v1.0.3: PDF footer fix, arrow alignment, email verification workflow, account deletion

v1.0.3: Fix PDF footer overlap, arrow alignment, screenshot quality, arrowheads in export
Fix: Rapport screenshot now uses coordinate-based rendering for correct symbol sizes, labels, arrowheads
2026-02-21 16:45:44 +01:00 · 2026-02-21 16:28:32 +01:00 · 2026-02-21 14:04:28 +01:00 · 2026-02-21 13:56:44 +01:00 · 2026-02-21 13:11:27 +01:00 · 2026-02-21 12:28:26 +01:00
35 changed files with 782 additions and 435 deletions
--- a/4
+++ b/4
@@ -4,7 +4,7 @@ RUN apk add --no-cache libc6-compat openssl
 WORKDIR /app
 COPY package.json package-lock.json* ./
-RUN npm ci --ignore-scripts
+RUN npm ci --ignore-scripts --legacy-peer-deps
 # Stage 2: Builder
 FROM node:20-alpine AS builder
@@ -46,7 +46,7 @@ COPY --from=builder /app/node_modules/.bin/prisma ./node_modules/.bin/prisma
 COPY --from=builder /app/node_modules/bcryptjs ./node_modules/bcryptjs
 COPY --from=builder /app/node_modules/stripe ./node_modules/stripe
 COPY --from=builder /app/package.json ./package.json
-RUN npm install --omit=dev socket.io@4.7.4 @react-pdf/renderer@3.4.2 qrcode@1.5.3 --no-save
+RUN npm install --omit=dev --legacy-peer-deps socket.io@4.7.4 @react-pdf/renderer@4.3.2 qrcode@1.5.4 --no-save
 COPY server-custom.js ./server-custom.js
 COPY docker-entrypoint.sh ./docker-entrypoint.sh
--- a/docker-compose.gitea.yml
+++ b/docker-compose.gitea.yml
@@ -24,7 +24,7 @@ services:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=sqlite3
-      - GITEA__server__ROOT_URL=http://192.168.1.183:3100
+      - GITEA__server__ROOT_URL=https://git.purepixel.ch
      - GITEA__server__HTTP_PORT=3000
      - GITEA__server__LFS_START_SERVER=true
    volumes:
@@ -43,3 +43,4 @@ volumes:
 networks:
  lageplan_lageplan-net:
    external: true
--- a/docker-compose.portainer.yml
+++ b/docker-compose.portainer.yml
@@ -77,7 +77,7 @@ services:
  # ─── Lageplan Web App ──────────────────────
  web:
-    image: lageplan-web:latest
+    image: 192.168.1.183:3100/adminpepe/lageplan:latest
    restart: unless-stopped
    environment:
      DATABASE_URL: postgresql://${POSTGRES_USER:-lageplan}:${POSTGRES_PASSWORD:-lageplan_secret}@db:5432/${POSTGRES_DB:-lageplan}
--- a/next.config.js
+++ b/next.config.js
@@ -35,7 +35,7 @@ const nextConfig = {
            key: 'Content-Security-Policy',
            value: [
              "default-src 'self'",
-              "script-src 'self' 'unsafe-inline' 'unsafe-eval'",
+              "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:",
              "style-src 'self' 'unsafe-inline'",
              "img-src 'self' data: blob: https://*.tile.openstreetmap.org https://api.maptiler.com http://localhost:9000 http://minio:9000",
              "font-src 'self' data:",
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "lageplan",
-  "version": "1.0.0",
+  "version": "1.0.1",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "lageplan",
-      "version": "1.0.0",
+      "version": "1.0.1",
      "hasInstallScript": true,
      "dependencies": {
        "@dnd-kit/core": "^6.1.0",
@@ -26,7 +26,7 @@
        "@radix-ui/react-tabs": "^1.1.0",
        "@radix-ui/react-toast": "^1.2.0",
        "@radix-ui/react-tooltip": "^1.1.0",
-        "@react-pdf/renderer": "^3.4.4",
+        "@react-pdf/renderer": "^4.3.2",
        "bcryptjs": "^2.4.3",
        "class-variance-authority": "^0.7.0",
        "clsx": "^2.1.0",
@@ -2878,176 +2878,12 @@
      "license": "MIT"
    },
    "node_modules/@react-pdf/fns": {
      "version": "2.2.1",
      "resolved": "https://registry.npmjs.org/@react-pdf/fns/-/fns-2.2.1.tgz",
      "integrity": "sha512-s78aDg0vDYaijU5lLOCsUD+qinQbfOvcNeaoX9AiE7+kZzzCo6B/nX+l48cmt9OosJmvZvE9DWR9cLhrhOi2pA==",
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.20.13"
      }
    },
    "node_modules/@react-pdf/font": {
      "version": "2.5.2",
      "resolved": "https://registry.npmjs.org/@react-pdf/font/-/font-2.5.2.tgz",
      "integrity": "sha512-Ud0EfZ2FwrbvwAWx8nz+KKLmiqACCH9a/N/xNDOja0e/YgSnqTpuyHegFBgIMKjuBtO5dNvkb4dXkxAhGe/ayw==",
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.20.13",
        "@react-pdf/types": "^2.6.0",
        "cross-fetch": "^3.1.5",
        "fontkit": "^2.0.2",
        "is-url": "^1.2.4"
      }
    },
    "node_modules/@react-pdf/image": {
      "version": "2.3.6",
      "resolved": "https://registry.npmjs.org/@react-pdf/image/-/image-2.3.6.tgz",
      "integrity": "sha512-7iZDYZrZlJqNzS6huNl2XdMcLFUo68e6mOdzQeJ63d5eApdthhSHBnkGzHfLhH5t8DCpZNtClmklzuLL63ADfw==",
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.20.13",
        "@react-pdf/png-js": "^2.3.1",
        "cross-fetch": "^3.1.5",
        "jay-peg": "^1.0.2"
      }
    },
    "node_modules/@react-pdf/layout": {
      "version": "3.13.0",
      "resolved": "https://registry.npmjs.org/@react-pdf/layout/-/layout-3.13.0.tgz",
      "integrity": "sha512-lpPj/EJYHFOc0ALiJwLP09H28B4ADyvTjxOf67xTF+qkWd+dq1vg7dw3wnYESPnWk5T9NN+HlUenJqdYEY9AvA==",
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.20.13",
        "@react-pdf/fns": "2.2.1",
        "@react-pdf/image": "^2.3.6",
        "@react-pdf/pdfkit": "^3.2.0",
        "@react-pdf/primitives": "^3.1.1",
        "@react-pdf/stylesheet": "^4.3.0",
        "@react-pdf/textkit": "^4.4.1",
        "@react-pdf/types": "^2.6.0",
        "cross-fetch": "^3.1.5",
        "emoji-regex": "^10.3.0",
        "queue": "^6.0.1",
        "yoga-layout": "^2.0.1"
      }
    },
    "node_modules/@react-pdf/pdfkit": {
      "version": "3.2.0",
      "resolved": "https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-3.2.0.tgz",
      "integrity": "sha512-OBfCcnTC6RpD9uv9L2woF60Zj1uQxhLFzTBXTdcYE9URzPE/zqXIyzpXEA4Vf3TFbvBCgFE2RzJ2ZUS0asq7yA==",
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.20.13",
        "@react-pdf/png-js": "^2.3.1",
        "browserify-zlib": "^0.2.0",
        "crypto-js": "^4.2.0",
        "fontkit": "^2.0.2",
        "jay-peg": "^1.0.2",
        "vite-compatible-readable-stream": "^3.6.1"
      }
    },
    "node_modules/@react-pdf/png-js": {
      "version": "2.3.1",
      "resolved": "https://registry.npmjs.org/@react-pdf/png-js/-/png-js-2.3.1.tgz",
      "integrity": "sha512-pEZ18I4t1vAUS4lmhvXPmXYP4PHeblpWP/pAlMMRkEyP7tdAeHUN7taQl9sf9OPq7YITMY3lWpYpJU6t4CZgZg==",
      "license": "MIT",
      "dependencies": {
        "browserify-zlib": "^0.2.0"
      }
    },
    "node_modules/@react-pdf/primitives": {
      "version": "3.1.1",
      "resolved": "https://registry.npmjs.org/@react-pdf/primitives/-/primitives-3.1.1.tgz",
      "integrity": "sha512-miwjxLwTnO3IjoqkTVeTI+9CdyDggwekmSLhVCw+a/7FoQc+gF3J2dSKwsHvAcVFM0gvU8mzCeTofgw0zPDq0w==",
      "license": "MIT"
    },
    "node_modules/@react-pdf/render": {
      "version": "3.5.0",
      "resolved": "https://registry.npmjs.org/@react-pdf/render/-/render-3.5.0.tgz",
      "integrity": "sha512-gFOpnyqCgJ6l7VzfJz6rG1i2S7iVSD8bUHDjPW9Mze8TmyksHzN2zBH3y7NbsQOw1wU6hN4NhRmslrsn+BRDPA==",
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.20.13",
        "@react-pdf/fns": "2.2.1",
        "@react-pdf/primitives": "^3.1.1",
        "@react-pdf/textkit": "^4.4.1",
        "@react-pdf/types": "^2.6.0",
        "abs-svg-path": "^0.1.1",
        "color-string": "^1.9.1",
        "normalize-svg-path": "^1.1.0",
        "parse-svg-path": "^0.1.2",
        "svg-arc-to-cubic-bezier": "^3.2.0"
      }
    },
    "node_modules/@react-pdf/renderer": {
      "version": "3.4.5",
      "resolved": "https://registry.npmjs.org/@react-pdf/renderer/-/renderer-3.4.5.tgz",
      "integrity": "sha512-O1N8q45bTs7YuC+x9afJSKQWDYQy2RjoCxlxEGdbCwP+WD5G6dWRUWXlc8F0TtzU3uFglYMmDab2YhXTmnVN9g==",
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.20.13",
        "@react-pdf/font": "^2.5.2",
        "@react-pdf/layout": "^3.13.0",
        "@react-pdf/pdfkit": "^3.2.0",
        "@react-pdf/primitives": "^3.1.1",
        "@react-pdf/render": "^3.5.0",
        "@react-pdf/types": "^2.6.0",
        "events": "^3.3.0",
        "object-assign": "^4.1.1",
        "prop-types": "^15.6.2",
        "queue": "^6.0.1",
        "scheduler": "^0.17.0"
      },
      "peerDependencies": {
        "react": "^16.8.0 || ^17.0.0 || ^18.0.0"
      }
    },
    "node_modules/@react-pdf/stylesheet": {
      "version": "4.3.0",
      "resolved": "https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-4.3.0.tgz",
      "integrity": "sha512-x7IVZOqRrUum9quuDeFXBveXwBht+z/6B0M+z4a4XjfSg1vZVvzoTl07Oa1yvQ/4yIC5yIkG2TSMWeKnDB+hrw==",
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.20.13",
        "@react-pdf/fns": "2.2.1",
        "@react-pdf/types": "^2.6.0",
        "color-string": "^1.9.1",
        "hsl-to-hex": "^1.0.0",
        "media-engine": "^1.0.3",
        "postcss-value-parser": "^4.1.0"
      }
    },
    "node_modules/@react-pdf/textkit": {
      "version": "4.4.1",
      "resolved": "https://registry.npmjs.org/@react-pdf/textkit/-/textkit-4.4.1.tgz",
      "integrity": "sha512-Jl9wdTqIvJ5pX+vAGz0EOhP7ut5Two9H6CzTKo/YYPeD79cM2yTXF3JzTERBC28y7LR0Waq9D2LHQjI+b/EYUQ==",
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.20.13",
        "@react-pdf/fns": "2.2.1",
        "bidi-js": "^1.0.2",
        "hyphen": "^1.6.4",
        "unicode-properties": "^1.4.1"
      }
    },
    "node_modules/@react-pdf/types": {
      "version": "2.9.2",
      "resolved": "https://registry.npmjs.org/@react-pdf/types/-/types-2.9.2.tgz",
      "integrity": "sha512-dufvpKId9OajLLbgn9q7VLUmyo1Jf+iyGk2ZHmCL8nIDtL8N1Ejh9TH7+pXXrR0tdie1nmnEb5Bz9U7g4hI4/g==",
      "license": "MIT",
      "dependencies": {
        "@react-pdf/font": "^4.0.4",
        "@react-pdf/primitives": "^4.1.1",
        "@react-pdf/stylesheet": "^6.1.2"
      }
    },
    "node_modules/@react-pdf/types/node_modules/@react-pdf/fns": {
      "version": "3.1.2",
      "resolved": "https://registry.npmjs.org/@react-pdf/fns/-/fns-3.1.2.tgz",
      "integrity": "sha512-qTKGUf0iAMGg2+OsUcp9ffKnKi41RukM/zYIWMDJ4hRVYSr89Q7e3wSDW/Koqx3ea3Uy/z3h2y3wPX6Bdfxk6g==",
      "license": "MIT"
    },
-    "node_modules/@react-pdf/types/node_modules/@react-pdf/font": {
+    "node_modules/@react-pdf/font": {
      "version": "4.0.4",
      "resolved": "https://registry.npmjs.org/@react-pdf/font/-/font-4.0.4.tgz",
      "integrity": "sha512-8YtgGtL511txIEc9AjiilpZ7yjid8uCd8OGUl6jaL3LIHnrToUupSN4IzsMQpVTCMYiDLFnDNQzpZsOYtRS/Pg==",
@@ -3059,7 +2895,34 @@
        "is-url": "^1.2.4"
      }
    },
-    "node_modules/@react-pdf/types/node_modules/@react-pdf/pdfkit": {
+    "node_modules/@react-pdf/image": {
      "version": "3.0.4",
      "resolved": "https://registry.npmjs.org/@react-pdf/image/-/image-3.0.4.tgz",
      "integrity": "sha512-z0ogVQE0bKqgXQ5smgzIU857rLV7bMgVdrYsu3UfXDDLSzI7QPvzf6MFTFllX6Dx2rcsF13E01dqKPtJEM799g==",
      "license": "MIT",
      "dependencies": {
        "@react-pdf/png-js": "^3.0.0",
        "jay-peg": "^1.1.1"
      }
    },
    "node_modules/@react-pdf/layout": {
      "version": "4.4.2",
      "resolved": "https://registry.npmjs.org/@react-pdf/layout/-/layout-4.4.2.tgz",
      "integrity": "sha512-gNu2oh8MiGR+NJZYTJ4c4q0nWCESBI6rKFiodVhE7OeVAjtzZzd6l65wsN7HXdWJqOZD3ttD97iE+tf5SOd/Yg==",
      "license": "MIT",
      "dependencies": {
        "@react-pdf/fns": "3.1.2",
        "@react-pdf/image": "^3.0.4",
        "@react-pdf/primitives": "^4.1.1",
        "@react-pdf/stylesheet": "^6.1.2",
        "@react-pdf/textkit": "^6.1.0",
        "@react-pdf/types": "^2.9.2",
        "emoji-regex-xs": "^1.0.0",
        "queue": "^6.0.1",
        "yoga-layout": "^3.2.1"
      }
    },
    "node_modules/@react-pdf/pdfkit": {
      "version": "4.1.0",
      "resolved": "https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-4.1.0.tgz",
      "integrity": "sha512-Wm/IOAv0h/U5Ra94c/PltFJGcpTUd/fwVMVeFD6X9tTTPCttIwg0teRG1Lqq617J8K4W7jpL/B0HTH0mjp3QpQ==",
@@ -3075,7 +2938,7 @@
        "vite-compatible-readable-stream": "^3.6.1"
      }
    },
-    "node_modules/@react-pdf/types/node_modules/@react-pdf/png-js": {
+    "node_modules/@react-pdf/png-js": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/@react-pdf/png-js/-/png-js-3.0.0.tgz",
      "integrity": "sha512-eSJnEItZ37WPt6Qv5pncQDxLJRK15eaRwPT+gZoujP548CodenOVp49GST8XJvKMFt9YqIBzGBV/j9AgrOQzVA==",
@@ -3084,13 +2947,68 @@
        "browserify-zlib": "^0.2.0"
      }
    },
-    "node_modules/@react-pdf/types/node_modules/@react-pdf/primitives": {
+    "node_modules/@react-pdf/primitives": {
      "version": "4.1.1",
      "resolved": "https://registry.npmjs.org/@react-pdf/primitives/-/primitives-4.1.1.tgz",
      "integrity": "sha512-IuhxYls1luJb7NUWy6q5avb1XrNaVj9bTNI40U9qGRuS6n7Hje/8H8Qi99Z9UKFV74bBP3DOf3L1wV2qZVgVrQ==",
      "license": "MIT"
    },
-    "node_modules/@react-pdf/types/node_modules/@react-pdf/stylesheet": {
+    "node_modules/@react-pdf/reconciler": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/@react-pdf/reconciler/-/reconciler-2.0.0.tgz",
      "integrity": "sha512-7zaPRujpbHSmCpIrZ+b9HSTJHthcVZzX0Wx7RzvQGsGBUbHP4p6s5itXrAIOuQuPvDepoHGNOvf6xUuMVvdoyw==",
      "license": "MIT",
      "dependencies": {
        "object-assign": "^4.1.1",
        "scheduler": "0.25.0-rc-603e6108-20241029"
      },
      "peerDependencies": {
        "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
      }
    },
    "node_modules/@react-pdf/render": {
      "version": "4.3.2",
      "resolved": "https://registry.npmjs.org/@react-pdf/render/-/render-4.3.2.tgz",
      "integrity": "sha512-el5KYM1sH/PKcO4tRCIm8/AIEmhtraaONbwCrBhFdehoGv6JtgnXiMxHGAvZbI5kEg051GbyP+XIU6f6YbOu6Q==",
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.20.13",
        "@react-pdf/fns": "3.1.2",
        "@react-pdf/primitives": "^4.1.1",
        "@react-pdf/textkit": "^6.1.0",
        "@react-pdf/types": "^2.9.2",
        "abs-svg-path": "^0.1.1",
        "color-string": "^1.9.1",
        "normalize-svg-path": "^1.1.0",
        "parse-svg-path": "^0.1.2",
        "svg-arc-to-cubic-bezier": "^3.2.0"
      }
    },
    "node_modules/@react-pdf/renderer": {
      "version": "4.3.2",
      "resolved": "https://registry.npmjs.org/@react-pdf/renderer/-/renderer-4.3.2.tgz",
      "integrity": "sha512-EhPkj35gO9rXIyyx29W3j3axemvVY5RigMmlK4/6Ku0pXB8z9PEE/sz4ZBOShu2uot6V4xiCR3aG+t9IjJJlBQ==",
      "license": "MIT",
      "dependencies": {
        "@babel/runtime": "^7.20.13",
        "@react-pdf/fns": "3.1.2",
        "@react-pdf/font": "^4.0.4",
        "@react-pdf/layout": "^4.4.2",
        "@react-pdf/pdfkit": "^4.1.0",
        "@react-pdf/primitives": "^4.1.1",
        "@react-pdf/reconciler": "^2.0.0",
        "@react-pdf/render": "^4.3.2",
        "@react-pdf/types": "^2.9.2",
        "events": "^3.3.0",
        "object-assign": "^4.1.1",
        "prop-types": "^15.6.2",
        "queue": "^6.0.1"
      },
      "peerDependencies": {
        "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
      }
    },
    "node_modules/@react-pdf/stylesheet": {
      "version": "6.1.2",
      "resolved": "https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-6.1.2.tgz",
      "integrity": "sha512-E3ftGRYUQGKiN3JOgtGsLDo0hGekA6dmkmi/MYACytmPTKxQRBSO3126MebmCq+t1rgU9uRlREIEawJ+8nzSbw==",
@@ -3104,6 +3022,29 @@
        "postcss-value-parser": "^4.1.0"
      }
    },
    "node_modules/@react-pdf/textkit": {
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/@react-pdf/textkit/-/textkit-6.1.0.tgz",
      "integrity": "sha512-sFlzDC9CDFrJsnL3B/+NHrk9+Advqk7iJZIStiYQDdskbow8GF/AGYrpIk+vWSnh35YxaGbHkqXq53XOxnyrjQ==",
      "license": "MIT",
      "dependencies": {
        "@react-pdf/fns": "3.1.2",
        "bidi-js": "^1.0.2",
        "hyphen": "^1.6.4",
        "unicode-properties": "^1.4.1"
      }
    },
    "node_modules/@react-pdf/types": {
      "version": "2.9.2",
      "resolved": "https://registry.npmjs.org/@react-pdf/types/-/types-2.9.2.tgz",
      "integrity": "sha512-dufvpKId9OajLLbgn9q7VLUmyo1Jf+iyGk2ZHmCL8nIDtL8N1Ejh9TH7+pXXrR0tdie1nmnEb5Bz9U7g4hI4/g==",
      "license": "MIT",
      "dependencies": {
        "@react-pdf/font": "^4.0.4",
        "@react-pdf/primitives": "^4.1.1",
        "@react-pdf/stylesheet": "^6.1.2"
      }
    },
    "node_modules/@rtsao/scc": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/@rtsao/scc/-/scc-1.1.0.tgz",
@@ -4753,15 +4694,6 @@
        "url": "https://opencollective.com/express"
      }
    },
    "node_modules/cross-fetch": {
      "version": "3.2.0",
      "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.2.0.tgz",
      "integrity": "sha512-Q+xVJLoGOeIMXZmbUK4HYk+69cQH6LudR0Vu/pRm2YlU/hDV9CiS0gKUMaWY5f2NeUH9C1nV3bsTlCo0FsTV1Q==",
      "license": "MIT",
      "dependencies": {
        "node-fetch": "^2.7.0"
      }
    },
    "node_modules/cross-spawn": {
      "version": "7.0.6",
      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
@@ -5082,10 +5014,10 @@
      "dev": true,
      "license": "ISC"
    },
-    "node_modules/emoji-regex": {
+    "node_modules/emoji-regex-xs": {
-      "version": "10.6.0",
+      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz",
+      "resolved": "https://registry.npmjs.org/emoji-regex-xs/-/emoji-regex-xs-1.0.0.tgz",
-      "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==",
+      "integrity": "sha512-LRlerrMYoIDrT6jgpeZ2YYl/L8EulRTt5hQcYjy5AInh7HWXKimpqx68aknBFpGL2+/IcogTcaydJEgaTmOpDg==",
      "license": "MIT"
    },
    "node_modules/engine.io": {
@@ -7747,26 +7679,6 @@
        "semver": "bin/semver.js"
      }
    },
    "node_modules/node-fetch": {
      "version": "2.7.0",
      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
      "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==",
      "license": "MIT",
      "dependencies": {
        "whatwg-url": "^5.0.0"
      },
      "engines": {
        "node": "4.x || >=6.0.0"
      },
      "peerDependencies": {
        "encoding": "^0.1.0"
      },
      "peerDependenciesMeta": {
        "encoding": {
          "optional": true
        }
      }
    },
    "node_modules/node-releases": {
      "version": "2.0.27",
      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.27.tgz",
@@ -9043,14 +8955,10 @@
      }
    },
    "node_modules/scheduler": {
-      "version": "0.17.0",
+      "version": "0.25.0-rc-603e6108-20241029",
-      "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.17.0.tgz",
+      "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.25.0-rc-603e6108-20241029.tgz",
-      "integrity": "sha512-7rro8Io3tnCPuY4la/NuI5F2yfESpnfZyT6TtkXnSWVkcu0BCDJ+8gk5ozUaFaxpIyNuWAPXrH0yFcSi28fnDA==",
+      "integrity": "sha512-pFwF6H1XrSdYYNLfOcGlM28/j8CGLu8IvdrxqhjWULe2bPcKiKW4CV+OWqR/9fT52mywx65l7ysNkjLKBda7eA==",
-      "license": "MIT",
+      "license": "MIT"
      "dependencies": {
        "loose-envify": "^1.1.0",
        "object-assign": "^4.1.1"
      }
    },
    "node_modules/selecto": {
      "version": "1.26.3",
@@ -9897,12 +9805,6 @@
        "node": ">=8.0"
      }
    },
    "node_modules/tr46": {
      "version": "0.0.3",
      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
      "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==",
      "license": "MIT"
    },
    "node_modules/ts-api-utils": {
      "version": "2.4.0",
      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.4.0.tgz",
@@ -10346,22 +10248,6 @@
        "@zxing/text-encoding": "0.9.0"
      }
    },
    "node_modules/webidl-conversions": {
      "version": "3.0.1",
      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
      "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==",
      "license": "BSD-2-Clause"
    },
    "node_modules/whatwg-url": {
      "version": "5.0.0",
      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
      "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
      "license": "MIT",
      "dependencies": {
        "tr46": "~0.0.3",
        "webidl-conversions": "^3.0.0"
      }
    },
    "node_modules/which": {
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
@@ -10667,9 +10553,9 @@
      }
    },
    "node_modules/yoga-layout": {
-      "version": "2.0.1",
+      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/yoga-layout/-/yoga-layout-2.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/yoga-layout/-/yoga-layout-3.2.1.tgz",
-      "integrity": "sha512-tT/oChyDXelLo2A+UVnlW9GU7CsvFMaEnd9kVFsaiCQonFAXd3xrHhkLYu+suwwosrAEQ746xBU+HvYtm1Zs2Q==",
+      "integrity": "sha512-0LPOt3AxKqMdFBZA3HBAt/t/8vIKq7VaQYbuA8WxCgung+p9TVyKRYdpvCb80HcdTN2NkbIKbhNwKUfm3tQywQ==",
      "license": "MIT"
    },
    "node_modules/zod": {
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "lageplan",
-  "version": "1.0.0",
+  "version": "1.0.3",
  "description": "Feuerwehr Lageplan - Krokier-App für Einsatzdokumentation",
  "private": true,
  "scripts": {
@@ -34,7 +34,7 @@
    "@radix-ui/react-tabs": "^1.1.0",
    "@radix-ui/react-toast": "^1.2.0",
    "@radix-ui/react-tooltip": "^1.1.0",
-    "@react-pdf/renderer": "^3.4.4",
+    "@react-pdf/renderer": "^4.3.2",
    "bcryptjs": "^2.4.3",
    "class-variance-authority": "^0.7.0",
    "clsx": "^2.1.0",
--- a/src/app/api/auth/delete-account/route.ts
+++ b/src/app/api/auth/delete-account/route.ts
@@ -0,0 +1,65 @@
 import { NextRequest, NextResponse } from 'next/server'
 import { prisma } from '@/lib/db'
 import { getSession } from '@/lib/auth'
 import bcrypt from 'bcryptjs'
 import { cookies } from 'next/headers'
 // POST: User deletes their own account
 export async function POST(req: NextRequest) {
  try {
    const session = await getSession()
    if (!session) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    const { password } = await req.json()
    if (!password) {
      return NextResponse.json({ error: 'Passwort erforderlich' }, { status: 400 })
    }
    // Verify password
    const user = await (prisma as any).user.findUnique({
      where: { id: session.id },
      select: { id: true, password: true, role: true },
    })
    if (!user) return NextResponse.json({ error: 'Benutzer nicht gefunden' }, { status: 404 })
    const validPw = await bcrypt.compare(password, user.password)
    if (!validPw) {
      return NextResponse.json({ error: 'Falsches Passwort' }, { status: 403 })
    }
    // If user is the only TENANT_ADMIN, they must delete the org first or transfer ownership
    if (session.tenantId && session.role === 'TENANT_ADMIN') {
      const adminCount = await (prisma as any).tenantMembership.count({
        where: { tenantId: session.tenantId, role: 'TENANT_ADMIN' },
      })
      if (adminCount <= 1) {
        return NextResponse.json({
          error: 'Sie sind der einzige Administrator. Bitte löschen Sie die Organisation unter Einstellungen oder übertragen Sie die Admin-Rolle.',
        }, { status: 400 })
      }
    }
    console.log(`[Account Delete] User ${session.id} (${session.email}) deleting own account`)
    // Clean up user data
    try { await (prisma as any).upgradeRequest.deleteMany({ where: { requestedById: session.id } }) } catch {}
    try { await (prisma as any).iconAsset.updateMany({ where: { ownerId: session.id }, data: { ownerId: null } }) } catch {}
    try { await (prisma as any).project.updateMany({ where: { ownerId: session.id }, data: { ownerId: null } }) } catch {}
    // Remove memberships
    await (prisma as any).tenantMembership.deleteMany({ where: { userId: session.id } })
    // Delete user
    await (prisma as any).user.delete({ where: { id: session.id } })
    // Clear auth cookie
    ;(await cookies()).delete('auth-token')
    console.log(`[Account Delete] User ${session.email} deleted successfully`)
    return NextResponse.json({ success: true, message: 'Konto wurde gelöscht' })
  } catch (error: any) {
    console.error('[Account Delete] Error:', error?.message || error)
    return NextResponse.json({ error: 'Löschung fehlgeschlagen' }, { status: 500 })
  }
 }
--- a/src/app/api/auth/resend-verification/route.ts
+++ b/src/app/api/auth/resend-verification/route.ts
@@ -0,0 +1,70 @@
 import { NextRequest, NextResponse } from 'next/server'
 import { prisma } from '@/lib/db'
 import { sendEmail } from '@/lib/email'
 import { randomBytes } from 'crypto'
 export async function POST(req: NextRequest) {
  try {
    const { email } = await req.json()
    if (!email) {
      return NextResponse.json({ error: 'E-Mail-Adresse erforderlich.' }, { status: 400 })
    }
    const user = await (prisma as any).user.findUnique({
      where: { email },
      include: { memberships: { include: { tenant: true } } },
    })
    if (!user) {
      // Don't reveal whether user exists
      return NextResponse.json({ success: true, message: 'Falls ein Konto mit dieser E-Mail existiert, wurde eine neue Bestätigungsmail gesendet.' })
    }
    if (user.emailVerified) {
      return NextResponse.json({ success: true, message: 'Ihre E-Mail-Adresse ist bereits bestätigt. Sie können sich anmelden.' })
    }
    // Generate new verification token
    const verificationToken = randomBytes(32).toString('hex')
    await (prisma as any).user.update({
      where: { id: user.id },
      data: { emailVerificationToken: verificationToken },
    })
    // Build verification URL
    let baseUrl = process.env.NEXTAUTH_URL || req.headers.get('origin') || `${req.headers.get('x-forwarded-proto') || 'https'}://${req.headers.get('host')}` || 'http://localhost:3000'
    if (baseUrl && !baseUrl.startsWith('http://') && !baseUrl.startsWith('https://')) {
      baseUrl = `https://${baseUrl}`
    }
    const verifyUrl = `${baseUrl}/api/auth/verify-email?token=${verificationToken}`
    const orgName = user.memberships?.[0]?.tenant?.name || 'Lageplan'
    await sendEmail(
      user.email,
      'E-Mail-Adresse bestätigen — Lageplan',
      `<div style="font-family:sans-serif;max-width:600px;margin:0 auto;">
        <div style="background:#dc2626;color:white;padding:20px 24px;border-radius:12px 12px 0 0;">
          <h1 style="margin:0;font-size:22px;">E-Mail bestätigen</h1>
        </div>
        <div style="border:1px solid #e5e7eb;border-top:none;padding:24px;border-radius:0 0 12px 12px;">
          <p>Hallo <strong>${user.name}</strong>,</p>
          <p>Bitte bestätigen Sie Ihre E-Mail-Adresse, um Ihr Konto für <strong>${orgName}</strong> zu aktivieren.</p>
          <div style="text-align:center;margin:24px 0;">
            <a href="${verifyUrl}" style="background:#dc2626;color:white;padding:12px 32px;text-decoration:none;border-radius:8px;font-weight:600;display:inline-block;">
              E-Mail bestätigen
            </a>
          </div>
          <p style="color:#666;font-size:13px;">Falls der Button nicht funktioniert, kopieren Sie diesen Link:<br/>
          <a href="${verifyUrl}" style="word-break:break-all;">${verifyUrl}</a></p>
        </div>
      </div>`
    )
    return NextResponse.json({ success: true, message: 'Bestätigungsmail wurde erneut gesendet. Bitte prüfen Sie Ihren Posteingang.' })
  } catch (error) {
    console.error('Resend verification error:', error)
    return NextResponse.json({ error: 'Fehler beim Senden der Bestätigungsmail.' }, { status: 500 })
  }
 }
--- a/src/app/api/projects/[id]/features/route.ts
+++ b/src/app/api/projects/[id]/features/route.ts
@@ -6,21 +6,22 @@ import { getProjectWithTenantCheck } from '@/lib/tenant'
 export async function GET(
  request: NextRequest,
-  { params }: { params: { id: string } }
+  { params }: { params: Promise<{ id: string }> }
 ) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) {
      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    }
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) {
      return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    }
    const features = await (prisma as any).feature.findMany({
-      where: { projectId: params.id },
+      where: { projectId: id },
      orderBy: { createdAt: 'asc' },
    })
@@ -33,9 +34,10 @@ export async function GET(
 export async function POST(
  request: NextRequest,
-  { params }: { params: { id: string } }
+  { params }: { params: Promise<{ id: string }> }
 ) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) {
      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
@@ -45,7 +47,7 @@ export async function POST(
      return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
    }
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) {
      return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    }
@@ -66,7 +68,7 @@ export async function POST(
    const feature = await (prisma as any).feature.create({
      data: {
-        projectId: params.id,
+        projectId: id,
        type: validated.data.type,
        geometry: validated.data.geometry,
        properties: validated.data.properties || {},
@@ -82,9 +84,10 @@ export async function POST(
 export async function PUT(
  request: NextRequest,
-  { params }: { params: { id: string } }
+  { params }: { params: Promise<{ id: string }> }
 ) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) {
      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
@@ -94,11 +97,11 @@ export async function PUT(
      return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
    }
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) {
-      const exists = await (prisma as any).project.findUnique({ where: { id: params.id }, select: { id: true, tenantId: true, ownerId: true } })
+      const exists = await (prisma as any).project.findUnique({ where: { id }, select: { id: true, tenantId: true, ownerId: true } })
      if (!exists) {
-        console.warn(`[Features PUT] Project ${params.id} not in DB`)
+        console.warn(`[Features PUT] Project ${id} not in DB`)
        return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
      }
      console.warn(`[Features PUT] Access denied: user=${user.id} tenant=${user.tenantId}, project owner=${exists.ownerId} tenant=${exists.tenantId}`)
@@ -113,13 +116,13 @@ export async function PUT(
    const { features } = body as { features: Array<{ id?: string; type: string; geometry: object; properties?: object }> }
    await (prisma as any).feature.deleteMany({
-      where: { projectId: params.id },
+      where: { projectId: id },
    })
    if (features && features.length > 0) {
      await (prisma as any).feature.createMany({
        data: features.map((f: any) => ({
-          projectId: params.id,
+          projectId: id,
          type: f.type,
          geometry: f.geometry,
          properties: f.properties || {},
@@ -128,7 +131,7 @@ export async function PUT(
    }
    const updatedFeatures = await (prisma as any).feature.findMany({
-      where: { projectId: params.id },
+      where: { projectId: id },
    })
    return NextResponse.json({ features: updatedFeatures })
--- a/src/app/api/projects/[id]/journal/check-items/[itemId]/route.ts
+++ b/src/app/api/projects/[id]/journal/check-items/[itemId]/route.ts
@@ -4,18 +4,19 @@ import { getSession } from '@/lib/auth'
 import { getProjectWithTenantCheck } from '@/lib/tenant'
 // PUT: Toggle confirmed/ok on a check item
-export async function PUT(req: NextRequest, { params }: { params: { id: string; itemId: string } }) {
+export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string; itemId: string }> }) {
  try {
    const { id, itemId } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    if (user.role === 'VIEWER') return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    // Verify item belongs to this project
    const existing = await (prisma as any).journalCheckItem.findFirst({
-      where: { id: params.itemId, projectId: params.id },
+      where: { id: itemId, projectId: id },
    })
    if (!existing) return NextResponse.json({ error: 'Element nicht gefunden' }, { status: 404 })
@@ -32,7 +33,7 @@ export async function PUT(req: NextRequest, { params }: { params: { id: string;
    }
    const item = await (prisma as any).journalCheckItem.update({
-      where: { id: params.itemId },
+      where: { id: itemId },
      data,
    })
    return NextResponse.json(item)
@@ -43,22 +44,23 @@ export async function PUT(req: NextRequest, { params }: { params: { id: string;
 }
 // DELETE
-export async function DELETE(req: NextRequest, { params }: { params: { id: string; itemId: string } }) {
+export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string; itemId: string }> }) {
  try {
    const { id, itemId } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    if (user.role === 'VIEWER') return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    // Verify item belongs to this project
    const existing = await (prisma as any).journalCheckItem.findFirst({
-      where: { id: params.itemId, projectId: params.id },
+      where: { id: itemId, projectId: id },
    })
    if (!existing) return NextResponse.json({ error: 'Element nicht gefunden' }, { status: 404 })
-    await (prisma as any).journalCheckItem.delete({ where: { id: params.itemId } })
+    await (prisma as any).journalCheckItem.delete({ where: { id: itemId } })
    return NextResponse.json({ ok: true })
  } catch (error) {
    console.error('Error deleting check item:', error)
--- a/src/app/api/projects/[id]/journal/check-items/route.ts
+++ b/src/app/api/projects/[id]/journal/check-items/route.ts
@@ -4,13 +4,14 @@ import { getSession } from '@/lib/auth'
 import { getProjectWithTenantCheck } from '@/lib/tenant'
 // POST: Add check item (or initialize from templates)
-export async function POST(req: NextRequest, { params }: { params: { id: string } }) {
+export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    if (user.role === 'VIEWER') return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    const body = await req.json()
@@ -18,7 +19,7 @@ export async function POST(req: NextRequest, { params }: { params: { id: string
    // If 'initFromTemplates' is true, create check items from templates (only if none exist)
    if (body.initFromTemplates) {
      const existing = await (prisma as any).journalCheckItem.findMany({
-        where: { projectId: params.id },
+        where: { projectId: id },
      })
      if (existing.length > 0) {
        return NextResponse.json(existing)
@@ -31,7 +32,7 @@ export async function POST(req: NextRequest, { params }: { params: { id: string
        templates.map((tpl: any, i: number) =>
          (prisma as any).journalCheckItem.create({
            data: {
-              projectId: params.id,
+              projectId: id,
              label: tpl.label,
              sortOrder: i,
            },
@@ -44,7 +45,7 @@ export async function POST(req: NextRequest, { params }: { params: { id: string
    // Single item creation
    const item = await (prisma as any).journalCheckItem.create({
      data: {
-        projectId: params.id,
+        projectId: id,
        label: body.label || '',
        sortOrder: body.sortOrder || 0,
      },
--- a/src/app/api/projects/[id]/journal/entries/[entryId]/route.ts
+++ b/src/app/api/projects/[id]/journal/entries/[entryId]/route.ts
@@ -4,17 +4,18 @@ import { getSession } from '@/lib/auth'
 import { getProjectWithTenantCheck } from '@/lib/tenant'
 // PUT: Update a journal entry — only toggle done status allowed directly
-export async function PUT(req: NextRequest, { params }: { params: { id: string; entryId: string } }) {
+export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string; entryId: string }> }) {
  try {
    const { id, entryId } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    if (user.role === 'VIEWER') return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    const existing = await (prisma as any).journalEntry.findFirst({
-      where: { id: params.entryId, projectId: params.id },
+      where: { id: entryId, projectId: id },
    })
    if (!existing) return NextResponse.json({ error: 'Eintrag nicht gefunden' }, { status: 404 })
@@ -23,7 +24,7 @@ export async function PUT(req: NextRequest, { params }: { params: { id: string;
    // Only done toggle is allowed as direct edit
    if (body.done !== undefined) {
      const entry = await (prisma as any).journalEntry.update({
-        where: { id: params.entryId },
+        where: { id: entryId },
        data: { done: body.done, doneAt: body.done ? new Date() : null },
      })
      return NextResponse.json(entry)
@@ -38,17 +39,18 @@ export async function PUT(req: NextRequest, { params }: { params: { id: string;
 // POST: Create a correction for a journal entry (replaces DELETE)
 // Marks the original as corrected (strikethrough) and creates a new correction entry below it
-export async function POST(req: NextRequest, { params }: { params: { id: string; entryId: string } }) {
+export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string; entryId: string }> }) {
  try {
    const { id, entryId } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    if (user.role === 'VIEWER') return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    const existing = await (prisma as any).journalEntry.findFirst({
-      where: { id: params.entryId, projectId: params.id },
+      where: { id: entryId, projectId: id },
    })
    if (!existing) return NextResponse.json({ error: 'Eintrag nicht gefunden' }, { status: 404 })
@@ -69,7 +71,7 @@ export async function POST(req: NextRequest, { params }: { params: { id: string;
    // Mark original as corrected
    await (prisma as any).journalEntry.update({
-      where: { id: params.entryId },
+      where: { id: entryId },
      data: { isCorrected: true },
    })
@@ -81,7 +83,7 @@ export async function POST(req: NextRequest, { params }: { params: { id: string;
        who: body.who || existing.who || user.name,
        sortOrder: existing.sortOrder + 1,
        correctionOfId: existing.id,
-        projectId: params.id,
+        projectId: id,
      },
    })
--- a/src/app/api/projects/[id]/journal/entries/route.ts
+++ b/src/app/api/projects/[id]/journal/entries/route.ts
@@ -4,19 +4,20 @@ import { getSession } from '@/lib/auth'
 import { getProjectWithTenantCheck } from '@/lib/tenant'
 // POST: Add a new journal entry
-export async function POST(req: NextRequest, { params }: { params: { id: string } }) {
+export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    if (user.role === 'VIEWER') return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    const body = await req.json()
    const entry = await (prisma as any).journalEntry.create({
      data: {
-        projectId: params.id,
+        projectId: id,
        time: body.time ? new Date(body.time) : new Date(),
        what: body.what || '',
        who: body.who || null,
--- a/src/app/api/projects/[id]/journal/pendenzen/[pendenzId]/route.ts
+++ b/src/app/api/projects/[id]/journal/pendenzen/[pendenzId]/route.ts
@@ -4,18 +4,19 @@ import { getSession } from '@/lib/auth'
 import { getProjectWithTenantCheck } from '@/lib/tenant'
 // PUT: Update a pendenz
-export async function PUT(req: NextRequest, { params }: { params: { id: string; pendenzId: string } }) {
+export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string; pendenzId: string }> }) {
  try {
    const { id, pendenzId } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    if (user.role === 'VIEWER') return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    // Verify pendenz belongs to this project
    const existing = await (prisma as any).journalPendenz.findFirst({
-      where: { id: params.pendenzId, projectId: params.id },
+      where: { id: pendenzId, projectId: id },
    })
    if (!existing) return NextResponse.json({ error: 'Pendenz nicht gefunden' }, { status: 404 })
@@ -30,7 +31,7 @@ export async function PUT(req: NextRequest, { params }: { params: { id: string;
    }
    const item = await (prisma as any).journalPendenz.update({
-      where: { id: params.pendenzId },
+      where: { id: pendenzId },
      data,
    })
    return NextResponse.json(item)
@@ -41,22 +42,23 @@ export async function PUT(req: NextRequest, { params }: { params: { id: string;
 }
 // DELETE
-export async function DELETE(req: NextRequest, { params }: { params: { id: string; pendenzId: string } }) {
+export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string; pendenzId: string }> }) {
  try {
    const { id, pendenzId } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    if (user.role === 'VIEWER') return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    // Verify pendenz belongs to this project
    const existing = await (prisma as any).journalPendenz.findFirst({
-      where: { id: params.pendenzId, projectId: params.id },
+      where: { id: pendenzId, projectId: id },
    })
    if (!existing) return NextResponse.json({ error: 'Pendenz nicht gefunden' }, { status: 404 })
-    await (prisma as any).journalPendenz.delete({ where: { id: params.pendenzId } })
+    await (prisma as any).journalPendenz.delete({ where: { id: pendenzId } })
    return NextResponse.json({ ok: true })
  } catch (error) {
    console.error('Error deleting pendenz:', error)
--- a/src/app/api/projects/[id]/journal/pendenzen/route.ts
+++ b/src/app/api/projects/[id]/journal/pendenzen/route.ts
@@ -4,19 +4,20 @@ import { getSession } from '@/lib/auth'
 import { getProjectWithTenantCheck } from '@/lib/tenant'
 // POST: Add a new pendenz
-export async function POST(req: NextRequest, { params }: { params: { id: string } }) {
+export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    if (user.role === 'VIEWER') return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    const body = await req.json()
    const item = await (prisma as any).journalPendenz.create({
      data: {
-        projectId: params.id,
+        projectId: id,
        what: body.what || '',
        who: body.who || null,
        whenHow: body.whenHow || null,
--- a/src/app/api/projects/[id]/journal/route.ts
+++ b/src/app/api/projects/[id]/journal/route.ts
@@ -4,25 +4,26 @@ import { getSession } from '@/lib/auth'
 import { getProjectWithTenantCheck } from '@/lib/tenant'
 // GET all journal data for a project (entries, check items, pendenzen)
-export async function GET(req: NextRequest, { params }: { params: { id: string } }) {
+export async function GET(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    const [entries, checkItems, pendenzen] = await Promise.all([
      (prisma as any).journalEntry.findMany({
-        where: { projectId: params.id },
+        where: { projectId: id },
        orderBy: [{ time: 'asc' }, { sortOrder: 'asc' }, { createdAt: 'asc' }],
      }),
      (prisma as any).journalCheckItem.findMany({
-        where: { projectId: params.id },
+        where: { projectId: id },
        orderBy: { sortOrder: 'asc' },
      }),
      (prisma as any).journalPendenz.findMany({
-        where: { projectId: params.id },
+        where: { projectId: id },
        orderBy: { sortOrder: 'asc' },
      }),
    ])
--- a/src/app/api/projects/[id]/journal/send-report/route.ts
+++ b/src/app/api/projects/[id]/journal/send-report/route.ts
@@ -4,12 +4,13 @@ import { getSession } from '@/lib/auth'
 import { getProjectWithTenantCheck } from '@/lib/tenant'
 import { sendEmail } from '@/lib/email'
-export async function POST(req: NextRequest, { params }: { params: { id: string } }) {
+export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    // Load tenant logo
@@ -32,17 +33,17 @@ export async function POST(req: NextRequest, { params }: { params: { id: string
    // Load journal data
    const entries = await (prisma as any).journalEntry.findMany({
-      where: { projectId: params.id },
+      where: { projectId: id },
      orderBy: [{ time: 'asc' }, { sortOrder: 'asc' }],
    })
    const checkItems = await (prisma as any).journalCheckItem.findMany({
-      where: { projectId: params.id },
+      where: { projectId: id },
      orderBy: { sortOrder: 'asc' },
    })
    const pendenzen = await (prisma as any).journalPendenz.findMany({
-      where: { projectId: params.id },
+      where: { projectId: id },
      orderBy: { sortOrder: 'asc' },
    })
--- a/src/app/api/projects/[id]/plan-image/route.ts
+++ b/src/app/api/projects/[id]/plan-image/route.ts
@@ -5,13 +5,14 @@ import { getProjectWithTenantCheck } from '@/lib/tenant'
 import { uploadFile, deleteFile, getFileUrl } from '@/lib/minio'
 // POST: Upload a plan image for a project
-export async function POST(req: NextRequest, { params }: { params: { id: string } }) {
+export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    if (user.role === 'VIEWER') return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    const formData = await req.formData()
@@ -37,7 +38,7 @@ export async function POST(req: NextRequest, { params }: { params: { id: string
    // Upload to MinIO
    const buffer = Buffer.from(await file.arrayBuffer())
    const ext = file.name.split('.').pop() || 'png'
-    const fileKey = `plans/${params.id}/${Date.now()}.${ext}`
+    const fileKey = `plans/${id}/${Date.now()}.${ext}`
    await uploadFile(fileKey, buffer, file.type)
    // Parse bounds or use default (current map view)
@@ -48,7 +49,7 @@ export async function POST(req: NextRequest, { params }: { params: { id: string
    // Update project
    await (prisma as any).project.update({
-      where: { id: params.id },
+      where: { id },
      data: {
        planImageKey: fileKey,
        planBounds: bounds,
@@ -70,13 +71,14 @@ export async function POST(req: NextRequest, { params }: { params: { id: string
 }
 // DELETE: Remove the plan image
-export async function DELETE(req: NextRequest, { params }: { params: { id: string } }) {
+export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    if (user.role === 'VIEWER') return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    const p = project as any
@@ -85,7 +87,7 @@ export async function DELETE(req: NextRequest, { params }: { params: { id: strin
    }
    await (prisma as any).project.update({
-      where: { id: params.id },
+      where: { id },
      data: { planImageKey: null, planBounds: null },
    })
@@ -97,19 +99,20 @@ export async function DELETE(req: NextRequest, { params }: { params: { id: strin
 }
 // PATCH: Update plan bounds (repositioning)
-export async function PATCH(req: NextRequest, { params }: { params: { id: string } }) {
+export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
-    const project = await getProjectWithTenantCheck(params.id, user)
+    const project = await getProjectWithTenantCheck(id, user)
    if (!project) return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    const body = await req.json()
    if (!body.bounds) return NextResponse.json({ error: 'Bounds erforderlich' }, { status: 400 })
    await (prisma as any).project.update({
-      where: { id: params.id },
+      where: { id },
      data: { planBounds: body.bounds },
    })
--- a/src/app/api/projects/[id]/plan-image/serve/route.ts
+++ b/src/app/api/projects/[id]/plan-image/serve/route.ts
@@ -4,13 +4,14 @@ import { getSession } from '@/lib/auth'
 import { getFileStream } from '@/lib/minio'
 // Serve plan image (authenticated users only)
-export async function GET(req: NextRequest, { params }: { params: { id: string } }) {
+export async function GET(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    const project = await (prisma as any).project.findUnique({
-      where: { id: params.id },
+      where: { id },
      select: { planImageKey: true },
    })
--- a/src/app/api/projects/[id]/route.ts
+++ b/src/app/api/projects/[id]/route.ts
@@ -6,22 +6,23 @@ import { getProjectWithTenantCheck } from '@/lib/tenant'
 export async function GET(
  request: NextRequest,
-  { params }: { params: { id: string } }
+  { params }: { params: Promise<{ id: string }> }
 ) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) {
      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    }
-    const projectBase = await getProjectWithTenantCheck(params.id, user)
+    const projectBase = await getProjectWithTenantCheck(id, user)
    if (!projectBase) {
      return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    }
    // Re-fetch with includes
    const project = await (prisma as any).project.findUnique({
-      where: { id: params.id },
+      where: { id },
      include: {
        owner: {
          select: { id: true, name: true, email: true },
@@ -39,9 +40,10 @@ export async function GET(
 export async function PATCH(
  request: NextRequest,
-  { params }: { params: { id: string } }
+  { params }: { params: Promise<{ id: string }> }
 ) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) {
      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
@@ -51,7 +53,7 @@ export async function PATCH(
      return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
    }
-    const existingProject = await getProjectWithTenantCheck(params.id, user)
+    const existingProject = await getProjectWithTenantCheck(id, user)
    if (!existingProject) {
      return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    }
@@ -67,7 +69,7 @@ export async function PATCH(
    }
    const project = await (prisma as any).project.update({
-      where: { id: params.id },
+      where: { id },
      data: validated.data,
    })
@@ -80,15 +82,16 @@ export async function PATCH(
 export async function DELETE(
  request: NextRequest,
-  { params }: { params: { id: string } }
+  { params }: { params: Promise<{ id: string }> }
 ) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user) {
      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
    }
-    const existingProject = await getProjectWithTenantCheck(params.id, user)
+    const existingProject = await getProjectWithTenantCheck(id, user)
    if (!existingProject) {
      return NextResponse.json({ error: 'Projekt nicht gefunden' }, { status: 404 })
    }
@@ -99,7 +102,7 @@ export async function DELETE(
    }
    await (prisma as any).project.delete({
-      where: { id: params.id },
+      where: { id },
    })
    return NextResponse.json({ success: true })
--- a/src/app/api/rapports/[token]/pdf/route.ts
+++ b/src/app/api/rapports/[token]/pdf/route.ts
@@ -40,10 +40,11 @@ async function resolveLogoDataUri(rapport: any): Promise<string> {
 }
 // GET: Generate and serve PDF for a rapport (public, token-based)
-export async function GET(req: NextRequest, { params }: { params: { token: string } }) {
+export async function GET(req: NextRequest, { params }: { params: Promise<{ token: string }> }) {
  try {
    const { token } = await params
    const rapport = await (prisma as any).rapport.findUnique({
-      where: { token: params.token },
+      where: { token },
      include: {
        tenant: { select: { name: true } },
      },
@@ -68,10 +69,10 @@ export async function GET(req: NextRequest, { params }: { params: { token: strin
    const { RapportDocument } = await import('@/lib/rapport-pdf')
    const buffer = await renderToBuffer(
-      React.createElement(RapportDocument, { data: pdfData })
+      React.createElement(RapportDocument, { data: pdfData }) as any
    )
-    return new NextResponse(buffer, {
+    return new NextResponse(Buffer.from(buffer) as any, {
      headers: {
        'Content-Type': 'application/pdf',
        'Content-Disposition': `inline; filename="Rapport-${rapport.reportNumber}.pdf"`,
--- a/src/app/api/rapports/[token]/route.ts
+++ b/src/app/api/rapports/[token]/route.ts
@@ -37,10 +37,11 @@ async function resolveLogoForClient(rapport: any): Promise<string> {
 }
 // GET: Public access to rapport by token (no auth required)
-export async function GET(req: NextRequest, { params }: { params: { token: string } }) {
+export async function GET(req: NextRequest, { params }: { params: Promise<{ token: string }> }) {
  try {
    const { token } = await params
    const rapport = await (prisma as any).rapport.findUnique({
-      where: { token: params.token },
+      where: { token },
      include: {
        project: { select: { title: true, location: true } },
        tenant: { select: { name: true } },
--- a/src/app/api/rapports/[token]/send/route.ts
+++ b/src/app/api/rapports/[token]/send/route.ts
@@ -4,8 +4,9 @@ import { getSession } from '@/lib/auth'
 import { sendEmail } from '@/lib/email'
 // POST: Send rapport link via email
-export async function POST(req: NextRequest, { params }: { params: { token: string } }) {
+export async function POST(req: NextRequest, { params }: { params: Promise<{ token: string }> }) {
  try {
    const { token } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
@@ -13,7 +14,7 @@ export async function POST(req: NextRequest, { params }: { params: { token: stri
    if (!email) return NextResponse.json({ error: 'E-Mail-Adresse erforderlich' }, { status: 400 })
    const rapport = await (prisma as any).rapport.findUnique({
-      where: { token: params.token },
+      where: { token },
      include: {
        tenant: { select: { name: true } },
        project: { select: { title: true, location: true } },
--- a/src/app/api/tenants/[tenantId]/suggestions/route.ts
+++ b/src/app/api/tenants/[tenantId]/suggestions/route.ts
@@ -5,9 +5,10 @@ import { getSession, isAdmin } from '@/lib/auth'
 // GET: Fetch journal suggestions for a tenant (global + tenant dictionary merged)
 export async function GET(
  req: NextRequest,
-  { params }: { params: { tenantId: string } }
+  { params }: { params: Promise<{ tenantId: string }> }
 ) {
  try {
    const { tenantId } = await params
    const user = await getSession()
    if (!user) return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 401 })
@@ -18,11 +19,11 @@ export async function GET(
        select: { word: true },
      }).catch(() => []),
      (prisma as any).dictionaryEntry.findMany({
-        where: { scope: 'TENANT', tenantId: params.tenantId },
+        where: { scope: 'TENANT', tenantId },
        select: { word: true },
      }).catch(() => []),
      (prisma as any).tenant.findUnique({
-        where: { id: params.tenantId },
+        where: { id: tenantId },
        select: { journalSuggestions: true },
      }),
    ])
@@ -46,16 +47,17 @@ export async function GET(
 // PUT: Replace all journal suggestions for a tenant (admin only)
 export async function PUT(
  req: NextRequest,
-  { params }: { params: { tenantId: string } }
+  { params }: { params: Promise<{ tenantId: string }> }
 ) {
  try {
    const { tenantId } = await params
    const user = await getSession()
    if (!user || !isAdmin(user.role)) {
      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 403 })
    }
    // TENANT_ADMIN can only edit their own tenant
-    if (user.role !== 'SERVER_ADMIN' && user.tenantId !== params.tenantId) {
+    if (user.role !== 'SERVER_ADMIN' && user.tenantId !== tenantId) {
      return NextResponse.json({ error: 'Keine Berechtigung' }, { status: 403 })
    }
@@ -65,7 +67,7 @@ export async function PUT(
      : []
    await (prisma as any).tenant.update({
-      where: { id: params.tenantId },
+      where: { id: tenantId },
      data: { journalSuggestions: suggestions },
    })
--- a/src/app/api/tenants/by-slug/[slug]/route.ts
+++ b/src/app/api/tenants/by-slug/[slug]/route.ts
@@ -4,11 +4,12 @@ import { prisma } from '@/lib/db'
 // Public endpoint: get tenant info by slug (logo, name)
 export async function GET(
  req: NextRequest,
-  { params }: { params: { slug: string } }
+  { params }: { params: Promise<{ slug: string }> }
 ) {
  try {
    const { slug } = await params
    const tenant = await (prisma as any).tenant.findUnique({
-      where: { slug: params.slug },
+      where: { slug },
      select: {
        id: true,
        name: true,
--- a/src/app/api/upgrade-requests/[id]/route.ts
+++ b/src/app/api/upgrade-requests/[id]/route.ts
@@ -15,9 +15,10 @@ const processSchema = z.object({
 // PATCH: Approve or reject an upgrade request (SERVER_ADMIN only)
 export async function PATCH(
  req: NextRequest,
-  { params }: { params: { id: string } }
+  { params }: { params: Promise<{ id: string }> }
 ) {
  try {
    const { id } = await params
    const user = await getSession()
    if (!user || !isServerAdmin(user.role)) {
      return NextResponse.json({ error: 'Nicht autorisiert' }, { status: 403 })
@@ -31,7 +32,7 @@ export async function PATCH(
    // Get the request
    const upgradeReq = await (prisma as any).upgradeRequest.findUnique({
-      where: { id: params.id },
+      where: { id },
      include: {
        tenant: { select: { id: true, name: true, plan: true, contactEmail: true } },
        requestedBy: { select: { name: true, email: true } },
@@ -71,7 +72,7 @@ export async function PATCH(
      // Update request status
      await (prisma as any).upgradeRequest.update({
-        where: { id: params.id },
+        where: { id },
        data: {
          status: 'APPROVED',
          adminNote: validated.data.adminNote || null,
@@ -127,7 +128,7 @@ export async function PATCH(
    } else {
      // Reject
      await (prisma as any).upgradeRequest.update({
-        where: { id: params.id },
+        where: { id },
        data: {
          status: 'REJECTED',
          adminNote: validated.data.adminNote || null,
@@ -170,7 +171,7 @@ export async function PATCH(
    // Return updated request
    const updated = await (prisma as any).upgradeRequest.findUnique({
-      where: { id: params.id },
+      where: { id },
      include: {
        tenant: { select: { name: true, slug: true, plan: true, subscriptionStatus: true } },
        requestedBy: { select: { name: true, email: true } },
--- a/src/app/app/page.tsx
+++ b/src/app/app/page.tsx
@@ -19,7 +19,7 @@ import { Button } from '@/components/ui/button'
 import { Dialog, DialogContent, DialogHeader, DialogTitle } from '@/components/ui/dialog'
 import { JournalView } from '@/components/journal/journal-view'
 import { jsPDF } from 'jspdf'
-import { Lock, Unlock, Eye } from 'lucide-react'
+import { Lock, Unlock, Eye, AlertTriangle } from 'lucide-react'
 import { getSocket } from '@/lib/socket'
 import { CustomDragLayer } from '@/components/map/custom-drag-layer'
@@ -102,88 +102,217 @@ export default function AppPage() {
    sessionIdRef.current = `${Date.now()}-${Math.random().toString(36).slice(2, 10)}`
  }
-  // Capture map screenshot when switching to journal tab (including HTML symbol markers)
+  // Capture map screenshot when switching to journal tab (coordinate-based rendering)
  const handleTabChange = useCallback(async (tab: 'map' | 'journal') => {
    if (tab === 'journal' && mapRef.current) {
      try {
-        const mapCanvas = mapRef.current.getCanvas()
+        const mapInstance = mapRef.current
-        if (mapCanvas) {
+        const mapCanvas = mapInstance.getCanvas() as HTMLCanvasElement
        if (mapCanvas && mapCanvas.width > 0) {
          const offscreen = document.createElement('canvas')
          offscreen.width = mapCanvas.width
          offscreen.height = mapCanvas.height
          const ctx = offscreen.getContext('2d')
          if (ctx) {
            ctx.drawImage(mapCanvas, 0, 0)
            const dpr = window.devicePixelRatio || 1
            const mapContainer = mapRef.current.getContainer()
            const mapRect = mapContainer.getBoundingClientRect()
-            // Collect all symbol images and preload them (async for URL-based images)
+            const container = mapInstance.getContainer()
-            const symbolEntries: { img: HTMLImageElement; x: number; y: number; w: number; h: number; rotation: number }[] = []
+            const dpr = mapCanvas.width / container.offsetWidth
-            const loadPromises: Promise<void>[] = []
+            const currentZoom = mapInstance.getZoom()
            const currentFeatures = featuresRef.current
-            document.querySelectorAll<HTMLElement>('.symbol-marker-wrapper').forEach(wrapper => {
+            // Helper: haversine distance
-              const rect = wrapper.getBoundingClientRect()
+            const haversine = (a: number[], b: number[]): number => {
-              const inner = wrapper.querySelector<HTMLElement>('.symbol-marker')
+              const R = 6371000, toRad = Math.PI / 180
-              if (!inner) return
+              const dLat = (b[1] - a[1]) * toRad, dLng = (b[0] - a[0]) * toRad
-              const bgImage = inner.style.backgroundImage
+              const x = Math.sin(dLat / 2) ** 2 + Math.cos(a[1] * toRad) * Math.cos(b[1] * toRad) * Math.sin(dLng / 2) ** 2
-              const urlMatch = bgImage.match(/url\("?(.+?)"?\)/)
+              return R * 2 * Math.atan2(Math.sqrt(x), Math.sqrt(1 - x))
              if (!urlMatch) return
              const imgSrc = urlMatch[1]
              const img = new Image()
              img.crossOrigin = 'anonymous'
              img.src = imgSrc
              const entry = {
                img,
                x: (rect.left - mapRect.left) * dpr,
                y: (rect.top - mapRect.top) * dpr,
                w: rect.width * dpr,
                h: rect.height * dpr,
                rotation: parseFloat(inner.style.transform?.match(/rotate\((.+?)deg\)/)?.[1] || '0'),
              }
              symbolEntries.push(entry)
              if (!img.complete) {
                loadPromises.push(new Promise<void>((resolve) => {
                  img.onload = () => resolve()
                  img.onerror = () => resolve()
                }))
              }
            })
            // Wait for all symbol images to load (max 3s timeout)
            if (loadPromises.length > 0) {
              await Promise.race([
                Promise.all(loadPromises),
                new Promise(r => setTimeout(r, 3000)),
              ])
            }
-            // Draw all symbol markers
+            // Helper: load image as promise
-            symbolEntries.forEach(({ img, x, y, w, h, rotation }) => {
+            const loadImage = (src: string): Promise<HTMLImageElement> => new Promise((resolve, reject) => {
-              if (img.complete && img.naturalWidth > 0) {
+              const img = new Image()
-                ctx.save()
+              img.crossOrigin = 'anonymous'
-                ctx.translate(x + w / 2, y + h / 2)
+              img.onload = () => resolve(img)
-                if (rotation) ctx.rotate((rotation * Math.PI) / 180)
+              img.onerror = reject
-                ctx.drawImage(img, -w / 2, -h / 2, w, h)
+              img.src = src
                ctx.restore()
              }
            })
-            // Draw text markers
+            // 1. Draw symbol features (coordinate-based)
-            document.querySelectorAll<HTMLElement>('.text-marker').forEach(el => {
+            for (const f of currentFeatures.filter(f => f.type === 'symbol')) {
-              const rect = el.getBoundingClientRect()
+              if (f.geometry.type !== 'Point') continue
-              const x = (rect.left - mapRect.left) * dpr
+              const coords = f.geometry.coordinates as [number, number]
-              const y = (rect.top - mapRect.top) * dpr
+              const pixel = mapInstance.project(coords)
-              const text = el.textContent || ''
+              const px = pixel.x * dpr
-              const fontSize = parseFloat(el.style.fontSize || '14') * dpr
+              const py = pixel.y * dpr
-              const color = el.style.color || '#000'
+              const scale = (f.properties.scale as number) || 1
              const rotation = (f.properties.rotation as number) || 0
              const baseSize = 32
              const placementZoom = (f.properties.placementZoom as number) || 17
              const zoomFactor = Math.pow(2, currentZoom - placementZoom)
              const size = Math.max(8, Math.min(400, baseSize * scale * zoomFactor)) * dpr
              const iconId = f.properties.iconId as string
              const imageUrl = f.properties.imageUrl as string
              let imgSrc = imageUrl || ''
              if (!imgSrc && iconId) {
                const { getSymbolById, getSymbolDataUri } = await import('@/lib/fw-symbols')
                const sym = getSymbolById(iconId)
                if (sym) imgSrc = getSymbolDataUri(sym)
              }
              if (imgSrc) {
                try {
                  const img = await loadImage(imgSrc)
                  const imgAspect = img.naturalWidth / img.naturalHeight
                  let drawW = size, drawH = size
                  if (imgAspect > 1) drawH = size / imgAspect
                  else drawW = size * imgAspect
                  ctx.save()
                  ctx.translate(px, py)
                  ctx.rotate((rotation * Math.PI) / 180)
                  ctx.drawImage(img, -drawW / 2, -drawH / 2, drawW, drawH)
                  ctx.restore()
                } catch {}
              }
            }
            // 2. Draw arrowheads for arrow features
            for (const f of currentFeatures.filter(f => f.type === 'arrow')) {
              if (f.geometry.type !== 'LineString') continue
              const lineCoords = f.geometry.coordinates as number[][]
              if (lineCoords.length < 2) continue
              const p1 = lineCoords[lineCoords.length - 2]
              const p2 = lineCoords[lineCoords.length - 1]
              const px1 = mapInstance.project(p1 as [number, number])
              const px2 = mapInstance.project(p2 as [number, number])
              const angle = Math.atan2(px2.y - px1.y, px2.x - px1.x)
              const color = (f.properties.color as string) || '#000000'
              const arrowSize = 14 * dpr
              ctx.save()
-              ctx.font = `bold ${fontSize}px sans-serif`
+              ctx.translate(px2.x * dpr, px2.y * dpr)
              ctx.rotate(angle + Math.PI / 2)
              ctx.beginPath()
              ctx.moveTo(0, -arrowSize)
              ctx.lineTo(-arrowSize * 0.7, arrowSize * 0.3)
              ctx.lineTo(arrowSize * 0.7, arrowSize * 0.3)
              ctx.closePath()
              ctx.fillStyle = color
-              ctx.textBaseline = 'top'
+              ctx.fill()
              ctx.fillText(text, x, y)
              ctx.restore()
-            })
+            }
            // 3. Draw line/polygon labels at midpoints
            for (const f of currentFeatures.filter(f => f.properties.label && (f.geometry.type === 'LineString' || f.geometry.type === 'Polygon'))) {
              const label = f.properties.label as string
              let midpoint: [number, number]
              if (f.geometry.type === 'LineString') {
                const coords = f.geometry.coordinates as number[][]
                const midIdx = Math.floor(coords.length / 2)
                if (coords.length === 2) {
                  midpoint = [(coords[0][0] + coords[1][0]) / 2, (coords[0][1] + coords[1][1]) / 2]
                } else {
                  midpoint = coords[midIdx] as [number, number]
                }
              } else {
                const ring = (f.geometry.coordinates as number[][][])[0]
                const len = ring.length - 1
                let cx = 0, cy = 0
                for (let i = 0; i < len; i++) { cx += ring[i][0]; cy += ring[i][1] }
                midpoint = [cx / len, cy / len]
              }
              const pixel = mapInstance.project(midpoint)
              const px = pixel.x * dpr
              const py = pixel.y * dpr
              const isDanger = f.type === 'dangerzone'
              const bgColor = isDanger ? 'rgba(220,38,38,0.85)' : 'rgba(0,0,0,0.75)'
              const borderColor = isDanger ? '#dc2626' : 'rgba(255,255,255,0.5)'
              // Build label text with line info
              let displayText = label
              let infoText = ''
              if (f.geometry.type === 'LineString') {
                const lineCoords = f.geometry.coordinates as number[][]
                let totalLen = 0
                for (let i = 1; i < lineCoords.length; i++) {
                  totalLen += haversine(lineCoords[i - 1], lineCoords[i])
                }
                const hoseCount = Math.ceil(totalLen / 20)
                const lenText = totalLen < 1000 ? `${Math.round(totalLen)}m` : `${(totalLen / 1000).toFixed(2)}km`
                infoText = `${lenText} / ${hoseCount} Schl.`
              }
              const fontSize1 = 11 * dpr
              const fontSize2 = 8 * dpr
              const padX = 6 * dpr
              const padY = 3 * dpr
              ctx.save()
              ctx.font = `bold ${fontSize1}px system-ui, sans-serif`
              const w1 = ctx.measureText(displayText).width
              let w2 = 0
              if (infoText) {
                ctx.font = `${fontSize2}px system-ui, sans-serif`
                w2 = ctx.measureText(infoText).width
              }
              const boxW = Math.max(w1, w2) + padX * 2
              const boxH = fontSize1 + (infoText ? fontSize2 + 2 * dpr : 0) + padY * 2
              const radius = 3 * dpr
              // Background
              ctx.fillStyle = bgColor
              ctx.beginPath()
              ctx.roundRect(px - boxW / 2, py - boxH / 2, boxW, boxH, radius)
              ctx.fill()
              // Border
              ctx.strokeStyle = borderColor
              ctx.lineWidth = 1 * dpr
              ctx.beginPath()
              ctx.roundRect(px - boxW / 2, py - boxH / 2, boxW, boxH, radius)
              ctx.stroke()
              // Label text
              ctx.fillStyle = '#ffffff'
              ctx.font = `bold ${fontSize1}px system-ui, sans-serif`
              ctx.textAlign = 'center'
              ctx.textBaseline = 'middle'
              const textY = infoText ? py - fontSize2 / 2 : py
              ctx.fillText(displayText, px, textY)
              // Info text
              if (infoText) {
                ctx.font = `${fontSize2}px system-ui, sans-serif`
                ctx.globalAlpha = 0.8
                ctx.fillText(infoText, px, py + fontSize1 / 2 + 1 * dpr)
                ctx.globalAlpha = 1
              }
              ctx.restore()
            }
            // 4. Draw text features
            for (const f of currentFeatures.filter(f => f.type === 'text')) {
              if (f.geometry.type !== 'Point') continue
              const coords = f.geometry.coordinates as [number, number]
              const pixel = mapInstance.project(coords)
              const px = pixel.x * dpr
              const py = pixel.y * dpr
              const text = (f.properties.text as string) || ''
              const fontSize = ((f.properties.fontSize as number) || 14) * dpr
              const color = (f.properties.color as string) || '#000000'
              ctx.save()
              ctx.font = `bold ${fontSize}px system-ui, sans-serif`
              ctx.textAlign = 'center'
              ctx.textBaseline = 'middle'
              ctx.strokeStyle = '#ffffff'
              ctx.lineWidth = 3 * dpr
              ctx.lineJoin = 'round'
              ctx.strokeText(text, px, py)
              ctx.fillStyle = color
              ctx.fillText(text, px, py)
              ctx.restore()
            }
            setLastMapScreenshot(offscreen.toDataURL('image/png'))
          } else {
            setLastMapScreenshot(mapCanvas.toDataURL('image/png'))
@@ -1001,6 +1130,32 @@ export default function AppPage() {
        }
      }
      // Draw arrowheads for arrow features
      for (const f of currentFeatures.filter(f => f.type === 'arrow')) {
        if (f.geometry.type !== 'LineString') continue
        const lineCoords = f.geometry.coordinates as number[][]
        if (lineCoords.length < 2) continue
        const p1 = lineCoords[lineCoords.length - 2]
        const p2 = lineCoords[lineCoords.length - 1]
        const px1 = mapInstance.project(p1 as [number, number])
        const px2 = mapInstance.project(p2 as [number, number])
        const angle = Math.atan2(px2.y - px1.y, px2.x - px1.x)
        const color = (f.properties.color as string) || '#000000'
        const arrowSize = 14 * dpr
        ctx.save()
        ctx.translate(px2.x * dpr, px2.y * dpr)
        ctx.rotate(angle + Math.PI / 2)
        ctx.beginPath()
        ctx.moveTo(0, -arrowSize)
        ctx.lineTo(-arrowSize * 0.7, arrowSize * 0.3)
        ctx.lineTo(arrowSize * 0.7, arrowSize * 0.3)
        ctx.closePath()
        ctx.fillStyle = color
        ctx.fill()
        ctx.restore()
      }
      // Draw line/polygon label markers at midpoints
      for (const f of currentFeatures.filter(f => f.properties.label && (f.geometry.type === 'LineString' || f.geometry.type === 'Polygon'))) {
        const label = f.properties.label as string
@@ -1234,6 +1389,29 @@ export default function AppPage() {
          onLogout={logout}
        />
        {/* Email verification banner */}
        {user && user.emailVerified === false && (
          <div className="flex items-center justify-center gap-3 px-4 py-2 bg-amber-50 dark:bg-amber-950/40 border-b border-amber-200 dark:border-amber-800 text-sm text-amber-800 dark:text-amber-300">
            <AlertTriangle className="w-4 h-4 shrink-0" />
            <span>Ihre E-Mail-Adresse wurde noch nicht bestätigt. Bitte prüfen Sie Ihren Posteingang.</span>
            <button
              onClick={async () => {
                try {
                  const res = await fetch('/api/auth/resend-verification', {
                    method: 'POST',
                    headers: { 'Content-Type': 'application/json' },
                    body: JSON.stringify({ email: user.email }),
                  })
                  if (res.ok) toast({ title: 'Bestätigungsmail gesendet', description: 'Bitte prüfen Sie Ihren Posteingang.' })
                  else toast({ title: 'Fehler', description: 'Konnte Bestätigungsmail nicht senden.', variant: 'destructive' })
                } catch { toast({ title: 'Fehler', description: 'Verbindungsfehler.', variant: 'destructive' }) }
              }}
              className="shrink-0 text-xs font-semibold underline hover:no-underline text-amber-700 dark:text-amber-400"
            >
              Erneut senden
            </button>
          </div>
        )}
        {/* Live editing banner */}
        {currentProject && (
--- a/src/app/login/page.tsx
+++ b/src/app/login/page.tsx
@@ -23,6 +23,8 @@ function LoginForm() {
  const [email, setEmail] = useState('')
  const [password, setPassword] = useState('')
  const [isLoading, setIsLoading] = useState(false)
  const [resendLoading, setResendLoading] = useState(false)
  const [resendSuccess, setResendSuccess] = useState(false)
  const [tenantLogo, setTenantLogo] = useState<string | null>(null)
  const [tenantName, setTenantName] = useState<string | null>(null)
  const { login } = useAuth()
@@ -110,7 +112,32 @@ function LoginForm() {
          )}
          {errorParam === 'invalid-token' && (
            <div className="bg-red-50 dark:bg-red-950/30 border border-red-200 dark:border-red-800 rounded-lg p-3 mb-4 text-sm text-red-700 dark:text-red-400 text-center">
-              Ungültiger oder abgelaufener Bestätigungslink.
+              <p>Ungültiger oder abgelaufener Bestätigungslink.</p>
              <p className="mt-1 text-xs">Geben Sie Ihre E-Mail ein und klicken Sie unten, um einen neuen Link zu erhalten.</p>
              {resendSuccess ? (
                <p className="mt-2 text-green-600 dark:text-green-400 font-medium">Neue Bestätigungsmail gesendet!</p>
              ) : (
                <button
                  type="button"
                  disabled={resendLoading || !email}
                  onClick={async () => {
                    setResendLoading(true)
                    try {
                      const res = await fetch('/api/auth/resend-verification', {
                        method: 'POST',
                        headers: { 'Content-Type': 'application/json' },
                        body: JSON.stringify({ email }),
                      })
                      if (res.ok) setResendSuccess(true)
                      else toast({ title: 'Fehler', description: 'Konnte Bestätigungsmail nicht senden.', variant: 'destructive' })
                    } catch { toast({ title: 'Fehler', description: 'Verbindungsfehler.', variant: 'destructive' }) }
                    setResendLoading(false)
                  }}
                  className="mt-2 text-xs font-medium text-red-600 dark:text-red-400 underline hover:no-underline disabled:opacity-50"
                >
                  {resendLoading ? 'Wird gesendet...' : 'Bestätigungsmail erneut senden'}
                </button>
              )}
            </div>
          )}
--- a/src/app/rapport/[token]/page.tsx
+++ b/src/app/rapport/[token]/page.tsx
@@ -1,6 +1,6 @@
 'use client'
-import { useState, useEffect } from 'react'
+import { useState, useEffect, use } from 'react'
 import { Loader2, FileText, Download, Printer, MapPin, Send, CheckCircle, XCircle } from 'lucide-react'
 interface RapportViewData {
@@ -13,7 +13,8 @@ interface RapportViewData {
  createdBy: { name: string } | null
 }
-export default function RapportViewerPage({ params }: { params: { token: string } }) {
+export default function RapportViewerPage({ params }: { params: Promise<{ token: string }> }) {
  const { token } = use(params)
  const [rapport, setRapport] = useState<RapportViewData | null>(null)
  const [isLoading, setIsLoading] = useState(true)
  const [error, setError] = useState('')
@@ -25,7 +26,7 @@ export default function RapportViewerPage({ params }: { params: { token: string
  useEffect(() => {
    async function load() {
      try {
-        const res = await fetch(`/api/rapports/${params.token}`)
+        const res = await fetch(`/api/rapports/${token}`)
        if (res.ok) {
          setRapport(await res.json())
        } else {
@@ -38,7 +39,7 @@ export default function RapportViewerPage({ params }: { params: { token: string
      }
    }
    load()
-  }, [params.token])
+  }, [token])
  if (isLoading) {
    return (
@@ -64,7 +65,7 @@ export default function RapportViewerPage({ params }: { params: { token: string
  }
  const d = rapport.data
-  const pdfUrl = `/api/rapports/${params.token}/pdf`
+  const pdfUrl = `/api/rapports/${token}/pdf`
  return (
    <div className="min-h-screen bg-gray-100 py-8">
@@ -119,7 +120,7 @@ export default function RapportViewerPage({ params }: { params: { token: string
                setEmailSending(true)
                setEmailStatus(null)
                try {
-                  const res = await fetch(`/api/rapports/${params.token}/send`, {
+                  const res = await fetch(`/api/rapports/${token}/send`, {
                    method: 'POST',
                    headers: { 'Content-Type': 'application/json' },
                    body: JSON.stringify({ email: emailTo }),
--- a/src/components/journal/journal-view.tsx
+++ b/src/components/journal/journal-view.tsx
@@ -1030,8 +1030,8 @@ export function JournalView({ projectId, projectTitle, projectLocation, einsatzl
                        if (mapRef?.current) {
                          const canvas = mapRef.current.getCanvas()
                          if (canvas) {
-                            // Resize to max 1600px wide and convert to JPEG
+                            // Resize to max 2400px wide and convert to JPEG
-                            const maxW = 1600
+                            const maxW = 2400
                            const ratio = Math.min(1, maxW / canvas.width)
                            const offscreen = document.createElement('canvas')
                            offscreen.width = Math.round(canvas.width * ratio)
@@ -1039,18 +1039,18 @@ export function JournalView({ projectId, projectTitle, projectLocation, einsatzl
                            const ctx = offscreen.getContext('2d')
                            if (ctx) {
                              ctx.drawImage(canvas, 0, 0, offscreen.width, offscreen.height)
-                              mapScreenshot = offscreen.toDataURL('image/jpeg', 0.75)
+                              mapScreenshot = offscreen.toDataURL('image/jpeg', 0.85)
                            }
                          }
                        }
                      } catch (e) { console.warn('Map screenshot failed:', e) }
-                    } else if (rawScreenshot.length > 500000) {
+                    } else if (rawScreenshot.length > 800000) {
                      // Compress pre-captured screenshot if too large
                      try {
                        const img = new Image()
                        img.src = rawScreenshot
                        await new Promise(r => { img.onload = r; img.onerror = r })
-                        const maxW = 1600
+                        const maxW = 2400
                        const ratio = Math.min(1, maxW / img.naturalWidth)
                        const offscreen = document.createElement('canvas')
                        offscreen.width = Math.round(img.naturalWidth * ratio)
@@ -1058,7 +1058,7 @@ export function JournalView({ projectId, projectTitle, projectLocation, einsatzl
                        const ctx = offscreen.getContext('2d')
                        if (ctx) {
                          ctx.drawImage(img, 0, 0, offscreen.width, offscreen.height)
-                          mapScreenshot = offscreen.toDataURL('image/jpeg', 0.75)
+                          mapScreenshot = offscreen.toDataURL('image/jpeg', 0.85)
                        }
                      } catch { mapScreenshot = rawScreenshot }
                    } else {
--- a/src/components/layout/topbar.tsx
+++ b/src/components/layout/topbar.tsx
@@ -38,6 +38,7 @@ import {
  Key,
  Shield,
  Building2,
  MapPin,
 } from 'lucide-react'
 import { HoseSettingsDialog } from '@/components/dialogs/hose-settings-dialog'
 import type { Project, DrawFeature } from '@/app/app/page'
@@ -90,6 +91,10 @@ export function Topbar({
  const [isLoadDialogOpen, setIsLoadDialogOpen] = useState(false)
  const [isHoseSettingsOpen, setIsHoseSettingsOpen] = useState(false)
  const [showPasswordDialog, setShowPasswordDialog] = useState(false)
  const [showDeleteAccountDialog, setShowDeleteAccountDialog] = useState(false)
  const [deleteAccountPw, setDeleteAccountPw] = useState('')
  const [deleteAccountLoading, setDeleteAccountLoading] = useState(false)
  const [deleteAccountError, setDeleteAccountError] = useState('')
  const [pwOld, setPwOld] = useState('')
  const [pwNew, setPwNew] = useState('')
  const [pwConfirm, setPwConfirm] = useState('')
@@ -289,6 +294,13 @@ export function Topbar({
                    Administration
                  </DropdownMenuItem>
                )}
                <DropdownMenuItem
                  onClick={() => { setShowDeleteAccountDialog(true); setDeleteAccountPw(''); setDeleteAccountError('') }}
                  className="text-destructive focus:text-destructive"
                >
                  <Trash2 className="w-4 h-4 mr-2" />
                  Konto löschen
                </DropdownMenuItem>
                <DropdownMenuItem onClick={onLogout} className="text-destructive focus:text-destructive">
                  <LogOut className="w-4 h-4 mr-2" />
                  Abmelden
@@ -538,6 +550,81 @@ export function Topbar({
          </div>
        </DialogContent>
      </Dialog>
      {/* Delete Account Dialog */}
      <Dialog open={showDeleteAccountDialog} onOpenChange={setShowDeleteAccountDialog}>
        <DialogContent className="max-w-sm">
          <DialogHeader>
            <DialogTitle className="flex items-center gap-2 text-destructive">
              <AlertTriangle className="w-5 h-5" />
              Konto löschen
            </DialogTitle>
          </DialogHeader>
          <div className="space-y-4">
            <p className="text-sm text-muted-foreground">
              Ihr Konto wird unwiderruflich gelöscht. Ihre Projekte und Daten bleiben der Organisation erhalten,
              aber Ihr persönlicher Zugang wird entfernt.
            </p>
            {userRole === 'TENANT_ADMIN' && (
              <div className="bg-amber-50 dark:bg-amber-950/30 rounded-lg p-3 text-xs text-amber-800 dark:text-amber-300 border border-amber-200 dark:border-amber-800">
                <strong>Hinweis:</strong> Als einziger Administrator müssen Sie zuerst die Organisation unter Einstellungen löschen oder die Admin-Rolle übertragen.
              </div>
            )}
            <div className="space-y-1.5">
              <label className="text-sm font-medium">Passwort zur Bestätigung</label>
              <input
                type="password"
                value={deleteAccountPw}
                onChange={(e) => { setDeleteAccountPw(e.target.value); setDeleteAccountError('') }}
                placeholder="Ihr Passwort"
                className="w-full rounded-md border border-input bg-background px-3 py-2 text-sm"
                autoComplete="current-password"
              />
            </div>
            {deleteAccountError && (
              <p className="text-sm text-destructive">{deleteAccountError}</p>
            )}
            <div className="flex gap-2 justify-end">
              <Button
                variant="outline"
                size="sm"
                onClick={() => setShowDeleteAccountDialog(false)}
                disabled={deleteAccountLoading}
              >
                Abbrechen
              </Button>
              <Button
                variant="destructive"
                size="sm"
                disabled={deleteAccountLoading || !deleteAccountPw}
                onClick={async () => {
                  setDeleteAccountLoading(true)
                  setDeleteAccountError('')
                  try {
                    const res = await fetch('/api/auth/delete-account', {
                      method: 'POST',
                      headers: { 'Content-Type': 'application/json' },
                      body: JSON.stringify({ password: deleteAccountPw }),
                    })
                    const data = await res.json()
                    if (res.ok) {
                      window.location.href = '/'
                    } else {
                      setDeleteAccountError(data.error || 'Löschung fehlgeschlagen')
                    }
                  } catch {
                    setDeleteAccountError('Verbindungsfehler')
                  } finally {
                    setDeleteAccountLoading(false)
                  }
                }}
              >
                {deleteAccountLoading ? 'Wird gelöscht...' : 'Konto endgültig löschen'}
              </Button>
            </div>
          </div>
        </DialogContent>
      </Dialog>
    </header>
  )
 }
--- a/src/components/map/map-view.tsx
+++ b/src/components/map/map-view.tsx
@@ -718,6 +718,9 @@ export function MapView({
      if (!m) return
      setIsMapLoaded(true)
      // Guard: skip if sources already exist (React strict mode double-mount)
      if (m.getSource('draw-features')) return
      // Drawing features source
      m.addSource('draw-features', {
        type: 'geojson',
@@ -1374,12 +1377,12 @@ export function MapView({
          const lineCoords = f.geometry.coordinates as number[][]
          if (lineCoords.length < 2) return
-          // Get last two points to calculate arrow direction
+          // Get last two points to calculate arrow direction using screen-projected coords
          const p1 = lineCoords[lineCoords.length - 2]
          const p2 = lineCoords[lineCoords.length - 1]
-          const angle = Math.atan2(p2[1] - p1[1], p2[0] - p1[0]) * (180 / Math.PI)
+          const px1 = map.current.project(p1 as [number, number])
-          // MapLibre uses screen coords where Y is inverted, so negate the angle
+          const px2 = map.current.project(p2 as [number, number])
-          const screenAngle = -angle + 90
+          const screenAngle = Math.atan2(px2.y - px1.y, px2.x - px1.x) * (180 / Math.PI) + 90
          const color = (f.properties.color as string) || '#000000'
          const arrowEl = document.createElement('div')
@@ -2028,14 +2031,14 @@ export function MapView({
                  const startW = selectedSymbolRef.current.resizeStartWidth || 1
                  const startScale = selectedSymbolRef.current.resizeStartScale || 1
                  const ratio = width / startW
-                  selectedSymbolRef.current.scale = Math.max(0.5, Math.min(5, startScale * ratio))
+                  selectedSymbolRef.current.scale = Math.max(0.2, Math.min(10, startScale * ratio))
                  selectedSymbolRef.current.innerEl.style.fontSize = `${baseFontSize * selectedSymbolRef.current.scale}px`
                } else {
                  // For symbols: resize wrapper
                  selectedSymbolRef.current.wrapperEl.style.width = `${width}px`
                  selectedSymbolRef.current.wrapperEl.style.height = `${height}px`
                  const baseSize = 32
-                  selectedSymbolRef.current.scale = Math.max(0.3, Math.min(4, width / baseSize))
+                  selectedSymbolRef.current.scale = Math.max(0.1, Math.min(10, width / baseSize))
                }
              }
            }}
--- a/src/components/providers/auth-provider.tsx
+++ b/src/components/providers/auth-provider.tsx
@@ -9,6 +9,7 @@ export interface User {
  role: 'SERVER_ADMIN' | 'TENANT_ADMIN' | 'OPERATOR' | 'VIEWER'
  tenantId?: string
  tenantSlug?: string
  emailVerified?: boolean
 }
 export interface TenantInfo {
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -18,6 +18,7 @@ export interface UserPayload {
  role: 'SERVER_ADMIN' | 'TENANT_ADMIN' | 'OPERATOR' | 'VIEWER'
  tenantId?: string
  tenantSlug?: string
  emailVerified?: boolean
 }
 export async function createToken(user: UserPayload): Promise<string> {
@@ -71,10 +72,8 @@ export async function login(
    return { success: false, error: 'Ungültiges Passwort' }
  }
-  // Check email verification (skip for SERVER_ADMIN and users created before verification was added)
+  // Track email verification status (allow login regardless)
-  if ((user as any).emailVerified === false && (user.role as string) !== 'SERVER_ADMIN') {
+  const emailVerified = (user as any).emailVerified !== false
    return { success: false, error: 'Bitte bestätigen Sie zuerst Ihre E-Mail-Adresse. Prüfen Sie Ihren Posteingang.' }
  }
  // Get first tenant membership for non-server-admins
  let tenantId: string | undefined
@@ -102,6 +101,7 @@ export async function login(
    role: (user.role === 'ADMIN' ? 'SERVER_ADMIN' : user.role) as UserPayload['role'],
    tenantId,
    tenantSlug,
    emailVerified,
  }
  return { success: true, user: userPayload }
--- a/src/lib/rapport-pdf.tsx
+++ b/src/lib/rapport-pdf.tsx
@@ -4,7 +4,7 @@ import { Document, Page, Text, View, StyleSheet, Font, Image } from '@react-pdf/
 // Register default font (Helvetica is built-in)
 const styles = StyleSheet.create({
  page: {
-    padding: '12mm 15mm 15mm',
+    padding: '12mm 15mm 32mm',
    fontFamily: 'Helvetica',
    fontSize: 10,
    lineHeight: 1.4,
Author	SHA1	Message	Date
Pepe Ziberi	b75bf9bb30	v1.0.3: PDF footer fix, arrow alignment, email verification workflow, account deletion	2026-02-21 16:45:44 +01:00
Pepe Ziberi	25d3d553ff	v1.0.3: Fix PDF footer overlap, arrow alignment, screenshot quality, arrowheads in export	2026-02-21 16:28:32 +01:00
Pepe Ziberi	c11565aaf8	Fix: Rapport screenshot now uses coordinate-based rendering for correct symbol sizes, labels, arrowheads	2026-02-21 14:04:28 +01:00
Pepe Ziberi	2b7a89174a	v1.0.2: Fix PDF generation (react-pdf v4), fix Next.js 15 async params in all API routes	2026-02-21 13:56:44 +01:00
Pepe Ziberi	10464d34ff	fix: CSP blob: worker fuer MapLibre, MapPin Import, Icon Scale Limits erweitert (v1.0.1)	2026-02-21 13:11:27 +01:00
Pepe Ziberi	28097607b6	fix: Dockerfile legacy-peer-deps fuer React 19 Kompatibilitaet	2026-02-21 12:28:26 +01:00