feat: add website CMS module (06) and update TypeScript build info

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-18 16:32:34 +02:00 · 2026-05-18 16:32:34 +02:00 · db5e9bb5ce
parent a060751f45
commit db5e9bb5ce
32 changed files with 1937 additions and 1 deletions
--- a/modules/06-website-cms/TEMPLATE.md
+++ b/modules/06-website-cms/TEMPLATE.md
@ -0,0 +1,299 @@
+# Modul: Website-CMS (Hero · Über uns · Galerie · Kontakt · Passwort)
+
+> Vollständiges CMS für eine öffentliche Website: Hero-Sektion (Texte, Badges, Hintergrundbild, Logo, Favicon), Über-uns-Sektion (Texte, Statistiken, Sektionsbild), Bildergalerie (Upload, Sortierung, animiertes Grid), Kontakt-Daten (Info, Öffnungszeiten, Social Media) und Admin-Passwort-Änderung. Alle Sektionen lesen direkt aus Supabase; bei DB-Fehler greift ein statischer Fallback.
+
+> **Anfrageformular** (Kontaktformular mit E-Mail-Versand) → Modul 07
+
+---
+
+## Enthaltene Dateien
+
+| Ziel im neuen Projekt | Inhalt |
+|---|---|
+| `app/api/admin/hero/route.ts` | GET + PATCH: hero_content (UPSERT) + hero_badges (lesen) |
+| `app/api/admin/hero/bild/route.ts` | POST/DELETE: Hintergrundbild (`hero-bilder` Bucket) |
+| `app/api/admin/hero/logo/route.ts` | POST/DELETE: Logo (`site-assets` Bucket) |
+| `app/api/admin/hero/favicon/route.ts` | POST/DELETE: Favicon (`site-assets` Bucket) |
+| `app/api/admin/hero/badges/route.ts` | POST: Badge hinzufügen |
+| `app/api/admin/hero/badges/id/route.ts` | PATCH/DELETE: Badge bearbeiten/löschen |
+| `app/api/admin/galerie/route.ts` | GET/POST/PATCH/DELETE: Galerie-Bilder + Storage |
+| `app/api/admin/galerie/sort/route.ts` | POST: Reihenfolge speichern |
+| `app/api/admin/ueber-uns/route.ts` | GET + PATCH: ueber_uns_content (UPSERT) + Stats (lesen) |
+| `app/api/admin/ueber-uns/upload/route.ts` | POST: Sektionsbild hochladen (`ueber-uns-bilder` Bucket) |
+| `app/api/admin/ueber-uns/stats/route.ts` | POST: Statistik hinzufügen |
+| `app/api/admin/ueber-uns/stats/id/route.ts` | PATCH/DELETE: Statistik bearbeiten/löschen |
+| `app/api/admin/kontakt/route.ts` | GET + PATCH: kontakt_info (UPSERT) + Listen lesen |
+| `app/api/admin/kontakt/oeffnungszeiten/route.ts` | POST: Öffnungszeit hinzufügen |
+| `app/api/admin/kontakt/oeffnungszeiten/id/route.ts` | PATCH/DELETE |
+| `app/api/admin/kontakt/social/route.ts` | POST: Social-Link hinzufügen |
+| `app/api/admin/kontakt/social/id/route.ts` | PATCH/DELETE |
+| `app/api/admin/passwort/route.ts` | POST: Admin-Passwort ändern (bcrypt) |
+| `app/admin/hero/page.tsx` | Admin-Page Hero |
+| `app/admin/galerie/page.tsx` | Admin-Page Galerie |
+| `app/admin/ueber-uns/page.tsx` | Admin-Page Über uns |
+| `app/admin/kontakt/page.tsx` | Admin-Page Kontakt |
+| `app/admin/passwort/page.tsx` | Admin-Page Passwort |
+| `components/GalerieAnzeige.tsx` | Öffentliche Galerie mit 3D-Flip-Animation |
+| `components/admin/HeroVerwaltung.tsx` | Admin-UI: Hero |
+| `components/admin/GalerieVerwaltung.tsx` | Admin-UI: Galerie |
+| `components/admin/UeberUnsVerwaltung.tsx` | Admin-UI: Über uns |
+| `components/admin/KontaktVerwaltung.tsx` | Admin-UI: Kontakt |
+| `components/admin/PasswortAendern.tsx` | Admin-UI: Passwort ändern |
+
+**Hinweis:** Ordner `id/` in `files/` entsprechen Next.js Dynamic-Route-Ordnern `[id]`.
+
+---
+
+## Voraussetzungen
+
+Benötigt:
+- `lib/supabase.ts` mit `createPublicClient()` und `createServiceClient()`
+- `lib/admin-auth.ts` (Modul 02): `requireAdmin()` und `getAdminSession()`
+- Tabelle `admins` mit Spalten `id`, `email`, `password_hash` (Modul 02)
+
+```bash
+npm install bcryptjs
+npm install -D @types/bcryptjs
+```
+
+---
+
+## Umgebungsvariablen
+
+```env
+NEXT_PUBLIC_SUPABASE_URL=https://xxx.supabase.co   # Für Storage-URL-Konstruktion im Client
+SUPABASE_INTERNAL_URL=http://supabase-kong:8000     # Nur Docker-intern; API-Routen verwenden diese
+```
+
+---
+
+## Supabase Storage Buckets anlegen
+
+Im Supabase Dashboard → Storage → New Bucket für jeden Bucket:
+
+| Bucket-Name | Public | Verwendung |
+|---|---|---|
+| `hero-bilder` | ✓ | Hero-Hintergrundbild |
+| `site-assets` | ✓ | Logo + Favicon |
+| `ueber-uns-bilder` | ✓ | Über-uns-Sektionsbild |
+| `galerie-bilder` | ✓ | Galerie-Fotos |
+
+---
+
+## Datenbank-Migrationen (Supabase)
+
+Die vollständige SQL-Datei liegt unter `migrations/MIGRATIONS_WEBSITE_CMS.sql`.
+
+Im Supabase SQL-Editor einmalig ausführen. Sie enthält alle Tabellen, Spalten und RLS-Policies.
+
+Erstellt werden:
+- `hero_content` — Singleton (Seitenname, Tagline, Überschriften, Buttons, Bildpfade)
+- `hero_badges` — Liste der Trust-Badges
+- `ueber_uns_content` — Singleton (Eyebrow, Absätze, Bildpfad)
+- `ueber_uns_stats` — Liste der Kennzahlen/Statistiken
+- `galerie_bilder` — Liste der Galeriefotos (storage_path, alt_text, reihenfolge)
+- `kontakt_info` — Singleton (Telefon, E-Mail, Adresse, Formular-Empfänger)
+- `kontakt_oeffnungszeiten` — Liste der Öffnungszeiten
+- `kontakt_social` — Liste der Social-Media-Links
+
+Alle Tabellen erhalten `public read` RLS-Policy (anonymer Lesezugriff).
+
+### Supabase-Typen (`lib/supabase.ts`) ergänzen
+
+In `Database.public.Tables` hinzufügen:
+
+```ts
+hero_content: { Row: {
+  id: string; site_name: string; site_tagline: string;
+  eyebrow_text: string; headline1: string; headline2: string;
+  subtext1: string; subtext2: string;
+  cta1_text: string; cta1_href: string; cta2_text: string; cta2_href: string;
+  bg_image_path: string | null; logo_path: string | null; favicon_path: string | null;
+  updated_at: string;
+} }
+hero_badges: { Row: { id: string; text: string; reihenfolge: number } }
+ueber_uns_content: { Row: {
+  id: string; eyebrow_text: string; absatz1: string; absatz2: string;
+  bild_url: string | null; updated_at: string;
+} }
+ueber_uns_stats: { Row: { id: string; wert: string; label: string; reihenfolge: number } }
+galerie_bilder: { Row: {
+  id: string; storage_path: string; alt_text: string; reihenfolge: number;
+} }
+kontakt_info: { Row: {
+  id: string; telefon: string; email: string;
+  adresse_zeile1: string; adresse_zeile2: string;
+  formular_empfaenger: string; updated_at: string;
+} }
+kontakt_oeffnungszeiten: { Row: { id: string; tag: string; von: string; bis: string; reihenfolge: number } }
+kontakt_social: { Row: { id: string; platform: string; url: string; reihenfolge: number } }
+```
+
+---
+
+## Architektur-Muster
+
+### UPSERT-Singleton (Einzel-Zeilen-Tabellen)
+`hero_content`, `ueber_uns_content`, `kontakt_info` haben immer genau eine Zeile.
+API-Route: erst `select('id').limit(1).single()` → bei Treffer `update`, sonst `insert`.
+
+### CRUD-Liste (Tabellen mit `reihenfolge`)
+`hero_badges`, `ueber_uns_stats`, `galerie_bilder`, `kontakt_oeffnungszeiten`, `kontakt_social` — klassisches INSERT/PATCH/DELETE. Reihenfolge wird als Integer gespeichert.
+
+### Server Component + Fallback
+Öffentliche Website-Sektionen sind async Server Components. Alle Supabase-Aufrufe in `try/catch`; bei Fehler werden hartcodierte Fallback-Daten gerendert.
+
+### force-dynamic
+Alle Admin-Pages müssen `export const dynamic = 'force-dynamic'` haben (verhindert statisches Pre-Rendering beim Docker-Build ohne Env-Variablen).
+
+### Galerie: Hydration-Mismatch vermeiden
+`GalerieAnzeige` initialisiert `slots` ohne Shuffle im `useState()`-Initializer (Server und Client rendern identisch). Der Shuffle + Intervall-Start läuft nur im `useEffect([])` nach dem Mount.
+
+---
+
+## Einbindung Schritt für Schritt
+
+### 1. Dateien kopieren (Dynamic-Route-Ordner umbenennen)
+```
+files/app/api/admin/hero/badges/id/      →  app/api/admin/hero/badges/[id]/
+files/app/api/admin/ueber-uns/stats/id/  →  app/api/admin/ueber-uns/stats/[id]/
+files/app/api/admin/kontakt/oeffnungszeiten/id/ → app/api/admin/kontakt/oeffnungszeiten/[id]/
+files/app/api/admin/kontakt/social/id/   →  app/api/admin/kontakt/social/[id]/
+```
+
+### 2. Standardwerte anpassen
+In `components/admin/HeroVerwaltung.tsx`:
+```tsx
+const DEFAULTS: HeroContent = {
+  site_name: 'Musterfirma',       // ← eigenen Firmennamen setzen
+  site_tagline: '',
+  eyebrow_text: 'Ihr Slogan hier',
+  headline1: 'Wir lieben Qualität.',
+  headline2: 'Ihre Kunden auch.',
+  // ...
+}
+```
+
+In `app/api/admin/hero/route.ts` PATCH-Handler dieselben Defaults setzen.
+
+### 3. Fallback-Bild konfigurieren (`components/admin/HeroVerwaltung.tsx`)
+```tsx
+src={bgPreview ?? bgUrl ?? '/hero.jpg'}
+```
+Das Fallback-Bild `/hero.jpg` muss im `public/`-Ordner liegen (oder durch eigenen Pfad ersetzen).
+
+### 4. Öffentliche Website-Sektionen einbinden
+Die Galerie-Anzeige-Komponente auf der Hauptseite:
+```tsx
+// In app/page.tsx (async Server Component):
+import { GalerieAnzeige } from '@/components/GalerieAnzeige'
+
+const { data: galerie } = await supabase.from('galerie_bilder').select('*').order('reihenfolge')
+const bilder = (galerie ?? []).map(b => ({
+  id: b.id,
+  src: `${supabaseUrl}/storage/v1/object/public/galerie-bilder/${b.storage_path}`,
+  alt: b.alt_text,
+}))
+
+<GalerieAnzeige bilder={bilder} />
+```
+
+### 5. Admin-Navigation ergänzen
+```tsx
+<a href="/admin/hero">Hero</a>
+<a href="/admin/ueber-uns">Über uns</a>
+<a href="/admin/galerie">Galerie</a>
+<a href="/admin/kontakt">Kontakt</a>
+<a href="/admin/passwort">Passwort</a>
+```
+
+---
+
+## Anpassungspunkte
+
+| Was | Wo |
+|---|---|
+| Firmenname / Standardtexte | `components/admin/HeroVerwaltung.tsx` → `DEFAULTS` + `api/admin/hero/route.ts` |
+| Fallback-Hero-Bild | `components/admin/HeroVerwaltung.tsx` → `bgPreview ?? bgUrl ?? '/hero.jpg'` |
+| Galerie-Flip-Geschwindigkeit | `components/GalerieAnzeige.tsx` → `INTERVAL_MS` (Standard: 1500 ms) |
+| Galerie-Grid-Layout | `components/GalerieAnzeige.tsx` → `VISIBLE`, `ROW_H`, `numGroups`-Berechnung |
+| Bucket-Namen | Alle `app/api/admin/*/route.ts` → `const BUCKET = '...'` |
+| Max. Upload-Größe | `app/api/admin/galerie/route.ts` → `MAX_SIZE` |
+
+---
+
+## Integrations-Prompt
+
+Kopiere diesen Prompt in eine neue KI-Konversation, nachdem du die `files/` in dein Projekt kopiert und die SQL-Migration ausgeführt hast. Ersetze alle `[PLATZHALTER]`.
+
+```
+Ich integriere das Website-CMS-Modul (Hero, Über uns, Galerie, Kontakt, Passwort) in mein Next.js/Supabase-Projekt.
+
+PROJEKT-KONTEXT:
+- Firmenname: [FIRMENNAME]
+- Tagline (optional): [TAGLINE oder leer lassen]
+- Hero-Eyebrow-Text: [z. B. "Ihr Ansprechpartner seit 2010"]
+- Hero-Überschrift 1 (weiß): [z. B. "Wir lieben Qualität."]
+- Hero-Überschrift 2 (akzentfarbe): [z. B. "Ihre Kunden auch."]
+- Modul 02 (Admin-Auth) ist bereits integriert (requireAdmin + getAdminSession verfügbar)
+- Tabelle `admins` mit password_hash-Spalte existiert bereits
+
+BEREITS KOPIERTE DATEIEN (aus modules/06-website-cms/files/):
+Wichtig: Ordner "id/" umbenennen zu "[id]" — betrifft:
+- app/api/admin/hero/badges/id/ → [id]/
+- app/api/admin/ueber-uns/stats/id/ → [id]/
+- app/api/admin/kontakt/oeffnungszeiten/id/ → [id]/
+- app/api/admin/kontakt/social/id/ → [id]/
+
+AUFGABEN – führe sie der Reihe nach aus:
+
+1. SQL-MIGRATION: Führe modules/06-website-cms/migrations/MIGRATIONS_WEBSITE_CMS.sql
+   im Supabase SQL-Editor aus (enthält alle Tabellen + RLS-Policies).
+
+2. SUPABASE STORAGE BUCKETS anlegen (alle Public):
+   - hero-bilder
+   - site-assets
+   - ueber-uns-bilder
+   - galerie-bilder
+
+3. BCRYPTJS installieren (für Passwort-Änderung):
+   npm install bcryptjs && npm install -D @types/bcryptjs
+
+4. SUPABASE-TYPEN: Lies lib/supabase.ts.
+   Ergänze in Database.public.Tables die Typen für:
+   hero_content, hero_badges, ueber_uns_content, ueber_uns_stats,
+   galerie_bilder, kontakt_info, kontakt_oeffnungszeiten, kontakt_social
+   (Typen aus modules/06-website-cms/TEMPLATE.md kopieren)
+
+5. STANDARDWERTE anpassen:
+   a) Lies components/admin/HeroVerwaltung.tsx.
+      Setze in DEFAULTS: site_name: '[FIRMENNAME]', site_tagline: '[TAGLINE]',
+      eyebrow_text: '[EYEBROW]', headline1: '[H1]', headline2: '[H2]'
+   b) Lies app/api/admin/hero/route.ts.
+      Setze dieselben Werte als Fallback in den PATCH-Handler-fields.
+
+6. FALLBACK-BILD: Lege eine Datei hero.jpg (oder eigenen Namen) in public/ ab.
+   Lies components/admin/HeroVerwaltung.tsx und ersetze '/hero.jpg' durch deinen Pfad.
+
+7. ÖFFENTLICHE SEITE einbinden:
+   a) Lies app/page.tsx (oder deine Hauptseite).
+      Importiere und verwende die Sektionskomponenten (Hero, UeberUns, GalerieAnzeige).
+      Für GalerieAnzeige: Daten aus galerie_bilder laden, Storage-URLs konstruieren,
+      als `bilder: GalerieBild[]`-Array übergeben.
+   b) Kontaktsektion mit Formular → Modul 07 einbinden.
+
+8. ADMIN-NAVIGATION ergänzen:
+   Lies app/admin/AdminNav.tsx (oder deine Admin-Nav).
+   Füge Links zu /admin/hero, /admin/ueber-uns, /admin/galerie, /admin/kontakt, /admin/passwort hinzu.
+   Import-Icons: Home, Info, Grid2x2, Phone, KeyRound (aus lucide-react).
+
+9. TEST:
+   a) /admin/hero → Seitenname + Texte + Hintergrundbild + Logo + Favicon speichern
+   b) /admin/ueber-uns → Texte + Statistik hinzufügen
+   c) /admin/galerie → Bild hochladen, Reihenfolge ändern
+   d) /admin/kontakt → Öffnungszeiten + Social-Links anlegen, Formular-Empfänger eintragen
+   e) /admin/passwort → Passwort ändern (aktuelles Passwort + neues Passwort)
+   f) Öffentliche Hauptseite → alle Sektionen zeigen Daten aus der DB
+
+Lies jede Datei vor dem Bearbeiten. Melde wenn alle Schritte abgeschlossen sind.
+```
--- a/modules/06-website-cms/files/app/admin/galerie/page.tsx
+++ b/modules/06-website-cms/files/app/admin/galerie/page.tsx
@ -0,0 +1,16 @@
+export const dynamic = 'force-dynamic'
+import { GalerieVerwaltung } from '@/components/admin/GalerieVerwaltung'
+import type { Metadata } from 'next'
+
+export const metadata: Metadata = { title: 'Galerie' }
+
+export default function AdminGaleriePage() {
+  return (
+    <div className="max-w-5xl mx-auto px-4 py-8">
+      <h1 className="text-2xl font-bold tracking-tight mb-6" style={{ color: 'var(--text-primary)' }}>
+        Galerie verwalten
+      </h1>
+      <GalerieVerwaltung />
+    </div>
+  )
+}
--- a/modules/06-website-cms/files/app/admin/hero/page.tsx
+++ b/modules/06-website-cms/files/app/admin/hero/page.tsx
@ -0,0 +1,16 @@
+export const dynamic = 'force-dynamic'
+import { HeroVerwaltung } from '@/components/admin/HeroVerwaltung'
+import type { Metadata } from 'next'
+
+export const metadata: Metadata = { title: 'Hero' }
+
+export default function AdminHeroPage() {
+  return (
+    <div className="max-w-4xl mx-auto px-4 py-8">
+      <h1 className="text-2xl font-bold tracking-tight mb-6" style={{ color: 'var(--text-primary)' }}>
+        Hero-Sektion
+      </h1>
+      <HeroVerwaltung />
+    </div>
+  )
+}
--- a/modules/06-website-cms/files/app/admin/kontakt/page.tsx
+++ b/modules/06-website-cms/files/app/admin/kontakt/page.tsx
@ -0,0 +1,16 @@
+export const dynamic = 'force-dynamic'
+import { KontaktVerwaltung } from '@/components/admin/KontaktVerwaltung'
+import type { Metadata } from 'next'
+
+export const metadata: Metadata = { title: 'Kontakt' }
+
+export default function AdminKontaktPage() {
+  return (
+    <div className="max-w-5xl mx-auto px-4 py-8">
+      <h1 className="text-2xl font-bold tracking-tight mb-6" style={{ color: 'var(--text-primary)' }}>
+        Kontaktdaten
+      </h1>
+      <KontaktVerwaltung />
+    </div>
+  )
+}
--- a/modules/06-website-cms/files/app/admin/passwort/page.tsx
+++ b/modules/06-website-cms/files/app/admin/passwort/page.tsx
@ -0,0 +1,21 @@
+export const dynamic = 'force-dynamic'
+import { redirect } from 'next/navigation'
+import { getAdminSession } from '@/lib/admin-auth'
+import PasswortAendern from '@/components/admin/PasswortAendern'
+
+export default async function PasswortPage() {
+  const session = await getAdminSession()
+  if (!session) redirect('/admin/login')
+
+  return (
+    <div style={{ padding: '32px', maxWidth: '600px' }}>
+      <h1 style={{ fontSize: '20px', fontWeight: 800, color: 'var(--text-primary)', marginBottom: '8px' }}>
+        Passwort ändern
+      </h1>
+      <p style={{ fontSize: '13px', color: 'var(--text-muted)', marginBottom: '28px' }}>
+        Angemeldet als <strong>{session.email}</strong>
+      </p>
+      <PasswortAendern />
+    </div>
+  )
+}
--- a/modules/06-website-cms/files/app/admin/ueber-uns/page.tsx
+++ b/modules/06-website-cms/files/app/admin/ueber-uns/page.tsx
@ -0,0 +1,16 @@
+export const dynamic = 'force-dynamic'
+import { UeberUnsVerwaltung } from '@/components/admin/UeberUnsVerwaltung'
+import type { Metadata } from 'next'
+
+export const metadata: Metadata = { title: 'Über uns' }
+
+export default function AdminUeberUnsPage() {
+  return (
+    <div className="max-w-4xl mx-auto px-4 py-8">
+      <h1 className="text-2xl font-bold tracking-tight mb-6" style={{ color: 'var(--text-primary)' }}>
+        Über uns
+      </h1>
+      <UeberUnsVerwaltung />
+    </div>
+  )
+}
--- a/modules/06-website-cms/files/app/api/admin/galerie/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/galerie/route.ts
@ -0,0 +1,67 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+const BUCKET = 'galerie-bilder'
+const ALLOWED = ['image/jpeg', 'image/jpg', 'image/png', 'image/webp']
+const MAX_SIZE = 10 * 1024 * 1024
+
+export async function GET() {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const db = createServiceClient()
+  const { data, error } = await db.from('galerie_bilder').select('*').order('reihenfolge')
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  const base = (process.env.SUPABASE_INTERNAL_URL ?? process.env.NEXT_PUBLIC_SUPABASE_URL!).replace(/\/$/, '')
+  const bilder = (data ?? []).map(b => ({ ...b, url: `${base}/storage/v1/object/public/${BUCKET}/${b.storage_path}` }))
+  return NextResponse.json({ bilder })
+}
+
+export async function POST(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const formData = await req.formData()
+  const file = formData.get('file') as File | null
+  const altText = (formData.get('alt_text') as string) ?? ''
+  if (!file) return NextResponse.json({ error: 'Keine Datei.' }, { status: 400 })
+  if (!ALLOWED.includes(file.type)) return NextResponse.json({ error: 'Nur JPG, PNG oder WebP.' }, { status: 400 })
+  if (file.size > MAX_SIZE) return NextResponse.json({ error: 'Maximal 10 MB.' }, { status: 400 })
+
+  const db = createServiceClient()
+  const ext = file.name.split('.').pop() ?? 'jpg'
+  const storagePath = `galerie/${Date.now()}.${ext}`
+
+  const { error: uploadErr } = await db.storage.from(BUCKET).upload(storagePath, await file.arrayBuffer(), { contentType: file.type, upsert: false })
+  if (uploadErr) return NextResponse.json({ error: uploadErr.message }, { status: 500 })
+
+  const { data: existing } = await db.from('galerie_bilder').select('reihenfolge').order('reihenfolge', { ascending: false }).limit(1)
+  const reihenfolge = (existing?.[0]?.reihenfolge ?? -1) + 1
+
+  const { data, error: dbErr } = await db.from('galerie_bilder').insert({ storage_path: storagePath, alt_text: altText, reihenfolge }).select().single()
+  if (dbErr) return NextResponse.json({ error: dbErr.message }, { status: 500 })
+  return NextResponse.json({ bild: data }, { status: 201 })
+}
+
+export async function PATCH(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { id, alt_text } = await req.json()
+  if (!id) return NextResponse.json({ error: 'id erforderlich' }, { status: 400 })
+  const db = createServiceClient()
+  const { error } = await db.from('galerie_bilder').update({ alt_text }).eq('id', id)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
+
+export async function DELETE(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const { id, storagePath } = await req.json()
+  if (!id || !storagePath) return NextResponse.json({ error: 'id und storagePath erforderlich' }, { status: 400 })
+  const db = createServiceClient()
+  await db.storage.from(BUCKET).remove([storagePath])
+  await db.from('galerie_bilder').delete().eq('id', id)
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/galerie/sort/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/galerie/sort/route.ts
@ -0,0 +1,17 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function POST(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const { order } = await req.json() as { order: { id: string; reihenfolge: number }[] }
+  if (!Array.isArray(order)) return NextResponse.json({ error: 'order array erforderlich' }, { status: 400 })
+
+  const db = createServiceClient()
+  await Promise.all(order.map(({ id, reihenfolge }) =>
+    db.from('galerie_bilder').update({ reihenfolge }).eq('id', id)
+  ))
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/hero/badges/id/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/hero/badges/id/route.ts
@ -0,0 +1,24 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { id } = await params
+  const body = await req.json()
+  const db = createServiceClient()
+  const { error } = await db.from('hero_badges').update(body).eq('id', id)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
+
+export async function DELETE(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { id } = await params
+  const db = createServiceClient()
+  const { error } = await db.from('hero_badges').delete().eq('id', id)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/hero/badges/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/hero/badges/route.ts
@ -0,0 +1,20 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function POST(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const { text, reihenfolge } = await req.json()
+  if (!text) return NextResponse.json({ error: 'Text erforderlich' }, { status: 400 })
+
+  const db = createServiceClient()
+  const { data, error } = await db
+    .from('hero_badges')
+    .insert({ text, reihenfolge: reihenfolge ?? 99 })
+    .select()
+    .single()
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ badge: data }, { status: 201 })
+}
--- a/modules/06-website-cms/files/app/api/admin/hero/bild/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/hero/bild/route.ts
@ -0,0 +1,52 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+const BUCKET = 'hero-bilder'
+
+export async function POST(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const db = createServiceClient()
+  const formData = await req.formData()
+  const file = formData.get('file') as File
+  if (!file) return NextResponse.json({ error: 'file erforderlich' }, { status: 400 })
+
+  const ext = file.name.split('.').pop()?.toLowerCase() ?? 'jpg'
+  const path = `bg-${Date.now()}.${ext}`
+
+  const { data: existing } = await db.from('hero_content').select('bg_image_path').limit(1).single()
+  if (existing?.bg_image_path) {
+    await db.storage.from(BUCKET).remove([existing.bg_image_path])
+  }
+
+  const { error: uploadError } = await db.storage
+    .from(BUCKET)
+    .upload(path, file, { contentType: file.type, upsert: true })
+  if (uploadError) return NextResponse.json({ error: uploadError.message }, { status: 500 })
+
+  const { data: row } = await db.from('hero_content').select('id').limit(1).single()
+  const op = row
+    ? db.from('hero_content').update({ bg_image_path: path }).eq('id', row.id)
+    : db.from('hero_content').insert({ bg_image_path: path })
+  const { error } = await op
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+
+  return NextResponse.json({ path })
+}
+
+export async function DELETE() {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const db = createServiceClient()
+  const { data: existing } = await db.from('hero_content').select('id, bg_image_path').limit(1).single()
+  if (existing?.bg_image_path) {
+    await db.storage.from(BUCKET).remove([existing.bg_image_path])
+  }
+  if (existing?.id) {
+    await db.from('hero_content').update({ bg_image_path: null }).eq('id', existing.id)
+  }
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/hero/favicon/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/hero/favicon/route.ts
@ -0,0 +1,49 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+const BUCKET = 'site-assets'
+
+export async function POST(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const db = createServiceClient()
+  const formData = await req.formData()
+  const file = formData.get('file') as File
+  if (!file) return NextResponse.json({ error: 'file erforderlich' }, { status: 400 })
+
+  const ext = file.name.split('.').pop()?.toLowerCase() ?? 'png'
+  const path = `favicon-${Date.now()}.${ext}`
+
+  const { data: existing } = await db.from('hero_content').select('favicon_path').limit(1).single()
+  if (existing?.favicon_path) {
+    await db.storage.from(BUCKET).remove([existing.favicon_path])
+  }
+
+  const { error: uploadError } = await db.storage.from(BUCKET).upload(path, file, { contentType: file.type, upsert: true })
+  if (uploadError) return NextResponse.json({ error: uploadError.message }, { status: 500 })
+
+  const { data: row } = await db.from('hero_content').select('id').limit(1).single()
+  const { error } = row
+    ? await db.from('hero_content').update({ favicon_path: path }).eq('id', row.id)
+    : await db.from('hero_content').insert({ favicon_path: path })
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+
+  return NextResponse.json({ path })
+}
+
+export async function DELETE() {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const db = createServiceClient()
+  const { data: existing } = await db.from('hero_content').select('id, favicon_path').limit(1).single()
+  if (existing?.favicon_path) {
+    await db.storage.from(BUCKET).remove([existing.favicon_path])
+  }
+  if (existing?.id) {
+    await db.from('hero_content').update({ favicon_path: null }).eq('id', existing.id)
+  }
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/hero/logo/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/hero/logo/route.ts
@ -0,0 +1,49 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+const BUCKET = 'site-assets'
+
+export async function POST(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const db = createServiceClient()
+  const formData = await req.formData()
+  const file = formData.get('file') as File
+  if (!file) return NextResponse.json({ error: 'file erforderlich' }, { status: 400 })
+
+  const ext = file.name.split('.').pop()?.toLowerCase() ?? 'png'
+  const path = `logo-${Date.now()}.${ext}`
+
+  const { data: existing } = await db.from('hero_content').select('logo_path').limit(1).single()
+  if (existing?.logo_path) {
+    await db.storage.from(BUCKET).remove([existing.logo_path])
+  }
+
+  const { error: uploadError } = await db.storage.from(BUCKET).upload(path, file, { contentType: file.type, upsert: true })
+  if (uploadError) return NextResponse.json({ error: uploadError.message }, { status: 500 })
+
+  const { data: row } = await db.from('hero_content').select('id').limit(1).single()
+  const { error } = row
+    ? await db.from('hero_content').update({ logo_path: path }).eq('id', row.id)
+    : await db.from('hero_content').insert({ logo_path: path })
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+
+  return NextResponse.json({ path })
+}
+
+export async function DELETE() {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const db = createServiceClient()
+  const { data: existing } = await db.from('hero_content').select('id, logo_path').limit(1).single()
+  if (existing?.logo_path) {
+    await db.storage.from(BUCKET).remove([existing.logo_path])
+  }
+  if (existing?.id) {
+    await db.from('hero_content').update({ logo_path: null }).eq('id', existing.id)
+  }
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/hero/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/hero/route.ts
@ -0,0 +1,43 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function GET() {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const db = createServiceClient()
+  const [{ data: content }, { data: badges }] = await Promise.all([
+    db.from('hero_content').select('*').limit(1).single(),
+    db.from('hero_badges').select('*').order('reihenfolge'),
+  ])
+  return NextResponse.json({ content: content ?? null, badges: badges ?? [] })
+}
+
+export async function PATCH(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const body = await req.json()
+  const db = createServiceClient()
+  const { data: existing } = await db.from('hero_content').select('id').limit(1).single()
+  const fields = {
+    site_name: body.site_name ?? 'Musterfirma',
+    site_tagline: body.site_tagline ?? '',
+    eyebrow_text: body.eyebrow_text ?? 'Ihr Slogan hier',
+    headline1: body.headline1 ?? 'Wir lieben Qualität.',
+    headline2: body.headline2 ?? 'Ihre Kunden auch.',
+    subtext1: body.subtext1 ?? '',
+    subtext2: body.subtext2 ?? '',
+    cta1_text: body.cta1_text ?? 'Jetzt anfragen',
+    cta1_href: body.cta1_href ?? '#kontakt',
+    cta2_text: body.cta2_text ?? 'Unsere Leistungen',
+    cta2_href: body.cta2_href ?? '#leistungen',
+    updated_at: new Date().toISOString(),
+  }
+  const { error } = existing
+    ? await db.from('hero_content').update(fields).eq('id', existing.id)
+    : await db.from('hero_content').insert(fields)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/kontakt/oeffnungszeiten/id/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/kontakt/oeffnungszeiten/id/route.ts
@ -0,0 +1,24 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { id } = await params
+  const body = await req.json()
+  const db = createServiceClient()
+  const { error } = await db.from('kontakt_oeffnungszeiten').update(body).eq('id', id)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
+
+export async function DELETE(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { id } = await params
+  const db = createServiceClient()
+  const { error } = await db.from('kontakt_oeffnungszeiten').delete().eq('id', id)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/kontakt/oeffnungszeiten/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/kontakt/oeffnungszeiten/route.ts
@ -0,0 +1,14 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function POST(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { tag, von, bis, reihenfolge } = await req.json()
+  if (!tag || !von || !bis) return NextResponse.json({ error: 'tag, von und bis erforderlich' }, { status: 400 })
+  const db = createServiceClient()
+  const { data, error } = await db.from('kontakt_oeffnungszeiten').insert({ tag, von, bis, reihenfolge: reihenfolge ?? 99 }).select().single()
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ eintrag: data }, { status: 201 })
+}
--- a/modules/06-website-cms/files/app/api/admin/kontakt/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/kontakt/route.ts
@ -0,0 +1,36 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function GET() {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const db = createServiceClient()
+  const [{ data: info }, { data: zeiten }, { data: social }] = await Promise.all([
+    db.from('kontakt_info').select('*').limit(1).single(),
+    db.from('kontakt_oeffnungszeiten').select('*').order('reihenfolge'),
+    db.from('kontakt_social').select('*').order('reihenfolge'),
+  ])
+  return NextResponse.json({ info: info ?? null, oeffnungszeiten: zeiten ?? [], social: social ?? [] })
+}
+
+export async function PATCH(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const body = await req.json()
+  const db = createServiceClient()
+  const { data: existing } = await db.from('kontakt_info').select('id').limit(1).single()
+  const fields = {
+    telefon: body.telefon ?? '',
+    email: body.email ?? '',
+    adresse_zeile1: body.adresse_zeile1 ?? '',
+    adresse_zeile2: body.adresse_zeile2 ?? '',
+    formular_empfaenger: body.formular_empfaenger ?? '',
+    updated_at: new Date().toISOString(),
+  }
+  const { error } = existing
+    ? await db.from('kontakt_info').update(fields).eq('id', existing.id)
+    : await db.from('kontakt_info').insert(fields)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/kontakt/social/id/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/kontakt/social/id/route.ts
@ -0,0 +1,24 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { id } = await params
+  const body = await req.json()
+  const db = createServiceClient()
+  const { error } = await db.from('kontakt_social').update(body).eq('id', id)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
+
+export async function DELETE(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { id } = await params
+  const db = createServiceClient()
+  const { error } = await db.from('kontakt_social').delete().eq('id', id)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/kontakt/social/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/kontakt/social/route.ts
@ -0,0 +1,14 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function POST(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { platform, url, reihenfolge } = await req.json()
+  if (!platform || !url) return NextResponse.json({ error: 'platform und url erforderlich' }, { status: 400 })
+  const db = createServiceClient()
+  const { data, error } = await db.from('kontakt_social').insert({ platform, url, reihenfolge: reihenfolge ?? 99 }).select().single()
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ eintrag: data }, { status: 201 })
+}
--- a/modules/06-website-cms/files/app/api/admin/passwort/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/passwort/route.ts
@ -0,0 +1,30 @@
+import { NextRequest, NextResponse } from 'next/server'
+import bcrypt from 'bcryptjs'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function POST(req: NextRequest) {
+  const session = await requireAdmin()
+  if (session instanceof NextResponse) return session
+
+  const { currentPassword, newPassword } = await req.json()
+  if (!currentPassword || !newPassword) {
+    return NextResponse.json({ error: 'Alle Felder erforderlich.' }, { status: 400 })
+  }
+  if (newPassword.length < 8) {
+    return NextResponse.json({ error: 'Neues Passwort muss mindestens 8 Zeichen haben.' }, { status: 400 })
+  }
+
+  const db = createServiceClient()
+  const { data: admin } = await db.from('admins').select('password_hash').eq('id', session.id).single()
+  if (!admin) return NextResponse.json({ error: 'Admin nicht gefunden.' }, { status: 404 })
+
+  const ok = await bcrypt.compare(currentPassword, admin.password_hash)
+  if (!ok) return NextResponse.json({ error: 'Aktuelles Passwort ist falsch.' }, { status: 401 })
+
+  const hash = await bcrypt.hash(newPassword, 10)
+  const { error } = await db.from('admins').update({ password_hash: hash }).eq('id', session.id)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/ueber-uns/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/ueber-uns/route.ts
@ -0,0 +1,34 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function GET() {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const db = createServiceClient()
+  const [{ data: content }, { data: stats }] = await Promise.all([
+    db.from('ueber_uns_content').select('*').limit(1).single(),
+    db.from('ueber_uns_stats').select('*').order('reihenfolge'),
+  ])
+  return NextResponse.json({ content: content ?? null, stats: stats ?? [] })
+}
+
+export async function PATCH(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const body = await req.json()
+  const db = createServiceClient()
+  const { data: existing } = await db.from('ueber_uns_content').select('id').limit(1).single()
+  const fields = {
+    eyebrow_text: body.eyebrow_text ?? 'Klein, aber fein',
+    absatz1: body.absatz1 ?? '',
+    absatz2: body.absatz2 ?? '',
+    bild_url: body.bild_url ?? null,
+    updated_at: new Date().toISOString(),
+  }
+  const { error } = existing
+    ? await db.from('ueber_uns_content').update(fields).eq('id', existing.id)
+    : await db.from('ueber_uns_content').insert(fields)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/ueber-uns/stats/id/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/ueber-uns/stats/id/route.ts
@ -0,0 +1,24 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { id } = await params
+  const body = await req.json()
+  const db = createServiceClient()
+  const { error } = await db.from('ueber_uns_stats').update(body).eq('id', id)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
+
+export async function DELETE(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { id } = await params
+  const db = createServiceClient()
+  const { error } = await db.from('ueber_uns_stats').delete().eq('id', id)
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ success: true })
+}
--- a/modules/06-website-cms/files/app/api/admin/ueber-uns/stats/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/ueber-uns/stats/route.ts
@ -0,0 +1,14 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+export async function POST(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+  const { wert, label, reihenfolge } = await req.json()
+  if (!wert || !label) return NextResponse.json({ error: 'Wert und Label erforderlich' }, { status: 400 })
+  const db = createServiceClient()
+  const { data, error } = await db.from('ueber_uns_stats').insert({ wert, label, reihenfolge: reihenfolge ?? 99 }).select().single()
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+  return NextResponse.json({ stat: data }, { status: 201 })
+}
--- a/modules/06-website-cms/files/app/api/admin/ueber-uns/upload/route.ts
+++ b/modules/06-website-cms/files/app/api/admin/ueber-uns/upload/route.ts
@ -0,0 +1,27 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import { createServiceClient } from '@/lib/supabase'
+
+const BUCKET = 'ueber-uns-bilder'
+const ALLOWED = ['image/jpeg', 'image/jpg', 'image/png', 'image/webp']
+const MAX_SIZE = 8 * 1024 * 1024
+
+export async function POST(req: NextRequest) {
+  const check = await requireAdmin()
+  if (check instanceof NextResponse) return check
+
+  const formData = await req.formData()
+  const file = formData.get('file') as File | null
+  if (!file) return NextResponse.json({ error: 'Keine Datei.' }, { status: 400 })
+  if (!ALLOWED.includes(file.type)) return NextResponse.json({ error: 'Nur JPG, PNG oder WebP.' }, { status: 400 })
+  if (file.size > MAX_SIZE) return NextResponse.json({ error: 'Maximal 8 MB.' }, { status: 400 })
+
+  const db = createServiceClient()
+  const ext = file.name.split('.').pop() ?? 'jpg'
+  const path = `ueber-uns/${Date.now()}.${ext}`
+  const { error } = await db.storage.from(BUCKET).upload(path, await file.arrayBuffer(), { contentType: file.type, upsert: true })
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 })
+
+  const base = (process.env.SUPABASE_INTERNAL_URL ?? process.env.NEXT_PUBLIC_SUPABASE_URL!).replace(/\/$/, '')
+  return NextResponse.json({ url: `${base}/storage/v1/object/public/${BUCKET}/${path}` })
+}
--- a/modules/06-website-cms/files/components/GalerieAnzeige.tsx
+++ b/modules/06-website-cms/files/components/GalerieAnzeige.tsx
@ -0,0 +1,155 @@
+'use client'
+
+import { useState, useEffect, useRef } from 'react'
+
+export interface GalerieBild { id: string; src: string; alt: string }
+
+interface Slot { bild: GalerieBild; phase: 'idle' | 'out' | 'in' }
+
+const VISIBLE = 12
+const INTERVAL_MS = 1500
+const FLIP_MS = 360
+const GAP = 8
+const ROW_H = 165
+
+function shuffle<T>(arr: T[]): T[] {
+  const a = [...arr]
+  for (let i = a.length - 1; i > 0; i--) {
+    const j = Math.floor(Math.random() * (i + 1));
+    [a[i], a[j]] = [a[j], a[i]]
+  }
+  return a
+}
+
+export function GalerieAnzeige({ bilder }: { bilder: GalerieBild[] }) {
+  const n = Math.min(bilder.length, VISIBLE)
+
+  // Kein shuffle im initializer → Server und Client rendern identisch → kein Hydration-Mismatch
+  const [slots, setSlots] = useState<Slot[]>(() =>
+    bilder.slice(0, n).map(b => ({ bild: b, phase: 'idle' as const }))
+  )
+
+  const slotsRef = useRef<Slot[]>(slots)
+  useEffect(() => { slotsRef.current = slots }, [slots])
+
+  const flipping = useRef(new Set<number>())
+  const poolRef = useRef<GalerieBild[]>([])
+  const poolIdxRef = useRef(0)
+
+  useEffect(() => {
+    // Läuft nur auf dem Client, nach der Hydration
+    const shuffled = shuffle([...bilder])
+    poolRef.current = shuffled
+    poolIdxRef.current = n
+
+    setSlots(shuffled.slice(0, n).map(b => ({ bild: b, phase: 'idle' as const })))
+
+    if (bilder.length < 2) return
+
+    const id = setInterval(() => {
+      const cur = slotsRef.current
+      const free = cur.map((_, i) => i).filter(i => !flipping.current.has(i))
+      if (free.length === 0) return
+
+      const si = free[Math.floor(Math.random() * free.length)]
+
+      if (bilder.length > VISIBLE) {
+        const next = poolRef.current[poolIdxRef.current % poolRef.current.length]
+        poolIdxRef.current++
+        flip(si, next)
+      } else {
+        const others = free.filter(i => i !== si)
+        if (others.length === 0) return
+        const oi = others[Math.floor(Math.random() * others.length)]
+        flip(si, cur[oi].bild)
+        flip(oi, cur[si].bild)
+      }
+    }, INTERVAL_MS)
+
+    return () => clearInterval(id)
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, []) // bewusst leer: läuft genau einmal nach Mount
+
+  function flip(i: number, newBild: GalerieBild) {
+    flipping.current.add(i)
+    setSlots(p => p.map((s, j) => j === i ? { ...s, phase: 'out' } : s))
+    setTimeout(() => {
+      setSlots(p => p.map((s, j) => j === i ? { bild: newBild, phase: 'in' } : s))
+      setTimeout(() => {
+        setSlots(p => p.map((s, j) => j === i ? { ...s, phase: 'idle' } : s))
+        flipping.current.delete(i)
+      }, FLIP_MS)
+    }, FLIP_MS)
+  }
+
+  const imgStyle = (phase: string): React.CSSProperties => ({
+    position: 'absolute', inset: 0, width: '100%', height: '100%',
+    objectFit: 'cover', objectPosition: 'center',
+    animation:
+      phase === 'out' ? `galFlipOut ${FLIP_MS}ms ease-in forwards` :
+      phase === 'in'  ? `galFlipIn ${FLIP_MS}ms ease-out forwards` :
+      'none',
+  })
+
+  const numGroups = Math.ceil(slots.length / 4)
+
+  return (
+    <>
+      <style>{`
+        @keyframes galFlipOut {
+          from { transform: perspective(700px) rotateY(0deg); }
+          to   { transform: perspective(700px) rotateY(90deg); }
+        }
+        @keyframes galFlipIn {
+          from { transform: perspective(700px) rotateY(-90deg); }
+          to   { transform: perspective(700px) rotateY(0deg); }
+        }
+        .galerie-cell:hover .galerie-hl { opacity: 1 !important; }
+      `}</style>
+
+      {/* Mobile */}
+      <div className="grid grid-cols-2 gap-2 md:hidden">
+        {slots.map((slot, si) => (
+          <div key={si} className="galerie-cell relative aspect-[4/3] overflow-hidden rounded-lg">
+            {/* eslint-disable-next-line @next/next/no-img-element */}
+            <img src={slot.bild.src} alt={slot.bild.alt} style={imgStyle(slot.phase)} />
+            <div className="galerie-hl absolute inset-0 transition-opacity duration-300"
+              style={{ background: 'rgba(76,175,80,0.15)', opacity: 0 }} />
+          </div>
+        ))}
+      </div>
+
+      {/* Desktop */}
+      <div className="hidden md:flex flex-col" style={{ gap: GAP }}>
+        {Array.from({ length: numGroups }, (_, gi) => {
+          const bigLeft = gi % 2 === 0
+          return (
+            <div key={gi} style={{
+              display: 'grid',
+              gridTemplateColumns: bigLeft ? '2fr 1fr' : '1fr 2fr',
+              gridTemplateRows: `repeat(3, ${ROW_H}px)`,
+              gap: GAP,
+            }}>
+              {[0, 1, 2, 3].map(idx => {
+                const si = gi * 4 + idx
+                const slot = slots[si]
+                if (!slot) return null
+                const cellStyle: React.CSSProperties = bigLeft
+                  ? { gridColumn: idx === 0 ? '1' : '2', gridRow: idx === 0 ? '1/4' : `${idx}` }
+                  : { gridColumn: idx === 3 ? '2' : '1', gridRow: idx === 3 ? '1/4' : `${idx + 1}` }
+                return (
+                  <div key={si} className="galerie-cell relative overflow-hidden rounded-lg" style={cellStyle}>
+                    {/* eslint-disable-next-line @next/next/no-img-element */}
+                    <img src={slot.bild.src} alt={slot.bild.alt} style={imgStyle(slot.phase)} />
+                    <div className="galerie-hl absolute inset-0 transition-opacity duration-300"
+                      style={{ background: 'rgba(76,175,80,0.15)', opacity: 0 }} />
+                  </div>
+                )
+              })}
+            </div>
+          )
+        })}
+      </div>
+    </>
+  )
+}
--- a/modules/06-website-cms/files/components/admin/GalerieVerwaltung.tsx
+++ b/modules/06-website-cms/files/components/admin/GalerieVerwaltung.tsx
@ -0,0 +1,86 @@
+'use client'
+import { useState, useEffect, useRef } from 'react'
+
+interface GalerieBild { id: string; storage_path: string; alt_text: string; reihenfolge: number; url: string }
+
+export function GalerieVerwaltung() {
+  const [bilder, setBilder] = useState<GalerieBild[]>([])
+  const [uploading, setUploading] = useState(false)
+  const [loading, setLoading] = useState(true)
+  const fileRef = useRef<HTMLInputElement>(null)
+
+  useEffect(() => {
+    fetch('/api/admin/galerie').then(r => r.json()).then(({ bilder: b }) => { setBilder(b ?? []); setLoading(false) })
+  }, [])
+
+  async function handleUpload(e: React.ChangeEvent<HTMLInputElement>) {
+    const files = Array.from(e.target.files ?? [])
+    if (!files.length) return
+    setUploading(true)
+    for (const file of files) {
+      const fd = new FormData(); fd.append('file', file); fd.append('alt_text', file.name.replace(/\.[^.]+$/, ''))
+      const res = await fetch('/api/admin/galerie', { method: 'POST', body: fd })
+      const { bild, error } = await res.json()
+      if (bild) {
+        const base = process.env.NEXT_PUBLIC_SUPABASE_URL ?? ''
+        setBilder(prev => [...prev, { ...bild, url: `${base}/storage/v1/object/public/galerie-bilder/${bild.storage_path}` }])
+      } else { alert(error ?? 'Upload fehlgeschlagen') }
+    }
+    setUploading(false)
+    if (fileRef.current) fileRef.current.value = ''
+  }
+
+  async function handleDelete(bild: GalerieBild) {
+    if (!confirm(`"${bild.alt_text || bild.storage_path}" löschen?`)) return
+    await fetch('/api/admin/galerie', { method: 'DELETE', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ id: bild.id, storagePath: bild.storage_path }) })
+    setBilder(prev => prev.filter(b => b.id !== bild.id))
+  }
+
+  async function move(index: number, dir: -1 | 1) {
+    const newBilder = [...bilder]
+    const target = index + dir
+    if (target < 0 || target >= newBilder.length) return
+    ;[newBilder[index], newBilder[target]] = [newBilder[target], newBilder[index]]
+    const withOrder = newBilder.map((b, i) => ({ ...b, reihenfolge: i }))
+    setBilder(withOrder)
+    await fetch('/api/admin/galerie/sort', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ order: withOrder.map(b => ({ id: b.id, reihenfolge: b.reihenfolge })) }) })
+  }
+
+  if (loading) return <p style={{ color: 'var(--text-muted)' }}>Lade…</p>
+
+  return (
+    <div>
+      <div style={{ display: 'flex', alignItems: 'center', gap: '12px', marginBottom: '24px' }}>
+        <button onClick={() => fileRef.current?.click()} disabled={uploading} style={{ padding: '9px 18px', borderRadius: '6px', background: 'var(--accent)', color: '#fff', fontWeight: 700, border: 'none', cursor: 'pointer', fontSize: '13px' }}>
+          {uploading ? 'Hochladen…' : '+ Bilder hochladen'}
+        </button>
+        <input ref={fileRef} type="file" accept="image/*" multiple onChange={handleUpload} style={{ display: 'none' }} />
+        <span style={{ fontSize: '13px', color: 'var(--text-muted)' }}>{bilder.length} Bilder · Reihenfolge per ↑↓</span>
+      </div>
+
+      <div style={{ display: 'grid', gridTemplateColumns: 'repeat(auto-fill, minmax(180px, 1fr))', gap: '12px' }}>
+        {bilder.map((bild, i) => (
+          <div key={bild.id} style={{ background: 'var(--surface)', border: '1px solid var(--border-color)', borderRadius: '8px', overflow: 'hidden' }}>
+            {/* eslint-disable-next-line @next/next/no-img-element */}
+            <img src={bild.url} alt={bild.alt_text} style={{ width: '100%', height: '120px', objectFit: 'cover', display: 'block' }} />
+            <div style={{ padding: '8px', display: 'flex', flexDirection: 'column', gap: '6px' }}>
+              <input
+                style={{ fontSize: '11px', padding: '4px 8px', borderRadius: '4px', border: '1px solid var(--border-color)', background: 'var(--bg)', color: 'var(--text-muted)', width: '100%', boxSizing: 'border-box' }}
+                defaultValue={bild.alt_text}
+                placeholder="Alt-Text"
+                onBlur={async e => { await fetch('/api/admin/galerie', { method: 'PATCH', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ id: bild.id, alt_text: e.target.value }) }) }}
+              />
+              <div style={{ display: 'flex', gap: '4px', justifyContent: 'space-between' }}>
+                <div style={{ display: 'flex', gap: '4px' }}>
+                  <button onClick={() => move(i, -1)} disabled={i === 0} style={{ padding: '3px 7px', borderRadius: '4px', border: '1px solid var(--border-color)', background: 'transparent', color: 'var(--text-muted)', cursor: 'pointer', fontSize: '12px' }}>↑</button>
+                  <button onClick={() => move(i, 1)} disabled={i === bilder.length - 1} style={{ padding: '3px 7px', borderRadius: '4px', border: '1px solid var(--border-color)', background: 'transparent', color: 'var(--text-muted)', cursor: 'pointer', fontSize: '12px' }}>↓</button>
+                </div>
+                <button onClick={() => handleDelete(bild)} style={{ padding: '3px 7px', borderRadius: '4px', border: '1px solid rgba(220,38,38,0.3)', background: 'transparent', color: '#f87171', cursor: 'pointer', fontSize: '12px' }}>✕</button>
+              </div>
+            </div>
+          </div>
+        ))}
+      </div>
+    </div>
+  )
+}
--- a/modules/06-website-cms/files/components/admin/HeroVerwaltung.tsx
+++ b/modules/06-website-cms/files/components/admin/HeroVerwaltung.tsx
@ -0,0 +1,339 @@
+'use client'
+import { useState, useEffect, useRef } from 'react'
+
+interface HeroContent {
+  site_name: string
+  site_tagline: string
+  eyebrow_text: string
+  headline1: string
+  headline2: string
+  subtext1: string
+  subtext2: string
+  cta1_text: string; cta1_href: string
+  cta2_text: string; cta2_href: string
+  bg_image_path: string | null
+}
+interface Badge { id: string; text: string; reihenfolge: number }
+
+const inp: React.CSSProperties = {
+  width: '100%', padding: '8px 12px', borderRadius: '6px',
+  border: '1px solid var(--border-color)', background: 'var(--bg)',
+  color: 'var(--text-primary)', fontSize: '14px', boxSizing: 'border-box',
+}
+const lbl: React.CSSProperties = {
+  fontSize: '11px', fontWeight: 600, textTransform: 'uppercase',
+  letterSpacing: '1px', color: 'var(--text-muted)', display: 'block', marginBottom: '6px',
+}
+const section: React.CSSProperties = {
+  background: 'var(--surface)', border: '1px solid var(--border-color)',
+  borderLeft: '3px solid var(--accent)', borderRadius: '8px', padding: '20px',
+}
+
+// ← Standardwerte an eigenes Projekt anpassen
+const DEFAULTS: HeroContent = {
+  site_name: 'Musterfirma',
+  site_tagline: '',
+  eyebrow_text: 'Ihr Slogan hier',
+  headline1: 'Wir lieben Qualität.',
+  headline2: 'Ihre Kunden auch.',
+  subtext1: '', subtext2: '',
+  cta1_text: 'Jetzt anfragen', cta1_href: '#kontakt',
+  cta2_text: 'Unsere Leistungen', cta2_href: '#leistungen',
+  bg_image_path: null,
+}
+
+export function HeroVerwaltung() {
+  const [content, setContent] = useState<HeroContent>(DEFAULTS)
+  const [badges, setBadges] = useState<Badge[]>([])
+  const [newBadge, setNewBadge] = useState('')
+  const [saving, setSaving] = useState(false)
+  const [saved, setSaved] = useState(false)
+  const [loading, setLoading] = useState(true)
+  const [uploading, setUploading] = useState(false)
+  const [bgPreview, setBgPreview] = useState<string | null>(null)
+  const fileRef = useRef<HTMLInputElement>(null)
+  const logoRef = useRef<HTMLInputElement>(null)
+  const faviconRef = useRef<HTMLInputElement>(null)
+  const [logoPath, setLogoPath] = useState<string | null>(null)
+  const [faviconPath, setFaviconPath] = useState<string | null>(null)
+  const [uploadingLogo, setUploadingLogo] = useState(false)
+  const [uploadingFavicon, setUploadingFavicon] = useState(false)
+
+  const supabaseUrl = (process.env.NEXT_PUBLIC_SUPABASE_URL ?? '').replace(/\/$/, '')
+
+  useEffect(() => {
+    fetch('/api/admin/hero').then(r => r.json()).then(({ content: c, badges: b }) => {
+      if (c) {
+        setContent({ ...DEFAULTS, ...c })
+        if (c.logo_path) setLogoPath(c.logo_path)
+        if (c.favicon_path) setFaviconPath(c.favicon_path)
+      }
+      setBadges(b ?? [])
+      setLoading(false)
+    })
+  }, [])
+
+  const bgUrl = content.bg_image_path
+    ? `${supabaseUrl}/storage/v1/object/public/hero-bilder/${content.bg_image_path}`
+    : null
+
+  async function handleSave(e: React.FormEvent) {
+    e.preventDefault()
+    setSaving(true)
+    await fetch('/api/admin/hero', {
+      method: 'PATCH',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(content),
+    })
+    setSaving(false); setSaved(true); setTimeout(() => setSaved(false), 2000)
+  }
+
+  async function uploadBg(file: File) {
+    setUploading(true)
+    setBgPreview(URL.createObjectURL(file))
+    const fd = new FormData()
+    fd.append('file', file)
+    const res = await fetch('/api/admin/hero/bild', { method: 'POST', body: fd })
+    const json = await res.json()
+    if (res.ok) setContent(p => ({ ...p, bg_image_path: json.path }))
+    setUploading(false)
+    if (fileRef.current) fileRef.current.value = ''
+  }
+
+  async function deleteBg() {
+    await fetch('/api/admin/hero/bild', { method: 'DELETE' })
+    setContent(p => ({ ...p, bg_image_path: null }))
+    setBgPreview(null)
+  }
+
+  async function uploadLogo(file: File) {
+    setUploadingLogo(true)
+    const fd = new FormData(); fd.append('file', file)
+    const res = await fetch('/api/admin/hero/logo', { method: 'POST', body: fd })
+    const json = await res.json()
+    if (res.ok) setLogoPath(json.path)
+    setUploadingLogo(false)
+    if (logoRef.current) logoRef.current.value = ''
+  }
+
+  async function deleteLogo() {
+    await fetch('/api/admin/hero/logo', { method: 'DELETE' })
+    setLogoPath(null)
+  }
+
+  async function uploadFavicon(file: File) {
+    setUploadingFavicon(true)
+    const fd = new FormData(); fd.append('file', file)
+    const res = await fetch('/api/admin/hero/favicon', { method: 'POST', body: fd })
+    const json = await res.json()
+    if (res.ok) setFaviconPath(json.path)
+    setUploadingFavicon(false)
+    if (faviconRef.current) faviconRef.current.value = ''
+  }
+
+  async function deleteFavicon() {
+    await fetch('/api/admin/hero/favicon', { method: 'DELETE' })
+    setFaviconPath(null)
+  }
+
+  async function addBadge() {
+    if (!newBadge.trim()) return
+    const res = await fetch('/api/admin/hero/badges', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ text: newBadge.trim(), reihenfolge: badges.length }),
+    })
+    const { badge } = await res.json()
+    setBadges(prev => [...prev, badge]); setNewBadge('')
+  }
+
+  async function deleteBadge(id: string) {
+    await fetch(`/api/admin/hero/badges/${id}`, { method: 'DELETE' })
+    setBadges(prev => prev.filter(b => b.id !== id))
+  }
+
+  if (loading) return <p style={{ color: 'var(--text-muted)' }}>Lade…</p>
+
+  return (
+    <div style={{ display: 'flex', flexDirection: 'column', gap: '24px' }}>
+      <form onSubmit={handleSave} style={{ display: 'grid', gridTemplateColumns: '1fr 1fr', gap: '24px', alignItems: 'start' }}>
+
+        {/* Linke Spalte: Texte */}
+        <div style={{ display: 'flex', flexDirection: 'column', gap: '16px' }}>
+          <div style={section}>
+            <p style={{ fontSize: '13px', fontWeight: 700, color: 'var(--text-primary)', marginBottom: '16px' }}>Navbar (Logo)</p>
+            <div style={{ display: 'flex', flexDirection: 'column', gap: '12px' }}>
+              <div>
+                <label style={lbl}>Seitenname (Titel)</label>
+                <input style={inp} value={content.site_name} onChange={e => setContent(p => ({ ...p, site_name: e.target.value }))} placeholder="z. B. Musterfirma" />
+              </div>
+              <div>
+                <label style={lbl}>Tagline (Untertitel)</label>
+                <input style={inp} value={content.site_tagline} onChange={e => setContent(p => ({ ...p, site_tagline: e.target.value }))} placeholder="z. B. Ihr Dienstleister aus der Region" />
+              </div>
+            </div>
+          </div>
+
+          <div style={section}>
+            <p style={{ fontSize: '13px', fontWeight: 700, color: 'var(--text-primary)', marginBottom: '16px' }}>Überschriften</p>
+            <div style={{ display: 'flex', flexDirection: 'column', gap: '12px' }}>
+              <div>
+                <label style={lbl}>Eyebrow-Text</label>
+                <input style={inp} value={content.eyebrow_text} onChange={e => setContent(p => ({ ...p, eyebrow_text: e.target.value }))} placeholder="z. B. Ihr Slogan hier" />
+              </div>
+              <div>
+                <label style={lbl}>Überschrift Zeile 1 (weiß)</label>
+                <input style={inp} value={content.headline1} onChange={e => setContent(p => ({ ...p, headline1: e.target.value }))} placeholder="z. B. Wir lieben Qualität." />
+              </div>
+              <div>
+                <label style={lbl}>Überschrift Zeile 2 (Akzentfarbe)</label>
+                <input style={inp} value={content.headline2} onChange={e => setContent(p => ({ ...p, headline2: e.target.value }))} placeholder="z. B. Ihre Kunden auch." />
+              </div>
+            </div>
+          </div>
+
+          <div style={section}>
+            <p style={{ fontSize: '13px', fontWeight: 700, color: 'var(--text-primary)', marginBottom: '16px' }}>Fließtexte</p>
+            <div style={{ display: 'flex', flexDirection: 'column', gap: '12px' }}>
+              <div>
+                <label style={lbl}>Subtext 1 (groß)</label>
+                <textarea rows={3} style={{ ...inp, resize: 'vertical' }} value={content.subtext1} onChange={e => setContent(p => ({ ...p, subtext1: e.target.value }))} />
+              </div>
+              <div>
+                <label style={lbl}>Subtext 2 (klein)</label>
+                <textarea rows={3} style={{ ...inp, resize: 'vertical' }} value={content.subtext2} onChange={e => setContent(p => ({ ...p, subtext2: e.target.value }))} />
+              </div>
+            </div>
+          </div>
+
+          <div style={section}>
+            <p style={{ fontSize: '13px', fontWeight: 700, color: 'var(--text-primary)', marginBottom: '16px' }}>Buttons</p>
+            <div style={{ display: 'flex', flexDirection: 'column', gap: '12px' }}>
+              <div>
+                <label style={lbl}>Button 1 (primär)</label>
+                <div style={{ display: 'grid', gridTemplateColumns: '1fr 1fr', gap: '8px' }}>
+                  <input style={inp} value={content.cta1_text} onChange={e => setContent(p => ({ ...p, cta1_text: e.target.value }))} placeholder="Jetzt anfragen" />
+                  <input style={inp} value={content.cta1_href} onChange={e => setContent(p => ({ ...p, cta1_href: e.target.value }))} placeholder="#kontakt" />
+                </div>
+              </div>
+              <div>
+                <label style={lbl}>Button 2 (sekundär)</label>
+                <div style={{ display: 'grid', gridTemplateColumns: '1fr 1fr', gap: '8px' }}>
+                  <input style={inp} value={content.cta2_text} onChange={e => setContent(p => ({ ...p, cta2_text: e.target.value }))} placeholder="Unsere Leistungen" />
+                  <input style={inp} value={content.cta2_href} onChange={e => setContent(p => ({ ...p, cta2_href: e.target.value }))} placeholder="#leistungen" />
+                </div>
+              </div>
+            </div>
+          </div>
+
+          <button type="submit" disabled={saving} style={{ padding: '10px', borderRadius: '6px', background: 'var(--accent)', color: '#fff', fontWeight: 700, border: 'none', cursor: 'pointer', fontSize: '14px' }}>
+            {saving ? 'Speichert…' : saved ? '✓ Gespeichert' : 'Alles speichern'}
+          </button>
+        </div>
+
+        {/* Rechte Spalte: Bilder + Badges */}
+        <div style={{ display: 'flex', flexDirection: 'column', gap: '16px' }}>
+
+          {/* Logo */}
+          <div style={section}>
+            <p style={{ fontSize: '13px', fontWeight: 700, color: 'var(--text-primary)', marginBottom: '16px' }}>Logo</p>
+            <div style={{ display: 'flex', alignItems: 'center', gap: '12px', marginBottom: '12px', padding: '12px', borderRadius: '6px', background: 'var(--bg)', border: '1px solid var(--border-color)', minHeight: '56px' }}>
+              {logoPath
+                ? /* eslint-disable-next-line @next/next/no-img-element */
+                  <img src={`${supabaseUrl}/storage/v1/object/public/site-assets/${logoPath}`} alt="Logo" style={{ height: '40px', width: 'auto', objectFit: 'contain' }} />
+                : <span style={{ fontSize: '12px', color: 'var(--text-muted)' }}>Kein Logo — Textname wird angezeigt</span>
+              }
+              {logoPath && (
+                <button type="button" onClick={deleteLogo} style={{ marginLeft: 'auto', padding: '4px 10px', borderRadius: '4px', background: 'transparent', color: '#f87171', border: '1px solid rgba(220,38,38,0.3)', cursor: 'pointer', fontSize: '12px' }}>✕ Entfernen</button>
+              )}
+            </div>
+            <input ref={logoRef} type="file" accept="image/*" style={{ display: 'none' }} onChange={e => { const f = e.target.files?.[0]; if (f) uploadLogo(f) }} />
+            <button type="button" onClick={() => logoRef.current?.click()} disabled={uploadingLogo} style={{ width: '100%', padding: '8px', borderRadius: '6px', background: 'transparent', border: '1px dashed var(--border-color)', color: 'var(--text-muted)', cursor: 'pointer', fontSize: '13px' }}>
+              {uploadingLogo ? 'Wird hochgeladen…' : '+ Logo hochladen (PNG/SVG empfohlen)'}
+            </button>
+          </div>
+
+          {/* Favicon */}
+          <div style={section}>
+            <p style={{ fontSize: '13px', fontWeight: 700, color: 'var(--text-primary)', marginBottom: '16px' }}>Favicon (Browser-Tab-Icon)</p>
+            <div style={{ display: 'flex', alignItems: 'center', gap: '12px', marginBottom: '12px', padding: '12px', borderRadius: '6px', background: 'var(--bg)', border: '1px solid var(--border-color)', minHeight: '56px' }}>
+              {faviconPath
+                ? /* eslint-disable-next-line @next/next/no-img-element */
+                  <img src={`${supabaseUrl}/storage/v1/object/public/site-assets/${faviconPath}`} alt="Favicon" style={{ width: '32px', height: '32px', objectFit: 'contain' }} />
+                : <span style={{ fontSize: '12px', color: 'var(--text-muted)' }}>Kein Favicon — Standard-Icon wird verwendet</span>
+              }
+              {faviconPath && (
+                <button type="button" onClick={deleteFavicon} style={{ marginLeft: 'auto', padding: '4px 10px', borderRadius: '4px', background: 'transparent', color: '#f87171', border: '1px solid rgba(220,38,38,0.3)', cursor: 'pointer', fontSize: '12px' }}>✕ Entfernen</button>
+              )}
+            </div>
+            <input ref={faviconRef} type="file" accept="image/*, .ico" style={{ display: 'none' }} onChange={e => { const f = e.target.files?.[0]; if (f) uploadFavicon(f) }} />
+            <button type="button" onClick={() => faviconRef.current?.click()} disabled={uploadingFavicon} style={{ width: '100%', padding: '8px', borderRadius: '6px', background: 'transparent', border: '1px dashed var(--border-color)', color: 'var(--text-muted)', cursor: 'pointer', fontSize: '13px' }}>
+              {uploadingFavicon ? 'Wird hochgeladen…' : '+ Favicon hochladen (.ico / PNG / SVG)'}
+            </button>
+          </div>
+
+          {/* Hintergrundbild */}
+          <div style={section}>
+            <p style={{ fontSize: '13px', fontWeight: 700, color: 'var(--text-primary)', marginBottom: '16px' }}>Hintergrundbild</p>
+            <div style={{ position: 'relative', width: '100%', aspectRatio: '16/7', borderRadius: '6px', overflow: 'hidden', marginBottom: '12px', background: 'var(--bg)', border: '1px solid var(--border-color)' }}>
+              {/* eslint-disable-next-line @next/next/no-img-element */}
+              <img
+                src={bgPreview ?? bgUrl ?? '/hero.jpg'}
+                alt="Hero Hintergrund"
+                style={{ width: '100%', height: '100%', objectFit: 'cover' }}
+              />
+              {content.bg_image_path && (
+                <button
+                  type="button"
+                  onClick={deleteBg}
+                  style={{ position: 'absolute', top: '8px', right: '8px', padding: '4px 10px', borderRadius: '4px', background: 'rgba(0,0,0,0.6)', color: '#f87171', border: 'none', cursor: 'pointer', fontSize: '12px', fontWeight: 600 }}
+                >
+                  ✕ Zurücksetzen
+                </button>
+              )}
+            </div>
+            <input ref={fileRef} type="file" accept="image/*" style={{ display: 'none' }} onChange={e => { const f = e.target.files?.[0]; if (f) uploadBg(f) }} />
+            <button
+              type="button"
+              onClick={() => fileRef.current?.click()}
+              disabled={uploading}
+              style={{ width: '100%', padding: '8px', borderRadius: '6px', background: 'transparent', border: '1px dashed var(--border-color)', color: 'var(--text-muted)', cursor: 'pointer', fontSize: '13px' }}
+            >
+              {uploading ? 'Wird hochgeladen…' : '+ Bild hochladen oder ersetzen'}
+            </button>
+            {!content.bg_image_path && (
+              <p style={{ fontSize: '11px', color: 'var(--text-muted)', marginTop: '6px' }}>
+                Kein Bild gesetzt — Standard: /hero.jpg
+              </p>
+            )}
+          </div>
+
+          {/* Trust-Badges */}
+          <div style={section}>
+            <p style={{ fontSize: '13px', fontWeight: 700, color: 'var(--text-primary)', marginBottom: '16px' }}>Trust-Badges</p>
+            <div style={{ display: 'flex', flexDirection: 'column', gap: '8px', marginBottom: '12px' }}>
+              {badges.map(b => (
+                <div key={b.id} style={{ display: 'flex', gap: '8px', alignItems: 'center' }}>
+                  <span style={{ flex: 1, padding: '8px 12px', borderRadius: '6px', background: 'var(--bg)', border: '1px solid var(--border-color)', fontSize: '13px', color: 'var(--text-primary)' }}>
+                    ✓ {b.text}
+                  </span>
+                  <button type="button" onClick={() => deleteBadge(b.id)} style={{ padding: '6px 10px', borderRadius: '6px', background: 'transparent', border: '1px solid rgba(220,38,38,0.3)', color: '#f87171', cursor: 'pointer', fontSize: '12px' }}>✕</button>
+                </div>
+              ))}
+            </div>
+            <div style={{ display: 'flex', gap: '8px' }}>
+              <input
+                style={{ ...inp, flex: 1 }}
+                value={newBadge}
+                onChange={e => setNewBadge(e.target.value)}
+                placeholder="z. B. Privatkunden"
+                onKeyDown={e => e.key === 'Enter' && (e.preventDefault(), addBadge())}
+              />
+              <button type="button" onClick={addBadge} style={{ padding: '8px 14px', borderRadius: '6px', background: 'var(--accent)', color: '#fff', fontWeight: 700, border: 'none', cursor: 'pointer', fontSize: '13px' }}>+</button>
+            </div>
+          </div>
+        </div>
+      </form>
+    </div>
+  )
+}
--- a/modules/06-website-cms/files/components/admin/KontaktVerwaltung.tsx
+++ b/modules/06-website-cms/files/components/admin/KontaktVerwaltung.tsx
@ -0,0 +1,109 @@
+'use client'
+import { useState, useEffect } from 'react'
+
+interface KontaktInfo { telefon: string; email: string; adresse_zeile1: string; adresse_zeile2: string; formular_empfaenger: string }
+interface Oeffnungszeit { id: string; tag: string; von: string; bis: string; reihenfolge: number }
+interface SocialLink { id: string; platform: string; url: string; reihenfolge: number }
+
+const inp: React.CSSProperties = { width: '100%', padding: '8px 12px', borderRadius: '6px', border: '1px solid var(--border-color)', background: 'var(--bg)', color: 'var(--text-primary)', fontSize: '14px', boxSizing: 'border-box' }
+const lbl: React.CSSProperties = { fontSize: '11px', fontWeight: 600, textTransform: 'uppercase', letterSpacing: '1px', color: 'var(--text-muted)', display: 'block', marginBottom: '6px' }
+
+export function KontaktVerwaltung() {
+  const [info, setInfo] = useState<KontaktInfo>({ telefon: '', email: '', adresse_zeile1: '', adresse_zeile2: '', formular_empfaenger: '' })
+  const [zeiten, setZeiten] = useState<Oeffnungszeit[]>([])
+  const [social, setSocial] = useState<SocialLink[]>([])
+  const [newZeit, setNewZeit] = useState({ tag: '', von: '', bis: '' })
+  const [newSocial, setNewSocial] = useState({ platform: '', url: '' })
+  const [saving, setSaving] = useState(false)
+  const [saved, setSaved] = useState(false)
+  const [loading, setLoading] = useState(true)
+
+  useEffect(() => {
+    fetch('/api/admin/kontakt').then(r => r.json()).then(({ info: i, oeffnungszeiten: z, social: s }) => {
+      if (i) setInfo(i)
+      setZeiten(z ?? []); setSocial(s ?? []); setLoading(false)
+    })
+  }, [])
+
+  async function handleSave(e: React.FormEvent) {
+    e.preventDefault(); setSaving(true)
+    await fetch('/api/admin/kontakt', { method: 'PATCH', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(info) })
+    setSaving(false); setSaved(true); setTimeout(() => setSaved(false), 2000)
+  }
+
+  async function addZeit() {
+    if (!newZeit.tag || !newZeit.von || !newZeit.bis) return
+    const res = await fetch('/api/admin/kontakt/oeffnungszeiten', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ ...newZeit, reihenfolge: zeiten.length }) })
+    const { eintrag } = await res.json()
+    setZeiten(prev => [...prev, eintrag]); setNewZeit({ tag: '', von: '', bis: '' })
+  }
+
+  async function deleteZeit(id: string) {
+    await fetch(`/api/admin/kontakt/oeffnungszeiten/${id}`, { method: 'DELETE' })
+    setZeiten(prev => prev.filter(z => z.id !== id))
+  }
+
+  async function addSocial() {
+    if (!newSocial.platform || !newSocial.url) return
+    const res = await fetch('/api/admin/kontakt/social', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ ...newSocial, reihenfolge: social.length }) })
+    const { eintrag } = await res.json()
+    setSocial(prev => [...prev, eintrag]); setNewSocial({ platform: '', url: '' })
+  }
+
+  async function deleteSocial(id: string) {
+    await fetch(`/api/admin/kontakt/social/${id}`, { method: 'DELETE' })
+    setSocial(prev => prev.filter(s => s.id !== id))
+  }
+
+  if (loading) return <p style={{ color: 'var(--text-muted)' }}>Lade…</p>
+
+  return (
+    <div style={{ display: 'grid', gridTemplateColumns: '1fr 1fr', gap: '32px' }}>
+      <div style={{ display: 'flex', flexDirection: 'column', gap: '24px' }}>
+        <form onSubmit={handleSave} style={{ display: 'flex', flexDirection: 'column', gap: '12px' }}>
+          <label style={lbl}>Kontaktinfos</label>
+          {([['telefon', 'Telefon'], ['email', 'E-Mail (Anzeige)'], ['adresse_zeile1', 'Adresse Zeile 1'], ['adresse_zeile2', 'Adresse Zeile 2'], ['formular_empfaenger', 'Formular-Empfänger (E-Mail)']] as [keyof KontaktInfo, string][]).map(([key, placeholder]) => (
+            <input key={key} style={inp} value={info[key]} onChange={e => setInfo(p => ({ ...p, [key]: e.target.value }))} placeholder={placeholder} />
+          ))}
+          <button type="submit" disabled={saving} style={{ padding: '10px', borderRadius: '6px', background: 'var(--accent)', color: '#fff', fontWeight: 700, border: 'none', cursor: 'pointer', fontSize: '14px' }}>
+            {saving ? 'Speichert…' : saved ? '✓ Gespeichert' : 'Speichern'}
+          </button>
+        </form>
+
+        <div>
+          <label style={lbl}>Social Media</label>
+          {social.map(s => (
+            <div key={s.id} style={{ display: 'grid', gridTemplateColumns: '80px 1fr auto', gap: '8px', marginBottom: '6px', alignItems: 'center' }}>
+              <span style={{ fontSize: '13px', color: 'var(--text-muted)' }}>{s.platform}</span>
+              <input style={inp} defaultValue={s.url} onBlur={async e => { await fetch(`/api/admin/kontakt/social/${s.id}`, { method: 'PATCH', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ url: e.target.value }) }) }} />
+              <button onClick={() => deleteSocial(s.id)} style={{ padding: '6px 10px', borderRadius: '6px', background: 'transparent', border: '1px solid rgba(220,38,38,0.3)', color: '#f87171', cursor: 'pointer', fontSize: '12px' }}>✕</button>
+            </div>
+          ))}
+          <div style={{ display: 'grid', gridTemplateColumns: '1fr 2fr auto', gap: '8px', marginTop: '8px' }}>
+            <input style={inp} value={newSocial.platform} onChange={e => setNewSocial(p => ({ ...p, platform: e.target.value }))} placeholder="Instagram" />
+            <input style={inp} value={newSocial.url} onChange={e => setNewSocial(p => ({ ...p, url: e.target.value }))} placeholder="https://…" />
+            <button type="button" onClick={addSocial} style={{ padding: '8px 14px', borderRadius: '6px', background: 'var(--accent)', color: '#fff', fontWeight: 700, border: 'none', cursor: 'pointer', fontSize: '13px' }}>+</button>
+          </div>
+        </div>
+      </div>
+
+      <div>
+        <label style={lbl}>Öffnungszeiten</label>
+        {zeiten.map(z => (
+          <div key={z.id} style={{ display: 'grid', gridTemplateColumns: '1fr 70px 70px auto', gap: '8px', marginBottom: '6px', alignItems: 'center' }}>
+            <input style={inp} defaultValue={z.tag} onBlur={async e => { await fetch(`/api/admin/kontakt/oeffnungszeiten/${z.id}`, { method: 'PATCH', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ tag: e.target.value }) }) }} />
+            <input style={inp} defaultValue={z.von} onBlur={async e => { await fetch(`/api/admin/kontakt/oeffnungszeiten/${z.id}`, { method: 'PATCH', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ von: e.target.value }) }) }} placeholder="8:00" />
+            <input style={inp} defaultValue={z.bis} onBlur={async e => { await fetch(`/api/admin/kontakt/oeffnungszeiten/${z.id}`, { method: 'PATCH', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ bis: e.target.value }) }) }} placeholder="18:00" />
+            <button onClick={() => deleteZeit(z.id)} style={{ padding: '6px 10px', borderRadius: '6px', background: 'transparent', border: '1px solid rgba(220,38,38,0.3)', color: '#f87171', cursor: 'pointer', fontSize: '12px' }}>✕</button>
+          </div>
+        ))}
+        <div style={{ display: 'grid', gridTemplateColumns: '1fr 70px 70px auto', gap: '8px', marginTop: '8px' }}>
+          <input style={inp} value={newZeit.tag} onChange={e => setNewZeit(p => ({ ...p, tag: e.target.value }))} placeholder="Montag – Freitag" />
+          <input style={inp} value={newZeit.von} onChange={e => setNewZeit(p => ({ ...p, von: e.target.value }))} placeholder="8:00" />
+          <input style={inp} value={newZeit.bis} onChange={e => setNewZeit(p => ({ ...p, bis: e.target.value }))} placeholder="18:00" />
+          <button type="button" onClick={addZeit} style={{ padding: '8px 14px', borderRadius: '6px', background: 'var(--accent)', color: '#fff', fontWeight: 700, border: 'none', cursor: 'pointer', fontSize: '13px' }}>+</button>
+        </div>
+      </div>
+    </div>
+  )
+}
--- a/modules/06-website-cms/files/components/admin/PasswortAendern.tsx
+++ b/modules/06-website-cms/files/components/admin/PasswortAendern.tsx
@ -0,0 +1,73 @@
+'use client'
+import { useState } from 'react'
+
+const inp: React.CSSProperties = {
+  width: '100%', padding: '8px 12px', borderRadius: '6px',
+  border: '1px solid var(--border-color)', background: 'var(--bg)',
+  color: 'var(--text-primary)', fontSize: '14px', boxSizing: 'border-box',
+}
+const lbl: React.CSSProperties = {
+  fontSize: '11px', fontWeight: 600, textTransform: 'uppercase',
+  letterSpacing: '1px', color: 'var(--text-muted)', display: 'block', marginBottom: '6px',
+}
+
+export default function PasswortAendern() {
+  const [current, setCurrent] = useState('')
+  const [next, setNext] = useState('')
+  const [confirm, setConfirm] = useState('')
+  const [saving, setSaving] = useState(false)
+  const [error, setError] = useState<string | null>(null)
+  const [success, setSuccess] = useState(false)
+
+  async function handleSubmit(e: React.FormEvent) {
+    e.preventDefault()
+    setError(null)
+    if (next !== confirm) { setError('Die neuen Passwörter stimmen nicht überein.'); return }
+    if (next.length < 8) { setError('Das neue Passwort muss mindestens 8 Zeichen haben.'); return }
+    setSaving(true)
+    const res = await fetch('/api/admin/passwort', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ currentPassword: current, newPassword: next }),
+    })
+    const json = await res.json()
+    setSaving(false)
+    if (!res.ok) { setError(json.error ?? 'Fehler beim Speichern.'); return }
+    setSuccess(true)
+    setCurrent(''); setNext(''); setConfirm('')
+    setTimeout(() => setSuccess(false), 3000)
+  }
+
+  return (
+    <div style={{ maxWidth: '480px' }}>
+      <form onSubmit={handleSubmit} style={{ display: 'flex', flexDirection: 'column', gap: '16px' }}>
+        <div>
+          <label style={lbl}>Aktuelles Passwort</label>
+          <input type="password" style={inp} value={current} onChange={e => setCurrent(e.target.value)} autoComplete="current-password" required />
+        </div>
+        <div>
+          <label style={lbl}>Neues Passwort</label>
+          <input type="password" style={inp} value={next} onChange={e => setNext(e.target.value)} autoComplete="new-password" required />
+        </div>
+        <div>
+          <label style={lbl}>Neues Passwort bestätigen</label>
+          <input type="password" style={inp} value={confirm} onChange={e => setConfirm(e.target.value)} autoComplete="new-password" required />
+        </div>
+
+        {error && (
+          <p style={{ fontSize: '13px', color: '#f87171', padding: '10px 14px', borderRadius: '6px', background: 'rgba(248,113,113,0.1)', border: '1px solid rgba(248,113,113,0.3)' }}>
+            {error}
+          </p>
+        )}
+
+        <button
+          type="submit"
+          disabled={saving}
+          style={{ padding: '10px', borderRadius: '6px', background: 'var(--accent)', color: '#fff', fontWeight: 700, border: 'none', cursor: 'pointer', fontSize: '14px' }}
+        >
+          {saving ? 'Wird gespeichert…' : success ? '✓ Passwort geändert' : 'Passwort ändern'}
+        </button>
+      </form>
+    </div>
+  )
+}
--- a/modules/06-website-cms/files/components/admin/UeberUnsVerwaltung.tsx
+++ b/modules/06-website-cms/files/components/admin/UeberUnsVerwaltung.tsx
@ -0,0 +1,109 @@
+'use client'
+import { useState, useEffect } from 'react'
+
+interface Stat { id: string; wert: string; label: string; reihenfolge: number }
+
+const inp: React.CSSProperties = { width: '100%', padding: '8px 12px', borderRadius: '6px', border: '1px solid var(--border-color)', background: 'var(--bg)', color: 'var(--text-primary)', fontSize: '14px', boxSizing: 'border-box' }
+const lbl: React.CSSProperties = { fontSize: '11px', fontWeight: 600, textTransform: 'uppercase', letterSpacing: '1px', color: 'var(--text-muted)', display: 'block', marginBottom: '6px' }
+
+export function UeberUnsVerwaltung() {
+  const [eyebrowText, setEyebrowText] = useState('Klein, aber fein')
+  const [absatz1, setAbsatz1] = useState('')
+  const [absatz2, setAbsatz2] = useState('')
+  const [bildUrl, setBildUrl] = useState<string | null>(null)
+  const [stats, setStats] = useState<Stat[]>([])
+  const [newStat, setNewStat] = useState({ wert: '', label: '' })
+  const [saving, setSaving] = useState(false)
+  const [saved, setSaved] = useState(false)
+  const [uploading, setUploading] = useState(false)
+  const [loading, setLoading] = useState(true)
+
+  useEffect(() => {
+    fetch('/api/admin/ueber-uns').then(r => r.json()).then(({ content: c, stats: s }) => {
+      if (c) { setEyebrowText(c.eyebrow_text ?? 'Klein, aber fein'); setAbsatz1(c.absatz1 ?? ''); setAbsatz2(c.absatz2 ?? ''); setBildUrl(c.bild_url ?? null) }
+      setStats(s ?? [])
+      setLoading(false)
+    })
+  }, [])
+
+  async function handleSave(e: React.FormEvent) {
+    e.preventDefault(); setSaving(true)
+    await fetch('/api/admin/ueber-uns', { method: 'PATCH', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ eyebrow_text: eyebrowText, absatz1, absatz2, bild_url: bildUrl }) })
+    setSaving(false); setSaved(true); setTimeout(() => setSaved(false), 2000)
+  }
+
+  async function handleBildUpload(e: React.ChangeEvent<HTMLInputElement>) {
+    const file = e.target.files?.[0]
+    if (!file) return
+    setUploading(true)
+    const fd = new FormData(); fd.append('file', file)
+    const res = await fetch('/api/admin/ueber-uns/upload', { method: 'POST', body: fd })
+    const { url, error } = await res.json()
+    if (url) setBildUrl(url)
+    else alert(error ?? 'Upload fehlgeschlagen')
+    setUploading(false)
+  }
+
+  async function addStat() {
+    if (!newStat.wert.trim() || !newStat.label.trim()) return
+    const res = await fetch('/api/admin/ueber-uns/stats', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ ...newStat, reihenfolge: stats.length }) })
+    const { stat } = await res.json()
+    setStats(prev => [...prev, stat]); setNewStat({ wert: '', label: '' })
+  }
+
+  async function deleteStat(id: string) {
+    await fetch(`/api/admin/ueber-uns/stats/${id}`, { method: 'DELETE' })
+    setStats(prev => prev.filter(s => s.id !== id))
+  }
+
+  if (loading) return <p style={{ color: 'var(--text-muted)' }}>Lade…</p>
+
+  return (
+    <div style={{ display: 'grid', gridTemplateColumns: '1fr 1fr', gap: '32px' }}>
+      <form onSubmit={handleSave} style={{ display: 'flex', flexDirection: 'column', gap: '16px' }}>
+        <div>
+          <label style={lbl}>Eyebrow-Text</label>
+          <input style={inp} value={eyebrowText} onChange={e => setEyebrowText(e.target.value)} placeholder="z. B. Klein, aber fein" />
+        </div>
+        <div>
+          <label style={lbl}>Absatz 1</label>
+          <textarea rows={4} style={{ ...inp, resize: 'vertical' }} value={absatz1} onChange={e => setAbsatz1(e.target.value)} />
+        </div>
+        <div>
+          <label style={lbl}>Absatz 2</label>
+          <textarea rows={4} style={{ ...inp, resize: 'vertical' }} value={absatz2} onChange={e => setAbsatz2(e.target.value)} />
+        </div>
+        <div>
+          <label style={lbl}>Sektionsbild</label>
+          {bildUrl && (
+            /* eslint-disable-next-line @next/next/no-img-element */
+            <img src={bildUrl} alt="Vorschau" style={{ width: '100%', height: '120px', objectFit: 'cover', borderRadius: '6px', marginBottom: '8px', border: '1px solid var(--border-color)' }} />
+          )}
+          <input type="file" accept="image/*" onChange={handleBildUpload} disabled={uploading} style={{ fontSize: '13px', color: 'var(--text-muted)' }} />
+          {uploading && <p style={{ fontSize: '12px', color: 'var(--text-muted)', marginTop: '4px' }}>Hochladen…</p>}
+        </div>
+        <button type="submit" disabled={saving} style={{ padding: '10px', borderRadius: '6px', background: 'var(--accent)', color: '#fff', fontWeight: 700, border: 'none', cursor: 'pointer', fontSize: '14px' }}>
+          {saving ? 'Speichert…' : saved ? '✓ Gespeichert' : 'Speichern'}
+        </button>
+      </form>
+
+      <div>
+        <label style={lbl}>Statistiken</label>
+        <div style={{ display: 'flex', flexDirection: 'column', gap: '8px', marginBottom: '12px' }}>
+          {stats.map(s => (
+            <div key={s.id} style={{ display: 'grid', gridTemplateColumns: '1fr 1fr auto', gap: '8px', alignItems: 'center' }}>
+              <input style={inp} defaultValue={s.wert} onBlur={async e => { await fetch(`/api/admin/ueber-uns/stats/${s.id}`, { method: 'PATCH', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ wert: e.target.value }) }) }} />
+              <input style={inp} defaultValue={s.label} onBlur={async e => { await fetch(`/api/admin/ueber-uns/stats/${s.id}`, { method: 'PATCH', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ label: e.target.value }) }) }} />
+              <button onClick={() => deleteStat(s.id)} style={{ padding: '6px 10px', borderRadius: '6px', background: 'transparent', border: '1px solid rgba(220,38,38,0.3)', color: '#f87171', cursor: 'pointer', fontSize: '12px' }}>✕</button>
+            </div>
+          ))}
+        </div>
+        <div style={{ display: 'grid', gridTemplateColumns: '1fr 1fr auto', gap: '8px', alignItems: 'center' }}>
+          <input style={inp} value={newStat.wert} onChange={e => setNewStat(p => ({ ...p, wert: e.target.value }))} placeholder="Wert (z. B. 2022)" />
+          <input style={inp} value={newStat.label} onChange={e => setNewStat(p => ({ ...p, label: e.target.value }))} placeholder="Label (z. B. Gegründet)" />
+          <button type="button" onClick={addStat} style={{ padding: '8px 14px', borderRadius: '6px', background: 'var(--accent)', color: '#fff', fontWeight: 700, border: 'none', cursor: 'pointer', fontSize: '13px' }}>+</button>
+        </div>
+      </div>
+    </div>
+  )
+}
--- a/modules/06-website-cms/migrations/MIGRATIONS_WEBSITE_CMS.sql
+++ b/modules/06-website-cms/migrations/MIGRATIONS_WEBSITE_CMS.sql
@ -0,0 +1,119 @@
+-- ================================================================
+-- WEBSITE CMS – Vollständige Migration (konsolidiert)
+-- Alle Tabellen, Spalten und RLS-Policies in einer Datei.
+-- Im Supabase SQL-Editor einmalig ausführen.
+-- ================================================================
+
+-- ── Hero Section ─────────────────────────────────────────────────
+
+CREATE TABLE IF NOT EXISTS hero_content (
+  id               uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  -- Site / Navbar
+  site_name        text NOT NULL DEFAULT 'Musterfirma',
+  site_tagline     text NOT NULL DEFAULT '',
+  logo_path        text DEFAULT NULL,           -- Storage: site-assets
+  favicon_path     text DEFAULT NULL,           -- Storage: site-assets
+  -- Hero-Texte
+  eyebrow_text     text NOT NULL DEFAULT 'Ihr Slogan hier',
+  headline1        text NOT NULL DEFAULT 'Wir lieben Qualität.',
+  headline2        text NOT NULL DEFAULT 'Ihre Kunden auch.',
+  subtext1         text NOT NULL DEFAULT '',
+  subtext2         text NOT NULL DEFAULT '',
+  -- Buttons
+  cta1_text        text NOT NULL DEFAULT 'Jetzt anfragen',
+  cta1_href        text NOT NULL DEFAULT '#kontakt',
+  cta2_text        text NOT NULL DEFAULT 'Unsere Leistungen',
+  cta2_href        text NOT NULL DEFAULT '#leistungen',
+  -- Hintergrundbild
+  bg_image_path    text DEFAULT NULL,           -- Storage: hero-bilder
+  updated_at       timestamptz NOT NULL DEFAULT now()
+);
+
+CREATE TABLE IF NOT EXISTS hero_badges (
+  id         uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  text       text NOT NULL,
+  reihenfolge int NOT NULL DEFAULT 0
+);
+
+-- ── Über uns / About ─────────────────────────────────────────────
+
+CREATE TABLE IF NOT EXISTS ueber_uns_content (
+  id           uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  eyebrow_text text NOT NULL DEFAULT 'Klein, aber fein',
+  absatz1      text NOT NULL DEFAULT '',
+  absatz2      text NOT NULL DEFAULT '',
+  bild_url     text DEFAULT NULL,
+  updated_at   timestamptz NOT NULL DEFAULT now()
+);
+
+CREATE TABLE IF NOT EXISTS ueber_uns_stats (
+  id          uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  wert        text NOT NULL,
+  label       text NOT NULL,
+  reihenfolge int NOT NULL DEFAULT 0
+);
+
+-- ── Galerie ──────────────────────────────────────────────────────
+
+CREATE TABLE IF NOT EXISTS galerie_bilder (
+  id           uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  storage_path text NOT NULL,                   -- Storage: galerie-bilder
+  alt_text     text NOT NULL DEFAULT '',
+  reihenfolge  int NOT NULL DEFAULT 0
+);
+
+-- ── Kontakt ──────────────────────────────────────────────────────
+
+CREATE TABLE IF NOT EXISTS kontakt_info (
+  id                  uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  telefon             text NOT NULL DEFAULT '',
+  email               text NOT NULL DEFAULT '',
+  adresse_zeile1      text NOT NULL DEFAULT '',
+  adresse_zeile2      text NOT NULL DEFAULT '',
+  formular_empfaenger text NOT NULL DEFAULT '',
+  updated_at          timestamptz NOT NULL DEFAULT now()
+);
+
+CREATE TABLE IF NOT EXISTS kontakt_oeffnungszeiten (
+  id          uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  tag         text NOT NULL,
+  von         text NOT NULL,
+  bis         text NOT NULL,
+  reihenfolge int NOT NULL DEFAULT 0
+);
+
+CREATE TABLE IF NOT EXISTS kontakt_social (
+  id          uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  platform    text NOT NULL,
+  url         text NOT NULL,
+  reihenfolge int NOT NULL DEFAULT 0
+);
+
+-- ── RLS: Öffentliche Leseberechtigung (Anon-Key) ─────────────────
+
+ALTER TABLE hero_content          ENABLE ROW LEVEL SECURITY;
+ALTER TABLE hero_badges           ENABLE ROW LEVEL SECURITY;
+ALTER TABLE ueber_uns_content     ENABLE ROW LEVEL SECURITY;
+ALTER TABLE ueber_uns_stats       ENABLE ROW LEVEL SECURITY;
+ALTER TABLE galerie_bilder        ENABLE ROW LEVEL SECURITY;
+ALTER TABLE kontakt_info          ENABLE ROW LEVEL SECURITY;
+ALTER TABLE kontakt_oeffnungszeiten ENABLE ROW LEVEL SECURITY;
+ALTER TABLE kontakt_social        ENABLE ROW LEVEL SECURITY;
+
+DROP POLICY IF EXISTS "public read" ON hero_content;
+DROP POLICY IF EXISTS "public read" ON hero_badges;
+DROP POLICY IF EXISTS "public read" ON ueber_uns_content;
+DROP POLICY IF EXISTS "public read" ON ueber_uns_stats;
+DROP POLICY IF EXISTS "public read" ON galerie_bilder;
+DROP POLICY IF EXISTS "public read" ON kontakt_info;
+DROP POLICY IF EXISTS "public read" ON kontakt_oeffnungszeiten;
+DROP POLICY IF EXISTS "public read" ON kontakt_social;
+
+CREATE POLICY "public read" ON hero_content          FOR SELECT TO public USING (true);
+CREATE POLICY "public read" ON hero_badges           FOR SELECT TO public USING (true);
+CREATE POLICY "public read" ON ueber_uns_content     FOR SELECT TO public USING (true);
+CREATE POLICY "public read" ON ueber_uns_stats       FOR SELECT TO public USING (true);
+CREATE POLICY "public read" ON galerie_bilder        FOR SELECT TO public USING (true);
+CREATE POLICY "public read" ON kontakt_info          FOR SELECT TO public USING (true);
+CREATE POLICY "public read" ON kontakt_oeffnungszeiten FOR SELECT TO public USING (true);
+CREATE POLICY "public read" ON kontakt_social        FOR SELECT TO public USING (true);
--- a/tsconfig.tsbuildinfo
+++ b/tsconfig.tsbuildinfo