migrating to TypeScript

app.js → app.ts

-const express = require('express');
-const http = require('http');
-const path = require('path');
-const passport = require('passport');
-const morgan = require('morgan');
-const cookieParser = require('cookie-parser');
-const bodyParser = require('body-parser');
-const session = require('express-session');
-const errorhandler = require('errorhandler');
-const flash = require('express-flash-2');
-const fileUpload = require('express-fileupload');
-const helmet = require('helmet');
-const compression = require('compression');
-const methodOverride = require('method-override');
+import express from 'express';
+import path from 'path';
+import passport from 'passport';
+import morgan from 'morgan';
+import cookieParser from 'cookie-parser';
+import bodyParser from 'body-parser';
+import session from 'express-session';
+import flash from 'express-flash-2';
+import fileUpload from 'express-fileupload';
+import helmet from 'helmet';
+import compression from 'compression';
+import methodOverride from 'method-override';
+import dotenv from 'dotenv'
+
+dotenv.config();
 
 var env = process.env.NODE_ENV || 'testing';
 const config = require('./config/config')[env];
 const lang = 'DE';
 
 var app = express();
-
 app.set('port', config.app.port);
-app.set('views', __dirname + '/views');
+app.set('views', path.join( __dirname + '/views'));
 app.set('view engine', 'pug');
 
 // enable files upload
@@ -30,12 +30,25 @@ app.use(fileUpload({
     fileSize: 1000000 // 1 MB max. file size
   }
 }));
-
 app.use(methodOverride('_method'));
-app.use(helmet());
+app.use(
+  helmet.contentSecurityPolicy({
+    useDefaults: true,
+    directives: {
+      "font-src": ["'self'", "https://use.fontawesome.com"],
+      "img-src": ["'self'", "https://transfer.hft-stuttgart.de"],
+      "script-src": ["'self'", "https://code.jquery.com/jquery-3.3.1.min.js", "https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js", 
+        "https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js", "https://unpkg.com/bootstrap-show-password@1.2.1/dist/bootstrap-show-password.min.js"],
+      "style-src": ["'self'", "https://use.fontawesome.com/releases/v5.8.2/css/all.css"],
+      "frame-src": ["'self'"]
+    },
+    reportOnly: true,
+  })
+);
+
 app.use(compression());
 app.use(morgan('combined'));
-app.use(cookieParser());
+app.use(cookieParser(config.app.sessionSecret));
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({extended: false}));
 app.use(express.static(path.join(__dirname, 'public')));
@@ -43,13 +56,11 @@ app.use((req, res, next) => {
   next();
 });
 
-app.use(session(
-  {
-    resave: true,
-    saveUninitialized: true,
-    secret: config.app.sessionSecret
-  }
-));
+app.use(session({
+  resave: true,
+  saveUninitialized: true,
+  secret: config.app.sessionSecret
+}));
 app.use(flash());
 app.use(passport.initialize());
 app.use(passport.session());
@@ -61,16 +72,16 @@ app.use(function(req, res, next) {
   next();
 });
 
-require('./routes/account')(app, config, passport, lang);
 require('./routes/public')(app, config, lang);
+require('./routes/account')(app, config, passport, lang);
 
 // Handle 404
-app.use(function (req, res) {
+app.use(function (req:any, res:any) {
   res.status(404).render(lang+'/404')
 })
 
 // Handle 500 - any server error
-app.use(function (err, req, res, next) {
+app.use(function (err:any, req:any, res:any, next:any) {
   console.error(err.stack)
   res.status(500).render(lang+'/500', {
     error: err

classes/project.js → classes/project.ts

 class Project {
-    constructor(ownerGitlabId, id, name, desc, logo, path) {
+    ownerGitlabId:number
+    name:string
+    desc:string
+    id?:number
+    logo?:string
+    path?:string
+    
+    constructor(ownerGitlabId:number, name:string, desc:string, id?:number, logo?:string, path?:string) {
         this.ownerGitlabId = ownerGitlabId
-        this.id = id
         this.name = name
         this.desc = desc
+        this.id = id
         this.logo = logo
         this.path = path
     }
@@ -28,24 +35,24 @@ class Project {
         return this.path
     }
     // setter
-    setOwnerGitlabId(newOwnerGitlabId){
+    setOwnerGitlabId(newOwnerGitlabId:number){
         this.ownerGitlabId = newOwnerGitlabId
     }
-    setId(newId) {
+    setId(newId:number) {
         this.id = newId
     }
-    setName(newName) {
+    setName(newName:string) {
         this.name = newName
     }
-    setDesc(newDesc) {
+    setDesc(newDesc:string) {
         this.desc = newDesc
     }
-    setLogo(newLogoUrl) {
+    setLogo(newLogoUrl:string) {
         this.logo = newLogoUrl
     }
-    setPath(newPath) {
+    setPath(newPath:string) {
         this.path = newPath
     }
 }
 
-module.exports = Project
\ No newline at end of file
+export = Project
\ No newline at end of file

classes/repo.js

-const Project = require("./project");
-
-class Repo extends Project {
-    constructor(ownerGitlabId, id, name, desc, logo, path) {
-        super(ownerGitlabId, id, name, desc, logo, path)
-    }
-}
-
-module.exports = Repo
\ No newline at end of file

classes/repo.ts

+import Project from "./project"
+
+class Repo extends Project {
+    constructor(ownerGitlabId:number, name:string, desc:string, id?:number, logo?:string, path?:string) {
+        super(ownerGitlabId, name, desc, id, logo, path)
+    }
+}
+
+export = Repo
\ No newline at end of file

classes/user.js → classes/user.ts

 class User {
-    constructor(id, email, salutation, title, firstName, lastName, industry, organisation, speciality, is_m4lab_idp, gitlabUserId, verificationStatus) {
-        this.id = id
-        this.email = email
-        this.salutation = salutation
-        this.title = title
-        this.firstName = firstName
-        this.lastName = lastName
-        this.industry = industry
-        this.organisation = organisation
-        this.speciality = speciality
-        this.is_m4lab_idp = is_m4lab_idp // 1 or 0
-        this.gitlabUserId = gitlabUserId
-        this.verificationStatus = verificationStatus
+    id:number
+    email:string
+    salutation:string // should be enum
+    title:string // should be enum
+    firstName:string
+    lastName:string
+    industry:string
+    organisation:string
+    speciality:string
+    is_m4lab_idp:number // 1 or 0
+    verificationStatus:number // 1 or 0 - // should be boolean
+    gitlabUserId?:number
+
+    constructor(id:number, email:string, salutation:string, title:string, firstName:string, lastName:string, industry:string, organisation:string,
+        speciality:string, is_m4lab_idp:number, verificationStatus:number, gitlabUserId?:number) {
+            this.id = id
+            this.email = email
+            this.salutation = salutation
+            this.title = title
+            this.firstName = firstName
+            this.lastName = lastName
+            this.industry = industry
+            this.organisation = organisation
+            this.speciality = speciality
+            this.is_m4lab_idp = is_m4lab_idp
+            this.verificationStatus = verificationStatus
+            this.gitlabUserId = gitlabUserId
     }
 
     // getter
@@ -27,48 +41,48 @@ class User {
     getIdpStatus() {
         return this.is_m4lab_idp
     }
-    getGitlabUserId() {
-        return this.gitlabUserId
-    }
     getVerificationStatus() {
         return this.verificationStatus
     }
+    getGitlabUserId() {
+        return this.gitlabUserId
+    }
     // setter
-    setEmail(email) {
+    setEmail(email:string) {
         this.email = email
     }
-    setSalutation(salutation) {
+    setSalutation(salutation:string) {
         this.salutation = salutation
     }
-    setTitle(title) {
+    setTitle(title:string) {
         this.title = title
     }
-    setFirstName(firstName) {
+    setFirstName(firstName:string) {
         this.firstName = firstName
     }
-    setLastName(lastName) {
+    setLastName(lastName:string) {
         this.lastName = lastName
     }
-    setIndustry(industry) {
+    setIndustry(industry:string) {
         this.industry = industry
     }
-    setOrganisation(organisation) {
+    setOrganisation(organisation:string) {
         this.organisation = organisation
     }
-    setSpeciality(speciality) {
+    setSpeciality(speciality:string) {
         this.speciality = speciality
     }
-    setM4lab_idp(m4lab_idp) {
-        this.m4lab_idp = m4lab_idp
-    }
-    setGitlabUserId(newGitlabUserId) {
-        this.gitlabUserId = newGitlabUserId
+    setM4lab_idp(m4lab_idp:number) {
+        this.is_m4lab_idp = m4lab_idp
     }
-    setVerificationStatus(verificationStatus) {
+    setVerificationStatus(verificationStatus:number) {
         this.verificationStatus = verificationStatus
     }
+    setGitlabUserId(newGitlabUserId:number) {
+        this.gitlabUserId = newGitlabUserId
+    }
 
-    updateProfile(newSalutation, newTitle, newFirstname, newLastname, newEmail, newOrganisation, newIndustry, newSpeciality) {
+    updateProfile(newSalutation:string, newTitle:string, newFirstname:string, newLastname:string, newEmail:string, newOrganisation:string, newIndustry:string, newSpeciality:string) {
         this.salutation = newSalutation
         this.title = newTitle
         this.firstName = newFirstname
@@ -80,4 +94,4 @@ class User {
     }
 }
 
-module.exports = User
\ No newline at end of file
+export = User
\ No newline at end of file

classes/website.js

-const Project = require("./project");
-
-class Website extends Project {
-    constructor(ownerGitlabId, id, name, desc, logo, path) {
-        super(ownerGitlabId, id, name, desc, logo, path)
-    }
-}
-
-module.exports = Website
\ No newline at end of file

classes/website.ts

+import Project from "./project"
+
+class Website extends Project {
+    constructor(ownerGitlabId:number, name:string, desc:string, id?:number, logo?:string, path?:string) {
+        super(ownerGitlabId, name, desc, id, logo, path)
+    }
+}
+
+export = Website
\ No newline at end of file

config/config.js → config/config.ts

-module.exports = {
+export = {
   development: {
     app: {
       name: 'User Account Management',
@@ -28,7 +28,7 @@ module.exports = {
       host: 'mailhost',  // hostname
       secureConnection: false,        // TLS requires secureConnection to be false
       port: 587,                      // port for secure SMTP
-      TLS: true,                      // sets requireTLS
+      TLS: true,
       authUser: 'mailuser',
       authPass: 'mailpass',
       tlsCiphers: 'SSLv3',
@@ -67,7 +67,7 @@ module.exports = {
       host: 'mailhost',  // hostname
       secureConnection: false,        // TLS requires secureConnection to be false
       port: 587,                      // port for secure SMTP
-      TLS: true,                      // sets requireTLS
+      TLS: true,
       authUser: 'mailuser',
       authPass: 'mailpass',
       tlsCiphers: 'SSLv3',
@@ -77,4 +77,4 @@ module.exports = {
       token_readWriteProjects: 'token-goes-here'
     }
   }
-}
+}
\ No newline at end of file

config/const.js → config/const.ts

-module.exports = {
+export = {
 
     mailSignature: 'Mit den besten Grüßen,<br/>das Transferportal-Team der HFT Stuttgart<br/><br/>' +
         'Transferportal der Hochschule für Technik Stuttgart<br/>' +

config/dbconn.js → config/dbconn.ts

-const mysql = require('mysql')
+import mysql from 'mysql'
 
-var env = process.env.NODE_ENV || 'testing';
+var env = process.env.NODE_ENV || 'testing'
 const config = require('./config')[env]
 
 // ==== USER ACOOUNT DB CONNECTION ====
@@ -14,7 +14,7 @@ var userConnection = mysql.createConnection({
 })
 
 userConnection.connect(function(err) {
-    if (err) throw err;
+    if (err) throw err
 })
 userConnection.query('USE '+config.database.dbUser)
 
@@ -52,7 +52,7 @@ var projectConnection = mysql.createConnection({
 })
 
 projectConnection.connect(function(err) {
-    if (err) throw err;
+    if (err) throw err
 })
 projectConnection.query('USE '+config.database.dbProject)
 
@@ -61,4 +61,4 @@ var connection = {
     project: projectConnection
 }
 
-module.exports = connection
\ No newline at end of file
+export = connection
\ No newline at end of file

config/dbconn2.js → config/dbconn2.ts

-const mysql = require('mysql2')
+import mysql from 'mysql2'
 
-var env = process.env.NODE_ENV || 'testing';
+var env = process.env.NODE_ENV || 'testing'
 const config = require('./config')[env]
 
 // ==== USER ACOOUNT DB CONNECTION ====
@@ -14,7 +14,7 @@ var userConnection = mysql.createConnection({
 })
 
 userConnection.connect(function(err) {
-    if (err) throw err;
+    if (err) throw err
 })
 userConnection.query('USE '+config.database.dbUser)
 
@@ -52,7 +52,7 @@ var projectConnection = mysql.createConnection({
 })
 
 projectConnection.connect(function(err) {
-    if (err) throw err;
+    if (err) throw err
 })
 projectConnection.query('USE '+config.database.dbProject)
 
@@ -61,4 +61,4 @@ var connection = {
     project: projectConnection
 }
 
-module.exports = connection
\ No newline at end of file
+export = connection
\ No newline at end of file

config/mailer.js

-const nodemailer = require('nodemailer');
-const nodemailerNTLMAuth = require('nodemailer-ntlm-auth');
-
-
-var env = process.env.NODE_ENV || 'testing';
-const config = require('./config')[env]
-
-var smtpTransport = nodemailer.createTransport({
-    host: config.mailer.host,
-    secure: config.mailer.secureConnection,
-    port: config.mailer.port,
-    requireTLS: config.mailer.TLS,
-    auth: {
-      type: 'custom',
-      method: 'NTLM',
-      user: config.mailer.authUser,
-      pass: config.mailer.authPass,
-     options: {
-        domain: 'ad'
-      }
-    },
-    customAuth:{
-        NTLM: nodemailerNTLMAuth
-    }
-});
-  
-var mailOptions = {
-    to: "",
-    from: config.mailer.from,
-    subject: "",
-    text: ""
-};
-
-var mailer = {
-    transport: smtpTransport,
-    options: mailOptions
-}
-
-module.exports = mailer

config/mailer.ts

+const nodemailer = require('nodemailer')
+const nodemailerNTLMAuth = require('nodemailer-ntlm-auth')
+
+var env = process.env.NODE_ENV || 'testing'
+const config = require('./config')[env]
+
+var smtpTransporter = nodemailer.createTransport({
+  host: config.mailer.host,
+  secure: config.mailer.secureConnection,
+  port: config.mailer.port,
+  requireTLS: config.mailer.TLS,
+  auth: {
+    type: 'custom',
+    method: 'NTLM',
+    user: config.mailer.authUser,
+    pass: config.mailer.authPass,
+    options: {
+      domain: 'ad'
+    }
+  },
+  customAuth:{
+    NTLM: nodemailerNTLMAuth
+  }
+});
+
+var mailOptions:any = {
+    to: "",
+    cc: "",
+    from: config.mailer.from,
+    subject: "",
+    text: "",
+    html: ""
+}
+
+var mailer:any = {
+    transporter: smtpTransporter,
+    options: mailOptions
+}
+
+export = mailer
\ No newline at end of file

functions/gitlab.js → functions/gitlab.ts

+import axios from 'axios'
+import fs from 'fs'
+import formData from 'form-data'
+
 var env = process.env.NODE_ENV || 'testing'
 const config = require('../config/config')[env]
-const axios = require('axios')
-const fs = require('fs')
-var formData = require('form-data')
 
 var gitlab = {
-    // todo: GraphQL currentUser
-
-    getUserByEmail: async function(email) {
+    getUserByEmail: async function(email:string) {
         return axios({
             method: 'get',
             url: 'https://transfer.hft-stuttgart.de/gitlab/api/v4/users?search='+email,
@@ -15,9 +14,12 @@ var gitlab = {
                 'Authorization': 'Bearer '+config.gitlab.token_readWriteProjects}
         })
         .then(res => res.data[0])
-        .catch(err => console.error(err))
+        .catch(function(err){
+            console.error(err)
+            return null
+        })
     },
-    createNewPages: async function(newPagesData, newLogoFile, template) {
+    createNewPages: async function(newPagesData:any, newLogoFile:string, template:any) {
         let data = new formData()
         data.append('avatar', fs.createReadStream(newLogoFile))
 
@@ -32,16 +34,15 @@ var gitlab = {
             },
             data: data
         })
-        .then(res => res = {
-            error: false,
-            data: res.data
-        })
-        .catch(err => res = {
-            error: true,
-            data: err.response.data
+        .then(res => res.data)
+        .catch(function(err) {
+            console.error("ERR Status: "+err.response.status)
+            console.error("ERR Name: "+err.response.data.message.name)
+            console.error("ERR Path: "+err.response.data.message.path)
+            return err.response
         })
     },
-    updateProject: async function(updatedProjectData, newLogoFile){
+    updateProject: async function(updatedProjectData:any, newLogoFile:string){
         let data = new formData()
         if (newLogoFile) {
             data.append('avatar', fs.createReadStream(newLogoFile))
@@ -57,16 +58,16 @@ var gitlab = {
             },
             data : data
         })
-        .then(res => res = {
-            error: false,
-            data: res.data
-        })
-        .catch(err => res = {
-            error: true,
-            data: err.response.data
+        //.then(res => res.data[0])
+        .then(res => res.data)
+        .catch(function(err){
+            console.error("ERR Status: "+err.response.status)
+            console.error("ERR Name: "+err.response.data.message.name)
+            console.error("ERR Path: "+err.response.data.message.path)
+            return err.response
         })
     },
-    deleteProjectById: function(projectId){
+    deleteProjectById: function(projectId:number){
         // https://docs.gitlab.com/ee/api/projects.html#delete-project
         return axios({
             method: 'delete',
@@ -75,16 +76,15 @@ var gitlab = {
                 'Authorization': 'Bearer '+config.gitlab.token_readWriteProjects 
             }
         })
-        .then(res => res = {
-            error: false,
-            data: res.data
-        })
-        .catch(err => res = {
-            error: true,
-            data: err.response.data
+        .then(res => true)
+        .catch(function(err) {
+            console.error("ERR Status: "+err.response.status)
+            console.error("ERR Name: "+err.response.data.message.name)
+            console.error("ERR Path: "+err.response.data.message.path)
+            return false
         })
     },
-    getUserProjects: async function(gitlabUserId) {
+    getUserProjects: async function(gitlabUserId:number) {
         return axios({
             method: 'get',
             url: 'https://transfer.hft-stuttgart.de/gitlab/api/v4/users/'+gitlabUserId+'/projects?owned=true&visibility=public',
@@ -93,9 +93,12 @@ var gitlab = {
             }
         })
         .then(res => res.data)
-        .catch(err => console.error(err))
+        .catch(function(err) {
+            console.error(err)
+            return null
+        })
     },
-    getProjectById: async function(projectId) {
+    getProjectById: async function(projectId:number) {
         return axios({
             method: 'get',
             url: 'https://transfer.hft-stuttgart.de/gitlab/api/v4/projects/'+projectId,
@@ -104,45 +107,22 @@ var gitlab = {
             }
         })
         .then(res => res.data)
-        .catch(err => console.error(err.response.status))
+        .catch(function(err) {
+            console.error(err)
+            return null
+        })
     },
-    getProjectPipelineLatestStatus: async function(projectId) {
+    getProjectPipelineLatestStatus: async function(projectId:number) {
         return axios({
             method: 'get',
             url: 'https://transfer.hft-stuttgart.de/gitlab/api/v4/projects/'+projectId+'/pipelines'
         })
         .then(res => res.data[0].status)
-        .catch(err => console.error(err))
-    },
-    //
-    // test GraphQL
-    getGraphqlTest: function(callback) {
-        axios({
-            url: 'https://gitlab.com/api/graphql',
-            method: 'get',
-            headers: {
-                'Content-Type': 'application/json',
-                'Authorization': 'Bearer '+config.gitlab.token_readWriteProjects
-            },
-            data: {
-                query: `{
-                    currentUser {
-                        id
-                        username
-                    }
-                }`
-            /*  query: `{
-                projects {
-                    nodes {
-                        id
-                    }
-                }
-              }` */
-            }
-        }).then((result) => {
-            console.log(JSON.stringify(result.data))
-        });
+        .catch(function(err) {
+            console.error(err)
+            return null
+        })
     }
 }
 
-module.exports = gitlab
\ No newline at end of file
+export = gitlab
\ No newline at end of file

functions/helpers.js → functions/helpers.ts

 var helpers = {
-    stringToArray: function (input){
+    stringToArray: function (input:string){
         if(input != null){
             return input.split(',');
         }else{
@@ -8,4 +8,4 @@ var helpers = {
     }
 };
 
-module.exports = helpers;
\ No newline at end of file
+export = helpers;
\ No newline at end of file

functions/methods.js → functions/methods.ts

-const dbconn_OBSOLETE = require('../config/dbconn') // DO NOT USE THIS FOR NEW FUNCTIONS
-const dbconn = require('../config/dbconn2')
+import dbconn_OBSOLETE = require('../config/dbconn') // DO NOT USE THIS FOR NEW FUNCTIONS
+import dbconn = require('../config/dbconn2')
 
 var methods = {
     // ===================== user db =====================
-    registerNewUser: function(data, callback) {
-        dbconn_OBSOLETE.user.beginTransaction(function(err) { // START TRANSACTION
-            if (err) {
-                throw err
-            }
+    registerNewUser: function(data:any, callback:any) {
+        dbconn_OBSOLETE.user.beginTransaction(function(err:any) { // START TRANSACTION
+            if (err) { throw err }
             // insert profile
-            dbconn_OBSOLETE.user.query('INSERT INTO user SET ?', data.profile, function (err, results, fields) {
+            dbconn_OBSOLETE.user.query('INSERT INTO user SET ?', data.profile, function (err:any, results:any, fields:any) {
                 if (err) {
                   return dbconn_OBSOLETE.user.rollback(function() {
                     throw err
                   });
                 }
-                var newUserId = results.insertId
+                let newUserId:number = results.insertId
                 // set password
-                var credentialData = {
+                var credentialData:any = {
                     user_id: newUserId,
                     password: data.password
                 }
-                dbconn_OBSOLETE.user.query('INSERT INTO credential SET ?', credentialData, function (err, results, fields) {
+                dbconn_OBSOLETE.user.query('INSERT INTO credential SET ?', credentialData, function (err:any, results:any, fields:any) {
                     if (err) {
                         return dbconn_OBSOLETE.user.rollback(function() {
                             throw err
                         });
                     }
                     // set default user-project-role
-                    var projectRoleData = {
+                    var projectRoleData:any = {
                         project_id: 1,  //M4_LAB
                         role_id: 2,     // USER
                         user_id: newUserId
                     }
-                    dbconn_OBSOLETE.user.query('INSERT INTO user_project_role SET ?', projectRoleData, function (err, results, fields) {
+                    dbconn_OBSOLETE.user.query('INSERT INTO user_project_role SET ?', projectRoleData, function (err:any, results:any, fields:any) {
                         if (err) {
                             return dbconn_OBSOLETE.user.rollback(function() {
                                 throw err
                             });
                         }
                         // MLAB-129: INSERT verification token
-                        let verificationData = {
+                        let verificationData:any = {
                             user_id: newUserId,
                             token: data.verificationToken
                         }
-                        dbconn_OBSOLETE.user.query('INSERT INTO verification SET ?', verificationData, function (err, results, fields) {
+                        dbconn_OBSOLETE.user.query('INSERT INTO verification SET ?', verificationData, function (err:any, results:any, fields:any) {
                             if (err) {
                                 return dbconn_OBSOLETE.user.rollback(function() {
                                     throw err
                                 });
                             }
                             // COMMIT
-                            dbconn_OBSOLETE.user.commit(function(err) {
+                            dbconn_OBSOLETE.user.commit(function(err:any) {
                                 if (err) {
                                     return dbconn_OBSOLETE.user.rollback(function() {
                                         throw err
@@ -65,9 +63,9 @@ var methods = {
             callback(err)
         })
     },
-    getUserByEmail: async function(email) {
+    getUserByEmail: async function(email:any) {
         try {
-            let rows = await dbconn.user.promise().query('SELECT id, verificationStatus, salutation, title, firstname, lastname, industry, organisation, speciality, m4lab_idp FROM user WHERE email = "' +email+'"')
+            let rows:any = await dbconn.user.promise().query('SELECT id, verificationStatus, salutation, title, firstname, lastname, industry, organisation, speciality, m4lab_idp FROM user WHERE email = "' +email+'"')
             if (rows[0][0]) {
                 return rows[0][0]
             }
@@ -77,9 +75,9 @@ var methods = {
         }
         return null
     },
-    getUserEmailById: async function(userId) {
+    getUserEmailById: async function(userId:number) {
         try {
-            let rows = await dbconn.user.promise().query('SELECT email FROM user WHERE id = ' +userId)
+            let rows:any = await dbconn.user.promise().query('SELECT email FROM user WHERE id = ' +userId)
             if (rows[0][0]) {
                 return rows[0][0].email
             }
@@ -89,9 +87,9 @@ var methods = {
         }
         return null
     },
-    checkUserEmail: async function(email) {
+    checkUserEmail: async function(email:any) {
         try {
-            let rows = await dbconn.user.promise().query('SELECT id, email FROM user WHERE email = "' +email+'"')
+            let rows:any = await dbconn.user.promise().query('SELECT id, email FROM user WHERE email = "' +email+'"')
             if (rows[0][0]) {
                 return rows[0][0]
             }
@@ -101,9 +99,9 @@ var methods = {
         }
         return null
     },
-    getUserByToken: async function(token) {
+    getUserByToken: async function(token:any) {
         try {
-            let rows = await dbconn.user.promise().query('SELECT t1.user_id, t2.email FROM userdb.credential AS t1 INNER JOIN userdb.user AS t2 ON t1.user_id = t2.id AND t1.resetPasswordToken = "'
+            let rows:any = await dbconn.user.promise().query('SELECT t1.user_id, t2.email FROM userdb.credential AS t1 INNER JOIN userdb.user AS t2 ON t1.user_id = t2.id AND t1.resetPasswordToken = "'
                 +token+'" and resetPasswordExpires > '+Date.now())
             if (rows[0][0]) {
                 return rows[0][0]
@@ -114,47 +112,38 @@ var methods = {
         }
         return null
     },
-	updateUserById: function(userData, callback) {
-		dbconn_OBSOLETE.user.query('UPDATE user SET ? WHERE id = ' +userData.id, userData, function (err, rows, fields) {
-            if (err) throw err
-            callback(err)
-        })
-    },
-    updateCredential: function(data, callback) {
-        dbconn_OBSOLETE.user.query('UPDATE credential SET ? WHERE user_id = ' +data.user_id, data, function (err, rows, fields) {
-            if (err) throw err
-            callback(err)
-        })
+    updateUserById: async function(userId:number, userData:any) {
+        try {
+            let result:any = await dbconn.user.promise().query('UPDATE user SET ? WHERE id = ' +userId, userData)
+            return result
+        } catch (err) {
+            console.error(err)
+        }
+        return null
     },
-    getUserIdByEmail_OBSOLETE: function(email, callback) {
-        let userId
-        dbconn_OBSOLETE.user.query('SELECT id FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
-            if (err) {
-                throw err
-            }
-            else {
-                if ( rows.length > 0) {
-                    userId = rows[0].id
-                }
-            }
-            callback(userId, err)
-        });
+    updateCredential: async function(data:any) {
+        try {
+            let result:any = await dbconn.user.promise().query('UPDATE credential SET ? WHERE user_id = ' +data.user_id, data)
+            return result
+        } catch (err) {
+            console.error(err)
+        }
+        return null
     },
-    getUserProjectRole_OBSOLETE: function(userId, callback) {
-        dbconn_OBSOLETE.user.query('SELECT project_id, role_id FROM user_project_role WHERE user_id = "' +userId+'"', function (err, rows, fields) {
+    addUserProjectRole_OBSOLETE: function(data:any, callback:any) {
+        /*
+        dbconn_OBSOLETE.user.query('INSERT INTO user_project_role SET ?', data, function (err:any, results:any, fields:any){
             if (err) throw err
-            callback(rows, err)
-        });
-    },
-    addUserProjectRole: function(data, callback) {
-        dbconn_OBSOLETE.user.query('INSERT INTO user_project_role SET ?', data, function (err, results, fields){
+            callback(err)
+        }) */
+        dbconn.user.query('INSERT INTO user_project_role SET ?', data, function (err:any){
             if (err) throw err
             callback(err)
         })
     },
-    getVerificationTokenByUserId: async function(userId) {
+    getVerificationTokenByUserId: async function(userId:number) {
         try {
-            let rows = await dbconn.user.promise().query('SELECT token FROM verification WHERE user_id = "' +userId+'"')
+            let rows:any = await dbconn.user.promise().query('SELECT token FROM verification WHERE user_id = "' +userId+'"')
             if (rows[0][0]) {
                 return rows[0][0].token
             }
@@ -164,9 +153,9 @@ var methods = {
         }
         return null
     },
-    getUserIdByVerificationToken: async function(token) {
+    getUserIdByVerificationToken: async function(token:any) {
         try {
-            let rows = await dbconn.user.promise().query('SELECT user_id FROM verification WHERE token = "' +token+'"')
+            let rows:any = await dbconn.user.promise().query('SELECT user_id FROM verification WHERE token = "' +token+'"')
             if (rows[0][0]) {
                 return rows[0][0].user_id
             }
@@ -178,21 +167,21 @@ var methods = {
         }
         return null
     },
-    verifyUserAccount: function(userData, callback) {
-        dbconn_OBSOLETE.user.beginTransaction(function(err) { // START TRANSACTION
+    verifyUserAccount: function(userData:any, callback:any) {
+        dbconn_OBSOLETE.user.beginTransaction(function(err:any) { // START TRANSACTION
             if (err) { throw err }
             // update user status
-            dbconn_OBSOLETE.user.query('UPDATE user SET ? WHERE id =' +userData.id, userData, function (err, rows, fields) {
+            dbconn_OBSOLETE.user.query('UPDATE user SET ? WHERE id =' +userData.id, userData, function (err:any, rows:any, fields:any) {
                 if (err) {
                     return dbconn_OBSOLETE.user.rollback(function() { throw err })
                 }
                 // delete verification token
-                dbconn_OBSOLETE.user.query('DELETE FROM verification WHERE user_id = '+userData.id, function (err, rows, fields) {
+                dbconn_OBSOLETE.user.query('DELETE FROM verification WHERE user_id = '+userData.id, function (err:any, rows:any, fields:any) {
                     if (err) {
                         return dbconn_OBSOLETE.user.rollback(function() { throw err })
                     }
                     // COMMIT
-                    dbconn_OBSOLETE.user.commit(function(err) {
+                    dbconn_OBSOLETE.user.commit(function(err:any) {
                         if (err) {
                             return dbconn_OBSOLETE.user.rollback(function() { throw err })
                         }
@@ -203,9 +192,9 @@ var methods = {
         })
     },
     /* ===== GitLab ===== */
-    getGitlabId: async function(userId) {
+    getGitlabId: async function(userId:number) {
         try {
-            let rows = await dbconn.user.promise().query('SELECT gu.gitlab_userId FROM user_gitlab gu, user u WHERE u.id = "' +userId+'" and gu.user_id = u.id')
+            let rows:any = await dbconn.user.promise().query('SELECT gu.gitlab_userId FROM user_gitlab gu, user u WHERE u.id = "' +userId+'" and gu.user_id = u.id')
             if (rows[0][0]) {
                 return rows[0][0].gitlab_userId
             } else {
@@ -217,12 +206,12 @@ var methods = {
             return err
         }
     },
-    addGitlabUser: function(data, callback){
-        dbconn_OBSOLETE.user.query('INSERT INTO user_gitlab SET ?', data, function (err) {
+    addGitlabUser: function(data:any, callback:any){
+        dbconn.user.query('INSERT INTO user_gitlab SET ?', data, function (err:any) {
             if (err) throw err
             callback(err)
         })
     }
 };
 
-module.exports = methods;
\ No newline at end of file
+export = methods
\ No newline at end of file

public/js/jquery-ui/i18n/datepicker-de.js

-/* German initialisation for the jQuery UI date picker plugin. */
-/* Written by Milian Wolff (mail@milianw.de). */
-( function( factory ) {
-	if ( typeof define === "function" && define.amd ) {
-
-		// AMD. Register as an anonymous module.
-		define( [ "../widgets/datepicker" ], factory );
-	} else {
-
-		// Browser globals
-		factory( jQuery.datepicker );
-	}
-}( function( datepicker ) {
-
-datepicker.regional.de = {
-	closeText: "Schließen",
-	prevText: "<Zurück",
-	nextText: "Vor>",
-	currentText: "Heute",
-	monthNames: [ "Januar","Februar","März","April","Mai","Juni",
-	"Juli","August","September","Oktober","November","Dezember" ],
-	monthNamesShort: [ "Jan","Feb","Mär","Apr","Mai","Jun",
-	"Jul","Aug","Sep","Okt","Nov","Dez" ],
-	dayNames: [ "Sonntag","Montag","Dienstag","Mittwoch","Donnerstag","Freitag","Samstag" ],
-	dayNamesShort: [ "So","Mo","Di","Mi","Do","Fr","Sa" ],
-	dayNamesMin: [ "So","Mo","Di","Mi","Do","Fr","Sa" ],
-	weekHeader: "KW",
-	dateFormat: "dd.mm.yy",
-	firstDay: 1,
-	isRTL: false,
-	showMonthAfterYear: false,
-	yearSuffix: "" };
-datepicker.setDefaults( datepicker.regional.de );
-
-return datepicker.regional.de;
-
-} ) );
\ No newline at end of file

routes/public.js

-const methods = require('../functions/methods')
-const async = require('async')
-const mailer = require('../config/mailer')
-const constants = require('../config/const')
-// pwd encryption
-const crypto = require('crypto')
-const bcrypt = require('bcryptjs')
-const saltRounds = 10
-const salt = 64
-
-module.exports = function (app, config, lang) {
-
-    // ================== NEW USERS REGISTRATION ======================
-
-    app.get('/registration', function(req, res) {
-        res.render(lang+'/account/registration')
-    })
-    app.post('/registration', function(req, res) {
-        // user data
-        var curDate = new Date()
-        var userData = {
-          salutation: req.body.inputSalutation,
-          title: req.body.inputTitle,
-          firstname: req.body.inputFirstname,
-          lastname: req.body.inputLastname,
-          email: req.body.inputEmail,
-          organisation: req.body.inputOrganisation,
-          industry: req.body.inputIndustry,
-          speciality: req.body.inputSpeciality,
-          createdDate: curDate.toISOString().slice(0,10)
-        }
-    
-        var userEmail = userData.email
-        var pos = userEmail.indexOf('@')
-        var emailLength = userEmail.length
-        var emailDomain = userEmail.slice(pos, emailLength);
-    
-        if ( emailDomain.toLowerCase() == "@hft-stuttgart.de") {
-            res.flash('error', "Fehlgeschlagen: HFT-Account")
-            res.redirect('/account/registration')
-        } else {
-          let token
-          async.waterfall([
-            function(done) {
-              crypto.randomBytes(20, function(err, buf) {
-                token = buf.toString('hex');
-                done(err, token);
-              });
-            },
-            // encrypt password
-            function(token, done) {
-              bcrypt.genSalt(saltRounds, function(err, salt) {
-                bcrypt.hash(req.body.inputPassword, salt, function(err, hash) {
-                  var newAccount = {
-                    profile: userData,
-                    password: hash,
-                    verificationToken: token
-                  }
-                  done(err, newAccount)
-                });
-              });
-            },
-            // save data
-            function(newAccount, err) {
-              methods.registerNewUser(newAccount, function(err){
-                if (err) {
-                  res.flash('error', "Fehlgeschlagen")
-                }
-                else {
-                  // send email
-                  var emailSubject = "Bitte bestätigen Sie Ihr M4_LAB Benutzerkonto"
-                  var emailContent = '<div>Lieber Nutzer,<br/><br/>' +
-                    '<p>vielen Dank für Ihre Anmeldung am Transferportal der HFT Stuttgart. <br/>' +
-                    'Um Ihre Anmeldung zu bestätigen, klicken Sie bitte <a href='+config.app.host+'/verifyAccount?token='+token+'>diesen Link</a> ' +
-                    '<br/><br/>' +
-                    'Ohne Bestätigung Ihres Kontos müssen wir Ihr Konto leider nach 7 Tagen löschen.</p><br/>' + constants.mailSignature +
-                    '</div>';
-                  mailer.options.to = req.body.inputEmail;
-                  mailer.options.subject = emailSubject;
-                  mailer.options.html = emailContent;
-                  mailer.transport.sendMail(mailer.options, function(err) {
-                    if (err) {
-                      console.error('cannot send email')
-                      throw err
-                    }
-                  })
-                  // user feedback
-                  res.flash('success', 'Vielen Dank für Ihre Registrierung!'+'\r\n\r\n'+
-                    'Wir haben Ihnen eine E-Mail an Ihre verwendete Adresse gesendet. Diese enthält einen Link zur Bestätigung Ihres Accounts.'+'\r\n'+
-                    'Wenn Sie die Mail nicht in ihrem Postfach vorfinden, prüfen Sie bitte auch Ihren Spam-Ordner.')
-                }
-                res.redirect('/account/registration')
-              })
-            }
-          ])
-        }
-    })
-
-    // =================== USERS VERIFICATION =========================
-
-    app.get("/verifyAccount", async function(req, res){
-      let userId = await methods.getUserIdByVerificationToken(req.query.token)
-      if (!userId) {
-        // no user found
-        res.render(lang+'/account/verification', {
-          status: null
-        })
-      } else {
-        // a user found, verify the account
-        let userData = {
-          id: userId,
-          verificationStatus: 1
-        }
-        methods.verifyUserAccount(userData, async function(err){
-          if (err) {
-            console.log("Error: "+err)
-            res.render(lang+'/account/verification', {
-              status: false
-            });
-          } else {
-            // send welcome email after successful account verification
-            let userEmail = await methods.getUserEmailById(userId)
-            if (!userEmail) {
-              res.render(lang+'/account/verification', {
-                status: false
-              })
-            } else {
-              // send email
-              var emailSubject = "Herzlich willkommen"
-                var emailContent = '<div>Lieber Nutzer,<br/><br/>' +
-                  '<p>herzlich willkommen beim Transferportal der HFT Stuttgart!<br/>' +
-                  'Sie können nun alle Dienste des Portals nutzen.<p/><br/>' + constants.mailSignature;
-                mailer.options.to = userEmail
-                mailer.options.subject = emailSubject
-                mailer.options.html = emailContent
-                mailer.transport.sendMail(mailer.options, function(err) {
-                  if (err) {
-                    console.log('cannot send email')
-                    throw err
-                  }
-                })
-    
-                res.render(lang+'/account/verification', {
-                  status: true
-                })
-            }
-          }
-        })        
-      }
-    })
-
-    // ==================== FORGOT PASSWORD ===========================
-
-    app.get('/forgotPwd', function (req, res) {
-      res.render(lang+'/account/forgotPwd', {
-        user: req.user
-      })
-    })
-    app.post('/forgotPwd', function(req, res) {
-      let emailAddress = req.body.inputEmail
-      async.waterfall([
-        function(done) {
-          crypto.randomBytes(20, function(err, buf) {
-            var token = buf.toString('hex')
-            done(err, token)
-          })
-        },
-        async function(token) {
-          let user = await methods.checkUserEmail(emailAddress)
-          if (!user) {
-            console.log('no user found')
-          } else {
-            var emailSubject = "Ihre Passwort-Anfrage an das Transferportal der HFT Stuttgart";
-            var emailContent = '<div>Lieber Nutzer,<br/><br/>' +
-              '<p>wir haben Ihre Anfrage zur Erneuerung Ihres Passwortes erhalten. Falls Sie diese Anfrage nicht gesendet haben, ignorieren Sie bitte diese E-Mail.<br/><br/>' +
-              'Sie können Ihr Passwort mit dem Klick auf diesen Link ändern: '+config.app.host+'/reset/' + token + '<br/>' +
-              'Dieser Link ist aus Sicherheitsgründen nur für 1 Stunde gültig.<br/></p>' + constants.mailSignature + '</div>'
-              
-            var credentialData = {
-              user_id: user.id,
-              resetPasswordToken: token,
-              resetPasswordExpires: Date.now() + 3600000 // 1 hour
-            }
-            methods.updateCredential(credentialData, function(err) {
-              if (err) { console.error(err) }
-            })
-  
-            // send email
-            mailer.options.to = emailAddress
-            mailer.options.subject = emailSubject
-            mailer.options.html = emailContent
-            mailer.transport.sendMail(mailer.options, function(err) {
-              if (err) { console.error(err) }
-            })
-          }
-        }
-      ], function(err) {
-        if (err) {
-          res.flash('error', 'Ein Fehler ist aufgetreten. Bitte versuchen Sie es erneut.')
-        }
-        else {
-          res.flash('success', 'Wenn Ihre E-Mail-Adresse registriert ist, wurde eine E-Mail mit dem weiteren Vorgehen an ' + emailAddress + ' versendet.')
-        }
-        res.redirect('/account/forgotPwd')
-      })
-    })
-
-    // reset
-    app.get('/reset/:token', async function(req, res) {
-      let user = await methods.getUserByToken(req.params.token)
-      if (!user) {
-        res.flash('error', 'Der Schlüssel zum zurücksetzen des Passworts ist ungültig oder abgelaufen.')
-        res.redirect('/account/forgotPwd')
-      } else {
-        res.render(lang+'/account/reset')
-      }
-    })
-    app.post('/reset/:token', async function(req, res) {
-      var newPwd = req.body.inputNewPwd
-
-      let user = await methods.getUserByToken(req.params.token)
-      if (!user) {
-        res.flash('error', "User not found.")
-        res.redirect('/login')
-      } else {
-        // encrypt password
-        bcrypt.genSalt(saltRounds, function(err, salt) {
-          bcrypt.hash(newPwd, salt, function(err, hash) {
-            var credentialData = {
-              password: hash,
-              user_id: user.user_id
-            }
-            // update password
-            methods.updateCredential(credentialData, function(err){
-              if (err) {
-                res.flash('error', "Datenbankfehler: Passwort kann nicht geändert werden.")
-                throw err
-              } else {
-                res.flash('success', "Passwort aktualisiert!")
-                
-                // send notifiaction email
-                mailer.options.to = user.email
-                mailer.options.subject = constants.updatePasswordMailSubject
-                mailer.options.html = constants.updatePasswordMailContent+'<div>'+constants.mailSignature+'</div>'
-                mailer.transport.sendMail(mailer.options, function(err) {
-                  if (err) { console.log(err) }
-                })
-                
-                res.redirect('/login')
-              }
-            })
-          });
-        });
-      }
-
-    })
-
-    // ======================= CONTACT FORM ===========================
-
-    app.get('/contact', function (req, res) {
-      res.render(lang+'/account/contact', {
-        user: req.user
-      })
-    })
-    app.post('/contact', function(req, res, next) {
-        //methods.currentDate();
-        let emailAddress = req.body.inputEmail;
-        let supportAddress = "support-transfer@hft-stuttgart.de";
-        let inputName = req.body.name;
-        let inputContent = req.body.message;
-        let emailContent = "Es wurde eine Anfrage an das Transferportal gestellt: \n\n NAME: " + inputName + "\n NACHRICHT:\n "+ inputContent;
-        let emailSubject = "Ihre Anfrage an das Transferportal";
-        async.waterfall([
-          function(done) {
-              // send email
-              mailer.options.to = supportAddress;
-              mailer.options.cc = emailAddress;
-              mailer.options.subject = emailSubject;
-              mailer.options.text = emailContent;
-              mailer.transport.sendMail(mailer.options, function(err) {
-                done(err, 'done');
-              });
-            }
-        ], function(err) {
-          if (err) {
-            console.error(err)
-            res.flash('error', 'Ein Fehler ist aufgetreten. Bitte versuchen Sie es erneut.');
-          }
-          else {
-            res.flash('success', 'Vielen Dank für Ihre Anfrage. Wir melden uns baldmöglichst bei Ihnen. Eine Kopie Ihrer Anfrage wurde an ' + emailAddress + ' versandt.');
-          }
-          res.redirect('/account/contact')
-        })
-    })
-
-}
\ No newline at end of file

routes/public.ts

+import async from 'async'
+import bcrypt from 'bcryptjs'
+import methods from '../functions/methods'
+import mailer from '../config/mailer'
+import constants from '../config/const'
+
+const saltRounds:number = 10
+const salt:number = 64
+
+export = function (app:any, config:any, lang:string) {
+
+  // ================== NEW USERS REGISTRATION ======================
+  app.get('/registration', function(req:any, res:any) {
+    res.render(lang+'/account/registration')
+  })
+  app.post('/registration', function(req:any, res:any) {
+    // user data
+    var curDate:Date = new Date()
+    var userData:any = {
+      salutation: req.body.inputSalutation,
+      title: req.body.inputTitle,
+      firstname: req.body.inputFirstname,
+      lastname: req.body.inputLastname,
+      email: req.body.inputEmail,
+      organisation: req.body.inputOrganisation,
+      industry: req.body.inputIndustry,
+      speciality: req.body.inputSpeciality,
+      createdDate: curDate.toISOString().slice(0,10)
+    }
+    
+    var userEmail:any = userData.email
+    var pos:number = userEmail.indexOf('@')
+    var emailLength:number = userEmail.length
+    var emailDomain:any = userEmail.slice(pos, emailLength);
+    
+    if ( emailDomain.toLowerCase() == "@hft-stuttgart.de") {
+      res.flash('error', "Fehlgeschlagen: HFT-Account")
+      res.redirect('/account/registration')
+    } else {
+      async.waterfall([
+        function(done:any) {
+          // generate token
+          let token:string = '';
+          let randomChars:string = 'abcdefghijklmnopqrstuvwxyz0123456789';
+          for ( let i = 0; i<40; i++ ) {
+            token += randomChars.charAt(Math.floor(Math.random() * randomChars.length));
+          }
+          // encrypt password
+          bcrypt.genSalt(saltRounds, function(err, salt) {
+            bcrypt.hash(req.body.inputPassword, salt, function(err:any, hash:any) {
+              var newAccount:any = {
+                profile: userData,
+                password: hash,
+                verificationToken: token
+              }
+              done(err, newAccount)
+            });
+          });
+        },
+        // save data
+        function(newAccount:any, err:any) {
+          methods.registerNewUser(newAccount, function(err:any){
+            if (err) {
+              res.flash('error', "Fehlgeschlagen")
+            }
+            else {
+              // send email
+              var emailSubject = "Bitte bestätigen Sie Ihr M4_LAB Benutzerkonto"
+              var emailContent = '<div>Lieber Nutzer,<br/><br/>' +
+                '<p>vielen Dank für Ihre Anmeldung am Transferportal der HFT Stuttgart. <br/>' +
+                'Um Ihre Anmeldung zu bestätigen, klicken Sie bitte <a href='+config.app.host+'/verifyAccount?token='+newAccount.verificationToken+'>diesen Link</a> ' +
+                '<br/><br/>' +
+                'Ohne Bestätigung Ihres Kontos müssen wir Ihr Konto leider nach 7 Tagen löschen.</p><br/>' + constants.mailSignature +
+                '</div>';
+              mailer.options.to = req.body.inputEmail;
+              mailer.options.subject = emailSubject;
+              mailer.options.html = emailContent;
+              mailer.transporter.sendMail(mailer.options, function(err:any) {
+                if (err) {
+                  console.error('Cannot send email. [Error] '+err)
+                  throw err
+                }
+              })
+              // user feedback
+              res.flash('success', 'Vielen Dank für Ihre Registrierung!'+'\r\n\r\n'+
+                'Wir haben Ihnen eine E-Mail an Ihre verwendete Adresse gesendet. Diese enthält einen Link zur Bestätigung Ihres Accounts.'+'\r\n'+
+                'Wenn Sie die Mail nicht in ihrem Postfach vorfinden, prüfen Sie bitte auch Ihren Spam-Ordner.')
+              }
+              res.redirect('/account/registration')
+            })
+        }
+      ])
+    }
+  })
+
+  // =================== USERS VERIFICATION =========================
+
+  app.get("/verifyAccount", async function(req:any, res:any){
+    let userId:number = await methods.getUserIdByVerificationToken(req.query.token)
+    if (!userId) {
+      // no user found
+      res.render(lang+'/account/verification', {
+        status: null
+      })
+    } else {
+      // a user found, verify the account
+      let userData:any = {
+        id: userId,
+        verificationStatus: 1
+      }
+      methods.verifyUserAccount(userData, async function(err:any){
+        if (err) {
+          console.log("Error: "+err)
+          res.render(lang+'/account/verification', {
+            status: false
+          });
+        } else {
+          // send welcome email after successful account verification
+          let userEmail:string = await methods.getUserEmailById(userId)
+          if (!userEmail) {
+            res.render(lang+'/account/verification', {
+              status: false
+            })
+          } else {
+            // send email
+            var emailSubject = "Herzlich willkommen"
+              var emailContent = '<div>Lieber Nutzer,<br/><br/>' +
+                '<p>herzlich willkommen beim Transferportal der HFT Stuttgart!<br/>' +
+                'Sie können nun alle Dienste des Portals nutzen.<p/><br/>' + constants.mailSignature;
+              mailer.options.to = userEmail
+              mailer.options.subject = emailSubject
+              mailer.options.html = emailContent
+              mailer.transporter.sendMail(mailer.options, function(err:any) {
+                if (err) {
+                  console.log('cannot send email')
+                  throw err
+                }
+              })
+  
+              res.render(lang+'/account/verification', {
+                status: true
+              })
+          }
+        }
+      })        
+    }
+  })
+
+  // ==================== FORGOT PASSWORD ===========================
+
+  app.get('/forgotPwd', function (req:any, res:any) {
+    res.render(lang+'/account/forgotPwd', {
+      user: req.user
+    })
+  })
+  app.post('/forgotPwd', function(req:any, res:any) {
+    let emailAddress = req.body.inputEmail
+    async.waterfall([
+      async function(done:any) {
+        let user = await methods.checkUserEmail(emailAddress)
+        if (!user) {
+          console.log('No user found: '+emailAddress)
+        } else {
+          // generate token
+          let token:string = '';
+          let randomChars:string = 'abcdefghijklmnopqrstuvwxyz0123456789';
+          for ( let i = 0; i<40; i++ ) {
+            token += randomChars.charAt(Math.floor(Math.random() * randomChars.length));
+          }
+
+          var emailSubject = "Ihre Passwort-Anfrage an das Transferportal der HFT Stuttgart";
+          var emailContent = '<div>Lieber Nutzer,<br/><br/>' +
+            '<p>wir haben Ihre Anfrage zur Erneuerung Ihres Passwortes erhalten. Falls Sie diese Anfrage nicht gesendet haben, ignorieren Sie bitte diese E-Mail.<br/><br/>' +
+            'Sie können Ihr Passwort mit dem Klick auf diesen Link ändern: '+config.app.host+'/reset/' + token + '<br/>' +
+            'Dieser Link ist aus Sicherheitsgründen nur für 1 Stunde gültig.<br/></p>' + constants.mailSignature + '</div>'
+            
+          var credentialData = {
+            user_id: user.id,
+            resetPasswordToken: token,
+            resetPasswordExpires: Date.now() + 3600000 // 1 hour
+          }
+          let result = await methods.updateCredential(credentialData)
+          if (!result) {
+            console.log('failed to update credential')
+          } else {
+            // send email
+            mailer.options.to = emailAddress
+            mailer.options.subject = emailSubject
+            mailer.options.html = emailContent
+            mailer.transporter.sendMail(mailer.options, function(err:any) {
+              if (err) { console.error(err) }
+            })
+          }
+        }
+        done(null)
+      }
+    ], function(err:any) {
+      if (err) {
+        res.flash('error', 'Ein Fehler ist aufgetreten. Bitte versuchen Sie es erneut.')
+      }
+      else {
+        res.flash('success', 'Wenn Ihre E-Mail-Adresse registriert ist, wurde eine E-Mail mit dem weiteren Vorgehen an ' + emailAddress + ' versendet.')
+      }
+      res.redirect('/account/forgotPwd')
+    })
+  })
+
+  // reset
+  app.get('/reset/:token', async function(req:any, res:any) {
+      let user = await methods.getUserByToken(req.params.token)
+      if (!user) {
+        res.flash('error', 'Der Schlüssel zum zurücksetzen des Passworts ist ungültig oder abgelaufen.')
+        res.redirect('/account/forgotPwd')
+      } else {
+        res.render(lang+'/account/reset')
+      }
+  })
+  app.post('/reset/:token', async function(req:any, res:any) {
+      var newPwd = req.body.inputNewPwd
+
+      var user = await methods.getUserByToken(req.params.token)
+      if (!user) {
+        res.flash('error', "User not found.")
+        res.redirect('/login')
+      } else {
+        // encrypt password
+        bcrypt.genSalt(saltRounds, function(err, salt) {
+          bcrypt.hash(newPwd, salt, async function(err:any, hash) {
+            var credentialData = {
+              password: hash,
+              user_id: user.user_id
+            }
+            // update password
+            let result = await methods.updateCredential(credentialData)
+            if (!result) {
+              console.log('Failed to reset password')
+              res.flash('error', "Datenbankfehler: Passwort kann nicht geändert werden.")
+            } else {
+              res.flash('success', "Passwort aktualisiert!")
+              // send notifiaction email
+              mailer.options.to = user.email
+              mailer.options.subject = constants.updatePasswordMailSubject
+              mailer.options.html = constants.updatePasswordMailContent+'<div>'+constants.mailSignature+'</div>'
+              mailer.transporter.sendMail(mailer.options, function(err:any) {
+                if (err) { console.log(err) }
+              })
+            }
+            res.redirect('/login')
+          });
+        });
+      }
+
+  })
+
+  // ======================= CONTACT FORM ===========================
+  app.get('/contact', function (req:any, res:any) {
+      res.render(lang+'/account/contact', {
+        user: req.user
+      })
+  })
+  app.post('/contact', function(req:any, res:any, next:any) {
+        //methods.currentDate();
+        let emailAddress = req.body.inputEmail;
+        let supportAddress = "support-transfer@hft-stuttgart.de";
+        let inputName = req.body.name;
+        let inputContent = req.body.message;
+        let emailContent = "Es wurde eine Anfrage an das Transferportal gestellt: \n\n NAME: " + inputName + "\n NACHRICHT:\n "+ inputContent;
+        let emailSubject = "Ihre Anfrage an das Transferportal";
+        async.waterfall([
+          function(done:any) {
+            // send email
+            mailer.options.to = supportAddress;
+            mailer.options.cc = emailAddress;
+            mailer.options.subject = emailSubject;
+            mailer.options.text = emailContent;
+            mailer.transporter.sendMail(mailer.options, function(err:any) {
+              done(err, 'done');
+            });
+          }
+        ], function(err:any) {
+          if (err) {
+            console.error(err)
+            res.flash('error', 'Ein Fehler ist aufgetreten. Bitte versuchen Sie es erneut.');
+          }
+          else {
+            res.flash('success', 'Vielen Dank für Ihre Anfrage. Wir melden uns baldmöglichst bei Ihnen. Eine Kopie Ihrer Anfrage wurde an ' + emailAddress + ' versandt.');
+          }
+          res.redirect('/account/contact')
+        })
+  })
+ 
+}
\ No newline at end of file