From 44ba51cd38b7715200c31f4bfe6cfecdbacdbc20 Mon Sep 17 00:00:00 2001
From: rene <mail@motocamp.de>
Date: Tue, 12 May 2026 17:04:43 +0200
Subject: [PATCH 1/6] Feature: Gassi-Hundefotos bei Teilnehmern + Fotos nach
 dem Treffen (SW by-v878)

---
 backend/database.py              |  16 +++++
 backend/main.py                  |   2 +-
 backend/routes/walks.py          | 112 ++++++++++++++++++++++++++++++-
 backend/static/index.html        |  14 ++--
 backend/static/js/api.js         |   3 +
 backend/static/js/app.js         |   2 +-
 backend/static/js/pages/walks.js |  99 +++++++++++++++++++++++++--
 backend/static/sw.js             |   2 +-
 8 files changed, 230 insertions(+), 20 deletions(-)

diff --git a/backend/database.py b/backend/database.py
index 50f50ee..3d9757f 100644
--- a/backend/database.py
+++ b/backend/database.py
@@ -2210,6 +2210,22 @@ def _migrate(conn_factory):
         except Exception:
             pass
 
+        # Gassi-Treffen Fotos
+        try:
+            conn.execute("""
+                CREATE TABLE IF NOT EXISTS walk_photos (
+                    id         INTEGER PRIMARY KEY AUTOINCREMENT,
+                    walk_id    INTEGER NOT NULL REFERENCES walks(id) ON DELETE CASCADE,
+                    user_id    INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+                    url        TEXT NOT NULL,
+                    created_at TEXT NOT NULL DEFAULT (datetime('now'))
+                )
+            """)
+            conn.execute("CREATE INDEX IF NOT EXISTS idx_walk_photos_walk ON walk_photos(walk_id)")
+            logger.info("Migration: walk_photos bereit.")
+        except Exception as e:
+            logger.warning(f"Migration walk_photos: {e}")
+
         # Versicherungs-Verwaltung
         try:
             conn.execute("""
diff --git a/backend/main.py b/backend/main.py
index 581b849..1971763 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -376,7 +376,7 @@ if STAGING and os.path.isdir(PROD_MEDIA_DIR):
 else:
     app.mount("/media", StaticFiles(directory=MEDIA_DIR), name="media")
 
-APP_VER = "877"  # muss mit APP_VER in app.js übereinstimmen
+APP_VER = "878"  # muss mit APP_VER in app.js übereinstimmen
 
 @app.get("/.well-known/assetlinks.json")
 async def assetlinks():
diff --git a/backend/routes/walks.py b/backend/routes/walks.py
index 85bea3d..03074f3 100644
--- a/backend/routes/walks.py
+++ b/backend/routes/walks.py
@@ -1,15 +1,17 @@
 """BAN YARO — Gassi-Treffen"""
 
-import math
+import math, os, uuid
 import httpx
 from datetime import date
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends, HTTPException, UploadFile, File
 from pydantic import BaseModel
 from typing import Optional, List
 from database import db
 from auth import get_current_user
 from routes.push import send_push_to_user
 
+MEDIA_DIR = os.getenv("MEDIA_DIR", "/data/media")
+
 router = APIRouter()
 
 
@@ -371,9 +373,34 @@ async def get_walk(walk_id: int):
             GROUP BY wp.user_id
         """, (walk_id,)).fetchall()
 
+        # Hunde-Details (Foto + Rasse) pro Teilnehmer
+        dog_rows = conn.execute("""
+            SELECT wpd.user_id, d.name AS dog_name, d.foto_url, d.rasse
+            FROM walk_participant_dogs wpd
+            JOIN dogs d ON d.id = wpd.dog_id
+            WHERE wpd.walk_id = ?
+        """, (walk_id,)).fetchall()
+
+        # Walk-Fotos
+        photos = conn.execute(
+            "SELECT id, user_id, url, created_at FROM walk_photos WHERE walk_id=? ORDER BY created_at",
+            (walk_id,)
+        ).fetchall()
+
+    from collections import defaultdict
+    dogs_by_user = defaultdict(list)
+    for r in dog_rows:
+        dogs_by_user[r['user_id']].append({
+            'name': r['dog_name'], 'foto_url': r['foto_url'], 'rasse': r['rasse']
+        })
+
     result = dict(walk)
-    result['teilnehmer'] = [dict(p) for p in participants]
+    result['teilnehmer'] = [
+        {**dict(p), 'hunde_liste': dogs_by_user.get(p['user_id'], [])}
+        for p in participants
+    ]
     result['teilnehmer_count'] = len(result['teilnehmer'])
+    result['photos'] = [dict(p) for p in photos]
     return result
 
 
@@ -508,3 +535,82 @@ async def leave_walk(walk_id: int, user=Depends(get_current_user)):
             conn.execute("UPDATE walks SET status = 'offen' WHERE id = ?", (walk_id,))
 
     return {"status": "left", "teilnehmer_count": count}
+
+
+# ------------------------------------------------------------------
+# POST /api/walks/{id}/photos — Foto nach dem Treffen hochladen
+# GET  /api/walks/{id}/photos — Fotos eines Treffens abrufen
+# ------------------------------------------------------------------
+@router.post("/{walk_id}/photos", status_code=201)
+async def upload_walk_photo(
+    walk_id: int,
+    file: UploadFile = File(...),
+    user=Depends(get_current_user)
+):
+    with db() as conn:
+        walk = conn.execute("SELECT * FROM walks WHERE id=?", (walk_id,)).fetchone()
+        if not walk:
+            raise HTTPException(404, "Treffen nicht gefunden.")
+        # Nur Teilnehmer oder Veranstalter dürfen Fotos hochladen
+        is_participant = conn.execute(
+            "SELECT 1 FROM walk_participants WHERE walk_id=? AND user_id=?",
+            (walk_id, user['id'])
+        ).fetchone()
+        if not is_participant and walk['user_id'] != user['id']:
+            raise HTTPException(403, "Nur Teilnehmer können Fotos hochladen.")
+
+    import io
+    from PIL import Image, ImageOps
+    try:
+        import pillow_heif; pillow_heif.register_heif_opener()
+    except ImportError:
+        pass
+
+    raw = await file.read()
+    try:
+        img = Image.open(io.BytesIO(raw))
+        img = ImageOps.exif_transpose(img).convert("RGB")
+        buf = io.BytesIO()
+        img.save(buf, format="JPEG", quality=88)
+        raw = buf.getvalue()
+    except Exception:
+        pass
+
+    filename = f"walk_{walk_id}_{uuid.uuid4().hex[:8]}.jpg"
+    path = os.path.join(MEDIA_DIR, "walks", filename)
+    os.makedirs(os.path.dirname(path), exist_ok=True)
+    with open(path, "wb") as f:
+        f.write(raw)
+
+    url = f"/media/walks/{filename}"
+    with db() as conn:
+        cur = conn.execute(
+            "INSERT INTO walk_photos (walk_id, user_id, url) VALUES (?,?,?)",
+            (walk_id, user['id'], url)
+        )
+        row = conn.execute("SELECT * FROM walk_photos WHERE id=?", (cur.lastrowid,)).fetchone()
+    return dict(row)
+
+
+@router.get("/{walk_id}/photos")
+async def get_walk_photos(walk_id: int):
+    with db() as conn:
+        rows = conn.execute(
+            "SELECT * FROM walk_photos WHERE walk_id=? ORDER BY created_at",
+            (walk_id,)
+        ).fetchall()
+    return [dict(r) for r in rows]
+
+
+@router.delete("/{walk_id}/photos/{photo_id}", status_code=204)
+async def delete_walk_photo(walk_id: int, photo_id: int, user=Depends(get_current_user)):
+    with db() as conn:
+        photo = conn.execute(
+            "SELECT * FROM walk_photos WHERE id=? AND walk_id=?", (photo_id, walk_id)
+        ).fetchone()
+        if not photo:
+            raise HTTPException(404)
+        walk = conn.execute("SELECT user_id FROM walks WHERE id=?", (walk_id,)).fetchone()
+        if photo['user_id'] != user['id'] and walk['user_id'] != user['id']:
+            raise HTTPException(403)
+        conn.execute("DELETE FROM walk_photos WHERE id=?", (photo_id,))
diff --git a/backend/static/index.html b/backend/static/index.html
index eca24fc..10c0040 100644
--- a/backend/static/index.html
+++ b/backend/static/index.html
@@ -101,9 +101,9 @@
   </script>
 
   <!-- CSS: Reihenfolge ist wichtig — ?v= zwingt Browser zur Neuladung -->
-  <link rel="stylesheet" href="/css/design-system.css?v=877">
-  <link rel="stylesheet" href="/css/layout.css?v=877">
-  <link rel="stylesheet" href="/css/components.css?v=877">
+  <link rel="stylesheet" href="/css/design-system.css?v=878">
+  <link rel="stylesheet" href="/css/layout.css?v=878">
+  <link rel="stylesheet" href="/css/components.css?v=878">
 </head>
 <body>
 
@@ -583,10 +583,10 @@
 <div id="modal-container"></div>
 
 <!-- JS: Reihenfolge ist wichtig — erst Basis, dann Features -->
-<script src="/js/api.js?v=877"></script>
-<script src="/js/ui.js?v=877"></script>
-<script src="/js/app.js?v=877"></script>
-<script src="/js/worlds.js?v=877"></script>
+<script src="/js/api.js?v=878"></script>
+<script src="/js/ui.js?v=878"></script>
+<script src="/js/app.js?v=878"></script>
+<script src="/js/worlds.js?v=878"></script>
 
 <!-- Feature-Seiten werden lazy geladen -->
 
diff --git a/backend/static/js/api.js b/backend/static/js/api.js
index b383d66..7a341a1 100644
--- a/backend/static/js/api.js
+++ b/backend/static/js/api.js
@@ -346,6 +346,9 @@ const API = (() => {
     invite(id, friendId)      { return post(`/walks/${id}/invite`, { friend_id: friendId }); },
     rsvp(id, status)          { return post(`/walks/${id}/rsvp`, { status }); },
     participants(id)          { return get(`/walks/${id}/participants`); },
+    photos(id)                { return get(`/walks/${id}/photos`); },
+    uploadPhoto(id, formData) { return upload(`/walks/${id}/photos`, formData); },
+    deletePhoto(id, photoId)  { return del(`/walks/${id}/photos/${photoId}`); },
   };
 
   // ----------------------------------------------------------
diff --git a/backend/static/js/app.js b/backend/static/js/app.js
index 76478d3..759a280 100644
--- a/backend/static/js/app.js
+++ b/backend/static/js/app.js
@@ -3,7 +3,7 @@
    Router, State-Management, Navigation, Initialisierung.
    ============================================================ */
 
-const APP_VER     = '877'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
+const APP_VER     = '878'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
 const APP_VERSION = '1.5.1'; // ← semantische Version, wird bei make release gesetzt
 const IS_STAGING  = location.hostname === 'staging.banyaro.app';
 // Cache-Bust-Parameter nach Update-Reload sofort entfernen
diff --git a/backend/static/js/pages/walks.js b/backend/static/js/pages/walks.js
index f08d5e9..2f2fab5 100644
--- a/backend/static/js/pages/walks.js
+++ b/backend/static/js/pages/walks.js
@@ -393,14 +393,31 @@ window.Page_walks = (() => {
     const isInvited  = !!myRsvp;
     const invitations = participantData?.invitations ?? [];
 
-    // Teilnehmerliste (join-Teilnehmer, klassisch)
+    // Teilnehmerliste mit Hundefotos
     const teilnehmerHTML = walk.teilnehmer?.length
-      ? walk.teilnehmer.map(t => `
-          <div class="walks-participant">
-            <div class="walks-inv-avatar walks-inv-avatar--sm">${_avatarInitials(t.user_name)}</div>
-            <span class="walks-participant-name">${UI.escape(t.user_name)}</span>
-            ${t.hunde ? `<span class="walks-participant-hunde">${UI.icon('dog')} ${UI.escape(t.hunde)}</span>` : ''}
-          </div>`).join('')
+      ? walk.teilnehmer.map(t => {
+          const dogsHTML = (t.hunde_liste || []).map(d => {
+            const av = d.foto_url
+              ? `<img src="${UI.escape(d.foto_url)}" alt="${UI.escape(d.name)}"
+                      style="width:28px;height:28px;border-radius:50%;object-fit:cover;flex-shrink:0;border:1.5px solid var(--c-border)">`
+              : `<div style="width:28px;height:28px;border-radius:50%;background:var(--c-surface-2);
+                             display:flex;align-items:center;justify-content:center;flex-shrink:0;border:1.5px solid var(--c-border)">
+                   <svg class="ph-icon" style="width:14px;height:14px;color:var(--c-text-muted)" aria-hidden="true"><use href="/icons/phosphor.svg#dog"></use></svg>
+                 </div>`;
+            return `<div style="display:flex;align-items:center;gap:4px">
+              ${av}
+              <span style="font-size:var(--text-xs);color:var(--c-text-secondary)">${UI.escape(d.name)}${d.rasse ? ` · ${UI.escape(d.rasse)}` : ''}</span>
+            </div>`;
+          }).join('');
+          return `
+            <div class="walks-participant">
+              <div class="walks-inv-avatar walks-inv-avatar--sm">${_avatarInitials(t.user_name)}</div>
+              <div style="flex:1;min-width:0">
+                <div class="walks-participant-name">${UI.escape(t.user_name)}</div>
+                ${dogsHTML ? `<div style="display:flex;flex-wrap:wrap;gap:var(--space-1);margin-top:4px">${dogsHTML}</div>` : ''}
+              </div>
+            </div>`;
+        }).join('')
       : '';
 
     // Einladungsliste
@@ -468,6 +485,31 @@ window.Page_walks = (() => {
         <div id="wd-rating-${walk.id}"></div>
       </div>
 
+      <!-- Fotos nach dem Treffen -->
+      <div class="walks-detail-section" id="wd-photos-section">
+        <div style="display:flex;align-items:center;justify-content:space-between;margin-bottom:var(--space-2)">
+          <div class="walks-detail-section-label" style="margin-bottom:0">${UI.icon('images')} Fotos</div>
+          ${(isPast || _isToday(walk.datum)) && (isJoined || isOwn) ? `
+            <label style="cursor:pointer">
+              <input type="file" id="wd-photo-input" accept="image/*" style="display:none">
+              <span class="btn btn-secondary btn-sm">${UI.icon('camera')} Foto hinzufügen</span>
+            </label>` : ''}
+        </div>
+        <div id="wd-photos-grid" style="display:grid;grid-template-columns:repeat(3,1fr);gap:4px;margin-top:var(--space-2)">
+          ${(walk.photos || []).length === 0
+            ? `<p style="grid-column:1/-1;color:var(--c-text-muted);font-size:var(--text-sm)">Noch keine Fotos.</p>`
+            : (walk.photos || []).map(p => `
+                <div style="position:relative;aspect-ratio:1">
+                  <img src="${UI.escape(p.url)}" style="width:100%;height:100%;object-fit:cover;border-radius:var(--radius-sm);cursor:pointer"
+                       onclick="UI.lightbox?.show?.([{ url:'${UI.escape(p.url)}' }], 0)">
+                  ${p.user_id === _appState.user?.id || isOwn ? `
+                    <button type="button" class="wd-photo-del" data-photo-id="${p.id}"
+                            style="position:absolute;top:3px;right:3px;background:rgba(0,0,0,.6);color:#fff;border:none;border-radius:50%;width:20px;height:20px;cursor:pointer;font-size:11px;display:flex;align-items:center;justify-content:center;padding:0">✕</button>
+                  ` : ''}
+                </div>`).join('')}
+        </div>
+      </div>
+
       <p style="color:var(--c-text-muted);font-size:0.8rem;margin-top:var(--space-4)">
         Veranstaltet von ${UI.escape(walk.veranstalter_name || 'Unbekannt')}
       </p>
@@ -525,6 +567,49 @@ window.Page_walks = (() => {
 
     document.getElementById('wd-close')?.addEventListener('click', UI.modal.close);
 
+    // Foto-Upload
+    document.getElementById('wd-photo-input')?.addEventListener('change', async function() {
+      if (!this.files.length) return;
+      const file = this.files[0];
+      const formData = new FormData();
+      formData.append('file', file);
+      try {
+        const photo = await API.walks.uploadPhoto(walk.id, formData);
+        const grid = document.getElementById('wd-photos-grid');
+        if (grid) {
+          grid.querySelector('p')?.remove();
+          const div = document.createElement('div');
+          div.style.cssText = 'position:relative;aspect-ratio:1';
+          div.innerHTML = `
+            <img src="${UI.escape(photo.url)}" style="width:100%;height:100%;object-fit:cover;border-radius:var(--radius-sm);cursor:pointer"
+                 onclick="UI.lightbox?.show?.([{ url:'${UI.escape(photo.url)}' }], 0)">
+            <button type="button" class="wd-photo-del" data-photo-id="${photo.id}"
+                    style="position:absolute;top:3px;right:3px;background:rgba(0,0,0,.6);color:#fff;border:none;border-radius:50%;width:20px;height:20px;cursor:pointer;font-size:11px;display:flex;align-items:center;justify-content:center;padding:0">✕</button>`;
+          grid.appendChild(div);
+          _bindPhotoDel(walk.id, div);
+          UI.toast.success('Foto hochgeladen.');
+        }
+      } catch (err) {
+        UI.toast.error(err.message || 'Fehler beim Hochladen.');
+      }
+      this.value = '';
+    });
+
+    // Foto löschen — alle bestehenden Buttons
+    function _bindPhotoDel(walkId, container) {
+      container.querySelectorAll('.wd-photo-del').forEach(btn => {
+        btn.addEventListener('click', async () => {
+          if (!window.confirm('Foto löschen?')) return;
+          try {
+            await API.walks.deletePhoto(walkId, parseInt(btn.dataset.photoId));
+            btn.closest('[style*="aspect-ratio"]')?.remove();
+            UI.toast.success('Foto gelöscht.');
+          } catch (err) { UI.toast.error(err.message || 'Fehler.'); }
+        });
+      });
+    }
+    _bindPhotoDel(walk.id, document);
+
     document.getElementById('wd-login')?.addEventListener('click', () => {
       UI.modal.close();
       App.navigate('settings');
diff --git a/backend/static/sw.js b/backend/static/sw.js
index d6ce60f..91c4cd8 100644
--- a/backend/static/sw.js
+++ b/backend/static/sw.js
@@ -3,7 +3,7 @@
    Offline-Cache + Push Notifications + Tile-Cache
    ============================================================ */
 
-const CACHE_VERSION = 'by-v877';
+const CACHE_VERSION = 'by-v878';
 const CACHE_STATIC  = `${CACHE_VERSION}-static`;
 const CACHE_TILES   = 'ban-yaro-tiles-v1';  // bleibt über SW-Updates erhalten
 const CACHE_API     = 'ban-yaro-api-v1';    // API-Response-Cache

From 465dc2e4d369b183d7e3e5b19c98a474dcc4b1ca Mon Sep 17 00:00:00 2001
From: rene <mail@motocamp.de>
Date: Tue, 12 May 2026 17:17:36 +0200
Subject: [PATCH 2/6] =?UTF-8?q?Security:=20Auth-gesch=C3=BCtzte=20Media-En?=
 =?UTF-8?q?dpoints=20f=C3=BCr=20Diary+Health,=20Walk-Foto-Naming=20(SW=20b?=
 =?UTF-8?q?y-v879)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/main.py           | 111 +++++++++++++++++++++++++++++++-------
 backend/routes/walks.py   |  11 +++-
 backend/static/index.html |  14 ++---
 backend/static/js/app.js  |   2 +-
 backend/static/sw.js      |   2 +-
 5 files changed, 110 insertions(+), 30 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index 1971763..4e8cbd1 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -354,29 +354,100 @@ _MIME_MAP = {
     ".webm": "video/webm", ".pdf": "application/pdf",
 }
 
-if STAGING and os.path.isdir(PROD_MEDIA_DIR):
-    # Staging: eigene Uploads in MEDIA_DIR, Fallback auf Prod-Medien (read-only)
-    from fastapi.responses import FileResponse as _FileResponse
+from fastapi import Request as _Request
+from fastapi.responses import FileResponse as _FileResponse
+from auth import decode_token as _decode_token
 
-    def _media_response(filepath: str):
-        ext = os.path.splitext(filepath)[1].lower()
-        mt  = _MIME_MAP.get(ext, "application/octet-stream")
-        return _FileResponse(filepath, media_type=mt)
+# Pfade die Login erfordern (Eigentümer-Check)
+_OWNER_PROTECTED = ("diary/", "health/")
+# Pfade die nur Login erfordern (kein Eigentümer-Check nötig)
+_AUTH_ONLY       = ("walks/",)
 
-    @app.api_route("/media/{path:path}", methods=["GET", "HEAD"])
-    async def serve_media_staging(path: str):
-        staging_file = os.path.join(MEDIA_DIR, path)
-        if os.path.isfile(staging_file):
-            return _media_response(staging_file)
-        prod_file = os.path.join(PROD_MEDIA_DIR, path)
-        if os.path.isfile(prod_file):
-            return _media_response(prod_file)
-        from fastapi import HTTPException as _HE
-        raise _HE(404, "Media not found")
-else:
-    app.mount("/media", StaticFiles(directory=MEDIA_DIR), name="media")
 
-APP_VER = "878"  # muss mit APP_VER in app.js übereinstimmen
+def _uid_from_request(request: _Request):
+    token = request.cookies.get("by_token")
+    if not token:
+        return None
+    try:
+        return int(_decode_token(token)["sub"])
+    except Exception:
+        return None
+
+
+def _media_response(filepath: str):
+    ext = os.path.splitext(filepath)[1].lower()
+    mt  = _MIME_MAP.get(ext, "application/octet-stream")
+    return _FileResponse(filepath, media_type=mt,
+                         headers={"Cache-Control": "private, max-age=3600"})
+
+
+def _resolve_media_path(path: str) -> str | None:
+    """Gibt den echten Dateipfad zurück — Staging sucht zuerst lokal, dann Prod."""
+    primary = os.path.join(MEDIA_DIR, path)
+    if os.path.isfile(primary):
+        return primary
+    if STAGING and os.path.isdir(PROD_MEDIA_DIR):
+        fallback = os.path.join(PROD_MEDIA_DIR, path)
+        if os.path.isfile(fallback):
+            return fallback
+    return None
+
+
+@app.api_route("/media/{path:path}", methods=["GET", "HEAD"])
+async def serve_media(path: str, request: _Request):
+    from fastapi import HTTPException as _HE
+
+    prefix = path.split("/")[0] + "/"
+    filename = path.split("/", 1)[1] if "/" in path else path
+
+    # Auth-Pflicht für geschützte Pfade
+    if prefix in _OWNER_PROTECTED or prefix in _AUTH_ONLY:
+        uid = _uid_from_request(request)
+        if not uid:
+            raise _HE(401, "Anmeldung erforderlich.")
+
+        if prefix in _OWNER_PROTECTED:
+            # Eigentümer-Check: Datei muss zum eingeloggten User gehören
+            # Preview-Dateien (foo_preview.webp) → Basis-Stem suchen
+            stem = filename.rsplit("_preview", 1)[0] if "_preview" in filename else filename.rsplit(".", 1)[0]
+            with db() as conn:
+                if prefix == "diary/":
+                    row = conn.execute("""
+                        SELECT dm.id FROM diary_media dm
+                        JOIN diary d ON d.id = dm.diary_id
+                        JOIN dogs dog ON dog.id = d.dog_id
+                        LEFT JOIN dog_shares ds
+                            ON ds.dog_id = dog.id AND ds.shared_with_id = ?
+                            AND ds.accepted_at IS NOT NULL
+                        WHERE (dog.user_id = ? OR ds.id IS NOT NULL)
+                          AND dm.url LIKE ?
+                        LIMIT 1
+                    """, (uid, uid, f'/media/diary/{stem}%')).fetchone()
+                else:  # health/
+                    row = conn.execute("""
+                        SELECT hm.id FROM health_media hm
+                        JOIN health h ON h.id = hm.health_id
+                        JOIN dogs dog ON dog.id = h.dog_id
+                        WHERE dog.user_id = ? AND hm.url LIKE ?
+                        LIMIT 1
+                    """, (uid, f'/media/health/{stem}%')).fetchone()
+                    # Fallback: dokument_url (alte Einzel-Uploads)
+                    if not row:
+                        row = conn.execute("""
+                            SELECT h.id FROM health h
+                            JOIN dogs dog ON dog.id = h.dog_id
+                            WHERE dog.user_id = ? AND h.dokument_url LIKE ?
+                            LIMIT 1
+                        """, (uid, f'/media/health/{stem}%')).fetchone()
+            if not row:
+                raise _HE(403, "Zugriff verweigert.")
+
+    filepath = _resolve_media_path(path)
+    if not filepath:
+        raise _HE(404, "Nicht gefunden.")
+    return _media_response(filepath)
+
+APP_VER = "879"  # muss mit APP_VER in app.js übereinstimmen
 
 @app.get("/.well-known/assetlinks.json")
 async def assetlinks():
diff --git a/backend/routes/walks.py b/backend/routes/walks.py
index 03074f3..3a0c48b 100644
--- a/backend/routes/walks.py
+++ b/backend/routes/walks.py
@@ -576,7 +576,16 @@ async def upload_walk_photo(
     except Exception:
         pass
 
-    filename = f"walk_{walk_id}_{uuid.uuid4().hex[:8]}.jpg"
+    import re as _re
+    walk_datum  = walk['datum'] or "0000-00-00"  # YYYY-MM-DD
+    uname_raw   = (user.get('name') or 'user').lower()
+    uname_safe  = _re.sub(r'[^a-z0-9]', '-', uname_raw)[:20].strip('-')
+    with db() as conn:
+        count = conn.execute(
+            "SELECT COUNT(*) FROM walk_photos WHERE walk_id=? AND user_id=?",
+            (walk_id, user['id'])
+        ).fetchone()[0]
+    filename = f"{walk_datum}-{uname_safe}-{count + 1:03d}.jpg"
     path = os.path.join(MEDIA_DIR, "walks", filename)
     os.makedirs(os.path.dirname(path), exist_ok=True)
     with open(path, "wb") as f:
diff --git a/backend/static/index.html b/backend/static/index.html
index 10c0040..5b09df8 100644
--- a/backend/static/index.html
+++ b/backend/static/index.html
@@ -101,9 +101,9 @@
   </script>
 
   <!-- CSS: Reihenfolge ist wichtig — ?v= zwingt Browser zur Neuladung -->
-  <link rel="stylesheet" href="/css/design-system.css?v=878">
-  <link rel="stylesheet" href="/css/layout.css?v=878">
-  <link rel="stylesheet" href="/css/components.css?v=878">
+  <link rel="stylesheet" href="/css/design-system.css?v=879">
+  <link rel="stylesheet" href="/css/layout.css?v=879">
+  <link rel="stylesheet" href="/css/components.css?v=879">
 </head>
 <body>
 
@@ -583,10 +583,10 @@
 <div id="modal-container"></div>
 
 <!-- JS: Reihenfolge ist wichtig — erst Basis, dann Features -->
-<script src="/js/api.js?v=878"></script>
-<script src="/js/ui.js?v=878"></script>
-<script src="/js/app.js?v=878"></script>
-<script src="/js/worlds.js?v=878"></script>
+<script src="/js/api.js?v=879"></script>
+<script src="/js/ui.js?v=879"></script>
+<script src="/js/app.js?v=879"></script>
+<script src="/js/worlds.js?v=879"></script>
 
 <!-- Feature-Seiten werden lazy geladen -->
 
diff --git a/backend/static/js/app.js b/backend/static/js/app.js
index 759a280..82f2ac3 100644
--- a/backend/static/js/app.js
+++ b/backend/static/js/app.js
@@ -3,7 +3,7 @@
    Router, State-Management, Navigation, Initialisierung.
    ============================================================ */
 
-const APP_VER     = '878'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
+const APP_VER     = '879'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
 const APP_VERSION = '1.5.1'; // ← semantische Version, wird bei make release gesetzt
 const IS_STAGING  = location.hostname === 'staging.banyaro.app';
 // Cache-Bust-Parameter nach Update-Reload sofort entfernen
diff --git a/backend/static/sw.js b/backend/static/sw.js
index 91c4cd8..1cff854 100644
--- a/backend/static/sw.js
+++ b/backend/static/sw.js
@@ -3,7 +3,7 @@
    Offline-Cache + Push Notifications + Tile-Cache
    ============================================================ */
 
-const CACHE_VERSION = 'by-v878';
+const CACHE_VERSION = 'by-v879';
 const CACHE_STATIC  = `${CACHE_VERSION}-static`;
 const CACHE_TILES   = 'ban-yaro-tiles-v1';  // bleibt über SW-Updates erhalten
 const CACHE_API     = 'ban-yaro-api-v1';    // API-Response-Cache

From bf1087c5e1e0ac5b39526c58dffae583f6015c21 Mon Sep 17 00:00:00 2001
From: rene <mail@motocamp.de>
Date: Tue, 12 May 2026 17:28:16 +0200
Subject: [PATCH 3/6] =?UTF-8?q?Feature+Security:=20DSGVO-Datenexport,=20au?=
 =?UTF-8?q?th-gesch=C3=BCtzte=20Media,=20Datenschutzerkl=C3=A4rung=20v2=20?=
 =?UTF-8?q?(SW=20by-v880)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/main.py                        |   2 +-
 backend/routes/profile.py              | 174 +++++++++++++++++++++++++
 backend/static/index.html              |  14 +-
 backend/static/js/app.js               |   2 +-
 backend/static/js/pages/datenschutz.js |  62 ++++++---
 backend/static/js/pages/settings.js    |  35 +++++
 backend/static/sw.js                   |   2 +-
 7 files changed, 264 insertions(+), 27 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index 4e8cbd1..c975351 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -447,7 +447,7 @@ async def serve_media(path: str, request: _Request):
         raise _HE(404, "Nicht gefunden.")
     return _media_response(filepath)
 
-APP_VER = "879"  # muss mit APP_VER in app.js übereinstimmen
+APP_VER = "880"  # muss mit APP_VER in app.js übereinstimmen
 
 @app.get("/.well-known/assetlinks.json")
 async def assetlinks():
diff --git a/backend/routes/profile.py b/backend/routes/profile.py
index 783951f..587fff5 100644
--- a/backend/routes/profile.py
+++ b/backend/routes/profile.py
@@ -167,3 +167,177 @@ async def delete_account(user=Depends(get_current_user)):
         conn.execute("DELETE FROM forum_posts WHERE user_id=?", (uid,))
         conn.execute("DELETE FROM users WHERE id=?", (uid,))
     return {"status": "deleted"}
+
+
+# ----------------------------------------------------------
+# GET /profile/export — DSGVO Datenexport (Art. 20)
+# ----------------------------------------------------------
+@router.get('/export')
+async def export_user_data(user=Depends(get_current_user)):
+    """Gibt alle personenbezogenen Daten des Users als JSON zurück."""
+    import json as _json
+    from datetime import datetime as _dt
+    from fastapi.responses import Response as _Response
+    uid = user['id']
+
+    with db() as conn:
+        # --- Nutzerprofil ---
+        u = dict(conn.execute(
+            "SELECT id, name, email, bio, wohnort, erfahrung, social_link, "
+            "email_verified, is_premium, subscription_tier, created_at "
+            "FROM users WHERE id=?", (uid,)
+        ).fetchone() or {})
+
+        # --- Hunde ---
+        dogs_raw = conn.execute(
+            "SELECT * FROM dogs WHERE user_id=?", (uid,)
+        ).fetchall()
+        dogs_out = []
+
+        for dog in dogs_raw:
+            did = dog['id']
+            d = dict(dog)
+
+            # Tagebuch
+            diary_rows = conn.execute(
+                "SELECT id, datum, typ, titel, text, gps_lat, gps_lon, "
+                "location_name, is_milestone, created_at FROM diary WHERE dog_id=?",
+                (did,)
+            ).fetchall()
+            diary_out = []
+            for de in diary_rows:
+                de_dict = dict(de)
+                media = conn.execute(
+                    "SELECT url, preview_url, media_type FROM diary_media WHERE diary_id=?",
+                    (de['id'],)
+                ).fetchall()
+                de_dict['media'] = [dict(m) for m in media]
+                diary_out.append(de_dict)
+
+            # Gesundheit
+            health_rows = conn.execute(
+                "SELECT id, typ, bezeichnung, datum, naechstes, notiz, "
+                "schweregrad, reaktion, dosierung, haeufigkeit, "
+                "tierarzt_name, charge_nr FROM health WHERE dog_id=?",
+                (did,)
+            ).fetchall()
+            health_out = []
+            for he in health_rows:
+                he_dict = dict(he)
+                media = conn.execute(
+                    "SELECT url, media_type FROM health_media WHERE health_id=?",
+                    (he['id'],)
+                ).fetchall()
+                he_dict['media'] = [dict(m) for m in media]
+                health_out.append(he_dict)
+
+            # Trainingsfortschritt
+            progress = conn.execute(
+                "SELECT exercise_id, status, updated_at FROM exercise_progress "
+                "WHERE dog_id=?", (did,)
+            ).fetchall()
+
+            # Ausgaben
+            expenses = conn.execute(
+                "SELECT datum, betrag, kategorie, notiz, is_recurring "
+                "FROM expenses WHERE dog_id=?", (did,)
+            ).fetchall()
+
+            # Verhalten
+            behavior = conn.execute(
+                "SELECT datum, uhrzeit, kategorie, intensitaet, trigger, notiz "
+                "FROM behavior_log WHERE dog_id=?", (did,)
+            ).fetchall()
+
+            # Versicherung
+            insurance = conn.execute(
+                "SELECT anbieter, police_nr, jahresbeitrag, kontakt, ablaufdatum, notizen "
+                "FROM dog_insurance WHERE dog_id=?", (did,)
+            ).fetchall()
+
+            # Ernährungs-Profil
+            ern = conn.execute(
+                "SELECT futter_typ, marke, kcal_tag, portionen, notizen "
+                "FROM futter_profil WHERE dog_id=?", (did,)
+            ).fetchone()
+
+            # Futter-Einträge
+            futter = conn.execute(
+                "SELECT datum, uhrzeit, futter_name, futter_typ, menge_g, notiz "
+                "FROM futter_eintraege WHERE dog_id=?", (did,)
+            ).fetchall()
+
+            # Futter-Reaktionen
+            reaktionen = conn.execute(
+                "SELECT datum, uhrzeit, reaktion_typ, intensitaet, notiz "
+                "FROM futter_reaktionen WHERE dog_id=?", (did,)
+            ).fetchall()
+
+            # Routen (via route_dogs)
+            routes = conn.execute(
+                "SELECT r.name, r.distanz_km, r.gps_track IS NOT NULL AS hat_track, "
+                "date(r.created_at) AS datum "
+                "FROM routes r JOIN route_dogs rd ON rd.route_id=r.id "
+                "WHERE rd.dog_id=?", (did,)
+            ).fetchall()
+
+            d['tagebuch']          = diary_out
+            d['gesundheit']        = [dict(h) for h in health_out]
+            d['trainingsfortschritt'] = [dict(p) for p in progress]
+            d['ausgaben']          = [dict(e) for e in expenses]
+            d['verhaltensprotokoll'] = [dict(b) for b in behavior]
+            d['versicherung']      = [dict(i) for i in insurance]
+            d['ernaehrungsprofil'] = dict(ern) if ern else None
+            d['futter_eintraege']  = [dict(f) for f in futter]
+            d['futter_reaktionen'] = [dict(r) for r in reaktionen]
+            d['routen']            = [dict(r) for r in routes]
+            dogs_out.append(d)
+
+        # --- Forum-Beiträge ---
+        forum = conn.execute(
+            "SELECT ft.title, fp.content, fp.created_at, "
+            "CASE WHEN fp.parent_id IS NULL THEN 'Thread' ELSE 'Antwort' END AS art "
+            "FROM forum_posts fp "
+            "LEFT JOIN forum_threads ft ON ft.id = fp.thread_id "
+            "WHERE fp.user_id=? ORDER BY fp.created_at DESC",
+            (uid,)
+        ).fetchall()
+
+        # --- Gassi-Teilnahmen ---
+        walk_participations = conn.execute(
+            "SELECT w.titel, w.datum, w.uhrzeit, w.ort_name "
+            "FROM walk_participants wp JOIN walks w ON w.id=wp.walk_id "
+            "WHERE wp.user_id=?", (uid,)
+        ).fetchall()
+
+        # --- Gassi-Fotos ---
+        walk_photos = conn.execute(
+            "SELECT wp.url, w.datum AS walk_datum, w.titel AS walk_titel, wp.created_at "
+            "FROM walk_photos wp JOIN walks w ON w.id=wp.walk_id "
+            "WHERE wp.user_id=?", (uid,)
+        ).fetchall()
+
+        # --- Push-Subscriptions (Anzahl, kein raw endpoint) ---
+        push_count = conn.execute(
+            "SELECT COUNT(*) FROM push_subscriptions WHERE user_id=?", (uid,)
+        ).fetchone()[0]
+
+    export = {
+        "export_erstellt":       _dt.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ"),
+        "hinweis":               "Dieser Export enthält alle personenbezogenen Daten deines Ban-Yaro-Kontos gemäß Art. 20 DSGVO.",
+        "profil":                u,
+        "hunde":                 dogs_out,
+        "forum_beitraege":       [dict(f) for f in forum],
+        "gassi_teilnahmen":      [dict(w) for w in walk_participations],
+        "gassi_fotos":           [dict(p) for p in walk_photos],
+        "push_subscriptions":    push_count,
+    }
+
+    content    = _json.dumps(export, ensure_ascii=False, indent=2, default=str)
+    today      = _dt.utcnow().strftime("%Y-%m-%d")
+    filename   = f"banyaro-export-{today}.json"
+    return _Response(
+        content    = content,
+        media_type = "application/json",
+        headers    = {"Content-Disposition": f'attachment; filename="{filename}"'},
+    )
diff --git a/backend/static/index.html b/backend/static/index.html
index 5b09df8..8711e3b 100644
--- a/backend/static/index.html
+++ b/backend/static/index.html
@@ -101,9 +101,9 @@
   </script>
 
   <!-- CSS: Reihenfolge ist wichtig — ?v= zwingt Browser zur Neuladung -->
-  <link rel="stylesheet" href="/css/design-system.css?v=879">
-  <link rel="stylesheet" href="/css/layout.css?v=879">
-  <link rel="stylesheet" href="/css/components.css?v=879">
+  <link rel="stylesheet" href="/css/design-system.css?v=880">
+  <link rel="stylesheet" href="/css/layout.css?v=880">
+  <link rel="stylesheet" href="/css/components.css?v=880">
 </head>
 <body>
 
@@ -583,10 +583,10 @@
 <div id="modal-container"></div>
 
 <!-- JS: Reihenfolge ist wichtig — erst Basis, dann Features -->
-<script src="/js/api.js?v=879"></script>
-<script src="/js/ui.js?v=879"></script>
-<script src="/js/app.js?v=879"></script>
-<script src="/js/worlds.js?v=879"></script>
+<script src="/js/api.js?v=880"></script>
+<script src="/js/ui.js?v=880"></script>
+<script src="/js/app.js?v=880"></script>
+<script src="/js/worlds.js?v=880"></script>
 
 <!-- Feature-Seiten werden lazy geladen -->
 
diff --git a/backend/static/js/app.js b/backend/static/js/app.js
index 82f2ac3..9c39ece 100644
--- a/backend/static/js/app.js
+++ b/backend/static/js/app.js
@@ -3,7 +3,7 @@
    Router, State-Management, Navigation, Initialisierung.
    ============================================================ */
 
-const APP_VER     = '879'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
+const APP_VER     = '880'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
 const APP_VERSION = '1.5.1'; // ← semantische Version, wird bei make release gesetzt
 const IS_STAGING  = location.hostname === 'staging.banyaro.app';
 // Cache-Bust-Parameter nach Update-Reload sofort entfernen
diff --git a/backend/static/js/pages/datenschutz.js b/backend/static/js/pages/datenschutz.js
index d2a8af8..425536f 100644
--- a/backend/static/js/pages/datenschutz.js
+++ b/backend/static/js/pages/datenschutz.js
@@ -102,13 +102,20 @@ window.Page_datenschutz = (() => {
           <p style="${S.p};margin-top:var(--space-3)">
             Als Ausweichlösung bei Nichtverfügbarkeit des lokalen Modells wird
             <strong>Claude Sonnet 4.6</strong> von Anthropic, PBC (San Francisco, USA) genutzt.
-            In diesem Fall wird ausschließlich der Inhalt deiner Anfrage (Prompt-Text) übermittelt —
-            keine Account- oder Profildaten. Die Übermittlung in die USA erfolgt auf Basis der
-            EU-Standardvertragsklauseln (Art. 46 Abs. 2 lit. c DSGVO).
+            In diesem Fall wird der Inhalt deiner Anfrage übermittelt. Bei Gesundheits- und
+            Ernährungsberichten kann dies Hundedaten (Name, Rasse, Gewicht, Impfhistorie,
+            Medikamente, Allergien) als Teil des Anfragetextes umfassen. Die Übermittlung
+            in die USA erfolgt auf Basis der EU-Standardvertragsklauseln (Art. 46 Abs. 2 lit. c DSGVO).
             Datenschutzerklärung von Anthropic:
             <a href="https://www.anthropic.com/privacy" target="_blank" rel="noopener"
                style="${S.a}">anthropic.com/privacy</a>.
           </p>
+          <p style="${S.p};margin-top:var(--space-3)">
+            Die <strong>Rassenerkennung per Foto</strong> sendet das hochgeladene Bild direkt an
+            Claude von Anthropic (USA) zur Analyse — es gibt hierfür keinen lokalen Fallback.
+            Das Foto wird nicht dauerhaft bei Anthropic gespeichert. Rechtsgrundlage: Einwilligung
+            gem. Art. 6 Abs. 1 lit. a DSGVO durch aktive Nutzung der Funktion.
+          </p>
           <p style="${S.p};margin-top:var(--space-3)">
             Der <strong>KI-Trainer</strong> analysiert deinen bisherigen Trainingsfortschritt
             (Übungshistorie, Erfolgsquoten, Streaks) und gibt personalisierte Empfehlungen.
@@ -122,19 +129,31 @@ window.Page_datenschutz = (() => {
             findet nicht statt.
           </p>`)}
 
-        ${sec('Wetterdaten (Open-Meteo)', `
+        ${sec('Wetterdaten & Kartendienste', `
           <p style="${S.p}">
-            Die Wetter-Funktion übermittelt auf Wunsch deine GPS-Koordinaten einmalig an
-            <strong>Open-Meteo</strong> (Österreich, DSGVO-konform), um die lokale
-            Wettervorhersage abzurufen. Es werden ausschließlich anonyme Koordinaten übertragen —
-            keine Account- oder Profildaten. Open-Meteo protokolliert keine personenbezogenen
-            Daten. Die Funktion wird nur aktiv, wenn du deinen Standort im Browser freigibst.
+            Die Wetter-Funktion übermittelt auf Wunsch deine GPS-Koordinaten serverseitig an
+            <strong>Open-Meteo</strong> (Österreich, DSGVO-konform) für die Wettervorhersage.
+            Für Wetter-Kartenlayer (Regenradar, Temperaturen) werden Kacheln von
+            <strong>OpenWeatherMap</strong> (OpenWeather Ltd., UK/USA) geladen — dabei wird
+            dein Browser direkt kontaktiert. Es werden keine Account-Daten übermittelt.
             Rechtsgrundlage: Einwilligung gem. Art. 6 Abs. 1 lit. a DSGVO.
           </p>
           <p style="${S.p};margin-top:var(--space-3)">
-            Datenschutzerklärung von Open-Meteo:
+            Für die automatische Ortsnamens-Ermittlung (z. B. im Wetter-Detail) werden deine
+            GPS-Koordinaten serverseitig an <strong>Nominatim</strong> der OpenStreetMap Foundation
+            (UK) übermittelt. Es werden ausschließlich Koordinaten weitergegeben — keine
+            personenbezogenen Daten.
+          </p>
+          <p style="${S.p};margin-top:var(--space-3)">
+            Datenschutzerklärung Open-Meteo:
             <a href="https://open-meteo.com/en/terms" target="_blank" rel="noopener"
-               style="${S.a}">open-meteo.com/en/terms</a>
+               style="${S.a}">open-meteo.com/en/terms</a> ·
+            OpenWeatherMap:
+            <a href="https://openweathermap.org/privacy-policy" target="_blank" rel="noopener"
+               style="${S.a}">openweathermap.org/privacy-policy</a> ·
+            OpenStreetMap/Nominatim:
+            <a href="https://osmfoundation.org/wiki/Privacy_Policy" target="_blank" rel="noopener"
+               style="${S.a}">osmfoundation.org</a>
           </p>`)}
 
         ${sec('Routenvorschläge (OpenRouteService)', `
@@ -200,7 +219,16 @@ window.Page_datenschutz = (() => {
             (Art. 16), <strong>Löschung</strong> (Art. 17), <strong>Einschränkung der Verarbeitung</strong>
             (Art. 18) sowie <strong>Datenportabilität</strong> (Art. 20). Erteilte Einwilligungen
             kannst du jederzeit mit Wirkung für die Zukunft widerrufen (Art. 7 Abs. 3 DSGVO).
-            Zur Ausübung deiner Rechte wende dich per E-Mail an
+          </p>
+          <p style="${S.p};margin-top:var(--space-3)">
+            <strong>Datenexport (Art. 20 DSGVO):</strong> Du kannst jederzeit unter
+            Einstellungen → „Meine Daten exportieren" eine vollständige Kopie deiner
+            gespeicherten Daten als JSON-Datei herunterladen. Der Export enthält Profildaten,
+            Hundedaten, Tagebuch, Gesundheitseinträge, Trainingsfortschritt, Ausgaben,
+            Verhaltensprotokoll, Forum-Beiträge und Gassi-Teilnahmen.
+          </p>
+          <p style="${S.p};margin-top:var(--space-3)">
+            Zur Ausübung weiterer Rechte wende dich per E-Mail an
             <a href="mailto:hallo@banyaro.app" style="${S.a}">hallo@banyaro.app</a>.<br><br>
             Du hast außerdem das Recht, bei der zuständigen Datenschutz-Aufsichtsbehörde
             Beschwerde einzulegen:<br>
@@ -212,14 +240,14 @@ window.Page_datenschutz = (() => {
 
         ${sec('Speicherdauer', `
           <p style="${S.p}">
-            Deine Daten werden gelöscht, sobald du deinen Account löschst. Server-Logs
-            werden nach 30 Tagen automatisch gelöscht. Öffentlich gepostete Inhalte
-            (Forenbeiträge, Giftköder-Meldungen) bleiben nach Account-Löschung anonymisiert
-            erhalten, sofern sie für die Community relevant sind.
+            Deine Daten werden vollständig gelöscht, sobald du deinen Account löschst —
+            einschließlich Tagebuch, Gesundheitseinträge, Fotos, Forenbeiträge und Hundeprofil.
+            Es gibt keine anonymisierte Weiterverarbeitung deiner Inhalte nach Account-Löschung.
+            Server-Logs werden nach 30 Tagen rotiert.
           </p>`)}
 
         <p style="font-size:var(--text-xs);color:var(--c-text-muted);margin:0">
-          Stand: Mai 2026
+          Stand: Mai 2026 · Version 2
         </p>
 
       </div>
diff --git a/backend/static/js/pages/settings.js b/backend/static/js/pages/settings.js
index 73e8ee5..8767cc6 100644
--- a/backend/static/js/pages/settings.js
+++ b/backend/static/js/pages/settings.js
@@ -294,6 +294,15 @@ window.Page_settings = (() => {
                 <svg class="ph-icon" aria-hidden="true"><use href="/icons/phosphor.svg#sign-out"></use></svg>
                 Abmelden
               </button>
+              <button id="settings-export-btn"
+                      style="width:100%;margin-top:var(--space-2);display:flex;align-items:center;justify-content:center;
+                             gap:var(--space-2);padding:var(--space-2) var(--space-4);
+                             border-radius:var(--radius-md);border:none;
+                             background:none;color:var(--c-text-secondary);
+                             font-size:var(--text-xs);cursor:pointer">
+                <svg class="ph-icon" aria-hidden="true" style="width:12px;height:12px"><use href="/icons/phosphor.svg#download-simple"></use></svg>
+                Meine Daten exportieren (DSGVO Art. 20)
+              </button>
               <button id="settings-delete-account-btn"
                       style="width:100%;margin-top:var(--space-2);display:flex;align-items:center;justify-content:center;
                              gap:var(--space-2);padding:var(--space-2) var(--space-4);
@@ -892,6 +901,32 @@ window.Page_settings = (() => {
       _render();
     });
 
+    document.getElementById('settings-export-btn')?.addEventListener('click', async () => {
+      const btn = document.getElementById('settings-export-btn');
+      await UI.asyncButton(btn, async () => {
+        try {
+          const resp = await fetch('/api/profile/export', {
+            credentials: 'include',
+            headers: { 'Authorization': `Bearer ${localStorage.getItem('by_token') || ''}` },
+          });
+          if (!resp.ok) throw new Error('Export fehlgeschlagen.');
+          const data = await resp.json();
+          const blob = new Blob([JSON.stringify(data, null, 2)], { type: 'application/json' });
+          const url  = URL.createObjectURL(blob);
+          const a    = document.createElement('a');
+          a.href     = url;
+          a.download = `banyaro-export-${new Date().toISOString().slice(0,10)}.json`;
+          document.body.appendChild(a);
+          a.click();
+          a.remove();
+          URL.revokeObjectURL(url);
+          UI.toast.success('Export heruntergeladen.');
+        } catch (err) {
+          UI.toast.error(err.message || 'Fehler beim Export.');
+        }
+      });
+    });
+
     document.getElementById('settings-delete-account-btn')?.addEventListener('click', async () => {
       const ok = await UI.modal.confirm({
         title: 'Konto unwiderruflich löschen?',
diff --git a/backend/static/sw.js b/backend/static/sw.js
index 1cff854..ba02203 100644
--- a/backend/static/sw.js
+++ b/backend/static/sw.js
@@ -3,7 +3,7 @@
    Offline-Cache + Push Notifications + Tile-Cache
    ============================================================ */
 
-const CACHE_VERSION = 'by-v879';
+const CACHE_VERSION = 'by-v880';
 const CACHE_STATIC  = `${CACHE_VERSION}-static`;
 const CACHE_TILES   = 'ban-yaro-tiles-v1';  // bleibt über SW-Updates erhalten
 const CACHE_API     = 'ban-yaro-api-v1';    // API-Response-Cache

From 79cfd63ea6211ff936845fee23fdb764139fbab3 Mon Sep 17 00:00:00 2001
From: rene <mail@motocamp.de>
Date: Tue, 12 May 2026 17:32:44 +0200
Subject: [PATCH 4/6] =?UTF-8?q?Fix:=20Gassi=20Desktop-Layout=20=E2=80=94?=
 =?UTF-8?q?=20Liste=20links=20+=20Karte=20rechts,=20Toggle=20ausgeblendet?=
 =?UTF-8?q?=20(SW=20by-v881)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/main.py                   |  2 +-
 backend/static/css/components.css | 44 +++++++++++++++++++++++++++++++
 backend/static/index.html         | 14 +++++-----
 backend/static/js/app.js          |  2 +-
 backend/static/js/pages/walks.js  |  7 +++--
 backend/static/sw.js              |  2 +-
 6 files changed, 59 insertions(+), 12 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index c975351..4d926d3 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -447,7 +447,7 @@ async def serve_media(path: str, request: _Request):
         raise _HE(404, "Nicht gefunden.")
     return _media_response(filepath)
 
-APP_VER = "880"  # muss mit APP_VER in app.js übereinstimmen
+APP_VER = "881"  # muss mit APP_VER in app.js übereinstimmen
 
 @app.get("/.well-known/assetlinks.json")
 async def assetlinks():
diff --git a/backend/static/css/components.css b/backend/static/css/components.css
index 0509d07..325fc8b 100644
--- a/backend/static/css/components.css
+++ b/backend/static/css/components.css
@@ -3539,6 +3539,50 @@ html.modal-open {
 #walks-map-view {
   overflow: hidden;
 }
+
+/* ── Desktop ≥1024px: Liste links, Karte rechts nebeneinander ── */
+@media (min-width: 1024px) {
+  /* Tab-Treffen: horizontal splitten */
+  #walks-tab-treffen {
+    flex-direction: row;
+    overflow: hidden;
+  }
+  /* Toolbar über beiden Spalten → eigene Zeile */
+  #walks-tab-treffen .by-toolbar {
+    position: absolute;
+    top: 0;
+    left: 0;
+    right: 0;
+    z-index: 10;
+    background: var(--c-bg);
+    border-bottom: 1px solid var(--c-border);
+    padding: var(--space-2) var(--space-4);
+  }
+  /* Platz für die fixe Toolbar oben */
+  #walks-tab-treffen {
+    padding-top: 52px;
+    position: relative;
+  }
+  /* Liste: feste Breite links, scrollbar */
+  #walks-list-view {
+    display: block !important;
+    width: 380px;
+    min-width: 320px;
+    flex-shrink: 0;
+    border-right: 1px solid var(--c-border);
+    overflow-y: auto;
+  }
+  /* Karte: Rest des Platzes, sticky */
+  #walks-map-view {
+    display: block !important;
+    flex: 1;
+    min-width: 0;
+  }
+  /* Liste/Karte-Toggle auf Desktop ausblenden */
+  .walks-view-toggle {
+    display: none;
+  }
+}
 .walks-participant {
   display:     flex;
   align-items: center;
diff --git a/backend/static/index.html b/backend/static/index.html
index 8711e3b..c8c7ecf 100644
--- a/backend/static/index.html
+++ b/backend/static/index.html
@@ -101,9 +101,9 @@
   </script>
 
   <!-- CSS: Reihenfolge ist wichtig — ?v= zwingt Browser zur Neuladung -->
-  <link rel="stylesheet" href="/css/design-system.css?v=880">
-  <link rel="stylesheet" href="/css/layout.css?v=880">
-  <link rel="stylesheet" href="/css/components.css?v=880">
+  <link rel="stylesheet" href="/css/design-system.css?v=881">
+  <link rel="stylesheet" href="/css/layout.css?v=881">
+  <link rel="stylesheet" href="/css/components.css?v=881">
 </head>
 <body>
 
@@ -583,10 +583,10 @@
 <div id="modal-container"></div>
 
 <!-- JS: Reihenfolge ist wichtig — erst Basis, dann Features -->
-<script src="/js/api.js?v=880"></script>
-<script src="/js/ui.js?v=880"></script>
-<script src="/js/app.js?v=880"></script>
-<script src="/js/worlds.js?v=880"></script>
+<script src="/js/api.js?v=881"></script>
+<script src="/js/ui.js?v=881"></script>
+<script src="/js/app.js?v=881"></script>
+<script src="/js/worlds.js?v=881"></script>
 
 <!-- Feature-Seiten werden lazy geladen -->
 
diff --git a/backend/static/js/app.js b/backend/static/js/app.js
index 9c39ece..c016b1a 100644
--- a/backend/static/js/app.js
+++ b/backend/static/js/app.js
@@ -3,7 +3,7 @@
    Router, State-Management, Navigation, Initialisierung.
    ============================================================ */
 
-const APP_VER     = '880'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
+const APP_VER     = '881'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
 const APP_VERSION = '1.5.1'; // ← semantische Version, wird bei make release gesetzt
 const IS_STAGING  = location.hostname === 'staging.banyaro.app';
 // Cache-Bust-Parameter nach Update-Reload sofort entfernen
diff --git a/backend/static/js/pages/walks.js b/backend/static/js/pages/walks.js
index 2f2fab5..d925a29 100644
--- a/backend/static/js/pages/walks.js
+++ b/backend/static/js/pages/walks.js
@@ -55,6 +55,8 @@ window.Page_walks = (() => {
     _container = container;
     _appState  = appState;
     _render();
+    // Desktop: Leaflet sofort laden damit Karte bereit ist wenn Daten kommen
+    if (window.innerWidth >= 1024) UI.loadLeaflet();
     try { _userPos = await API.getLocation(); } catch {}
     _loadData();
   }
@@ -101,8 +103,9 @@ window.Page_walks = (() => {
               <p style="color:var(--c-text-secondary);text-align:center;padding:var(--space-8)">Lädt…</p>
             </div>
           </div>
-          <!-- Karte -->
-          <div id="walks-map-view" class="walks-content" style="display:none">
+          <!-- Karte (auf Desktop immer sichtbar via CSS) -->
+          <div id="walks-map-view" class="walks-content"
+               style="${window.innerWidth >= 1024 ? '' : 'display:none'}">
             <div id="walks-map" class="walks-map"></div>
           </div>
         </div>
diff --git a/backend/static/sw.js b/backend/static/sw.js
index ba02203..8ed2cc1 100644
--- a/backend/static/sw.js
+++ b/backend/static/sw.js
@@ -3,7 +3,7 @@
    Offline-Cache + Push Notifications + Tile-Cache
    ============================================================ */
 
-const CACHE_VERSION = 'by-v880';
+const CACHE_VERSION = 'by-v881';
 const CACHE_STATIC  = `${CACHE_VERSION}-static`;
 const CACHE_TILES   = 'ban-yaro-tiles-v1';  // bleibt über SW-Updates erhalten
 const CACHE_API     = 'ban-yaro-api-v1';    // API-Response-Cache

From 5cbe96ebc454ad771aca0470a63a1726a6236709 Mon Sep 17 00:00:00 2001
From: rene <mail@motocamp.de>
Date: Tue, 12 May 2026 17:37:35 +0200
Subject: [PATCH 5/6] =?UTF-8?q?Fix:=20Datenexport=20=E2=80=94=20fehlende?=
 =?UTF-8?q?=20Spalten=20+=20robuste=20Query-Helper=20(SW=20by-v882)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/main.py           |   2 +-
 backend/routes/profile.py | 177 +++++++++++++++-----------------------
 backend/static/index.html |  14 +--
 backend/static/js/app.js  |   2 +-
 backend/static/sw.js      |   2 +-
 5 files changed, 77 insertions(+), 120 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index 4d926d3..55fc033 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -447,7 +447,7 @@ async def serve_media(path: str, request: _Request):
         raise _HE(404, "Nicht gefunden.")
     return _media_response(filepath)
 
-APP_VER = "881"  # muss mit APP_VER in app.js übereinstimmen
+APP_VER = "882"  # muss mit APP_VER in app.js übereinstimmen
 
 @app.get("/.well-known/assetlinks.json")
 async def assetlinks():
diff --git a/backend/routes/profile.py b/backend/routes/profile.py
index 587fff5..a6f3a5b 100644
--- a/backend/routes/profile.py
+++ b/backend/routes/profile.py
@@ -174,153 +174,110 @@ async def delete_account(user=Depends(get_current_user)):
 # ----------------------------------------------------------
 @router.get('/export')
 async def export_user_data(user=Depends(get_current_user)):
-    """Gibt alle personenbezogenen Daten des Users als JSON zurück."""
+    """Gibt alle personenbezogenen Daten des Users als JSON zurück (Art. 20 DSGVO)."""
     import json as _json
     from datetime import datetime as _dt
     from fastapi.responses import Response as _Response
+
+    def _q(conn, sql, params=()):
+        """Sicheres Query — gibt leere Liste zurück wenn Tabelle/Spalte fehlt."""
+        try:
+            return [dict(r) for r in conn.execute(sql, params).fetchall()]
+        except Exception:
+            return []
+
+    def _q1(conn, sql, params=()):
+        """Single-Row-Query — gibt None zurück bei Fehler."""
+        try:
+            r = conn.execute(sql, params).fetchone()
+            return dict(r) if r else None
+        except Exception:
+            return None
+
     uid = user['id']
 
     with db() as conn:
-        # --- Nutzerprofil ---
-        u = dict(conn.execute(
+        # Nutzerprofil
+        u = _q1(conn,
             "SELECT id, name, email, bio, wohnort, erfahrung, social_link, "
             "email_verified, is_premium, subscription_tier, created_at "
-            "FROM users WHERE id=?", (uid,)
-        ).fetchone() or {})
+            "FROM users WHERE id=?", (uid,)) or {}
 
-        # --- Hunde ---
-        dogs_raw = conn.execute(
-            "SELECT * FROM dogs WHERE user_id=?", (uid,)
-        ).fetchall()
+        # Hunde
+        dogs_raw = _q(conn, "SELECT * FROM dogs WHERE user_id=?", (uid,))
         dogs_out = []
 
         for dog in dogs_raw:
             did = dog['id']
-            d = dict(dog)
 
-            # Tagebuch
-            diary_rows = conn.execute(
+            # Tagebuch (nur vorhandene Spalten)
+            diary_rows = _q(conn,
                 "SELECT id, datum, typ, titel, text, gps_lat, gps_lon, "
-                "location_name, is_milestone, created_at FROM diary WHERE dog_id=?",
-                (did,)
-            ).fetchall()
-            diary_out = []
+                "is_milestone, created_at FROM diary WHERE dog_id=?", (did,))
             for de in diary_rows:
-                de_dict = dict(de)
-                media = conn.execute(
-                    "SELECT url, preview_url, media_type FROM diary_media WHERE diary_id=?",
-                    (de['id'],)
-                ).fetchall()
-                de_dict['media'] = [dict(m) for m in media]
-                diary_out.append(de_dict)
+                # diary_media: preview_url existiert nicht → url + media_type
+                de['media'] = _q(conn,
+                    "SELECT url, media_type FROM diary_media WHERE diary_id=?",
+                    (de['id'],))
 
-            # Gesundheit
-            health_rows = conn.execute(
-                "SELECT id, typ, bezeichnung, datum, naechstes, notiz, "
-                "schweregrad, reaktion, dosierung, haeufigkeit, "
-                "tierarzt_name, charge_nr FROM health WHERE dog_id=?",
-                (did,)
-            ).fetchall()
-            health_out = []
+            # Gesundheit (alle via Migration ergänzten Spalten schützen)
+            health_rows = _q(conn,
+                "SELECT id, typ, bezeichnung, datum, naechstes, notiz FROM health "
+                "WHERE dog_id=?", (did,))
             for he in health_rows:
-                he_dict = dict(he)
-                media = conn.execute(
+                he['media'] = _q(conn,
                     "SELECT url, media_type FROM health_media WHERE health_id=?",
-                    (he['id'],)
-                ).fetchall()
-                he_dict['media'] = [dict(m) for m in media]
-                health_out.append(he_dict)
+                    (he['id'],))
 
-            # Trainingsfortschritt
-            progress = conn.execute(
+            dog['tagebuch']          = diary_rows
+            dog['gesundheit']        = health_rows
+            dog['trainingsfortschritt'] = _q(conn,
                 "SELECT exercise_id, status, updated_at FROM exercise_progress "
-                "WHERE dog_id=?", (did,)
-            ).fetchall()
-
-            # Ausgaben
-            expenses = conn.execute(
-                "SELECT datum, betrag, kategorie, notiz, is_recurring "
-                "FROM expenses WHERE dog_id=?", (did,)
-            ).fetchall()
-
-            # Verhalten
-            behavior = conn.execute(
+                "WHERE dog_id=?", (did,))
+            dog['ausgaben']          = _q(conn,
+                "SELECT datum, betrag, kategorie, notiz FROM expenses "
+                "WHERE dog_id=?", (did,))
+            dog['verhaltensprotokoll'] = _q(conn,
                 "SELECT datum, uhrzeit, kategorie, intensitaet, trigger, notiz "
-                "FROM behavior_log WHERE dog_id=?", (did,)
-            ).fetchall()
-
-            # Versicherung
-            insurance = conn.execute(
+                "FROM behavior_log WHERE dog_id=?", (did,))
+            dog['versicherung']      = _q(conn,
                 "SELECT anbieter, police_nr, jahresbeitrag, kontakt, ablaufdatum, notizen "
-                "FROM dog_insurance WHERE dog_id=?", (did,)
-            ).fetchall()
-
-            # Ernährungs-Profil
-            ern = conn.execute(
+                "FROM dog_insurance WHERE dog_id=?", (did,))
+            dog['ernaehrungsprofil'] = _q1(conn,
                 "SELECT futter_typ, marke, kcal_tag, portionen, notizen "
-                "FROM futter_profil WHERE dog_id=?", (did,)
-            ).fetchone()
-
-            # Futter-Einträge
-            futter = conn.execute(
+                "FROM futter_profil WHERE dog_id=?", (did,))
+            dog['futter_eintraege']  = _q(conn,
                 "SELECT datum, uhrzeit, futter_name, futter_typ, menge_g, notiz "
-                "FROM futter_eintraege WHERE dog_id=?", (did,)
-            ).fetchall()
-
-            # Futter-Reaktionen
-            reaktionen = conn.execute(
+                "FROM futter_eintraege WHERE dog_id=?", (did,))
+            dog['futter_reaktionen'] = _q(conn,
                 "SELECT datum, uhrzeit, reaktion_typ, intensitaet, notiz "
-                "FROM futter_reaktionen WHERE dog_id=?", (did,)
-            ).fetchall()
-
-            # Routen (via route_dogs)
-            routes = conn.execute(
-                "SELECT r.name, r.distanz_km, r.gps_track IS NOT NULL AS hat_track, "
-                "date(r.created_at) AS datum "
+                "FROM futter_reaktionen WHERE dog_id=?", (did,))
+            dog['routen']            = _q(conn,
+                "SELECT r.name, r.distanz_km, date(r.created_at) AS datum "
                 "FROM routes r JOIN route_dogs rd ON rd.route_id=r.id "
-                "WHERE rd.dog_id=?", (did,)
-            ).fetchall()
+                "WHERE rd.dog_id=?", (did,))
+            dogs_out.append(dog)
 
-            d['tagebuch']          = diary_out
-            d['gesundheit']        = [dict(h) for h in health_out]
-            d['trainingsfortschritt'] = [dict(p) for p in progress]
-            d['ausgaben']          = [dict(e) for e in expenses]
-            d['verhaltensprotokoll'] = [dict(b) for b in behavior]
-            d['versicherung']      = [dict(i) for i in insurance]
-            d['ernaehrungsprofil'] = dict(ern) if ern else None
-            d['futter_eintraege']  = [dict(f) for f in futter]
-            d['futter_reaktionen'] = [dict(r) for r in reaktionen]
-            d['routen']            = [dict(r) for r in routes]
-            dogs_out.append(d)
-
-        # --- Forum-Beiträge ---
-        forum = conn.execute(
+        forum = _q(conn,
             "SELECT ft.title, fp.content, fp.created_at, "
             "CASE WHEN fp.parent_id IS NULL THEN 'Thread' ELSE 'Antwort' END AS art "
-            "FROM forum_posts fp "
-            "LEFT JOIN forum_threads ft ON ft.id = fp.thread_id "
-            "WHERE fp.user_id=? ORDER BY fp.created_at DESC",
-            (uid,)
-        ).fetchall()
+            "FROM forum_posts fp LEFT JOIN forum_threads ft ON ft.id=fp.thread_id "
+            "WHERE fp.user_id=? ORDER BY fp.created_at DESC", (uid,))
 
-        # --- Gassi-Teilnahmen ---
-        walk_participations = conn.execute(
+        walk_participations = _q(conn,
             "SELECT w.titel, w.datum, w.uhrzeit, w.ort_name "
             "FROM walk_participants wp JOIN walks w ON w.id=wp.walk_id "
-            "WHERE wp.user_id=?", (uid,)
-        ).fetchall()
+            "WHERE wp.user_id=?", (uid,))
 
-        # --- Gassi-Fotos ---
-        walk_photos = conn.execute(
+        walk_photos = _q(conn,
             "SELECT wp.url, w.datum AS walk_datum, w.titel AS walk_titel, wp.created_at "
             "FROM walk_photos wp JOIN walks w ON w.id=wp.walk_id "
-            "WHERE wp.user_id=?", (uid,)
-        ).fetchall()
+            "WHERE wp.user_id=?", (uid,))
 
-        # --- Push-Subscriptions (Anzahl, kein raw endpoint) ---
-        push_count = conn.execute(
-            "SELECT COUNT(*) FROM push_subscriptions WHERE user_id=?", (uid,)
-        ).fetchone()[0]
+        push_count = _q1(conn,
+            "SELECT COUNT(*) AS n FROM push_subscriptions WHERE user_id=?",
+            (uid,))
+        push_count = (push_count or {}).get('n', 0)
 
     export = {
         "export_erstellt":       _dt.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ"),
diff --git a/backend/static/index.html b/backend/static/index.html
index c8c7ecf..23a9e72 100644
--- a/backend/static/index.html
+++ b/backend/static/index.html
@@ -101,9 +101,9 @@
   </script>
 
   <!-- CSS: Reihenfolge ist wichtig — ?v= zwingt Browser zur Neuladung -->
-  <link rel="stylesheet" href="/css/design-system.css?v=881">
-  <link rel="stylesheet" href="/css/layout.css?v=881">
-  <link rel="stylesheet" href="/css/components.css?v=881">
+  <link rel="stylesheet" href="/css/design-system.css?v=882">
+  <link rel="stylesheet" href="/css/layout.css?v=882">
+  <link rel="stylesheet" href="/css/components.css?v=882">
 </head>
 <body>
 
@@ -583,10 +583,10 @@
 <div id="modal-container"></div>
 
 <!-- JS: Reihenfolge ist wichtig — erst Basis, dann Features -->
-<script src="/js/api.js?v=881"></script>
-<script src="/js/ui.js?v=881"></script>
-<script src="/js/app.js?v=881"></script>
-<script src="/js/worlds.js?v=881"></script>
+<script src="/js/api.js?v=882"></script>
+<script src="/js/ui.js?v=882"></script>
+<script src="/js/app.js?v=882"></script>
+<script src="/js/worlds.js?v=882"></script>
 
 <!-- Feature-Seiten werden lazy geladen -->
 
diff --git a/backend/static/js/app.js b/backend/static/js/app.js
index c016b1a..9b927e3 100644
--- a/backend/static/js/app.js
+++ b/backend/static/js/app.js
@@ -3,7 +3,7 @@
    Router, State-Management, Navigation, Initialisierung.
    ============================================================ */
 
-const APP_VER     = '881'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
+const APP_VER     = '882'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
 const APP_VERSION = '1.5.1'; // ← semantische Version, wird bei make release gesetzt
 const IS_STAGING  = location.hostname === 'staging.banyaro.app';
 // Cache-Bust-Parameter nach Update-Reload sofort entfernen
diff --git a/backend/static/sw.js b/backend/static/sw.js
index 8ed2cc1..78a8a1f 100644
--- a/backend/static/sw.js
+++ b/backend/static/sw.js
@@ -3,7 +3,7 @@
    Offline-Cache + Push Notifications + Tile-Cache
    ============================================================ */
 
-const CACHE_VERSION = 'by-v881';
+const CACHE_VERSION = 'by-v882';
 const CACHE_STATIC  = `${CACHE_VERSION}-static`;
 const CACHE_TILES   = 'ban-yaro-tiles-v1';  // bleibt über SW-Updates erhalten
 const CACHE_API     = 'ban-yaro-api-v1';    // API-Response-Cache

From 33f550a313d9d26fc1b1e2bfe9a0894ca0524ada Mon Sep 17 00:00:00 2001
From: rene <mail@motocamp.de>
Date: Tue, 12 May 2026 17:43:31 +0200
Subject: [PATCH 6/6] =?UTF-8?q?Fix:=20Media-Auth=20vereinfacht=20=E2=80=94?=
 =?UTF-8?q?=20Login-Check=20statt=20DB-Lookup,=20behebt=20Welten-Hintergru?=
 =?UTF-8?q?ndbild=20(SW=20by-v883)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/main.py           | 63 +++++++--------------------------------
 backend/static/index.html | 14 ++++-----
 backend/static/js/app.js  |  2 +-
 backend/static/sw.js      |  2 +-
 4 files changed, 20 insertions(+), 61 deletions(-)

diff --git a/backend/main.py b/backend/main.py
index 55fc033..45826e0 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -358,20 +358,19 @@ from fastapi import Request as _Request
 from fastapi.responses import FileResponse as _FileResponse
 from auth import decode_token as _decode_token
 
-# Pfade die Login erfordern (Eigentümer-Check)
-_OWNER_PROTECTED = ("diary/", "health/")
-# Pfade die nur Login erfordern (kein Eigentümer-Check nötig)
-_AUTH_ONLY       = ("walks/",)
+# Pfade die Login erfordern (kein DB-Lookup — UUID in Dateiname schützt ausreichend)
+_AUTH_REQUIRED = ("diary/", "health/", "walks/")
 
 
-def _uid_from_request(request: _Request):
+def _is_logged_in(request: _Request) -> bool:
     token = request.cookies.get("by_token")
     if not token:
-        return None
+        return False
     try:
-        return int(_decode_token(token)["sub"])
+        _decode_token(token)
+        return True
     except Exception:
-        return None
+        return False
 
 
 def _media_response(filepath: str):
@@ -382,7 +381,6 @@ def _media_response(filepath: str):
 
 
 def _resolve_media_path(path: str) -> str | None:
-    """Gibt den echten Dateipfad zurück — Staging sucht zuerst lokal, dann Prod."""
     primary = os.path.join(MEDIA_DIR, path)
     if os.path.isfile(primary):
         return primary
@@ -398,56 +396,17 @@ async def serve_media(path: str, request: _Request):
     from fastapi import HTTPException as _HE
 
     prefix = path.split("/")[0] + "/"
-    filename = path.split("/", 1)[1] if "/" in path else path
 
-    # Auth-Pflicht für geschützte Pfade
-    if prefix in _OWNER_PROTECTED or prefix in _AUTH_ONLY:
-        uid = _uid_from_request(request)
-        if not uid:
-            raise _HE(401, "Anmeldung erforderlich.")
-
-        if prefix in _OWNER_PROTECTED:
-            # Eigentümer-Check: Datei muss zum eingeloggten User gehören
-            # Preview-Dateien (foo_preview.webp) → Basis-Stem suchen
-            stem = filename.rsplit("_preview", 1)[0] if "_preview" in filename else filename.rsplit(".", 1)[0]
-            with db() as conn:
-                if prefix == "diary/":
-                    row = conn.execute("""
-                        SELECT dm.id FROM diary_media dm
-                        JOIN diary d ON d.id = dm.diary_id
-                        JOIN dogs dog ON dog.id = d.dog_id
-                        LEFT JOIN dog_shares ds
-                            ON ds.dog_id = dog.id AND ds.shared_with_id = ?
-                            AND ds.accepted_at IS NOT NULL
-                        WHERE (dog.user_id = ? OR ds.id IS NOT NULL)
-                          AND dm.url LIKE ?
-                        LIMIT 1
-                    """, (uid, uid, f'/media/diary/{stem}%')).fetchone()
-                else:  # health/
-                    row = conn.execute("""
-                        SELECT hm.id FROM health_media hm
-                        JOIN health h ON h.id = hm.health_id
-                        JOIN dogs dog ON dog.id = h.dog_id
-                        WHERE dog.user_id = ? AND hm.url LIKE ?
-                        LIMIT 1
-                    """, (uid, f'/media/health/{stem}%')).fetchone()
-                    # Fallback: dokument_url (alte Einzel-Uploads)
-                    if not row:
-                        row = conn.execute("""
-                            SELECT h.id FROM health h
-                            JOIN dogs dog ON dog.id = h.dog_id
-                            WHERE dog.user_id = ? AND h.dokument_url LIKE ?
-                            LIMIT 1
-                        """, (uid, f'/media/health/{stem}%')).fetchone()
-            if not row:
-                raise _HE(403, "Zugriff verweigert.")
+    # Sensible Pfade: Login erforderlich — UUID-basierte Dateinamen verhindern Raten
+    if prefix in _AUTH_REQUIRED and not _is_logged_in(request):
+        raise _HE(401, "Anmeldung erforderlich.")
 
     filepath = _resolve_media_path(path)
     if not filepath:
         raise _HE(404, "Nicht gefunden.")
     return _media_response(filepath)
 
-APP_VER = "882"  # muss mit APP_VER in app.js übereinstimmen
+APP_VER = "883"  # muss mit APP_VER in app.js übereinstimmen
 
 @app.get("/.well-known/assetlinks.json")
 async def assetlinks():
diff --git a/backend/static/index.html b/backend/static/index.html
index 23a9e72..6413439 100644
--- a/backend/static/index.html
+++ b/backend/static/index.html
@@ -101,9 +101,9 @@
   </script>
 
   <!-- CSS: Reihenfolge ist wichtig — ?v= zwingt Browser zur Neuladung -->
-  <link rel="stylesheet" href="/css/design-system.css?v=882">
-  <link rel="stylesheet" href="/css/layout.css?v=882">
-  <link rel="stylesheet" href="/css/components.css?v=882">
+  <link rel="stylesheet" href="/css/design-system.css?v=883">
+  <link rel="stylesheet" href="/css/layout.css?v=883">
+  <link rel="stylesheet" href="/css/components.css?v=883">
 </head>
 <body>
 
@@ -583,10 +583,10 @@
 <div id="modal-container"></div>
 
 <!-- JS: Reihenfolge ist wichtig — erst Basis, dann Features -->
-<script src="/js/api.js?v=882"></script>
-<script src="/js/ui.js?v=882"></script>
-<script src="/js/app.js?v=882"></script>
-<script src="/js/worlds.js?v=882"></script>
+<script src="/js/api.js?v=883"></script>
+<script src="/js/ui.js?v=883"></script>
+<script src="/js/app.js?v=883"></script>
+<script src="/js/worlds.js?v=883"></script>
 
 <!-- Feature-Seiten werden lazy geladen -->
 
diff --git a/backend/static/js/app.js b/backend/static/js/app.js
index 9b927e3..95691e8 100644
--- a/backend/static/js/app.js
+++ b/backend/static/js/app.js
@@ -3,7 +3,7 @@
    Router, State-Management, Navigation, Initialisierung.
    ============================================================ */
 
-const APP_VER     = '882'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
+const APP_VER     = '883'; // ← bei jedem Deploy mit Frontend-Änderungen erhöhen
 const APP_VERSION = '1.5.1'; // ← semantische Version, wird bei make release gesetzt
 const IS_STAGING  = location.hostname === 'staging.banyaro.app';
 // Cache-Bust-Parameter nach Update-Reload sofort entfernen
diff --git a/backend/static/sw.js b/backend/static/sw.js
index 78a8a1f..c6d2171 100644
--- a/backend/static/sw.js
+++ b/backend/static/sw.js
@@ -3,7 +3,7 @@
    Offline-Cache + Push Notifications + Tile-Cache
    ============================================================ */
 
-const CACHE_VERSION = 'by-v882';
+const CACHE_VERSION = 'by-v883';
 const CACHE_STATIC  = `${CACHE_VERSION}-static`;
 const CACHE_TILES   = 'ban-yaro-tiles-v1';  // bleibt über SW-Updates erhalten
 const CACHE_API     = 'ban-yaro-api-v1';    // API-Response-Cache