelden.`, async()=>{
+    await api('PATCH',`admin/users/${id}`,{status:'active'});
+    toast(`${name} entsperrt`,'success'); loadUsers();
+  });
+}
+async function deleteUser(id, name){
+  confirm2(`Benutzer "${name}" löschen?`, `Alle Daten dieses Benutzers werden unwiderruflich gelöscht.`, async()=>{
+    await api('DELETE',`admin/users/${id}`);
+    toast(`${name} gelöscht`,'success'); loadUsers();
+  });
+}
+async function approveTeacher(id, name){
+  await api('POST',`admin/teachers/${id}/approve`);
+  toast(`${name} genehmigt`,'success'); loadUsers();
+}
+async function rejectTeacher(id, name){
+  confirm2(`Lehrer "${name}" ablehnen?`, `Die Registrierung wird abgelehnt.`, async()=>{
+    await api('POST',`admin/teachers/${id}/reject`);
+    toast(`${name} abgelehnt`,'success'); loadUsers();
+  });
+}
+
+// ── TICKETS ────────────────────────────────────────────────────
+async function loadTickets(){
+  allTickets = await api('GET','admin/tickets');
+  filterTickets();
+  const open=allTickets.filter(t=>t.status==='open').length;
+  const tb=document.getElementById('tab-badge-tickets');
+  tb.textContent=open; tb.style.display=open?'':'none';
+}
+
+function filterTickets(){
+  const status=document.getElementById('ticket-status-filter').value;
+  const filtered=status?allTickets.filter(t=>t.status===status):allTickets;
+  document.getElementById('ticket-count').textContent=`${filtered.length} Ticket${filtered.length!==1?'s':''}`;
+  const tbody=document.getElementById('tickets-tbody');
+  if(!filtered.length){ tbody.innerHTML=`<tr><td colspan="6" class="empty">Keine Tickets</td></tr>`; return; }
+  tbody.innerHTML=filtered.map(t=>`
+    <tr>
+      <td style="color:var(--slate-400);font-size:12px">#${t.id}</td>
+      <td><strong>${esc(t.username)}</strong><br><span style="font-size:11px;color:var(--slate-400)">${esc(t.email)}</span></td>
+      <td>
+        <div style="font-weight:600">${esc(t.subject)}</div>
+        <div class="ticket-msg">${esc(t.message)}</div>
+      </td>
+      <td>${ticketStatusBadge(t.status)}</td>
+      <td style="font-size:12px;color:var(--slate-400)">${fmtDate(t.created_at)}</td>
+      <td><div class="td-actions">
+        <button class="btn btn-blue" onclick="viewTicket(${t.id})">Anzeigen</button>
+        ${t.status!=='closed'?`<button class="btn btn-gray" onclick="closeTicketAction(${t.id})">Schließen</button>`:''}
+        ${t.status==='open'?`<button class="btn btn-orange" onclick="inProgressTicket(${t.id})">In Bearbeitung</button>`:''}
+      </div></td>
+    </tr>`).join('');
+}
+
+function ticketStatusBadge(s){
+  const m={open:'badge-red',in_progress:'badge-orange',closed:'badge-green'};
+  const l={open:'Offen',in_progress:'In Bearbeitung',closed:'Geschlossen'};
+  return `<span class="badge ${m[s]||'badge-gray'}">${l[s]||esc(s)}</span>`;
+}
+
+let activeAdminTicket = null;
+
+async function viewTicket(id){
+  const t=allTickets.find(x=>x.id===id); if(!t)return;
+  activeAdminTicket=t;
+  document.getElementById('ticket-modal-title').textContent=t.subject;
+  document.getElementById('ticket-modal-meta').textContent=`Von ${esc(t.username)} (${esc(t.email)}) · ${fmtDateTime(t.created_at)}`;
+  document.getElementById('ticket-modal-reply').value='';
+  document.getElementById('ticket-modal-reply-area').style.display=t.status==='closed'?'none':'flex';
+  document.getElementById('ticket-modal-thread').innerHTML='<div style="text-align:center;color:var(--slate-400);font-size:13px;padding:8px">Laden…</div>';
+  document.getElementById('ticket-overlay').style.display='flex';
+  try{
+    const msgs=await api('GET',`tickets/${id}/messages`);
+    renderAdminThread(t,msgs);
+  }catch(e){
+    document.getElementById('ticket-modal-thread').innerHTML=`<div style="color:var(--red);font-size:12px">${esc(e.message)}</div>`;
+  }
+}
+
+function renderAdminThread(ticket, messages){
+  const wrap=document.getElementById('ticket-modal-thread');
+  const rows=[];
+  rows.push(`<div style="display:flex;flex-direction:column;align-items:flex-start">
+    <div style="background:var(--slate-100);border-radius:10px 10px 10px 4px;padding:8px 12px;font-size:13px;max-width:85%;white-space:pre-wrap;word-break:break-word">${esc(ticket.message)}</div>
+    <div style="font-size:10px;color:var(--slate-400);margin-top:3px">${esc(ticket.username)} · ${fmtDateTime(ticket.created_at)}</div>
+  </div>`);
+  messages.forEach(m=>{
+    const isAdmin=m.role==='admin';
+    rows.push(`<div style="display:flex;flex-direction:column;align-items:${isAdmin?'flex-end':'flex-start'}">
+      <div style="background:${isAdmin?'#2563eb':'var(--slate-100)'};color:${isAdmin?'#fff':'var(--slate-900)'};border-radius:${isAdmin?'10px 10px 4px 10px':'10px 10px 10px 4px'};padding:8px 12px;font-size:13px;max-width:85%;white-space:pre-wrap;word-break:break-word">${esc(m.message)}</div>
+      <div style="font-size:10px;color:var(--slate-400);margin-top:3px;text-align:${isAdmin?'right':'left'}">${isAdmin?'🛡️ Admin':''}${esc(m.username)} · ${fmtDateTime(m.created_at)}</div>
+    </div>`);
+  });
+  wrap.innerHTML=rows.join('');
+  wrap.scrollTop=wrap.scrollHeight;
+}
+
+async function sendAdminReply(){
+  if(!activeAdminTicket)return;
+  const inp=document.getElementById('ticket-modal-reply');
+  const message=inp.value.trim();
+  if(!message){ toast('Nachricht darf nicht leer sein','error'); return; }
+  try{
+    await api('POST',`tickets/${activeAdminTicket.id}/messages`,{message});
+    inp.value='';
+    await loadTickets();
+    const updated=allTickets.find(x=>x.id===activeAdminTicket.id);
+    if(updated) activeAdminTicket=updated;
+    const msgs=await api('GET',`tickets/${activeAdminTicket.id}/messages`);
+    renderAdminThread(activeAdminTicket,msgs);
+    toast('Antwort gesendet');
+  }catch(e){ toast(e.message,'error'); }
+}
+
+function closeTicket(){ document.getElementById('ticket-overlay').style.display='none'; activeAdminTicket=null; }
+
+async function closeTicketAction(id){
+  await api('PATCH',`admin/tickets/${id}`,{status:'closed'});
+  toast('Ticket geschlossen'); loadTickets();
+}
+async function inProgressTicket(id){
+  await api('PATCH',`admin/tickets/${id}`,{status:'in_progress'});
+  toast('Status aktualisiert'); loadTickets();
+}
+
+// ── USAGE ──────────────────────────────────────────────────────
+async function loadUsage(){
+  allUsage = await api('GET','admin/usage');
+  const tbody=document.getElementById('usage-tbody');
+  if(!allUsage.length){ tbody.innerHTML=`<tr><td colspan="10" class="empty">Keine Daten</td></tr>`; return; }
+  const tables=['timetable','homework','grades','absences','todos','countdowns','quicklinks','support_tickets'];
+  tbody.innerHTML=allUsage.map(u=>`
+    <tr>
+      <td><strong>${esc(u.username)}</strong></td>
+      <td>${roleBadge(u.role)}</td>
+      ${tables.map(t=>`<td style="text-align:center;font-size:13px;color:${u.counts[t]>0?'var(--slate-900)':'var(--slate-300)'}">${u.counts[t]}</td>`).join('')}
+    </tr>`).join('');
+}
+
+// ── LOGS ───────────────────────────────────────────────────────
+async function loadLogs(){
+  allLogs = await api('GET','admin/logs');
+  const tbody=document.getElementById('logs-tbody');
+  if(!allLogs.length){ tbody.innerHTML=`<tr><td colspan="5" class="empty">Keine Aktionen protokolliert</td></tr>`; return; }
+  tbody.innerHTML=allLogs.map(l=>`
+    <tr>
+      <td style="font-size:12px;color:var(--slate-400);white-space:nowrap">${fmtDateTime(l.created_at)}</td>
+      <td><strong>${esc(l.admin_username)}</strong></td>
+      <td><span class="log-action">${esc(l.action)}</span></td>
+      <td style="text-align:center;font-size:12px;color:var(--slate-500)">${l.target_id??'–'}</td>
+      <td><span class="log-details" title="${esc(l.details??'')}">${esc(l.details??'–')}</span></td>
+    </tr>`).join('');
+}
+
+// ── CONFIRM MODAL ──────────────────────────────────────────────
+let confirmCallback=null;
+function confirm2(title, msg, cb){
+  document.getElementById('confirm-title').textContent=title;
+  document.getElementById('confirm-msg').textContent=msg;
+  confirmCallback=cb;
+  document.getElementById('confirm-overlay').style.display='flex';
+}
+function closeConfirm(){ document.getElementById('confirm-overlay').style.display='none'; confirmCallback=null; }
+document.getElementById('confirm-ok').addEventListener('click',async()=>{
+  if(!confirmCallback)return;
+  const cb=confirmCallback; closeConfirm();
+  try{ await cb(); } catch(e){ toast(e.message,'error'); }
+});
+
+// ── UTILS ──────────────────────────────────────────────────────
+function fmtDate(s){ return s?new Date(s).toLocaleDateString('de-DE',{day:'2-digit',month:'2-digit',year:'numeric'}):'–'; }
+function fmtDateTime(s){ if(!s)return'–'; const d=new Date(s); return d.toLocaleDateString('de-DE',{day:'2-digit',month:'2-digit',year:'numeric'})+' '+d.toLocaleTimeString('de-DE',{hour:'2-digit',minute:'2-digit'}); }
+
+// ── INIT ───────────────────────────────────────────────────────
+(async()=>{
+  lucide.createIcons();
+  const ok = await authGuard();
+  if(!ok)return;
+  await Promise.all([loadUsers(), loadTickets()]);
+  // Lazy-load usage + logs on tab switch
+  document.querySelectorAll('.tab').forEach((t,i)=>{
+    const tabs=['users','pending','tickets','usage','logs'];
+    t.addEventListener('click',()=>{
+      if(tabs[i]==='usage') loadUsage();
+      if(tabs[i]==='logs') loadLogs();
+    });
+  });
+})();
+</script>
+</body>
+</html>
diff --git a/public/datenschutz.html b/public/datenschutz.html
new file mode 100644
index 0000000..5e6a8d9
--- /dev/null
+++ b/public/datenschutz.html
@@ -0,0 +1,149 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Datenschutzerklärung · INFO1 Dashboard</title>
+<link rel="preconnect" href="https://fonts.googleapis.com">
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
+<style>
+  * { box-sizing: border-box; margin: 0; padding: 0; }
+  body { font-family: 'Inter', -apple-system, sans-serif; background: #f8fafc; color: #0f172a; min-height: 100vh; }
+  header { background: #fff; border-bottom: 1px solid #e2e8f0; padding: 0 32px; height: 56px; display: flex; align-items: center; gap: 16px; }
+  .brand { font-size: 16px; font-weight: 800; color: #2563eb; letter-spacing: -.5px; }
+  .back { font-size: 13px; color: #64748b; text-decoration: none; margin-left: auto; }
+  .back:hover { color: #2563eb; }
+  main { max-width: 740px; margin: 48px auto; padding: 0 24px 80px; }
+  h1 { font-size: 28px; font-weight: 800; letter-spacing: -.5px; margin-bottom: 6px; }
+  .subtitle { font-size: 14px; color: #64748b; margin-bottom: 40px; }
+  section { margin-bottom: 36px; }
+  h2 { font-size: 16px; font-weight: 700; color: #0f172a; margin-bottom: 12px; padding-bottom: 8px; border-bottom: 1px solid #e2e8f0; }
+  p { font-size: 14px; line-height: 1.75; color: #334155; margin-bottom: 10px; }
+  p:last-child { margin-bottom: 0; }
+  ul { padding-left: 20px; margin-top: 6px; }
+  li { font-size: 14px; line-height: 1.75; color: #334155; margin-bottom: 4px; }
+  .tag { display: inline-block; background: #eff6ff; color: #1d4ed8; font-size: 12px; font-weight: 600; padding: 2px 9px; border-radius: 6px; margin-right: 4px; }
+  .box { background: #fff; border: 1px solid #e2e8f0; border-radius: 12px; padding: 20px 24px; }
+  a { color: #2563eb; text-decoration: none; }
+  a:hover { text-decoration: underline; }
+  table { width: 100%; border-collapse: collapse; font-size: 13px; margin-top: 8px; }
+  th { text-align: left; padding: 8px 12px; background: #f8fafc; font-weight: 600; color: #374151; border-bottom: 1px solid #e2e8f0; }
+  td { padding: 8px 12px; color: #334155; border-bottom: 1px solid #f1f5f9; vertical-align: top; }
+</style>
+</head>
+<body>
+<header>
+  <span class="brand">INFO1 Dashboard</span>
+  <a class="back" href="/">← Zurück</a>
+</header>
+<main>
+  <h1>Datenschutzerklärung</h1>
+  <p class="subtitle">Zuletzt aktualisiert: April 2026 · Gilt für info1.simon0x.xyz</p>
+
+  <section>
+    <h2>1. Verantwortlicher</h2>
+    <div class="box">
+      <p>Dieses Dashboard wird privat betrieben von einem Schüler der IFB-Berufsfachschule Rosenheim ausschließlich für interne Klassenzwecke der Klasse INFO1. Es handelt sich um kein kommerzielles Angebot.</p>
+      <p style="margin-top:10px"><strong>Kontakt:</strong> <a href="mailto:kontakt@simon0x.xyz">kontakt@simon0x.xyz</a></p>
+    </div>
+  </section>
+
+  <section>
+    <h2>2. Welche Daten werden gespeichert?</h2>
+    <table>
+      <thead>
+        <tr><th>Datenkategorie</th><th>Inhalt</th><th>Zweck</th></tr>
+      </thead>
+      <tbody>
+        <tr><td><span class="tag">Account</span></td><td>Benutzername (Klartext), Passwort als bcrypt-Hash (nicht lesbar, nicht umkehrbar)</td><td>Authentifizierung</td></tr>
+        <tr><td><span class="tag">Stundenplan</span></td><td>Fach, Raum, Lehrkraft, Uhrzeit, Wochentag</td><td>Persönliche Stundenplanverwaltung</td></tr>
+        <tr><td><span class="tag">Hausaufgaben</span></td><td>Titel, Fach, Fälligkeitsdatum, Erledigungsstatus</td><td>Aufgabenverwaltung</td></tr>
+        <tr><td><span class="tag">Noten</span></td><td>Fach, Note, Notentyp, optionale Anmerkung</td><td>Notenübersicht und Durchschnittsberechnung</td></tr>
+        <tr><td><span class="tag">Fehlzeiten</span></td><td>Datum, Fach, Grund</td><td>Fehlzeitentracking</td></tr>
+        <tr><td><span class="tag">To-Do</span></td><td>Aufgabentitel, Erledigungsstatus</td><td>Persönliche Aufgabenliste</td></tr>
+        <tr><td><span class="tag">Countdowns</span></td><td>Bezeichnung, Zieldatum</td><td>Ereignis-Countdowns</td></tr>
+        <tr><td><span class="tag">Links</span></td><td>Bezeichnung, URL</td><td>Persönliche Schnellzugriffe</td></tr>
+        <tr><td><span class="tag">Klassenkalender</span></td><td>Prüfungen und Ferieneinträge (klassenöffentlich)</td><td>Gemeinsame Terminübersicht der Klasse</td></tr>
+      </tbody>
+    </table>
+    <p style="margin-top:12px">Es werden <strong>keine</strong> Echtname, E-Mail-Adressen, IP-Adressen (dauerhaft), Gerätedaten oder Verhaltensprofile gespeichert. Es gibt kein Tracking, keine Analytics und keine Werbung.</p>
+  </section>
+
+  <section>
+    <h2>3. Wo werden die Daten gespeichert?</h2>
+    <p>Alle Daten werden in einer SQLite-Datenbank auf einem virtuellen Server der <strong>Hetzner Online GmbH</strong> (Industriestr. 25, 91710 Gunzenhausen, Deutschland) gespeichert. Der Server befindet sich physisch im Rechenzentrum Nürnberg (Deutschland) und unterliegt damit deutschem und europäischem Datenschutzrecht.</p>
+    <p>Es findet <strong>keine Übertragung in Drittländer</strong> (außerhalb der EU/EWR) statt.</p>
+    <p>Hetzner ist als Auftragsverarbeiter gem. Art. 28 DSGVO tätig. Datenschutzerklärung Hetzner: <a href="https://www.hetzner.com/legal/privacy-policy" target="_blank" rel="noopener">hetzner.com/legal/privacy-policy</a></p>
+  </section>
+
+  <section>
+    <h2>4. Rechtsgrundlage</h2>
+    <p>Die Verarbeitung erfolgt auf Grundlage von <strong>Art. 6 Abs. 1 lit. a DSGVO</strong> (Einwilligung). Du gibst deine Einwilligung durch die freiwillige Registrierung. Du kannst sie jederzeit widerrufen, indem du deinen Account löschst (siehe Abschnitt 7).</p>
+  </section>
+
+  <section>
+    <h2>5. Zugriff auf deine Daten</h2>
+    <p>Alle persönlichen Einträge (Stundenplan, Noten, Hausaufgaben usw.) sind ausschließlich für den jeweiligen Account sichtbar. <strong>Kein anderer Nutzer</strong> kann deine persönlichen Daten sehen.</p>
+    <p>Klassenkalender-Einträge (Prüfungen, Ferien) sind für alle Besucher der Seite sichtbar, da sie Klasseninformationen darstellen und keine persönlichen Daten enthalten.</p>
+    <p>Der Serverbetreiber hat technischen Zugriff auf die Datenbankdatei. Passwörter sind jedoch als bcrypt-Hash gespeichert und nicht lesbar.</p>
+  </section>
+
+  <section>
+    <h2>6. Speicherdauer</h2>
+    <p>Daten werden gespeichert bis:</p>
+    <ul>
+      <li>du deinen Account löschst (alle deine Daten werden sofort und vollständig gelöscht), oder</li>
+      <li>du eine Löschung per E-Mail anforderst, oder</li>
+      <li>das Dashboard eingestellt wird (Nutzer werden vorab informiert soweit möglich)</li>
+    </ul>
+  </section>
+
+  <section>
+    <h2>7. Deine Rechte (DSGVO Art. 15–21)</h2>
+    <ul>
+      <li><strong>Auskunft (Art. 15):</strong> Du kannst jederzeit Auskunft über deine gespeicherten Daten anfordern.</li>
+      <li><strong>Berichtigung (Art. 16):</strong> Du kannst alle Einträge direkt im Dashboard bearbeiten oder löschen.</li>
+      <li><strong>Löschung (Art. 17):</strong> Du kannst deinen Account in den Einstellungen vollständig löschen. Alle deine Daten werden dabei sofort gelöscht.</li>
+      <li><strong>Einschränkung (Art. 18):</strong> Auf Anfrage per E-Mail möglich.</li>
+      <li><strong>Widerspruch (Art. 21):</strong> Da die Verarbeitung auf Einwilligung basiert, entfällt sie mit Widerruf der Einwilligung (= Account-Löschung).</li>
+      <li><strong>Beschwerde:</strong> Du hast das Recht, bei der zuständigen Datenschutzaufsichtsbehörde Beschwerde einzulegen (Bayern: Bayerisches Landesamt für Datenschutzaufsicht, <a href="https://www.lda.bayern.de" target="_blank" rel="noopener">lda.bayern.de</a>).</li>
+    </ul>
+  </section>
+
+  <section>
+    <h2>8. Drittanbieter-Dienste</h2>
+    <table>
+      <thead><tr><th>Dienst</th><th>Zweck</th><th>Datenübertragung</th></tr></thead>
+      <tbody>
+        <tr>
+          <td><strong>Cloudflare</strong></td>
+          <td>CDN, DDoS-Schutz, HTTPS-Zertifikat</td>
+          <td>IP-Adressen werden von Cloudflare temporär verarbeitet (EU-Server möglich). Cloudflare speichert keine Inhalte dauerhaft. <a href="https://www.cloudflare.com/privacypolicy/" target="_blank" rel="noopener">Datenschutzerklärung</a></td>
+        </tr>
+        <tr>
+          <td><strong>Open-Meteo API</strong></td>
+          <td>Wetterdaten für Rosenheim</td>
+          <td>Anfragen gehen direkt vom Browser an api.open-meteo.com. Es werden nur Koordinaten übertragen, keine personenbezogenen Daten. <a href="https://open-meteo.com/en/terms" target="_blank" rel="noopener">Nutzungsbedingungen</a></td>
+        </tr>
+        <tr>
+          <td><strong>Google Fonts</strong></td>
+          <td>Schriftart Inter</td>
+          <td>Beim ersten Laden wird die Schriftart von Google-Servern geladen. Dabei wird deine IP-Adresse an Google übertragen. <a href="https://policies.google.com/privacy" target="_blank" rel="noopener">Datenschutzerklärung</a>. Falls unerwünscht: Seite funktioniert auch mit System-Schriftart.</td>
+        </tr>
+      </tbody>
+    </table>
+  </section>
+
+  <section>
+    <h2>9. Sicherheit</h2>
+    <ul>
+      <li>Passwörter werden ausschließlich als bcrypt-Hash (Cost-Factor 12) gespeichert – niemals im Klartext</li>
+      <li>Alle Verbindungen laufen über HTTPS (TLS via Cloudflare)</li>
+      <li>Anmeldeversuch-Begrenzung: max. 10 Versuche pro 15 Minuten pro IP-Adresse</li>
+      <li>Session-Cookies sind als HttpOnly gesetzt (kein JavaScript-Zugriff)</li>
+      <li>Jeder Nutzer sieht nur seine eigenen Daten (serverseitige Filterung)</li>
+    </ul>
+  </section>
+</main>
+</body>
+</html>
diff --git a/public/favicon.svg b/public/favicon.svg
new file mode 100644
index 0000000..05d501a
--- /dev/null
+++ b/public/favicon.svg
@@ -0,0 +1,7 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32">
+  <rect width="32" height="32" rx="6" fill="#2563eb"/>
+  <polygon points="16,7 29,13 16,19 3,13" fill="white"/>
+  <path d="M9.5,15.5 L9.5,22 Q16,26 22.5,22 L22.5,15.5" fill="white"/>
+  <line x1="29" y1="13" x2="29" y2="20.5" stroke="white" stroke-width="2" stroke-linecap="round"/>
+  <circle cx="29" cy="22" r="1.8" fill="white"/>
+</svg>
diff --git a/public/index.html b/public/index.html
new file mode 100644
index 0000000..3260fb4
--- /dev/null
+++ b/public/index.html
@@ -0,0 +1,1967 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>IFB · INFO1 Dashboard</title>
+<link rel="icon" type="image/svg+xml" href="/favicon.svg">
+<link rel="preconnect" href="https://fonts.googleapis.com">
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap" rel="stylesheet">
+<script src="https://unpkg.com/lucide@latest/dist/umd/lucide.min.js"></script>
+<style>
+:root {
+  --blue: #2563eb; --blue-d: #1d4ed8;
+  --blue-50: #eff6ff; --blue-100: #dbeafe;
+  --n-0: #ffffff;
+  --n-50: #f9fafb; --n-100: #f3f4f6; --n-150: #eaecf0;
+  --n-200: #e5e7eb; --n-300: #d1d5db; --n-400: #9ca3af;
+  --n-500: #6b7280; --n-600: #4b5563; --n-700: #374151;
+  --n-800: #1f2937; --n-900: #111827;
+  --green: #16a34a; --green-50: #f0fdf4;
+  --red: #dc2626; --red-50: #fef2f2;
+  --amber: #d97706; --amber-50: #fffbeb;
+  --bg: #f4f6f9;
+  --surface: #ffffff;
+  --surface-2: #f9fafb;
+  --border: #e5e7eb;
+  --border-subtle: #f0f2f5;
+  --text: #111827;
+  --text-2: #374151;
+  --text-muted: #6b7280;
+  --text-subtle: #9ca3af;
+  --shadow-xs: 0 1px 2px rgba(0,0,0,.04);
+  --shadow-sm: 0 1px 3px rgba(0,0,0,.06), 0 1px 2px rgba(0,0,0,.04);
+  --shadow: 0 2px 8px rgba(0,0,0,.06), 0 1px 2px rgba(0,0,0,.04);
+  --shadow-lg: 0 8px 24px rgba(0,0,0,.08), 0 2px 6px rgba(0,0,0,.04);
+  --shadow-xl: 0 20px 40px rgba(0,0,0,.1), 0 4px 8px rgba(0,0,0,.04);
+  --r-xs: 4px; --r-sm: 6px; --r: 10px; --r-lg: 12px; --r-xl: 16px;
+}
+
+body.dark {
+  --blue-50: #172554; --blue-100: #1e3a8a;
+  --n-50: #1a1f2e; --n-100: #202637; --n-150: #262d3f;
+  --n-200: #2d3548; --n-300: #3a4459; --n-400: #5d6d84;
+  --n-500: #7e90a8; --n-600: #9dafC5; --n-700: #b8cad9;
+  --n-800: #d4e0ec; --n-900: #eaf0f8;
+  --green-50: #052e16; --red-50: #300; --amber-50: #2d1a00;
+  --bg: #141820;
+  --surface: #1a1f2e;
+  --surface-2: #202637;
+  --border: #2d3548;
+  --border-subtle: #262d3f;
+  --text: #eaf0f8; --text-2: #b8cad9;
+  --text-muted: #7e90a8; --text-subtle: #5d6d84;
+  --shadow-xs: 0 1px 2px rgba(0,0,0,.25);
+  --shadow-sm: 0 1px 3px rgba(0,0,0,.3), 0 1px 2px rgba(0,0,0,.2);
+  --shadow: 0 2px 8px rgba(0,0,0,.35), 0 1px 2px rgba(0,0,0,.2);
+  --shadow-lg: 0 8px 24px rgba(0,0,0,.45), 0 2px 6px rgba(0,0,0,.25);
+  --shadow-xl: 0 20px 40px rgba(0,0,0,.55), 0 4px 8px rgba(0,0,0,.3);
+}
+
+*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+
+body {
+  font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif;
+  font-size: 14px;
+  line-height: 1.5;
+  background: var(--bg);
+  color: var(--text);
+  min-height: 100vh;
+  display: flex;
+  flex-direction: column;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+/* ── HEADER ──────────────────────────────────────────────── */
+
+header {
+  background: var(--surface);
+  border-bottom: 1px solid var(--border);
+  padding: 0 20px;
+  height: 54px;
+  display: flex;
+  align-items: center;
+  gap: 0;
+  position: sticky;
+  top: 0;
+  z-index: 100;
+  flex-shrink: 0;
+}
+
+.brand {
+  display: flex;
+  align-items: center;
+  gap: 9px;
+  text-decoration: none;
+  user-select: none;
+  flex-shrink: 0;
+}
+
+.brand-mark {
+  width: 30px;
+  height: 30px;
+  background: var(--blue);
+  border-radius: 7px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  font-size: 13px;
+  font-weight: 800;
+  color: #fff;
+  letter-spacing: -.5px;
+  flex-shrink: 0;
+}
+
+.brand-text { display: flex; flex-direction: column; line-height: 1.2; }
+.brand-sub { font-size: 10px; color: var(--text-subtle); font-weight: 500; letter-spacing: .2px; }
+.brand-name { font-size: 14px; font-weight: 700; color: var(--text); letter-spacing: -.3px; }
+
+.h-sep { width: 1px; height: 18px; background: var(--border); margin: 0 14px; flex-shrink: 0; }
+.h-spacer { flex: 1; }
+.h-right { display: flex; align-items: center; gap: 8px; }
+
+#weather {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  font-size: 12px;
+  color: var(--text-muted);
+  background: var(--surface-2);
+  border: 1px solid var(--border);
+  border-radius: var(--r-sm);
+  padding: 3px 9px;
+  height: 28px;
+}
+
+#clock {
+  font-size: 12px;
+  color: var(--text-subtle);
+  font-weight: 500;
+  font-variant-numeric: tabular-nums;
+  white-space: nowrap;
+}
+
+.h-icon-btn {
+  width: 30px; height: 30px;
+  border-radius: var(--r-sm);
+  border: none;
+  background: none;
+  cursor: pointer;
+  display: flex; align-items: center; justify-content: center;
+  font-size: 15px;
+  color: var(--text-muted);
+  transition: background .12s;
+  font-family: inherit;
+}
+.h-icon-btn:hover { background: var(--n-100); }
+body.dark #btn-dark { color: #f1c40f; }
+
+.h-btn {
+  display: inline-flex; align-items: center; justify-content: center; gap: 4px;
+  height: 30px; padding: 0 12px;
+  border-radius: var(--r-sm);
+  font-size: 12px; font-weight: 600; font-family: inherit;
+  cursor: pointer;
+  transition: background .1s, color .1s, border-color .1s;
+  text-decoration: none; white-space: nowrap;
+  border: 1px solid var(--border);
+  background: none; color: var(--text-muted);
+}
+.h-btn:hover { background: var(--n-100); color: var(--text); }
+.h-btn-primary { background: var(--blue); color: #fff; border-color: var(--blue); }
+.h-btn-primary:hover { background: var(--blue-d); border-color: var(--blue-d); color: #fff; }
+
+/* Legacy class aliases */
+.btn-sm { display: inline-flex; align-items: center; gap: 4px; height: 30px; padding: 0 12px; border-radius: var(--r-sm); font-size: 12px; font-weight: 600; font-family: inherit; cursor: pointer; transition: background .1s; text-decoration: none; white-space: nowrap; border: 1px solid var(--border); background: none; color: var(--text-muted); }
+.btn-sm:hover { background: var(--n-100); color: var(--text); }
+.btn-primary-sm { background: var(--blue); color: #fff; border-color: var(--blue); }
+.btn-primary-sm:hover { background: var(--blue-d); border-color: var(--blue-d); }
+
+.avatar {
+  width: 30px; height: 30px;
+  border-radius: 50%;
+  background: var(--blue);
+  color: #fff;
+  display: flex; align-items: center; justify-content: center;
+  font-weight: 600; font-size: 12px;
+  cursor: pointer;
+  position: relative;
+  flex-shrink: 0;
+  user-select: none;
+  transition: opacity .12s;
+}
+.avatar:hover { opacity: .85; }
+
+.dropdown {
+  position: absolute;
+  top: calc(100% + 6px);
+  right: 0;
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--r-lg);
+  box-shadow: var(--shadow-lg);
+  min-width: 190px;
+  overflow: hidden;
+  display: none;
+  z-index: 200;
+  padding: 5px;
+}
+.dropdown.open { display: block; }
+.dd-item {
+  display: flex; align-items: center; gap: 8px;
+  padding: 7px 10px;
+  font-size: 13px; font-weight: 500;
+  cursor: pointer;
+  color: var(--text-2);
+  border-radius: var(--r-sm);
+  transition: background .1s;
+  text-decoration: none;
+  user-select: none;
+}
+.dd-item:hover { background: var(--n-100); }
+.dd-item.danger { color: var(--red); }
+.dd-item.danger:hover { background: var(--red-50); }
+.dd-item.meta { color: var(--text-subtle); font-size: 11px; cursor: default; }
+.dd-item.meta:hover { background: none; }
+.dd-sep { height: 1px; background: var(--border-subtle); margin: 4px 0; }
+
+/* ── BANNER ──────────────────────────────────────────────── */
+
+#banner {
+  background: var(--blue);
+  padding: 0 20px;
+  display: flex;
+  align-items: center;
+  gap: 14px;
+  flex-wrap: wrap;
+  min-height: 44px;
+  flex-shrink: 0;
+}
+
+.banner-label { font-size: 13px; font-weight: 500; color: rgba(255,255,255,.92); white-space: nowrap; }
+.banner-chips { display: flex; gap: 5px; flex-wrap: wrap; flex: 1; }
+.chip {
+  background: rgba(255,255,255,.15);
+  border: 1px solid rgba(255,255,255,.2);
+  border-radius: var(--r-sm);
+  padding: 2px 8px;
+  font-size: 11px; font-weight: 500;
+  color: rgba(255,255,255,.9);
+}
+.banner-cta {
+  background: rgba(255,255,255,.95);
+  color: var(--blue);
+  font-size: 12px; font-weight: 600;
+  border: none;
+  padding: 6px 14px;
+  border-radius: var(--r-sm);
+  cursor: pointer;
+  white-space: nowrap;
+  font-family: inherit;
+  flex-shrink: 0;
+  transition: background .12s;
+}
+.banner-cta:hover { background: #fff; }
+
+/* ── MAIN LAYOUT ─────────────────────────────────────────── */
+
+main {
+  flex: 1;
+  width: 100%;
+  max-width: 1380px;
+  margin: 0 auto;
+  padding: 20px 20px 28px;
+  display: flex;
+  flex-direction: column;
+  gap: 20px;
+}
+
+.main-grid {
+  display: grid;
+  grid-template-columns: 1fr 296px;
+  gap: 16px;
+  align-items: start;
+}
+
+.col-primary {
+  display: flex;
+  flex-direction: column;
+  gap: 14px;
+  min-width: 0;
+}
+
+.col-secondary {
+  display: flex;
+  flex-direction: column;
+  gap: 14px;
+  min-width: 0;
+}
+
+.card-pair {
+  display: grid;
+  grid-template-columns: 1fr 1fr;
+  gap: 14px;
+  align-items: start;
+}
+
+/* ── CARD ────────────────────────────────────────────────── */
+
+.card {
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--r-lg);
+  overflow: hidden;
+  box-shadow: var(--shadow-xs);
+}
+
+.card-head {
+  padding: 12px 16px 10px;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 10px;
+  border-bottom: 1px solid var(--border-subtle);
+}
+
+.card-title {
+  font-size: 12px;
+  font-weight: 600;
+  color: var(--text-muted);
+  display: flex; align-items: center; gap: 6px;
+  line-height: 1;
+  text-transform: uppercase;
+  letter-spacing: .4px;
+}
+.card-title .ci { font-size: 13px; }
+
+.card-actions { display: flex; align-items: center; gap: 6px; flex-shrink: 0; }
+
+.card-body { padding: 14px 16px; }
+.card-body-flush { padding: 0; }
+
+/* Card action buttons */
+.add-btn {
+  display: inline-flex; align-items: center; gap: 4px;
+  height: 26px; padding: 0 10px;
+  border-radius: var(--r-sm);
+  font-size: 11px; font-weight: 600; font-family: inherit;
+  cursor: pointer;
+  background: var(--blue); color: #fff;
+  border: 1px solid var(--blue);
+  transition: background .1s;
+  white-space: nowrap;
+}
+.add-btn:hover { background: var(--blue-d); border-color: var(--blue-d); }
+
+.print-btn {
+  display: inline-flex; align-items: center; gap: 4px;
+  height: 26px; padding: 0 10px;
+  border-radius: var(--r-sm);
+  font-size: 11px; font-weight: 600; font-family: inherit;
+  cursor: pointer;
+  background: none; color: var(--text-muted);
+  border: 1px solid var(--border);
+  transition: background .1s;
+}
+.print-btn:hover { background: var(--n-100); color: var(--text); }
+
+/* ── SKELETON ────────────────────────────────────────────── */
+
+.sk {
+  background: linear-gradient(90deg, var(--n-100) 25%, var(--n-150) 50%, var(--n-100) 75%);
+  background-size: 200%;
+  animation: shimmer 1.6s infinite;
+  border-radius: var(--r-xs);
+}
+@keyframes shimmer { 0%{background-position:200% 0} 100%{background-position:-200% 0} }
+.sk-line { height: 12px; margin-bottom: 8px; }
+.sk-line.short { width: 55%; }
+
+/* ── TIMETABLE ───────────────────────────────────────────── */
+
+.tt-wrap { overflow-x: auto; }
+.tt-grid {
+  display: grid;
+  grid-template-columns: 52px repeat(5, 1fr);
+  border: 1px solid var(--border);
+  border-radius: var(--r-sm);
+  overflow: hidden;
+  min-width: 380px;
+}
+.tt-cell {
+  border-right: 1px solid var(--border-subtle);
+  border-bottom: 1px solid var(--border-subtle);
+  min-height: 52px;
+  position: relative;
+}
+.tt-cell:last-child, .tt-cell.no-right { border-right: none; }
+.tt-cell.no-bot { border-bottom: none; }
+.tt-head {
+  background: var(--surface-2);
+  padding: 7px 5px;
+  font-size: 10px; font-weight: 700;
+  text-align: center;
+  color: var(--text-muted);
+  letter-spacing: .5px; text-transform: uppercase;
+  min-height: auto;
+}
+.tt-head.today-col { color: var(--blue); background: var(--blue-50); }
+.tt-time {
+  background: var(--surface-2);
+  padding: 5px 7px;
+  display: flex; flex-direction: column; justify-content: center; gap: 1px;
+}
+.tt-time-num { font-size: 11px; font-weight: 600; color: var(--text-muted); }
+.tt-time-val { font-size: 9px; color: var(--text-subtle); }
+.tt-lesson {
+  position: absolute; inset: 3px;
+  border-radius: 5px; padding: 5px 7px;
+  overflow: hidden;
+  border-left: 2.5px solid transparent;
+}
+.tt-lesson-subj { font-size: 11px; font-weight: 700; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; }
+.tt-lesson-meta { font-size: 9px; opacity: .7; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; margin-top: 1px; }
+.tt-del {
+  position: absolute; top: 3px; right: 4px;
+  font-size: 11px; cursor: pointer;
+  opacity: 0;
+  border: none; background: none; font-family: inherit; color: inherit; padding: 0; line-height: 1;
+}
+.tt-lesson:hover .tt-del { opacity: .5; }
+.tt-lesson:hover .tt-del:hover { opacity: 1; }
+.tt-pending { text-align: center; font-size: 13px; color: var(--text-subtle); padding: 28px 0; font-weight: 500; }
+
+/* Placeholder TT */
+.ph-tt { display: grid; grid-template-columns: repeat(5, 1fr); gap: 6px; }
+.ph-col { display: flex; flex-direction: column; gap: 4px; }
+.ph-head { text-align: center; font-size: 10px; font-weight: 700; color: var(--text-muted); padding: 4px 0; text-transform: uppercase; letter-spacing: .5px; }
+.ph-head.today { color: var(--blue); }
+.ph-slot { height: 52px; border-radius: 7px; }
+
+/* ── EVENTS ──────────────────────────────────────────────── */
+
+.ev-item {
+  display: flex; align-items: center; gap: 11px;
+  padding: 8px 0;
+  border-bottom: 1px solid var(--border-subtle);
+}
+.ev-item:last-child { border-bottom: none; }
+.ev-days {
+  font-size: 18px; font-weight: 800; min-width: 36px; text-align: center;
+  letter-spacing: -1px; font-variant-numeric: tabular-nums; line-height: 1;
+}
+.ev-info { flex: 1; min-width: 0; }
+.ev-title { font-size: 13px; font-weight: 500; display: flex; align-items: center; gap: 6px; flex-wrap: wrap; color: var(--text); }
+.ev-date { font-size: 11px; color: var(--text-muted); margin-top: 2px; }
+.ev-del {
+  color: var(--text-subtle); cursor: pointer;
+  font-size: 12px; border: none; background: none;
+  padding: 4px; border-radius: var(--r-sm); flex-shrink: 0;
+  opacity: 0; transition: opacity .1s, color .1s;
+}
+.ev-item:hover .ev-del { opacity: 1; }
+.ev-del:hover { color: var(--red); }
+
+/* ── BADGES ──────────────────────────────────────────────── */
+
+.badge {
+  font-size: 10px; font-weight: 600;
+  padding: 1px 5px; border-radius: var(--r-xs);
+  letter-spacing: .1px; white-space: nowrap;
+}
+.badge-red { background: #fee2e2; color: #dc2626; }
+.badge-orange { background: #fef3c7; color: #b45309; }
+.badge-blue { background: var(--blue-100); color: #1d4ed8; }
+.badge-green { background: #dcfce7; color: #15803d; }
+
+/* ── HOMEWORK ────────────────────────────────────────────── */
+
+.hw-item {
+  display: flex; align-items: flex-start; gap: 9px;
+  padding: 8px 0;
+  border-bottom: 1px solid var(--border-subtle);
+}
+.hw-item:last-child { border-bottom: none; }
+.check {
+  width: 16px; height: 16px;
+  border-radius: 4px;
+  border: 1.5px solid var(--n-300);
+  cursor: pointer;
+  display: flex; align-items: center; justify-content: center;
+  flex-shrink: 0; margin-top: 2px;
+  transition: all .14s; font-size: 9px; color: transparent;
+}
+.check.done { background: var(--green); border-color: var(--green); color: #fff; }
+.hw-body { flex: 1; min-width: 0; }
+.hw-title { font-size: 13px; font-weight: 500; color: var(--text); line-height: 1.35; }
+.hw-title.crossed { text-decoration: line-through; color: var(--text-muted); }
+.hw-meta { font-size: 11px; color: var(--text-muted); margin-top: 2px; display: flex; align-items: center; gap: 4px; flex-wrap: wrap; }
+
+.del-btn {
+  color: var(--text-subtle); cursor: pointer;
+  font-size: 12px; border: none; background: none;
+  flex-shrink: 0; padding: 4px; border-radius: var(--r-sm);
+  opacity: 0; transition: opacity .1s, color .1s;
+  font-family: inherit;
+}
+.hw-item:hover .del-btn,
+.grade-row:hover .del-btn,
+.ab-item:hover .del-btn,
+.todo-item:hover .del-btn,
+.cd-item:hover .del-btn,
+.file-item:hover .del-btn { opacity: 1; }
+.del-btn:hover { color: var(--red); }
+
+/* ── GRADES ──────────────────────────────────────────────── */
+
+.grade-row {
+  display: flex; align-items: center; gap: 10px;
+  padding: 8px 0;
+  border-bottom: 1px solid var(--border-subtle);
+}
+.grade-row:last-child { border-bottom: none; }
+.grade-info { flex: 1; min-width: 0; }
+.grade-subj { font-size: 13px; font-weight: 500; color: var(--text); }
+.grade-type { font-size: 11px; color: var(--text-muted); margin-top: 1px; }
+.grade-note { font-size: 11px; color: var(--text-muted); }
+.grade-val {
+  font-size: 13px; font-weight: 700;
+  min-width: 30px; text-align: center;
+  padding: 3px 6px; border-radius: 5px;
+  font-variant-numeric: tabular-nums;
+}
+.g1,.g2 { background: #dcfce7; color: #166534; }
+.g3 { background: #fef9c3; color: #854d0e; }
+.g4 { background: #ffedd5; color: #c2410c; }
+.g5,.g6 { background: #fee2e2; color: #991b1b; }
+.grade-avg {
+  display: flex; justify-content: space-between; align-items: center;
+  padding-top: 12px; margin-top: 2px;
+  border-top: 1px solid var(--border-subtle);
+}
+.grade-avg-label { font-size: 11px; color: var(--text-muted); font-weight: 500; }
+.grade-avg-val { font-size: 24px; font-weight: 800; color: var(--blue); letter-spacing: -1px; }
+.grade-avg-sub { font-size: 10px; color: var(--text-subtle); margin-top: 2px; }
+
+/* ── ABSENCES ────────────────────────────────────────────── */
+
+.ab-item {
+  display: flex; align-items: flex-start; gap: 10px;
+  padding: 7px 0;
+  border-bottom: 1px solid var(--border-subtle);
+}
+.ab-item:last-child { border-bottom: none; }
+.ab-date { font-size: 11px; font-weight: 600; min-width: 70px; color: var(--text-muted); padding-top: 1px; }
+.ab-info { flex: 1; }
+.ab-subj { font-size: 13px; font-weight: 500; color: var(--text); }
+.ab-reason { font-size: 11px; color: var(--text-muted); margin-top: 1px; }
+.ab-total { font-size: 11px; color: var(--text-muted); font-weight: 500; margin-top: 10px; padding-top: 10px; border-top: 1px solid var(--border-subtle); }
+
+/* ── TODOS ───────────────────────────────────────────────── */
+
+.todo-item {
+  display: flex; align-items: center; gap: 9px;
+  padding: 7px 0;
+  border-bottom: 1px solid var(--border-subtle);
+}
+.todo-item:last-child { border-bottom: none; }
+.todo-check {
+  width: 16px; height: 16px;
+  border-radius: 50%;
+  border: 1.5px solid var(--n-300);
+  cursor: pointer;
+  display: flex; align-items: center; justify-content: center;
+  flex-shrink: 0; font-size: 9px; color: transparent;
+  transition: all .14s;
+}
+.todo-check.done { background: var(--blue); border-color: var(--blue); color: #fff; }
+.todo-title { flex: 1; font-size: 13px; font-weight: 500; color: var(--text); }
+.todo-title.crossed { text-decoration: line-through; color: var(--text-muted); font-weight: 400; }
+
+/* ── COUNTDOWNS ──────────────────────────────────────────── */
+
+.cd-item {
+  display: flex; align-items: center; gap: 10px;
+  padding: 8px 0;
+  border-bottom: 1px solid var(--border-subtle);
+}
+.cd-item:last-child { border-bottom: none; }
+.cd-days { font-size: 18px; font-weight: 800; color: var(--blue); min-width: 36px; text-align: center; letter-spacing: -1px; font-variant-numeric: tabular-nums; line-height: 1; }
+.cd-days.past { color: var(--text-subtle); font-size: 14px; }
+.cd-info { flex: 1; }
+.cd-title { font-size: 13px; font-weight: 500; color: var(--text); }
+.cd-date { font-size: 11px; color: var(--text-muted); margin-top: 1px; }
+
+/* ── QUICKLINKS ──────────────────────────────────────────── */
+
+.ql-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(80px, 1fr)); gap: 6px; }
+.ql-item {
+  display: flex; flex-direction: column; align-items: center; gap: 5px;
+  padding: 10px 6px;
+  background: var(--surface-2);
+  border: 1px solid var(--border);
+  border-radius: var(--r);
+  text-decoration: none;
+  color: var(--text-muted);
+  font-size: 11px; font-weight: 500;
+  text-align: center;
+  transition: border-color .12s, background .12s, color .12s;
+  position: relative; cursor: pointer;
+  line-height: 1.3;
+}
+.ql-item:hover { background: var(--blue-50); border-color: var(--blue); color: var(--blue); }
+.ql-icon { font-size: 18px; line-height: 1; }
+.ql-del { position: absolute; top: 3px; right: 4px; font-size: 10px; color: var(--text-subtle); display: none; border: none; background: none; cursor: pointer; line-height: 1; }
+.ql-item:hover .ql-del { display: block; }
+.ql-del:hover { color: var(--red); }
+
+/* ── EMPTY STATE ─────────────────────────────────────────── */
+
+.empty { text-align: center; color: var(--text-subtle); font-size: 13px; padding: 24px 0; font-weight: 500; }
+
+/* ── CHAT ────────────────────────────────────────────────── */
+
+.chat-msgs {
+  height: 240px; overflow-y: auto;
+  display: flex; flex-direction: column; gap: 8px;
+  padding-right: 4px;
+  scrollbar-width: thin;
+  scrollbar-color: var(--n-200) transparent;
+}
+.chat-msg { display: flex; flex-direction: column; gap: 1px; }
+.chat-msg-meta { display: flex; align-items: baseline; gap: 6px; }
+.chat-msg-user { font-size: 12px; font-weight: 600; color: var(--blue); }
+.chat-msg-user.own { color: var(--green); }
+.chat-msg-time { font-size: 10px; color: var(--text-subtle); }
+.chat-msg-body { font-size: 13px; color: var(--text); line-height: 1.45; word-break: break-word; padding-left: 2px; }
+.chat-msg-del { font-size: 11px; color: var(--text-subtle); border: none; background: none; cursor: pointer; margin-left: auto; flex-shrink: 0; visibility: hidden; }
+.chat-msg:hover .chat-msg-del { visibility: visible; }
+.chat-msg-del:hover { color: var(--red); }
+.chat-input-row { display: flex; gap: 8px; margin-top: 12px; padding-top: 12px; border-top: 1px solid var(--border-subtle); }
+.chat-input {
+  flex: 1; padding: 7px 11px;
+  border: 1px solid var(--border); border-radius: var(--r-sm);
+  font-size: 13px; font-family: inherit;
+  background: var(--surface); color: var(--text);
+  outline: none; transition: border-color .12s, box-shadow .12s;
+}
+.chat-input:focus { border-color: var(--blue); box-shadow: 0 0 0 3px rgba(37,99,235,.08); }
+
+/* ── FILE STORAGE ────────────────────────────────────────── */
+
+.files-quota { margin-bottom: 12px; }
+.files-quota-bar { height: 5px; background: var(--n-100); border-radius: 99px; overflow: hidden; margin-top: 5px; }
+.files-quota-fill { height: 100%; background: var(--blue); border-radius: 99px; transition: width .3s; }
+.files-quota-fill.warn { background: var(--amber); }
+.files-quota-fill.danger { background: var(--red); }
+.files-quota-text { font-size: 11px; color: var(--text-subtle); display: flex; justify-content: space-between; margin-top: 3px; }
+.file-item { display: flex; align-items: center; gap: 10px; padding: 8px 0; border-bottom: 1px solid var(--border-subtle); }
+.file-item:last-child { border-bottom: none; }
+.file-icon { font-size: 15px; flex-shrink: 0; line-height: 1; }
+.file-info { flex: 1; min-width: 0; }
+.file-name { font-size: 13px; font-weight: 500; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; color: var(--text); }
+.file-meta { font-size: 11px; color: var(--text-muted); margin-top: 1px; }
+.file-dl { font-size: 11px; font-weight: 600; color: var(--blue); background: var(--blue-50); border: none; padding: 4px 9px; border-radius: var(--r-sm); cursor: pointer; font-family: inherit; white-space: nowrap; transition: background .1s; }
+.file-dl:hover { background: var(--blue-100); }
+.upload-drop {
+  border: 1.5px dashed var(--n-300); border-radius: var(--r-sm);
+  padding: 16px; text-align: center;
+  color: var(--text-muted); font-size: 12px;
+  margin-bottom: 12px;
+  transition: border-color .12s, background .12s;
+}
+.upload-drop.drag { border-color: var(--blue); background: var(--blue-50); color: var(--blue); }
+
+/* ── MODAL ───────────────────────────────────────────────── */
+
+.overlay {
+  position: fixed; inset: 0;
+  background: rgba(0,0,0,.45);
+  z-index: 300;
+  display: flex; align-items: center; justify-content: center;
+  padding: 16px;
+  backdrop-filter: blur(1px);
+}
+.modal {
+  background: var(--surface);
+  border-radius: var(--r-lg);
+  padding: 22px;
+  width: 100%; max-width: 400px;
+  box-shadow: var(--shadow-xl);
+  border: 1px solid var(--border);
+}
+.modal h3 { font-size: 15px; font-weight: 700; margin-bottom: 16px; color: var(--text); }
+.modal-fields { display: flex; flex-direction: column; gap: 8px; }
+.modal-fields input,
+.modal-fields select,
+.modal-fields textarea {
+  padding: 8px 11px;
+  border: 1px solid var(--border); border-radius: var(--r-sm);
+  font-size: 13px; font-family: inherit;
+  color: var(--text); background: var(--surface);
+  outline: none;
+  transition: border-color .12s, box-shadow .12s;
+}
+.modal-fields input:focus,
+.modal-fields select:focus,
+.modal-fields textarea:focus { border-color: var(--blue); box-shadow: 0 0 0 3px rgba(37,99,235,.08); }
+.modal-row { display: grid; grid-template-columns: 1fr 1fr; gap: 8px; }
+.modal-actions { display: flex; gap: 8px; margin-top: 16px; justify-content: flex-end; }
+.btn-cancel {
+  padding: 7px 15px;
+  border: 1px solid var(--border); border-radius: var(--r-sm);
+  background: none; cursor: pointer;
+  font-size: 13px; font-weight: 500; font-family: inherit;
+  color: var(--text-muted); transition: background .1s;
+}
+.btn-cancel:hover { background: var(--n-100); color: var(--text); }
+.btn-save {
+  padding: 7px 15px;
+  background: var(--blue); color: #fff;
+  border: 1px solid var(--blue); border-radius: var(--r-sm);
+  font-size: 13px; font-weight: 600; font-family: inherit;
+  cursor: pointer; transition: background .1s;
+}
+.btn-save:hover { background: var(--blue-d); }
+.btn-danger {
+  padding: 7px 15px;
+  background: var(--red); color: #fff;
+  border: 1px solid var(--red); border-radius: var(--r-sm);
+  font-size: 13px; font-weight: 600; font-family: inherit;
+  cursor: pointer;
+}
+
+/* ── SETTINGS ────────────────────────────────────────────── */
+
+.settings-section { margin-bottom: 18px; padding-bottom: 18px; border-bottom: 1px solid var(--border-subtle); }
+.settings-section:last-child { border-bottom: none; margin-bottom: 0; padding-bottom: 0; }
+.settings-label { font-size: 13px; font-weight: 600; margin-bottom: 10px; color: var(--text); }
+.settings-fields { display: flex; flex-direction: column; gap: 8px; }
+.settings-fields input {
+  padding: 8px 11px;
+  border: 1px solid var(--border); border-radius: var(--r-sm);
+  font-size: 13px; font-family: inherit;
+  background: var(--surface); color: var(--text); outline: none;
+}
+.settings-fields input:focus { border-color: var(--blue); box-shadow: 0 0 0 3px rgba(37,99,235,.08); }
+.danger-zone { background: var(--red-50); border: 1px solid #fecaca; border-radius: var(--r-sm); padding: 14px; }
+.danger-zone p { font-size: 13px; color: #7f1d1d; margin-bottom: 10px; line-height: 1.5; }
+body.dark .danger-zone { background: #300; border-color: #5a1a1a; }
+body.dark .danger-zone p { color: #fca5a5; }
+
+/* ── TOAST ───────────────────────────────────────────────── */
+
+#toasts { position: fixed; bottom: 20px; right: 20px; z-index: 400; display: flex; flex-direction: column; gap: 6px; pointer-events: none; }
+.toast {
+  background: var(--n-900);
+  color: #fff;
+  font-size: 13px; font-weight: 500;
+  padding: 9px 14px; border-radius: var(--r);
+  box-shadow: var(--shadow-lg);
+  opacity: 0; transform: translateY(6px) scale(.98);
+  transition: opacity .18s, transform .18s;
+  pointer-events: none; max-width: 300px;
+  border: 1px solid rgba(255,255,255,.06);
+}
+.toast.show { opacity: 1; transform: none; }
+.toast.success { background: #166534; }
+.toast.error { background: #991b1b; }
+
+/* ── FOOTER ──────────────────────────────────────────────── */
+
+footer {
+  background: var(--surface);
+  border-top: 1px solid var(--border);
+  padding: 13px 20px;
+  display: flex; align-items: center; justify-content: space-between;
+  flex-wrap: wrap; gap: 8px; flex-shrink: 0;
+}
+.footer-left { font-size: 11px; color: var(--text-subtle); }
+.footer-left strong { color: var(--text-muted); font-weight: 500; }
+.footer-links { display: flex; gap: 14px; }
+.footer-links a { font-size: 11px; color: var(--text-subtle); text-decoration: none; transition: color .12s; }
+.footer-links a:hover { color: var(--blue); }
+
+/* ── PRINT ───────────────────────────────────────────────── */
+
+@media print {
+  body > *:not(main) { display: none !important; }
+  .main-grid { display: block !important; }
+  .col-secondary { display: none !important; }
+  #card-tt { box-shadow: none !important; border: 1px solid #ddd !important; }
+  .col-primary > *:not(#card-tt) { display: none !important; }
+}
+
+/* ── SIDEBAR ─────────────────────────────────────────────── */
+
+.sidebar-backdrop {
+  position: fixed; inset: 0;
+  background: rgba(0,0,0,.32);
+  z-index: 150;
+  opacity: 0; pointer-events: none;
+  transition: opacity .2s;
+}
+.sidebar-backdrop.open { opacity: 1; pointer-events: all; }
+
+.sidebar {
+  position: fixed; top: 0; right: 0;
+  width: 360px; max-width: 100vw; height: 100%;
+  background: var(--bg);
+  border-left: 1px solid var(--border);
+  box-shadow: var(--shadow-lg);
+  z-index: 160;
+  transform: translateX(100%);
+  transition: transform .22s cubic-bezier(.4,0,.2,1);
+  display: flex; flex-direction: column;
+  overflow: hidden;
+}
+.sidebar.open { transform: translateX(0); }
+
+.sidebar-head {
+  height: 54px;
+  padding: 0 16px;
+  border-bottom: 1px solid var(--border);
+  display: flex; align-items: center; justify-content: space-between; gap: 10px;
+  background: var(--surface);
+  flex-shrink: 0;
+}
+.sidebar-title { font-size: 13px; font-weight: 600; color: var(--text); }
+.sidebar-close {
+  width: 28px; height: 28px;
+  border: none; background: none; cursor: pointer;
+  border-radius: var(--r-sm);
+  display: flex; align-items: center; justify-content: center;
+  font-size: 18px; line-height: 1; color: var(--text-muted);
+  transition: background .1s; font-family: inherit;
+}
+.sidebar-close:hover { background: var(--n-100); color: var(--text); }
+
+.sidebar-body {
+  flex: 1; overflow-y: auto;
+  padding: 14px;
+  display: flex; flex-direction: column; gap: 12px;
+  scrollbar-width: thin;
+  scrollbar-color: var(--n-200) transparent;
+}
+
+/* burger button badge dot (optional active state) */
+#sidebar-btn { position: relative; }
+
+/* ── RESPONSIVE ──────────────────────────────────────────── */
+
+/* ── TICKET THREAD ────────────────────────────── */
+.ticket-list-item { display:flex; align-items:center; gap:10px; padding:9px 0; border-bottom:1px solid var(--border-subtle); cursor:pointer; transition:background .1s; }
+.ticket-list-item:last-child { border-bottom:none; }
+.ticket-list-item:hover { background:var(--n-50); margin:0 -14px; padding-left:14px; padding-right:14px; border-radius:var(--r-sm); }
+.ticket-list-subj { flex:1; font-size:13px; font-weight:600; color:var(--text); }
+.ticket-list-meta { font-size:11px; color:var(--text-muted); margin-top:1px; }
+.thread-wrap { display:flex; flex-direction:column; gap:8px; max-height:360px; overflow-y:auto; margin:12px 0; padding-right:2px; scrollbar-width:thin; }
+.thread-bubble { padding:8px 12px; border-radius:var(--r-lg); font-size:13px; line-height:1.55; word-break:break-word; white-space:pre-wrap; max-width:85%; }
+.thread-bubble.mine { background:var(--blue); color:#fff; align-self:flex-end; border-bottom-right-radius:4px; }
+.thread-bubble.other { background:var(--n-100); color:var(--text); align-self:flex-start; border-bottom-left-radius:4px; }
+.thread-bubble.admin-bubble { background:var(--amber-50); color:var(--text); border:1px solid var(--border); }
+.thread-bubble-meta { font-size:10px; opacity:.65; margin-top:3px; }
+.thread-reply-row { display:flex; gap:8px; margin-top:6px; }
+.thread-reply-row textarea { flex:1; border:1.5px solid var(--border); border-radius:var(--r-sm); padding:8px 10px; font-size:13px; font-family:inherit; resize:none; outline:none; background:var(--surface); color:var(--text); transition:border-color .12s; }
+.thread-reply-row textarea:focus { border-color:var(--blue); }
+
+@media (max-width: 860px) {
+  .main-grid { grid-template-columns: 1fr; }
+}
+@media (max-width: 600px) {
+  main { padding: 12px 12px 20px; gap: 14px; }
+  .main-grid { gap: 12px; }
+  .card-pair { grid-template-columns: 1fr; }
+  header { padding: 0 12px; height: 50px; }
+  #clock { display: none; }
+  #weather { display: none; }
+  .banner-chips { display: none; }
+  .h-sep { display: none; }
+  footer { padding: 11px 14px; }
+}
+
+/* ── ICONS ───────────────────────────────────────────────── */
+.lucide {
+  display: inline-block;
+  vertical-align: -0.125em;
+  flex-shrink: 0;
+  width: 1em; height: 1em;
+  stroke-width: 2;
+}
+.card-title .lucide { width: 14px; height: 14px; }
+.chip .lucide { width: 11px; height: 11px; stroke-width: 2.5; }
+.h-icon-btn .lucide { width: 16px; height: 16px; }
+.ql-icon .lucide { width: 20px; height: 20px; }
+.file-icon .lucide { width: 16px; height: 16px; }
+.dd-item .lucide { width: 15px; height: 15px; }
+.del-btn .lucide, .ev-del .lucide { width: 13px; height: 13px; }
+.tt-del .lucide, .chat-msg-del .lucide, .ql-del .lucide { width: 11px; height: 11px; stroke-width: 2.5; }
+.check .lucide, .todo-check .lucide { width: 9px; height: 9px; stroke-width: 3; }
+.cd-days.past .lucide, .ev-days .lucide { width: 18px; height: 18px; }
+#weather .lucide { width: 14px; height: 14px; stroke-width: 1.5; }
+.print-btn .lucide { width: 13px; height: 13px; }
+.btn-sm .lucide { width: 13px; height: 13px; }
+.sidebar-close .lucide { width: 16px; height: 16px; }
+</style>
+</head>
+<body>
+
+<header>
+  <div class="brand" onclick="location.href='/'">
+    <div class="brand-mark">i1</div>
+    <div class="brand-text">
+      <span class="brand-sub">IFB-Berufsfachschule Rosenheim</span>
+      <span class="brand-name">INFO1</span>
+    </div>
+  </div>
+
+  <div class="h-sep"></div>
+  <div class="h-spacer"></div>
+
+  <div class="h-right">
+    <div id="weather">–</div>
+    <div id="clock"></div>
+    <button id="btn-dark" class="h-icon-btn" onclick="toggleDark()" title="Dark Mode"><i data-lucide="moon" aria-label="Dark Mode"></i></button>
+    <button id="sidebar-btn" class="h-icon-btn" style="display:none" onclick="openSidebar()" title="Noten, Dateien & Fehlzeiten"><i data-lucide="menu" aria-label="Seitenleiste öffnen"></i></button>
+    <div id="h-user" style="display:flex;align-items:center;gap:7px">
+      <a href="/login" class="h-btn">Anmelden</a>
+      <a href="/login?tab=register" class="h-btn h-btn-primary">Registrieren</a>
+    </div>
+  </div>
+</header>
+
+<div id="banner">
+  <div class="banner-label">Mit Account freischalten:</div>
+  <div class="banner-chips">
+    <span class="chip"><i data-lucide="calendar" aria-hidden="true"></i> Stundenplan</span>
+    <span class="chip"><i data-lucide="pencil" aria-hidden="true"></i> Hausaufgaben</span>
+    <span class="chip"><i data-lucide="graduation-cap" aria-hidden="true"></i> Noten &amp; Ø</span>
+    <span class="chip"><i data-lucide="user-x" aria-hidden="true"></i> Fehlzeiten</span>
+    <span class="chip"><i data-lucide="check-square" aria-hidden="true"></i> To-Do</span>
+    <span class="chip"><i data-lucide="timer" aria-hidden="true"></i> Countdowns</span>
+    <span class="chip"><i data-lucide="link" aria-hidden="true"></i> Links</span>
+  </div>
+  <button class="banner-cta" onclick="location.href='/login?tab=register'">Jetzt registrieren →</button>
+</div>
+
+<main>
+  <div class="main-grid">
+
+    <!-- ── PRIMARY COLUMN ──────────────────────────── -->
+    <div class="col-primary">
+
+      <!-- Timetable (logged-out placeholder) -->
+      <div class="card" id="card-tt-public">
+        <div class="card-head">
+          <div class="card-title"><i data-lucide="calendar" aria-hidden="true"></i> Stundenplan</div>
+        </div>
+        <div class="card-body">
+          <div class="ph-tt">
+            <div class="ph-col"><div class="ph-head" id="ph0">Mo</div><div class="ph-slot sk"></div><div class="ph-slot sk" style="height:40px;opacity:.6"></div><div class="ph-slot sk" style="height:40px;opacity:.4"></div></div>
+            <div class="ph-col"><div class="ph-head" id="ph1">Di</div><div class="ph-slot sk"></div><div class="ph-slot sk" style="height:40px;opacity:.6"></div><div class="ph-slot sk" style="height:40px;opacity:.4"></div></div>
+            <div class="ph-col"><div class="ph-head" id="ph2">Mi</div><div class="ph-slot sk"></div><div class="ph-slot sk" style="height:40px;opacity:.6"></div><div class="ph-slot sk" style="height:40px;opacity:.4"></div></div>
+            <div class="ph-col"><div class="ph-head" id="ph3">Do</div><div class="ph-slot sk"></div><div class="ph-slot sk" style="height:40px;opacity:.6"></div><div class="ph-slot sk" style="height:40px;opacity:.4"></div></div>
+            <div class="ph-col"><div class="ph-head" id="ph4">Fr</div><div class="ph-slot sk"></div><div class="ph-slot sk" style="height:40px;opacity:.6"></div><div class="ph-slot sk" style="height:40px;opacity:.4"></div></div>
+          </div>
+          <div class="tt-pending"><i data-lucide="clock" aria-hidden="true"></i> Wird noch eingetragen</div>
+        </div>
+      </div>
+
+      <!-- Timetable (logged-in) -->
+      <div class="card" id="card-tt" style="display:none">
+        <div class="card-head">
+          <div class="card-title"><i data-lucide="calendar" aria-hidden="true"></i> Stundenplan</div>
+          <div class="card-actions">
+            <button class="print-btn" onclick="window.print()"><i data-lucide="printer" aria-hidden="true"></i> Drucken</button>
+            <button class="add-btn" onclick="openModal('timetable')">+ Stunde</button>
+          </div>
+        </div>
+        <div class="card-body">
+          <div class="tt-wrap"><div class="tt-grid" id="tt-grid"></div></div>
+        </div>
+      </div>
+
+      <!-- Homework + Todos (pair) -->
+      <div class="card-pair" id="pair-hw-todo" style="display:none">
+        <div class="card" id="card-hw">
+          <div class="card-head">
+            <div class="card-title"><i data-lucide="pencil" aria-hidden="true"></i> Hausaufgaben</div>
+            <button class="add-btn" onclick="openModal('homework')">+ Aufgabe</button>
+          </div>
+          <div class="card-body" id="list-hw"></div>
+        </div>
+
+        <div class="card" id="card-todo">
+          <div class="card-head">
+            <div class="card-title"><i data-lucide="check-square" aria-hidden="true"></i> To-Do</div>
+            <button class="add-btn" onclick="openModal('todos')">+ Aufgabe</button>
+          </div>
+          <div class="card-body" id="list-todo"></div>
+        </div>
+      </div>
+
+    </div><!-- /col-primary -->
+
+    <!-- ── SECONDARY COLUMN ─────────────────────────── -->
+    <div class="col-secondary">
+
+      <!-- Exams (shared) -->
+      <div class="card" id="card-pruefungen">
+        <div class="card-head">
+          <div class="card-title"><i data-lucide="clipboard-list" aria-hidden="true"></i> Prüfungen &amp; Klausuren</div>
+          <button class="add-btn" id="btn-add-pruefung" style="display:none" onclick="openModal('class-events','pruefung')">+ Prüfung</button>
+        </div>
+        <div class="card-body" id="list-pruefungen"><div class="sk-line sk"></div><div class="sk-line sk short"></div></div>
+      </div>
+
+      <!-- Holidays (shared) -->
+      <div class="card" id="card-ferien">
+        <div class="card-head">
+          <div class="card-title"><i data-lucide="calendar-range" aria-hidden="true"></i> Ferien &amp; Feiertage</div>
+          <button class="add-btn" id="btn-add-ferien" style="display:none" onclick="openModal('class-events','ferien')">+ Termin</button>
+        </div>
+        <div class="card-body" id="list-ferien"><div class="sk-line sk"></div><div class="sk-line sk short"></div></div>
+      </div>
+
+      <!-- Countdowns -->
+      <div class="card" id="card-cd" style="display:none">
+        <div class="card-head">
+          <div class="card-title"><i data-lucide="timer" aria-hidden="true"></i> Countdowns</div>
+          <button class="add-btn" onclick="openModal('countdowns')">+ Countdown</button>
+        </div>
+        <div class="card-body" id="list-cd"></div>
+      </div>
+
+      <!-- Quick Links -->
+      <div class="card" id="card-ql">
+        <div class="card-head">
+          <div class="card-title"><i data-lucide="link" aria-hidden="true"></i> Schnelllinks</div>
+          <button class="add-btn" id="btn-add-ql" style="display:none" onclick="openModal('quicklinks')">+ Link</button>
+        </div>
+        <div class="card-body"><div class="ql-grid" id="ql-grid">
+          <a class="ql-item" href="https://www.ifb-schulen.de" target="_blank" rel="noopener"><span class="ql-icon"><i data-lucide="building-2" aria-hidden="true"></i></span>IFB Website</a>
+          <a class="ql-item" href="https://www.bib-info.de" target="_blank" rel="noopener"><span class="ql-icon"><i data-lucide="book-open" aria-hidden="true"></i></span>Bibliothek</a>
+        </div></div>
+      </div>
+
+    </div><!-- /col-secondary -->
+  </div><!-- /main-grid -->
+
+  <!-- Chat (full width) -->
+  <div class="card" id="card-chat" style="display:none">
+    <div class="card-head">
+      <div class="card-title"><i data-lucide="message-square" aria-hidden="true"></i> Klassen-Chat · INFO1</div>
+    </div>
+    <div class="card-body">
+      <div class="chat-msgs" id="chat-msgs"></div>
+      <div class="chat-input-row">
+        <input class="chat-input" id="chat-input" type="text" placeholder="Nachricht schreiben…" maxlength="500" autocomplete="off">
+        <button class="add-btn" onclick="sendChatMsg()">Senden</button>
+      </div>
+    </div>
+  </div>
+
+  <!-- Support Tickets (full width, logged-in) -->
+  <div class="card" id="card-tickets" style="display:none">
+    <div class="card-head">
+      <div class="card-title"><span class="ci">🎫</span> Support-Tickets</div>
+      <button class="add-btn" onclick="openNewTicket()">+ Ticket</button>
+    </div>
+    <div class="card-body" id="list-tickets"><div class="empty">Keine Tickets</div></div>
+  </div>
+
+</main>
+
+<!-- ── SIDEBAR ──────────────────────────────────────────── -->
+<div class="sidebar-backdrop" id="sidebar-backdrop" onclick="closeSidebar()"></div>
+<aside class="sidebar" id="sidebar">
+  <div class="sidebar-head">
+    <span class="sidebar-title">Noten, Dateien &amp; Fehlzeiten</span>
+    <button class="sidebar-close" onclick="closeSidebar()" aria-label="Schließen"><i data-lucide="x" aria-hidden="true"></i></button>
+  </div>
+  <div class="sidebar-body">
+
+    <div class="card" id="card-grades" style="display:none">
+      <div class="card-head">
+        <div class="card-title"><i data-lucide="graduation-cap" aria-hidden="true"></i> Noten</div>
+        <button class="add-btn" onclick="openModal('grades')">+ Note</button>
+      </div>
+      <div class="card-body" id="list-grades"></div>
+    </div>
+
+    <div class="card" id="card-files" style="display:none">
+      <div class="card-head">
+        <div class="card-title"><i data-lucide="folder" aria-hidden="true"></i> Dateispeicher</div>
+        <div class="card-actions">
+          <input type="file" id="file-input" style="display:none" multiple onchange="uploadFiles(event)">
+          <button class="add-btn" onclick="document.getElementById('file-input').click()">↑ Hochladen</button>
+        </div>
+      </div>
+      <div class="card-body" id="files-body">
+        <div class="upload-drop" id="files-drop">Dateien hier ablegen oder oben hochladen</div>
+        <div class="sk-line sk"></div>
+      </div>
+    </div>
+
+    <div class="card" id="card-ab" style="display:none">
+      <div class="card-head">
+        <div class="card-title"><i data-lucide="user-x" aria-hidden="true"></i> Fehlzeiten</div>
+        <button class="add-btn" onclick="openModal('absences')">+ Eintragen</button>
+      </div>
+      <div class="card-body" id="list-ab"></div>
+    </div>
+
+  </div>
+</aside>
+
+<footer>
+  <div class="footer-left">Daten auf <strong>Hetzner-Server, Nürnberg, Deutschland</strong> · EU-DSGVO konform</div>
+  <div class="footer-links">
+    <a href="/datenschutz">Datenschutzerklärung</a>
+  </div>
+</footer>
+
+<!-- NEW TICKET MODAL -->
+<div class="overlay" id="new-ticket-overlay" style="display:none" onclick="if(event.target===this)closeNewTicket()">
+  <div class="modal" style="max-width:460px">
+    <h3>Neues Support-Ticket</h3>
+    <div style="display:flex;flex-direction:column;gap:10px;margin:14px 0">
+      <input type="text" id="new-ticket-subject" placeholder="Betreff (max. 200 Zeichen)" maxlength="200"
+        style="padding:8px 10px;border:1.5px solid var(--border);border-radius:var(--r-sm);font-size:13px;font-family:inherit;outline:none;background:var(--surface);color:var(--text)">
+      <textarea id="new-ticket-message" placeholder="Beschreibe dein Problem…" rows="5" maxlength="5000"
+        style="padding:8px 10px;border:1.5px solid var(--border);border-radius:var(--r-sm);font-size:13px;font-family:inherit;resize:vertical;outline:none;background:var(--surface);color:var(--text)"></textarea>
+    </div>
+    <div class="modal-actions">
+      <button class="btn-cancel" onclick="closeNewTicket()">Abbrechen</button>
+      <button class="btn-save" onclick="submitNewTicket()">Absenden</button>
+    </div>
+  </div>
+</div>
+
+<!-- TICKET THREAD MODAL -->
+<div class="overlay" id="thread-overlay" style="display:none" onclick="if(event.target===this)closeThread()">
+  <div class="modal" style="max-width:520px">
+    <h3 id="thread-title" style="word-break:break-word"></h3>
+    <p id="thread-meta" style="font-size:12px;color:var(--text-muted);margin-top:3px"></p>
+    <div class="thread-wrap" id="thread-msgs"></div>
+    <div class="thread-reply-row" id="thread-reply-area">
+      <textarea id="thread-input" placeholder="Antwort schreiben…" rows="2" maxlength="5000"></textarea>
+      <button class="btn-save" onclick="sendThreadReply()">Senden</button>
+    </div>
+    <div class="modal-actions" style="margin-top:8px">
+      <button class="btn-cancel" onclick="closeThread()">Schließen</button>
+    </div>
+  </div>
+</div>
+
+<!-- DATA MODAL -->
+<div class="overlay" id="modal-overlay" style="display:none" onclick="if(event.target===this)closeModal()">
+  <div class="modal">
+    <h3 id="modal-title"></h3>
+    <div class="modal-fields" id="modal-fields"></div>
+    <div class="modal-actions">
+      <button class="btn-cancel" onclick="closeModal()">Abbrechen</button>
+      <button class="btn-save" onclick="saveModal()">Speichern</button>
+    </div>
+  </div>
+</div>
+
+<!-- SETTINGS MODAL -->
+<div class="overlay" id="settings-overlay" style="display:none" onclick="if(event.target===this)closeSettings()">
+  <div class="modal" style="max-width:420px">
+    <h3>Einstellungen</h3>
+
+    <div class="settings-section">
+      <div class="settings-label">Passwort ändern</div>
+      <div class="settings-fields">
+        <input type="password" id="pw-current" placeholder="Aktuelles Passwort">
+        <input type="password" id="pw-new" placeholder="Neues Passwort (min. 6 Zeichen)">
+        <button class="btn-save" style="align-self:flex-start" onclick="changePassword()">Ändern</button>
+      </div>
+    </div>
+
+    <div class="settings-section">
+      <div class="danger-zone">
+        <p>Account und alle gespeicherten Daten werden <strong>unwiderruflich gelöscht</strong>.</p>
+        <div class="settings-fields">
+          <input type="password" id="pw-delete" placeholder="Passwort zur Bestätigung">
+          <button class="btn-danger" style="align-self:flex-start" onclick="deleteAccount()">Account löschen</button>
+        </div>
+      </div>
+    </div>
+
+    <div class="modal-actions" style="margin-top:10px">
+      <button class="btn-cancel" onclick="closeSettings()">Schließen</button>
+    </div>
+  </div>
+</div>
+
+<div id="toasts"></div>
+
+<script>
+// ── CONSTANTS ────────────────────────────────────────────────
+const DAYS = ['Montag','Dienstag','Mittwoch','Donnerstag','Freitag'];
+const DAY_S = ['Mo','Di','Mi','Do','Fr'];
+const TIME_SLOTS = [
+  { key:'07:45', label:'1.', time:'07:45' },
+  { key:'08:30', label:'2.', time:'08:30' },
+  { key:'09:30', label:'3.', time:'09:30' },
+  { key:'10:15', label:'4.', time:'10:15' },
+  { key:'11:15', label:'5.', time:'11:15' },
+  { key:'12:00', label:'6.', time:'12:00' },
+  { key:'13:30', label:'7.', time:'13:30' },
+  { key:'14:15', label:'8.', time:'14:15' },
+];
+const GRADE_WEIGHTS = { schulaufgabe:2, kurzarbeit:1.5, stegreifaufgabe:1, muendlich:1, sonstiges:1 };
+const GRADE_TYPES = { schulaufgabe:'Schulaufgabe', kurzarbeit:'Kurzarbeit', stegreifaufgabe:'Stegreifaufgabe', muendlich:'Mündlich', sonstiges:'Sonstiges' };
+const SUBJECT_COLORS = [
+  { bg:'#eff6ff', border:'#2563eb', text:'#1e40af' },
+  { bg:'#f0fdf4', border:'#16a34a', text:'#166534' },
+  { bg:'#fef3c7', border:'#d97706', text:'#92400e' },
+  { bg:'#fdf4ff', border:'#9333ea', text:'#7e22ce' },
+  { bg:'#fff1f2', border:'#e11d48', text:'#9f1239' },
+  { bg:'#ecfdf5', border:'#059669', text:'#065f46' },
+  { bg:'#f0f9ff', border:'#0ea5e9', text:'#0c4a6e' },
+  { bg:'#fefce8', border:'#ca8a04', text:'#713f12' },
+];
+
+let currentModal = null;
+let currentModalSub = null;
+
+// ── UTILITIES ─────────────────────────────────────────────────
+function esc(s){ return String(s??'').replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;'); }
+
+function subjectColor(s){
+  let h=0; for(const c of String(s)) h=(h*31+c.charCodeAt(0))&0xffffffff;
+  return SUBJECT_COLORS[Math.abs(h)%SUBJECT_COLORS.length];
+}
+
+function daysUntil(dateStr){
+  const t=new Date(); t.setHours(0,0,0,0);
+  const d=new Date(dateStr); d.setHours(0,0,0,0);
+  return Math.round((d-t)/86400000);
+}
+
+function fmtDate(s){ return s ? new Date(s).toLocaleDateString('de-DE',{day:'2-digit',month:'2-digit',year:'numeric'}) : ''; }
+
+// ── TOAST ─────────────────────────────────────────────────────
+function toast(msg, type='success'){
+  const el=document.createElement('div');
+  el.className=`toast ${type}`; el.textContent=msg;
+  document.getElementById('toasts').appendChild(el);
+  requestAnimationFrame(()=>{ requestAnimationFrame(()=>el.classList.add('show')); });
+  setTimeout(()=>{ el.classList.remove('show'); setTimeout(()=>el.remove(),300); },3000);
+}
+
+// ── CLOCK ─────────────────────────────────────────────────────
+function tick(){
+  const n=new Date();
+  document.getElementById('clock').textContent=
+    n.toLocaleDateString('de-DE',{weekday:'short',day:'2-digit',month:'2-digit',year:'numeric'})+
+    ' · '+n.toLocaleTimeString('de-DE',{hour:'2-digit',minute:'2-digit'});
+}
+tick(); setInterval(tick,10000);
+
+// ── WEATHER ───────────────────────────────────────────────────
+async function loadWeather(){
+  try{
+    const d=await(await fetch('https://api.open-meteo.com/v1/forecast?latitude=47.857&longitude=12.128&current_weather=true')).json();
+    const w=d.current_weather;
+    const ic={0:'☀️',1:'🌤️',2:'⛅',3:'☁️',45:'🌫️',51:'🌦️',55:'🌧️',61:'🌧️',65:'🌧️',71:'🌨️',75:'❄️',80:'🌧️',95:'⛈️'};
+    document.getElementById('weather').innerHTML=`${ic[w.weathercode]||'🌡️'} <strong>${Math.round(w.temperature)}°C</strong>&thinsp;<span style="color:var(--text-subtle);font-size:10px">RO</span>`;
+  }catch{}
+}
+loadWeather();
+
+// ── API ────────────────────────────────────────────────────────
+async function api(method,path,body){
+  const r=await fetch('/api/'+path,{method,headers:{'Content-Type':'application/json'},body:body?JSON.stringify(body):undefined});
+  return r.json();
+}
+
+// ── SESSION ────────────────────────────────────────────────────
+async function init(){
+  // Highlight today on public timetable
+  const ti=(new Date().getDay()+6)%7;
+  if(ti<5) document.getElementById('ph'+ti)?.classList.add('today');
+
+  // Load shared class events immediately
+  loadClassEvents();
+
+  const r=await fetch('/api/me');
+  if(r.ok){ const d=await r.json(); loginUI(d.username,d.id,d.role); }
+}
+
+function loginUI(username,id,role){
+  document.getElementById('banner').style.display='none';
+  document.getElementById('card-tt-public').style.display='none';
+  document.getElementById('card-tt').style.display='';
+  document.getElementById('pair-hw-todo').style.display='grid';
+  document.getElementById('sidebar-btn').style.display='flex';
+  document.getElementById('card-tickets').style.display='';
+  ['card-hw','card-grades','card-ab','card-todo','card-cd','card-files'].forEach(id=>document.getElementById(id).style.display='');
+  ['btn-add-pruefung','btn-add-ferien','btn-add-ql'].forEach(id=>document.getElementById(id).style.display='');
+
+  const adminLink = role === 'admin' ? `<div class="dd-sep"></div><a class="dd-item" href="/admin">🛡️ Admin</a>` : '';
+  const adminBtn = role === 'admin' ? `<a href="/admin" class="btn-sm" style="background:#fef3c7;color:#92400e;border-color:#fde68a;font-weight:700">🛡️ Admin</a>` : '';
+  document.getElementById('h-user').innerHTML=`
+    ${adminBtn}
+    <div class="avatar" onclick="toggleDropdown(this)">
+      ${esc(username[0].toUpperCase())}
+      <div class="dropdown" id="user-dropdown">
+        <div class="dd-item meta">${esc(username)}</div>
+        <div class="dd-sep"></div>
+        <span class="dd-item" onclick="openSettings()">⚙️ Einstellungen</span>
+        ${adminLink}
+        <div class="dd-sep"></div>
+        <span class="dd-item danger" onclick="doLogout()">Abmelden</span>
+      </div>
+    </div>`;
+
+  loadAll();
+  initChat(username);
+}
+
+function toggleDropdown(el){
+  event.stopPropagation();
+  document.getElementById('user-dropdown').classList.toggle('open');
+}
+document.addEventListener('click',()=>document.getElementById('user-dropdown')?.classList.remove('open'));
+
+async function doLogout(){
+  await fetch('/api/logout',{method:'POST'});
+  location.reload();
+}
+
+// ── LOAD ALL ──────────────────────────────────────────────────
+async function loadAll(){
+  const [tt,hw,gr,ab,td,cd,ql]=await Promise.all([
+    api('GET','timetable'),api('GET','homework'),api('GET','grades'),
+    api('GET','absences'),api('GET','todos'),api('GET','countdowns'),api('GET','quicklinks')
+  ]);
+  renderTT(tt); renderHW(hw); renderGrades(gr);
+  renderAbsences(ab); renderTodos(td); renderCountdowns(cd); renderQL(ql);
+  loadFiles();
+  loadTickets();
+}
+
+async function loadClassEvents(){
+  const events=await api('GET','class-events');
+  renderPruefungen(events.filter(e=>e.type==='pruefung'));
+  renderFerien(events.filter(e=>e.type==='ferien'));
+}
+
+// ── TIMETABLE ─────────────────────────────────────────────────
+function renderTT(data){
+  const todayIdx=(new Date().getDay()+6)%7;
+  const grid=document.getElementById('tt-grid');
+  grid.innerHTML='';
+  const cols=6; // time col + 5 days
+  const rows=TIME_SLOTS.length+1; // header + slots
+
+  // Header row
+  const corner=document.createElement('div');
+  corner.className='tt-cell tt-head no-right'; corner.textContent='';
+  grid.appendChild(corner);
+  DAYS.forEach((d,i)=>{
+    const h=document.createElement('div');
+    h.className='tt-cell tt-head'+(i===todayIdx?' today-col':'')+(i===4?' no-right':'');
+    h.textContent=DAY_S[i]; grid.appendChild(h);
+  });
+
+  // Slot rows
+  TIME_SLOTS.forEach((slot,si)=>{
+    const isLast=si===TIME_SLOTS.length-1;
+    // Time label
+    const tc=document.createElement('div');
+    tc.className='tt-cell tt-time'+(isLast?' no-bot':'');
+    tc.innerHTML=`<div class="tt-time-num">${slot.label}</div><div class="tt-time-val">${slot.time}</div>`;
+    grid.appendChild(tc);
+
+    DAYS.forEach((day,di)=>{
+      const cell=document.createElement('div');
+      cell.className='tt-cell'+(isLast?' no-bot':'')+(di===4?' no-right':'');
+      const lesson=data.find(l=>l.day===day && l.time_start===slot.key);
+      if(lesson){
+        const col=subjectColor(lesson.subject||'');
+        const lel=document.createElement('div');
+        lel.className='tt-lesson';
+        lel.style.cssText=`background:${col.bg};border-left:2.5px solid ${col.border};color:${col.text}`;
+        lel.innerHTML=`<div class="tt-lesson-subj">${esc(lesson.subject||'')}</div><div class="tt-lesson-meta">${esc(lesson.room||'')}${lesson.teacher?' · '+esc(lesson.teacher):''}</div><button class="tt-del" onclick="delItem('timetable',${lesson.id})">✕</button>`;
+        cell.appendChild(lel);
+      }
+      grid.appendChild(cell);
+    });
+  });
+}
+
+// ── CLASS EVENTS ──────────────────────────────────────────────
+function renderPruefungen(data){
+  const el=document.getElementById('list-pruefungen');
+  if(!data.length){el.innerHTML='<div class="empty">Keine Prüfungen eingetragen</div>';return;}
+  el.innerHTML=data.map(e=>{
+    const diff=e.date?daysUntil(e.date):null;
+    let badge='', col='var(--blue)';
+    if(diff!==null){
+      if(diff<0){badge=`<span class="badge badge-green">Vorbei</span>`;col='var(--text-subtle)';}
+      else if(diff===0){badge=`<span class="badge badge-red">Heute</span>`;col='var(--red)';}
+      else if(diff<=7){badge=`<span class="badge badge-orange">in ${diff}d</span>`;col='var(--amber)';}
+      else{badge=`<span class="badge badge-blue">in ${diff}d</span>`;}
+    }
+    return `<div class="ev-item">
+      <div class="ev-days" style="color:${col}">${diff===null?'–':diff<0?'✓':diff}</div>
+      <div class="ev-info"><div class="ev-title">${esc(e.title)} ${badge}</div><div class="ev-date">${e.date?fmtDate(e.date):''}${e.description?' · '+esc(e.description):''}</div></div>
+      <button class="ev-del" onclick="delClassEvent(${e.id})">🗑</button>
+    </div>`;
+  }).join('');
+}
+
+function renderFerien(data){
+  const el=document.getElementById('list-ferien');
+  if(!data.length){el.innerHTML='<div class="empty">Keine Termine eingetragen</div>';return;}
+  el.innerHTML=data.map(e=>{
+    const diff=e.date?daysUntil(e.date):null;
+    const col=diff!==null&&diff<0?'var(--text-subtle)':'var(--green)';
+    return `<div class="ev-item">
+      <div class="ev-days" style="color:${col}">${diff===null?'–':diff<0?'✓':diff}</div>
+      <div class="ev-info"><div class="ev-title">${esc(e.title)}</div><div class="ev-date">${e.date?fmtDate(e.date):''}${e.date_end?' – '+fmtDate(e.date_end):''}</div></div>
+      <button class="ev-del" onclick="delClassEvent(${e.id})">🗑</button>
+    </div>`;
+  }).join('');
+}
+
+async function delClassEvent(id){
+  await api('DELETE','class-events/'+id);
+  loadClassEvents();
+  toast('Gelöscht');
+}
+
+// ── HOMEWORK ──────────────────────────────────────────────────
+function renderHW(data){
+  const el=document.getElementById('list-hw');
+  if(!data.length){el.innerHTML='<div class="empty">Keine Hausaufgaben</div>';return;}
+  const today=new Date(); today.setHours(0,0,0,0);
+  el.innerHTML=[...data].sort((a,b)=>(a.due_date||'9999').localeCompare(b.due_date||'9999')).map(h=>{
+    const due=h.due_date?new Date(h.due_date):null;
+    let badge='';
+    if(due&&!h.done){due.setHours(0,0,0,0);const d=Math.round((due-today)/86400000);
+      badge=d<0?'<span class="badge badge-red">Überfällig</span>':d===0?'<span class="badge badge-red">Heute</span>':d<=7?`<span class="badge badge-orange">in ${d}d</span>`:`<span class="badge badge-blue">in ${d}d</span>`;}
+    return `<div class="hw-item">
+      <div class="check ${h.done?'done':''}" onclick="toggle('homework',${h.id},${h.done})">${h.done?'✓':''}</div>
+      <div class="hw-body">
+        <div class="hw-title ${h.done?'crossed':''}">${esc(h.title)}</div>
+        <div class="hw-meta">${esc(h.subject||'')}${h.due_date?' · '+fmtDate(h.due_date):''} ${badge}</div>
+      </div>
+      <button class="del-btn" onclick="delItem('homework',${h.id})">🗑</button>
+    </div>`;
+  }).join('');
+}
+
+// ── GRADES ────────────────────────────────────────────────────
+function renderGrades(data){
+  const el=document.getElementById('list-grades');
+  if(!data.length){el.innerHTML='<div class="empty">Keine Noten eingetragen</div>';return;}
+  const rows=data.map(g=>{
+    const gn=Math.round(g.grade||0);
+    const typeName=GRADE_TYPES[g.type]||'Sonstiges';
+    return `<div class="grade-row">
+      <div class="grade-info">
+        <div class="grade-subj">${esc(g.subject)}</div>
+        <div class="grade-type">${typeName}${g.note?' · '+esc(g.note):''}</div>
+      </div>
+      <div class="grade-val g${Math.min(gn,6)}">${g.grade}</div>
+      <button class="del-btn" onclick="delItem('grades',${g.id})">🗑</button>
+    </div>`;
+  }).join('');
+
+  // Weighted average
+  const valid=data.filter(g=>g.grade!=null);
+  const wSum=valid.reduce((s,g)=>s+(GRADE_WEIGHTS[g.type]||1),0);
+  const wGrades=valid.reduce((s,g)=>s+g.grade*(GRADE_WEIGHTS[g.type]||1),0);
+  const wavg=wSum?wGrades/wSum:null;
+  const avg=valid.length?(valid.reduce((s,g)=>s+g.grade,0)/valid.length).toFixed(2):null;
+  const avgBlock=avg?`<div class="grade-avg">
+    <div><div class="grade-avg-label">Ø gewichtet</div><div class="grade-avg-sub">ungewichtet: ${avg}</div></div>
+    <div class="grade-avg-val">${wavg.toFixed(2)}</div>
+  </div>`:'';
+  el.innerHTML=rows+avgBlock;
+}
+
+// ── ABSENCES ──────────────────────────────────────────────────
+function renderAbsences(data){
+  const el=document.getElementById('list-ab');
+  if(!data.length){el.innerHTML='<div class="empty">Keine Fehlzeiten</div>';return;}
+  el.innerHTML=[...data].sort((a,b)=>(b.date||'').localeCompare(a.date||'')).map(a=>
+    `<div class="ab-item">
+      <div class="ab-date">${a.date?fmtDate(a.date):'–'}</div>
+      <div class="ab-info"><div class="ab-subj">${esc(a.subject||'')}</div><div class="ab-reason">${esc(a.reason||'')}</div></div>
+      <button class="del-btn" onclick="delItem('absences',${a.id})">🗑</button>
+    </div>`).join('')+`<div class="ab-total">${data.length} Fehlzeit${data.length!==1?'en':''} gesamt</div>`;
+}
+
+// ── TODOS ─────────────────────────────────────────────────────
+function renderTodos(data){
+  const el=document.getElementById('list-todo');
+  if(!data.length){el.innerHTML='<div class="empty">Keine Aufgaben</div>';return;}
+  el.innerHTML=data.map(t=>`<div class="todo-item">
+    <div class="todo-check ${t.done?'done':''}" onclick="toggle('todos',${t.id},${t.done})">${t.done?'✓':''}</div>
+    <div class="todo-title ${t.done?'crossed':''}">${esc(t.title)}</div>
+    <button class="del-btn" onclick="delItem('todos',${t.id})">🗑</button>
+  </div>`).join('');
+}
+
+// ── COUNTDOWNS ────────────────────────────────────────────────
+function renderCountdowns(data){
+  const el=document.getElementById('list-cd');
+  if(!data.length){el.innerHTML='<div class="empty">Keine Countdowns</div>';return;}
+  el.innerHTML=[...data].sort((a,b)=>(a.target_date||'').localeCompare(b.target_date||'')).map(c=>{
+    const d=daysUntil(c.target_date);
+    return `<div class="cd-item">
+      <div class="cd-days ${d<0?'past':''}">${d<0?'✓':d}</div>
+      <div class="cd-info"><div class="cd-title">${esc(c.title)}</div><div class="cd-date">${fmtDate(c.target_date)}</div></div>
+      <button class="del-btn" onclick="delItem('countdowns',${c.id})">🗑</button>
+    </div>`;
+  }).join('');
+}
+
+// ── QUICKLINKS ────────────────────────────────────────────────
+function renderQL(data){
+  if(!data.length)return;
+  const grid=document.getElementById('ql-grid');
+  data.forEach(l=>{
+    const a=document.createElement('a');
+    a.className='ql-item'; a.href=l.url; a.target='_blank'; a.rel='noopener';
+    a.innerHTML=`<span class="ql-icon">🔗</span>${esc(l.label)}<button class="ql-del" onclick="event.preventDefault();delItem('quicklinks',${l.id})">✕</button>`;
+    grid.appendChild(a);
+  });
+}
+
+// ── CRUD HELPERS ──────────────────────────────────────────────
+async function delItem(type,id){
+  await api('DELETE',`${type}/${id}`);
+  loadAll(); toast('Gelöscht');
+}
+async function toggle(type,id,current){
+  await api('PUT',`${type}/${id}`,{done:current?0:1});
+  loadAll();
+}
+
+// ── MODAL CONFIG ──────────────────────────────────────────────
+const MODALS={
+  timetable:{title:'Stunde hinzufügen',fields:[
+    {n:'day',l:'Tag',t:'select',opts:DAYS},
+    {n:'time_start',l:'Uhrzeit',t:'select',opts:TIME_SLOTS.map(s=>s.key),labels:TIME_SLOTS.map(s=>`${s.label} Std. – ${s.time}`)},
+    {n:'subject',l:'Fach',t:'text'},{n:'room',l:'Raum',t:'text'},{n:'teacher',l:'Lehrkraft',t:'text'}
+  ]},
+  homework:{title:'Hausaufgabe hinzufügen',fields:[
+    {n:'title',l:'Titel',t:'text'},{n:'subject',l:'Fach',t:'text'},{n:'due_date',l:'Fällig am',t:'date'}
+  ]},
+  grades:{title:'Note hinzufügen',fields:[
+    {n:'subject',l:'Fach',t:'text'},
+    {n:'grade',l:'Note (1–6)',t:'number',min:1,max:6,step:0.1},
+    {n:'type',l:'Typ',t:'select',opts:Object.keys(GRADE_TYPES),labels:Object.values(GRADE_TYPES)},
+    {n:'note',l:'Anmerkung (optional)',t:'text'}
+  ]},
+  absences:{title:'Fehlzeit eintragen',fields:[
+    {n:'date',l:'Datum',t:'date'},{n:'subject',l:'Fach / Stunde',t:'text'},{n:'reason',l:'Grund',t:'text'}
+  ]},
+  todos:{title:'Aufgabe hinzufügen',fields:[{n:'title',l:'Aufgabe',t:'text'}]},
+  countdowns:{title:'Countdown hinzufügen',fields:[
+    {n:'title',l:'Bezeichnung',t:'text'},{n:'target_date',l:'Datum',t:'date'}
+  ]},
+  quicklinks:{title:'Link hinzufügen',fields:[
+    {n:'label',l:'Bezeichnung',t:'text'},{n:'url',l:'URL',t:'url'}
+  ]},
+  'class-events-pruefung':{title:'Prüfung eintragen',fields:[
+    {n:'title',l:'Bezeichnung',t:'text'},{n:'date',l:'Datum',t:'date'},{n:'description',l:'Anmerkung (optional)',t:'text'}
+  ]},
+  'class-events-ferien':{title:'Ferienblock eintragen',fields:[
+    {n:'title',l:'Bezeichnung',t:'text'},{n:'date',l:'Von',t:'date'},{n:'date_end',l:'Bis (optional)',t:'date'}
+  ]},
+};
+
+function openModal(type, sub){
+  const key = sub ? `${type}-${sub}` : type;
+  currentModal=type; currentModalSub=sub||null;
+  const cfg=MODALS[key];
+  document.getElementById('modal-title').textContent=cfg.title;
+  document.getElementById('modal-fields').innerHTML=cfg.fields.map(f=>{
+    if(f.t==='select'){
+      const opts=(f.opts||[]).map((o,i)=>`<option value="${esc(o)}">${esc(f.labels?f.labels[i]:o)}</option>`).join('');
+      return `<select name="${f.n}"><option value="">– ${f.l} –</option>${opts}</select>`;
+    }
+    const ex=f.min!=null?` min="${f.min}" max="${f.max}" step="${f.step}"`:'';
+    return `<input type="${f.t}" name="${f.n}" placeholder="${f.l}"${ex}>`;
+  }).join('');
+  document.getElementById('modal-overlay').style.display='flex';
+  document.querySelector('#modal-fields input, #modal-fields select')?.focus();
+}
+
+function closeModal(){document.getElementById('modal-overlay').style.display='none';currentModal=null;currentModalSub=null;}
+
+async function saveModal(){
+  if(!currentModal)return;
+  const key=currentModalSub?`${currentModal}-${currentModalSub}`:currentModal;
+  const cfg=MODALS[key];
+  const body={};
+  if(currentModalSub) body.type=currentModalSub;
+  cfg.fields.forEach(f=>{body[f.n]=document.querySelector(`#modal-fields [name="${f.n}"]`)?.value||null;});
+  await api('POST', currentModal==='class-events'?'class-events':currentModal, body);
+  closeModal();
+  if(currentModal==='class-events'||['pruefung','ferien'].includes(currentModalSub)) loadClassEvents();
+  else loadAll();
+  toast('Gespeichert ✓','success');
+}
+
+// ── SETTINGS ──────────────────────────────────────────────────
+function openSettings(){
+  document.getElementById('settings-overlay').style.display='flex';
+  document.getElementById('user-dropdown')?.classList.remove('open');
+}
+function closeSettings(){document.getElementById('settings-overlay').style.display='none';}
+
+async function changePassword(){
+  const cp=document.getElementById('pw-current').value;
+  const np=document.getElementById('pw-new').value;
+  const r=await api('PUT','me/password',{currentPassword:cp,newPassword:np});
+  if(r.ok){toast('Passwort geändert','success');document.getElementById('pw-current').value='';document.getElementById('pw-new').value='';}
+  else toast(r.error,'error');
+}
+
+async function deleteAccount(){
+  const pw=document.getElementById('pw-delete').value;
+  if(!confirm('Account und alle Daten wirklich löschen? Dies kann nicht rückgängig gemacht werden.'))return;
+  const r=await api('DELETE','me',{password:pw});
+  if(r.ok){location.reload();}
+  else toast(r.error,'error');
+}
+
+// ── CHAT ──────────────────────────────────────────────────────
+let chatLastId = 0;
+let chatPollTimer = null;
+let chatMyUsername = '';
+
+function chatFmtTime(ts) {
+  if (!ts) return '';
+  const d = new Date(ts + 'Z');
+  return d.toLocaleTimeString('de-DE', { hour: '2-digit', minute: '2-digit' });
+}
+
+function renderChatMsg(m, append) {
+  const el = document.getElementById('chat-msgs');
+  const isOwn = m.username === chatMyUsername;
+  const div = document.createElement('div');
+  div.className = 'chat-msg';
+  div.dataset.id = m.id;
+  div.innerHTML = `<div class="chat-msg-meta">
+    <span class="chat-msg-user${isOwn ? ' own' : ''}">${esc(m.username)}</span>
+    <span class="chat-msg-time">${chatFmtTime(m.created_at)}</span>
+    <button class="chat-msg-del" onclick="delChatMsg(${m.id})" title="Löschen">✕</button>
+  </div>
+  <div class="chat-msg-body">${esc(m.content)}</div>`;
+  if (append) {
+    el.appendChild(div);
+    el.scrollTop = el.scrollHeight;
+  } else {
+    el.prepend(div);
+  }
+}
+
+async function loadChat() {
+  const msgs = await api('GET', 'chat');
+  const el = document.getElementById('chat-msgs');
+  el.innerHTML = '';
+  msgs.forEach(m => renderChatMsg(m, true));
+  if (msgs.length) chatLastId = msgs[msgs.length - 1].id;
+}
+
+async function pollChat() {
+  try {
+    const msgs = await api('GET', 'chat?after=' + chatLastId);
+    msgs.forEach(m => {
+      renderChatMsg(m, true);
+      chatLastId = Math.max(chatLastId, m.id);
+    });
+  } catch {}
+  chatPollTimer = setTimeout(pollChat, 3000);
+}
+
+async function sendChatMsg() {
+  const inp = document.getElementById('chat-input');
+  const content = inp.value.trim();
+  if (!content) return;
+  inp.value = '';
+  const r = await api('POST', 'chat', { content });
+  if (r.error) { toast(r.error, 'error'); return; }
+  renderChatMsg(r, true);
+  chatLastId = Math.max(chatLastId, r.id);
+}
+
+async function delChatMsg(id) {
+  if (!confirm('Nachricht wirklich löschen?')) return;
+  const r = await api('DELETE', 'chat/' + id);
+  if (r.error) { toast(r.error, 'error'); return; }
+  document.querySelector(`.chat-msg[data-id="${id}"]`)?.remove();
+}
+
+function initChat(username) {
+  chatMyUsername = username;
+  document.getElementById('card-chat').style.display = '';
+  loadChat().then(() => pollChat());
+  document.getElementById('chat-input').addEventListener('keydown', e => {
+    if (e.key === 'Enter' && !e.shiftKey) { e.preventDefault(); sendChatMsg(); }
+  });
+}
+
+// ── FILE STORAGE ──────────────────────────────────────────────
+let filesData = { files: [], used: 0, quota: 2 * 1024 * 1024 * 1024 };
+
+function fmtBytes(b) {
+  if (b >= 1024 * 1024 * 1024) return (b / 1024 / 1024 / 1024).toFixed(2) + ' GB';
+  if (b >= 1024 * 1024) return (b / 1024 / 1024).toFixed(1) + ' MB';
+  if (b >= 1024) return (b / 1024).toFixed(1) + ' KB';
+  return b + ' B';
+}
+
+function fileIcon(mime) {
+  if (mime.startsWith('image/')) return '🖼️';
+  if (mime === 'application/pdf') return '📕';
+  if (mime.includes('spreadsheet') || mime.includes('excel') || mime === 'text/csv') return '📊';
+  if (mime.includes('presentation') || mime.includes('powerpoint')) return '📋';
+  if (mime.includes('word') || mime.includes('document')) return '📝';
+  if (['application/zip','application/vnd.rar','application/x-7z-compressed','application/x-tar','application/gzip'].includes(mime)) return '🗜️';
+  if (mime === 'application/json' || mime === 'application/xml' || mime === 'text/xml') return '🔧';
+  return '📄';
+}
+
+async function loadFiles() {
+  try {
+    const r = await fetch('/api/files');
+    if (!r.ok) return;
+    filesData = await r.json();
+    renderFiles();
+  } catch {}
+}
+
+function renderFiles() {
+  const el = document.getElementById('files-body');
+  const pct = filesData.quota > 0 ? Math.min(100, filesData.used / filesData.quota * 100) : 0;
+  const fillClass = pct >= 90 ? 'danger' : pct >= 70 ? 'warn' : '';
+  const quotaHtml = `<div class="files-quota">
+    <div class="files-quota-bar"><div class="files-quota-fill ${fillClass}" style="width:${pct.toFixed(1)}%"></div></div>
+    <div class="files-quota-text"><span>${fmtBytes(filesData.used)} genutzt</span><span>${fmtBytes(filesData.quota)} Speicher</span></div>
+  </div>`;
+  const dropZone = `<div class="upload-drop" id="files-drop">Dateien hier ablegen oder oben hochladen</div>`;
+  if (!filesData.files.length) {
+    el.innerHTML = quotaHtml + dropZone + '<div class="empty">Noch keine Dateien hochgeladen</div>';
+  } else {
+    el.innerHTML = quotaHtml + dropZone + filesData.files.map(f => `<div class="file-item">
+      <div class="file-icon">${fileIcon(f.mime_type)}</div>
+      <div class="file-info">
+        <div class="file-name" title="${esc(f.original_name)}">${esc(f.original_name)}</div>
+        <div class="file-meta">${fmtBytes(f.size)} · ${fmtDate(f.created_at ? f.created_at.slice(0,10) : '')}</div>
+      </div>
+      <div style="display:flex;gap:6px;flex-shrink:0">
+        <button class="file-dl" onclick="downloadFile(${f.id})">↓ Laden</button>
+        <button class="del-btn" onclick="deleteFile(${f.id})">🗑</button>
+      </div>
+    </div>`).join('');
+  }
+  initDropZone();
+}
+
+function initDropZone() {
+  const zone = document.getElementById('files-drop');
+  if (!zone) return;
+  zone.addEventListener('dragover', e => { e.preventDefault(); zone.classList.add('drag'); });
+  zone.addEventListener('dragleave', () => zone.classList.remove('drag'));
+  zone.addEventListener('drop', e => {
+    e.preventDefault();
+    zone.classList.remove('drag');
+    const files = Array.from(e.dataTransfer.files);
+    if (files.length) uploadFileList(files);
+  });
+}
+
+function downloadFile(id) {
+  window.location.href = '/api/files/' + id + '/download';
+}
+
+async function deleteFile(id) {
+  if (!confirm('Datei wirklich löschen?')) return;
+  const r = await fetch('/api/files/' + id, { method: 'DELETE' });
+  const d = await r.json();
+  if (d.error) { toast(d.error, 'error'); return; }
+  toast('Datei gelöscht');
+  loadFiles();
+}
+
+async function uploadFiles(event) {
+  const files = Array.from(event.target.files);
+  document.getElementById('file-input').value = '';
+  if (!files.length) return;
+  await uploadFileList(files);
+}
+
+async function uploadFileList(files) {
+  for (const file of files) {
+    const fd = new FormData();
+    fd.append('file', file);
+    try {
+      const r = await fetch('/api/files', { method: 'POST', body: fd });
+      const d = await r.json();
+      if (d.error) toast(d.error, 'error');
+      else toast(`${esc(file.name)} hochgeladen ✓`);
+    } catch {
+      toast('Upload fehlgeschlagen', 'error');
+    }
+  }
+  loadFiles();
+}
+
+// ── SUPPORT TICKETS ───────────────────────────────────────────
+let ticketsData = [];
+let activeTicket = null;
+let myUserId = null;
+
+function fmtDateTime(s){
+  if(!s)return'';
+  const d=new Date(s);
+  return d.toLocaleDateString('de-DE',{day:'2-digit',month:'2-digit',year:'numeric'})+' '+d.toLocaleTimeString('de-DE',{hour:'2-digit',minute:'2-digit'});
+}
+
+async function loadTickets(){
+  const r = await api('GET','tickets');
+  if(r.error) return;
+  ticketsData = r;
+  renderTickets();
+}
+
+function ticketStatusBadge(s){
+  const m={open:'badge-red',in_progress:'badge-orange',closed:'badge-green'};
+  const l={open:'Offen',in_progress:'In Bearbeitung',closed:'Geschlossen'};
+  return `<span class="badge ${m[s]||'badge-gray'}">${l[s]||esc(s)}</span>`;
+}
+
+function renderTickets(){
+  const el=document.getElementById('list-tickets');
+  if(!ticketsData.length){ el.innerHTML='<div class="empty">Noch keine Tickets erstellt</div>'; return; }
+  el.innerHTML=ticketsData.map(t=>`
+    <div class="ticket-list-item" onclick="openThread(${t.id})">
+      <div style="flex:1;min-width:0">
+        <div class="ticket-list-subj">${esc(t.subject)}</div>
+        <div class="ticket-list-meta">${fmtDateTime(t.created_at)}</div>
+      </div>
+      ${ticketStatusBadge(t.status)}
+    </div>`).join('');
+}
+
+function openNewTicket(){
+  document.getElementById('new-ticket-subject').value='';
+  document.getElementById('new-ticket-message').value='';
+  document.getElementById('new-ticket-overlay').style.display='flex';
+  setTimeout(()=>document.getElementById('new-ticket-subject').focus(),50);
+}
+function closeNewTicket(){ document.getElementById('new-ticket-overlay').style.display='none'; }
+
+async function submitNewTicket(){
+  const subject=document.getElementById('new-ticket-subject').value.trim();
+  const message=document.getElementById('new-ticket-message').value.trim();
+  if(!subject||!message){ toast('Betreff und Nachricht erforderlich','error'); return; }
+  const r=await api('POST','tickets',{subject,message});
+  if(r.error){ toast(r.error,'error'); return; }
+  closeNewTicket();
+  toast('Ticket erstellt');
+  await loadTickets();
+  openThread(r.id);
+}
+
+async function openThread(ticketId){
+  const t=ticketsData.find(x=>x.id===ticketId); if(!t) return;
+  activeTicket=t;
+  document.getElementById('thread-title').textContent=t.subject;
+  document.getElementById('thread-meta').textContent=`Status: ${({open:'Offen',in_progress:'In Bearbeitung',closed:'Geschlossen'}[t.status]||t.status)} · Erstellt: ${fmtDateTime(t.created_at)}`;
+  document.getElementById('thread-msgs').innerHTML='<div class="empty" style="padding:8px 0">Laden…</div>';
+  const ra=document.getElementById('thread-reply-area');
+  ra.style.display=t.status==='closed'?'none':'flex';
+  document.getElementById('thread-overlay').style.display='flex';
+
+  const msgs=await api('GET',`tickets/${ticketId}/messages`);
+  renderThread(t, msgs.error?[]:msgs);
+}
+
+function renderThread(ticket, messages){
+  const wrap=document.getElementById('thread-msgs');
+  const rows=[];
+  // Initial message from ticket itself
+  rows.push(`<div style="display:flex;flex-direction:column;align-items:flex-end">
+    <div class="thread-bubble mine">${esc(ticket.message)}</div>
+    <div class="thread-bubble-meta" style="text-align:right">${fmtDateTime(ticket.created_at)}</div>
+  </div>`);
+  messages.forEach(m=>{
+    const isAdmin=m.role==='admin';
+    const isMine=!isAdmin;
+    rows.push(`<div style="display:flex;flex-direction:column;align-items:${isMine?'flex-end':'flex-start'}">
+      <div class="thread-bubble ${isMine?'mine':'other'}${isAdmin?' admin-bubble':''}">${esc(m.message)}</div>
+      <div class="thread-bubble-meta" style="text-align:${isMine?'right':'left'}">${isAdmin?'🛡️ Admin · ':''}${fmtDateTime(m.created_at)}</div>
+    </div>`);
+  });
+  if(!rows.length){ wrap.innerHTML='<div class="empty" style="padding:8px 0">Noch keine Nachrichten</div>'; return; }
+  wrap.innerHTML=rows.join('');
+  wrap.scrollTop=wrap.scrollHeight;
+}
+
+async function sendThreadReply(){
+  if(!activeTicket) return;
+  const inp=document.getElementById('thread-input');
+  const message=inp.value.trim();
+  if(!message){ toast('Nachricht darf nicht leer sein','error'); return; }
+  const r=await api('POST',`tickets/${activeTicket.id}/messages`,{message});
+  if(r.error){ toast(r.error,'error'); return; }
+  inp.value='';
+  await loadTickets();
+  const t=ticketsData.find(x=>x.id===activeTicket.id);
+  if(t){ activeTicket=t; document.getElementById('thread-meta').textContent=`Status: ${({open:'Offen',in_progress:'In Bearbeitung',closed:'Geschlossen'}[t.status]||t.status)} · Erstellt: ${fmtDateTime(t.created_at)}`; }
+  const msgs=await api('GET',`tickets/${activeTicket.id}/messages`);
+  renderThread(activeTicket, msgs.error?[]:msgs);
+}
+
+function closeThread(){
+  document.getElementById('thread-overlay').style.display='none';
+  activeTicket=null;
+}
+
+// ── DARK MODE ─────────────────────────────────────────────────
+function toggleDark(){
+  const dark=document.body.classList.toggle('dark');
+  localStorage.setItem('dark',dark?'1':'');
+  document.getElementById('btn-dark').textContent=dark?'☀️':'🌙';
+}
+if(localStorage.getItem('dark')){
+  document.body.classList.add('dark');
+  document.getElementById('btn-dark').textContent='☀️';
+}
+
+// ── SIDEBAR ───────────────────────────────────────────────────
+function openSidebar(){
+  document.getElementById('sidebar').classList.add('open');
+  document.getElementById('sidebar-backdrop').classList.add('open');
+  document.body.style.overflow='hidden';
+}
+function closeSidebar(){
+  document.getElementById('sidebar').classList.remove('open');
+  document.getElementById('sidebar-backdrop').classList.remove('open');
+  document.body.style.overflow='';
+}
+
+// ── KEYBOARD ──────────────────────────────────────────────────
+document.addEventListener('keydown',e=>{
+  if(e.key==='Escape'){closeModal();closeSettings();closeSidebar();closeThread();closeNewTicket();}
+});
+
+// ── START ─────────────────────────────────────────────────────
+init();
+</script>
+</body>
+</html>
diff --git a/public/login.html b/public/login.html
new file mode 100644
index 0000000..9010b9d
--- /dev/null
+++ b/public/login.html
@@ -0,0 +1,341 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>IFB · INFO1 – Anmelden</title>
+<link rel="icon" type="image/svg+xml" href="/favicon.svg">
+<link rel="preconnect" href="https://fonts.googleapis.com">
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap" rel="stylesheet">
+<script src="https://unpkg.com/lucide@latest/dist/umd/lucide.min.js"></script>
+<style>
+*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+
+body {
+  font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif;
+  background: #f4f6f9;
+  min-height: 100vh;
+  display: flex;
+  flex-direction: column;
+  -webkit-font-smoothing: antialiased;
+  color: #111827;
+}
+
+.page {
+  flex: 1;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 32px 16px;
+}
+
+.card {
+  background: #fff;
+  border: 1px solid #e5e7eb;
+  border-radius: 14px;
+  box-shadow: 0 4px 16px rgba(0,0,0,.06), 0 1px 4px rgba(0,0,0,.04);
+  padding: 36px 32px 32px;
+  width: 100%;
+  max-width: 400px;
+}
+
+/* Brand */
+.brand-row {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  margin-bottom: 28px;
+}
+.brand {
+  display: flex;
+  align-items: center;
+  gap: 9px;
+  text-decoration: none;
+}
+.brand-mark {
+  width: 36px; height: 36px;
+  background: #2563eb;
+  border-radius: 8px;
+  display: flex; align-items: center; justify-content: center;
+  font-size: 14px; font-weight: 800; color: #fff;
+  letter-spacing: -.5px; flex-shrink: 0;
+}
+.brand-text { display: flex; flex-direction: column; line-height: 1.2; }
+.brand-sub { font-size: 10px; color: #9ca3af; font-weight: 500; letter-spacing: .2px; }
+.brand-name { font-size: 16px; font-weight: 700; color: #111827; letter-spacing: -.3px; }
+
+.back-link {
+  font-size: 12px;
+  color: #6b7280;
+  text-decoration: none;
+  display: flex; align-items: center; gap: 4px;
+  transition: color .12s;
+  padding: 4px 0;
+}
+.back-link:hover { color: #2563eb; }
+
+/* Tabs */
+.tabs {
+  display: flex;
+  background: #f3f4f6;
+  border-radius: 8px;
+  padding: 3px;
+  margin-bottom: 24px;
+  gap: 2px;
+}
+.tab {
+  flex: 1;
+  padding: 7px;
+  text-align: center;
+  font-size: 13px; font-weight: 600;
+  color: #6b7280;
+  border-radius: 6px;
+  cursor: pointer;
+  transition: background .12s, color .12s;
+  user-select: none;
+}
+.tab.active {
+  background: #fff;
+  color: #111827;
+  box-shadow: 0 1px 3px rgba(0,0,0,.08), 0 1px 2px rgba(0,0,0,.04);
+}
+
+/* Forms */
+.form { display: none; flex-direction: column; gap: 14px; }
+.form.active { display: flex; }
+
+.field { display: flex; flex-direction: column; gap: 5px; }
+.field label { font-size: 12px; font-weight: 600; color: #374151; letter-spacing: .1px; }
+.field input {
+  padding: 9px 12px;
+  border: 1px solid #e5e7eb;
+  border-radius: 7px;
+  font-size: 14px; font-family: inherit;
+  color: #111827;
+  background: #fff;
+  outline: none;
+  transition: border-color .12s, box-shadow .12s;
+}
+.field input:focus { border-color: #2563eb; box-shadow: 0 0 0 3px rgba(37,99,235,.1); }
+
+/* Role toggle */
+.role-toggle {
+  display: flex;
+  background: #f3f4f6;
+  border-radius: 8px;
+  padding: 3px;
+  gap: 2px;
+}
+.role-opt {
+  flex: 1; padding: 7px 10px;
+  text-align: center;
+  font-size: 13px; font-weight: 600;
+  color: #6b7280;
+  border-radius: 6px;
+  cursor: pointer;
+  transition: background .12s, color .12s;
+  user-select: none;
+}
+.role-opt.active { background: #fff; color: #111827; box-shadow: 0 1px 3px rgba(0,0,0,.08); }
+.role-opt.active.teacher { background: #fefce8; color: #854d0e; }
+
+/* Notices */
+.notice {
+  font-size: 12px;
+  border-radius: 7px;
+  padding: 9px 12px;
+  line-height: 1.5;
+  display: none;
+}
+.notice.show { display: block; }
+.notice-amber { color: #92400e; background: #fffbeb; border: 1px solid #fde68a; }
+.notice-red { color: #dc2626; background: #fef2f2; border: 1px solid #fecaca; }
+.notice-green { color: #15803d; background: #f0fdf4; border: 1px solid #bbf7d0; }
+
+/* Password strength */
+.strength-wrap { margin-top: 4px; }
+.strength-bar { height: 3px; border-radius: 99px; background: #e5e7eb; overflow: hidden; }
+.strength-fill { height: 100%; border-radius: 99px; transition: width .25s, background .25s; width: 0; }
+.strength-label { font-size: 11px; color: #9ca3af; margin-top: 3px; }
+
+/* Submit button */
+.btn-submit {
+  padding: 10px;
+  background: #2563eb; color: #fff;
+  border: none; border-radius: 8px;
+  font-size: 14px; font-weight: 600; font-family: inherit;
+  cursor: pointer;
+  transition: background .12s, transform .08s;
+  margin-top: 2px;
+}
+.btn-submit:hover { background: #1d4ed8; }
+.btn-submit:active { transform: scale(.99); }
+.btn-submit:disabled { background: #93c5fd; cursor: default; }
+
+/* Footer */
+footer {
+  text-align: center;
+  padding: 18px;
+  font-size: 12px;
+  color: #9ca3af;
+}
+footer a { color: #6b7280; text-decoration: none; transition: color .12s; }
+footer a:hover { color: #2563eb; }
+
+/* Icons */
+.lucide { display: inline-block; vertical-align: -0.125em; flex-shrink: 0; width: 1em; height: 1em; stroke-width: 2; }
+.notice .lucide { width: 14px; height: 14px; margin-right: 3px; }
+</style>
+</head>
+<body>
+
+<div class="page">
+  <div class="card">
+
+    <div class="brand-row">
+      <a class="brand" href="/">
+        <div class="brand-mark">i1</div>
+        <div class="brand-text">
+          <span class="brand-sub">IFB-Berufsfachschule Rosenheim</span>
+          <span class="brand-name">INFO1</span>
+        </div>
+      </a>
+      <a class="back-link" href="/">← Dashboard</a>
+    </div>
+
+    <div class="tabs">
+      <div class="tab active" id="tab-login" onclick="switchTab('login')">Anmelden</div>
+      <div class="tab" id="tab-reg" onclick="switchTab('register')">Registrieren</div>
+    </div>
+
+    <form class="form active" id="form-login" onsubmit="doLogin(event)">
+      <div class="field">
+        <label for="l-user">Benutzername</label>
+        <input type="text" id="l-user" autocomplete="username" placeholder="dein.name" required>
+      </div>
+      <div class="field">
+        <label for="l-pass">Passwort</label>
+        <input type="password" id="l-pass" autocomplete="current-password" placeholder="••••••" required>
+      </div>
+      <div class="notice notice-red" id="login-err"></div>
+      <button class="btn-submit" type="submit">Anmelden</button>
+    </form>
+
+    <form class="form" id="form-reg" onsubmit="doRegister(event)">
+      <div class="field">
+        <label>Ich bin</label>
+        <div class="role-toggle">
+          <div class="role-opt active" id="role-student" onclick="selectRole('student')">Schüler/in</div>
+          <div class="role-opt" id="role-teacher" onclick="selectRole('teacher')">Lehrer/in</div>
+        </div>
+      </div>
+      <div class="notice notice-amber" id="teacher-notice">
+        <i data-lucide="info" aria-hidden="true"></i> Lehrerkonten werden nach der Registrierung von einem Administrator geprüft und freigeschaltet.
+      </div>
+      <div class="field">
+        <label for="r-email">Schul E-Mail</label>
+        <input type="email" id="r-email" autocomplete="email" placeholder="vorname.nachname@ifb-schulen.com" required>
+      </div>
+      <div class="field">
+        <label for="r-pass">Passwort</label>
+        <input type="password" id="r-pass" autocomplete="new-password" placeholder="Mindestens 6 Zeichen" required oninput="checkStrength(this.value)">
+        <div class="strength-wrap">
+          <div class="strength-bar"><div class="strength-fill" id="strength-fill"></div></div>
+          <div class="strength-label" id="strength-label">Passwort eingeben</div>
+        </div>
+      </div>
+      <div class="notice notice-red" id="reg-err"></div>
+      <div class="notice notice-green" id="reg-ok">Registrierung erfolgreich! Dein Lehrerkonto wird von einem Administrator geprüft und freigeschaltet.</div>
+      <button class="btn-submit" type="submit" id="reg-btn">Account erstellen</button>
+    </form>
+
+  </div>
+</div>
+
+<footer>
+  <a href="/datenschutz">Datenschutzerklärung</a>
+</footer>
+
+<script>
+let selectedRole = 'student';
+
+function selectRole(r) {
+  selectedRole = r;
+  document.getElementById('role-student').classList.toggle('active', r === 'student');
+  document.getElementById('role-teacher').classList.toggle('active', r === 'teacher');
+  document.getElementById('role-teacher').classList.toggle('teacher', r === 'teacher');
+  document.getElementById('teacher-notice').classList.toggle('show', r === 'teacher');
+  document.getElementById('reg-btn').textContent = r === 'teacher' ? 'Als Lehrer/in registrieren' : 'Account erstellen';
+}
+
+function switchTab(t) {
+  document.getElementById('tab-login').classList.toggle('active', t==='login');
+  document.getElementById('tab-reg').classList.toggle('active', t==='register');
+  document.getElementById('form-login').classList.toggle('active', t==='login');
+  document.getElementById('form-reg').classList.toggle('active', t==='register');
+}
+
+function showErr(id, msg) {
+  const el = document.getElementById(id);
+  el.textContent = msg; el.classList.add('show');
+}
+function clearErr(id) { document.getElementById(id).classList.remove('show'); }
+
+async function doLogin(e) {
+  e.preventDefault(); clearErr('login-err');
+  const r = await fetch('/api/login', { method:'POST', headers:{'Content-Type':'application/json'},
+    body: JSON.stringify({ username: document.getElementById('l-user').value, password: document.getElementById('l-pass').value }) });
+  const d = await r.json();
+  if (!r.ok) { showErr('login-err', d.error); return; }
+  window.location.href = '/';
+}
+
+async function doRegister(e) {
+  e.preventDefault(); clearErr('reg-err');
+  const r = await fetch('/api/register', { method:'POST', headers:{'Content-Type':'application/json'},
+    body: JSON.stringify({
+      email: document.getElementById('r-email').value,
+      password: document.getElementById('r-pass').value,
+      role: selectedRole
+    }) });
+  const d = await r.json();
+  if (!r.ok) { showErr('reg-err', d.error); return; }
+  if (d.pending) {
+    document.getElementById('reg-ok').classList.add('show');
+    document.getElementById('reg-btn').disabled = true;
+    document.getElementById('reg-btn').textContent = 'Registriert';
+  } else {
+    window.location.href = '/';
+  }
+}
+
+function checkStrength(pw) {
+  let score = 0;
+  if (pw.length >= 6) score++;
+  if (pw.length >= 10) score++;
+  if (/[A-Z]/.test(pw)) score++;
+  if (/[0-9]/.test(pw)) score++;
+  if (/[^A-Za-z0-9]/.test(pw)) score++;
+  const levels = [
+    { w: '0%',   bg: '#e5e7eb', label: 'Passwort eingeben' },
+    { w: '25%',  bg: '#ef4444', label: 'Sehr schwach' },
+    { w: '50%',  bg: '#f97316', label: 'Schwach' },
+    { w: '75%',  bg: '#eab308', label: 'Mittel' },
+    { w: '90%',  bg: '#22c55e', label: 'Stark' },
+    { w: '100%', bg: '#16a34a', label: 'Sehr stark' },
+  ];
+  const l = levels[Math.min(score, 5)];
+  const fill = document.getElementById('strength-fill');
+  fill.style.width = l.w; fill.style.background = l.bg;
+  document.getElementById('strength-label').textContent = l.label;
+}
+
+const p = new URLSearchParams(location.search);
+if (p.get('tab') === 'register') switchTab('register');
+
+fetch('/api/me').then(r => { if (r.ok) window.location.href = '/'; });
+
+lucide.createIcons();
+</script>
+</body>
+</html>
diff --git a/src/auth.js b/src/auth.js
new file mode 100644
index 0000000..55eda8e
--- /dev/null
+++ b/src/auth.js
@@ -0,0 +1,25 @@
+const jwt = require('jsonwebtoken');
+const SECRET = process.env.JWT_SECRET || 'info1-ifb-secret-change-in-prod';
+
+function signToken(user) {
+  return jwt.sign({ id: user.id, username: user.username, role: user.role }, SECRET, { expiresIn: '30d' });
+}
+
+function verifyToken(token) {
+  try {
+    return jwt.verify(token, SECRET);
+  } catch {
+    return null;
+  }
+}
+
+function requireAuth(req, res, next) {
+  const token = req.cookies?.token;
+  if (!token) return res.status(401).json({ error: 'Nicht eingeloggt' });
+  const user = verifyToken(token);
+  if (!user) return res.status(401).json({ error: 'Ungültige Sitzung' });
+  req.user = user;
+  next();
+}
+
+module.exports = { signToken, verifyToken, requireAuth };
diff --git a/src/db.js b/src/db.js
new file mode 100644
index 0000000..be40a67
--- /dev/null
+++ b/src/db.js
@@ -0,0 +1,146 @@
+const Database = require('better-sqlite3');
+const path = require('path');
+
+const db = new Database(path.join(__dirname, '../data.db'));
+
+db.exec(`
+  CREATE TABLE IF NOT EXISTS users (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    username TEXT UNIQUE NOT NULL,
+    email TEXT UNIQUE NOT NULL,
+    password_hash TEXT NOT NULL,
+    created_at TEXT DEFAULT (datetime('now'))
+  );
+
+  CREATE TABLE IF NOT EXISTS timetable (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    day TEXT NOT NULL,
+    time_start TEXT,
+    time_end TEXT,
+    subject TEXT,
+    room TEXT,
+    teacher TEXT,
+    FOREIGN KEY (user_id) REFERENCES users(id)
+  );
+
+  CREATE TABLE IF NOT EXISTS homework (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    subject TEXT,
+    title TEXT NOT NULL,
+    due_date TEXT,
+    done INTEGER DEFAULT 0,
+    FOREIGN KEY (user_id) REFERENCES users(id)
+  );
+
+  CREATE TABLE IF NOT EXISTS grades (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    subject TEXT NOT NULL,
+    grade REAL,
+    type TEXT DEFAULT 'sonstiges',
+    note TEXT,
+    FOREIGN KEY (user_id) REFERENCES users(id)
+  );
+
+  CREATE TABLE IF NOT EXISTS absences (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    date TEXT,
+    subject TEXT,
+    reason TEXT,
+    FOREIGN KEY (user_id) REFERENCES users(id)
+  );
+
+  CREATE TABLE IF NOT EXISTS todos (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    title TEXT NOT NULL,
+    done INTEGER DEFAULT 0,
+    FOREIGN KEY (user_id) REFERENCES users(id)
+  );
+
+  CREATE TABLE IF NOT EXISTS countdowns (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    title TEXT NOT NULL,
+    target_date TEXT NOT NULL,
+    FOREIGN KEY (user_id) REFERENCES users(id)
+  );
+
+  CREATE TABLE IF NOT EXISTS quicklinks (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    label TEXT NOT NULL,
+    url TEXT NOT NULL,
+    FOREIGN KEY (user_id) REFERENCES users(id)
+  );
+
+  CREATE TABLE IF NOT EXISTS class_events (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    type TEXT NOT NULL,
+    title TEXT NOT NULL,
+    date TEXT,
+    date_end TEXT,
+    description TEXT,
+    created_by INTEGER,
+    created_at TEXT DEFAULT (datetime('now'))
+  );
+
+  CREATE TABLE IF NOT EXISTS support_tickets (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    subject TEXT NOT NULL,
+    message TEXT NOT NULL,
+    status TEXT NOT NULL DEFAULT 'open',
+    created_at TEXT DEFAULT (datetime('now')),
+    FOREIGN KEY (user_id) REFERENCES users(id)
+  );
+
+  CREATE TABLE IF NOT EXISTS ticket_messages (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    ticket_id INTEGER NOT NULL,
+    sender_id INTEGER NOT NULL,
+    message TEXT NOT NULL,
+    created_at TEXT DEFAULT (datetime('now')),
+    FOREIGN KEY (ticket_id) REFERENCES support_tickets(id),
+    FOREIGN KEY (sender_id) REFERENCES users(id)
+  );
+
+  CREATE TABLE IF NOT EXISTS admin_logs (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    admin_id INTEGER NOT NULL,
+    action TEXT NOT NULL,
+    target_id INTEGER,
+    details TEXT,
+    created_at TEXT DEFAULT (datetime('now'))
+  );
+
+  CREATE TABLE IF NOT EXISTS chat_messages (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    class_id TEXT NOT NULL DEFAULT 'info1',
+    content TEXT NOT NULL,
+    created_at TEXT DEFAULT (datetime('now')),
+    FOREIGN KEY (user_id) REFERENCES users(id)
+  );
+
+  CREATE TABLE IF NOT EXISTS user_files (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    original_name TEXT NOT NULL,
+    stored_name TEXT NOT NULL UNIQUE,
+    mime_type TEXT NOT NULL,
+    size INTEGER NOT NULL,
+    created_at TEXT DEFAULT (datetime('now')),
+    FOREIGN KEY (user_id) REFERENCES users(id)
+  );
+`);
+
+// Safe migrations
+try { db.exec(`ALTER TABLE grades ADD COLUMN type TEXT DEFAULT 'sonstiges'`); } catch {}
+try { db.exec(`ALTER TABLE users ADD COLUMN role TEXT NOT NULL DEFAULT 'student'`); } catch {}
+try { db.exec(`ALTER TABLE users ADD COLUMN status TEXT NOT NULL DEFAULT 'pending'`); } catch {}
+
+module.exports = db;
diff --git a/src/files.js b/src/files.js
new file mode 100644
index 0000000..6f4f1a5
--- /dev/null
+++ b/src/files.js
@@ -0,0 +1,181 @@
+const express = require('express');
+const multer = require('multer');
+const path = require('path');
+const fs = require('fs');
+const crypto = require('crypto');
+const db = require('./db');
+const { requireAuth } = require('./auth');
+
+const router = express.Router();
+
+const STORAGE_DIR = path.resolve(__dirname, '../storage');
+fs.mkdirSync(STORAGE_DIR, { recursive: true });
+
+const MAX_FILE_BYTES = 50 * 1024 * 1024;
+const MAX_USER_BYTES = 2 * 1024 * 1024 * 1024;
+
+const ALLOWED_EXT = new Set([
+  'pdf','doc','docx','xls','xlsx','ppt','pptx','odt','ods','odp','rtf','txt','md',
+  'jpg','jpeg','png','gif','webp','bmp','tiff','svg',
+  'zip','rar','7z','tar','gz',
+  'csv','json','xml',
+]);
+
+const EXT_MIME = {
+  pdf: 'application/pdf',
+  doc: 'application/msword',
+  docx: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+  xls: 'application/vnd.ms-excel',
+  xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+  ppt: 'application/vnd.ms-powerpoint',
+  pptx: 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+  odt: 'application/vnd.oasis.opendocument.text',
+  ods: 'application/vnd.oasis.opendocument.spreadsheet',
+  odp: 'application/vnd.oasis.opendocument.presentation',
+  rtf: 'application/rtf',
+  txt: 'text/plain',
+  md: 'text/plain',
+  jpg: 'image/jpeg',
+  jpeg: 'image/jpeg',
+  png: 'image/png',
+  gif: 'image/gif',
+  webp: 'image/webp',
+  bmp: 'image/bmp',
+  tiff: 'image/tiff',
+  svg: 'image/svg+xml',
+  zip: 'application/zip',
+  rar: 'application/vnd.rar',
+  '7z': 'application/x-7z-compressed',
+  tar: 'application/x-tar',
+  gz: 'application/gzip',
+  csv: 'text/csv',
+  json: 'application/json',
+  xml: 'application/xml',
+};
+
+const ALLOWED_MIME = new Set([
+  'application/pdf',
+  'application/msword',
+  'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+  'application/vnd.ms-excel',
+  'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+  'application/vnd.ms-powerpoint',
+  'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+  'application/vnd.oasis.opendocument.text',
+  'application/vnd.oasis.opendocument.spreadsheet',
+  'application/vnd.oasis.opendocument.presentation',
+  'application/rtf', 'text/rtf',
+  'text/plain', 'text/markdown',
+  'image/jpeg', 'image/png', 'image/gif', 'image/webp',
+  'image/bmp', 'image/tiff', 'image/svg+xml',
+  'application/zip', 'application/x-zip-compressed',
+  'application/vnd.rar', 'application/x-rar-compressed',
+  'application/x-7z-compressed',
+  'application/x-tar', 'application/gzip', 'application/x-gzip',
+  'text/csv',
+  'application/json', 'text/json',
+  'application/xml', 'text/xml',
+  'application/octet-stream',
+]);
+
+const storage = multer.diskStorage({
+  destination: (_req, _file, cb) => cb(null, STORAGE_DIR),
+  filename: (_req, file, cb) => {
+    const ext = path.extname(file.originalname).toLowerCase().slice(1);
+    cb(null, crypto.randomUUID() + (ext ? '.' + ext : ''));
+  },
+});
+
+function fileFilter(_req, file, cb) {
+  const ext = path.extname(file.originalname).toLowerCase().slice(1);
+  if (!ext || !ALLOWED_EXT.has(ext)) {
+    return cb(Object.assign(new Error('INVALID_EXT'), { code: 'INVALID_EXT' }));
+  }
+  // Empty MIME happens on some Linux/OS configs — extension check is the primary gate
+  if (file.mimetype && !ALLOWED_MIME.has(file.mimetype)) {
+    return cb(Object.assign(new Error('INVALID_MIME'), { code: 'INVALID_MIME' }));
+  }
+  cb(null, true);
+}
+
+const upload = multer({ storage, limits: { fileSize: MAX_FILE_BYTES }, fileFilter });
+
+function getUserStorageUsed(userId) {
+  return db.prepare('SELECT COALESCE(SUM(size), 0) AS used FROM user_files WHERE user_id = ?').get(userId).used;
+}
+
+router.get('/', requireAuth, (req, res) => {
+  const files = db.prepare(
+    'SELECT id, original_name, mime_type, size, created_at FROM user_files WHERE user_id = ? ORDER BY created_at DESC'
+  ).all(req.user.id);
+  const used = getUserStorageUsed(req.user.id);
+  res.json({ files, used, quota: MAX_USER_BYTES });
+});
+
+router.post('/', requireAuth, (req, res) => {
+  upload.single('file')(req, res, (err) => {
+    if (err) {
+      if (err.code === 'LIMIT_FILE_SIZE') return res.status(413).json({ error: 'Datei zu groß (max. 50 MB)' });
+      if (err.code === 'INVALID_EXT') return res.status(400).json({ error: 'Dateityp nicht erlaubt' });
+      if (err.code === 'INVALID_MIME') return res.status(400).json({ error: 'MIME-Typ nicht erlaubt' });
+      return res.status(400).json({ error: 'Upload fehlgeschlagen' });
+    }
+    if (!req.file) return res.status(400).json({ error: 'Keine Datei angegeben' });
+
+    const used = getUserStorageUsed(req.user.id);
+    if (used + req.file.size > MAX_USER_BYTES) {
+      fs.unlink(req.file.path, () => {});
+      return res.status(413).json({ error: 'Speicherplatz voll (max. 2 GB pro Nutzer)' });
+    }
+
+    const ext = path.extname(req.file.originalname).toLowerCase().slice(1);
+    const mime = EXT_MIME[ext] || 'application/octet-stream';
+
+    const result = db.prepare(
+      'INSERT INTO user_files (user_id, original_name, stored_name, mime_type, size) VALUES (?, ?, ?, ?, ?)'
+    ).run(req.user.id, req.file.originalname, req.file.filename, mime, req.file.size);
+
+    res.json({
+      id: result.lastInsertRowid,
+      original_name: req.file.originalname,
+      mime_type: mime,
+      size: req.file.size,
+      created_at: new Date().toISOString(),
+    });
+  });
+});
+
+router.get('/:id/download', requireAuth, (req, res) => {
+  const id = parseInt(req.params.id, 10);
+  if (!id) return res.status(400).json({ error: 'Ungültige ID' });
+  const file = db.prepare('SELECT * FROM user_files WHERE id = ? AND user_id = ?').get(id, req.user.id);
+  if (!file) return res.status(404).json({ error: 'Datei nicht gefunden' });
+
+  const filePath = path.join(STORAGE_DIR, file.stored_name);
+  if (!fs.existsSync(filePath)) return res.status(404).json({ error: 'Datei nicht gefunden' });
+
+  res.setHeader('Content-Type', file.mime_type);
+  res.setHeader('Content-Disposition', `attachment; filename*=UTF-8''${encodeURIComponent(file.original_name)}`);
+  res.setHeader('X-Content-Type-Options', 'nosniff');
+  res.setHeader('Cache-Control', 'private, no-cache');
+  res.sendFile(filePath);
+});
+
+router.delete('/:id', requireAuth, (req, res) => {
+  const id = parseInt(req.params.id, 10);
+  if (!id) return res.status(400).json({ error: 'Ungültige ID' });
+  const file = db.prepare('SELECT * FROM user_files WHERE id = ? AND user_id = ?').get(id, req.user.id);
+  if (!file) return res.status(404).json({ error: 'Datei nicht gefunden' });
+
+  fs.unlink(path.join(STORAGE_DIR, file.stored_name), () => {});
+  db.prepare('DELETE FROM user_files WHERE id = ?').run(id);
+  res.json({ ok: true });
+});
+
+function deleteUserFiles(userId) {
+  const files = db.prepare('SELECT stored_name FROM user_files WHERE user_id = ?').all(userId);
+  files.forEach(f => fs.unlink(path.join(STORAGE_DIR, f.stored_name), () => {}));
+  db.prepare('DELETE FROM user_files WHERE user_id = ?').run(userId);
+}
+
+module.exports = { router, deleteUserFiles };
diff --git a/src/routes.js b/src/routes.js
new file mode 100644
index 0000000..58b2708
--- /dev/null
+++ b/src/routes.js
@@ -0,0 +1,394 @@
+const express = require('express');
+const bcrypt = require('bcryptjs');
+const rateLimit = require('express-rate-limit');
+const db = require('./db');
+const { signToken, requireAuth } = require('./auth');
+const { deleteUserFiles } = require('./files');
+
+const router = express.Router();
+
+const loginLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 10,
+  message: { error: 'Zu viele Anmeldeversuche. Bitte 15 Minuten warten.' },
+  standardHeaders: true,
+  legacyHeaders: false,
+});
+
+// --- AUTH ---
+const IFB_EMAIL_RE = /^[a-z]\.[a-z]{2,}@ifb-schulen\.com$/i;
+
+router.post('/register', (req, res) => {
+  const { email, password, role } = req.body;
+  if (!email || !password) return res.status(400).json({ error: 'Alle Felder erforderlich' });
+  if (!IFB_EMAIL_RE.test(email)) return res.status(403).json({ error: 'Ungültige E-Mail-Adresse' });
+  if (password.length < 6) return res.status(400).json({ error: 'Passwort zu kurz (min. 6 Zeichen)' });
+  const username = email.split('@')[0].toLowerCase();
+  const safeRole = (role === 'teacher') ? 'teacher' : 'student';
+  const initialStatus = safeRole === 'teacher' ? 'pending' : 'active';
+
+  const hash = bcrypt.hashSync(password, 12);
+  try {
+    const result = db.prepare('INSERT INTO users (username, email, password_hash, role, status) VALUES (?, ?, ?, ?, ?)').run(username, email.toLowerCase(), hash, safeRole, initialStatus);
+    if (safeRole === 'teacher') {
+      return res.json({ ok: true, pending: true });
+    }
+    const user = { id: result.lastInsertRowid, username, role: safeRole };
+    const token = signToken(user);
+    res.cookie('token', token, { httpOnly: true, maxAge: 30 * 24 * 60 * 60 * 1000, sameSite: 'lax' });
+    res.json({ ok: true, pending: false });
+  } catch (e) {
+    if (e.message.includes('UNIQUE')) {
+      if (e.message.includes('email')) return res.status(409).json({ error: 'Diese E-Mail-Adresse ist bereits registriert' });
+      return res.status(409).json({ error: 'Benutzername bereits vergeben' });
+    }
+    res.status(500).json({ error: 'Serverfehler' });
+  }
+});
+
+router.post('/login', loginLimiter, (req, res) => {
+  const { username, password } = req.body;
+  const user = db.prepare('SELECT * FROM users WHERE username = ?').get(username);
+  if (!user || !bcrypt.compareSync(password, user.password_hash)) {
+    return res.status(401).json({ error: 'Falscher Benutzername oder Passwort' });
+  }
+  if (user.status === 'pending') {
+    return res.status(403).json({ error: 'Dein Konto wartet noch auf Freischaltung durch einen Administrator.' });
+  }
+  if (user.status === 'banned') {
+    return res.status(403).json({ error: 'Dein Konto wurde gesperrt. Bitte wende dich an einen Administrator.' });
+  }
+  if (user.status === 'rejected') {
+    return res.status(403).json({ error: 'Deine Registrierung als Lehrer/in wurde abgelehnt.' });
+  }
+  if (user.status !== 'active') {
+    return res.status(403).json({ error: 'Dein Konto ist nicht aktiv.' });
+  }
+  const token = signToken(user);
+  res.cookie('token', token, { httpOnly: true, maxAge: 30 * 24 * 60 * 60 * 1000, sameSite: 'lax' });
+  res.json({ ok: true, username: user.username, role: user.role });
+});
+
+router.post('/logout', (req, res) => {
+  res.clearCookie('token');
+  res.json({ ok: true });
+});
+
+router.get('/me', requireAuth, (req, res) => {
+  const user = db.prepare('SELECT id, username, email, role, status FROM users WHERE id = ?').get(req.user.id);
+  if (!user || user.status !== 'active') return res.status(403).json({ error: 'Konto nicht aktiv' });
+  res.json({ username: user.username, id: user.id, role: user.role, email: user.email });
+});
+
+router.put('/me/password', requireAuth, (req, res) => {
+  const { currentPassword, newPassword } = req.body;
+  if (!currentPassword || !newPassword) return res.status(400).json({ error: 'Felder erforderlich' });
+  if (newPassword.length < 6) return res.status(400).json({ error: 'Neues Passwort zu kurz (min. 6 Zeichen)' });
+  const user = db.prepare('SELECT * FROM users WHERE id = ?').get(req.user.id);
+  if (!bcrypt.compareSync(currentPassword, user.password_hash)) {
+    return res.status(401).json({ error: 'Aktuelles Passwort falsch' });
+  }
+  const hash = bcrypt.hashSync(newPassword, 12);
+  db.prepare('UPDATE users SET password_hash = ? WHERE id = ?').run(hash, req.user.id);
+  res.json({ ok: true });
+});
+
+router.delete('/me', requireAuth, (req, res) => {
+  const { password } = req.body;
+  const user = db.prepare('SELECT * FROM users WHERE id = ?').get(req.user.id);
+  if (!bcrypt.compareSync(password, user.password_hash)) {
+    return res.status(401).json({ error: 'Passwort falsch' });
+  }
+  const tables = ['timetable','homework','grades','absences','todos','countdowns','quicklinks','chat_messages'];
+  tables.forEach(t => db.prepare(`DELETE FROM ${t} WHERE user_id = ?`).run(req.user.id));
+  deleteUserFiles(req.user.id);
+  db.prepare('DELETE FROM users WHERE id = ?').run(req.user.id);
+  res.clearCookie('token');
+  res.json({ ok: true });
+});
+
+// --- ADMIN ---
+function requireAdmin(req, res, next) {
+  if (req.user.role !== 'admin') return res.status(403).json({ error: 'Keine Administratorrechte' });
+  next();
+}
+
+function logAdmin(adminId, action, targetId = null, details = null) {
+  db.prepare('INSERT INTO admin_logs (admin_id, action, target_id, details) VALUES (?, ?, ?, ?)')
+    .run(adminId, action, targetId, details ? JSON.stringify(details) : null);
+}
+
+router.get('/admin/users', requireAuth, requireAdmin, (req, res) => {
+  const { role, status } = req.query;
+  let sql = 'SELECT id, username, email, role, status, created_at FROM users';
+  const params = [];
+  const conditions = [];
+  if (role) { conditions.push('role = ?'); params.push(role); }
+  if (status) { conditions.push('status = ?'); params.push(status); }
+  if (conditions.length) sql += ' WHERE ' + conditions.join(' AND ');
+  sql += ' ORDER BY created_at DESC';
+  res.json(db.prepare(sql).all(...params));
+});
+
+router.post('/admin/teachers/:id/approve', requireAuth, requireAdmin, (req, res) => {
+  const target = db.prepare('SELECT id, role FROM users WHERE id = ?').get(req.params.id);
+  if (!target) return res.status(404).json({ error: 'Benutzer nicht gefunden' });
+  if (target.role !== 'teacher') return res.status(400).json({ error: 'Kein Lehrerkonto' });
+  db.prepare('UPDATE users SET status = ? WHERE id = ?').run('active', req.params.id);
+  logAdmin(req.user.id, 'teacher_approve', Number(req.params.id));
+  res.json({ ok: true });
+});
+
+router.post('/admin/teachers/:id/reject', requireAuth, requireAdmin, (req, res) => {
+  const target = db.prepare('SELECT id, role FROM users WHERE id = ?').get(req.params.id);
+  if (!target) return res.status(404).json({ error: 'Benutzer nicht gefunden' });
+  if (target.role !== 'teacher') return res.status(400).json({ error: 'Kein Lehrerkonto' });
+  db.prepare('UPDATE users SET status = ? WHERE id = ?').run('rejected', req.params.id);
+  logAdmin(req.user.id, 'teacher_reject', Number(req.params.id));
+  res.json({ ok: true });
+});
+
+router.patch('/admin/users/:id', requireAuth, requireAdmin, (req, res) => {
+  const { role, status } = req.body;
+  const allowed_roles = ['student', 'teacher', 'admin'];
+  const allowed_status = ['active', 'pending', 'banned', 'rejected'];
+  if (role && !allowed_roles.includes(role)) return res.status(400).json({ error: 'Ungültige Rolle' });
+  if (status && !allowed_status.includes(status)) return res.status(400).json({ error: 'Ungültiger Status' });
+  if (!role && !status) return res.status(400).json({ error: 'Keine Änderung angegeben' });
+
+  const target = db.prepare('SELECT id FROM users WHERE id = ?').get(req.params.id);
+  if (!target) return res.status(404).json({ error: 'Benutzer nicht gefunden' });
+
+  if (role) db.prepare('UPDATE users SET role = ? WHERE id = ?').run(role, req.params.id);
+  if (status) db.prepare('UPDATE users SET status = ? WHERE id = ?').run(status, req.params.id);
+  logAdmin(req.user.id, 'user_update', Number(req.params.id), { role, status });
+  res.json({ ok: true });
+});
+
+router.delete('/admin/users/:id', requireAuth, requireAdmin, (req, res) => {
+  const target = db.prepare('SELECT id FROM users WHERE id = ?').get(req.params.id);
+  if (!target) return res.status(404).json({ error: 'Benutzer nicht gefunden' });
+  if (Number(req.params.id) === req.user.id) return res.status(400).json({ error: 'Eigenes Konto kann nicht gelöscht werden' });
+  const tables = ['timetable','homework','grades','absences','todos','countdowns','quicklinks','chat_messages'];
+  tables.forEach(t => db.prepare(`DELETE FROM ${t} WHERE user_id = ?`).run(req.params.id));
+  deleteUserFiles(Number(req.params.id));
+  db.prepare('DELETE FROM users WHERE id = ?').run(req.params.id);
+  logAdmin(req.user.id, 'user_delete', Number(req.params.id));
+  res.json({ ok: true });
+});
+
+router.get('/admin/tickets', requireAuth, requireAdmin, (req, res) => {
+  const tickets = db.prepare(`
+    SELECT t.id, t.user_id, t.subject, t.message, t.status, t.created_at,
+           u.username, u.email
+    FROM support_tickets t
+    JOIN users u ON u.id = t.user_id
+    ORDER BY t.created_at DESC
+  `).all();
+  res.json(tickets);
+});
+
+router.patch('/admin/tickets/:id', requireAuth, requireAdmin, (req, res) => {
+  const allowed = ['open', 'in_progress', 'closed'];
+  const { status } = req.body;
+  if (!status || !allowed.includes(status)) return res.status(400).json({ error: 'Ungültiger Status' });
+  const ticket = db.prepare('SELECT id FROM support_tickets WHERE id = ?').get(req.params.id);
+  if (!ticket) return res.status(404).json({ error: 'Ticket nicht gefunden' });
+  db.prepare('UPDATE support_tickets SET status = ? WHERE id = ?').run(status, req.params.id);
+  logAdmin(req.user.id, 'ticket_update', Number(req.params.id), { status });
+  res.json({ ok: true });
+});
+
+router.get('/admin/logs', requireAuth, requireAdmin, (req, res) => {
+  const logs = db.prepare(`
+    SELECT l.id, l.action, l.target_id, l.details, l.created_at,
+           u.username AS admin_username
+    FROM admin_logs l
+    JOIN users u ON u.id = l.admin_id
+    ORDER BY l.created_at DESC
+    LIMIT 500
+  `).all();
+  res.json(logs);
+});
+
+router.get('/admin/usage', requireAuth, requireAdmin, (req, res) => {
+  const users = db.prepare('SELECT id, username, email, role, status FROM users ORDER BY username').all();
+  const tables = ['timetable','homework','grades','absences','todos','countdowns','quicklinks','support_tickets'];
+  const usage = users.map(u => {
+    const counts = {};
+    tables.forEach(t => {
+      const col = t === 'support_tickets' ? 'user_id' : 'user_id';
+      counts[t] = db.prepare(`SELECT COUNT(*) AS c FROM ${t} WHERE user_id = ?`).get(u.id).c;
+    });
+    return { ...u, counts };
+  });
+  res.json(usage);
+});
+
+// --- SUPPORT TICKETS (user-facing) ---
+router.get('/tickets', requireAuth, (req, res) => {
+  res.json(db.prepare('SELECT id, subject, message, status, created_at FROM support_tickets WHERE user_id = ? ORDER BY created_at DESC').all(req.user.id));
+});
+
+router.post('/tickets', requireAuth, (req, res) => {
+  const { subject, message } = req.body;
+  if (!subject || !message) return res.status(400).json({ error: 'Betreff und Nachricht erforderlich' });
+  if (typeof subject !== 'string' || typeof message !== 'string') return res.status(400).json({ error: 'Ungültige Eingabe' });
+  const subjectT = subject.trim(), messageT = message.trim();
+  if (!subjectT || !messageT) return res.status(400).json({ error: 'Felder dürfen nicht leer sein' });
+  if (subjectT.length > 200) return res.status(400).json({ error: 'Betreff zu lang (max. 200 Zeichen)' });
+  if (messageT.length > 5000) return res.status(400).json({ error: 'Nachricht zu lang (max. 5000 Zeichen)' });
+  const result = db.prepare('INSERT INTO support_tickets (user_id, subject, message) VALUES (?, ?, ?)').run(req.user.id, subjectT, messageT);
+  res.json({ id: result.lastInsertRowid });
+});
+
+const ticketMsgLimiter = rateLimit({
+  windowMs: 60 * 1000,
+  max: 15,
+  keyGenerator: (req) => String(req.user.id),
+  message: { error: 'Zu viele Nachrichten. Bitte warten.' },
+  standardHeaders: true,
+  legacyHeaders: false,
+  validate: { keyGeneratorIpFallback: false },
+});
+
+router.get('/tickets/:id/messages', requireAuth, (req, res) => {
+  const ticket = db.prepare('SELECT id, user_id FROM support_tickets WHERE id = ?').get(req.params.id);
+  if (!ticket) return res.status(404).json({ error: 'Ticket nicht gefunden' });
+  if (req.user.role !== 'admin' && ticket.user_id !== req.user.id) return res.status(403).json({ error: 'Kein Zugriff' });
+  const messages = db.prepare(`
+    SELECT m.id, m.message, m.created_at, u.username, u.role
+    FROM ticket_messages m
+    JOIN users u ON u.id = m.sender_id
+    WHERE m.ticket_id = ?
+    ORDER BY m.created_at ASC
+  `).all(req.params.id);
+  res.json(messages);
+});
+
+router.post('/tickets/:id/messages', requireAuth, ticketMsgLimiter, (req, res) => {
+  const { message } = req.body;
+  if (!message || typeof message !== 'string') return res.status(400).json({ error: 'Nachricht erforderlich' });
+  const trimmed = message.trim();
+  if (!trimmed) return res.status(400).json({ error: 'Nachricht darf nicht leer sein' });
+  if (trimmed.length > 5000) return res.status(400).json({ error: 'Nachricht zu lang (max. 5000 Zeichen)' });
+  const ticket = db.prepare('SELECT id, user_id, status FROM support_tickets WHERE id = ?').get(req.params.id);
+  if (!ticket) return res.status(404).json({ error: 'Ticket nicht gefunden' });
+  if (req.user.role !== 'admin' && ticket.user_id !== req.user.id) return res.status(403).json({ error: 'Kein Zugriff' });
+  if (ticket.status === 'closed') return res.status(400).json({ error: 'Ticket ist geschlossen' });
+  db.prepare('INSERT INTO ticket_messages (ticket_id, sender_id, message) VALUES (?, ?, ?)').run(ticket.id, req.user.id, trimmed);
+  if (req.user.role === 'admin' && ticket.status === 'open') {
+    db.prepare("UPDATE support_tickets SET status = 'in_progress' WHERE id = ?").run(ticket.id);
+  }
+  res.json({ ok: true });
+});
+
+// --- CLASS EVENTS (shared, no user filter for GET) ---
+router.get('/class-events', (req, res) => {
+  res.json(db.prepare('SELECT * FROM class_events ORDER BY date ASC').all());
+});
+
+router.post('/class-events', requireAuth, (req, res) => {
+  const { type, title, date, date_end, description } = req.body;
+  if (!type || !title) return res.status(400).json({ error: 'Typ und Titel erforderlich' });
+  const result = db.prepare('INSERT INTO class_events (type, title, date, date_end, description, created_by) VALUES (?,?,?,?,?,?)')
+    .run(type, title, date||null, date_end||null, description||null, req.user.id);
+  res.json({ id: result.lastInsertRowid });
+});
+
+router.delete('/class-events/:id', requireAuth, (req, res) => {
+  db.prepare('DELETE FROM class_events WHERE id = ?').run(req.params.id);
+  res.json({ ok: true });
+});
+
+// --- CHAT ---
+const chatLimiter = rateLimit({
+  windowMs: 30 * 1000,
+  max: 5,
+  keyGenerator: (req) => String(req.user.id),
+  message: { error: 'Zu viele Nachrichten. Bitte 30 Sekunden warten.' },
+  standardHeaders: true,
+  legacyHeaders: false,
+  validate: { keyGeneratorIpFallback: false },
+});
+
+const CLASS_ID = 'info1';
+const CHAT_MAX_LEN = 500;
+
+router.get('/chat', requireAuth, (req, res) => {
+  const after = parseInt(req.query.after, 10) || 0;
+  const msgs = after
+    ? db.prepare(`
+        SELECT m.id, m.content, m.created_at, u.username
+        FROM chat_messages m
+        JOIN users u ON u.id = m.user_id
+        WHERE m.class_id = ? AND m.id > ?
+        ORDER BY m.id ASC
+      `).all(CLASS_ID, after)
+    : db.prepare(`
+        SELECT m.id, m.content, m.created_at, u.username
+        FROM chat_messages m
+        JOIN users u ON u.id = m.user_id
+        WHERE m.class_id = ?
+        ORDER BY m.id DESC
+        LIMIT 50
+      `).all(CLASS_ID).reverse();
+  res.json(msgs);
+});
+
+router.post('/chat', requireAuth, chatLimiter, (req, res) => {
+  const { content } = req.body;
+  if (!content || typeof content !== 'string') return res.status(400).json({ error: 'Nachricht erforderlich' });
+  const trimmed = content.trim();
+  if (!trimmed) return res.status(400).json({ error: 'Nachricht darf nicht leer sein' });
+  if (trimmed.length > CHAT_MAX_LEN) return res.status(400).json({ error: `Nachricht zu lang (max. ${CHAT_MAX_LEN} Zeichen)` });
+  const result = db.prepare('INSERT INTO chat_messages (user_id, class_id, content) VALUES (?, ?, ?)').run(req.user.id, CLASS_ID, trimmed);
+  const msg = db.prepare(`
+    SELECT m.id, m.content, m.created_at, u.username
+    FROM chat_messages m JOIN users u ON u.id = m.user_id
+    WHERE m.id = ?
+  `).get(result.lastInsertRowid);
+  res.json(msg);
+});
+
+router.delete('/chat/:id', requireAuth, (req, res) => {
+  const msg = db.prepare('SELECT id, user_id FROM chat_messages WHERE id = ?').get(req.params.id);
+  if (!msg) return res.status(404).json({ error: 'Nachricht nicht gefunden' });
+  if (msg.user_id !== req.user.id && req.user.role !== 'admin') return res.status(403).json({ error: 'Keine Berechtigung' });
+  db.prepare('DELETE FROM chat_messages WHERE id = ?').run(req.params.id);
+  res.json({ ok: true });
+});
+
+// --- PERSONAL CRUD ---
+function crudRoutes(path, table, fields) {
+  router.get(`/${path}`, requireAuth, (req, res) => {
+    res.json(db.prepare(`SELECT * FROM ${table} WHERE user_id = ?`).all(req.user.id));
+  });
+  router.post(`/${path}`, requireAuth, (req, res) => {
+    const vals = fields.map(f => req.body[f] ?? null);
+    const cols = ['user_id', ...fields].join(', ');
+    const placeholders = ['?', ...fields.map(() => '?')].join(', ');
+    const result = db.prepare(`INSERT INTO ${table} (${cols}) VALUES (${placeholders})`).run(req.user.id, ...vals);
+    res.json({ id: result.lastInsertRowid });
+  });
+  router.put(`/${path}/:id`, requireAuth, (req, res) => {
+    const sets = fields.map(f => `${f} = ?`).join(', ');
+    const vals = fields.map(f => req.body[f] ?? null);
+    db.prepare(`UPDATE ${table} SET ${sets} WHERE id = ? AND user_id = ?`).run(...vals, req.params.id, req.user.id);
+    res.json({ ok: true });
+  });
+  router.delete(`/${path}/:id`, requireAuth, (req, res) => {
+    db.prepare(`DELETE FROM ${table} WHERE id = ? AND user_id = ?`).run(req.params.id, req.user.id);
+    res.json({ ok: true });
+  });
+}
+
+crudRoutes('timetable', 'timetable', ['day', 'time_start', 'time_end', 'subject', 'room', 'teacher']);
+crudRoutes('homework', 'homework', ['subject', 'title', 'due_date', 'done']);
+crudRoutes('grades', 'grades', ['subject', 'grade', 'type', 'note']);
+crudRoutes('absences', 'absences', ['date', 'subject', 'reason']);
+crudRoutes('todos', 'todos', ['title', 'done']);
+crudRoutes('countdowns', 'countdowns', ['title', 'target_date']);
+crudRoutes('quicklinks', 'quicklinks', ['label', 'url']);
+
+module.exports = router;