# API Routen

Übersicht aller HTTP-Routen der Anwendung. Die Registrierung erfolgt in [server.js](../server.js).

Auth-Kürzel: **A** = `requireAuth`, **V** = `requireVerwaltung`, **AD** = `requireAdmin`, — = öffentlich.

## Root & Auth ([routes/auth-routes.js](../routes/auth-routes.js))

| Methode | Pfad | Auth | Quelle |
|---|---|---|---|
| GET | `/` | — | [server.js:67](../server.js#L67) |
| GET | `/login` | — | [auth-routes.js:94](../routes/auth-routes.js#L94) |
| POST | `/login` | — | [auth-routes.js:99](../routes/auth-routes.js#L99) |
| GET | `/logout` | — | [auth-routes.js:178](../routes/auth-routes.js#L178) |

## Dashboard ([routes/dashboard-routes.js](../routes/dashboard-routes.js))

| Methode | Pfad | Auth | Quelle |
|---|---|---|---|
| GET | `/dashboard` | A | [dashboard-routes.js:39](../routes/dashboard-routes.js#L39) |
| GET | `/overtime-breakdown` | A | [dashboard-routes.js:65](../routes/dashboard-routes.js#L65) |
| GET | `/api/checkin-root-url` | — | [dashboard-routes.js:11](../routes/dashboard-routes.js#L11) |
| GET | `/api/dashboard/qr-pdf/internal` | A | [dashboard-routes.js:23](../routes/dashboard-routes.js#L23) |
| GET | `/api/dashboard/qr-pdf/external` | A | [dashboard-routes.js:31](../routes/dashboard-routes.js#L31) |

## User ([routes/user-routes.js](../routes/user-routes.js))

| Methode | Pfad | Auth | Quelle |
|---|---|---|---|
| GET | `/api/user/last-week` | A | [user-routes.js:11](../routes/user-routes.js#L11) |
| POST | `/api/user/last-week` | A | [user-routes.js:24](../routes/user-routes.js#L24) |
| GET | `/api/user/weekend-percentages` | A | [user-routes.js:43](../routes/user-routes.js#L43) |
| GET | `/api/user/data` | A | [user-routes.js:57](../routes/user-routes.js#L57) |
| GET | `/api/user/client-ip` | A | [user-routes.js:74](../routes/user-routes.js#L74) |
| GET | `/api/user/ping-ip` | A | [user-routes.js:90](../routes/user-routes.js#L90) |
| POST | `/api/user/ping-ip` | A | [user-routes.js:103](../routes/user-routes.js#L103) |
| GET | `/api/user/project-search-enabled` | A | [user-routes.js:134](../routes/user-routes.js#L134) |
| POST | `/api/user/project-search-enabled` | A | [user-routes.js:152](../routes/user-routes.js#L152) |
| POST | `/api/user/switch-role` | A | [user-routes.js:178](../routes/user-routes.js#L178) |
| GET | `/api/user/planned-vacation` | A | [user-routes.js:203](../routes/user-routes.js#L203) |
| GET | `/api/user/stats` | A | [user-routes.js:274](../routes/user-routes.js#L274) |
| GET | `/api/user/overtime-breakdown` | A | [user-routes.js:571](../routes/user-routes.js#L571) |

## Timesheet ([routes/timesheet-routes.js](../routes/timesheet-routes.js))

| Methode | Pfad | Auth | Quelle |
|---|---|---|---|
| POST | `/api/timesheet/save` | A | [timesheet-routes.js:42](../routes/timesheet-routes.js#L42) |
| GET | `/api/timesheet/holidays` | A | [timesheet-routes.js:289](../routes/timesheet-routes.js#L289) |
| GET | `/api/timesheet/week/:weekStart` | A | [timesheet-routes.js:300](../routes/timesheet-routes.js#L300) |
| POST | `/api/timesheet/submit` | A | [timesheet-routes.js:338](../routes/timesheet-routes.js#L338) |
| GET | `/api/timesheet/latest-submitted/:weekStart` | A | [timesheet-routes.js:531](../routes/timesheet-routes.js#L531) |
| GET | `/api/timesheet/download-info/:id` | V | [timesheet-routes.js:565](../routes/timesheet-routes.js#L565) |
| GET | `/api/timesheet/pdf/:id` | A | [timesheet-routes.js:594](../routes/timesheet-routes.js#L594) |

## Projektsuche ([routes/project-search-routes.js](../routes/project-search-routes.js))

| Methode | Pfad | Auth | Quelle |
|---|---|---|---|
| GET | `/projects/search` | A | [project-search-routes.js:6](../routes/project-search-routes.js#L6) |
| GET | `/api/projects/search` | A | [project-search-routes.js:21](../routes/project-search-routes.js#L21) |

## Verwaltung ([routes/verwaltung-routes.js](../routes/verwaltung-routes.js))

| Methode | Pfad | Auth | Quelle |
|---|---|---|---|
| GET | `/verwaltung` | V | [verwaltung-routes.js:26](../routes/verwaltung-routes.js#L26) |
| GET | `/verwaltung/projektauswertung` | V | [verwaltung-routes.js:276](../routes/verwaltung-routes.js#L276) |
| GET | `/api/verwaltung/employee/:id/weeks` | V | [verwaltung-routes.js:154](../routes/verwaltung-routes.js#L154) |
| PUT | `/api/verwaltung/user/:id/overtime-offset` | V | [verwaltung-routes.js:502](../routes/verwaltung-routes.js#L502) |
| PUT | `/api/verwaltung/user/:id/vacation-offset` | V | [verwaltung-routes.js:571](../routes/verwaltung-routes.js#L571) |
| GET | `/api/verwaltung/user/:id/overtime-corrections` | V | [verwaltung-routes.js:591](../routes/verwaltung-routes.js#L591) |
| GET | `/api/verwaltung/user/:id/sick-days` | V | [verwaltung-routes.js:611](../routes/verwaltung-routes.js#L611) |
| GET | `/api/verwaltung/user/:id/stats` | V | [verwaltung-routes.js:663](../routes/verwaltung-routes.js#L663) |
| GET | `/api/verwaltung/employees/current-overtime` | V | [verwaltung-routes.js:634](../routes/verwaltung-routes.js#L634) |
| PUT | `/api/verwaltung/timesheet/:id/comment` | V | [verwaltung-routes.js:1003](../routes/verwaltung-routes.js#L1003) |
| GET | `/api/verwaltung/bulk-download/:year/:week` | V | [verwaltung-routes.js:1019](../routes/verwaltung-routes.js#L1019) |

## Admin ([routes/admin-routes.js](../routes/admin-routes.js))

| Methode | Pfad | Auth | Quelle |
|---|---|---|---|
| GET | `/admin` | AD | [admin-routes.js:26](../routes/admin-routes.js#L26) |
| POST | `/admin/users` | AD | [admin-routes.js:71](../routes/admin-routes.js#L71) |
| PUT | `/admin/users/:id` | AD | [admin-routes.js:127](../routes/admin-routes.js#L127) |
| DELETE | `/admin/users/:id` | AD | [admin-routes.js:110](../routes/admin-routes.js#L110) |
| GET | `/admin/options` | AD | [admin-routes.js:188](../routes/admin-routes.js#L188) |
| POST | `/admin/options` | AD | [admin-routes.js:208](../routes/admin-routes.js#L208) |
| GET | `/admin/mssql-config` | AD | [admin-routes.js:260](../routes/admin-routes.js#L260) |
| POST | `/admin/mssql-config` | AD | [admin-routes.js:279](../routes/admin-routes.js#L279) |
| POST | `/admin/mssql-test-connection` | AD | [admin-routes.js:328](../routes/admin-routes.js#L328) |
| GET | `/admin/api/timesheet-duplicates` | AD | [admin-routes.js:342](../routes/admin-routes.js#L342) |
| DELETE | `/admin/api/timesheet-entry/:id` | AD | [admin-routes.js:410](../routes/admin-routes.js#L410) |
| GET | `/admin/api/pdfs/years` | AD | [admin-routes.js:436](../routes/admin-routes.js#L436) |
| GET | `/admin/api/pdfs/users` | AD | [admin-routes.js:452](../routes/admin-routes.js#L452) |
| GET | `/admin/api/pdfs/files` | AD | [admin-routes.js:504](../routes/admin-routes.js#L504) |
| GET | `/admin/api/pdfs/file` | AD | [admin-routes.js:539](../routes/admin-routes.js#L539) |

## Admin LDAP ([routes/admin-ldap-routes.js](../routes/admin-ldap-routes.js))

| Methode | Pfad | Auth | Quelle |
|---|---|---|---|
| GET | `/admin/ldap/config` | AD | [admin-ldap-routes.js:10](../routes/admin-ldap-routes.js#L10) |
| POST | `/admin/ldap/config` | AD | [admin-ldap-routes.js:26](../routes/admin-ldap-routes.js#L26) |
| POST | `/admin/ldap/sync` | AD | [admin-ldap-routes.js:134](../routes/admin-ldap-routes.js#L134) |
| GET | `/admin/ldap/sync/log` | AD | [admin-ldap-routes.js:152](../routes/admin-ldap-routes.js#L152) |

## Hinweis: Check-in-Server

Zusätzlich läuft ein separater Server auf Port **3334** ([checkin-server.js](../checkin-server.js)), eingebunden in [server.js:104](../server.js#L104). Hauptserver läuft auf Port **3333**.