Bump version to 0.1.6.0

Bug 1: Special-Kuratoren für Special-Puzzles berücksichtigen
- Kommentare zu Special-Puzzles werden jetzt korrekt an Special-Kuratoren geroutet
- Logik erweitert: Prüft zuerst puzzle.specialId, dann genreId, dann global
- Special-Kuratoren werden über CuratorSpecial abgerufen

Bug 2: Prisma Schema konsistent mit Migration
- onDelete: SetNull zur genre-Relation in CuratorComment hinzugefügt
- Entspricht jetzt dem Foreign Key Constraint in der Migration

app/api/curator-comment/route.ts

@@ -0,0 +1,194 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { PrismaClient } from '@prisma/client';
+import { rateLimit } from '@/lib/rateLimit';
+
+const prisma = new PrismaClient();
+
+export async function POST(request: NextRequest) {
+    // Rate limiting: 3 requests per minute
+    const rateLimitError = rateLimit(request, { windowMs: 60000, maxRequests: 3 });
+    if (rateLimitError) return rateLimitError;
+
+    try {
+        const { puzzleId, genreId, message, playerIdentifier } = await request.json();
+
+        // Validate required fields
+        if (!puzzleId || !message || !playerIdentifier) {
+            return NextResponse.json(
+                { error: 'puzzleId, message, and playerIdentifier are required' },
+                { status: 400 }
+            );
+        }
+
+        // Message validation: max 2000 characters, no empty message
+        const trimmedMessage = message.trim();
+        if (trimmedMessage.length === 0) {
+            return NextResponse.json(
+                { error: 'Message cannot be empty' },
+                { status: 400 }
+            );
+        }
+        if (trimmedMessage.length > 2000) {
+            return NextResponse.json(
+                { error: 'Message too long. Maximum 2000 characters allowed.' },
+                { status: 400 }
+            );
+        }
+
+        // PlayerIdentifier validation: Check if it exists in PlayerState
+        const playerState = await prisma.playerState.findFirst({
+            where: {
+                identifier: playerIdentifier
+            }
+        });
+
+        if (!playerState) {
+            return NextResponse.json(
+                { error: 'Invalid player identifier' },
+                { status: 400 }
+            );
+        }
+
+        // Puzzle validation: Check if puzzle exists and matches genreId
+        const puzzle = await prisma.dailyPuzzle.findUnique({
+            where: { id: Number(puzzleId) },
+            include: {
+                song: true
+            }
+        });
+
+        if (!puzzle) {
+            return NextResponse.json(
+                { error: 'Puzzle not found' },
+                { status: 404 }
+            );
+        }
+
+        // Validate genreId matches puzzle (if genreId is provided)
+        if (genreId !== null && genreId !== undefined) {
+            if (puzzle.genreId !== Number(genreId)) {
+                return NextResponse.json(
+                    { error: 'Puzzle does not match the provided genre' },
+                    { status: 400 }
+                );
+            }
+        } else {
+            // If no genreId provided, use puzzle's genreId
+            // For global puzzles, genreId is null
+        }
+
+        // Rate limit check: Check if comment already exists for this playerIdentifier + puzzleId
+        const existingComment = await prisma.curatorComment.findUnique({
+            where: {
+                playerIdentifier_puzzleId: {
+                    playerIdentifier: playerIdentifier,
+                    puzzleId: Number(puzzleId)
+                }
+            }
+        });
+
+        if (existingComment) {
+            return NextResponse.json(
+                { error: 'You have already sent a comment for this puzzle' },
+                { status: 429 }
+            );
+        }
+
+        // Determine responsible curators
+        const finalGenreId = genreId !== null && genreId !== undefined ? Number(genreId) : puzzle.genreId;
+        const specialId = puzzle.specialId;
+
+        let curatorIds: number[] = [];
+        const allCuratorIds = new Set<number>();
+
+        // Get all global curators (always included)
+        const globalCurators = await prisma.curator.findMany({
+            where: {
+                isGlobalCurator: true
+            },
+            select: {
+                id: true
+            }
+        });
+        globalCurators.forEach(gc => allCuratorIds.add(gc.id));
+
+        // Check for special puzzle first (takes precedence)
+        if (specialId !== null) {
+            // Special puzzle: Get curators for this special + all global curators
+            const specialCurators = await prisma.curatorSpecial.findMany({
+                where: {
+                    specialId: specialId
+                },
+                select: {
+                    curatorId: true
+                }
+            });
+            specialCurators.forEach(cs => allCuratorIds.add(cs.curatorId));
+        } else if (finalGenreId !== null) {
+            // Genre puzzle: Get curators for this genre + all global curators
+            const genreCurators = await prisma.curatorGenre.findMany({
+                where: {
+                    genreId: finalGenreId
+                },
+                select: {
+                    curatorId: true
+                }
+            });
+            genreCurators.forEach(cg => allCuratorIds.add(cg.curatorId));
+        }
+        // else: Global puzzle - only global curators (already added above)
+
+        curatorIds = Array.from(allCuratorIds);
+
+        if (curatorIds.length === 0) {
+            return NextResponse.json(
+                { error: 'No curators found for this puzzle' },
+                { status: 500 }
+            );
+        }
+
+        // Create comment and recipients in a transaction
+        const result = await prisma.$transaction(async (tx) => {
+            // Create the comment
+            const comment = await tx.curatorComment.create({
+                data: {
+                    playerIdentifier: playerIdentifier,
+                    puzzleId: Number(puzzleId),
+                    genreId: finalGenreId,
+                    message: trimmedMessage
+                }
+            });
+
+            // Create recipients for all curators
+            await tx.curatorCommentRecipient.createMany({
+                data: curatorIds.map(curatorId => ({
+                    commentId: comment.id,
+                    curatorId: curatorId
+                }))
+            });
+
+            return comment;
+        });
+
+        return NextResponse.json({
+            success: true,
+            commentId: result.id
+        });
+    } catch (error) {
+        console.error('Error creating curator comment:', error);
+        
+        // Handle unique constraint violation (shouldn't happen due to our check, but just in case)
+        if (error instanceof Error && error.message.includes('Unique constraint')) {
+            return NextResponse.json(
+                { error: 'You have already sent a comment for this puzzle' },
+                { status: 429 }
+            );
+        }
+
+        return NextResponse.json(
+            { error: 'Internal Server Error' },
+            { status: 500 }
+        );
+    }
+}
+

app/api/curator-comments/[id]/archive/route.ts

@@ -0,0 +1,66 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { PrismaClient } from '@prisma/client';
+import { requireStaffAuth } from '@/lib/auth';
+
+const prisma = new PrismaClient();
+
+export async function POST(
+    request: NextRequest,
+    { params }: { params: Promise<{ id: string }> }
+) {
+    // Require curator authentication
+    const { error, context } = await requireStaffAuth(request);
+    if (error || !context) {
+        return error!;
+    }
+
+    // Only curators can archive comments
+    if (context.role !== 'curator') {
+        return NextResponse.json(
+            { error: 'Only curators can archive comments' },
+            { status: 403 }
+        );
+    }
+
+    try {
+        const { id } = await params;
+        const commentId = Number(id);
+        const curatorId = context.curator.id;
+
+        // Verify that this comment belongs to this curator
+        const recipient = await prisma.curatorCommentRecipient.findUnique({
+            where: {
+                commentId_curatorId: {
+                    commentId: commentId,
+                    curatorId: curatorId
+                }
+            }
+        });
+
+        if (!recipient) {
+            return NextResponse.json(
+                { error: 'Comment not found or access denied' },
+                { status: 404 }
+            );
+        }
+
+        // Update archived flag
+        await prisma.curatorCommentRecipient.update({
+            where: {
+                id: recipient.id
+            },
+            data: {
+                archived: true
+            }
+        });
+
+        return NextResponse.json({ success: true });
+    } catch (error) {
+        console.error('Error archiving comment:', error);
+        return NextResponse.json(
+            { error: 'Internal Server Error' },
+            { status: 500 }
+        );
+    }
+}
+

app/api/curator-comments/[id]/read/route.ts

@@ -0,0 +1,66 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { PrismaClient } from '@prisma/client';
+import { requireStaffAuth } from '@/lib/auth';
+
+const prisma = new PrismaClient();
+
+export async function POST(
+    request: NextRequest,
+    { params }: { params: Promise<{ id: string }> }
+) {
+    // Require curator authentication
+    const { error, context } = await requireStaffAuth(request);
+    if (error || !context) {
+        return error!;
+    }
+
+    // Only curators can mark comments as read
+    if (context.role !== 'curator') {
+        return NextResponse.json(
+            { error: 'Only curators can mark comments as read' },
+            { status: 403 }
+        );
+    }
+
+    try {
+        const { id } = await params;
+        const commentId = Number(id);
+        const curatorId = context.curator.id;
+
+        // Verify that this comment belongs to this curator
+        const recipient = await prisma.curatorCommentRecipient.findUnique({
+            where: {
+                commentId_curatorId: {
+                    commentId: commentId,
+                    curatorId: curatorId
+                }
+            }
+        });
+
+        if (!recipient) {
+            return NextResponse.json(
+                { error: 'Comment not found or access denied' },
+                { status: 404 }
+            );
+        }
+
+        // Update readAt timestamp
+        await prisma.curatorCommentRecipient.update({
+            where: {
+                id: recipient.id
+            },
+            data: {
+                readAt: new Date()
+            }
+        });
+
+        return NextResponse.json({ success: true });
+    } catch (error) {
+        console.error('Error marking comment as read:', error);
+        return NextResponse.json(
+            { error: 'Internal Server Error' },
+            { status: 500 }
+        );
+    }
+}
+

app/api/curator-comments/route.ts

@@ -0,0 +1,139 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { PrismaClient } from '@prisma/client';
+import { requireStaffAuth } from '@/lib/auth';
+
+const prisma = new PrismaClient();
+
+export async function GET(request: NextRequest) {
+    // Require curator authentication
+    const { error, context } = await requireStaffAuth(request);
+    if (error || !context) {
+        return error!;
+    }
+
+    // Only curators can view comments (not admins directly)
+    if (context.role !== 'curator') {
+        return NextResponse.json(
+            { error: 'Only curators can view comments' },
+            { status: 403 }
+        );
+    }
+
+    try {
+        const curatorId = context.curator.id;
+
+        // Get all non-archived comments for this curator, ordered by creation date (newest first)
+        const comments = await prisma.curatorCommentRecipient.findMany({
+            where: {
+                curatorId: curatorId,
+                archived: false
+            },
+            include: {
+                comment: {
+                    include: {
+                        puzzle: {
+                            include: {
+                                song: {
+                                    select: {
+                                        title: true,
+                                        artist: true
+                                    }
+                                },
+                                genre: {
+                                    select: {
+                                        id: true,
+                                        name: true
+                                    }
+                                },
+                                special: {
+                                    select: {
+                                        id: true,
+                                        name: true
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            },
+            orderBy: {
+                comment: {
+                    createdAt: 'desc'
+                }
+            }
+        });
+
+        // Format the response with puzzle context
+        const formattedComments = await Promise.all(comments.map(async (recipient) => {
+            const puzzle = recipient.comment.puzzle;
+            
+            // Calculate puzzle number
+            let puzzleNumber = 0;
+            if (puzzle.specialId) {
+                // Special puzzle
+                puzzleNumber = await prisma.dailyPuzzle.count({
+                    where: {
+                        specialId: puzzle.specialId,
+                        date: {
+                            lte: puzzle.date
+                        }
+                    }
+                });
+            } else if (puzzle.genreId) {
+                // Genre puzzle
+                puzzleNumber = await prisma.dailyPuzzle.count({
+                    where: {
+                        genreId: puzzle.genreId,
+                        date: {
+                            lte: puzzle.date
+                        }
+                    }
+                });
+            } else {
+                // Global puzzle
+                puzzleNumber = await prisma.dailyPuzzle.count({
+                    where: {
+                        genreId: null,
+                        specialId: null,
+                        date: {
+                            lte: puzzle.date
+                        }
+                    }
+                });
+            }
+
+            return {
+                id: recipient.comment.id,
+                message: recipient.comment.message,
+                createdAt: recipient.comment.createdAt,
+                readAt: recipient.readAt,
+                puzzle: {
+                    id: puzzle.id,
+                    date: puzzle.date,
+                    puzzleNumber: puzzleNumber,
+                    song: {
+                        title: puzzle.song.title,
+                        artist: puzzle.song.artist
+                    },
+                    genre: puzzle.genre ? {
+                        id: puzzle.genre.id,
+                        name: puzzle.genre.name
+                    } : null,
+                    special: puzzle.special ? {
+                        id: puzzle.special.id,
+                        name: puzzle.special.name
+                    } : null
+                }
+            };
+        }));
+
+        return NextResponse.json(formattedComments);
+    } catch (error) {
+        console.error('Error fetching curator comments:', error);
+        return NextResponse.json(
+            { error: 'Internal Server Error' },
+            { status: 500 }
+        );
+    }
+}
+

app/api/songs/route.ts

@@ -469,51 +469,55 @@ export async function PUT(request: Request) {
             };
         }
 
-        // Handle SpecialSong relations separately
+        // Execute all database write operations in a transaction to ensure consistency
-        if (effectiveSpecialIds !== undefined) {
+        const updatedSong = await prisma.$transaction(async (tx) => {
-            // First, get current special assignments
+            // Handle SpecialSong relations separately
-            const currentSpecials = await prisma.specialSong.findMany({
+            if (effectiveSpecialIds !== undefined) {
-                where: { songId: Number(id) }
+                // First, get current special assignments (within transaction)
-            });
+                const currentSpecials = await tx.specialSong.findMany({
-
+                    where: { songId: Number(id) }
-            const currentSpecialIds = currentSpecials.map(ss => ss.specialId);
-            const newSpecialIds = effectiveSpecialIds as number[];
-
-            // Delete removed specials
-            const toDelete = currentSpecialIds.filter(sid => !newSpecialIds.includes(sid));
-            if (toDelete.length > 0) {
-                await prisma.specialSong.deleteMany({
-                    where: {
-                        songId: Number(id),
-                        specialId: { in: toDelete }
-                    }
                 });
-            }
 
-            // Add new specials
+                const currentSpecialIds = currentSpecials.map(ss => ss.specialId);
-            const toAdd = newSpecialIds.filter(sid => !currentSpecialIds.includes(sid));
+                const newSpecialIds = effectiveSpecialIds as number[];
-            if (toAdd.length > 0) {
-                await prisma.specialSong.createMany({
-                    data: toAdd.map(specialId => ({
-                        songId: Number(id),
-                        specialId,
-                        startTime: 0
-                    }))
-                });
-            }
-        }
 
-        const updatedSong = await prisma.song.update({
+                // Delete removed specials
-            where: { id: Number(id) },
+                const toDelete = currentSpecialIds.filter(sid => !newSpecialIds.includes(sid));
-            data,
+                if (toDelete.length > 0) {
-            include: {
+                    await tx.specialSong.deleteMany({
-                genres: true,
+                        where: {
-                specials: {
+                            songId: Number(id),
-                    include: {
+                            specialId: { in: toDelete }
-                        special: true
+                        }
-                    }
+                    });
+                }
+
+                // Add new specials
+                const toAdd = newSpecialIds.filter(sid => !currentSpecialIds.includes(sid));
+                if (toAdd.length > 0) {
+                    await tx.specialSong.createMany({
+                        data: toAdd.map(specialId => ({
+                            songId: Number(id),
+                            specialId,
+                            startTime: 0
+                        }))
+                    });
                 }
             }
+
+            // Update song (this also handles genre relations via Prisma's set operation)
+            return await tx.song.update({
+                where: { id: Number(id) },
+                data,
+                include: {
+                    genres: true,
+                    specials: {
+                        include: {
+                            special: true
+                        }
+                    }
+                }
+            });
         });
 
         return NextResponse.json(updatedSong);
@@ -559,7 +563,7 @@ export async function DELETE(request: Request) {
             }
         }
 
-        // Delete file
+        // Delete files first (outside transaction, as file system operations can't be rolled back)
         const filePath = path.join(process.cwd(), 'public/uploads', song.filename);
         try {
             await unlink(filePath);
@@ -578,9 +582,11 @@ export async function DELETE(request: Request) {
             }
         }
 
-        // Delete from database (will cascade delete related puzzles)
+        // Delete from database in transaction (will cascade delete related puzzles, SpecialSong, etc.)
-        await prisma.song.delete({
+        await prisma.$transaction(async (tx) => {
-            where: { id: Number(id) },
+            await tx.song.delete({
+                where: { id: Number(id) },
+            });
         });
 
         return NextResponse.json({ success: true });

components/Game.tsx

@@ -13,6 +13,7 @@ import type { ExternalPuzzle } from '@/lib/externalPuzzles';
 import { getRandomExternalPuzzle } from '@/lib/externalPuzzles';
 import { hasPlayedAllDailyPuzzlesForToday, hasSeenExtraPuzzlesPopoverToday, markDailyPuzzlePlayedToday, markExtraPuzzlesPopoverShownToday } from '@/lib/extraPuzzlesTracker';
 import { sendGotifyNotification, submitRating } from '../app/actions';
+import { getOrCreatePlayerId } from '@/lib/playerId';
 
 // Plausible Analytics
 declare global {
@@ -60,6 +61,10 @@ export default function Game({ dailyPuzzle, genre = null, isSpecial = false, max
     const [showExtraPuzzlesPopover, setShowExtraPuzzlesPopover] = useState(false);
     const [extraPuzzle, setExtraPuzzle] = useState<ExternalPuzzle | null>(null);
     const audioPlayerRef = useRef<AudioPlayerRef>(null);
+    const [commentText, setCommentText] = useState('');
+    const [commentSending, setCommentSending] = useState(false);
+    const [commentSent, setCommentSent] = useState(false);
+    const [commentError, setCommentError] = useState<string | null>(null);
 
     useEffect(() => {
         const updateCountdown = () => {
@@ -134,6 +139,15 @@ export default function Game({ dailyPuzzle, genre = null, isSpecial = false, max
             } else {
                 setHasRated(false);
             }
+            
+            // Check if comment already sent for this puzzle
+            const playerIdentifier = getOrCreatePlayerId();
+            if (playerIdentifier) {
+                const commentedPuzzles = JSON.parse(localStorage.getItem(`${config.appName.toLowerCase()}_commented_puzzles`) || '[]');
+                if (commentedPuzzles.includes(dailyPuzzle.id)) {
+                    setCommentSent(true);
+                }
+            }
         }
     }, [dailyPuzzle]);
 
@@ -300,6 +314,59 @@ export default function Game({ dailyPuzzle, genre = null, isSpecial = false, max
         sendGotifyNotification(gameState.guesses.length, 'won', dailyPuzzle.id, genre, gameState.score);
     };
 
+    const handleCommentSubmit = async () => {
+        if (!commentText.trim() || commentSending || commentSent || !dailyPuzzle) {
+            return;
+        }
+
+        setCommentSending(true);
+        setCommentError(null);
+
+        try {
+            const playerIdentifier = getOrCreatePlayerId();
+            if (!playerIdentifier) {
+                throw new Error('Could not get player identifier');
+            }
+
+            // For specials, genreId should be null. For global, also null. For genres, we pass null and let API determine from puzzle
+            const genreId = isSpecial ? null : null; // API will determine from puzzle
+
+            const response = await fetch('/api/curator-comment', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    puzzleId: dailyPuzzle.id,
+                    genreId: genreId,
+                    message: commentText.trim(),
+                    playerIdentifier: playerIdentifier
+                })
+            });
+
+            const data = await response.json();
+
+            if (!response.ok) {
+                throw new Error(data.error || 'Failed to send comment');
+            }
+
+            setCommentSent(true);
+            setCommentText('');
+            
+            // Store in localStorage that comment was sent
+            const commentedPuzzles = JSON.parse(localStorage.getItem(`${config.appName.toLowerCase()}_commented_puzzles`) || '[]');
+            if (!commentedPuzzles.includes(dailyPuzzle.id)) {
+                commentedPuzzles.push(dailyPuzzle.id);
+                localStorage.setItem(`${config.appName.toLowerCase()}_commented_puzzles`, JSON.stringify(commentedPuzzles));
+            }
+        } catch (error) {
+            console.error('Error sending comment:', error);
+            setCommentError(error instanceof Error ? error.message : 'Failed to send comment');
+        } finally {
+            setCommentSending(false);
+        }
+    };
+
     const unlockedSeconds = unlockSteps[Math.min(gameState.guesses.length, unlockSteps.length - 1)];
 
     const handleShare = async () => {
@@ -532,6 +599,66 @@ export default function Game({ dailyPuzzle, genre = null, isSpecial = false, max
                             </button>
                         </div>
 
+                        {/* Comment Form */}
+                        {!commentSent && (
+                            <div style={{ marginTop: '1.5rem', padding: '1rem', background: 'rgba(255,255,255,0.5)', borderRadius: '0.5rem' }}>
+                                <h3 style={{ fontSize: '1rem', fontWeight: 'bold', marginBottom: '0.5rem' }}>
+                                    {t('sendComment')}
+                                </h3>
+                                <p style={{ fontSize: '0.85rem', color: 'var(--muted-foreground)', marginBottom: '0.75rem' }}>
+                                    {t('commentHelp')}
+                                </p>
+                                <textarea
+                                    value={commentText}
+                                    onChange={(e) => setCommentText(e.target.value)}
+                                    placeholder={t('commentPlaceholder')}
+                                    maxLength={2000}
+                                    style={{
+                                        width: '100%',
+                                        minHeight: '100px',
+                                        padding: '0.75rem',
+                                        borderRadius: '0.5rem',
+                                        border: '1px solid var(--border)',
+                                        fontSize: '0.9rem',
+                                        fontFamily: 'inherit',
+                                        resize: 'vertical',
+                                        marginBottom: '0.5rem'
+                                    }}
+                                    disabled={commentSending}
+                                />
+                                <div style={{ display: 'flex', justifyContent: 'space-between', alignItems: 'center', marginBottom: '0.5rem' }}>
+                                    <span style={{ fontSize: '0.75rem', color: 'var(--muted-foreground)' }}>
+                                        {commentText.length}/2000
+                                    </span>
+                                    {commentError && (
+                                        <span style={{ fontSize: '0.75rem', color: 'var(--danger)' }}>
+                                            {commentError}
+                                        </span>
+                                    )}
+                                </div>
+                                <button
+                                    onClick={handleCommentSubmit}
+                                    disabled={!commentText.trim() || commentSending || commentSent}
+                                    className="btn-primary"
+                                    style={{
+                                        width: '100%',
+                                        opacity: (!commentText.trim() || commentSending || commentSent) ? 0.5 : 1,
+                                        cursor: (!commentText.trim() || commentSending || commentSent) ? 'not-allowed' : 'pointer'
+                                    }}
+                                >
+                                    {commentSending ? t('sending') : t('sendComment')}
+                                </button>
+                            </div>
+                        )}
+
+                        {commentSent && (
+                            <div style={{ marginTop: '1.5rem', padding: '1rem', background: 'rgba(16, 185, 129, 0.1)', borderRadius: '0.5rem', border: '1px solid rgba(16, 185, 129, 0.3)' }}>
+                                <p style={{ fontSize: '0.9rem', color: 'var(--success)', textAlign: 'center' }}>
+                                    {t('commentSent')}
+                                </p>
+                            </div>
+                        )}
+
                         {statistics && <Statistics statistics={statistics} />}
                     </div>
                 )}

lib/dailyPuzzle.ts

@@ -49,13 +49,15 @@ export async function getOrCreateDailyPuzzle(genre: Genre | null = null) {
             // Calculate total weight
             const totalWeight = weightedSongs.reduce((sum, item) => sum + item.weight, 0);
 
-            // Pick a random song based on weights
+            // Pick a random song based on weights using cumulative weights
+            // This ensures proper distribution and handles edge cases
             let random = Math.random() * totalWeight;
-            let selectedSong = weightedSongs[0].song;
+            let selectedSong = weightedSongs[weightedSongs.length - 1].song; // Fallback to last song
 
+            let cumulativeWeight = 0;
             for (const item of weightedSongs) {
-                random -= item.weight;
+                cumulativeWeight += item.weight;
-                if (random <= 0) {
+                if (random <= cumulativeWeight) {
                     selectedSong = item.song;
                     break;
                 }
@@ -156,11 +158,13 @@ export async function getOrCreateSpecialPuzzle(special: Special) {
 
             const totalWeight = weightedSongs.reduce((sum, item) => sum + item.weight, 0);
             let random = Math.random() * totalWeight;
-            let selectedSpecialSong = weightedSongs[0].specialSong;
+            let selectedSpecialSong = weightedSongs[weightedSongs.length - 1].specialSong; // Fallback to last song
 
+            // Pick a random song based on weights using cumulative weights
+            let cumulativeWeight = 0;
             for (const item of weightedSongs) {
-                random -= item.weight;
+                cumulativeWeight += item.weight;
-                if (random <= 0) {
+                if (random <= cumulativeWeight) {
                     selectedSpecialSong = item.specialSong;
                     break;
                 }

messages/de.json

@@ -57,6 +57,13 @@
         "points": "Punkte",
         "skipBonus": "Bonus überspringen",
         "notQuite": "Nicht ganz!",
+        "sendComment": "Nachricht an Kurator senden",
+        "commentPlaceholder": "Schreibe eine Nachricht an die Kuratoren dieses Genres...",
+        "commentHelp": "Teile deine Gedanken zum Rätsel mit den Kuratoren. Deine Nachricht wird ihnen angezeigt.",
+        "commentSent": "✓ Nachricht gesendet! Vielen Dank für dein Feedback.",
+        "commentError": "Fehler beim Senden der Nachricht",
+        "commentRateLimited": "Du hast bereits eine Nachricht für dieses Rätsel gesendet.",
+        "sending": "Wird gesendet...",
         "youGuessed": "Du hast geraten",
         "actuallyReleasedIn": "Tatsächlich veröffentlicht in",
         "skipped": "Übersprungen",
@@ -232,7 +239,20 @@
       "loadingData": "Lade Daten...",
       "loggedInAs": "Eingeloggt als {username}",
       "globalCuratorSuffix": " (Globaler Kurator)",
-      "pageSizeLabel": "Pro Seite:"
+      "pageSizeLabel": "Pro Seite:",
+      "commentsTitle": "Kommentare",
+      "showComments": "Kommentare anzeigen",
+      "hideComments": "Kommentare ausblenden",
+      "loadingComments": "Kommentare werden geladen...",
+      "noComments": "Keine Kommentare vorhanden.",
+      "loadCommentsError": "Fehler beim Laden der Kommentare.",
+      "commentFromPuzzle": "Kommentar zu Puzzle",
+      "commentGenre": "Genre",
+      "unreadComment": "Ungelesen",
+      "archiveComment": "Archivieren",
+      "archiveCommentConfirm": "Möchtest du diesen Kommentar wirklich archivieren?",
+      "archiveCommentError": "Fehler beim Archivieren des Kommentars.",
+      "newComments": "neu"
     },
     "About": {
     "title": "Über Hördle & Impressum",

messages/en.json

@@ -57,6 +57,13 @@
         "points": "points",
         "skipBonus": "Skip Bonus",
         "notQuite": "Not quite!",
+        "sendComment": "Send message to curator",
+        "commentPlaceholder": "Write a message to the curators of this genre...",
+        "commentHelp": "Share your thoughts about the puzzle with the curators. Your message will be displayed to them.",
+        "commentSent": "✓ Message sent! Thank you for your feedback.",
+        "commentError": "Error sending message",
+        "commentRateLimited": "You have already sent a message for this puzzle.",
+        "sending": "Sending...",
         "youGuessed": "You guessed",
         "actuallyReleasedIn": "Actually released in",
         "skipped": "Skipped",
@@ -232,7 +239,20 @@
       "loadingData": "Loading data...",
       "loggedInAs": "Logged in as {username}",
       "globalCuratorSuffix": " (Global curator)",
-      "pageSizeLabel": "Per page:"
+      "pageSizeLabel": "Per page:",
+      "commentsTitle": "Comments",
+      "showComments": "Show comments",
+      "hideComments": "Hide comments",
+      "loadingComments": "Loading comments...",
+      "noComments": "No comments available.",
+      "loadCommentsError": "Error loading comments.",
+      "commentFromPuzzle": "Comment from puzzle",
+      "commentGenre": "Genre",
+      "unreadComment": "Unread",
+      "archiveComment": "Archive",
+      "archiveCommentConfirm": "Do you really want to archive this comment?",
+      "archiveCommentError": "Error archiving comment.",
+      "newComments": "new"
     },
   "About": {
     "title": "About Hördle & Imprint",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "hoerdle",
-  "version": "0.1.5.0",
+  "version": "0.1.6.0",
   "private": true,
   "scripts": {
     "dev": "next dev",

prisma/migrations/20251203223311_add_curator_comments/migration.sql

@@ -0,0 +1,34 @@
+-- CreateTable
+CREATE TABLE "CuratorComment" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "playerIdentifier" TEXT NOT NULL,
+    "puzzleId" INTEGER NOT NULL,
+    "genreId" INTEGER,
+    "message" TEXT NOT NULL,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    CONSTRAINT "CuratorComment_puzzleId_fkey" FOREIGN KEY ("puzzleId") REFERENCES "DailyPuzzle" ("id") ON DELETE CASCADE ON UPDATE CASCADE,
+    CONSTRAINT "CuratorComment_genreId_fkey" FOREIGN KEY ("genreId") REFERENCES "Genre" ("id") ON DELETE SET NULL ON UPDATE CASCADE
+);
+
+-- CreateTable
+CREATE TABLE "CuratorCommentRecipient" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "commentId" INTEGER NOT NULL,
+    "curatorId" INTEGER NOT NULL,
+    "readAt" DATETIME,
+    CONSTRAINT "CuratorCommentRecipient_commentId_fkey" FOREIGN KEY ("commentId") REFERENCES "CuratorComment" ("id") ON DELETE CASCADE ON UPDATE CASCADE,
+    CONSTRAINT "CuratorCommentRecipient_curatorId_fkey" FOREIGN KEY ("curatorId") REFERENCES "Curator" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "CuratorComment_playerIdentifier_puzzleId_key" ON "CuratorComment"("playerIdentifier", "puzzleId");
+
+-- CreateIndex
+CREATE INDEX "CuratorComment_genreId_idx" ON "CuratorComment"("genreId");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "CuratorCommentRecipient_commentId_curatorId_key" ON "CuratorCommentRecipient"("commentId", "curatorId");
+
+-- CreateIndex
+CREATE INDEX "CuratorCommentRecipient_curatorId_idx" ON "CuratorCommentRecipient"("curatorId");
+

prisma/migrations/20251203225222_add_archived_to_curator_comment_recipient/migration.sql

@@ -0,0 +1,3 @@
+-- AlterTable
+ALTER TABLE "CuratorCommentRecipient" ADD COLUMN "archived" BOOLEAN NOT NULL DEFAULT false;
+

prisma/schema.prisma

@@ -34,6 +34,7 @@ model Genre {
   songs Song[]
   dailyPuzzles DailyPuzzle[]
   curatorGenres CuratorGenre[]
+  comments CuratorComment[]
 }
 
 model Special {
@@ -73,6 +74,7 @@ model DailyPuzzle {
   genre     Genre?   @relation(fields: [genreId], references: [id])
   specialId Int?
   special   Special? @relation(fields: [specialId], references: [id])
+  comments  CuratorComment[]
 
   @@unique([date, genreId, specialId])
 }
@@ -114,6 +116,7 @@ model Curator {
 
   genres          CuratorGenre[]
   specials        CuratorSpecial[]
+  commentRecipients CuratorCommentRecipient[]
 }
 
 model CuratorGenre {
@@ -149,3 +152,32 @@ model PoliticalStatement {
 
   @@index([locale, active])
 }
+
+model CuratorComment {
+  id              Int                         @id @default(autoincrement())
+  playerIdentifier String
+  puzzleId        Int
+  puzzle          DailyPuzzle                 @relation(fields: [puzzleId], references: [id], onDelete: Cascade)
+  genreId         Int?
+  genre           Genre?                      @relation(fields: [genreId], references: [id], onDelete: SetNull)
+  message         String
+  createdAt       DateTime                    @default(now())
+  
+  recipients      CuratorCommentRecipient[]
+
+  @@unique([playerIdentifier, puzzleId])
+  @@index([genreId])
+}
+
+model CuratorCommentRecipient {
+  id        Int            @id @default(autoincrement())
+  commentId Int
+  comment   CuratorComment @relation(fields: [commentId], references: [id], onDelete: Cascade)
+  curatorId Int
+  curator   Curator        @relation(fields: [curatorId], references: [id], onDelete: Cascade)
+  readAt    DateTime?
+  archived  Boolean        @default(false)
+
+  @@unique([commentId, curatorId])
+  @@index([curatorId])
+}

scripts/backup-restic.sh

@@ -0,0 +1,77 @@
+#!/bin/bash
+# Restic backup script for Hördle deployment
+# Creates a backup snapshot with tags and handles errors gracefully
+
+set -e
+
+echo "💾 Creating Restic backup..."
+
+if ! command -v restic >/dev/null 2>&1; then
+    echo "⚠️  restic not found in PATH, skipping Restic backup"
+    exit 0
+fi
+
+# Check required environment variables
+if [ -z "$RESTIC_PASSWORD" ]; then
+    echo "⚠️  RESTIC_PASSWORD not set, skipping Restic backup"
+    exit 0
+fi
+
+if [ -z "$RESTIC_AUTH_USER" ] || [ -z "$RESTIC_AUTH_PASSWORD" ]; then
+    echo "⚠️  RESTIC_AUTH_USER or RESTIC_AUTH_PASSWORD not set, skipping Restic backup"
+    exit 0
+fi
+
+# Build repository URL
+RESTIC_REPO="rest:https://${RESTIC_AUTH_USER}:${RESTIC_AUTH_PASSWORD}@restic.elpatron.me/"
+
+# Get current commit hash for tagging
+CURRENT_COMMIT_SHORT="$(git rev-parse --short HEAD 2>/dev/null || echo 'unknown')"
+CURRENT_DATE="$(date +%Y-%m-%d)"
+
+# Export password for restic
+export RESTIC_PASSWORD
+
+# Check if repository exists, initialize if not
+if ! restic -r "$RESTIC_REPO" snapshots >/dev/null 2>&1; then
+    echo "   Initializing Restic repository..."
+    if ! restic -r "$RESTIC_REPO" init >/dev/null 2>&1; then
+        echo "⚠️  Failed to initialize Restic repository, skipping backup"
+        exit 0
+    fi
+fi
+
+# Create backup with tags
+# Backup important directories: backups, config files, but exclude node_modules, .git, etc.
+echo "   Creating Restic snapshot..."
+RESTIC_EXIT_CODE=0
+restic -r "$RESTIC_REPO" backup \
+    --tag deployment \
+    --tag hoerdle \
+    --tag "date:${CURRENT_DATE}" \
+    --tag "commit:${CURRENT_COMMIT_SHORT}" \
+    --exclude='.git' \
+    --exclude='node_modules' \
+    --exclude='.next' \
+    --exclude='*.log' \
+    ./backups \
+    ./data \
+    ./public/uploads \
+    docker-compose.yml \
+    .env \
+    package.json \
+    prisma/schema.prisma \
+    prisma/migrations \
+    scripts/ || RESTIC_EXIT_CODE=$?
+
+if [ $RESTIC_EXIT_CODE -eq 0 ]; then
+    echo "✅ Restic backup completed successfully"
+    exit 0
+elif [ $RESTIC_EXIT_CODE -eq 3 ]; then
+    echo "⚠️  Restic backup completed with warnings (some files could not be read), continuing..."
+    exit 0
+else
+    echo "⚠️  Restic backup failed (exit code: $RESTIC_EXIT_CODE), continuing deployment..."
+    exit 0
+fi
+

scripts/deploy.sh

@@ -1,10 +1,10 @@
 #!/bin/bash
 set -e
 
-echo "🚀 Starting optimized deployment..."
+echo "🚀 Starting optimized deployment with full rollback support..."
 
-# Backup database
+# Backup database (per Deployment, inkl. Metadaten für Rollback)
-echo "💾 Creating database backup..."
+echo "💾 Creating database backup for this deployment..."
 
 # Try to find database path from docker-compose.yml or .env
 DB_PATH=""
@@ -26,16 +26,29 @@ if [ -n "$DB_PATH" ]; then
     # Convert container path to host path if needed
     # /app/data/prod.db -> ./data/prod.db
     DB_PATH=$(echo "$DB_PATH" | sed 's|/app/|./|')
-    
+
     if [ -f "$DB_PATH" ]; then
         # Create backups directory
         mkdir -p ./backups
-        
+
         # Create timestamped backup
-        BACKUP_FILE="./backups/$(basename "$DB_PATH" .db)_$(date +%Y%m%d_%H%M%S).db"
+        DEPLOY_TS="$(date +%Y%m%d_%H%M%S)"
+        BACKUP_FILE="./backups/$(basename "$DB_PATH" .db)_${DEPLOY_TS}.db"
         cp "$DB_PATH" "$BACKUP_FILE"
         echo "✅ Database backed up to: $BACKUP_FILE"
-        
+
+        # Store metadata for restore (Timestamp, DB-Path, Git-Commit)
+        CURRENT_COMMIT="$(git rev-parse HEAD || echo 'unknown')"
+        {
+            echo "timestamp=${DEPLOY_TS}"
+            echo "db_path=${DB_PATH}"
+            echo "backup_file=${BACKUP_FILE}"
+            echo "git_commit=${CURRENT_COMMIT}"
+        } > "./backups/last_deploy.meta"
+
+        # Append to history manifest (eine Zeile pro Deployment)
+        echo "${DEPLOY_TS}|${DB_PATH}|${BACKUP_FILE}|${CURRENT_COMMIT}" >> "./backups/deploy_history.log"
+
         # Keep only last 10 backups
         ls -t ./backups/*.db | tail -n +11 | xargs -r rm
         echo "🧹 Cleaned old backups (keeping last 10)"
@@ -46,13 +59,13 @@ else
     echo "⚠️  Could not determine database path from config files"
 fi
 
-# Pull latest changes
+# Restic backup to remote repository
-echo "📥 Pulling latest changes from git..."
+./scripts/backup-restic.sh
-git pull
 
-# Fetch all tags
+# Nur neueste Version holen (shallow fetch), vollständiges Repo ist im Deployment nicht nötig
-echo "🏷️  Fetching git tags..."
+echo "📥 Fetching latest commit (shallow clone) from git..."
-git fetch --tags
+git fetch --prune --tags --depth=1 origin master
+git reset --hard origin/master
 
 # Prüfe und erstelle/repariere Netzwerk falls nötig
 echo "🌐 Prüfe Docker-Netzwerk..."

scripts/restore.sh

@@ -0,0 +1,93 @@
+#!/bin/bash
+set -e
+
+echo "🧯 Hördle restore script – Rollback auf früheres Datenbank-Backup"
+
+# Hilfsfunktion für Fehlerausgabe
+die() {
+    echo "❌ $1" >&2
+    exit 1
+}
+
+# Backup-Verzeichnis
+BACKUP_DIR="./backups"
+
+if [ ! -d "$BACKUP_DIR" ]; then
+    die "Kein Backup-Verzeichnis gefunden (${BACKUP_DIR}). Es scheint noch kein Deployment-Backup erstellt worden zu sein."
+fi
+
+# Argument: gewünschter Backup-Timestamp oder 'latest'
+TARGET="$1"
+
+if [ -z "$TARGET" ]; then
+    echo "⚙️  Nutzung:"
+    echo "  ./scripts/restore.sh latest           # neuestes Backup zurückspielen"
+    echo "  ./scripts/restore.sh 20250101_120000  # bestimmtes Backup (Timestamp aus Dateiname)"
+    echo ""
+    echo "Verfügbare Backups:"
+    ls -1 "${BACKUP_DIR}"/*.db 2>/dev/null || echo "  (keine .db-Backups gefunden)"
+    exit 1
+fi
+
+# DB-Pfad wie in deploy.sh bestimmen
+DB_PATH=""
+
+if [ -f "docker-compose.yml" ]; then
+    DB_PATH=$(grep -oP 'DATABASE_URL=file:\K[^\s]+' docker-compose.yml | head -1)
+fi
+
+if [ -z "$DB_PATH" ] && [ -f ".env" ]; then
+    DB_PATH=$(grep -oP '^DATABASE_URL=file:\K.+' .env | head -1)
+fi
+
+DB_PATH=$(echo "$DB_PATH" | tr -d '"' | tr -d "'")
+
+if [ -z "$DB_PATH" ]; then
+    die "Konnte den Datenbank-Pfad aus docker-compose.yml oder .env nicht ermitteln."
+fi
+
+# Containerpfad zu Hostpfad umbauen (/app/... -> ./...)
+DB_PATH=$(echo "$DB_PATH" | sed 's|/app/|./|')
+
+echo "📁 Ziel-Datenbank-Datei: $DB_PATH"
+
+# Backup-Datei bestimmen
+if [ "$TARGET" = "latest" ]; then
+    BACKUP_FILE=$(ls -t "${BACKUP_DIR}"/*.db 2>/dev/null | head -1 || true)
+    [ -z "$BACKUP_FILE" ] && die "Kein Backup gefunden."
+else
+    # Versuchen, exakten Dateinamen zu finden
+    if [ -f "${BACKUP_DIR}/${TARGET}" ]; then
+        BACKUP_FILE="${BACKUP_DIR}/${TARGET}"
+    else
+        # Versuchen, anhand des Timestamps ein Backup zu finden
+        BACKUP_FILE=$(ls "${BACKUP_DIR}"/*"${TARGET}"*.db 2>/dev/null | head -1 || true)
+    fi
+
+    [ -z "$BACKUP_FILE" ] && die "Kein Backup für '${TARGET}' gefunden."
+fi
+
+echo "⏪ Verwende Backup-Datei: $BACKUP_FILE"
+
+if [ ! -f "$BACKUP_FILE" ]; then
+    die "Backup-Datei existiert nicht: $BACKUP_FILE"
+fi
+
+read -p "❗ Dies überschreibt die aktuelle Datenbank-Datei. Fortfahren? [y/N] " CONFIRM
+if [[ ! "$CONFIRM" =~ ^[Yy]$ ]]; then
+    echo "Abgebrochen."
+    exit 0
+fi
+
+echo "📦 Kopiere Backup nach: $DB_PATH"
+cp "$BACKUP_FILE" "$DB_PATH"
+
+echo "🔄 Starte Docker-Container neu..."
+docker compose restart hoerdle
+
+echo "✅ Restore abgeschlossen."
+echo "ℹ️  Hinweis: Der Code-Stand (Git-Commit) ist nicht automatisch zurückgedreht."
+echo "    Falls du auch die App-Version zurückrollen möchtest, checke lokal den passenden Commit/Tag aus"
+echo "    und führe anschließend wieder ./scripts/deploy.sh aus."
+
+