chore: release v0.1.1.17

Docker Compose did not forward the admin whitelist from .env, so production always treated every user as non-admin.

Co-authored-by: Cursor <cursoragent@cursor.com>

.env.example

@@ -36,6 +36,10 @@ ORIGIN=http://localhost:5173
 # Generate: openssl rand -base64 48
 SESSION_SECRET=
 
+# Admin dashboard access — comma-separated list of User IDs (UUIDs)
+# Example: ADMIN_USER_IDS=11111111-2222-3333-4444-555555555555,22222222-3333-4444-5555-666666666666
+ADMIN_USER_IDS=
+
 # Web Push (VAPID) — generate with: npx web-push generate-vapid-keys
 # Public key may also be set on the client as VITE_VAPID_PUBLIC_KEY
 VAPID_PUBLIC_KEY=

VERSION

@@ -1 +1 @@
-0.1.1.13
+0.1.1.18

client/package.json

@@ -13,6 +13,7 @@
     "generate:flyer:png": "node ../scripts/generate-beta-flyer.mjs --png",
     "generate:flyer:all": "node ../scripts/generate-beta-flyer.mjs --all",
     "generate:flyer:setup": "playwright install chromium",
+    "generate:sharepic": "node ../scripts/generate-sharepic.mjs",
     "translate:locales": "node ../scripts/translate-locales.mjs",
     "translate:flyer": "node ../scripts/translate-flyer.mjs",
     "validate:i18n": "node ../scripts/validate-i18n-keys.mjs"

client/src/App.css

@@ -4919,6 +4919,125 @@ html.theme-cupertino .events-scroll-container {
   padding-bottom: 8px;
 }
 
+.admin-page {
+  width: 100%;
+  max-width: 1200px;
+  min-height: 100vh;
+  margin: 0 auto;
+  padding: 24px;
+  box-sizing: border-box;
+  color: var(--app-text);
+  display: flex;
+  flex-direction: column;
+  gap: 24px;
+}
+
+.admin-header {
+  display: flex;
+  align-items: flex-start;
+  justify-content: space-between;
+  gap: 16px;
+  padding-bottom: 16px;
+  border-bottom: 1px solid var(--app-header-border);
+}
+
+.admin-header-left {
+  display: flex;
+  align-items: flex-start;
+  gap: 20px;
+  min-width: 0;
+}
+
+.admin-title {
+  margin: 0;
+  font-size: 24px;
+  font-weight: 700;
+  background: var(--app-accent-gradient);
+  -webkit-background-clip: text;
+  background-clip: text;
+  -webkit-text-fill-color: transparent;
+}
+
+.admin-subtitle {
+  margin: 6px 0 0;
+  font-size: 14px;
+  color: var(--app-text-muted);
+}
+
+.admin-main {
+  display: flex;
+  flex-direction: column;
+  gap: 24px;
+  width: 100%;
+}
+
+.admin-kpi-grid {
+  margin-top: 0;
+  grid-template-columns: repeat(3, minmax(0, 1fr));
+}
+
+.admin-controls {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 24px;
+  padding: 16px 20px;
+  border-radius: var(--app-radius-card);
+  border: 1px solid var(--app-border-subtle);
+  background: var(--app-surface);
+}
+
+.admin-control-group {
+  display: flex;
+  flex-direction: column;
+  gap: 10px;
+  min-width: 0;
+}
+
+.admin-control-label {
+  font-size: 13px;
+  font-weight: 600;
+  color: var(--app-text-muted);
+}
+
+.admin-control-buttons {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 8px;
+}
+
+.admin-control-buttons .btn {
+  width: auto;
+  padding: 8px 16px;
+  font-size: 14px;
+}
+
+.admin-charts-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fit, minmax(min(100%, 320px), 1fr));
+  gap: 20px;
+}
+
+.dashboard-subtitle {
+  margin-top: 4px;
+  font-size: 14px;
+  color: var(--app-text-muted);
+}
+
+@media (max-width: 640px) {
+  .admin-page {
+    padding: 16px;
+  }
+
+  .admin-header-left {
+    flex-direction: column;
+    gap: 12px;
+  }
+
+  .admin-kpi-grid {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+  }
+}
+
 .stats-consumption-chart .stats-bar-column--grouped {
   display: inline-flex;
   white-space: normal;
@@ -5642,6 +5761,48 @@ html.theme-cupertino .events-scroll-container {
   border-color: rgba(255, 94, 91, 0.32);
 }
 
+.mail-footer-badge {
+  display: inline-flex;
+  align-items: center;
+  gap: 4px;
+  padding: 2px 8px;
+  border-radius: 999px;
+  font-size: 13px;
+  font-weight: 500;
+  color: #94a3b8;
+  text-decoration: none;
+  background: rgba(56, 189, 248, 0.08);
+  border: 1px solid rgba(56, 189, 248, 0.18);
+  transition: color 0.15s ease, background 0.15s ease, border-color 0.15s ease;
+}
+
+.mail-footer-badge:hover {
+  color: #bae6fd;
+  background: rgba(56, 189, 248, 0.14);
+  border-color: rgba(56, 189, 248, 0.32);
+}
+
+.knorrlabs-footer-badge {
+  display: inline-flex;
+  align-items: center;
+  gap: 4px;
+  padding: 2px 8px;
+  border-radius: 999px;
+  font-size: 13px;
+  font-weight: 500;
+  color: #94a3b8;
+  text-decoration: none;
+  background: rgba(139, 92, 246, 0.08);
+  border: 1px solid rgba(139, 92, 246, 0.18);
+  transition: color 0.15s ease, background 0.15s ease, border-color 0.15s ease;
+}
+
+.knorrlabs-footer-badge:hover {
+  color: #ddd6fe;
+  background: rgba(139, 92, 246, 0.14);
+  border-color: rgba(139, 92, 246, 0.32);
+}
+
 .demo-badge {
   display: inline-flex;
   align-items: center;

client/src/App.tsx

@@ -36,6 +36,7 @@ import { syncAppearancePrefs } from './services/appearancePrefs.js'
 import { startBackgroundSync, stopBackgroundSync, syncAllLogbooks, subscribeToSyncState } from './services/sync.js'
 import ReadOnlyViewer from './components/ReadOnlyViewer.tsx'
 import DemoViewer from './components/DemoViewer.tsx'
+import AdminDashboard from './admin/AdminDashboard.tsx'
 import PwaInstallPrompt from './components/PwaInstallPrompt.tsx'
 import PwaUpdatePrompt from './components/PwaUpdatePrompt.tsx'
 import AppFooter from './components/AppFooter.tsx'
@@ -49,6 +50,8 @@ import { Ship, LogOut, ChevronLeft, Users, FileText, Settings, Wifi, WifiOff, La
 import DisclaimerHeaderButton from './components/DisclaimerHeaderButton.tsx'
 import FeedbackHeaderButton from './components/FeedbackHeaderButton.tsx'
 import ProfileHeaderButton from './components/ProfileHeaderButton.tsx'
+import AdminHeaderButton from './components/AdminHeaderButton.tsx'
+import { checkAdminAccess } from './services/adminApi.js'
 import { useTranslation } from 'react-i18next'
 import { cycleAppLanguage } from './utils/i18nLanguages.js'
 import {
@@ -92,6 +95,8 @@ function App() {
 
   // Public demo mode (no account required)
   const [isDemoMode, setIsDemoMode] = useState(() => window.location.pathname === '/demo')
+  const [isAdminRoute, setIsAdminRoute] = useState(() => window.location.pathname.startsWith('/admin'))
+  const [isAdminUser, setIsAdminUser] = useState(false)
 
   const syncQueueCount = useLiveQuery(
     () => activeLogbookId ? db.syncQueue.where({ logbookId: activeLogbookId }).count() : db.syncQueue.count(),
@@ -160,14 +165,23 @@ function App() {
     })
   }, [])
 
+  const refreshAdminAccess = useCallback(async () => {
+    const isAdmin = await checkAdminAccess()
+    setIsAdminUser(isAdmin)
+  }, [])
+
   useEffect(() => {
-    if (!isAuthenticated) return
+    if (!isAuthenticated) {
+      setIsAdminUser(false)
+      return
+    }
     const userId = localStorage.getItem('active_userid')
     if (!userId) return
     void syncAppearancePrefs(userId)
     void migrateLegacyCrewToPoolIfNeeded().then(() => syncPersonPool())
     void migrateLegacyYachtsToPoolIfNeeded().then(() => syncVesselPool())
-  }, [isAuthenticated])
+    void refreshAdminAccess()
+  }, [isAuthenticated, refreshAdminAccess])
 
   useEffect(() => {
     const handleOnline = () => {
@@ -199,6 +213,13 @@ function App() {
     const hashParams = new URLSearchParams(window.location.hash.substring(1))
     const path = window.location.pathname
 
+    if (path.startsWith('/admin')) {
+      setIsAdminRoute(true)
+      return
+    }
+
+    setIsAdminRoute(false)
+
     if (path === '/demo') {
       setIsDemoMode(true)
       setIsViewerMode(false)
@@ -240,6 +261,7 @@ function App() {
 
   const clearAuthenticatedAppState = useCallback(() => {
     setIsAuthenticated(false)
+    setIsAdminUser(false)
     setActiveLogbookId(null)
     setActiveLogbookTitle(null)
     setShowUserProfile(false)
@@ -249,7 +271,7 @@ function App() {
 
   /** After PWA/bfcache resume, React state may still say "logged in" while the master key is gone. */
   const enforceUnlockedSession = useCallback(() => {
-    if (isViewerMode || isDemoMode || isAcceptingInvite) return
+    if (isViewerMode || isDemoMode || isAcceptingInvite || isAdminRoute) return
     // Require full local session (incl. userId) so API calls are not left headless.
     if (isAuthenticated && !hasUnlockedLocalSession()) {
       clearAuthenticatedAppState()
@@ -259,6 +281,7 @@ function App() {
     isViewerMode,
     isDemoMode,
     isAcceptingInvite,
+    isAdminRoute,
     clearAuthenticatedAppState
   ])
 
@@ -333,6 +356,14 @@ function App() {
     setIsAcceptingInvite(false)
   }, [])
 
+  const openAdmin = useCallback(() => {
+    window.history.pushState({}, document.title, '/admin')
+    setIsAdminRoute(true)
+    setIsDemoMode(false)
+    setIsViewerMode(false)
+    setIsAcceptingInvite(false)
+  }, [])
+
   const selectLogbook = useCallback((id: string, title: string) => {
     setActiveLogbookId(id)
     setActiveLogbookTitle(title)
@@ -497,6 +528,7 @@ function App() {
     if (!(await confirmLeave())) return
     void logoutUser()
     setIsAuthenticated(false)
+    setIsAdminUser(false)
     setActiveLogbookId(null)
     setActiveLogbookTitle(null)
     setShowUserProfile(false)
@@ -524,6 +556,28 @@ function App() {
     syncRouteFromLocation()
   }
 
+  const handleBackFromAdmin = () => {
+    window.history.replaceState({}, document.title, '/')
+    setIsAdminRoute(false)
+    syncRouteFromLocation()
+  }
+
+  if (isAdminRoute) {
+    if (!isAuthenticated) {
+      return (
+        <div className="auth-screen">
+          <AuthOnboarding onAuthenticated={handleAuthenticated} onOpenDemo={openDemo} />
+        </div>
+      )
+    }
+
+    return (
+      <div style={{ display: 'contents' }}>
+        <AdminDashboard onBack={handleBackFromAdmin} />
+      </div>
+    )
+  }
+
   if (isDemoMode) {
     return (
       <div style={{ display: 'contents' }}>
@@ -597,6 +651,7 @@ function App() {
           onSelectLogbook={selectLogbook}
           onLogout={handleLogout}
           onOpenProfile={() => setShowUserProfile(true)}
+          onOpenAdmin={isAdminUser ? openAdmin : undefined}
         />
       </div>
     )
@@ -647,6 +702,8 @@ function App() {
               <Languages size={18} />
             </button>
 
+            {isAdminUser && <AdminHeaderButton onClick={openAdmin} />}
+
             <ProfileHeaderButton onClick={() => setShowUserProfile(true)} />
 
             <DisclaimerHeaderButton />

client/src/admin/AdminDashboard.tsx

@@ -0,0 +1,240 @@
+import { useEffect, useState, type ReactNode } from 'react'
+import {
+  fetchAdminMe,
+  fetchAdminSummary,
+  fetchAdminTimeSeries,
+  type AdminSummary,
+  type AdminTimeSeriesResponse,
+  type AdminTimeBucket
+} from '../services/adminApi.js'
+import { BarChart2, Bookmark, ChevronLeft, Image, MapPin, Mic, Users } from 'lucide-react'
+
+function formatNumber(value: number): string {
+  return value.toLocaleString()
+}
+
+function KpiCard({
+  icon,
+  label,
+  value
+}: {
+  icon: ReactNode
+  label: string
+  value: number
+}) {
+  return (
+    <div className="stats-kpi-card glass">
+      <div className="stats-kpi-icon">{icon}</div>
+      <div className="stats-kpi-body">
+        <span className="stats-kpi-label">{label}</span>
+        <span className="stats-kpi-value">{formatNumber(value)}</span>
+      </div>
+    </div>
+  )
+}
+
+function TimeSeriesChart({
+  title,
+  seriesKey,
+  data
+}: {
+  title: string
+  seriesKey: string
+  data: AdminTimeSeriesResponse | null
+}) {
+  if (!data) {
+    return null
+  }
+
+  const metric = data.series.find((s) => s.metric === seriesKey)
+  if (!metric || metric.points.length === 0) {
+    return (
+      <div className="form-card glass">
+        <div className="form-header">
+          <BarChart2 className="form-icon" />
+          <h2>{title}</h2>
+        </div>
+        <p className="dashboard-status-msg">Keine Daten im gewählten Zeitraum.</p>
+      </div>
+    )
+  }
+
+  const max = metric.points.reduce((acc, p) => (p.count > acc ? p.count : acc), 0) || 1
+
+  return (
+    <div className="form-card glass">
+      <div className="form-header">
+        <BarChart2 className="form-icon" />
+        <h2>{title}</h2>
+      </div>
+      <div className="stats-bar-chart" role="img" aria-label={title}>
+        {metric.points.map((point) => {
+          const heightPct = Math.max(2, (point.count / max) * 100)
+          return (
+            <div key={point.date} className="stats-bar-column" title={`${point.date}: ${point.count}`}>
+              <span className="stats-bar-value">{point.count > 0 ? String(point.count) : ''}</span>
+              <div className="stats-bar-track">
+                <div className="stats-bar stats-bar--distance" style={{ height: `${heightPct}%` }} />
+              </div>
+              <span className="stats-bar-label">{point.date.slice(5)}</span>
+            </div>
+          )
+        })}
+      </div>
+    </div>
+  )
+}
+
+interface AdminDashboardProps {
+  onBack: () => void
+}
+
+export default function AdminDashboard({ onBack }: AdminDashboardProps) {
+  const [loading, setLoading] = useState(true)
+  const [error, setError] = useState<string | null>(null)
+  const [summary, setSummary] = useState<AdminSummary | null>(null)
+  const [timeSeries, setTimeSeries] = useState<AdminTimeSeriesResponse | null>(null)
+  const [bucket, setBucket] = useState<AdminTimeBucket>('day')
+  const [windowDays, setWindowDays] = useState(90)
+
+  useEffect(() => {
+    let cancelled = false
+
+    async function load() {
+      try {
+        setLoading(true)
+        setError(null)
+
+        await fetchAdminMe()
+        const [summaryRes, tsRes] = await Promise.all([
+          fetchAdminSummary(),
+          fetchAdminTimeSeries({ bucket, windowDays })
+        ])
+
+        if (!cancelled) {
+          setSummary(summaryRes)
+          setTimeSeries(tsRes)
+        }
+      } catch (err: unknown) {
+        if (!cancelled) {
+          const message =
+            err instanceof Error && err.message ? err.message : 'Fehler beim Laden des Admin-Dashboards'
+          setError(message)
+        }
+      } finally {
+        if (!cancelled) {
+          setLoading(false)
+        }
+      }
+    }
+
+    void load()
+
+    return () => {
+      cancelled = true
+    }
+  }, [bucket, windowDays])
+
+  if (loading && !summary) {
+    return (
+      <div className="admin-page">
+        <p className="dashboard-status-msg">Admin-Dashboard wird geladen…</p>
+      </div>
+    )
+  }
+
+  if (error) {
+    return (
+      <div className="admin-page">
+        <header className="admin-header">
+          <button type="button" className="btn-back" onClick={onBack}>
+            <ChevronLeft size={16} />
+            Zur App
+          </button>
+        </header>
+        <p className="dashboard-status-msg">{error}</p>
+      </div>
+    )
+  }
+
+  if (!summary) {
+    return (
+      <div className="admin-page">
+        <p className="dashboard-status-msg">Keine Admin-Daten verfügbar.</p>
+      </div>
+    )
+  }
+
+  return (
+    <div className="admin-page">
+      <header className="admin-header">
+        <div className="admin-header-left">
+          <button type="button" className="btn-back" onClick={onBack}>
+            <ChevronLeft size={16} />
+            Zur App
+          </button>
+          <div>
+            <h1 className="admin-title">Admin-Dashboard</h1>
+            <p className="admin-subtitle">
+              Übersicht über Nutzung und Wachstum von Kapteins Daagbok.
+            </p>
+          </div>
+        </div>
+      </header>
+
+      <main className="admin-main">
+        <section className="stats-kpi-grid admin-kpi-grid">
+          <KpiCard icon={<Users size={20} />} label="Registrierte Benutzer" value={summary.totalUsers} />
+          <KpiCard icon={<Bookmark size={20} />} label="Logbücher" value={summary.totalLogbooks} />
+          <KpiCard icon={<Image size={20} />} label="Fotos" value={summary.totalPhotos} />
+          <KpiCard icon={<Mic size={20} />} label="Sprachmemos" value={summary.totalVoiceMemos} />
+          <KpiCard icon={<MapPin size={20} />} label="GPS-Tracks" value={summary.totalGpsTracks} />
+          <KpiCard
+            icon={<BarChart2 size={20} />}
+            label="Einträge mit AI-Zusammenfassung"
+            value={summary.aiSummaryEntries}
+          />
+        </section>
+
+        <section className="admin-controls">
+          <div className="admin-control-group">
+            <span className="admin-control-label">Zeitraum</span>
+            <div className="admin-control-buttons">
+              {[30, 90, 365].map((days) => (
+                <button
+                  key={days}
+                  type="button"
+                  className={days === windowDays ? 'btn primary' : 'btn secondary'}
+                  onClick={() => setWindowDays(days)}
+                >
+                  {days} Tage
+                </button>
+              ))}
+            </div>
+          </div>
+          <div className="admin-control-group">
+            <span className="admin-control-label">Aggregation</span>
+            <div className="admin-control-buttons">
+              {(['day', 'week', 'month'] as AdminTimeBucket[]).map((b) => (
+                <button
+                  key={b}
+                  type="button"
+                  className={b === bucket ? 'btn primary' : 'btn secondary'}
+                  onClick={() => setBucket(b)}
+                >
+                  {b === 'day' ? 'Tag' : b === 'week' ? 'Woche' : 'Monat'}
+                </button>
+              ))}
+            </div>
+          </div>
+        </section>
+
+        <section className="admin-charts-grid">
+          <TimeSeriesChart title="Neue Benutzer" seriesKey="users_created" data={timeSeries} />
+          <TimeSeriesChart title="Neue Logbücher" seriesKey="logbooks_created" data={timeSeries} />
+          <TimeSeriesChart title="Foto-Aktivität" seriesKey="photos_updated" data={timeSeries} />
+        </section>
+      </main>
+    </div>
+  )
+}

client/src/components/AdminHeaderButton.tsx

@@ -0,0 +1,23 @@
+import { useTranslation } from 'react-i18next'
+import { LayoutDashboard } from 'lucide-react'
+
+interface AdminHeaderButtonProps {
+  onClick: () => void
+}
+
+export default function AdminHeaderButton({ onClick }: AdminHeaderButtonProps) {
+  const { t } = useTranslation()
+
+  return (
+    <button
+      type="button"
+      className="btn-icon skipper-badge"
+      onClick={onClick}
+      title={t('nav.admin')}
+      aria-label={t('nav.admin')}
+    >
+      <LayoutDashboard size={18} aria-hidden="true" />
+      <span className="skipper-badge__name">{t('nav.admin')}</span>
+    </button>
+  )
+}

client/src/components/AppFooter.tsx

@@ -1,4 +1,4 @@
-import { Coffee } from 'lucide-react'
+import { Coffee, Mail, Compass } from 'lucide-react'
 import { useTranslation } from 'react-i18next'
 import { PlausibleEvents, trackPlausibleEvent } from '../services/analytics.js'
 
@@ -15,17 +15,35 @@ export default function AppFooter() {
         ·
       </span>
       <span className="app-version-footer__copyright">
-        © 2026 KnorrLabs/
-        <a
-          href="mailto:moin@kapteins-daagbok.eu"
-          onClick={() => trackPlausibleEvent(PlausibleEvents.FOOTER_LINK_CLICKED)}
-        >
-          Markus F.J. Busche
-        </a>
+        © 2026
       </span>
       <span className="app-version-footer__sep" aria-hidden="true">
         ·
       </span>
+      <a
+        className="knorrlabs-footer-badge"
+        href="https://dashy.elpatron.me/"
+        target="_blank"
+        rel="noopener noreferrer"
+        onClick={() => trackPlausibleEvent(PlausibleEvents.FOOTER_LINK_CLICKED)}
+      >
+        <Compass size={14} aria-hidden="true" />
+        <span>KnorrLabs</span>
+      </a>
+      <span className="app-version-footer__sep" aria-hidden="true">
+        ·
+      </span>
+      <a
+        className="mail-footer-badge"
+        href="mailto:moin@kapteins-daagbok.eu"
+        onClick={() => trackPlausibleEvent(PlausibleEvents.FOOTER_LINK_CLICKED)}
+      >
+        <Mail size={14} aria-hidden="true" />
+        <span>moin@kapteins-daagbok.eu</span>
+      </a>
+      <span className="app-version-footer__sep" aria-hidden="true">
+        ·
+      </span>
       <a
         className="kofi-footer-badge"
         href={KOFI_URL}

client/src/components/LogbookDashboard.tsx

@@ -15,11 +15,13 @@ import { BookOpen, Plus, Trash2, LogOut, Languages, RefreshCw, Ship, Wifi, WifiO
 import DisclaimerHeaderButton from './DisclaimerHeaderButton.tsx'
 import FeedbackHeaderButton from './FeedbackHeaderButton.tsx'
 import ProfileHeaderButton from './ProfileHeaderButton.tsx'
+import AdminHeaderButton from './AdminHeaderButton.tsx'
 
 interface LogbookDashboardProps {
   onSelectLogbook: (id: string, title: string) => void
   onLogout: () => void
   onOpenProfile: () => void
+  onOpenAdmin?: () => void
 }
 
 type LogbookSortKey = 'name' | 'date'
@@ -42,7 +44,7 @@ function sortLogbooks(
   return sorted
 }
 
-export default function LogbookDashboard({ onSelectLogbook, onLogout, onOpenProfile }: LogbookDashboardProps) {
+export default function LogbookDashboard({ onSelectLogbook, onLogout, onOpenProfile, onOpenAdmin }: LogbookDashboardProps) {
   const { t, i18n } = useTranslation()
   const { showConfirm } = useDialog()
   const [logbooks, setLogbooks] = useState<DecryptedLogbook[]>([])
@@ -388,6 +390,8 @@ export default function LogbookDashboard({ onSelectLogbook, onLogout, onOpenProf
 
           <ProfileHeaderButton onClick={onOpenProfile} />
 
+          {onOpenAdmin && <AdminHeaderButton onClick={onOpenAdmin} />}
+
           {/* Lang toggle */}
           <button className="btn-icon" onClick={toggleLanguage} title="Switch Language">
             <Languages size={18} />

client/src/i18n/locales/da.json

@@ -43,7 +43,8 @@
       "deviation": "Tabel over distraktioner",
       "logs": "Indlæg i logbogen",
       "stats": "Statistik",
-      "settings": "Indstillinger"
+      "settings": "Indstillinger",
+      "admin": "Admin"
     },
     "auth": {
       "welcome": "Velkommen til Kapteins Daagbok.",

client/src/i18n/locales/de.json

@@ -43,7 +43,8 @@
       "deviation": "Ablenkungstabelle",
       "logs": "Logbucheinträge",
       "stats": "Statistik",
-      "settings": "Einstellungen"
+      "settings": "Einstellungen",
+      "admin": "Admin"
     },
     "auth": {
       "welcome": "Willkommen bei Kapteins Daagbok",

client/src/i18n/locales/en.json

@@ -43,7 +43,8 @@
       "deviation": "Deviation Table",
       "logs": "Logbook Entries",
       "stats": "Statistics",
-      "settings": "Settings"
+      "settings": "Settings",
+      "admin": "Admin"
     },
     "auth": {
       "welcome": "Welcome to Kapteins Daagbok",

client/src/i18n/locales/nb.json

@@ -43,7 +43,8 @@
       "deviation": "Tabell over distraksjoner",
       "logs": "Loggbokoppføringer",
       "stats": "Statistikk",
-      "settings": "Innstillinger"
+      "settings": "Innstillinger",
+      "admin": "Admin"
     },
     "auth": {
       "welcome": "Velkommen til Kapteins Daagbok",

client/src/i18n/locales/sv.json

@@ -43,7 +43,8 @@
       "deviation": "Distraktionsbord",
       "logs": "Loggboksanteckningar",
       "stats": "Statistik",
-      "settings": "Inställningar"
+      "settings": "Inställningar",
+      "admin": "Admin"
     },
     "auth": {
       "welcome": "Välkommen till Kapteins Daagbok",

client/src/services/adminApi.ts

@@ -0,0 +1,74 @@
+import { ApiError, apiJson } from './api.js'
+
+const ADMIN_BASE = '/api/admin'
+
+export interface AdminMe {
+  isAdmin: boolean
+  userId: string
+}
+
+export interface AdminSummary {
+  totalUsers: number
+  totalLogbooks: number
+  totalPhotos: number
+  totalVoiceMemos: number
+  totalGpsTracks: number
+  totalCollaborations: number
+  totalInvitations: number
+  aiSummaryEntries: number
+}
+
+export type AdminTimeBucket = 'day' | 'week' | 'month'
+
+export interface AdminTimeSeriesPoint {
+  date: string
+  count: number
+}
+
+export interface AdminTimeSeriesMetric {
+  metric: string
+  points: AdminTimeSeriesPoint[]
+}
+
+export interface AdminTimeSeriesResponse {
+  bucket: AdminTimeBucket
+  windowDays: number
+  series: AdminTimeSeriesMetric[]
+}
+
+export async function fetchAdminMe(): Promise<AdminMe> {
+  return await apiJson<AdminMe>(`${ADMIN_BASE}/me`)
+}
+
+/** Returns true only for users listed in server ADMIN_USER_IDS. */
+export async function checkAdminAccess(): Promise<boolean> {
+  try {
+    await fetchAdminMe()
+    return true
+  } catch (err) {
+    if (err instanceof ApiError && (err.status === 401 || err.status === 403)) {
+      return false
+    }
+    return false
+  }
+}
+
+export async function fetchAdminSummary(): Promise<AdminSummary> {
+  return await apiJson<AdminSummary>(`${ADMIN_BASE}/summary`)
+}
+
+export async function fetchAdminTimeSeries(
+  params: { bucket?: AdminTimeBucket; windowDays?: number } = {}
+): Promise<AdminTimeSeriesResponse> {
+  const search = new URLSearchParams()
+  if (params.bucket) {
+    search.set('bucket', params.bucket)
+  }
+  if (params.windowDays && Number.isFinite(params.windowDays)) {
+    search.set('window', String(params.windowDays))
+  }
+  const query = search.toString()
+  const url = query ? `${ADMIN_BASE}/timeseries?${query}` : `${ADMIN_BASE}/timeseries`
+  return await apiJson<AdminTimeSeriesResponse>(url)
+}
+

docker-compose.yml

@@ -35,6 +35,7 @@ services:
       OpenRouterAPIKey: ${OpenRouterAPIKey:-}
       OpenRouterModel: ${OpenRouterModel:-anthropic/claude-3.5-haiku}
       SESSION_SECRET: ${SESSION_SECRET:-}
+      ADMIN_USER_IDS: ${ADMIN_USER_IDS:-}
       NTFY_SERVER: ${NTFY_SERVER:-https://ntfy.sh}
       NTFY_TOPIC: ${NTFY_TOPIC:-}
       NTFY_TOKEN: ${NTFY_TOKEN:-}

docs/marketing/sharepic-portrait.html

@@ -0,0 +1,318 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+  <meta charset="UTF-8" />
+  <title>Kapteins Daagbok — Sharepic (Portrait)</title>
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  <link href="https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:wght@400;500;600;700;800&display=swap" rel="stylesheet">
+  <style>
+    * {
+      box-sizing: border-box;
+      margin: 0;
+      padding: 0;
+    }
+
+    body {
+      width: 1080px;
+      height: 1920px;
+      font-family: 'Plus Jakarta Sans', sans-serif;
+      color: #e2e8f0;
+      background: #0f172a;
+      overflow: hidden;
+      display: flex;
+      flex-direction: column;
+      justify-content: space-between;
+      align-items: center;
+      padding: 100px 80px;
+      background:
+        radial-gradient(circle at 50% 10%, rgba(56, 189, 248, 0.18) 0%, transparent 45%),
+        radial-gradient(circle at 50% 90%, rgba(134, 59, 255, 0.22) 0%, transparent 45%),
+        linear-gradient(180deg, #090d16 0%, #111827 50%, #090d16 100%);
+      position: relative;
+    }
+
+    /* Subtle background grid pattern */
+    body::after {
+      content: "";
+      position: absolute;
+      inset: 0;
+      background-image: linear-gradient(rgba(148, 163, 184, 0.03) 1px, transparent 1px),
+                        linear-gradient(90deg, rgba(148, 163, 184, 0.03) 1px, transparent 1px);
+      background-size: 40px 40px;
+      pointer-events: none;
+      z-index: 0;
+    }
+
+    /* Outer border */
+    .outer-border {
+      position: absolute;
+      inset: 40px;
+      border: 1px solid rgba(148, 163, 184, 0.1);
+      border-radius: 30px;
+      pointer-events: none;
+      z-index: 1;
+    }
+
+    .brand {
+      display: flex;
+      flex-direction: column;
+      align-items: center;
+      gap: 30px;
+      z-index: 2;
+      text-align: center;
+      margin-top: 40px;
+    }
+
+    .logo {
+      width: 140px;
+      height: 140px;
+      object-fit: contain;
+      filter: drop-shadow(0 8px 24px rgba(56, 189, 248, 0.3));
+    }
+
+    .title-group h1 {
+      font-size: 64px;
+      font-weight: 800;
+      letter-spacing: -0.03em;
+      color: #ffffff;
+      line-height: 1.1;
+      background: linear-gradient(135deg, #ffffff 60%, #94a3b8 100%);
+      -webkit-background-clip: text;
+      background-clip: text;
+      -webkit-text-fill-color: transparent;
+    }
+
+    .title-group p {
+      font-size: 26px;
+      color: #38bdf8;
+      font-weight: 600;
+      margin-top: 8px;
+      letter-spacing: -0.01em;
+    }
+
+    .main-content {
+      width: 100%;
+      display: flex;
+      flex-direction: column;
+      gap: 50px;
+      z-index: 2;
+    }
+
+    .intro-text {
+      font-size: 26px;
+      line-height: 1.6;
+      color: #cbd5e1;
+      font-weight: 400;
+      text-align: center;
+      padding: 0 20px;
+    }
+
+    .intro-text strong {
+      color: #ffffff;
+      font-weight: 600;
+    }
+
+    .features-card {
+      background: rgba(30, 41, 59, 0.45);
+      backdrop-filter: blur(16px);
+      -webkit-backdrop-filter: blur(16px);
+      border: 1px solid rgba(255, 255, 255, 0.08);
+      border-radius: 24px;
+      padding: 50px 60px;
+      box-shadow: 0 30px 60px rgba(0, 0, 0, 0.4);
+      position: relative;
+    }
+
+    .features-card::before {
+      content: "";
+      position: absolute;
+      inset: 0;
+      border-radius: 24px;
+      padding: 1px;
+      background: linear-gradient(to bottom, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0.02));
+      -webkit-mask: linear-gradient(#fff 0 0) content-box, linear-gradient(#fff 0 0);
+      mask: linear-gradient(#fff 0 0) content-box, linear-gradient(#fff 0 0);
+      -webkit-mask-composite: xor;
+      mask-composite: exclude;
+      pointer-events: none;
+    }
+
+    .card-title {
+      font-size: 20px;
+      font-weight: 700;
+      text-transform: uppercase;
+      letter-spacing: 0.08em;
+      color: #94a3b8;
+      margin-bottom: 35px;
+      display: flex;
+      align-items: center;
+      gap: 12px;
+    }
+
+    .card-title::after {
+      content: "";
+      flex: 1;
+      height: 1px;
+      background: rgba(148, 163, 184, 0.15);
+    }
+
+    .badge-premium {
+      background: linear-gradient(135deg, #fbbf24 0%, #f59e0b 100%);
+      color: #1e293b;
+      font-size: 16px;
+      font-weight: 800;
+      text-transform: uppercase;
+      letter-spacing: 0.1em;
+      padding: 6px 14px;
+      border-radius: 8px;
+    }
+
+    .features-list {
+      display: flex;
+      flex-direction: column;
+      gap: 30px;
+      list-style: none;
+    }
+
+    .feature-item {
+      display: flex;
+      align-items: flex-start;
+      gap: 20px;
+      font-size: 24px;
+      line-height: 1.4;
+      color: #cbd5e1;
+      font-weight: 500;
+    }
+
+    .feature-icon {
+      color: #38bdf8;
+      font-size: 26px;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      margin-top: 3px;
+      text-shadow: 0 0 10px rgba(56, 189, 248, 0.6);
+    }
+
+    .bottom-section {
+      width: 100%;
+      display: flex;
+      flex-direction: column;
+      align-items: center;
+      gap: 50px;
+      z-index: 2;
+      margin-bottom: 40px;
+    }
+
+    .cta-container {
+      display: flex;
+      flex-direction: column;
+      align-items: center;
+      gap: 30px;
+    }
+
+    .cta-badge {
+      background: linear-gradient(135deg, #38bdf8 0%, #0284c7 100%);
+      color: #0f172a;
+      font-size: 32px;
+      font-weight: 800;
+      padding: 20px 45px;
+      border-radius: 16px;
+      letter-spacing: -0.02em;
+      box-shadow: 0 10px 30px rgba(56, 189, 248, 0.25);
+    }
+
+    .qr-code {
+      width: 160px;
+      height: 160px;
+      background: #ffffff;
+      padding: 10px;
+      border-radius: 16px;
+      box-shadow: 0 10px 30px rgba(0, 0, 0, 0.3);
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+
+    .qr-code img {
+      width: 100%;
+      height: 100%;
+      object-fit: contain;
+    }
+
+    footer {
+      font-size: 18px;
+      color: #64748b;
+      text-align: center;
+    }
+
+    footer strong {
+      color: #94a3b8;
+      font-weight: 600;
+    }
+  </style>
+</head>
+<body>
+  <div class="outer-border"></div>
+  
+  <div class="brand">
+    <img class="logo" src="../../client/public/logo.png" alt="Kapteins Daagbok" />
+    <div class="title-group">
+      <h1>Kapteins Daagbok</h1>
+      <p>Digitales Yacht-Logbuch</p>
+    </div>
+  </div>
+
+  <div class="main-content">
+    <p class="intro-text">
+      Führe dein Bordlogbuch modern & digital: Reisetage, GPS-Tracks, Crew- und Schiffsdaten — 
+      <strong>Ende-zu-Ende-verschlüsselt</strong>, als App installierbar und <strong>auch offline</strong> auf See nutzbar.
+    </p>
+
+    <div class="features-card">
+      <div class="card-title">Top Features <span class="badge-premium">Kostenlos & Werbefrei</span></div>
+      <ul class="features-list">
+        <li class="feature-item">
+          <span class="feature-icon">✦</span>
+          <span>Nautisches Logbuch-Format & Streckenstatistik</span>
+        </li>
+        <li class="feature-item">
+          <span class="feature-icon">✦</span>
+          <span>Offline-first PWA — läuft auf allen Smartphones & Tablets</span>
+        </li>
+        <li class="feature-item">
+          <span class="feature-icon">✦</span>
+          <span>Ende-zu-Ende Verschlüsselung (Zero-Knowledge)</span>
+        </li>
+        <li class="feature-item">
+          <span class="feature-icon">✦</span>
+          <span>Einfache passwortlose Passkey-Anmeldung</span>
+        </li>
+        <li class="feature-item">
+          <span class="feature-icon">✦</span>
+          <span>GPS-Track-Upload & automatische NMEA-Erfassung</span>
+        </li>
+        <li class="feature-item">
+          <span class="feature-icon">✦</span>
+          <span>Crew-Einladung zur gemeinsamen Logbuch-Arbeit</span>
+        </li>
+      </ul>
+    </div>
+  </div>
+
+  <div class="bottom-section">
+    <div class="cta-container">
+      <div class="cta-badge">
+        kapteins-daagbok.eu
+      </div>
+      <div class="qr-code">
+        <img src="assets/qr-kapteins-daagbok.eu.png" alt="QR Code" />
+      </div>
+    </div>
+    <footer>
+      <strong>Kapteins Daagbok</strong> ist ein werbefreies, privates Hobbyprojekt.
+    </footer>
+  </div>
+</body>
+</html>

docs/marketing/sharepic.html

@@ -0,0 +1,320 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+  <meta charset="UTF-8" />
+  <title>Kapteins Daagbok — Sharepic</title>
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  <link href="https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:wght@400;500;600;700;800&display=swap" rel="stylesheet">
+  <style>
+    * {
+      box-sizing: border-box;
+      margin: 0;
+      padding: 0;
+    }
+
+    body {
+      width: 1200px;
+      height: 630px;
+      font-family: 'Plus Jakarta Sans', sans-serif;
+      color: #e2e8f0;
+      background: #0f172a;
+      overflow: hidden;
+      display: flex;
+      flex-direction: column;
+      justify-content: space-between;
+      padding: 60px 80px;
+      background:
+        radial-gradient(circle at 90% 10%, rgba(56, 189, 248, 0.15) 0%, transparent 45%),
+        radial-gradient(circle at 10% 90%, rgba(134, 59, 255, 0.18) 0%, transparent 45%),
+        linear-gradient(165deg, #090d16 0%, #111827 50%, #090d16 100%);
+      position: relative;
+    }
+
+    /* Subtle background grid pattern */
+    body::after {
+      content: "";
+      position: absolute;
+      inset: 0;
+      background-image: linear-gradient(rgba(148, 163, 184, 0.03) 1px, transparent 1px),
+                        linear-gradient(90deg, rgba(148, 163, 184, 0.03) 1px, transparent 1px);
+      background-size: 40px 40px;
+      pointer-events: none;
+      z-index: 0;
+    }
+
+    /* Outer border */
+    .outer-border {
+      position: absolute;
+      inset: 30px;
+      border: 1px solid rgba(148, 163, 184, 0.1);
+      border-radius: 20px;
+      pointer-events: none;
+      z-index: 1;
+    }
+
+    .content-wrapper {
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      height: 100%;
+      width: 100%;
+      z-index: 2;
+      position: relative;
+      gap: 50px;
+    }
+
+    .left-col {
+      flex: 1.1;
+      display: flex;
+      flex-direction: column;
+      justify-content: center;
+      gap: 30px;
+    }
+
+    .brand {
+      display: flex;
+      align-items: center;
+      gap: 20px;
+    }
+
+    .logo {
+      width: 80px;
+      height: 80px;
+      object-fit: contain;
+      filter: drop-shadow(0 4px 12px rgba(56, 189, 248, 0.3));
+    }
+
+    .title-group h1 {
+      font-size: 44px;
+      font-weight: 800;
+      letter-spacing: -0.03em;
+      color: #ffffff;
+      line-height: 1.1;
+      background: linear-gradient(135deg, #ffffff 60%, #94a3b8 100%);
+      -webkit-background-clip: text;
+      background-clip: text;
+      -webkit-text-fill-color: transparent;
+    }
+
+    .title-group p {
+      font-size: 18px;
+      color: #38bdf8;
+      font-weight: 600;
+      margin-top: 4px;
+      letter-spacing: -0.01em;
+    }
+
+    .intro-text {
+      font-size: 20px;
+      line-height: 1.6;
+      color: #cbd5e1;
+      font-weight: 400;
+    }
+
+    .intro-text strong {
+      color: #ffffff;
+      font-weight: 600;
+    }
+
+    .cta-container {
+      display: flex;
+      align-items: center;
+      gap: 20px;
+    }
+
+    .cta-badge {
+      background: linear-gradient(135deg, #38bdf8 0%, #0284c7 100%);
+      color: #0f172a;
+      font-size: 22px;
+      font-weight: 800;
+      padding: 14px 28px;
+      border-radius: 12px;
+      letter-spacing: -0.02em;
+      box-shadow: 0 4px 20px rgba(56, 189, 248, 0.25);
+    }
+
+    .qr-code {
+      width: 60px;
+      height: 60px;
+      background: #ffffff;
+      padding: 4px;
+      border-radius: 8px;
+      box-shadow: 0 4px 15px rgba(0, 0, 0, 0.2);
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+
+    .qr-code img {
+      width: 100%;
+      height: 100%;
+      object-fit: contain;
+    }
+
+    .right-col {
+      flex: 0.9;
+      display: flex;
+      flex-direction: column;
+      justify-content: center;
+    }
+
+    .features-card {
+      background: rgba(30, 41, 59, 0.45);
+      backdrop-filter: blur(16px);
+      -webkit-backdrop-filter: blur(16px);
+      border: 1px solid rgba(255, 255, 255, 0.08);
+      border-radius: 20px;
+      padding: 35px;
+      box-shadow: 0 20px 40px rgba(0, 0, 0, 0.3);
+      position: relative;
+    }
+
+    .features-card::before {
+      content: "";
+      position: absolute;
+      inset: 0;
+      border-radius: 20px;
+      padding: 1px;
+      background: linear-gradient(to bottom, rgba(255, 255, 255, 0.1), rgba(255, 255, 255, 0.02));
+      -webkit-mask: linear-gradient(#fff 0 0) content-box, linear-gradient(#fff 0 0);
+      mask: linear-gradient(#fff 0 0) content-box, linear-gradient(#fff 0 0);
+      -webkit-mask-composite: xor;
+      mask-composite: exclude;
+      pointer-events: none;
+    }
+
+    .features-list {
+      display: flex;
+      flex-direction: column;
+      gap: 18px;
+      list-style: none;
+    }
+
+    .feature-item {
+      display: flex;
+      align-items: flex-start;
+      gap: 14px;
+      font-size: 16px;
+      line-height: 1.4;
+      color: #cbd5e1;
+      font-weight: 500;
+    }
+
+    .feature-icon {
+      color: #38bdf8;
+      font-size: 18px;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      margin-top: 2px;
+      text-shadow: 0 0 8px rgba(56, 189, 248, 0.6);
+    }
+
+    .badge-premium {
+      background: linear-gradient(135deg, #fbbf24 0%, #f59e0b 100%);
+      color: #1e293b;
+      font-size: 12px;
+      font-weight: 800;
+      text-transform: uppercase;
+      letter-spacing: 0.1em;
+      padding: 4px 10px;
+      border-radius: 6px;
+      margin-left: auto;
+    }
+
+    .card-title {
+      font-size: 14px;
+      font-weight: 700;
+      text-transform: uppercase;
+      letter-spacing: 0.08em;
+      color: #94a3b8;
+      margin-bottom: 20px;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+
+    .card-title::after {
+      content: "";
+      flex: 1;
+      height: 1px;
+      background: rgba(148, 163, 184, 0.15);
+    }
+
+    footer {
+      position: absolute;
+      bottom: 45px;
+      left: 80px;
+      font-size: 12px;
+      color: #64748b;
+      z-index: 2;
+    }
+
+    footer strong {
+      color: #94a3b8;
+      font-weight: 600;
+    }
+  </style>
+</head>
+<body>
+  <div class="outer-border"></div>
+  <div class="content-wrapper">
+    <div class="left-col">
+      <div class="brand">
+        <img class="logo" src="../../client/public/logo.png" alt="Kapteins Daagbok" />
+        <div class="title-group">
+          <h1>Kapteins Daagbok</h1>
+          <p>Digitales Yacht-Logbuch</p>
+        </div>
+      </div>
+      <p class="intro-text">
+        Führe dein Bordlogbuch modern & digital: Reisetage, GPS-Tracks, Crew- und Schiffsdaten — 
+        <strong>Ende-zu-Ende-verschlüsselt</strong>, als App installierbar und <strong>auch offline</strong> auf See nutzbar.
+      </p>
+      <div class="cta-container">
+        <div class="cta-badge">
+          kapteins-daagbok.eu
+        </div>
+        <div class="qr-code">
+          <img src="assets/qr-kapteins-daagbok.eu.png" alt="QR Code" />
+        </div>
+      </div>
+    </div>
+    <div class="right-col">
+      <div class="features-card">
+        <div class="card-title">Top Features <span class="badge-premium">Kostenlos & Werbefrei</span></div>
+        <ul class="features-list">
+          <li class="feature-item">
+            <span class="feature-icon">✦</span>
+            <span>Nautisches Logbuch-Format & Streckenstatistik</span>
+          </li>
+          <li class="feature-item">
+            <span class="feature-icon">✦</span>
+            <span>Offline-first PWA — läuft auf allen Smartphones & Tablets</span>
+          </li>
+          <li class="feature-item">
+            <span class="feature-icon">✦</span>
+            <span>Ende-zu-Ende Verschlüsselung (Zero-Knowledge)</span>
+          </li>
+          <li class="feature-item">
+            <span class="feature-icon">✦</span>
+            <span>Einfache passwortlose Passkey-Anmeldung</span>
+          </li>
+          <li class="feature-item">
+            <span class="feature-icon">✦</span>
+            <span>GPS-Track-Upload & automatische NMEA-Erfassung</span>
+          </li>
+          <li class="feature-item">
+            <span class="feature-icon">✦</span>
+            <span>Crew-Einladung zur gemeinsamen Logbuch-Arbeit</span>
+          </li>
+        </ul>
+      </div>
+    </div>
+  </div>
+  <footer>
+    <strong>Kapteins Daagbok</strong> ist ein werbefreies, privates Hobbyprojekt.
+  </footer>
+</body>
+</html>

scripts/generate-sharepic.mjs

@@ -0,0 +1,95 @@
+#!/usr/bin/env node
+/**
+ * Generates the sharepic PNGs (landscape & portrait) from HTML files
+ *
+ * Usage:
+ *   node scripts/generate-sharepic.mjs
+ */
+
+import { execSync } from 'node:child_process'
+import { dirname, resolve } from 'node:path'
+import { fileURLToPath, pathToFileURL } from 'node:url'
+import { createRequire } from 'node:module'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+const repoRoot = resolve(__dirname, '..')
+const clientDir = resolve(repoRoot, 'client')
+const marketingDir = resolve(repoRoot, 'docs/marketing')
+
+const require = createRequire(resolve(clientDir, 'package.json'))
+
+function isMissingBrowserError(err) {
+  const msg = err instanceof Error ? err.message : String(err)
+  return msg.includes("Executable doesn't exist") || msg.includes('browserType.launch')
+}
+
+async function ensurePlaywrightChromium(playwright) {
+  try {
+    const browser = await playwright.chromium.launch({ headless: true })
+    await browser.close()
+    return
+  } catch (err) {
+    if (!isMissingBrowserError(err)) throw err
+  }
+
+  console.log('Playwright Chromium fehlt — installiere Browser (einmalig)…')
+  execSync('npx playwright install chromium', {
+    cwd: clientDir,
+    stdio: 'inherit'
+  })
+}
+
+function loadPlaywright() {
+  try {
+    return require('playwright')
+  } catch {
+    console.error('Fehlende Abhängigkeit: "npm install -D playwright" in client/ ausführen.')
+    process.exit(1)
+  }
+}
+
+async function renderSharepic(browser, htmlName, pngName, width, height) {
+  const htmlPath = resolve(marketingDir, htmlName)
+  const pngPath = resolve(marketingDir, pngName)
+  
+  console.log(`Generating sharepic (${width}x${height}) from ${htmlName}...`)
+  
+  const context = await browser.newContext({
+    viewport: { width, height },
+    deviceScaleFactor: 2 // High-DPI for crisp text
+  })
+  const page = await context.newPage()
+  
+  try {
+    await page.goto(pathToFileURL(htmlPath).href, { waitUntil: 'networkidle' })
+    await page.screenshot({
+      path: pngPath,
+      type: 'png'
+    })
+    console.log('Successfully wrote:', pngPath)
+  } finally {
+    await page.close()
+  }
+}
+
+async function main() {
+  const playwright = loadPlaywright()
+  await ensurePlaywrightChromium(playwright)
+  
+  const browser = await playwright.chromium.launch({ headless: true })
+  
+  try {
+    // Landscape 1200x630
+    await renderSharepic(browser, 'sharepic.html', 'kapteins-daagbok-sharepic.png', 1200, 630)
+    
+    // Portrait 1080x1920
+    await renderSharepic(browser, 'sharepic-portrait.html', 'kapteins-daagbok-sharepic-portrait.png', 1080, 1920)
+  } finally {
+    await browser.close()
+  }
+}
+
+main().catch((err) => {
+  console.error('Error generating sharepics:', err)
+  process.exit(1)
+})

server/src/adminConfig.ts

@@ -0,0 +1,25 @@
+const ADMIN_ENV_KEY = 'ADMIN_USER_IDS'
+
+export function getAdminUserIds(): Set<string> {
+  const raw = process.env[ADMIN_ENV_KEY]
+  if (!raw) {
+    return new Set()
+  }
+
+  const ids = raw
+    .split(',')
+    .map((id) => id.trim())
+    .filter((id) => id.length > 0)
+
+  if (ids.length === 0) {
+    return new Set()
+  }
+
+  return new Set(ids)
+}
+
+export function isAdminUserId(userId: string): boolean {
+  const adminIds = getAdminUserIds()
+  return adminIds.has(userId)
+}
+

server/src/app.ts

@@ -12,6 +12,7 @@ import pushRouter from './routes/push.js'
 import weatherRouter from './routes/weather.js'
 import aiRouter from './routes/ai.js'
 import feedbackRouter from './routes/feedback.js'
+import adminRouter from './routes/admin.js'
 import { prisma } from './db.js'
 import { buildCorsOptions } from './cors.js'
 
@@ -121,6 +122,7 @@ export function createApp(): express.Express {
   app.use('/api/weather', weatherRouter)
   app.use('/api/ai', aiRouter)
   app.use('/api/feedback', feedbackRouter)
+  app.use('/api/admin', adminRouter)
 
   app.get('/api/health', async (_req, res) => {
     try {

server/src/middleware/auth.ts

@@ -1,5 +1,6 @@
 import type { Request, Response, NextFunction } from 'express'
 import { hasValidReauth, readSessionFromRequest } from '../session.js'
+import { isAdminUserId } from '../adminConfig.js'
 
 export interface AuthedRequest extends Request {
   userId: string
@@ -31,3 +32,21 @@ export function requireReauth(req: Request, res: Response, next: NextFunction):
   ;(req as AuthedRequest).session = session
   next()
 }
+
+export function requireAdmin(req: Request, res: Response, next: NextFunction): void {
+  const session = readSessionFromRequest(req)
+  if (!session) {
+    res.status(401).json({ error: 'Unauthorized: valid session required' })
+    return
+  }
+
+  if (!isAdminUserId(session.userId)) {
+    res.status(403).json({ error: 'Forbidden: admin access required' })
+    return
+  }
+
+  ;(req as AuthedRequest).userId = session.userId
+  ;(req as AuthedRequest).session = session
+  next()
+}
+

server/src/routes/admin.ts

@@ -0,0 +1,151 @@
+import { Router } from 'express'
+import { prisma } from '../db.js'
+import { requireUser, requireAdmin, type AuthedRequest } from '../middleware/auth.js'
+
+const router = Router()
+
+router.get('/me', requireUser, requireAdmin, (req, res) => {
+  const { userId } = req as AuthedRequest
+  res.json({ isAdmin: true, userId })
+})
+
+router.get('/summary', requireUser, requireAdmin, async (_req, res) => {
+  try {
+    const [totalUsers, totalLogbooks, totalPhotos, totalVoiceMemos, totalGpsTracks, totalCollaborations, totalInvitations, aiSummaryEntries] =
+      await Promise.all([
+        prisma.user.count(),
+        prisma.logbook.count(),
+        prisma.photoPayload.count(),
+        prisma.voiceMemoPayload.count(),
+        prisma.gpsTrackPayload.count(),
+        prisma.collaboration.count(),
+        prisma.invitation.count(),
+        prisma.aiSummaryUsage.count()
+      ])
+
+    res.json({
+      totalUsers,
+      totalLogbooks,
+      totalPhotos,
+      totalVoiceMemos,
+      totalGpsTracks,
+      totalCollaborations,
+      totalInvitations,
+      aiSummaryEntries
+    })
+  } catch (error: unknown) {
+    console.error('admin/summary error', error)
+    res.status(500).json({ error: 'Failed to load admin summary' })
+  }
+})
+
+type TimeBucket = 'day' | 'week' | 'month'
+
+interface TimeSeriesPoint {
+  date: string
+  count: number
+}
+
+interface TimeSeries {
+  metric: string
+  points: TimeSeriesPoint[]
+}
+
+function normalizeBucket(value: string | undefined | null): TimeBucket {
+  if (value === 'week' || value === 'month') return value
+  return 'day'
+}
+
+function parseWindowDays(raw: string | undefined | null): number {
+  const n = raw ? Number.parseInt(raw, 10) : NaN
+  if (!Number.isFinite(n) || n <= 0) return 90
+  return Math.min(n, 365)
+}
+
+function startOfDay(date: Date): Date {
+  const d = new Date(date)
+  d.setUTCHours(0, 0, 0, 0)
+  return d
+}
+
+function startOfWeek(date: Date): Date {
+  const d = startOfDay(date)
+  const day = d.getUTCDay() || 7
+  d.setUTCDate(d.getUTCDate() - (day - 1))
+  return d
+}
+
+function startOfMonth(date: Date): Date {
+  const d = startOfDay(date)
+  d.setUTCDate(1)
+  return d
+}
+
+function bucketDate(date: Date, bucket: TimeBucket): string {
+  const base =
+    bucket === 'week' ? startOfWeek(date) : bucket === 'month' ? startOfMonth(date) : startOfDay(date)
+  return base.toISOString().slice(0, 10)
+}
+
+async function buildTimeSeries(bucket: TimeBucket, windowDays: number): Promise<TimeSeries[]> {
+  const since = new Date()
+  since.setUTCDate(since.getUTCDate() - windowDays)
+
+  const [users, logbooks, photos] = await Promise.all([
+    prisma.user.findMany({
+      where: { createdAt: { gte: since } },
+      select: { createdAt: true }
+    }),
+    prisma.logbook.findMany({
+      where: { createdAt: { gte: since } },
+      select: { createdAt: true }
+    }),
+    prisma.photoPayload.findMany({
+      where: { updatedAt: { gte: since } },
+      select: { updatedAt: true }
+    })
+  ])
+
+  function aggregate(dates: Date[], metric: string): TimeSeries {
+    const map = new Map<string, number>()
+    for (const d of dates) {
+      const key = bucketDate(d, bucket)
+      map.set(key, (map.get(key) ?? 0) + 1)
+    }
+    const points = Array.from(map.entries())
+      .sort(([a], [b]) => (a < b ? -1 : a > b ? 1 : 0))
+      .map(([date, count]) => ({ date, count }))
+    return { metric, points }
+  }
+
+  return [
+    aggregate(
+      users.map((u) => u.createdAt),
+      'users_created'
+    ),
+    aggregate(
+      logbooks.map((l) => l.createdAt),
+      'logbooks_created'
+    ),
+    aggregate(
+      photos.map((p) => p.updatedAt),
+      'photos_updated'
+    )
+  ]
+}
+
+router.get('/timeseries', requireUser, requireAdmin, async (req, res) => {
+  try {
+    const bucket = normalizeBucket(typeof req.query.bucket === 'string' ? req.query.bucket : undefined)
+    const windowDays = parseWindowDays(typeof req.query.window === 'string' ? req.query.window : undefined)
+
+    const series = await buildTimeSeries(bucket, windowDays)
+    res.json({ bucket, windowDays, series })
+  } catch (error: unknown) {
+    console.error('admin/timeseries error', error)
+    res.status(500).json({ error: 'Failed to load admin time series' })
+  }
+})
+
+export default router
+