Updating dependencies and switching to ESModules where possible

2025-09-15 22:04:57 +02:00
parent 8135190cd8
commit c6158fe2e2
66 changed files with 4540 additions and 3752 deletions
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@ -1,6 +1,9 @@
 nodeLinker: node-modules

 npmRegistryServer: "https://npm.hibas123.de"
+npmScopes:
+  "hibas123":
+    npmRegistryServer: "https://git.hibas.dev/api/packages/hibas123/npm/"

 plugins:
  - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
--- a/Backend/package.json
+++ b/Backend/package.json
@ -3,12 +3,15 @@
   "main": "lib/index.js",
   "author": "Fabian Stamm <dev@fabianstamm.de>",
   "license": "MIT",
+   "type": "module",
   "scripts": {
      "build": "run-s build-ts build-doc",
      "build-doc": "apidoc -i src/ -p apidoc/",
      "build-ts": "tsc",
      "start": "node lib/index.js",
-      "dev": "nodemon -e ts --exec ts-node src/index.ts",
+      "dev:js": "nodemon lib/index.ts",
+      "dev:ts": "tsc --watch",
+      "dev": "concurrently 'yarn run dev:js' 'yarn run dev:ts'",
      "format": "prettier --write \"src/**\""
   },
   "pipelines": {
@ -20,58 +23,59 @@
      ]
   },
   "devDependencies": {
-      "@types/body-parser": "^1.19.2",
-      "@types/compression": "^1.7.2",
-      "@types/cookie-parser": "^1.4.3",
-      "@types/dotenv": "^8.2.0",
-      "@types/express": "^4.17.17",
-      "@types/express-session": "^1.17.7",
-      "@types/i18n": "^0.13.6",
-      "@types/ini": "^1.3.31",
-      "@types/jsonwebtoken": "^9.0.1",
+      "@types/body-parser": "^1.19.6",
+      "@types/compression": "^1.8.1",
+      "@types/cookie-parser": "^1.4.9",
+      "@types/dotenv": "^8.2.3",
+      "@types/express": "^5.0.3",
+      "@types/express-serve-static-core": "^5.0.7",
+      "@types/express-session": "^1.18.2",
+      "@types/i18n": "^0.13.12",
+      "@types/ini": "^4.1.1",
+      "@types/jsonwebtoken": "^9.0.10",
      "@types/mongodb": "^4.0.7",
-      "@types/node": "^18.15.11",
-      "@types/node-rsa": "^1.1.1",
-      "@types/qrcode": "^1.5.0",
-      "@types/speakeasy": "^2.0.7",
-      "@types/uuid": "^9.0.1",
-      "apidoc": "^0.54.0",
-      "concurrently": "^8.2.2",
-      "nodemon": "^3.0.1",
-      "prettier": "^2.8.7",
-      "ts-node": "^10.9.1",
-      "typescript": "^5.0.4"
+      "@types/node": "^24.4.0",
+      "@types/node-rsa": "^1.1.4",
+      "@types/qrcode": "^1.5.5",
+      "@types/speakeasy": "^2.0.10",
+      "@types/uuid": "^10.0.0",
+      "apidoc": "^1.2.0",
+      "concurrently": "^9.2.1",
+      "nodemon": "^3.1.10",
+      "prettier": "^3.6.2",
+      "ts-node": "^10.9.2",
+      "typescript": "^5.9.2"
   },
   "dependencies": {
      "@hibas123/config": "^1.1.2",
-      "@hibas123/nodelogging": "^3.1.3",
+      "@hibas123/nodelogging": "^4.0.0",
      "@hibas123/nodeloggingserver_client": "^1.1.2",
      "@hibas123/openauth-internalapi": "workspace:^",
      "@hibas123/openauth-views-v1": "workspace:^",
-      "@hibas123/safe_mongo": "2.0.1",
-      "@simplewebauthn/server": "^7.2.0",
-      "body-parser": "^1.20.2",
-      "compression": "^1.7.4",
-      "connect-mongo": "^5.0.0",
-      "cookie-parser": "^1.4.6",
+      "@hibas123/safe_mongo": "2.1.0",
+      "@simplewebauthn/server": "^13.2.0",
+      "body-parser": "^2.2.0",
+      "compression": "^1.8.1",
+      "connect-mongo": "^5.1.0",
+      "cookie-parser": "^1.4.7",
      "cors": "^2.8.5",
-      "dotenv": "^16.0.3",
-      "express": "^4.18.2",
-      "express-session": "^1.17.3",
-      "handlebars": "^4.7.7",
+      "dotenv": "^17.2.2",
+      "express": "^5.1.0",
+      "express-session": "^1.18.2",
+      "handlebars": "^4.7.8",
      "i18n": "^0.15.1",
-      "ini": "^4.1.1",
-      "joi": "^17.11.0",
-      "jsonwebtoken": "^9.0.0",
-      "moment": "^2.29.4",
-      "mongodb": "^5.2.0",
+      "ini": "^5.0.0",
+      "joi": "^18.0.1",
+      "jsonwebtoken": "^9.0.2",
+      "moment": "^2.30.1",
+      "mongodb": "^6.19.0",
      "node-rsa": "^1.1.1",
      "npm-run-all": "^4.1.5",
-      "qrcode": "^1.5.3",
-      "reflect-metadata": "^0.1.13",
+      "qrcode": "^1.5.4",
+      "reflect-metadata": "^0.2.2",
      "speakeasy": "^2.0.0",
      "u2f": "^0.1.3",
-      "uuid": "^9.0.1"
+      "uuid": "^13.0.0"
   },
   "packageManager": "yarn@3.5.0"
 }
--- a/Backend/src/api/admin/client.ts
+++ b/Backend/src/api/admin/client.ts
@ -1,8 +1,8 @@
 import { Router, Request } from "express";
-import RequestError, { HttpStatusCode } from "../../helper/request_error";
-import promiseMiddleware from "../../helper/promiseMiddleware";
-import Client from "../../models/client";
-import verify, { Types } from "../middlewares/verify";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";
+import promiseMiddleware from "../../helper/promiseMiddleware.js";
+import Client from "../../models/client.js";
+import verify, { Types } from "../middlewares/verify.js";
 import { randomBytes } from "crypto";

 const ClientRouter: Router = Router();
--- a/Backend/src/api/admin/index.ts
+++ b/Backend/src/api/admin/index.ts
@ -1,10 +1,10 @@
 import { Request, Router } from "express";
-import ClientRoute from "./client";
-import UserRoute from "./user";
-import RegCodeRoute from "./regcode";
-import PermissionRoute from "./permission";
-import { GetUserMiddleware } from "../middlewares/user";
-import RequestError, { HttpStatusCode } from "../../helper/request_error";
+import ClientRoute from "./client.js";
+import UserRoute from "./user.js";
+import RegCodeRoute from "./regcode.js";
+import PermissionRoute from "./permission.js";
+import { GetUserMiddleware } from "../middlewares/user.js";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";

 const AdminRoute: Router = Router();

--- a/Backend/src/api/admin/permission.ts
+++ b/Backend/src/api/admin/permission.ts
@ -1,10 +1,9 @@
 import { Request, Router } from "express";
-import { GetUserMiddleware } from "../middlewares/user";
-import RequestError, { HttpStatusCode } from "../../helper/request_error";
-import promiseMiddleware from "../../helper/promiseMiddleware";
-import Permission from "../../models/permissions";
-import verify, { Types } from "../middlewares/verify";
-import Client from "../../models/client";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";
+import promiseMiddleware from "../../helper/promiseMiddleware.js";
+import Permission from "../../models/permissions.js";
+import verify, { Types } from "../middlewares/verify.js";
+import Client from "../../models/client.js";
 import { ObjectId } from "bson";

 const PermissionRoute: Router = Router();
--- a/Backend/src/api/admin/regcode.ts
+++ b/Backend/src/api/admin/regcode.ts
@ -1,10 +1,8 @@
 import { Request, Router } from "express";
-import promiseMiddleware from "../../helper/promiseMiddleware";
-import RegCode from "../../models/regcodes";
+import promiseMiddleware from "../../helper/promiseMiddleware.js";
+import RegCode from "../../models/regcodes.js";
 import { randomBytes } from "crypto";
 import moment = require("moment");
-import { GetUserMiddleware } from "../middlewares/user";
-import { HttpStatusCode } from "../../helper/request_error";

 const RegCodeRoute: Router = Router();
 RegCodeRoute.route("/")
--- a/Backend/src/api/admin/user.ts
+++ b/Backend/src/api/admin/user.ts
@ -1,11 +1,11 @@
 import { Request, Router } from "express";
-import { GetUserMiddleware } from "../middlewares/user";
-import { HttpStatusCode } from "../../helper/request_error";
-import promiseMiddleware from "../../helper/promiseMiddleware";
-import User from "../../models/user";
-import Mail from "../../models/mail";
-import RefreshToken from "../../models/refresh_token";
-import LoginToken from "../../models/login_token";
+import { GetUserMiddleware } from "../middlewares/user.js";
+import { HttpStatusCode } from "../../helper/request_error.js";
+import promiseMiddleware from "../../helper/promiseMiddleware.js";
+import User from "../../models/user.js";
+import Mail from "../../models/mail.js";
+import RefreshToken from "../../models/refresh_token.js";
+import LoginToken from "../../models/login_token.js";

 const UserRoute: Router = Router();
 UserRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) => {
--- a/Backend/src/api/client/index.ts
+++ b/Backend/src/api/client/index.ts
@ -1,15 +1,15 @@
 import { Request, Response, Router } from "express";
-import Stacker from "../middlewares/stacker";
+import Stacker from "../middlewares/stacker.js";
 import {
   GetClientAuthMiddleware,
   GetClientApiAuthMiddleware,
-} from "../middlewares/client";
-import { GetUserMiddleware } from "../middlewares/user";
-import { createJWT } from "../../keys";
-import Client from "../../models/client";
-import RequestError, { HttpStatusCode } from "../../helper/request_error";
-import config from "../../config";
-import Mail from "../../models/mail";
+} from "../middlewares/client.js";
+import { GetUserMiddleware } from "../middlewares/user.js";
+import { createJWT } from "../../keys.js";
+import Client from "../../models/client.js";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";
+import config from "../../config.js";
+import Mail from "../../models/mail.js";

 const ClientRouter = Router();

--- a/Backend/src/api/client/permissions.ts
+++ b/Backend/src/api/client/permissions.ts
@ -1,14 +1,14 @@
 import { Request, Response } from "express";
-import Stacker from "../middlewares/stacker";
+import Stacker from "../middlewares/stacker.js";
 import {
   ClientAuthMiddleware,
   GetClientAuthMiddleware,
-} from "../middlewares/client";
-import Permission from "../../models/permissions";
-import User from "../../models/user";
+} from "../middlewares/client.js";
+import Permission from "../../models/permissions.js";
+import User from "../../models/user.js";

-import RequestError, { HttpStatusCode } from "../../helper/request_error";
-import Grant from "../../models/grants";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";
+import Grant from "../../models/grants.js";
 import { ObjectId } from "mongodb";

 export const GetPermissions = Stacker(
--- a/Backend/src/api/index.ts
+++ b/Backend/src/api/index.ts
@ -1,12 +1,12 @@
 import * as express from "express";
-import AdminRoute from "./admin";
-import UserRoute from "./user";
-import InternalRoute from "./internal";
-import ClientRouter from "./client";
+import AdminRoute from "./admin/index.js";
+import UserRoute from "./user/index.js";
+import InternalRoute from "./internal/index.js";
+import ClientRouter from "./client/index.js";
 import cors from "cors";
-import OAuthRoute from "./oauth";
-import config from "../config";
-import JRPCEndpoint from "./jrpc";
+import OAuthRoute from "./oauth/index.js";
+import config from "../config.js";
+import JRPCEndpoint from "./jrpc/index.js";

 const ApiRouter: express.IRouter = express.Router();
 ApiRouter.use("/admin", AdminRoute);
--- a/Backend/src/api/internal/index.ts
+++ b/Backend/src/api/internal/index.ts
@ -1,6 +1,6 @@
 import { Router } from "express";
-import { OAuthInternalApp } from "./oauth";
-import PasswordAuth from "./password";
+import { OAuthInternalApp } from "./oauth.js";
+import PasswordAuth from "./password.js";

 const InternalRoute: Router = Router();
 /**
--- a/Backend/src/api/internal/oauth.ts
+++ b/Backend/src/api/internal/oauth.ts
@ -1,9 +1,9 @@
 import { Request, Response, NextFunction } from "express";
-import Stacker from "../middlewares/stacker";
-import { GetClientAuthMiddleware } from "../middlewares/client";
-import { UserMiddleware } from "../middlewares/user";
-import RequestError, { HttpStatusCode } from "../../helper/request_error";
-import ClientCode from "../../models/client_code";
+import Stacker from "../middlewares/stacker.js";
+import { GetClientAuthMiddleware } from "../middlewares/client.js";
+import { UserMiddleware } from "../middlewares/user.js";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";
+import ClientCode from "../../models/client_code.js";
 import moment = require("moment");
 import { randomBytes } from "crypto";
 export const OAuthInternalApp = Stacker(
--- a/Backend/src/api/internal/password.ts
+++ b/Backend/src/api/internal/password.ts
@ -1,8 +1,8 @@
 import { Request, Response, NextFunction } from "express";
-import { GetClientAuthMiddleware } from "../middlewares/client";
-import Stacker from "../middlewares/stacker";
-import RequestError, { HttpStatusCode } from "../../helper/request_error";
-import User from "../../models/user";
+import { GetClientAuthMiddleware } from "../middlewares/client.js";
+import Stacker from "../middlewares/stacker.js";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";
+import User from "../../models/user.js";

 const PasswordAuth = Stacker(
   GetClientAuthMiddleware(true, true),
--- a/Backend/src/api/jrpc/index.ts
+++ b/Backend/src/api/jrpc/index.ts
@ -1,13 +1,13 @@
 import { Format } from "@hibas123/logging";
 import Logging from "@hibas123/nodelogging";
 import { Server, } from "@hibas123/openauth-internalapi";
-import { RequestObject, ResponseObject } from "@hibas123/openauth-internalapi/lib/service_base";
+import { RequestObject, ResponseObject } from "@hibas123/openauth-internalapi/lib/service_base.js";
 import { Request, Response } from "express";
-import Stacker from "../middlewares/stacker";
-import AccountService from "./services/account";
-import LoginService from "./services/login";
-import SecurityService from "./services/security";
-import TFAService from "./services/twofactor";
+import Stacker from "../middlewares/stacker.js";
+import AccountService from "./services/account.js";
+import LoginService from "./services/login.js";
+import SecurityService from "./services/security.js";
+import TFAService from "./services/twofactor.js";

 export type SessionContext = Request;

--- a/Backend/src/api/jrpc/services/account.ts
+++ b/Backend/src/api/jrpc/services/account.ts
@ -1,8 +1,8 @@
 import { Profile, ContactInfo, Gender, Server, UserRegisterInfo } from "@hibas123/openauth-internalapi";
-import type { SessionContext } from "../index";
-import Mail from "../../../models/mail";
-import User from "../../../models/user";
-import { RequireLogin } from "../../../helper/login";
+import type { SessionContext } from "../index.js";
+import Mail from "../../../models/mail.js";
+import User from "../../../models/user.js";
+import { RequireLogin } from "../../../helper/login.js";

 export default class AccountService extends Server.AccountService<SessionContext> {
   Register(regcode: string, info: UserRegisterInfo, ctx: SessionContext): Promise<void> {
--- a/Backend/src/api/jrpc/services/login.ts
+++ b/Backend/src/api/jrpc/services/login.ts
@ -1,13 +1,13 @@
 import { Server, LoginState, TFAOption, TFAType } from "@hibas123/openauth-internalapi";
-import type { SessionContext } from "../index";
+import type { SessionContext } from "../index.js";
 import Logging from "@hibas123/nodelogging";
-import User, { IUser } from "../../../models/user";
+import User, { IUser } from "../../../models/user.js";
 import moment from "moment";
 import crypto from "node:crypto";
-import TwoFactor, { ITwoFactor, IWebAuthn } from "../../../models/twofactor";
+import TwoFactor, { ITwoFactor, IWebAuthn } from "../../../models/twofactor.js";
 import speakeasy from "speakeasy";
 import { generateAuthenticationOptions, verifyAuthenticationResponse } from "@simplewebauthn/server";
-import config from "../../../config";
+import config from "../../../config.js";

 //FIXME: There are a lot of uneccessary database requests happening here. Since this is not a "hot" path, it should not matter to much, but it should be fixed nontheless.

@ -212,13 +212,12 @@ export default class LoginService extends Server.LoginService<SessionContext> {

      const rpID = new URL(config.core.url).hostname;

-      let options = generateAuthenticationOptions({
+      let options = await generateAuthenticationOptions({
         timeout: 60000,
         userVerification: "discouraged",
         rpID,
         allowCredentials: [{
-            id: tfa.data.device.credentialID.buffer,
-            type: "public-key",
+            id: typeof tfa.data.device.credentialID === "string" ? tfa.data.device.credentialID : Buffer.from(tfa.data.device.credentialID.buffer).toString("base64url"),
            transports: tfa.data.device.transports
         }]
      })
@ -241,10 +240,10 @@ export default class LoginService extends Server.LoginService<SessionContext> {

      let verification = await verifyAuthenticationResponse({
         response: JSON.parse(response),
-         authenticator: {
+         credential: {
+            id: typeof tfa.data.device.credentialID === "string" ? tfa.data.device.credentialID : Buffer.from(tfa.data.device.credentialID.buffer).toString("base64url"),
+            publicKey: Buffer.from(tfa.data.device.credentialPublicKey.buffer),
            counter: tfa.data.device.counter,
-            credentialID: tfa.data.device.credentialID.buffer,
-            credentialPublicKey: tfa.data.device.credentialPublicKey.buffer,
            transports: tfa.data.device.transports
         },
         expectedChallenge: ctx.session.login_state.webauthn_challenge,
--- a/Backend/src/api/jrpc/services/security.ts
+++ b/Backend/src/api/jrpc/services/security.ts
@ -1,9 +1,9 @@
 import { Server, Session } from "@hibas123/openauth-internalapi";
-import type { SessionContext } from "../index";
+import type { SessionContext } from "../index.js";
 import Logging from "@hibas123/nodelogging";
-import { RequireLogin } from "../../../helper/login";
+import { RequireLogin } from "../../../helper/login.js";
 import crypto from "node:crypto";
-import User from "../../../models/user";
+import User from "../../../models/user.js";

 export default class SecurityService extends Server.SecurityService<SessionContext> {
   @RequireLogin()
--- a/Backend/src/api/jrpc/services/twofactor.ts
+++ b/Backend/src/api/jrpc/services/twofactor.ts
@ -1,15 +1,15 @@
 import { TFANewTOTP, Server, TFAOption, UserRegisterInfo, TFAWebAuthRegister } from "@hibas123/openauth-internalapi";
-import type { SessionContext } from "../index";
-import TwoFactorModel, { ITOTP, IWebAuthn, TFATypes } from "../../../models/twofactor";
+import type { SessionContext } from "../index.js";
+import TwoFactorModel, { ITOTP, IWebAuthn, TFATypes } from "../../../models/twofactor.js";
 import moment = require("moment");
 import * as speakeasy from "speakeasy";
 import * as qrcode from "qrcode";
-import config from "../../../config";
+import config from "../../../config.js";
 import { generateRegistrationOptions, verifyRegistrationResponse } from '@simplewebauthn/server';
-import type { RegistrationResponseJSON } from '@simplewebauthn/typescript-types';
+// import type { RegistrationResponseJSON } from '@simplewebauthn/typescript-types';
 import Logging from "@hibas123/nodelogging";
 import { Binary } from "mongodb";
-import { RequireLogin } from "../../../helper/login";
+import { RequireLogin } from "../../../helper/login.js";


 export default class TFAService extends Server.TFAService<SessionContext> {
@ -111,10 +111,10 @@ export default class TFAService extends Server.TFAService<SessionContext> {
      // TODO: Get already registered options

      const rpID = new URL(config.core.url).hostname;
-      const options = generateRegistrationOptions({
+      const options = await generateRegistrationOptions({
         rpName: config.core.name,
         rpID,
-         userID: ctx.user.uid,
+         userID: Buffer.from(ctx.user.uid, "utf-8"),
         userName: ctx.user.username,
         attestationType: 'direct',
         userDisplayName: ctx.user.name,
@ -156,7 +156,7 @@ export default class TFAService extends Server.TFAService<SessionContext> {

      const rpID = new URL(config.core.url).hostname;

-      const response = JSON.parse(registration) as RegistrationResponseJSON;
+      const response = JSON.parse(registration); // as RegistrationResponseJSON;

      let verification = await verifyRegistrationResponse({
         response,
@ -167,7 +167,7 @@ export default class TFAService extends Server.TFAService<SessionContext> {
      });

      if (verification.verified) {
-         const { credentialPublicKey, credentialID, counter } = verification.registrationInfo;
+         const { credential, } = verification.registrationInfo;

         //TODO: Check if already registered!
         // TwoFactorModel.find({
@ -177,10 +177,11 @@ export default class TFAService extends Server.TFAService<SessionContext> {

         twofactor.data = {
            device: {
-               credentialPublicKey: new Binary(credentialPublicKey),
-               credentialID: new Binary(credentialID),
-               counter: verification.registrationInfo.counter,
-               transports: response.response.transports as any[]
+               counter: credential.counter,
+               credentialPublicKey: new Binary(credential.publicKey),
+               credentialID: credential.id,
+               // counter: verification.registrationInfo.counter,
+               transports: response.response.transports as any[],
            }
         }

--- a/Backend/src/api/middlewares/client.ts
+++ b/Backend/src/api/middlewares/client.ts
@ -1,10 +1,9 @@
 import { NextFunction, Request, Response } from "express";
-import RequestError, { HttpStatusCode } from "../../helper/request_error";
-import Client from "../../models/client";
-import { validateJWT } from "../../keys";
-import User from "../../models/user";
-import Mail from "../../models/mail";
-import { OAuthJWT } from "../../helper/jwt";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";
+import Client from "../../models/client.js";
+import { validateJWT } from "../../keys.js";
+import User from "../../models/user.js";
+import { OAuthJWT } from "../../helper/jwt.js";
 import Logging from "@hibas123/nodelogging";

 export function GetClientAuthMiddleware(
--- a/Backend/src/api/middlewares/stacker.ts
+++ b/Backend/src/api/middlewares/stacker.ts
@ -1,5 +1,5 @@
 import { Request, Response, NextFunction, RequestHandler } from "express";
-import promiseMiddleware from "../../helper/promiseMiddleware";
+import promiseMiddleware from "../../helper/promiseMiddleware.js";

 type RH = (req: Request, res: Response, next?: NextFunction) => any;

--- a/Backend/src/api/middlewares/user.ts
+++ b/Backend/src/api/middlewares/user.ts
@ -1,8 +1,8 @@
 import { NextFunction, Request, Response } from "express";
 import Logging from "@hibas123/nodelogging";
-import RequestError, { HttpStatusCode } from "../../helper/request_error";
-import promiseMiddleware from "../../helper/promiseMiddleware";
-import { requireLoginState } from "../../helper/login";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";
+import promiseMiddleware from "../../helper/promiseMiddleware.js";
+import { requireLoginState } from "../../helper/login.js";

 class Invalid extends Error { }

--- a/Backend/src/api/middlewares/verify.ts
+++ b/Backend/src/api/middlewares/verify.ts
@ -1,10 +1,9 @@
 import { Request, Response, NextFunction } from "express";
 import Logging from "@hibas123/nodelogging";
 import {
-   isString,
-   isDate,
+   types
 } from "util";
-import RequestError, { HttpStatusCode } from "../../helper/request_error";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";

 export enum Types {
   STRING,
@ -54,7 +53,7 @@ export default function (fields: Checks, noadditional = false) {
         if (data !== undefined && data !== null) {
            switch (field.type) {
               case Types.STRING:
-                  if (isString(data)) {
+                  if (typeof data === "string") {
                     if (!field.notempty) return;
                     if (data !== "") return;
                  }
@ -75,7 +74,7 @@ export default function (fields: Checks, noadditional = false) {
                  if (Array.isArray(data)) return;
                  break;
               case Types.DATE:
-                  if (isDate(data)) return;
+                  if (types.isDate(data)) return;
                  break;
               case Types.ENUM:
                  if (typeof data == "string") {
--- a/Backend/src/api/oauth/auth.ts
+++ b/Backend/src/api/oauth/auth.ts
@ -1,15 +1,15 @@
-import Stacker from "../middlewares/stacker";
-import { GetUserMiddleware } from "../middlewares/user";
+import Stacker from "../middlewares/stacker.js";
+import { GetUserMiddleware } from "../middlewares/user.js";
 import { Request, Response } from "express";
-import Client from "../../models/client";
+import Client from "../../models/client.js";
 import Logging from "@hibas123/nodelogging";
-import Permission, { IPermission } from "../../models/permissions";
-import ClientCode from "../../models/client_code";
+import Permission, { IPermission } from "../../models/permissions.js";
+import ClientCode from "../../models/client_code.js";
 import moment = require("moment");
 import { randomBytes } from "crypto";
 // import { ObjectId } from "bson";
-import Grant, { IGrant } from "../../models/grants";
-import GetAuthPage from "../../views/authorize";
+import Grant, { IGrant } from "../../models/grants.js";
+import GetAuthPage from "../../views/authorize.js";
 import { ObjectId } from "mongodb";

 // const AuthRoute = Stacker(GetUserMiddleware(true), async (req: Request, res: Response) => {
--- a/Backend/src/api/oauth/index.ts
+++ b/Backend/src/api/oauth/index.ts
@ -1,9 +1,9 @@
 import { Router } from "express";
-import GetAuthRoute from "./auth";
-import JWTRoute from "./jwt";
-import Public from "./public";
-import RefreshTokenRoute from "./refresh";
-import ProfileRoute from "./profile";
+import GetAuthRoute from "./auth.js";
+import JWTRoute from "./jwt.js";
+import Public from "./public.js";
+import RefreshTokenRoute from "./refresh.js";
+import ProfileRoute from "./profile.js";

 const OAuthRoute: Router = Router();
 /**
--- a/Backend/src/api/oauth/jwt.ts
+++ b/Backend/src/api/oauth/jwt.ts
@ -1,10 +1,10 @@
 import { Request, Response } from "express";
-import promiseMiddleware from "../../helper/promiseMiddleware";
-import RequestError, { HttpStatusCode } from "../../helper/request_error";
-import RefreshToken from "../../models/refresh_token";
-import User from "../../models/user";
-import Client from "../../models/client";
-import { getAccessTokenJWT } from "../../helper/jwt";
+import promiseMiddleware from "../../helper/promiseMiddleware.js";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";
+import RefreshToken from "../../models/refresh_token.js";
+import User from "../../models/user.js";
+import Client from "../../models/client.js";
+import { getAccessTokenJWT } from "../../helper/jwt.js";

 const JWTRoute = promiseMiddleware(async (req: Request, res: Response) => {
   let { refreshtoken } = req.query as { [key: string]: string };
--- a/Backend/src/api/oauth/profile.ts
+++ b/Backend/src/api/oauth/profile.ts
@ -1,6 +1,6 @@
-import Mail from "../../models/mail";
-import { GetClientApiAuthMiddleware } from "../middlewares/client";
-import Stacker from "../middlewares/stacker";
+import Mail from "../../models/mail.js";
+import { GetClientApiAuthMiddleware } from "../middlewares/client.js";
+import Stacker from "../middlewares/stacker.js";
 import { Request, Response } from "express";
 import Logging from "@hibas123/nodelogging";

--- a/Backend/src/api/oauth/public.ts
+++ b/Backend/src/api/oauth/public.ts
@ -1,5 +1,5 @@
 import { Request, Response } from "express";
-import { public_key } from "../../keys";
+import { public_key } from "../../keys.js";

 export default function Public(req: Request, res: Response) {
   res.json({ public_key: public_key });
--- a/Backend/src/api/oauth/refresh.ts
+++ b/Backend/src/api/oauth/refresh.ts
@ -1,22 +1,22 @@
 import { Request, Response } from "express";
-import RequestError, { HttpStatusCode } from "../../helper/request_error";
-import User from "../../models/user";
-import Client from "../../models/client";
+import RequestError, { HttpStatusCode } from "../../helper/request_error.js";
+import User from "../../models/user.js";
+import Client from "../../models/client.js";
 import {
   getAccessTokenJWT,
   getIDToken,
   AccessTokenJWTExp,
-} from "../../helper/jwt";
-import Stacker from "../middlewares/stacker";
-import { GetClientAuthMiddleware } from "../middlewares/client";
-import ClientCode from "../../models/client_code";
-import Mail from "../../models/mail";
+} from "../../helper/jwt.js";
+import Stacker from "../middlewares/stacker.js";
+import { GetClientAuthMiddleware } from "../middlewares/client.js";
+import ClientCode from "../../models/client_code.js";
+import Mail from "../../models/mail.js";
 import { randomBytes } from "crypto";
 import moment = require("moment");
 // import { JWTExpDur } from "../../keys";
-import RefreshToken from "../../models/refresh_token";
-import { getEncryptionKey } from "../../helper/user_key";
-import { refreshTokenValidTime } from "../../config";
+import RefreshToken from "../../models/refresh_token.js";
+import { getEncryptionKey } from "../../helper/user_key.js";
+import { refreshTokenValidTime } from "../../config.js";

 // TODO:
 /*
--- a/Backend/src/api/user/index.ts
+++ b/Backend/src/api/user/index.ts
@ -1,6 +1,6 @@
 import { Router } from "express";
-import Register from "./register";
-import OAuthRoute from "./oauth";
+import Register from "./register.js";
+import OAuthRoute from "./oauth/index.js";

 const UserRoute: Router = Router();

--- a/Backend/src/api/user/oauth/_helper.ts
+++ b/Backend/src/api/user/oauth/_helper.ts
@ -1,5 +1,5 @@
-import RequestError, { HttpStatusCode } from "../../../helper/request_error";
-import Client, { IClient } from "../../../models/client";
+import RequestError, { HttpStatusCode } from "../../../helper/request_error.js";
+import Client, { IClient } from "../../../models/client.js";

 export async function getClientWithOrigin(client_id: string, origin: string) {
   const client = await Client.findOne({
--- a/Backend/src/api/user/oauth/index.ts
+++ b/Backend/src/api/user/oauth/index.ts
@ -1,7 +1,7 @@
 import { Router } from "express";
-import { GetJWTByUser } from "./jwt";
-import { GetPermissionsForAuthRequest } from "./permissions";
-import { GetTokenByUser } from "./refresh_token";
+import { GetJWTByUser } from "./jwt.js";
+import { GetPermissionsForAuthRequest } from "./permissions.js";
+import { GetTokenByUser } from "./refresh_token.js";

 const router = Router();

--- a/Backend/src/api/user/oauth/jwt.ts
+++ b/Backend/src/api/user/oauth/jwt.ts
@ -1,11 +1,9 @@
 import { Request, Response } from "express";
-import Stacker from "../../middlewares/stacker";
-import { GetUserMiddleware } from "../../middlewares/user";
-import { URL } from "url";
-import Client from "../../../models/client";
-import RequestError, { HttpStatusCode } from "../../../helper/request_error";
-import { getAccessTokenJWT } from "../../../helper/jwt";
-import { getClientWithOrigin } from "./_helper";
+import Stacker from "../../middlewares/stacker.js";
+import { GetUserMiddleware } from "../../middlewares/user.js";
+
+import { getAccessTokenJWT } from "../../../helper/jwt.js";
+import { getClientWithOrigin } from "./_helper.js";

 export const GetJWTByUser = Stacker(
   GetUserMiddleware(true, false),
--- a/Backend/src/api/user/oauth/permissions.ts
+++ b/Backend/src/api/user/oauth/permissions.ts
@ -1,15 +1,9 @@
 import { Request, Response } from "express";
-import Stacker from "../../middlewares/stacker";
-import { GetUserMiddleware } from "../../middlewares/user";
-import { URL } from "url";
-import Client from "../../../models/client";
-import RequestError, { HttpStatusCode } from "../../../helper/request_error";
-import { randomBytes } from "crypto";
-import moment = require("moment");
-import RefreshToken from "../../../models/refresh_token";
-import { refreshTokenValidTime } from "../../../config";
-import { getClientWithOrigin } from "./_helper";
-import Permission from "../../../models/permissions";
+import Stacker from "../../middlewares/stacker.js";
+import { GetUserMiddleware } from "../../middlewares/user.js";
+import RequestError, { HttpStatusCode } from "../../../helper/request_error.js";
+import { getClientWithOrigin } from "./_helper.js";
+import Permission from "../../../models/permissions.js";

 export const GetPermissionsForAuthRequest = Stacker(
   GetUserMiddleware(true, false),
--- a/Backend/src/api/user/oauth/refresh_token.ts
+++ b/Backend/src/api/user/oauth/refresh_token.ts
@ -1,15 +1,13 @@
 import { Request, Response } from "express";
-import Stacker from "../../middlewares/stacker";
-import { GetUserMiddleware } from "../../middlewares/user";
-import { URL } from "url";
-import Client from "../../../models/client";
-import RequestError, { HttpStatusCode } from "../../../helper/request_error";
+import Stacker from "../../middlewares/stacker.js";
+import { GetUserMiddleware } from "../../middlewares/user.js";
+import RequestError, { HttpStatusCode } from "../../../helper/request_error.js";
 import { randomBytes } from "crypto";
 import moment = require("moment");
-import RefreshToken from "../../../models/refresh_token";
-import { refreshTokenValidTime } from "../../../config";
-import { getClientWithOrigin } from "./_helper";
-import Permission from "../../../models/permissions";
+import RefreshToken from "../../../models/refresh_token.js";
+import { refreshTokenValidTime } from "../../../config.js";
+import { getClientWithOrigin } from "./_helper.js";
+import Permission from "../../../models/permissions.js";

 export const GetTokenByUser = Stacker(
   GetUserMiddleware(true, false),
--- a/Backend/src/api/user/register.ts
+++ b/Backend/src/api/user/register.ts
@ -1,11 +1,11 @@
 import { Request, Response, Router } from "express";
-import Stacker from "../middlewares/stacker";
-import verify, { Types } from "../middlewares/verify";
-import promiseMiddleware from "../../helper/promiseMiddleware";
-import User, { Gender } from "../../models/user";
-import { HttpStatusCode } from "../../helper/request_error";
-import Mail from "../../models/mail";
-import RegCode from "../../models/regcodes";
+import Stacker from "../middlewares/stacker.js";
+import verify, { Types } from "../middlewares/verify.js";
+import promiseMiddleware from "../../helper/promiseMiddleware.js";
+import User, { Gender } from "../../models/user.js";
+import { HttpStatusCode } from "../../helper/request_error.js";
+import Mail from "../../models/mail.js";
+import RegCode from "../../models/regcodes.js";

 const Register = Stacker(
   verify({
--- a/Backend/src/database.ts
+++ b/Backend/src/database.ts
@ -1,5 +1,5 @@
 import SafeMongo from "@hibas123/safe_mongo";
-import Config from "./config";
+import Config from "./config.js";


 const host = Config.database.host || "localhost";
--- a/Backend/src/express.d.ts
+++ b/Backend/src/express.d.ts
@ -1,5 +1,5 @@
-import { IUser } from "./models/user";
-import { IClient } from "./models/client";
+import { IUser } from "./models/user.js";
+import { IClient } from "./models/client.js";

 declare module "express" {
   interface Request {
--- a/Backend/src/helper/jwt.ts
+++ b/Backend/src/helper/jwt.ts
@ -1,8 +1,8 @@
-import { IUser, Gender } from "../models/user";
+import { IUser, Gender } from "../models/user.js";
 import { ObjectId } from "bson";
-import { createJWT } from "../keys";
-import { IClient } from "../models/client";
-import config from "../config";
+import { createJWT } from "../keys.js";
+import { IClient } from "../models/client.js";
+import config from "../config.js";
 import moment = require("moment");

 export interface OAuthJWT {
--- a/Backend/src/helper/login.ts
+++ b/Backend/src/helper/login.ts
@ -1,4 +1,4 @@
-import { SessionContext } from "../api/jrpc";
+import { SessionContext } from "../api/jrpc/index.js";

 export function requireLoginState(ctx: SessionContext, validated: boolean = true, special: boolean = false): boolean {
   if (!ctx.user) return false;
--- a/Backend/src/helper/user_key.ts
+++ b/Backend/src/helper/user_key.ts
@ -1,6 +1,6 @@
 // import * as crypto from "crypto-js"
-import { IUser } from "../models/user";
-import { IClient } from "../models/client";
+import { IUser } from "../models/user.js";
+import { IClient } from "../models/client.js";
 import * as crypto from "crypto";

 function sha512(text: string) {
--- a/Backend/src/index.ts
+++ b/Backend/src/index.ts
@ -1,5 +1,5 @@
 import Logging from "@hibas123/nodelogging";
-import config from "./config";
+import config from "./config.js";

 // import NLS from "@hibas123/nodeloggingserver_client";
 // if (config.logging) {
@ -23,9 +23,9 @@ i18n.configure({
   directory: "./locales",
 });

-import Web from "./web";
-import TestData from "./testdata";
-import DB from "./database";
+import Web from "./web.js";
+import TestData from "./testdata.js";
+import DB from "./database.js";

 Logging.log("Connecting to Database");
 if (config.core.dev) {
--- a/Backend/src/keys.ts
+++ b/Backend/src/keys.ts
@ -14,7 +14,6 @@ export function verify(message: Buffer, signature: Buffer): boolean {
 export let public_key: string;

 import * as jwt from "jsonwebtoken";
-import config from "./config";

 export function createJWT(payload: any, options: jwt.SignOptions) {
   return new Promise<string>((resolve, reject) => {
--- a/Backend/src/models/client.ts
+++ b/Backend/src/models/client.ts
@ -1,5 +1,5 @@
-import DB from "../database";
-import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
+import DB from "../database.js";
+import { ModelDataBase } from "@hibas123/safe_mongo/lib/model.js";
 import { ObjectId } from "mongodb";
 import { v4 } from "uuid";

--- a/Backend/src/models/client_code.ts
+++ b/Backend/src/models/client_code.ts
@ -1,7 +1,6 @@
-import DB from "../database";
-import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
+import DB from "../database.js";
+import { ModelDataBase } from "@hibas123/safe_mongo/lib/model.js";
 import { ObjectId } from "mongodb";
-import { v4 } from "uuid";

 export interface IClientCode extends ModelDataBase {
   user: ObjectId;
--- a/Backend/src/models/grants.ts
+++ b/Backend/src/models/grants.ts
@ -1,5 +1,5 @@
-import DB from "../database";
-import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
+import DB from "../database.js";
+import { ModelDataBase } from "@hibas123/safe_mongo/lib/model.js";
 import { ObjectId } from "mongodb";

 export interface IGrant extends ModelDataBase {
--- a/Backend/src/models/login_token.ts
+++ b/Backend/src/models/login_token.ts
@ -1,5 +1,5 @@
-import DB from "../database";
-import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
+import DB from "../database.js";
+import { ModelDataBase } from "@hibas123/safe_mongo/lib/model.js";
 import { ObjectId } from "mongodb";
 import moment = require("moment");

--- a/Backend/src/models/mail.ts
+++ b/Backend/src/models/mail.ts
@ -1,4 +1,4 @@
-import DB from "../database";
+import DB from "../database.js";
 import { ModelDataBase } from "@hibas123/safe_mongo";

 export interface IMail extends ModelDataBase {
@ -11,7 +11,7 @@ const Mail = DB.addModel<IMail>({
   name: "mail",
   versions: [
      {
-         migration: () => {},
+         migration: () => { },
         schema: {
            mail: { type: String },
            verified: { type: Boolean, default: false },
--- a/Backend/src/models/permissions.ts
+++ b/Backend/src/models/permissions.ts
@ -1,5 +1,5 @@
-import DB from "../database";
-import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
+import DB from "../database.js";
+import { ModelDataBase } from "@hibas123/safe_mongo/lib/model.js";
 import { ObjectId } from "mongodb";

 export interface IPermission extends ModelDataBase {
--- a/Backend/src/models/refresh_token.ts
+++ b/Backend/src/models/refresh_token.ts
@ -1,5 +1,5 @@
-import DB from "../database";
-import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
+import DB from "../database.js";
+import { ModelDataBase } from "@hibas123/safe_mongo/lib/model.js";
 import { ObjectId } from "mongodb";
 import { v4 } from "uuid";

--- a/Backend/src/models/regcodes.ts
+++ b/Backend/src/models/regcodes.ts
@ -1,5 +1,5 @@
-import DB from "../database";
-import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
+import DB from "../database.js";
+import { ModelDataBase } from "@hibas123/safe_mongo/lib/model.js";
 import { ObjectId } from "mongodb";
 import { v4 } from "uuid";

--- a/Backend/src/models/twofactor.ts
+++ b/Backend/src/models/twofactor.ts
@ -1,6 +1,6 @@
 import { TFAType } from "@hibas123/openauth-internalapi";
-import DB from "../database";
-import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
+import DB from "../database.js";
+import { ModelDataBase } from "@hibas123/safe_mongo/lib/model.js";
 import { ObjectId } from "bson";
 import { Binary } from "mongodb";

@ -30,7 +30,7 @@ export interface IWebAuthn extends ITwoFactor {
   data: {
      challenge?: any;
      device?: {
-         credentialID: Binary;
+         credentialID: Binary | string;
         credentialPublicKey: Binary;
         counter: number;
         transports: AuthenticatorTransport[]
--- a/Backend/src/models/user.ts
+++ b/Backend/src/models/user.ts
@ -1,8 +1,9 @@
-import DB from "../database";
-import { ModelDataBase } from "@hibas123/safe_mongo/lib/model";
+import DB from "../database.js";
+
+import { ModelDataBase } from "@hibas123/safe_mongo/lib/model.js";
 import { ObjectId } from "mongodb";
 import { v4 } from "uuid";
-import { randomString } from "../helper/random";
+import { randomString } from "../helper/random.js";

 export enum Gender {
   none,
--- a/Backend/src/testdata.ts
+++ b/Backend/src/testdata.ts
@ -1,15 +1,15 @@
-import User, { Gender } from "./models/user";
-import Client from "./models/client";
+import User, { Gender } from "./models/user.js";
+import Client from "./models/client.js";
 import Logging from "@hibas123/nodelogging";
-import RegCode from "./models/regcodes";
+import RegCode from "./models/regcodes.js";
 import moment from "moment";
-import Permission from "./models/permissions";
+import Permission from "./models/permissions.js";
 import { ObjectId } from "mongodb";
-import DB from "./database";
-import TwoFactor from "./models/twofactor";
+import DB from "./database.js";
+import TwoFactor from "./models/twofactor.js";

-import LoginToken from "./models/login_token";
-import Mail from "./models/mail";
+import LoginToken from "./models/login_token.js";
+import Mail from "./models/mail.js";

 export default async function TestData() {
   Logging.warn("Running in dev mode! Database will be cleared!");
--- a/Backend/src/views/admin.ts
+++ b/Backend/src/views/admin.ts
@ -1,5 +1,5 @@
 import { __ as i__ } from "i18n";
-import config from "../config";
+import config from "../config.js";
 import * as viewsv1 from "@hibas123/openauth-views-v1";

 export default function GetAdminPage(__: typeof i__): string {
--- a/Backend/src/views/authorize.ts
+++ b/Backend/src/views/authorize.ts
@ -1,5 +1,5 @@
 import { __ as i__ } from "i18n";
-import config from "../config";
+import config from "../config.js";
 import * as viewsv1 from "@hibas123/openauth-views-v1";

 export default function GetAuthPage(
--- a/Backend/src/views/index.ts
+++ b/Backend/src/views/index.ts
@ -7,12 +7,12 @@ import {
 } from "express";
 import * as Handlebars from "handlebars";
 import moment = require("moment");
-import { GetUserMiddleware, UserMiddleware } from "../api/middlewares/user";
-import GetAuthRoute from "../api/oauth/auth";
-import config from "../config";
-import { HttpStatusCode } from "../helper/request_error";
-import GetAdminPage from "./admin";
-import GetRegistrationPage from "./register";
+import { GetUserMiddleware, UserMiddleware } from "../api/middlewares/user.js";
+import GetAuthRoute from "../api/oauth/auth.js";
+import config from "../config.js";
+import { HttpStatusCode } from "../helper/request_error.js";
+import GetAdminPage from "./admin.js";
+import GetRegistrationPage from "./register.js";
 import * as path from "path";

 const viewsv2_location = path.join(path.dirname(require.resolve("@hibas123/openauth-views-v2")), "build");
--- a/Backend/src/views/register.ts
+++ b/Backend/src/views/register.ts
@ -1,5 +1,5 @@
 import { __ as i__ } from "i18n";
-import config from "../config";
+import config from "../config.js";
 import * as viewsv1 from "@hibas123/openauth-views-v1";

 export default function GetRegistrationPage(__: typeof i__): string {
--- a/Backend/src/web.ts
+++ b/Backend/src/web.ts
@ -1,4 +1,4 @@
-import config, { WebConfig } from "./config";
+import config, { WebConfig } from "./config.js";
 import express from "express";
 import { Express } from "express";

@ -11,14 +11,12 @@ import session from "express-session";
 import MongoStore from "connect-mongo";

 import i18n from "i18n";
-import compression from "compression";
-import ApiRouter from "./api";
-import ViewRouter from "./views";
-import RequestError, { HttpStatusCode } from "./helper/request_error";
-import DB from "./database";
-import promiseMiddleware from "./helper/promiseMiddleware";
-import User from "./models/user";
-import LoginToken, { CheckToken } from "./models/login_token";
+import ApiRouter from "./api/index.js";
+import ViewRouter from "./views/index.js";
+import RequestError, { HttpStatusCode } from "./helper/request_error.js";
+import DB from "./database.js";
+import promiseMiddleware from "./helper/promiseMiddleware.js";
+import User from "./models/user.js";

 export default class Web {
   server: Express;
@ -41,7 +39,7 @@ export default class Web {
   }

   private registerMiddleware() {
-      this.server.use(session({
+      const sess = session({
         secret: config.core.secret,
         resave: false,
         saveUninitialized: false,
@ -57,7 +55,9 @@ export default class Web {
            secure: !config.core.dev,
            sameSite: "strict",
         }
-      }))
+      });
+
+      this.server.use(sess as any) // FIXME: These types seem to be brokenb, but they shouldn't
      this.server.use(cookieparser());
      this.server.use(
         bodyparser.json(),
@ -103,16 +103,17 @@ export default class Web {
         next();
      });

-      this.server.use(
-         compression({
-            filter: (req, res) => {
-               if (req.headers["x-no-compression"]) {
-                  return false;
-               }
-               return compression.filter(req, res);
-            },
-         })
-      );
+      // Compression will be handled by the reverse proxy!
+      // this.server.use(
+      //    compression({
+      //       filter: (req, res) => {
+      //          if (req.headers["x-no-compression"]) {
+      //             return false;
+      //          }
+      //          return compression.filter(req, res);
+      //       },
+      //    })
+      // );
   }

   private registerEndpoints() {
--- a/Backend/tsconfig.json
+++ b/Backend/tsconfig.json
@ -1,7 +1,11 @@
 {
   "compilerOptions": {
-      "target": "ESNext",
-      "module": "commonjs",
+      "target": "esnext",
+      "isolatedModules": true,
+      "noEmit": false,
+      "allowImportingTsExtensions": false,
+      "module": "nodenext",
+      "moduleResolution": "nodenext",
      "declaration": true,
      "sourceMap": true,
      "outDir": "./lib",
@ -11,7 +15,14 @@
      "emitDecoratorMetadata": true,
      "esModuleInterop": true
   },
-   "exclude": ["node_modules/"],
-   "files": ["src/express.d.ts"],
-   "include": ["./src"]
+   "exclude": [
+      "node_modules/",
+      "../node_modules/",
+   ],
+   "files": [
+      "src/express.d.ts"
+   ],
+   "include": [
+      "./src"
+   ]
 }
--- a/Frontend/package.json
+++ b/Frontend/package.json
@ -6,36 +6,36 @@
      "@hibas123/theme": "^2.0.7",
      "@hibas123/utils": "^2.2.18",
      "@popperjs/core": "^2.11.8",
-      "@rollup/plugin-commonjs": "^24.0.1",
-      "@rollup/plugin-html": "^1.0.3",
+      "@rollup/plugin-commonjs": "^28.0.6",
+      "@rollup/plugin-html": "^2.0.0",
      "@rollup/plugin-image": "^3.0.3",
-      "@rollup/plugin-node-resolve": "^15.0.2",
-      "@simplewebauthn/browser": "^7.2.0",
-      "@tsconfig/svelte": "^4.0.1",
-      "@types/cleave.js": "^1.4.7",
-      "autoprefixer": "^10.4.14",
-      "classnames": "^2.3.2",
+      "@rollup/plugin-node-resolve": "^16.0.1",
+      "@simplewebauthn/browser": "^13.2.0",
+      "@tsconfig/svelte": "^5.0.5",
+      "@types/cleave.js": "^1.4.12",
+      "autoprefixer": "^10.4.21",
+      "classnames": "^2.5.1",
      "cleave.js": "^1.6.0",
-      "cssnano": "^6.0.1",
-      "esbuild": "^0.17.16",
-      "flowbite": "^1.6.5",
-      "flowbite-svelte": "^0.34.9",
-      "joi": "^17.11.0",
-      "postcss": "^8.4.31",
-      "postcss-import": "^15.1.0",
+      "cssnano": "^7.1.1",
+      "esbuild": "^0.25.9",
+      "flowbite": "^3.1.2",
+      "flowbite-svelte": "^1.13.8",
+      "joi": "^18.0.1",
+      "postcss": "^8.5.6",
+      "postcss-import": "^16.1.1",
      "postcss-url": "^10.1.3",
-      "rollup": "^3.20.2",
-      "rollup-plugin-esbuild": "^5.0.0",
+      "rollup": "^4.50.2",
+      "rollup-plugin-esbuild": "^6.2.1",
      "rollup-plugin-hash": "^1.3.0",
      "rollup-plugin-livereload": "^2.0.5",
      "rollup-plugin-postcss": "^4.0.2",
-      "rollup-plugin-sizes": "^1.0.6",
-      "rollup-plugin-svelte": "^7.1.4",
-      "rollup-plugin-visualizer": "^5.9.0",
-      "svelte": "^3.58.0",
-      "svelte-preprocess": "^5.0.3",
-      "tailwindcss": "^3.3.1",
-      "typescript": "^5.0.4",
+      "rollup-plugin-sizes": "^1.1.0",
+      "rollup-plugin-svelte": "^7.2.3",
+      "rollup-plugin-visualizer": "^6.0.3",
+      "svelte": "^5.38.10",
+      "svelte-preprocess": "^6.0.3",
+      "tailwindcss": "^4.1.13",
+      "typescript": "^5.9.2",
      "what-the-pack": "^2.0.3"
   },
   "scripts": {
--- a/FrontendLegacy/package.json
+++ b/FrontendLegacy/package.json
@ -8,21 +8,21 @@
      "watch": "node build.js watch"
   },
   "dependencies": {
-      "handlebars": "^4.7.7"
+      "handlebars": "^4.7.8"
   },
   "devDependencies": {
-      "@material/button": "^5.1.0",
-      "@material/form-field": "^5.1.0",
-      "@material/radio": "^5.1.0",
-      "chokidar": "^3.5.3",
-      "gzip-size": "^6.0.0",
+      "@material/button": "^14.0.0",
+      "@material/form-field": "^14.0.0",
+      "@material/radio": "^14.0.0",
+      "chokidar": "^4.0.3",
+      "gzip-size": "^7.0.0",
      "html-minifier": "^4.0.0",
-      "preact": "^10.13.2",
-      "rollup": "^3.20.2",
+      "preact": "^10.27.2",
+      "rollup": "^4.50.2",
      "rollup-plugin-includepaths": "^0.2.4",
      "rollup-plugin-node-resolve": "^5.2.0",
-      "rollup-plugin-typescript2": "^0.34.1",
-      "sass": "^1.61.0",
-      "typescript": "^5.0.4"
+      "rollup-plugin-typescript2": "^0.36.0",
+      "sass": "^1.92.1",
+      "typescript": "^5.9.2"
   }
 }
--- a/_API/package.json
+++ b/_API/package.json
@ -14,6 +14,6 @@
   "author": "Fabian Stamm <Fabian.Stamm@polizei.hessen.de>",
   "license": "ISC",
   "devDependencies": {
-      "typescript": "^5.0.4"
+      "typescript": "^5.9.2"
   }
 }
--- a/_API/tsconfig-esm.json
+++ b/_API/tsconfig-esm.json
@ -13,7 +13,8 @@
      "preserveWatchOutput": true
   },
   "exclude": [
-      "node_modules"
+      "node_modules",
+      "../node_modules"
   ],
   "include": [
      "src"
--- a/_API/tsconfig.json
+++ b/_API/tsconfig.json
@ -13,7 +13,8 @@
      "preserveWatchOutput": true
   },
   "exclude": [
-      "node_modules"
+      "node_modules",
+      "../node_modules"
   ],
   "include": [
      "src"
--- a/package.json
+++ b/package.json
@ -18,6 +18,6 @@
      "_API"
   ],
   "dependencies": {
-      "@hibas123/jrpcgen": "^1.2.14"
+      "@hibas123/jrpcgen": "^1.2.20"
   }
 }
--- a/yarn.lock
+++ b/yarn.lock