Use release versions of settings-bundle

Check for permissions to access settings menu and added settings menu to sidebar menu
Use a doctrine entity for storing the settings
2026-02-22 09:42:36 +01:00 · 2025-07-06 22:30:17 +02:00 · 2025-07-06 22:29:35 +02:00 · 2025-07-06 22:15:48 +02:00 · 2025-07-06 22:08:10 +02:00 · 2025-07-06 22:00:46 +02:00
898 changed files with 179483 additions and 21868 deletions
--- a/.docker/frankenphp/Caddyfile
+++ b/.docker/frankenphp/Caddyfile
@@ -0,0 +1,55 @@
+{
+	{$CADDY_GLOBAL_OPTIONS}
+
+	frankenphp {
+		{$FRANKENPHP_CONFIG}
+	}
+
+	# https://caddyserver.com/docs/caddyfile/directives#sorting-algorithm
+	order mercure after encode
+	order vulcain after reverse_proxy
+	order php_server before file_server
+}
+
+{$CADDY_EXTRA_CONFIG}
+
+{$SERVER_NAME:localhost} {
+	log {
+		# Redact the authorization query parameter that can be set by Mercure
+		format filter {
+			wrap console
+			fields {
+				uri query {
+					replace authorization REDACTED
+				}
+			}
+		}
+	}
+
+	root * /app/public
+	encode zstd br gzip
+
+	mercure {
+		# Transport to use (default to Bolt)
+		transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
+		# Publisher JWT key
+		publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
+		# Subscriber JWT key
+		subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
+		# Allow anonymous subscribers (double-check that it's what you want)
+		anonymous
+		# Enable the subscription API (double-check that it's what you want)
+		subscriptions
+		# Extra directives
+		{$MERCURE_EXTRA_DIRECTIVES}
+	}
+
+	vulcain
+
+	{$CADDY_SERVER_EXTRA_DIRECTIVES}
+
+	# Disable Topics tracking if not enabled explicitly: https://github.com/jkarlin/topics
+	header ?Permissions-Policy "browsing-topics=()"
+
+	php_server
+}
--- a/.docker/frankenphp/conf.d/app.dev.ini
+++ b/.docker/frankenphp/conf.d/app.dev.ini
@@ -0,0 +1,5 @@
+; See https://docs.docker.com/desktop/networking/#i-want-to-connect-from-a-container-to-a-service-on-the-host
+; See https://github.com/docker/for-linux/issues/264
+; The `client_host` below may optionally be replaced with `discover_client_host=yes`
+; Add `start_with_request=yes` to start debug session on each request
+xdebug.client_host = host.docker.internal
--- a/.docker/frankenphp/conf.d/app.ini
+++ b/.docker/frankenphp/conf.d/app.ini
@@ -0,0 +1,18 @@
+expose_php = 0
+date.timezone = UTC
+apc.enable_cli = 1
+session.use_strict_mode = 1
+zend.detect_unicode = 0
+
+; https://symfony.com/doc/current/performance.html
+realpath_cache_size = 4096K
+realpath_cache_ttl = 600
+opcache.interned_strings_buffer = 16
+opcache.max_accelerated_files = 20000
+opcache.memory_consumption = 256
+opcache.enable_file_override = 1
+
+memory_limit = 256M
+
+upload_max_filesize=256M
+post_max_size=300M
--- a/.docker/frankenphp/conf.d/app.prod.ini
+++ b/.docker/frankenphp/conf.d/app.prod.ini
@@ -0,0 +1,2 @@
+opcache.preload_user = root
+opcache.preload = /app/config/preload.php
--- a/.docker/frankenphp/docker-entrypoint.sh
+++ b/.docker/frankenphp/docker-entrypoint.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = 'frankenphp' ] || [ "$1" = 'php' ] || [ "$1" = 'bin/console' ]; then
+	# Install the project the first time PHP is started
+	# After the installation, the following block can be deleted
+	if [ ! -f composer.json ]; then
+		rm -Rf tmp/
+		composer create-project "symfony/skeleton $SYMFONY_VERSION" tmp --stability="$STABILITY" --prefer-dist --no-progress --no-interaction --no-install
+
+		cd tmp
+		cp -Rp . ..
+		cd -
+		rm -Rf tmp/
+
+		composer require "php:>=$PHP_VERSION" runtime/frankenphp-symfony
+		composer config --json extra.symfony.docker 'true'
+
+		if grep -q ^DATABASE_URL= .env; then
+			echo "To finish the installation please press Ctrl+C to stop Docker Compose and run: docker compose up --build -d --wait"
+			sleep infinity
+		fi
+	fi
+
+	if [ -z "$(ls -A 'vendor/' 2>/dev/null)" ]; then
+		composer install --prefer-dist --no-progress --no-interaction
+	fi
+
+	if grep -q ^DATABASE_URL= .env; then
+		echo "Waiting for database to be ready..."
+		ATTEMPTS_LEFT_TO_REACH_DATABASE=60
+		until [ $ATTEMPTS_LEFT_TO_REACH_DATABASE -eq 0 ] || DATABASE_ERROR=$(php bin/console dbal:run-sql -q "SELECT 1" 2>&1); do
+			if [ $? -eq 255 ]; then
+				# If the Doctrine command exits with 255, an unrecoverable error occurred
+				ATTEMPTS_LEFT_TO_REACH_DATABASE=0
+				break
+			fi
+			sleep 1
+			ATTEMPTS_LEFT_TO_REACH_DATABASE=$((ATTEMPTS_LEFT_TO_REACH_DATABASE - 1))
+			echo "Still waiting for database to be ready... Or maybe the database is not reachable. $ATTEMPTS_LEFT_TO_REACH_DATABASE attempts left."
+		done
+
+		if [ $ATTEMPTS_LEFT_TO_REACH_DATABASE -eq 0 ]; then
+			echo "The database is not up or not reachable:"
+			echo "$DATABASE_ERROR"
+			exit 1
+		else
+			echo "The database is now ready and reachable"
+		fi
+
+		if [ "$( find ./migrations -iname '*.php' -print -quit )" ]; then
+			php bin/console doctrine:migrations:migrate --no-interaction
+		fi
+	fi
+
+	setfacl -R -m u:www-data:rwX -m u:"$(whoami)":rwX var
+	setfacl -dR -m u:www-data:rwX -m u:"$(whoami)":rwX var
+fi
+
+exec docker-php-entrypoint "$@"
--- a/.docker/frankenphp/worker.Caddyfile
+++ b/.docker/frankenphp/worker.Caddyfile
@@ -0,0 +1,4 @@
+worker {
+	file ./public/index.php
+	env APP_RUNTIME Runtime\FrankenPhpSymfony\Runtime
+}
--- a/.docker/partdb-entrypoint.sh
+++ b/.docker/partdb-entrypoint.sh
@@ -39,8 +39,50 @@ if [ -d /var/www/html/var/db ]; then
    fi
 fi

-# Start PHP-FPM
-service php8.1-fpm start
+# Start PHP-FPM (the PHP_VERSION is replaced by the configured version in the Dockerfile)
+service phpPHP_VERSION-fpm start
+
+
+# Run migrations if automigration is enabled via env variable DB_AUTOMIGRATE
+if [ "$DB_AUTOMIGRATE" = "true" ]; then
+		echo "Waiting for database to be ready..."
+		ATTEMPTS_LEFT_TO_REACH_DATABASE=60
+		until [ $ATTEMPTS_LEFT_TO_REACH_DATABASE -eq 0 ] || DATABASE_ERROR=$(sudo -E -u www-data php bin/console dbal:run-sql -q "SELECT 1" 2>&1); do
+			if [ $? -eq 255 ]; then
+				# If the Doctrine command exits with 255, an unrecoverable error occurred
+				ATTEMPTS_LEFT_TO_REACH_DATABASE=0
+				break
+			fi
+			sleep 1
+			ATTEMPTS_LEFT_TO_REACH_DATABASE=$((ATTEMPTS_LEFT_TO_REACH_DATABASE - 1))
+			echo "Still waiting for database to be ready... Or maybe the database is not reachable. $ATTEMPTS_LEFT_TO_REACH_DATABASE attempts left."
+		done
+
+		if [ $ATTEMPTS_LEFT_TO_REACH_DATABASE -eq 0 ]; then
+			echo "The database is not up or not reachable:"
+			echo "$DATABASE_ERROR"
+			exit 1
+		else
+			echo "The database is now ready and reachable"
+		fi
+
+    # Check if there are any available migrations to do, by executing doctrine:migrations:up-to-date
+    # and checking if the exit code is 0 (up to date) or 1 (not up to date)
+    if  sudo -E -u www-data php bin/console doctrine:migrations:up-to-date --no-interaction; then
+        echo "Database is up to date, no migrations necessary."
+    else
+        echo "Migrations available..."
+        echo "Do backup of database..."
+
+        sudo -E -u www-data mkdir -p /var/www/html/uploads/.automigration-backup/
+        # Backup the database
+        sudo -E -u www-data php bin/console partdb:backup -n --database /var/www/html/uploads/.automigration-backup/backup-$(date +%Y-%m-%d_%H-%M-%S).zip
+
+        # Check if there are any migration files
+        sudo -E -u www-data php bin/console doctrine:migrations:migrate --no-interaction
+    fi
+
+fi

 # first arg is `-f` or `--some-option` (taken from https://github.com/docker-library/php/blob/master/8.2/bullseye/apache/docker-php-entrypoint)
 if [ "${1#-}" != "$1" ]; then
--- a/.docker/symfony.conf
+++ b/.docker/symfony.conf
@@ -25,16 +25,29 @@
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # Pass the configuration from the docker env to the PHP environment (here you should list all .env options)
-        PassEnv APP_ENV APP_DEBUG APP_SECRET
+        PassEnv APP_ENV APP_DEBUG APP_SECRET REDIRECT_TO_HTTPS DISABLE_YEAR2038_BUG_CHECK
        PassEnv TRUSTED_PROXIES TRUSTED_HOSTS LOCK_DSN
-        PassEnv DATABASE_URL ENFORCE_CHANGE_COMMENTS_FOR
-        PassEnv DEFAULT_LANG DEFAULT_TIMEZONE BASE_CURRENCY INSTANCE_NAME ALLOW_ATTACHMENT_DOWNLOADS USE_GRAVATAR MAX_ATTACHMENT_FILE_SIZE DEFAULT_URI
+        PassEnv DATABASE_URL ENFORCE_CHANGE_COMMENTS_FOR DATABASE_MYSQL_USE_SSL_CA DATABASE_MYSQL_SSL_VERIFY_CERT
+        PassEnv DEFAULT_LANG DEFAULT_TIMEZONE BASE_CURRENCY INSTANCE_NAME ALLOW_ATTACHMENT_DOWNLOADS USE_GRAVATAR MAX_ATTACHMENT_FILE_SIZE DEFAULT_URI CHECK_FOR_UPDATES ATTACHMENT_DOWNLOAD_BY_DEFAULT
        PassEnv MAILER_DSN ALLOW_EMAIL_PW_RESET EMAIL_SENDER_EMAIL EMAIL_SENDER_NAME
        PassEnv HISTORY_SAVE_CHANGED_FIELDS HISTORY_SAVE_CHANGED_DATA HISTORY_SAVE_REMOVED_DATA HISTORY_SAVE_NEW_DATA
        PassEnv ERROR_PAGE_ADMIN_EMAIL ERROR_PAGE_SHOW_HELP
        PassEnv DEMO_MODE NO_URL_REWRITE_AVAILABLE FIXER_API_KEY BANNER
-        PassEnv SAML_ENABLED SAML_ROLE_MAPPING SAML_UPDATE_GROUP_ON_LOGIN SAML_IDP_ENTITY_ID SAML_IDP_SINGLE_SIGN_ON_SERVICE SAML_IDP_SINGLE_LOGOUT_SERVICE SAML_IDP_X509_CERT SAML_SP_ENTITY_ID SAML_SP_X509_CERT SAMLP_SP_PRIVATE_KEY
+        # In old version the SAML sp private key env, was wrongly named SAMLP_SP_PRIVATE_KEY, keep it for backward compatibility
+        PassEnv SAML_ENABLED SAML_BEHIND_PROXY SAML_ROLE_MAPPING SAML_UPDATE_GROUP_ON_LOGIN SAML_IDP_ENTITY_ID SAML_IDP_SINGLE_SIGN_ON_SERVICE SAML_IDP_SINGLE_LOGOUT_SERVICE SAML_IDP_X509_CERT SAML_SP_ENTITY_ID SAML_SP_X509_CERT SAML_SP_PRIVATE_KEY SAMLP_SP_PRIVATE_KEY
+        PassEnv TABLE_DEFAULT_PAGE_SIZE TABLE_PARTS_DEFAULT_COLUMNS

+        PassEnv PROVIDER_DIGIKEY_CLIENT_ID PROVIDER_DIGIKEY_SECRET PROVIDER_DIGIKEY_CURRENCY PROVIDER_DIGIKEY_LANGUAGE PROVIDER_DIGIKEY_COUNTRY
+        PassEnv PROVIDER_ELEMENT14_KEY PROVIDER_ELEMENT14_STORE_ID
+        PassEnv PROVIDER_TME_KEY PROVIDER_TME_SECRET PROVIDER_TME_CURRENCY PROVIDER_TME_LANGUAGE PROVIDER_TME_COUNTRY PROVIDER_TME_GET_GROSS_PRICES
+        PassEnv PROVIDER_OCTOPART_CLIENT_ID PROVIDER_OCTOPART_SECRET PROVIDER_OCTOPART_CURRENCY PROVIDER_OCTOPART_COUNTRY PROVIDER_OCTOPART_SEARCH_LIMIT PROVIDER_OCTOPART_ONLY_AUTHORIZED_SELLERS
+        PassEnv PROVIDER_MOUSER_KEY PROVIDER_MOUSER_SEARCH_OPTION PROVIDER_MOUSER_SEARCH_LIMIT PROVIDER_MOUSER_SEARCH_WITH_SIGNUP_LANGUAGE
+        PassEnv PROVIDER_LCSC_ENABLED PROVIDER_LCSC_CURRENCY
+        PassEnv PROVIDER_OEMSECRETS_KEY PROVIDER_OEMSECRETS_COUNTRY_CODE PROVIDER_OEMSECRETS_CURRENCY PROVIDER_OEMSECRETS_ZERO_PRICE PROVIDER_OEMSECRETS_SET_PARAM PROVIDER_OEMSECRETS_SORT_CRITERIA
+        PassEnv PROVIDER_REICHELT_ENABLED PROVIDER_REICHELT_CURRENCY PROVIDER_REICHELT_COUNTRY PROVIDER_REICHELT_LANGUAGE PROVIDER_REICHELT_INCLUDE_VAT
+        PassEnv PROVIDER_POLLIN_ENABLED
+        PassEnv EDA_KICAD_CATEGORY_DEPTH
+        PassEnv SHOW_PART_IMAGE_OVERLAY

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
--- a/.dockerignore
+++ b/.dockerignore
@@ -5,6 +5,8 @@ tests/
 docs/
 .git

+/public/media/*
+
 ###> symfony/framework-bundle ###
 /.env.local
 /.env.local.php
@@ -42,3 +44,39 @@ yarn-error.log
 /phpunit.xml
 .phpunit.result.cache
 ###< phpunit/phpunit ###
+
+
+### From frankenphp
+
+**/*.log
+**/*.php~
+**/*.dist.php
+**/*.dist
+**/*.cache
+**/._*
+**/.dockerignore
+**/.DS_Store
+**/.git/
+**/.gitattributes
+**/.gitignore
+**/.gitmodules
+**/compose.*.yaml
+**/compose.*.yml
+**/compose.yaml
+**/compose.yml
+**/docker-compose.*.yaml
+**/docker-compose.*.yml
+**/docker-compose.yaml
+**/docker-compose.yml
+**/Dockerfile
+**/Thumbs.db
+.github/
+public/bundles/
+var/
+vendor/
+.editorconfig
+.env.*.local
+.env.local
+.env.local.php
+.env.test
+
--- a/.env
+++ b/.env
@@ -14,36 +14,34 @@ DATABASE_URL="sqlite:///%kernel.project_dir%/var/app.db"
 # Uncomment this line (and comment the line above to use a MySQL database
 #DATABASE_URL=mysql://root:@127.0.0.1:3306/part-db?serverVersion=5.7

+# Set this value to 1, if you want to use SSL to connect to the MySQL server. It will be tried to use the CA certificate
+# otherwise a CA bundle shipped with PHP will be used.
+# Leave it at 0, if you do not want to use SSL or if your server does not support it
+DATABASE_MYSQL_USE_SSL_CA=0
+
+# Set this value to 0, if you don't want to verify the CA certificate of the MySQL server
+# Only do this, if you know what you are doing!
+DATABASE_MYSQL_SSL_VERIFY_CERT=1
+
+# Emulate natural sorting of strings even on databases that do not support it (like SQLite, MySQL or MariaDB < 10.7)
+# This can be slow on big databases and might have some problems and quirks, so use it with caution
+DATABASE_EMULATE_NATURAL_SORT=0
+
 ###################################################################################
 # General settings
 ###################################################################################

 # The language to use serverwide as default (en, de, ru, etc.)
-DEFAULT_LANG="en"
+#DEFAULT_LANG="en"
 # The default timezone to use serverwide (e.g. Europe/Berlin)
-DEFAULT_TIMEZONE="Europe/Berlin"
+#DEFAULT_TIMEZONE="Europe/Berlin"
 # The currency that is used inside the DB (and is assumed when no currency is set). This can not be changed later, so be sure to set it the currency used in your country
-BASE_CURRENCY="EUR"
-# The name of this installation. This will be shown as title in the browser and in the header of the website
-INSTANCE_NAME="Part-DB"
-# Allow users to download attachments to the server by providing an URL
-# This could be a potential security issue, as the user can retrieve any file the server has access to (via internet)
-ALLOW_ATTACHMENT_DOWNLOADS=0
-# Use gravatars for user avatars, when user has no own avatar defined
-USE_GRAVATAR=0
-# The maximum allowed size for attachment files in bytes (you can use M for megabytes and G for gigabytes)
-# Please note that the php.ini setting upload_max_filesize also limits the maximum size of uploaded files
-MAX_ATTACHMENT_FILE_SIZE="100M"
+#BASE_CURRENCY="EUR"

-# The public reachable URL of this Part-DB installation. This is used for generating links to the website in emails and so on
+# The public reachable URL of this Part-DB installation. This is used for generating links in SAML and email templates
 # This must end with a slash!
 DEFAULT_URI="https://partdb.changeme.invalid/"

-# With this option you can configure, where users are enforced to give a change reason, which will be logged
-# This is a comma separated list of values, see documentation for available values
-# Leave this empty, to make all change reasons optional
-ENFORCE_CHANGE_COMMENTS_FOR=""
-
 ###################################################################################
 # Email settings
 ###################################################################################
@@ -60,21 +58,6 @@ EMAIL_SENDER_NAME="Part-DB Mailer"
 # Set this to 1 to allow reset of a password per email
 ALLOW_EMAIL_PW_RESET=0

-######################################################################################
-# History/Eventlog settings
-######################################################################################
-# If you want to use full timetrave functionality all values below have to be set to 1
-
-# Save which fields were changed in a ElementEdited log entry
-HISTORY_SAVE_CHANGED_FIELDS=1
-# Save the old data in the  ElementEdited log entry (warning this could increase the database size in short time)
-HISTORY_SAVE_CHANGED_DATA=1
-# Save the data of an element that gets removed into log entry. This allows to undelete an element
-HISTORY_SAVE_REMOVED_DATA=1
-# Save the new data of an element that gets changed or added. This allows an easy comparison of the old and new data on the detail page
-# This option only becomes active when HISTORY_SAVE_CHANGED_DATA is set to 1
-HISTORY_SAVE_NEW_DATA=1
-
 ###################################################################################
 # Error pages settings
 ###################################################################################
@@ -84,12 +67,26 @@ ERROR_PAGE_ADMIN_EMAIL=''
 # If this is set to true, solutions to common problems are shown on error pages. Disable this, if you do not want your users to see them...
 ERROR_PAGE_SHOW_HELP=1

+
+##################################################################################
+# EDA integration related settings
+##################################################################################
+
+# This value determines the depth of the category tree, that is visible inside KiCad
+# 0 means that only the top level categories are visible. Set to a value > 0 to show more levels.
+# Set to -1, to show all parts of Part-DB inside a sigle cnategory in KiCad
+#EDA_KICAD_CATEGORY_DEPTH=0
+
 ###################################################################################
 # SAML Single sign on-settings
 ###################################################################################
 # Set this to 1 to enable SAML single sign on
+# Be also sure to set the correct values for DEFAULT_URI
 SAML_ENABLED=0

+# Set to 1, if your Part-DB installation is behind a reverse proxy and you want to use SAML
+SAML_BEHIND_PROXY=0
+
 # A JSON encoded array of role mappings in the form { "saml_role": PARTDB_GROUP_ID, "*": PARTDB_GROUP_ID }
 # The first match is used, so the order is important! Put the group mapping with the most privileges first.
 # Please not to only use single quotes to enclose the JSON string
@@ -116,7 +113,7 @@ SAML_SP_ENTITY_ID="https://partdb.changeme.invalid/sp"
 # The public certificate of the SAML SP
 SAML_SP_X509_CERT="MIIC..."
 # The private key of the SAML SP
-SAMLP_SP_PRIVATE_KEY="MIIE..."
+SAML_SP_PRIVATE_KEY="MIIE..."


 ######################################################################################
@@ -129,8 +126,8 @@ DEMO_MODE=0
 # In that case all URL contains the index.php front controller in URL
 NO_URL_REWRITE_AVAILABLE=0

-# If you want to use fixer.io for currency conversion, you have to set this to your API key
-FIXER_API_KEY=CHANGEME
+# Set to 1, if Part-DB should redirect all HTTP requests to HTTPS. You dont need to configure this, if your webserver already does this.
+REDIRECT_TO_HTTPS=0

 # Override value if you want to show to show a given text on homepage.
 # When this is empty the content of config/banner.md is used as banner
@@ -139,9 +136,11 @@ BANNER=""
 APP_ENV=prod
 APP_SECRET=a03498528f5a5fc089273ec9ae5b2849

+# Set this to zero, if you want to disable the year 2038 bug check on 32-bit systems (it will cause errors with current 32-bit PHP versions)
+DISABLE_YEAR2038_BUG_CHECK=0

 # Set the trusted IPs here, when using an reverse proxy
-#TRUSTED_PROXIES=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+#TRUSTED_PROXIES=127.0.0.0/8,::1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
 #TRUSTED_HOSTS='^(localhost|example\.com)$'


@@ -150,3 +149,7 @@ APP_SECRET=a03498528f5a5fc089273ec9ae5b2849
 # postgresql+advisory://db_user:db_password@localhost/db_name
 LOCK_DSN=flock
 ###< symfony/lock ###
+
+###> nelmio/cors-bundle ###
+CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
+###< nelmio/cors-bundle ###
--- a/.env.dev
+++ b/.env.dev
--- a/.env.test
+++ b/.env.test
@@ -5,5 +5,11 @@ SYMFONY_DEPRECATIONS_HELPER=999999
 PANTHER_APP_ENV=panther
 PANTHER_ERROR_SCREENSHOT_DIR=./var/error-screenshots

+DATABASE_URL="sqlite:///%kernel.project_dir%/var/app_test.db"
 # Doctrine automatically adds an _test suffix to database name in test env
-DATABASE_URL=mysql://root:@127.0.0.1:3306/part-db
+#DATABASE_URL=mysql://root:@127.0.0.1:3306/part-db
+
+# Disable update checks, as tests would fail, when github is not reachable
+CHECK_FOR_UPDATES=0
+
+INSTANCE_NAME="Part-DB"
--- a/.github/workflows/assets_artifact_build.yml
+++ b/.github/workflows/assets_artifact_build.yml
@@ -19,14 +19,22 @@ jobs:
      APP_ENV: prod

    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.2'
+          coverage: none
+          ini-values: xdebug.max_nesting_level=1000
+          extensions: mbstring, intl, gd, xsl, gmp, bcmath, :php-psr

      - name: Get Composer Cache Directory
        id: composer-cache
        run: |
          echo "::set-output name=dir::$(composer config cache-files-dir)"

-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
        with:
          path: ${{ steps.composer-cache.outputs.dir }}
          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -40,7 +48,7 @@ jobs:
        id: yarn-cache-dir-path
        run: echo "::set-output name=dir::$(yarn cache dir)"

-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
        id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
        with:
          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -49,7 +57,7 @@ jobs:
            ${{ runner.os }}-yarn-

      - name: Setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
        with:
          node-version: '18'

@@ -69,13 +77,13 @@ jobs:
        run: zip -r /tmp/partdb_assets.zip public/build/ vendor/

      - name: Upload assets artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: Only dependencies and built assets
          path: /tmp/partdb_assets.zip

      - name: Upload full artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: Full Part-DB including dependencies and built assets
          path: /tmp/partdb_with_assets.zip
--- a/.github/workflows/docker_build.yml
+++ b/.github/workflows/docker_build.yml
@@ -17,11 +17,11 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      -
        name: Docker meta
        id: docker_meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        with:
          # list of Docker images to use as base name for tags
          images: |
@@ -49,23 +49,23 @@ jobs:

      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
        with:
          platforms: 'arm64,arm'
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      -
        name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/arm/v7
--- a/.github/workflows/docker_frankenphp.yml
+++ b/.github/workflows/docker_frankenphp.yml
@@ -0,0 +1,77 @@
+name: Docker Image Build (FrankenPHP)
+
+on:
+  #schedule:
+  #  - cron: '0 10 * * *' # everyday at 10am
+  push:
+    branches:
+      - '**'
+      - '!l10n_**'
+    tags:
+      - 'v*.*.*'
+      - 'v*.*.*-**'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Docker meta
+        id: docker_meta
+        uses: docker/metadata-action@v5
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            partdborg/part-db
+          # Mark the image build from master as latest (as we dont have really releases yet)
+          tags: |
+            type=edge,branch=master
+            type=ref,event=branch,
+            type=ref,event=tag,
+            type=schedule
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=ref,event=branch
+            type=ref,event=pr
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.title=Part-DB
+            org.opencontainers.image.description=Part-DB is a web application for managing electronic components and your inventory.
+            org.opencontainers.image.url=https://github.com/Part-DB/Part-DB-server
+            org.opencontainers.image.source=https://github.com/Part-DB/Part-DB-server
+            org.opencontainers.image.authors=Jan Böhmer
+            org.opencontainers.licenses=AGPL-3.0-or-later
+
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: 'arm64,arm'
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile-frankenphp
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -16,14 +16,22 @@ jobs:
    runs-on: ubuntu-22.04

    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
+
+    - name: Setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: '8.2'
+        coverage: none
+        ini-values: xdebug.max_nesting_level=1000
+        extensions: mbstring, intl, gd, xsl, gmp, bcmath, :php-psr

    - name: Get Composer Cache Directory
      id: composer-cache
      run: |
        echo "::set-output name=dir::$(composer config cache-files-dir)"
    
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
      with:
        path: ${{ steps.composer-cache.outputs.dir }}
        key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -48,9 +56,10 @@ jobs:
    
    - name: Check doctrine mapping
      run: ./bin/console doctrine:schema:validate --skip-sync -vvv --no-interaction
-    
+
+    # Use the -d option to raise the max nesting level
    - name: Generate dev container
-      run: ./bin/console cache:clear --env dev
+      run: php -d xdebug.max_nesting_level=1000 ./bin/console cache:clear --env dev
    
    - name: Run PHPstan
      run: composer phpstan
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -13,13 +13,13 @@ on:
 jobs:
  phpunit:
    name: PHPUnit and coverage Test (PHP ${{ matrix.php-versions }}, ${{ matrix.db-type }})
-    # Ubuntu 20.04 ships MySQL 8.0 which causes problems with login, so we just use ubuntu 18.04 for now...
    runs-on: ubuntu-22.04

    strategy:
+      fail-fast: false
      matrix:
-        php-versions: [ '8.1', '8.2' ]
-        db-type: [ 'mysql', 'sqlite' ]
+        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
+        db-type: [ 'mysql', 'sqlite', 'postgres' ]

    env:
      # Note that we set DATABASE URL later based on our db-type matrix value
@@ -27,30 +27,45 @@ jobs:
      SYMFONY_DEPRECATIONS_HELPER: disabled
      PHP_VERSION: ${{ matrix.php-versions }}
      DB_TYPE: ${{ matrix.db-type }}
+      CHECK_FOR_UPDATES: false  # Disable update checks for tests

    steps:
      - name: Set Database env for MySQL
-        run: echo "DATABASE_URL=mysql://root:root@127.0.0.1:3306/test" >> $GITHUB_ENV
+        run: echo "DATABASE_URL=mysql://root:root@127.0.0.1:3306/partdb?serverVersion=8.0.35" >> $GITHUB_ENV
        if: matrix.db-type == 'mysql'

      - name: Set Database env for SQLite
        run: echo "DATABASE_URL="sqlite:///%kernel.project_dir%/var/app_test.db"" >> $GITHUB_ENV
        if: matrix.db-type == 'sqlite'

+      - name: Set Database env for PostgreSQL
+        run: echo "DATABASE_URL=postgresql://postgres:postgres @127.0.0.1:5432/partdb?serverVersion=14&charset=utf8" >> $GITHUB_ENV
+        if: matrix.db-type == 'postgres'
+
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: ${{ matrix.php-versions }}
          coverage: pcov
-          extensions: mbstring, intl, gd, xsl, gmp, bcmath        
+          ini-values: xdebug.max_nesting_level=1000
+          extensions: mbstring, intl, gd, xsl, gmp, bcmath, :php-psr
    
      - name: Start MySQL
        run: sudo systemctl start mysql.service
+        if: matrix.db-type == 'mysql'

-      #- name: Setup MySQL
+        # Replace the scram-sha-256 with trust for host connections, to avoid password authentication
+      - name: Start PostgreSQL
+        run: |
+          sudo sed -i 's/^\(host.*all.*all.*\)scram-sha-256/\1trust/' /etc/postgresql/14/main/pg_hba.conf
+          sudo systemctl start postgresql.service
+          sudo -u postgres psql -c "ALTER USER postgres PASSWORD 'postgres';"
+        if: matrix.db-type == 'postgres'
+
+        #- name: Setup MySQL
      #  uses: mirromutth/mysql-action@v1.1
      #  with:
      #    mysql version: 5.7
@@ -63,7 +78,7 @@ jobs:
        id: composer-cache
        run: |
          echo "::set-output name=dir::$(composer config cache-files-dir)"
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
        with:
          path: ${{ steps.composer-cache.outputs.dir }}
          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
@@ -74,7 +89,7 @@ jobs:
        id: yarn-cache-dir-path
        run: echo "::set-output name=dir::$(yarn cache dir)"

-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
        id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
        with:
          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -86,7 +101,7 @@ jobs:
        run: composer install --prefer-dist --no-progress
    
      - name: Setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
        with:
          node-version: '18'
    
@@ -98,26 +113,24 @@ jobs:
    
      - name: Create DB
        run: php bin/console --env test doctrine:database:create --if-not-exists -n
-        if: matrix.db-type == 'mysql'
-
-      # Checkinf for existance is not supported for sqlite, so do it without it
-      - name: Create DB
-        run: php bin/console --env test doctrine:database:create -n
-        if: matrix.db-type == 'sqlite'
+        if: matrix.db-type == 'mysql' || matrix.db-type == 'postgres'
    
      - name: Do migrations
        run: php bin/console --env test doctrine:migrations:migrate -n
-    
+
+      # Use our own custom fixtures loading command to circumvent some problems with reset the autoincrement values
      - name: Load fixtures
-        run: php bin/console --env test doctrine:fixtures:load -n
+        run: php bin/console --env test partdb:fixtures:load -n
    
      - name: Run PHPunit and generate coverage
        run: ./bin/phpunit --coverage-clover=coverage.xml
      
      - name: Upload coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v5
        with:
          env_vars: PHP_VERSION,DB_TYPE
+          token: ${{ secrets.CODECOV_TOKEN }}
+          fail_ci_if_error: true
          
      - name: Test app:clean-attachments
        run: php bin/console partdb:attachments:clean-unused -n
@@ -131,11 +144,11 @@ jobs:
      - name: Test check-requirements command
        run: php bin/console partdb:check-requirements -n

+      - name: Test partdb:backup command
+        run: php bin/console partdb:backup -n --full /tmp/test_backup.zip
+
      - name: Test legacy Part-DB import
        run: bash .github/assets/legacy_import/test_legacy_import.sh
        if: matrix.db-type == 'mysql' && matrix.php-versions == '8.2'
        env:
          DATABASE_URL: mysql://root:root@localhost:3306/legacy_db
-
-
-      
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@
 /.env.local
 /.env.local.php
 /.env.*.local
+/.env.local.bak
 /config/secrets/prod/prod.decrypt.private.php
 /public/bundles/
 /var/
@@ -43,3 +44,7 @@ yarn-error.log
 /phpunit.xml
 .phpunit.result.cache
 ###< phpunit/phpunit ###
+
+###> phpstan/phpstan ###
+phpstan.neon
+###< phpstan/phpstan ###
--- a/187
+++ b/187
@@ -1,22 +1,64 @@
-FROM debian:bullseye-slim
+ARG BASE_IMAGE=debian:bookworm-slim
+ARG PHP_VERSION=8.3
+
+FROM ${BASE_IMAGE} AS base
+ARG PHP_VERSION

 # Install needed dependencies for PHP build
 #RUN apt-get update &&  apt-get install -y pkg-config curl libcurl4-openssl-dev libicu-dev \
 #    libpng-dev libjpeg-dev libfreetype6-dev gnupg zip libzip-dev libjpeg62-turbo-dev libonig-dev libxslt-dev libwebp-dev vim \
 #    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*

-RUN apt-get update && apt-get -y install apt-transport-https lsb-release ca-certificates curl zip \
+RUN apt-get update && apt-get -y install \
+      apt-transport-https \
+      lsb-release \
+      ca-certificates \
+      curl \
+      zip \
+      mariadb-client \
+      postgresql-client \
    && curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg  \
    && sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' \
    && apt-get update && apt-get upgrade -y \
-    && apt-get install -y apache2 php8.1 php8.1-fpm php8.1-opcache php8.1-curl php8.1-gd php8.1-mbstring php8.1-xml php8.1-bcmath php8.1-intl php8.1-zip php8.1-xsl php8.1-sqlite3 php8.1-mysql gpg \
-    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*;
-
-ENV APACHE_CONFDIR /etc/apache2
-ENV APACHE_ENVVARS $APACHE_CONFDIR/envvars
-
+    && apt-get install -y \
+      apache2 \
+      php${PHP_VERSION} \
+      php${PHP_VERSION}-fpm \
+      php${PHP_VERSION}-opcache \
+      php${PHP_VERSION}-curl \
+      php${PHP_VERSION}-gd \
+      php${PHP_VERSION}-mbstring \
+      php${PHP_VERSION}-xml \
+      php${PHP_VERSION}-bcmath \
+      php${PHP_VERSION}-intl \
+      php${PHP_VERSION}-zip \
+      php${PHP_VERSION}-xsl \
+      php${PHP_VERSION}-sqlite3 \
+      php${PHP_VERSION}-mysql \
+      php${PHP_VERSION}-pgsql \
+      gpg \
+      sudo \
+    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/* \
 # Create workdir and set permissions if directory does not exists
-RUN mkdir -p /var/www/html && chown -R www-data:www-data /var/www/html
+    && mkdir -p /var/www/html \
+    && chown -R www-data:www-data /var/www/html \
+# delete the "index.html" that installing Apache drops in here
+    && rm -rvf /var/www/html/*
+
+# Install node and yarn
+RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
+    curl -sL https://deb.nodesource.com/setup_20.x | bash - && \
+    apt-get update && apt-get install -y \
+      nodejs \
+      yarn \
+    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*
+
+# Install composer
+COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+
+ENV APACHE_CONFDIR=/etc/apache2
+ENV APACHE_ENVVARS=$APACHE_CONFDIR/envvars

 # Configure apache 2 (taken from https://github.com/docker-library/php/blob/master/8.2/bullseye/apache/Dockerfile)
 # generically convert lines like
@@ -27,8 +69,6 @@ RUN mkdir -p /var/www/html && chown -R www-data:www-data /var/www/html
 # so that they can be overridden at runtime ("-e APACHE_RUN_USER=...")
 RUN  sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS"; \
      set -eux; . "$APACHE_ENVVARS";  \
-    # delete the "index.html" that installing Apache drops in here
-    	rm -rvf /var/www/html/*; \
    	\
    # logs should go to stdout / stderr
    	ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log"; \
@@ -36,82 +76,87 @@ RUN  sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS"
    	ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log"; \
        chown -R --no-dereference "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$APACHE_LOG_DIR";

-# Enable php-fpm
-RUN a2enmod proxy_fcgi setenvif && a2enconf php8.1-fpm
+# ---

+FROM scratch AS apache-config
+ARG PHP_VERSION
 # Configure php-fpm to log to stdout of the container (stdout of PID 1)
 # We have to use /proc/1/fd/1 because /dev/stdout or /proc/self/fd/1 does not point to the container stdout (because we use apache as entrypoint)
 # We also disable the clear_env option to allow the use of environment variables in php-fpm
-RUN { \
-    echo '[global]'; \
-    echo 'error_log = /proc/1/fd/1'; \
-    echo; \
-    echo '[www]'; \
-    echo 'access.log = /proc/1/fd/1'; \
-    echo 'catch_workers_output = yes'; \
-    echo 'decorate_workers_output = no'; \
-    echo 'clear_env = no'; \
-   } | tee "/etc/php/8.1/fpm/pool.d/zz-docker.conf"
+COPY <<EOF /etc/php/${PHP_VERSION}/fpm/pool.d/zz-docker.conf
+[global]
+error_log = /proc/1/fd/1
+
+[www]
+access.log = /proc/1/fd/1
+catch_workers_output = yes
+decorate_workers_output = no
+clear_env = no
+EOF

 # PHP files should be handled by PHP, and should be preferred over any other file type
-RUN { \
-		echo '<FilesMatch \.php$>'; \
-		echo '\tSetHandler application/x-httpd-php'; \
-		echo '</FilesMatch>'; \
-		echo; \
-		echo 'DirectoryIndex disabled'; \
-		echo 'DirectoryIndex index.php index.html'; \
-		echo; \
-		echo '<Directory /var/www/>'; \
-		echo '\tOptions -Indexes'; \
-		echo '\tAllowOverride All'; \
-		echo '</Directory>'; \
-	} | tee "$APACHE_CONFDIR/conf-available/docker-php.conf" \
-	&& a2enconf docker-php
+COPY <<EOF /etc/apache2/conf-available/docker-php.conf
+<FilesMatch \\.php$>
+	SetHandler application/x-httpd-php
+</FilesMatch>
+
+DirectoryIndex disabled
+DirectoryIndex index.php index.html
+
+<Directory /var/www/>
+	Options -Indexes
+	AllowOverride All
+</Directory>
+EOF

 # Enable opcache and configure it recommended for symfony (see https://symfony.com/doc/current/performance.html)
-RUN  \
-	{ \
-		echo 'opcache.memory_consumption=256'; \
-		echo 'opcache.max_accelerated_files=20000'; \
-		echo 'opcache.validate_timestamp=0'; \
-        # Configure Realpath cache for performance
-        echo 'realpath_cache_size=4096K'; \
-        echo 'realpath_cache_ttl=600'; \
-    } > /etc/php/8.1/fpm/conf.d/symfony-recommended.ini
+COPY <<EOF /etc/php/${PHP_VERSION}/fpm/conf.d/symfony-recommended.ini
+opcache.memory_consumption=256
+opcache.max_accelerated_files=20000
+opcache.validate_timestamp=0
+# Configure Realpath cache for performance
+realpath_cache_size=4096K
+realpath_cache_ttl=600
+EOF

 # Increase upload limit and enable preloading
-RUN  \
-	{ \
-		echo 'upload_max_filesize=256M'; \
-		echo 'post_max_size=300M'; \
-        echo 'opcache.preload_user=www-data'; \
-        echo 'opcache.preload=/var/www/html/config/preload.php'; \
-    } > /etc/php/8.1/fpm/conf.d/partdb.ini
+COPY <<EOF /etc/php/${PHP_VERSION}/fpm/conf.d/partdb.ini
+upload_max_filesize=256M
+post_max_size=300M
+opcache.preload_user=www-data
+opcache.preload=/var/www/html/config/preload.php
+log_limit=8096
+EOF

-# Install node and yarn
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
-RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
-RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - && apt-get update && apt-get install -y nodejs yarn && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*
+COPY ./.docker/symfony.conf /etc/apache2/sites-available/symfony.conf

-# Install composer
-COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+# ---

+FROM base
+ARG PHP_VERSION

 # Set working dir
 WORKDIR /var/www/html
+COPY --from=apache-config / /
 COPY --chown=www-data:www-data . .

 # Setup apache2
-RUN a2dissite 000-default.conf
-COPY ./.docker/symfony.conf /etc/apache2/sites-available/symfony.conf
-RUN a2ensite symfony.conf
-RUN a2enmod rewrite
+RUN a2dissite 000-default.conf && \
+    a2ensite symfony.conf && \
+# Enable php-fpm
+    a2enmod proxy_fcgi setenvif && \
+    a2enconf php${PHP_VERSION}-fpm && \
+    a2enconf docker-php && \
+    a2enmod rewrite

 # Install composer and yarn dependencies for Part-DB
 USER www-data
-RUN composer install -a --no-dev && composer clear-cache
-RUN yarn install --network-timeout 600000 && yarn build && yarn cache clean && rm -rf node_modules/
+RUN composer install -a --no-dev && \
+    composer clear-cache
+RUN yarn install --network-timeout 600000 && \
+    yarn build && \
+    yarn cache clean && \
+    rm -rf node_modules/

 # Use docker env to output logs to stdout
 ENV APP_ENV=docker
@@ -119,10 +164,12 @@ ENV DATABASE_URL="sqlite:///%kernel.project_dir%/uploads/app.db"

 USER root

-# Copy entrypoint to /usr/local/bin and make it executable
-RUN cp ./.docker/partdb-entrypoint.sh /usr/local/bin/partdb-entrypoint.sh && chmod +x /usr/local/bin/partdb-entrypoint.sh
-# Copy apache2-foreground to /usr/local/bin and make it executable
-RUN cp ./.docker/apache2-foreground /usr/local/bin/apache2-foreground && chmod +x /usr/local/bin/apache2-foreground
+# Replace the php version placeholder in the entry point, with our php version
+RUN sed -i "s/PHP_VERSION/${PHP_VERSION}/g" ./.docker/partdb-entrypoint.sh
+
+# Copy entrypoint and apache2-foreground to /usr/local/bin and make it executable
+RUN install ./.docker/partdb-entrypoint.sh /usr/local/bin && \
+    install ./.docker/apache2-foreground /usr/local/bin
 ENTRYPOINT ["partdb-entrypoint.sh"]
 CMD ["apache2-foreground"]

@@ -130,4 +177,4 @@ CMD ["apache2-foreground"]
 STOPSIGNAL SIGWINCH

 EXPOSE 80
-VOLUME ["/var/www/html/uploads", "/var/www/html/public/media"]
+VOLUME ["/var/www/html/uploads", "/var/www/html/public/media"]
--- a/101
+++ b/101
@@ -0,0 +1,101 @@
+FROM dunglas/frankenphp:1-php8.3 AS frankenphp_upstream
+
+RUN apt-get update && apt-get -y install \
+      curl \
+      ca-certificates \
+      mariadb-client \
+      postgresql-client \
+      file \
+      acl \
+      git \
+      gettext \
+      gnupg \
+      zip \
+    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*;
+
+# Install node and yarn
+RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
+    curl -sL https://deb.nodesource.com/setup_20.x | bash - && \
+    apt-get update && apt-get install -y \
+      nodejs yarn \
+    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*
+
+# Install PHP
+RUN set -eux; \
+	install-php-extensions \
+		@composer \
+		apcu \
+		intl \
+		opcache \
+		zip \
+        pdo_mysql \
+        pdo_sqlite \
+        pdo_pgsql \
+        gd \
+        bcmath \
+        xsl \
+	;
+
+# Copy config files for php and caddy
+COPY --link .docker/frankenphp/conf.d/app.ini $PHP_INI_DIR/conf.d/
+COPY --chmod=755 .docker/frankenphp/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
+COPY --link .docker/frankenphp/Caddyfile /etc/caddy/Caddyfile
+COPY --link .docker/frankenphp/conf.d/app.prod.ini $PHP_INI_DIR/conf.d/
+COPY --link .docker/frankenphp/worker.Caddyfile /etc/caddy/worker.Caddyfile
+ENV FRANKENPHP_CONFIG="import worker.Caddyfile"
+
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+
+# Install composer
+ENV COMPOSER_ALLOW_SUPERUSER=1
+#COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+
+# Create workdir and set permissions if directory does not exists
+WORKDIR /app
+
+# prevent the reinstallation of vendors at every changes in the source code
+COPY --link composer.* symfony.* ./
+RUN set -eux; \
+	composer install --no-cache --prefer-dist --no-dev --no-autoloader --no-scripts --no-progress
+
+# copy sources
+COPY --link . ./
+
+# Install composer and yarn dependencies for Part-DB
+RUN set -eux; \
+	mkdir -p var/cache var/log; \
+	composer dump-autoload --classmap-authoritative --no-dev; \
+	composer dump-env prod; \
+	composer run-script --no-dev post-install-cmd; \
+	chmod +x bin/console; sync;
+
+RUN yarn install --network-timeout 600000 && \
+    yarn build && \
+    yarn cache clean && \
+    rm -rf node_modules/
+
+# Use docker env to output logs to stdout
+ENV APP_ENV=docker
+ENV DATABASE_URL="sqlite:///%kernel.project_dir%/uploads/app.db"
+
+USER root
+
+ENTRYPOINT ["docker-entrypoint"]
+CMD ["frankenphp", "run", "--config", "/etc/caddy/Caddyfile"]
+
+# https://httpd.apache.org/docs/2.4/stopping.html#gracefulstop
+STOPSIGNAL SIGWINCH
+
+VOLUME ["/var/www/html/uploads", "/var/www/html/public/media"]
+
+HEALTHCHECK --start-period=60s CMD curl -f http://localhost:2019/metrics || exit 1
+
+# See https://caddyserver.com/docs/conventions#file-locations for details
+ENV XDG_CONFIG_HOME /config
+ENV XDG_DATA_HOME /data
+
+EXPOSE 80
+EXPOSE 443
+EXPOSE 443/udp
+EXPOSE 2019
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/Part-DB/Part-DB-symfony/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/Part-DB/Part-DB-symfony/?branch=master)
 ![PHPUnit Tests](https://github.com/Part-DB/Part-DB-symfony/workflows/PHPUnit%20Tests/badge.svg)
 ![Static analysis](https://github.com/Part-DB/Part-DB-symfony/workflows/Static%20analysis/badge.svg)
-[![codecov](https://codecov.io/gh/Part-DB/Part-DB-symfony/branch/master/graph/badge.svg)](https://codecov.io/gh/Part-DB/Part-DB-server)
+[![codecov](https://codecov.io/gh/Part-DB/Part-DB-server/branch/master/graph/badge.svg)](https://codecov.io/gh/Part-DB/Part-DB-server)
 ![GitHub License](https://img.shields.io/github/license/Part-DB/Part-DB-symfony)
 ![PHP Version](https://img.shields.io/badge/PHP-%3E%3D%208.1-green)

@@ -9,119 +9,156 @@
 ![Docker Build Status](https://github.com/Part-DB/Part-DB-symfony/workflows/Docker%20Image%20Build/badge.svg)
 [![Crowdin](https://badges.crowdin.net/e/8325196085d4bee8c04b75f7c915452a/localized.svg)](https://part-db.crowdin.com/part-db)

-**[Documentation](https://docs.part-db.de/)** | **[Demo](https://part-db.herokuapp.com)** | **[Docker Image](https://hub.docker.com/r/jbtronics/part-db1)**
+**[Documentation](https://docs.part-db.de/)** | **[Demo](https://demo.part-db.de/)** | **[Docker Image](https://hub.docker.com/r/jbtronics/part-db1)**

 # Part-DB
-Part-DB is an Open-Source inventory managment system for your electronic components.
+
+Part-DB is an Open-Source inventory management system for your electronic components.
 It is installed on a web server and so can be accessed with any browser without the need to install additional software.

-The version in this Repository is a complete rewrite of the legacy [Part-DB](https://github.com/Part-DB/Part-DB) (Version < 1.0) based on a modern framework. 
-Currently, it is still missing some (minor) features from the old version (see [UPGRADE.md](https://docs.part-db.de/upgrade_legacy.html)) for more details, but also many huge improvements and advantages compared to the old version. 
-If you start completely new with Part-DB it is recommended that you use the version from this repository, as it is actively developed.
+The version in this repository is a complete rewrite of the legacy [Part-DB](https://github.com/Part-DB/Part-DB)
+(Version < 1.0) based on a modern framework and is the recommended version to use.

-If you find a bug, please open an [Issue on Github](https://github.com/Part-DB/Part-DB-server/issues) so it can be fixed for everybody.
+If you find a bug, please open an [Issue on GitHub,](https://github.com/Part-DB/Part-DB-server/issues) so it can be fixed
+for everybody.

 ## Demo
-If you want to test Part-DB without installing it, you can use [this](https://part-db.herokuapp.com) Heroku instance. 
-(Or this link for the [German Version](https://part-db.herokuapp.com/de/)). 
+
+If you want to test Part-DB without installing it, you can use [this](https://demo.part-db.de/) Heroku instance.
+(Or this link for the [German Version](https://demo.part-db.de/de/)).

 You can log in with username: *user* and password: *user*.

 Every change to the master branch gets automatically deployed, so it represents the current development progress and is
-maybe not completely stable. Please mind, that the free Heroku instance is used, so it can take some time when loading the page
+may not completely stable. Please mind, that the free Heroku instance is used, so it can take some time when loading
+the page
 for the first time.

 <img src="https://github.com/Part-DB/Part-DB-server/raw/master/docs/assets/readme/part_info.png">
 <img src="https://github.com/Part-DB/Part-DB-server/raw/master/docs/assets/readme/parts_list.png">

 ## Features
-* Inventory management of your electronic parts. Each part can be assigned to a category, footprint, manufacturer 
-and multiple store locations and price information. Parts can be grouped using tags. You can associate various files like datasheets or pictures with the parts.
-* Multi-Language support (currently German, English, Russian, Japanese and French (experimental))
+
+* Inventory management of your electronic parts. Each part can be assigned to a category, footprint, manufacturer,
+  and multiple store locations and price information. Parts can be grouped using tags. You can associate various files
+  like datasheets or pictures with the parts.
+* Multi-language support (currently German, English, Russian, Japanese, French, Czech, Danish, and Chinese)
 * Barcodes/Labels generator for parts and storage locations, scan barcodes via webcam using the builtin barcode scanner
-* User system with groups and detailed (fine granular) permissions. 
-Two-factor authentication is supported (Google Authenticator and Webauthn/U2F keys) and can be enforced for groups. Password reset via email can be setuped.
-* Optional support for single sign-on (SSO) via SAML (using an intermediate service like [Keycloak](https://www.keycloak.org/) you can connect Part-DB to an existing LDAP or Active Directory server)
-* Import/Export system for parts and datastructure. BOM import for projects from KiCAD is supported.
-* Project management: Create projects and assign parts to the bill of material (BOM), to show how often you could build this project and directly withdraw all components needed from DB
-* Event log: Track what changes happens to your inventory, track which user does what. Revert your parts to older versions.
-* Responsive design: You can use Part-DB on your PC, your tablet and your smartphone using the same interface.
-* MySQL and SQLite supported as database backends
+* User system with groups and detailed (fine granular) permissions.
+  Two-factor authentication is supported (Google Authenticator and Webauthn/U2F keys) and can be enforced for groups.
+  Password reset via email can be set up.
+* Optional support for single sign-on (SSO) via SAML (using an intermediate service
+  like [Keycloak](https://www.keycloak.org/) you can connect Part-DB to an existing LDAP or Active Directory server)
+* Import/Export system for parts and data structure. BOM import for projects from KiCAD is supported.
+* Project management: Create projects and assign parts to the bill of material (BOM), to show how often you could build
+  this project and directly withdraw all components needed from DB
+* Event log: Track what changes happen to your inventory, track which user does what. Revert your parts to older
+  versions.
+* Responsive design: You can use Part-DB on your PC, your tablet, and your smartphone using the same interface.
+* MySQL, SQLite and PostgreSQL are supported as database backends
 * Support for rich text descriptions and comments in parts
 * Support for multiple currencies and automatic update of exchange rates supported
 * Powerful search and filter function, including parametric search (search for parts according to some specifications)
 * Automatic thumbnail generation for pictures
+* Use cloud providers (like Octopart, Digikey, Farnell, LCSC or TME) to automatically get part information, datasheets, and
+  prices for parts
+* API to access Part-DB from other applications/scripts
+* [Integration with KiCad](https://docs.part-db.de/usage/eda_integration.html): Use Part-DB as the central datasource for your
+  KiCad and see available parts from Part-DB directly inside KiCad.

-
-With these features Part-DB is useful to hobbyists, who want to keep track of their private electronic parts inventory,
-or makerspaces, where many users have should have (controlled) access to the shared inventory.
+With these features, Part-DB is useful to hobbyists, who want to keep track of their private electronic parts inventory,
+or maker spaces, where many users should have (controlled) access to the shared inventory.

 Part-DB is also used by small companies and universities for managing their inventory.

 ## Requirements
- * A **web server** (like Apache2 or nginx) that is capable of running [Symfony 5](https://symfony.com/doc/current/reference/requirements.html),
- this includes a minimum PHP version of **PHP 8.1**
- * A **MySQL** (at least 5.7) /**MariaDB** (at least 10.2.2) database server if you do not want to use SQLite.
- * Shell access to your server is highly suggested!
- * For building the client side assets **yarn** and **nodejs** (>= 18.0) is needed.
- 
+
+* A **web server** (like Apache2 or nginx) that is capable of
+  running [Symfony 6](https://symfony.com/doc/current/reference/requirements.html),
+  this includes a minimum PHP version of **PHP 8.1**
+* A **MySQL** (at least 5.7) /**MariaDB** (at least 10.4) database server, or **PostgreSQL** 10+ if you do not want to use SQLite.
+* Shell access to your server is highly recommended!
+* For building the client-side assets **yarn** and **nodejs** (>= 18.0) is needed.
+
 ## Installation
-If you want to upgrade your legacy (< 1.0.0) version of Part-DB to this version, please read [this](https://docs.part-db.de/upgrade_legacy.html) first.

-*Hint:* A docker image is available under [jbtronics/part-db1](https://hub.docker.com/r/jbtronics/part-db1). How to set up Part-DB via docker is described [here](https://docs.part-db.de/installation/installation_docker.html).
+If you want to upgrade your legacy (< 1.0.0) version of Part-DB to this version, please
+read [this](https://docs.part-db.de/upgrade_legacy.html) first.

-**Below you find some very rough outline of the installation process, see [here](https://docs.part-db.de/installation/) for a detailed guide how to install Part-DB.**
+*Hint:* A docker image is available under [jbtronics/part-db1](https://hub.docker.com/r/jbtronics/part-db1). How to set
+up Part-DB via docker is described [here](https://docs.part-db.de/installation/installation_docker.html).
+
+**Below you find a very rough outline of the installation process, see [here](https://docs.part-db.de/installation/)
+for a detailed guide on how to install Part-DB.**

 1. Copy or clone this repository into a folder on your server.
-2. Configure your webserver to serve from the `public/` folder. See [here](https://symfony.com/doc/current/setup/web_server_configuration.html)
-for additional information.
+2. Configure your webserver to serve from the `public/` folder.
+   See [here](https://symfony.com/doc/current/setup/web_server_configuration.html)
+   for additional information.
 3. Copy the global config file `cp .env .env.local` and edit `.env.local`:
    * Change the line `APP_ENV=dev` to `APP_ENV=prod`
-    * If you do not want to use SQLite, change the value of `DATABASE_URL=` to your needs (see [here](http://docs.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url)) for the format.
-      In bigger instances with concurrent accesses, MySQL is more performant. This can not be changed easily later, so choose wisely.
+    * If you do not want to use SQLite, change the value of `DATABASE_URL=` to your needs (
+      see [here](http://docs.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url))
+      for the format.
+      In bigger instances with concurrent accesses, MySQL is more performant. This can not be changed easily later, so
+      choose wisely.
 4. Install composer dependencies and generate autoload files: `composer install -o --no-dev`
-5. If you have put Part-DB into a sub-directory on your server (like `part-db/`), you have to edit the file 
-`webpack.config.js` and uncomment the lines (remove the `//` before the lines) `.setPublicPath('/part-db/build')` (line 43) and
- `.setManifestKeyPrefix('build/')` (line 44). You have to replace `/part-db` with your own path on line 44.
-6. Install client side dependencies and build it: `yarn install` and `yarn build`
-7. _Optional_ (speeds up first load): Warmup cache: `php bin/console cache:warmup`
-8. Upgrade database to new scheme (or create it, when it was empty): `php bin/console doctrine:migrations:migrate` and follow the instructions given. During the process the password for the admin is user is shown. Copy it. **Caution**: This steps tamper with your database and could potentially destroy it. So make sure to make a backup of your database.
-9. You can configure Part-DB via `config/parameters.yaml`. You should check if settings match your expectations, after you installed/upgraded Part-DB. Check if `partdb.default_currency` matches your mainly used currency (this can not be changed after creating price informations). 
-   Run `php bin/console cache:clear` when you changed something.
-10. Access Part-DB in your browser (under the URL you put it) and login with user *admin*. Password is the one outputted during DB setup.
-   If you can not remember the password, set a new one with `php bin/console app:set-password admin`. You can create new users with the admin user and start using Part-DB.
+5. Install client side dependencies and build it: `yarn install` and `yarn build`
+6. _Optional_ (speeds up first load): Warmup cache: `php bin/console cache:warmup`
+7. Upgrade database to new scheme (or create it, when it was empty): `php bin/console doctrine:migrations:migrate` and
+   follow the instructions given. During the process the password for the admin is user is shown. Copy it. **Caution**:
+   These steps tamper with your database and could potentially destroy it. So make sure to make a backup of your
+   database.
+8. You can configure Part-DB via `config/parameters.yaml`. You should check if settings match your expectations after
+   you installed/upgraded Part-DB. Check if `partdb.default_currency` matches your mainly used currency (this can not be
+   changed after creating price information).
+   Run `php bin/console cache:clear` when you change something.
+9. Access Part-DB in your browser (under the URL you put it) and log in with user *admin*. Password is the one outputted
+   during DB setup.
+   If you can not remember the password, set a new one with `php bin/console app:set-password admin`. You can create
+   new users with the admin user and start using Part-DB.

 When you want to upgrade to a newer version, then just copy the new files into the folder
 and repeat the steps 4. to 7.

-Normally a random password is generated when the admin user is created during inital database creation,
-however you can set the inital admin password, by setting the `INITIAL_ADMIN_PW` env var.
+Normally a random password is generated when the admin user is created during initial database creation,
+however, you can set the initial admin password, by setting the `INITIAL_ADMIN_PW` env var.

-You can configure Part-DB to your needs by changing environment variables in the `.env.local` file. 
+You can configure Part-DB to your needs by changing environment variables in the `.env.local` file.
 See [here](https://docs.part-db.de/configuration.html) for more information.

 ### Reverse proxy
-If you are using a reverse proxy, you have to ensure that the proxies sets the `X-Forwarded-*` headers correctly, or you will get HTTP/HTTPS mixup and wrong hostnames.
-If the reverse proxy is on a different server (or it cannot access Part-DB via localhost) you have to set the `TRUSTED_PROXIES` env variable to match your reverse proxies IP-address (or IP block). You can do this in your `.env.local` or (when using docker) in your `docker-compose.yml` file.
+
+If you are using a reverse proxy, you have to ensure that the proxies set the `X-Forwarded-*` headers correctly, or you
+will get HTTP/HTTPS mixup and wrong hostnames.
+If the reverse proxy is on a different server (or it cannot access Part-DB via localhost) you have to set
+the `TRUSTED_PROXIES` env variable to match your reverse proxy's IP address (or IP block). You can do this in
+your `.env.local` or (when using docker) in your `docker-compose.yml` file.

 ## Donate for development
+
 If you want to donate to the Part-DB developer, see the sponsor button in the top bar (next to the repo name).
-There you will find various methods to support development on a monthly or a one time base.
+There you will find various methods to support development on a monthly or a one-time base.

 ## Built with
+
 * [Symfony 5](https://symfony.com/): The main framework used for the serverside PHP
 * [Bootstrap 5](https://getbootstrap.com/) and [Bootswatch](https://bootswatch.com/): Used as website theme
 * [Fontawesome](https://fontawesome.com/): Used as icon set
-* [Hotwire Stimulus](https://stimulus.hotwired.dev/) and [Hotwire Turbo](https://turbo.hotwired.dev/): Frontend Javascript
+* [Hotwire Stimulus](https://stimulus.hotwired.dev/) and [Hotwire Turbo](https://turbo.hotwired.dev/): Frontend
+  Javascript

 ## Authors
-* **Jan Böhmer** - *Inital work* - [Github](https://github.com/jbtronics/)

-See also the list of [contributors](https://github.com/Part-DB/Part-DB-server/graphs/contributors) who participated in this project.
+* **Jan Böhmer** - *Initial work* - [GitHub](https://github.com/jbtronics/)
+
+See also the list of [contributors](https://github.com/Part-DB/Part-DB-server/graphs/contributors) who participated in
+this project.

 Based on the original Part-DB by Christoph Lechner and K. Jacobs

 ## License
+
 Part-DB is licensed under the GNU Affero General Public License v3.0 (or at your opinion any later).
 This mostly means that you can use Part-DB for whatever you want (even use it commercially)
 as long as you publish the source code for every change you make under the AGPL, too.
--- a/2
+++ b/2
@@ -1 +1 @@
-1.5.0
+2.0.0-dev
--- a/assets/ckeditor/plugins/PartDBLabel/PartDBLabelUI.js
+++ b/assets/ckeditor/plugins/PartDBLabel/PartDBLabelUI.js
@@ -85,6 +85,9 @@ const PLACEHOLDERS = [
            ['[[COMMENT_T]]', 'Comment (plain text)'],
            ['[[LAST_MODIFIED]]', 'Last modified datetime'],
            ['[[CREATION_DATE]]', 'Creation datetime'],
+            ['[[IPN_BARCODE_QR]]', 'IPN as QR code'],
+            ['[[IPN_BARCODE_C128]]', 'IPN as Code 128 barcode'],
+            ['[[IPN_BARCODE_C39]]', 'IPN as Code 39 barcode'],
        ]
    },
    {
@@ -125,6 +128,8 @@ const PLACEHOLDERS = [
            ['[[BARCODE_QR]]', 'QR code linking to this element'],
            ['[[BARCODE_C128]]', 'Code 128 barcode linking to this element'],
            ['[[BARCODE_C39]]', 'Code 39 barcode linking to this element'],
+            ['[[BARCODE_C93]]', 'Code 93 barcode linking to this element'],
+            ['[[BARCODE_DATAMATRIX]]', 'Datamatrix code linking to this element'],
        ]
    },
    {
--- a/assets/ckeditor/plugins/PartDBLabel/lang/de.js
+++ b/assets/ckeditor/plugins/PartDBLabel/lang/de.js
@@ -48,6 +48,9 @@ Object.assign( window.CKEDITOR_TRANSLATIONS[ 'de' ].dictionary, {
    'Comment (plain text)': 'Kommentar (Nur-Text)',
    'Last modified datetime': 'Zuletzt geändert',
    'Creation datetime': 'Erstellt',
+    'IPN as QR code': 'IPN als QR Code',
+    'IPN as Code 128 barcode': 'IPN als Code 128 Barcode',
+    'IPN as Code 39 barcode': 'IPN als Code 39 Barcode',

    'Lot ID': 'Lot ID',
    'Lot name': 'Lot Name',
@@ -66,6 +69,8 @@ Object.assign( window.CKEDITOR_TRANSLATIONS[ 'de' ].dictionary, {
    'QR code linking to this element': 'QR Code verknüpft mit diesem Element',
    'Code 128 barcode linking to this element': 'Code 128 Barcode verknüpft mit diesem Element',
    'Code 39 barcode linking to this element': 'Code 39 Barcode verknüpft mit diesem Element',
+    'Code 93 barcode linking to this element': 'Code 93 Barcode verknüpft mit diesem Element',
+    'Datamatrix code linking to this element': 'Datamatrix Code verknüpft mit diesem Element',

    'Location ID': 'Lagerort ID',
    'Name': 'Name',
--- a/assets/controllers/common/hide_sidebar_controller.js
+++ b/assets/controllers/common/hide_sidebar_controller.js
@@ -88,5 +88,8 @@ export default class extends Controller {
        } else {
            this.hideSidebar();
        }
+
+        //Hide the tootip on the button
+        this._toggle_button.blur();
    }
 }
--- a/assets/controllers/common/markdown_controller.js
+++ b/assets/controllers/common/markdown_controller.js
@@ -20,18 +20,26 @@
 'use strict';

 import { Controller } from '@hotwired/stimulus';
-import { marked } from "marked";
+import { Marked } from "marked";
 import { mangle } from "marked-mangle";
 import { gfmHeadingId } from "marked-gfm-heading-id";
 import DOMPurify from 'dompurify';

 import "../../css/app/markdown.css";

-export default class extends Controller {
+export default class MarkdownController extends Controller {
+
+    static _marked = new Marked([
+        {
+            gfm: true,
+        },
+        gfmHeadingId(),
+        mangle(),
+    ])
+    ;

    connect()
    {
-        this.configureMarked();
        this.render();

        //Dispatch an event that we are now finished
@@ -45,7 +53,7 @@ export default class extends Controller {
        let raw = this.element.dataset['markdown'];

        //Apply purified parsed markdown
-        this.element.innerHTML = DOMPurify.sanitize(marked(this.unescapeHTML(raw)));
+        this.element.innerHTML = DOMPurify.sanitize(MarkdownController._marked.parse(this.unescapeHTML(raw)));

        for(let a of this.element.querySelectorAll('a')) {
            //Mark all links as external
@@ -81,8 +89,17 @@ export default class extends Controller {
    /**
     * Configure the marked parser
     */
-    configureMarked()
+    /*static newMarked()
    {
+        const marked = new Marked([
+            {
+                gfm: true,
+            },
+            gfmHeadingId(),
+            mangle(),
+            ])
+        ;
+
        marked.use(mangle());
        marked.use(gfmHeadingId({
        }));
@@ -90,5 +107,5 @@ export default class extends Controller {
        marked.setOptions({
            gfm: true,
        });
-    }
+    }*/
 }
--- a/assets/controllers/elements/attachment_autocomplete_controller.js
+++ b/assets/controllers/elements/attachment_autocomplete_controller.js
@@ -23,6 +23,12 @@ import "tom-select/dist/css/tom-select.bootstrap5.css";
 import '../../css/components/tom-select_extensions.css';
 import TomSelect from "tom-select";

+import TomSelect_click_to_edit from '../../tomselect/click_to_edit/click_to_edit'
+import TomSelect_autoselect_typed from '../../tomselect/autoselect_typed/autoselect_typed'
+
+TomSelect.define('click_to_edit', TomSelect_click_to_edit)
+TomSelect.define('autoselect_typed', TomSelect_autoselect_typed)
+
 export default class extends Controller {
    _tomSelect;

@@ -46,6 +52,12 @@ export default class extends Controller {
                    }
                    return '<div>' + escape(data.label) + '</div>';
                }
+            },
+            plugins: {
+                'autoselect_typed': {},
+                'click_to_edit': {},
+                'clear_button': {},
+                "restore_on_backspace": {}
            }
        };

--- a/assets/controllers/elements/ckeditor_controller.js
+++ b/assets/controllers/elements/ckeditor_controller.js
@@ -53,6 +53,7 @@ export default class extends Controller {

        const config = {
            language: language,
+            licenseKey: "GPL",
        }

        const watchdog = new EditorWatchdog();
@@ -70,7 +71,9 @@ export default class extends Controller {
                        editor_div.classList.add(...new_classes.split(","));
                    }

-                    console.log(editor);
+                    //This return is important! Otherwise we get mysterious errors in the console
+                    //See: https://github.com/ckeditor/ckeditor5/issues/5897#issuecomment-628471302
+                    return editor;
                })
                .catch(error => {
                    console.error(error);
--- a/assets/controllers/elements/collection_type_controller.js
+++ b/assets/controllers/elements/collection_type_controller.js
@@ -75,13 +75,49 @@ export default class extends Controller {

        //Insert new html after the last child element
        //If the table has a tbody, insert it there
+        //Afterwards return the newly created row
        if(targetTable.tBodies[0]) {
            targetTable.tBodies[0].insertAdjacentHTML('beforeend', newElementStr);
+            return targetTable.tBodies[0].lastElementChild;
        } else { //Otherwise just insert it
            targetTable.insertAdjacentHTML('beforeend', newElementStr);
+            return targetTable.lastElementChild;
        }
    }

+    /**
+     * This action opens a file dialog to select multiple files and then creates a new element for each file, where
+     * the file is assigned to the input field.
+     * This should only be used for attachments collection types
+     * @param event
+     */
+    uploadMultipleFiles(event) {
+        //Open a file dialog to select multiple files
+        const input = document.createElement('input');
+        input.type = 'file';
+        input.multiple = true;
+        input.click();
+
+        input.addEventListener('change', (event) => {
+            //Create a element for each file
+
+            for (let i = 0; i < input.files.length; i++) {
+                const file = input.files[i];
+
+                const newElement = this.createElement(event);
+                const rowInput = newElement.querySelector("input[type='file']");
+
+                //We can not directly assign the file to the input, so we have to create a new DataTransfer object
+                const dataTransfer = new DataTransfer();
+                dataTransfer.items.add(file);
+
+                rowInput.files = dataTransfer.files;
+            }
+
+        });
+
+    }
+
    /**
     * Similar to createEvent Pricedetails need some special handling to fill min amount
     * @param event
--- a/assets/controllers/elements/datatables/datatables_controller.js
+++ b/assets/controllers/elements/datatables/datatables_controller.js
@@ -24,18 +24,25 @@ import 'datatables.net-bs5/css/dataTables.bootstrap5.css'
 import 'datatables.net-buttons-bs5/css/buttons.bootstrap5.css'
 import 'datatables.net-fixedheader-bs5/css/fixedHeader.bootstrap5.css'
 import 'datatables.net-responsive-bs5/css/responsive.bootstrap5.css';
-import 'datatables.net-select-bs5/css/select.bootstrap5.css';
+
+//Use our own styles for the select extension which fit the bootstrap theme better
+//import 'datatables.net-select-bs5/css/select.bootstrap5.css';
+import '../../../css/components/datatables_select_bs5.css';

 //JS
 import 'datatables.net-bs5';
 import 'datatables.net-buttons-bs5';
 import 'datatables.net-buttons/js/buttons.colVis.js';
 import 'datatables.net-fixedheader-bs5';
-import 'datatables.net-select-bs5';
 import 'datatables.net-colreorder-bs5';
 import 'datatables.net-responsive-bs5';
 import '../../../js/lib/datatables';

+//import 'datatables.net-select-bs5';
+//Use the local version containing the fix for the select extension
+import '../../../js/lib/dataTables.select.mjs';
+
+
 const EVENT_DT_LOADED = 'dt:loaded';

 export default class extends Controller {
@@ -65,14 +72,19 @@ export default class extends Controller {
        localStorage.setItem( this.getStateSaveKey(), JSON.stringify(data) );
    }

-    stateLoadCallback(settings) {
-        const data = JSON.parse( localStorage.getItem(this.getStateSaveKey()) );
+    stateLoadCallback() {
+        const json = localStorage.getItem(this.getStateSaveKey());
+        if(json === null || json === undefined) {
+            return null;
+        }
+
+        const data = JSON.parse(json);

        if (data) {
            //Do not save the start value (current page), as we want to always start at the first page on a page reload
-            data.start = 0;
-            //50 is the default length supplied by datatables, reset it to that value
-            data.length = 50;
+            delete data.start;
+            //Reset the data length to the default value by deleting the length property
+            delete data.length;
        }

        return data;
@@ -90,6 +102,19 @@ export default class extends Controller {
        //Add url info, as the one available in the history is not enough, as Turbo may have not changed it yet
        settings.url = this.element.dataset.dtUrl;

+        //Add initial_order info to the settings, so that the order on the initial page load is the one saved in the state
+        const saved_state = this.stateLoadCallback();
+        if (saved_state !== null) {
+            const raw_order = saved_state.order;
+
+            settings.initial_order = raw_order.map((order) => {
+                return {
+                    column: order[0],
+                    dir: order[1]
+                }
+            });
+        }
+
        let options = {
            colReorder: true,
            responsive: true,
@@ -114,7 +139,7 @@ export default class extends Controller {
        if(this.isSelectable()) {
            options.select = {
                style:    'multi+shift',
-                selector: 'td.select-checkbox'
+                selector: 'td.dt-select',
            };
        }

@@ -127,6 +152,12 @@ export default class extends Controller {

        //Fix height of the length selector
        promise.then((dt) => {
+
+            //Draw the rows to make sure the correct status text is displayed ("No matching records found" instead of "Loading...")
+            if (dt.data().length === 0) {
+                dt.rows().draw()
+            }
+
            //Find all length selectors (select with name dt_length), which are inside a label
            const lengthSelectors = document.querySelectorAll('label select[name="dt_length"]');
            //And remove the surrounding label, while keeping the select with all event handlers
@@ -162,27 +193,6 @@ export default class extends Controller {
            dt.fixedHeader.headerOffset($("#navbar").outerHeight());
        });

-        //Register event handler to selectAllRows checkbox if available
-        if (this.isSelectable()) {
-            promise.then((dt) => {
-               const selectAllCheckbox = this.element.querySelector('thead th.select-checkbox');
-               selectAllCheckbox.addEventListener('click', () => {
-                   if(selectAllCheckbox.parentElement.classList.contains('selected')) {
-                       dt.rows().deselect();
-                       selectAllCheckbox.parentElement.classList.remove('selected');
-                   } else {
-                       dt.rows().select();
-                       selectAllCheckbox.parentElement.classList.add('selected');
-                   }
-               });
-
-                //When any row is deselected, also deselect the selectAll checkbox
-                dt.on('deselect.dt', () => {
-                    selectAllCheckbox.parentElement.classList.remove('selected');
-                });
-            });
-        }
-
        //Allow to further configure the datatable
        promise.then(this._afterLoaded.bind(this));

@@ -221,4 +231,16 @@ export default class extends Controller {
        return this.element.dataset.select ?? false;
    }

+    invertSelection() {
+        //Do nothing if the datatable is not selectable
+        if(!this.isSelectable()) {
+            return;
+        }
+
+        //Invert the selected rows on the datatable
+        const selected_rows = this._dt.rows({selected: true});
+        this._dt.rows().select();
+        selected_rows.deselect();
+    }
+
 }
--- a/assets/controllers/elements/delete_btn_controller.js
+++ b/assets/controllers/elements/delete_btn_controller.js
@@ -43,7 +43,8 @@ export default class extends Controller
        const message = this.element.dataset.deleteMessage;
        const title = this.element.dataset.deleteTitle;

-        const form = this.element;
+        //Use event target, to find the form, where the submit button was clicked
+        const form = event.target;
        const submitter = event.submitter;
        const that = this;

--- a/assets/controllers/elements/link_confirm_controller.js
+++ b/assets/controllers/elements/link_confirm_controller.js
@@ -0,0 +1,72 @@
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2022 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import {Controller} from "@hotwired/stimulus";
+
+import * as bootbox from "bootbox";
+import "../../css/components/bootbox_extensions.css";
+
+export default class extends Controller
+{
+
+    static values = {
+        message: String,
+        title: String
+    }
+
+
+
+    connect()
+    {
+        this._confirmed = false;
+
+        this.element.addEventListener('click', this._onClick.bind(this));
+    }
+
+    _onClick(event)
+    {
+
+        //If a user has not already confirmed the deletion, just let turbo do its work
+        if (this._confirmed) {
+            this._confirmed = false;
+            return;
+        }
+
+        event.preventDefault();
+        event.stopPropagation();
+
+        const that = this;
+
+        bootbox.confirm({
+            title: this.titleValue,
+            message: this.messageValue,
+            callback: (result) => {
+                if (result) {
+                    //Set a flag to prevent the dialog from popping up again and allowing turbo to submit the form
+                    that._confirmed = true;
+
+                    //Click the link
+                    that.element.click();
+                } else {
+                    that._confirmed = false;
+                }
+            }
+        });
+    }
+}
--- a/assets/controllers/elements/localStorage_checkbox_controller.js
+++ b/assets/controllers/elements/localStorage_checkbox_controller.js
@@ -0,0 +1,67 @@
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2023 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import {Controller} from "@hotwired/stimulus";
+
+export default class extends Controller
+{
+    static values = {
+        id: String
+    }
+
+    connect() {
+        this.loadState()
+        this.element.addEventListener('change', () => {
+            this.saveState()
+        });
+    }
+
+    loadState() {
+        let storageKey = this.getStorageKey();
+        let value = localStorage.getItem(storageKey);
+        if (value === null) {
+            return;
+        }
+
+        if (value === 'true') {
+            this.element.checked = true
+        }
+        if (value === 'false') {
+            this.element.checked = false
+        }
+    }
+
+    saveState() {
+        let storageKey = this.getStorageKey();
+
+        if (this.element.checked) {
+            localStorage.setItem(storageKey, 'true');
+        } else {
+            localStorage.setItem(storageKey, 'false');
+        }
+    }
+
+    getStorageKey() {
+        if (this.hasIdValue) {
+            return 'persistent_checkbox_' + this.idValue
+        }
+
+        return 'persistent_checkbox_' + this.element.id;
+    }
+}
--- a/assets/controllers/elements/part_search_controller.js
+++ b/assets/controllers/elements/part_search_controller.js
@@ -0,0 +1,200 @@
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2024 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import { Controller } from "@hotwired/stimulus";
+import { autocomplete } from '@algolia/autocomplete-js';
+//import "@algolia/autocomplete-theme-classic/dist/theme.css";
+import "../../css/components/autocomplete_bootstrap_theme.css";
+import { createLocalStorageRecentSearchesPlugin } from '@algolia/autocomplete-plugin-recent-searches';
+import {marked} from "marked";
+
+import {
+    trans,
+    SEARCH_PLACEHOLDER,
+    SEARCH_SUBMIT,
+    STATISTICS_PARTS
+} from '../../translator';
+
+
+/**
+ * This controller is responsible for the search fields in the navbar and the homepage.
+ * It uses the Algolia Autocomplete library to provide a fast and responsive search.
+ */
+export default class extends Controller {
+
+    static targets = ["input"];
+
+    _autocomplete;
+
+    // Highlight the search query in the results
+    _highlight = (text, query) => {
+        if (!text) return text;
+        if (!query) return text;
+
+        const HIGHLIGHT_PRE_TAG = '__aa-highlight__'
+        const HIGHLIGHT_POST_TAG = '__/aa-highlight__'
+
+        const escaped = query.replace(/[-/\\^$*+?.()|[\]{}]/g, '\\$&');
+        const regex = new RegExp(escaped, 'gi');
+
+        return text.replace(regex, (match) => `${HIGHLIGHT_PRE_TAG}${match}${HIGHLIGHT_POST_TAG}`);
+    }
+
+    initialize() {
+        // The endpoint for searching parts
+        const base_url = this.element.dataset.autocomplete;
+        // The URL template for the part detail pages
+        const part_detail_uri_template = this.element.dataset.detailUrl;
+
+        //The URL of the placeholder picture
+        const placeholder_image = this.element.dataset.placeholderImage;
+
+        //If the element is in navbar mode, or not
+        const navbar_mode = this.element.dataset.navbarMode === "true";
+
+        const that = this;
+
+        const recentSearchesPlugin = createLocalStorageRecentSearchesPlugin({
+            key: 'RECENT_SEARCH',
+            limit: 5,
+        });
+
+        this._autocomplete = autocomplete({
+            container: this.element,
+            //Place the panel in the navbar, if the element is in navbar mode
+            panelContainer: navbar_mode ? document.getElementById("navbar-search-form") : document.body,
+            panelPlacement: this.element.dataset.panelPlacement,
+            plugins: [recentSearchesPlugin],
+            openOnFocus: true,
+            placeholder: trans(SEARCH_PLACEHOLDER),
+            translations: {
+                submitButtonTitle: trans(SEARCH_SUBMIT)
+            },
+
+            // Use a navigator compatible with turbo:
+            navigator: {
+                navigate({ itemUrl }) {
+                    window.Turbo.visit(itemUrl, { action: "advance" });
+                },
+                navigateNewTab({ itemUrl }) {
+                    const windowReference = window.open(itemUrl, '_blank', 'noopener');
+
+                    if (windowReference) {
+                        windowReference.focus();
+                    }
+                },
+                navigateNewWindow({ itemUrl }) {
+                    window.open(itemUrl, '_blank', 'noopener');
+                },
+            },
+
+            // If the form is submitted, forward the term to the form
+            onSubmit({state, event, ...setters}) {
+                //Put the current text into each target input field
+                const input = that.inputTarget;
+
+                if (!input) {
+                    return;
+                }
+
+                //Do not submit the form, if the input is empty
+                if (state.query === "") {
+                    return;
+                }
+
+                input.value = state.query;
+                input.form.requestSubmit();
+            },
+
+
+            getSources({ query }) {
+                return [
+                    // The parts source
+                    {
+                        sourceId: 'parts',
+                        getItems() {
+                            const url = base_url.replace('__QUERY__', encodeURIComponent(query));
+
+                            const data = fetch(url)
+                                .then((response) => response.json())
+                                ;
+
+                            //Iterate over all fields besides the id and highlight them
+                            const fields = ["name", "description", "category", "footprint"];
+
+                            data.then((items) => {
+                                items.forEach((item) => {
+                                    for (const field of fields) {
+                                        item[field] = that._highlight(item[field], query);
+                                    }
+                                });
+                            });
+
+                            return data;
+                        },
+                        getItemUrl({ item }) {
+                            return part_detail_uri_template.replace('__ID__', item.id);
+                        },
+                        templates: {
+                            header({ html }) {
+                                return html`<span class="aa-SourceHeaderTitle">${trans(STATISTICS_PARTS)}</span>
+                                    <div class="aa-SourceHeaderLine" />`;
+                            },
+                            item({item, components, html}) {
+                                const details_url = part_detail_uri_template.replace('__ID__', item.id);
+
+                                return html`
+                                    <a class="aa-ItemLink" href="${details_url}">
+                                        <div class="aa-ItemContent">
+                                            <div class="aa-ItemIcon aa-ItemIcon--picture aa-ItemIcon--alignTop">
+                                                <img src="${item.image !== "" ? item.image : placeholder_image}" alt="${item.name}" width="30" height="30"/>
+                                            </div>
+                                            <div class="aa-ItemContentBody">
+                                                <div class="aa-ItemContentTitle">
+                                                    <b>
+                                                        ${components.Highlight({hit: item, attribute: 'name'})}
+                                                    </b>
+                                                </div>
+                                                <div class="aa-ItemContentDescription">
+                                                    ${components.Highlight({hit: item, attribute: 'description'})}
+                                                    ${item.category ? html`<p class="m-0"><span class="fa-solid fa-tags fa-fw"></span>${components.Highlight({hit: item, attribute: 'category'})}</p>` : ""}
+                                                    ${item.footprint ? html`<p class="m-0"><span class="fa-solid fa-microchip fa-fw"></span>${components.Highlight({hit: item, attribute: 'footprint'})}</p>` : ""}
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </a>
+                                `;
+                            },
+                        },
+                    },
+                ];
+            },
+        });
+
+        //Try to find the input field and register a defocus handler. This is necessarry, as by default the autocomplete
+        //lib has problems when multiple inputs are present on the page. (see https://github.com/algolia/autocomplete/issues/1216)
+        const inputs = this.element.getElementsByClassName('aa-Input');
+        for (const input of inputs) {
+            input.addEventListener('blur', () => {
+                this._autocomplete.setIsOpen(false);
+            });
+        }
+
+    }
+}
--- a/assets/controllers/elements/part_select_controller.js
+++ b/assets/controllers/elements/part_select_controller.js
@@ -27,7 +27,7 @@ export default class extends Controller {
                    }

                    let tmp = '<div class="row m-0">' +
-                        "<div class='col-2 p-0 d-flex align-items-center'>" +
+                        "<div class='col-2 p-0 d-flex align-items-center' style='max-width: 80px;'>" +
                        (data.image ? "<img class='typeahead-image' src='" + data.image + "'/>" : "") +
                        "</div>" +
                        "<div class='col-10'>" +
--- a/assets/controllers/elements/select_controller.js
+++ b/assets/controllers/elements/select_controller.js
@@ -40,6 +40,7 @@ export default class extends Controller {


        let settings = {
+            plugins: ["clear_button"],
            allowEmptyOption: true,
            selectOnTab: true,
            maxOptions: null,
@@ -50,7 +51,24 @@ export default class extends Controller {
            }
        };

+        //Load the drag_drop plugin if the select is ordered
+        if (this.element.dataset.orderedValue) {
+            settings.plugins.push('drag_drop');
+            settings.plugins.push("caret_position");
+        }
+
+        //If multiple items can be selected, enable the remove_button plugin
+        if (this.element.multiple) {
+            settings.plugins.push('remove_button');
+        }
+
        this._tomSelect = new TomSelect(this.element, settings);
+
+        //If the select is ordered, we need to update the value field (with the decoded value from the orderedValue field)
+        if (this.element.dataset.orderedValue) {
+            const data = JSON.parse(this.element.dataset.orderedValue);
+            this._tomSelect.setValue(data);
+        }
    }

    getTomSelect() {
--- a/assets/controllers/elements/select_multiple_controller.js
+++ b/assets/controllers/elements/select_multiple_controller.js
@@ -20,6 +20,8 @@
 import {Controller} from "@hotwired/stimulus";
 import TomSelect from "tom-select";

+// TODO: Merge with select_controller.js
+
 export default class extends Controller {
    _tomSelect;

--- a/assets/controllers/elements/static_file_autocomplete_controller.js
+++ b/assets/controllers/elements/static_file_autocomplete_controller.js
@@ -0,0 +1,106 @@
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2023 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import {Controller} from "@hotwired/stimulus";
+
+import "tom-select/dist/css/tom-select.bootstrap5.css";
+import '../../css/components/tom-select_extensions.css';
+import TomSelect from "tom-select";
+
+import TomSelect_click_to_edit from '../../tomselect/click_to_edit/click_to_edit'
+import TomSelect_autoselect_typed from '../../tomselect/autoselect_typed/autoselect_typed'
+
+TomSelect.define('click_to_edit', TomSelect_click_to_edit)
+TomSelect.define('autoselect_typed', TomSelect_autoselect_typed)
+
+/**
+ * This is the frontend controller for StaticFileAutocompleteType form element.
+ * Basically it loads a text file from the given url (via data-url) and uses it as a source for the autocomplete.
+ * The file is just a list of strings, one per line, which will be used as the autocomplete options.
+ * Lines starting with # will be ignored.
+ */
+export default class extends Controller {
+    _tomSelect;
+
+    connect() {
+
+        let settings = {
+            persistent: false,
+            create: true,
+            maxItems: 1,
+            maxOptions: 100,
+            createOnBlur: true,
+            selectOnTab: true,
+            valueField: 'text',
+            searchField: 'text',
+            orderField: 'text',
+
+            //This a an ugly solution to disable the delimiter parsing of the TomSelect plugin
+            delimiter: 'VERY_L0NG_D€LIMITER_WHICH_WILL_NEVER_BE_ENCOUNTERED_IN_A_STRING',
+            plugins: {
+                'autoselect_typed': {},
+                'click_to_edit': {},
+                'clear_button': {},
+                'restore_on_backspace': {}
+            }
+        };
+
+        if (this.element.dataset.url) {
+            const url = this.element.dataset.url;
+            settings.load = (query, callback) => {
+                const self = this;
+                if (self.loading > 1) {
+                    callback();
+                    return;
+                }
+
+                fetch(url)
+                    .then(response => response.text())
+                    .then(text => {
+                        // Convert the text file to array
+                        let lines = text.split("\n");
+                        //Remove all lines beginning with #
+                        lines = lines.filter(x => !x.startsWith("#"));
+
+                        //Convert the array to an object, where each line is in the text field
+                        lines = lines.map(x => {
+                            return {text: x};
+                        });
+
+
+                        //Unset the load function to prevent endless recursion
+                        self._tomSelect.settings.load = null;
+
+                        callback(lines);
+                    }).catch(() => {
+                    callback();
+                });
+            };
+        }
+
+        this._tomSelect = new TomSelect(this.element, settings);
+    }
+
+    disconnect() {
+        super.disconnect();
+        //Destroy the TomSelect instance
+        this._tomSelect.destroy();
+    }
+
+}
--- a/assets/controllers/elements/structural_entity_select_controller.js
+++ b/assets/controllers/elements/structural_entity_select_controller.js
@@ -22,6 +22,10 @@ import '../../css/components/tom-select_extensions.css';
 import TomSelect from "tom-select";
 import {Controller} from "@hotwired/stimulus";

+import {trans, ENTITY_SELECT_GROUP_NEW_NOT_ADDED_TO_DB} from '../../translator.js'
+
+import TomSelect_autoselect_typed from '../../tomselect/autoselect_typed/autoselect_typed'
+TomSelect.define('autoselect_typed', TomSelect_autoselect_typed)

 export default class extends Controller {
    _tomSelect;
@@ -36,12 +40,20 @@ export default class extends Controller {
        const allowAdd = this.element.getAttribute("data-allow-add") === "true";
        const addHint = this.element.getAttribute("data-add-hint") ?? "";

+
+
+
        let settings = {
            allowEmptyOption: true,
            selectOnTab: true,
            maxOptions: null,
-            create: allowAdd,
-            createFilter: /\D/, //Must contain a non-digit character, otherwise they would be recognized as DB ID
+            create: allowAdd ? this.createItem.bind(this) : false,
+            createFilter: this.createFilter.bind(this),
+
+            // This three options allow us to paste element names with commas: (see issue #538)
+            maxItems: 1,
+            delimiter: "$$VERY_LONG_DELIMITER_THAT_SHOULD_NEVER_APPEAR$$",
+            splitOn: null,

            searchField: [
                {field: "text", weight : 2},
@@ -52,7 +64,21 @@ export default class extends Controller {
            render: {
                item: this.renderItem.bind(this),
                option: this.renderOption.bind(this),
-                option_create: function(data, escape) {
+                option_create: (data, escape)  => {
+                    //If the input starts with "->", we prepend the current selected value, for easier extension of existing values
+                    //This here handles the display part, while the createItem function handles the actual creation
+                    if (data.input.startsWith("->")) {
+                        //Get current selected value
+                        const current = this._tomSelect.getItem(this._tomSelect.getValue()).textContent.replaceAll("→", "->").trim();
+                        //Prepend it to the input
+                        if (current) {
+                            data.input = current + " " + data.input;
+                        } else {
+                            //If there is no current value, we remove the "->"
+                            data.input = data.input.substring(2);
+                        }
+                    }
+
                    return '<div class="create"><i class="fa-solid fa-plus fa-fw"></i>&nbsp;<strong>' + escape(data.input) + '</strong>&hellip;&nbsp;' +
                        '<small class="text-muted float-end">(' + addHint +')</small>' +
                        '</div>';
@@ -62,10 +88,70 @@ export default class extends Controller {
            //Add callbacks to update validity
            onInitialize: this.updateValidity.bind(this),
            onChange: this.updateValidity.bind(this),
+
+            plugins: {
+                "autoselect_typed": {},
+            }
        };

+        //Add clear button plugin, if an empty option is present
+        if (this.element.querySelector("option[value='']") !== null) {
+            settings.plugins["clear_button"] = {};
+        }
+
        this._tomSelect = new TomSelect(this.element, settings);
-        this._tomSelect.sync();
+        //Do not do a sync here as this breaks the initial rendering of the empty option
+        //this._tomSelect.sync();
+    }
+
+    createItem(input, callback) {
+
+        //If the input starts with "->", we prepend the current selected value, for easier extension of existing values
+        if (input.startsWith("->")) {
+            //Get current selected value
+            let current = this._tomSelect.getItem(this._tomSelect.getValue()).textContent.replaceAll("→", "->").trim();
+            //Replace no break spaces with normal spaces
+            current = current.replaceAll("\u00A0", " ");
+            //Prepend it to the input
+            if (current) {
+                input = current + " " + input;
+            } else {
+                //If there is no current value, we remove the "->"
+                input = input.substring(2);
+            }
+        }
+
+        callback({
+            //$%$ is a special value prefix, that is used to identify items, that are not yet in the DB
+            value: '$%$' + input,
+            text: input,
+            not_in_db_yet: true,
+        });
+    }
+
+    createFilter(input) {
+
+        //Normalize the input (replace spacing around arrows)
+        if (input.includes("->")) {
+            const inputs = input.split("->");
+            inputs.forEach((value, index) => {
+                inputs[index] = value.trim();
+            });
+            input = inputs.join("->");
+        } else {
+            input = input.trim();
+        }
+
+        const options = this._tomSelect.options;
+        //Iterate over all options and check if the input is already present
+        for (let index in options) {
+            const option = options[index];
+            if (option.path === input) {
+                return false;
+            }
+        }
+
+        return true;
    }


@@ -97,14 +183,27 @@ export default class extends Controller {
        }

        if (data.short) {
-            return '<div><b>' + escape(data.short) + '</b></div>';
+            let short = escape(data.short)
+
+            //Make text italic, if the item is not yet in the DB
+            if (data.not_in_db_yet) {
+                short = '<i>' + short + '</i>';
+            }
+
+            return '<div><b>' + short + '</b></div>';
        }

        let name = "";
        if (data.parent) {
            name += escape(data.parent) + "&nbsp;→&nbsp;";
        }
-        name += "<b>" + escape(data.text) + "</b>";
+
+        if (data.not_in_db_yet) {
+            //Not yet added items are shown italic and with a badge
+            name += "<i><b>" + escape(data.text) + "</b></i>" + "<span class='ms-3 badge bg-info badge-info'>" + trans(ENTITY_SELECT_GROUP_NEW_NOT_ADDED_TO_DB) + "</span>";
+        } else {
+            name += "<b>" + escape(data.text) + "</b>";
+        }

        return '<div>' + (data.image ? "<img class='structural-entity-select-image' style='margin-right: 5px;' ' src='" + data.image + "'/>" : "") + name + '</div>';
    }
--- a/assets/controllers/elements/tagsinput_controller.js
+++ b/assets/controllers/elements/tagsinput_controller.js
@@ -23,14 +23,21 @@ import "tom-select/dist/css/tom-select.bootstrap5.css";
 import '../../css/components/tom-select_extensions.css';
 import TomSelect from "tom-select";

+import TomSelect_click_to_edit from '../../tomselect/click_to_edit/click_to_edit'
+import TomSelect_autoselect_typed from '../../tomselect/autoselect_typed/autoselect_typed'
+
+TomSelect.define('click_to_edit', TomSelect_click_to_edit)
+TomSelect.define('autoselect_typed', TomSelect_autoselect_typed)
+
 export default class extends Controller {
    _tomSelect;

    connect() {
        let settings = {
            plugins: {
-                remove_button:{
-                }
+                remove_button:{},
+                'autoselect_typed': {},
+                'click_to_edit': {},
            },
            persistent: false,
            selectOnTab: true,
--- a/assets/controllers/elements/tree_controller.js
+++ b/assets/controllers/elements/tree_controller.js
@@ -94,13 +94,15 @@ export default class extends Controller {
            showTags: this._showTags,
            data: data,
            showIcon: true,
+            preventUnselect: true,
+            allowReselect: true,
            onNodeSelected: (event) => {
                const node = event.detail.node;
                if (node.href) {
                    window.Turbo.visit(node.href, {action: "advance"});
+                    this._registerURLWatcher(node);
                }
            },
-            //onNodeContextmenu: contextmenu_handler,
        }, [BS5Theme, BS53Theme, FAIconTheme]);

        this.treeTarget.addEventListener(EVENT_INITIALIZED, (event) => {
@@ -108,12 +110,42 @@ export default class extends Controller {
            const treeView = event.detail.treeView;
            treeView.revealNode(treeView.getSelected());

+            //Add the url watcher to all selected nodes
+            for (const node of treeView.getSelected()) {
+                this._registerURLWatcher(node);
+            }
+
            //Add contextmenu event listener to the tree, which allows us to open the links in a new tab with a right click
            treeView.getTreeElement().addEventListener("contextmenu", this._onContextMenu.bind(this));
        });

    }

+    _registerURLWatcher(node)
+    {
+        //Register a watcher for a location change, which will unselect the node, if the location changes
+        const desired_url = node.href;
+
+        //Ensure that the node is unselected, if the location changes
+        const unselectNode = () => {
+            //Parse url so we can properly compare them
+            const desired = new URL(node.href, window.location.origin);
+
+            //We only compare the pathname, because the hash and parameters should not matter
+            if(window.location.pathname !== desired.pathname) {
+                //The ignore parameter is important here, otherwise the node will not be unselected
+                node.setSelected(false, {silent: true, ignorePreventUnselect: true});
+
+                //Unregister the watcher
+                document.removeEventListener('turbo:load', unselectNode);
+            }
+        };
+
+        //Register the watcher via hotwire turbo
+        //We must just load to have the new url in window.location
+        document.addEventListener('turbo:load', unselectNode);
+    }
+
    _onContextMenu(event)
    {
        //Find the node that was clicked and open link in new tab
--- a/assets/controllers/pages/association_edit_type_select_controller.js
+++ b/assets/controllers/pages/association_edit_type_select_controller.js
@@ -0,0 +1,44 @@
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2023 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import {Controller} from "@hotwired/stimulus";
+
+export default class extends Controller {
+
+    static targets = [ "display", "select" ]
+
+    connect()
+    {
+        this.update();
+        this.selectTarget.addEventListener('change', this.update.bind(this));
+    }
+
+    update()
+    {
+        //If the select value is 0, then we show the input field
+        if( this.selectTarget.value === '0')
+        {
+            this.displayTarget.classList.remove('d-none');
+        }
+        else
+        {
+            this.displayTarget.classList.add('d-none');
+        }
+    }
+}
--- a/assets/controllers/pages/barcode_scan_controller.js
+++ b/assets/controllers/pages/barcode_scan_controller.js
@@ -20,7 +20,7 @@
 import {Controller} from "@hotwired/stimulus";
 //import * as ZXing from "@zxing/library";

-import {Html5QrcodeScanner, Html5Qrcode} from "html5-qrcode";
+import {Html5QrcodeScanner, Html5Qrcode} from "@part-db/html5-qrcode";

 /* stimulusFetch: 'lazy' */
 export default class extends Controller {
@@ -50,7 +50,7 @@ export default class extends Controller {
        });

        this._scanner = new Html5QrcodeScanner(this.element.id, {
-            fps: 2,
+            fps: 10,
            qrbox: qrboxFunction,
            experimentalFeatures: {
                //This option improves reading quality on android chrome
@@ -61,6 +61,11 @@ export default class extends Controller {
        this._scanner.render(this.onScanSuccess.bind(this));
    }

+    disconnect() {
+        this._scanner.pause();
+        this._scanner.clear();
+    }
+
    onScanSuccess(decodedText, decodedResult) {
        //Put our decoded Text into the input box
        document.getElementById('scan_dialog_input').value = decodedText;
--- a/assets/controllers/pages/dont_check_quantity_checkbox_controller.js
+++ b/assets/controllers/pages/dont_check_quantity_checkbox_controller.js
@@ -0,0 +1,65 @@
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2022 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import {Controller} from "@hotwired/stimulus";
+
+/**
+ * This controller is used on a checkbox, which toggles the max value of all number input fields
+ */
+export default class extends Controller {
+
+    _checkbox;
+
+    getCheckbox() {
+        if (this._checkbox) {
+            return this._checkbox;
+        }
+
+        //Find the checkbox inside the controller element
+        this._checkbox = this.element.querySelector('input[type="checkbox"]');
+        return this._checkbox;
+    }
+
+    connect() {
+        //Add event listener to the checkbox
+        this.getCheckbox().addEventListener('change', this.toggleInputLimits.bind(this));
+    }
+
+    toggleInputLimits() {
+        //Find all input fields with the data-toggle-input-limits-target="max"
+        const inputFields = document.querySelectorAll("input[type='number']");
+
+        inputFields.forEach((inputField) => {
+            //Ensure that the input field has either a max or a data-max attribute
+            if (!inputField.hasAttribute('max') && !inputField.hasAttribute('data-max')) {
+                return;
+            }
+
+            //If the checkbox is checked, rename the max attribute to data-max
+            if (this.getCheckbox().checked) {
+                inputField.setAttribute('data-max', inputField.getAttribute('max'));
+                inputField.removeAttribute('max');
+            } else {
+                //If the checkbox is not checked, rename the data-max attribute back to max
+                inputField.setAttribute('max', inputField.getAttribute('data-max'));
+                inputField.removeAttribute('data-max');
+            }
+        });
+    }
+}
--- a/assets/controllers/pages/latex_preview_controller.js
+++ b/assets/controllers/pages/latex_preview_controller.js
@@ -25,9 +25,23 @@ import "katex/dist/katex.css";
 export default class extends Controller {
    static targets = ["input", "preview"];

+    static values = {
+        unit: {type: Boolean, default: false} //Render as upstanding (non-italic) text, useful for units
+    }
+
    updatePreview()
    {
-        katex.render(this.inputTarget.value, this.previewTarget, {
+        let value = "";
+        if (this.unitValue) {
+            //Escape percentage signs
+            value = this.inputTarget.value.replace(/%/g, '\\%');
+
+            value = "\\mathrm{" + value + "}";
+        } else {
+            value = this.inputTarget.value;
+        }
+
+        katex.render(value, this.previewTarget, {
            throwOnError: false,
        });
    }
--- a/assets/controllers/pages/parameters_autocomplete_controller.js
+++ b/assets/controllers/pages/parameters_autocomplete_controller.js
@@ -22,6 +22,13 @@ import TomSelect from "tom-select";
 import katex from "katex";
 import "katex/dist/katex.css";

+
+import TomSelect_click_to_edit from '../../tomselect/click_to_edit/click_to_edit'
+import TomSelect_autoselect_typed from '../../tomselect/autoselect_typed/autoselect_typed'
+
+TomSelect.define('click_to_edit', TomSelect_click_to_edit)
+TomSelect.define('autoselect_typed', TomSelect_autoselect_typed)
+
 /* stimulusFetch: 'lazy' */
 export default class extends Controller
 {
@@ -53,7 +60,10 @@ export default class extends Controller
    connect() {
        const settings = {
            plugins: {
-                clear_button:{}
+                'autoselect_typed': {},
+                'click_to_edit': {},
+                'clear_button': {},
+                'restore_on_backspace': {}
            },
            persistent: false,
            maxItems: 1,
@@ -75,7 +85,9 @@ export default class extends Controller
                        tmp += '<span>' + katex.renderToString(data.symbol) + '</span>'
                    }
                    if (data.unit) {
-                        tmp += '<span class="ms-2">' + katex.renderToString('[' + data.unit + ']') + '</span>'
+                        let unit  = data.unit.replace(/%/g, '\\%');
+                        unit = "\\mathrm{" + unit + "}";
+                        tmp += '<span class="ms-2">' + katex.renderToString('[' + unit + ']') + '</span>'
                    }


--- a/assets/controllers/pages/part_merge_modal_controller.js
+++ b/assets/controllers/pages/part_merge_modal_controller.js
@@ -0,0 +1,68 @@
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2023 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+import {Controller} from "@hotwired/stimulus";
+
+export default class extends Controller
+{
+    static targets = ['link', 'mode', 'otherSelect'];
+    static values = {
+        targetId: Number,
+    };
+
+    connect() {
+    }
+
+    update() {
+        const link = this.linkTarget;
+        const other_select = this.otherSelectTarget;
+
+        //Extract the mode using the mode radio buttons (we filter the array to get the checked one)
+        const mode = (this.modeTargets.filter((e)=>e.checked))[0].value;
+
+        if (other_select.value === '') {
+            link.classList.add('disabled');
+            return;
+        }
+
+        //Extract href template from data attribute on link target
+        let href = link.getAttribute('data-href-template');
+
+        let target, other;
+        if (mode === '1') {
+            target = this.targetIdValue;
+            other = other_select.value;
+        } else if (mode === '2') {
+            target = other_select.value;
+            other = this.targetIdValue;
+        } else {
+            throw 'Invalid mode';
+        }
+
+        //Replace placeholder with actual target id
+        href = href.replace('__target__', target);
+        //Replace placeholder with selected value of the select (the event sender)
+        href = href.replace('__other__', other);
+
+        //Assign new href to link
+        link.setAttribute('href', href);
+        //Make link clickable
+        link.classList.remove('disabled');
+    }
+}
--- a/assets/css/app/helpers.css
+++ b/assets/css/app/helpers.css
@@ -67,7 +67,6 @@ ul.structural_link {
    padding-bottom: 7px;
    padding-left: 0;
    list-style: none;
-    background-color: inherit;
 }

 /* Display list items side by side */
@@ -112,4 +111,11 @@ ul.structural_link li a:hover {
 .permission-checkbox:checked {
    background-color: var(--bs-success);
    border-color: var(--bs-success);
+}
+
+/***********************************************
+ * Katex rendering with same height as text
+ ***********************************************/
+.katex-same-height-as-text .katex {
+    font-size: 1.0em;
 }
--- a/assets/css/app/images.css
+++ b/assets/css/app/images.css
@@ -51,7 +51,6 @@
 .part-table-image {
    max-height: 40px;
    object-fit: contain;
-    width: 100%;
 }

 .part-info-image {
@@ -61,4 +60,4 @@

 .object-fit-cover {
    object-fit: cover;
-}
+}
--- a/assets/css/app/layout.css
+++ b/assets/css/app/layout.css
@@ -108,8 +108,8 @@ body {
 .back-to-top {
    cursor: pointer;
    position: fixed;
-    bottom: 20px;
-    right: 20px;
+    bottom: 60px;
+    right: 40px;
    display:none;
    z-index: 1030;
 }
--- a/assets/css/app/tables.css
+++ b/assets/css/app/tables.css
@@ -63,10 +63,6 @@ table.dataTable > tbody > tr.selected > td > a {
    margin-block-end: 0;
 }

-.card-footer-table {
-    padding-top: 0;
-}
-
 table.dataTable {
    margin-top: 0 !important;
 }
@@ -84,14 +80,24 @@ th.select-checkbox {
 * Datatables definitions/overrides
 ********************************************************************/

-.dataTables_length {
+.dt-length {
    display: inline-flex;
 }

 /** Fix datatables select-checkbox position */
 table.dataTable tr.selected td.select-checkbox:after
 {
-    margin-top: -25px !important;
+    margin-top: -20px !important;
+}
+
+/** Show pagination right aligned */
+.dt-paging .pagination {
+    justify-content: flex-end;
+}
+
+/** Fix table row coloring */
+table.table.dataTable > :not(caption) > * > * {
+    background-color: var(--bs-table-bg);
 }


@@ -103,53 +109,4 @@ Classes for Datatables export
 #export-messageTop,
 .export-helper{
    display: none;
-}
-
-/******************************************************
- * Styling for the select all checkbox in the parts table
- * Should match the styling of the select checkbox
- ******************************************************/
-table.dataTable > thead > tr > th.select-checkbox {
-    position: relative;
-}
-table.dataTable > thead > tr > th.select-checkbox:before,
-table.dataTable > thead > tr > th.select-checkbox:after {
-    display: block;
-    position: absolute;
-    top: 0.9em;
-    left: 50%;
-    width: 1em !important;
-    height: 1em !important;
-    box-sizing: border-box;
-}
-table.dataTable > thead > tr > th.select-checkbox:before {
-    content: " ";
-    margin-top: -5px;
-    margin-left: -6px;
-    border: 2px solid var(--bs-tertiary-color);
-    border-radius: 3px;
-}
-
-table.dataTable > tbody > tr > td.select-checkbox:before, table.dataTable > tbody > tr > th.select-checkbox:before {
-    border: 2px solid var(--bs-tertiary-color) !important;
-}
-
-table.dataTable > tbody > tr > td.select-checkbox:before, table.dataTable > tbody > tr > td.select-checkbox:after, table.dataTable > tbody > tr > th.select-checkbox:before, table.dataTable > tbody > tr > th.select-checkbox:after {
-    width: 1em !important;
-    height: 1em !important;
-}
-
-table.dataTable > thead > tr.selected > th.select-checkbox:after {
-    content: "✓";
-    font-size: 20px;
-    margin-top: -20px;
-    margin-left: -6px;
-    text-align: center;
-    /*text-shadow: 1px 1px #B0BED9, -1px -1px #B0BED9, 1px -1px #B0BED9, -1px 1px #B0BED9; */
-}
-table.dataTable.compact > thead > tr > th.select-checkbox:before {
-    margin-top: -12px;
-}
-table.dataTable.compact > thead > tr.selected > th.select-checkbox:after {
-    margin-top: -16px;
-}
+}
--- a/assets/css/components/autocomplete_bootstrap_theme.css
+++ b/assets/css/components/autocomplete_bootstrap_theme.css
--- a/assets/css/components/ckeditor.css
+++ b/assets/css/components/ckeditor.css
@@ -24,9 +24,8 @@
 /** Should be the same settings, as in label_style.css */
 .ck-html-label .ck-content {
    font-family: "DejaVu Sans Mono", monospace;
-    font-size: 12px;
+    font-size: 12pt;
    line-height: 1.0;
-    font-size-adjust: 1.5;
 }

 .ck-html-label .ck-content p {
--- a/assets/css/components/datatables_select_bs5.css
+++ b/assets/css/components/datatables_select_bs5.css
@@ -0,0 +1,69 @@
+/******************************************************************************************
+* This styles the checkboxes of the select extension exactly like the ones in bootstrap 5
+******************************************************************************************/
+
+table.dataTable > tbody > tr > .selected {
+    background-color: var(--bs-primary-bg-subtle) !important;
+    color: white;
+}
+table.dataTable > tbody > tr > .dt-select {
+    text-align: center;
+    vertical-align: middle;
+}
+table.dataTable > thead > tr > .dt-select {
+    text-align: center;
+}
+table.dataTable input.dt-select-checkbox {
+    --bs-form-check-bg: var(--bs-body-bg);
+    flex-shrink: 0;
+    width: 1em;
+    height: 1em;
+    margin-top: 0.25em;
+    vertical-align: top;
+    -webkit-appearance: none;
+    -moz-appearance: none;
+    appearance: none;
+    background-color: var(--bs-form-check-bg);
+    background-image: var(--bs-form-check-bg-image);
+    background-repeat: no-repeat;
+    background-position: center;
+    background-size: contain;
+    border: var(--bs-border-width) solid var(--bs-border-color);
+    -webkit-print-color-adjust: exact;
+    color-adjust: exact;
+    print-color-adjust: exact;
+    border-radius: 0.25em;
+}
+
+table.dataTable input.dt-select-checkbox:checked {
+    background-color: rgb(var(--bs-secondary-rgb));
+    border-color: rgb(var(--bs-secondary-rgb));
+    --bs-form-check-bg-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 20 20'%3e%3cpath fill='none' stroke='%23fff' stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='m6 10 3 3 6-6'/%3e%3c/svg%3e");
+}
+
+table.dataTable input.dt-select-checkbox:indeterminate {
+    background-color: rgb(var(--bs-secondary-rgb));
+    border-color: rgb(var(--bs-secondary-rgb));
+    --bs-form-check-bg-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 20 20'%3e%3cpath fill='none' stroke='%23fff' stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='M6 10h8'/%3e%3c/svg%3e");
+}
+
+
+
+
+div.dt-container span.select-info,
+div.dt-container span.select-item {
+    margin-left: 0.5em;
+}
+
+
+@media screen and (max-width: 640px) {
+    div.dt-container span.select-info,
+    div.dt-container span.select-item {
+        margin-left: 0;
+        display: block;
+    }
+}
+table.dataTable.table-sm tbody td.select-checkbox::before {
+    margin-top: -9px;
+}
+
--- a/assets/css/email/foundation-emails.css
+++ b/assets/css/email/foundation-emails.css
--- a/assets/js/app.js
+++ b/assets/js/app.js
@@ -44,4 +44,18 @@ import "./register_events";
 import "./tristate_checkboxes";

 //Define jquery globally
-window.$ = window.jQuery = require("jquery")
+window.$ = window.jQuery = require("jquery");
+
+//Use the local WASM file for the ZXing library
+import {
+    setZXingModuleOverrides,
+} from "barcode-detector/pure";
+import  wasmFile from "../../node_modules/zxing-wasm/dist/reader/zxing_reader.wasm";
+setZXingModuleOverrides({
+    locateFile: (path, prefix) => {
+        if (path.endsWith(".wasm")) {
+            return wasmFile;
+        }
+        return prefix + path;
+    },
+});
--- a/assets/js/lib/dataTables.select.mjs
+++ b/assets/js/lib/dataTables.select.mjs
--- a/assets/js/lib/datatables.js
+++ b/assets/js/lib/datatables.js
@@ -47,7 +47,8 @@
                method: config.method,
                data: {
                    _dt: config.name,
-                    _init: true
+                    _init: true,
+                    order: config.initial_order ?? undefined,
                }
            }).done(function(data) {
                var baseState;
@@ -72,6 +73,17 @@
                            }
                        } else {
                            request._dt = config.name;
+
+                            //Try to resolve the original column index when the column was reordered (using the ColReorder plugin)
+                            //Only do this when _ColReorder_iOrigCol is available
+                            if (settings.aoColumns && settings.aoColumns.length && settings.aoColumns[0]._ColReorder_iOrigCol !== undefined) {
+                                if (request.order && request.order.length) {
+                                    request.order.forEach(function (order) {
+                                        order.column = settings.aoColumns[order.column]._ColReorder_iOrigCol;
+                                    });
+                                }
+                            }
+
                            $.ajax(typeof config.url === 'function' ? config.url(dt) : config.url, {
                                method: config.method,
                                data: request
@@ -86,6 +98,15 @@
                    dtOpts = config.options(dtOpts);
                }

+                //Choose the column where the className contains "select-column" and apply the select extension to its render field
+                //Added for Part-DB
+                for (let column of dtOpts.columns) {
+                    if (column.className && column.className.includes('dt-select')) {
+                        column.render = $.fn.dataTable.render.select();
+                    }
+                }
+
+
                root.html(data.template);
                dt = $('table', root).DataTable(dtOpts);
                if (config.state !== 'none') {
--- a/assets/js/register_events.js
+++ b/assets/js/register_events.js
@@ -20,6 +20,8 @@
 'use strict';

 import {Dropdown} from "bootstrap";
+import ClipboardJS from "clipboard";
+import {Modal} from "bootstrap";

 class RegisterEventHelper {
    constructor() {
@@ -27,7 +29,14 @@ class RegisterEventHelper {
        this.configureDropdowns();
        this.registerSpecialCharInput();

+        //Initialize ClipboardJS
+        this.registerLoadHandler(() => {
+            new ClipboardJS('.btn');
+        });
+
        this.registerModalDropRemovalOnFormSubmit();
+
+
    }

    registerModalDropRemovalOnFormSubmit() {
@@ -37,6 +46,15 @@ class RegisterEventHelper {
            if (back_drop) {
                back_drop.remove();
            }
+
+            //Remove scroll-lock if it is still active
+            if (document.body.classList.contains('modal-open')) {
+                document.body.classList.remove('modal-open');
+
+                //Remove the padding-right and overflow:hidden from the body
+                document.body.style.paddingRight = '';
+                document.body.style.overflow = '';
+            }
        });
    }

@@ -59,13 +77,16 @@ class RegisterEventHelper {
    }

    registerTooltips() {
-        this.registerLoadHandler(() => {
+        const handler = () => {
            $(".tooltip").remove();
            //Exclude dropdown buttons from tooltips, otherwise we run into endless errors from bootstrap (bootstrap.esm.js:614 Bootstrap doesn't allow more than one instance per element. Bound instance: bs.dropdown.)
-            $('a[title], label[title], button[title]:not([data-bs-toggle="dropdown"]), p[title], span[title], h6[title], h3[title], i.fas[title]')
+            $('a[title], label[title], button[title]:not([data-bs-toggle="dropdown"]), p[title], span[title], h6[title], h3[title], i[title], small[title]')
                //@ts-ignore
                .tooltip("hide").tooltip({container: "body", placement: "auto", boundary: 'window'});
-        });
+        };
+
+        this.registerLoadHandler(handler);
+        document.addEventListener('dt:loaded', handler);
    }

    registerSpecialCharInput() {
--- a/assets/js/tab_remember.js
+++ b/assets/js/tab_remember.js
@@ -19,7 +19,7 @@

 "use strict";

-import {Tab, Dropdown} from "bootstrap";
+import {Tab, Dropdown, Collapse} from "bootstrap";
 import tab from "bootstrap/js/src/tab";

 /**
@@ -54,6 +54,7 @@ class TabRememberHelper {
        const first_element = merged[0] ?? null;
        if(first_element) {
            this.revealElementOnTab(first_element);
+            this.revealElementInCollapse(first_element);
        }
    }

@@ -62,10 +63,20 @@ class TabRememberHelper {
     * @param event
     */
    onInvalid(event) {
+        this.revealElementInCollapse(event.target);
        this.revealElementOnTab(event.target);
        this.revealElementInDropdown(event.target);
    }

+    revealElementInCollapse(element) {
+        let collapse = element.closest('.collapse');
+
+        if(collapse) {
+            let bs_collapse = Collapse.getOrCreateInstance(collapse);
+            bs_collapse.show();
+        }
+    }
+
    revealElementInDropdown(element) {
        let dropdown = element.closest('.dropdown-menu');

--- a/assets/tomselect/autoselect_typed/autoselect_typed.js
+++ b/assets/tomselect/autoselect_typed/autoselect_typed.js
@@ -0,0 +1,63 @@
+/**
+ * Autoselect Typed plugin for Tomselect
+ *
+ * This plugin allows automatically selecting an option matching the typed text when the Tomselect element goes out of
+ * focus (is blurred) and/or when the delimiter is typed.
+ *
+ * #select_on_blur option
+ * Tomselect natively supports the "createOnBlur" option. This option picks up any remaining text in the input field
+ * and uses it to create a new option and selects that option. It does behave a bit strangely though, in that it will
+ * not select an already existing option when the input is blurred, so if you typed something that matches an option in
+ * the list and then click outside the box (without pressing enter) the entered text is just removed (unless you have
+ * allow duplicates on in which case it will create a new option).
+ * This plugin fixes that, such that Tomselect will first try to select an option matching the remaining uncommitted
+ * text and only when no matching option is found tries to create a new one (if createOnBlur and create is on)
+ *
+ * #select_on_delimiter option
+ * Normally when typing the delimiter (space by default) Tomselect will try to create a new option (and select it) (if
+ * create is on), but if the typed text matches an option (and allow duplicates is off) it refuses to react at all until
+ * you press enter. With this option, the delimiter will also allow selecting an option, not just creating it.
+ */
+function select_current_input(self){
+    if(self.isLocked){
+        return
+    }
+
+    const val = self.inputValue()
+    //Do nothing if the input is empty
+    if (!val) {
+        return
+    }
+
+    if (self.options[val]) {
+        self.addItem(val)
+        self.setTextboxValue()
+    }
+}
+
+export default function(plugin_options_) {
+    const plugin_options = Object.assign({
+        //Autoselect the typed text when the input element goes out of focus
+        select_on_blur: true,
+        //Autoselect the typed text when the delimiter is typed
+        select_on_delimiter: true,
+    }, plugin_options_);
+
+    const self = this
+
+    if(plugin_options.select_on_blur) {
+        this.hook("before", "onBlur", function () {
+            select_current_input(self)
+        })
+    }
+
+    if(plugin_options.select_on_delimiter) {
+        this.hook("before", "onKeyPress", function (e) {
+            const character = String.fromCharCode(e.keyCode || e.which);
+            if (self.settings.mode === 'multi' && character === self.settings.delimiter) {
+                select_current_input(self)
+            }
+        })
+    }
+
+}
--- a/assets/tomselect/click_to_edit/click_to_edit.js
+++ b/assets/tomselect/click_to_edit/click_to_edit.js
@@ -0,0 +1,93 @@
+/**
+ * click_to_edit plugin for Tomselect
+ *
+ * This plugin allows editing (and selecting text in) any selected item by clicking it.
+ *
+ * Usually, when the user typed some text and created an item in Tomselect that item cannot be edited anymore. To make
+ * a change, the item has to be deleted and retyped completely. There is also generally no way to copy text out of a
+ * tomselect item. The "restore_on_backspace" plugin improves that somewhat, by allowing the user to edit an item after
+ * pressing backspace. However, it is somewhat confusing to first have to focus the field an then hit backspace in order
+ * to copy a piece of text. It may also not be immediately obvious for editing.
+ * This plugin transforms an item into editable text when it is clicked, e.g. when the user tries to place the caret
+ * within an item or when they try to drag across the text to highlight it.
+ * It also plays nice with the remove_button plugin which still removes (deselects) an option entirely.
+ *
+ * It is recommended to also enable the autoselect_typed plugin when using this plugin. Without it, the text in the
+ * input field (i.e. the item that was just clicked) is lost when the user clicks outside the field. Also, when the user
+ * clicks an option (making it text) and then tries to enter another one by entering the delimiter (e.g. space) nothing
+ * happens until enter is pressed or the text is changed from what it was.
+ */
+
+/**
+ * Return a dom element from either a dom query string, jQuery object, a dom element or html string
+ * https://stackoverflow.com/questions/494143/creating-a-new-dom-element-from-an-html-string-using-built-in-dom-methods-or-pro/35385518#35385518
+ *
+ * param query should be {}
+ */
+const getDom = query => {
+    if (query.jquery) {
+        return query[0];
+    }
+    if (query instanceof HTMLElement) {
+        return query;
+    }
+    if (isHtmlString(query)) {
+        var tpl = document.createElement('template');
+        tpl.innerHTML = query.trim(); // Never return a text node of whitespace as the result
+        return tpl.content.firstChild;
+    }
+    return document.querySelector(query);
+};
+const isHtmlString = arg => {
+    if (typeof arg === 'string' && arg.indexOf('<') > -1) {
+        return true;
+    }
+    return false;
+};
+
+function plugin(plugin_options_) {
+    const self = this
+
+    const plugin_options = Object.assign({
+        //If there is unsubmitted text in the input field, should that text be automatically used to select a matching
+        //element? If this is off, clicking on item1 and then clicking on item2 will result in item1 being deselected
+        auto_select_before_edit: true,
+        //If there is unsubmitted text in the input field, should that text be automatically used to create a matching
+        //element if no matching element was found or auto_select_before_edit is off?
+        auto_create_before_edit: true,
+        //customize this function to change which text the item is replaced with when clicking on it
+        text: option => {
+            return option[self.settings.labelField];
+        }
+    }, plugin_options_);
+
+
+    self.hook('after', 'setupTemplates', () => {
+        const orig_render_item = self.settings.render.item;
+        self.settings.render.item = (data, escape) => {
+            const item = getDom(orig_render_item.call(self, data, escape));
+
+            item.addEventListener('click', evt => {
+                    if (self.isLocked) {
+                        return;
+                    }
+                    const val = self.inputValue();
+
+                    if (self.options[val]) {
+                        self.addItem(val)
+                    } else if (self.settings.create) {
+                        self.createItem();
+                    }
+                    const option = self.options[item.dataset.value]
+                    self.setTextboxValue(plugin_options.text.call(self, option));
+                    self.focus();
+                    self.removeItem(item);
+                }
+            );
+
+            return item;
+        }
+    });
+
+}
+export { plugin as default };
--- a/bin/console
+++ b/bin/console
@@ -4,6 +4,17 @@
 use App\Kernel;
 use Symfony\Bundle\FrameworkBundle\Console\Application;

+if (!is_dir(dirname(__DIR__).'/vendor')) {
+    throw new LogicException('Dependencies are missing. Try running "composer install".');
+}
+
+//Increase xdebug.max_nesting_level to 1000 if required (see issue #411)
+//Check if xdebug extension is active, and xdebug.max_nesting_level is set to 256 or lower
+if (extension_loaded('xdebug') && ((int) ini_get('xdebug.max_nesting_level')) <= 256) {
+    //Increase xdebug.max_nesting_level to 1000
+    ini_set('xdebug.max_nesting_level', '1000');
+}
+
 if (!is_file(dirname(__DIR__).'/vendor/autoload_runtime.php')) {
    throw new LogicException('Symfony Runtime is missing. Try running "composer require symfony/runtime".');
 }
--- a/bin/phpunit
+++ b/bin/phpunit
@@ -6,9 +6,13 @@ if (!ini_get('date.timezone')) {
 }

 if (is_file(dirname(__DIR__).'/vendor/phpunit/phpunit/phpunit')) {
-    define('PHPUNIT_COMPOSER_INSTALL', dirname(__DIR__).'/vendor/autoload.php');
-    require PHPUNIT_COMPOSER_INSTALL;
-    PHPUnit\TextUI\Command::main();
+    if (PHP_VERSION_ID >= 80000) {
+        require dirname(__DIR__).'/vendor/phpunit/phpunit/phpunit';
+    } else {
+        define('PHPUNIT_COMPOSER_INSTALL', dirname(__DIR__).'/vendor/autoload.php');
+        require PHPUNIT_COMPOSER_INSTALL;
+        PHPUnit\TextUI\Command::main();
+    }
 } else {
    if (!is_file(dirname(__DIR__).'/vendor/symfony/phpunit-bridge/bin/simple-phpunit.php')) {
        echo "Unable to find the `simple-phpunit.php` script in `vendor/symfony/phpunit-bridge/bin/`.\n";
--- a/codecov.yml
+++ b/codecov.yml
@@ -5,4 +5,5 @@ coverage:
  status:
    project:
      default:
-        threshold: 5%
+        threshold: 10%
+        target: 40%
--- a/composer.json
+++ b/composer.json
@@ -1,4 +1,5 @@
 {
+    "name": "part-db/part-db-server",
    "type": "project",
    "license": "AGPL-3.0-or-later",
    "require": {
@@ -10,35 +11,41 @@
        "ext-intl": "*",
        "ext-json": "*",
        "ext-mbstring": "*",
+        "amphp/http-client": "^5.1",
+        "api-platform/core": "^3.1",
        "beberlei/doctrineextensions": "^1.2",
-        "brick/math": "^0.11.0",
+        "brick/math": "0.12.1 as 0.11.0",
+        "composer/ca-bundle": "^1.5",
        "composer/package-versions-deprecated": "^1.11.99.5",
-        "doctrine/annotations": "1.14.3",
-        "doctrine/data-fixtures": "^1.6.6",
-        "doctrine/dbal": "^3.4.6",
+        "doctrine/data-fixtures": "^2.0.0",
+        "doctrine/dbal": "^4.0.0",
        "doctrine/doctrine-bundle": "^2.0",
        "doctrine/doctrine-migrations-bundle": "^3.0",
-        "doctrine/orm": "^2.9",
-        "dompdf/dompdf": "dev-master#87bea32efe0b0db309e1d31537201f64d5508280 as v2.0.3",
+        "doctrine/orm": "^3.2.0",
+        "dompdf/dompdf": "^v3.0.0",
        "erusev/parsedown": "^1.7",
        "florianv/swap": "^4.0",
        "florianv/swap-bundle": "dev-master",
        "gregwar/captcha-bundle": "^2.1.0",
-        "jbtronics/2fa-webauthn": "^v2.0.0",
+        "hshn/base64-encoded-file": "^5.0",
+        "jbtronics/2fa-webauthn": "^v2.2.0",
        "jbtronics/dompdf-font-loader-bundle": "^1.0.0",
+        "jbtronics/settings-bundle": "^v2.6.0",
        "jfcherng/php-diff": "^6.14",
+        "knpuniversity/oauth2-client-bundle": "^2.15",
        "league/csv": "^9.8.0",
        "league/html-to-markdown": "^5.0.1",
        "liip/imagine-bundle": "^2.2",
        "nbgrp/onelogin-saml-bundle": "^1.3",
        "nelexa/zip": "^4.0",
+        "nelmio/cors-bundle": "^2.3",
        "nelmio/security-bundle": "^3.0",
        "nyholm/psr7": "^1.1",
-        "ocramius/proxy-manager": "2.2.*",
-        "omines/datatables-bundle": "^0.7.2",
+        "omines/datatables-bundle": "^0.9.1",
+        "paragonie/sodium_compat": "^1.21",
        "part-db/label-fonts": "^1.0",
-        "php-translation/symfony-bundle": "^0.13.0",
-        "phpdocumentor/reflection-docblock": "^5.2",
+        "rhukster/dom-sanitizer": "^1.0",
+        "runtime/frankenphp-symfony": "^0.2.0",
        "s9e/text-formatter": "^2.1",
        "scheb/2fa-backup-code": "^6.8.0",
        "scheb/2fa-bundle": "^6.8.0",
@@ -47,64 +54,66 @@
        "shivas/versioning-bundle": "^4.0",
        "spatie/db-dumper": "^3.3.1",
        "symfony/apache-pack": "^1.0",
-        "symfony/asset": "6.3.*",
-        "symfony/console": "6.3.*",
-        "symfony/dotenv": "6.3.*",
-        "symfony/expression-language": "6.3.*",
+        "symfony/asset": "6.4.*",
+        "symfony/console": "6.4.*",
+        "symfony/css-selector": "6.4.*",
+        "symfony/dom-crawler": "6.4.*",
+        "symfony/dotenv": "6.4.*",
+        "symfony/expression-language": "6.4.*",
        "symfony/flex": "^v2.3.1",
-        "symfony/form": "6.3.*",
-        "symfony/framework-bundle": "6.3.*",
-        "symfony/http-client": "6.3.*",
-        "symfony/http-kernel": "6.3.*",
-        "symfony/mailer": "6.3.*",
+        "symfony/form": "6.4.*",
+        "symfony/framework-bundle": "6.4.*",
+        "symfony/http-client": "6.4.*",
+        "symfony/http-kernel": "6.4.*",
+        "symfony/mailer": "6.4.*",
        "symfony/monolog-bundle": "^3.1",
-        "symfony/process": "6.3.*",
-        "symfony/property-access": "6.3.*",
-        "symfony/property-info": "6.3.*",
-        "symfony/proxy-manager-bridge": "6.3.*",
-        "symfony/rate-limiter": "6.3.*",
-        "symfony/runtime": "6.3.*",
-        "symfony/security-bundle": "6.3.*",
-        "symfony/serializer": "6.3.*",
-        "symfony/translation": "6.3.*",
-        "symfony/twig-bundle": "6.3.*",
-        "symfony/ux-translator": "2.x-dev",
+        "symfony/polyfill-php82": "^1.28",
+        "symfony/process": "6.4.*",
+        "symfony/property-access": "6.4.*",
+        "symfony/property-info": "6.4.*",
+        "symfony/rate-limiter": "6.4.*",
+        "symfony/runtime": "6.4.*",
+        "symfony/security-bundle": "6.4.*",
+        "symfony/serializer": "6.4.*",
+        "symfony/string": "6.4.8",
+        "symfony/translation": "6.4.*",
+        "symfony/twig-bundle": "6.4.*",
+        "symfony/ux-translator": "^2.10",
        "symfony/ux-turbo": "^2.0",
-        "symfony/validator": "6.3.*",
-        "symfony/web-link": "6.3.*",
+        "symfony/validator": "6.4.*",
+        "symfony/web-link": "6.4.*",
        "symfony/webpack-encore-bundle": "^v2.0.1",
-        "symfony/yaml": "6.3.*",
-        "tecnickcom/tc-lib-barcode": "^1.15",
+        "symfony/yaml": "6.4.*",
+        "tecnickcom/tc-lib-barcode": "^2.1.4",
        "twig/cssinliner-extra": "^3.0",
-        "twig/extra-bundle": "^3.0",
-        "twig/html-extra": "^3.0",
+        "twig/extra-bundle": "^3.8",
+        "twig/html-extra": "^3.8",
        "twig/inky-extra": "^3.0",
-        "twig/intl-extra": "^3.0",
-        "twig/markdown-extra": "^3.0",
-        "web-auth/webauthn-symfony-bundle": "^4.0.0",
-        "webmozart/assert": "^1.4"
+        "twig/intl-extra": "^3.8",
+        "twig/markdown-extra": "^3.8",
+        "twig/string-extra": "^3.8",
+        "web-auth/webauthn-symfony-bundle": "^4.0.0"
    },
    "require-dev": {
-        "dama/doctrine-test-bundle": "^7.0",
-        "doctrine/doctrine-fixtures-bundle": "^3.2",
-        "ekino/phpstan-banned-code": "^v1.0.0",
+        "dama/doctrine-test-bundle": "^v8.0.0",
+        "doctrine/doctrine-fixtures-bundle": "^4.0.0",
+        "ekino/phpstan-banned-code": "^v3.0.0",
+        "jbtronics/translation-editor-bundle": "^1.0",
        "phpstan/extension-installer": "^1.0",
-        "phpstan/phpstan": "^1.4.7",
-        "phpstan/phpstan-doctrine": "^1.2.11",
-        "phpstan/phpstan-strict-rules": "^1.5",
-        "phpstan/phpstan-symfony": "^1.1.7",
-        "psalm/plugin-symfony": "^v5.0.1",
-        "rector/rector": "^0.17.0",
+        "phpstan/phpstan": "^2.0.4",
+        "phpstan/phpstan-doctrine": "^2.0.1",
+        "phpstan/phpstan-strict-rules": "^2.0.1",
+        "phpstan/phpstan-symfony": "^2.0.0",
+        "phpunit/phpunit": "^9.5",
+        "rector/rector": "^2.0.4",
        "roave/security-advisories": "dev-latest",
-        "symfony/browser-kit": "6.3.*",
-        "symfony/css-selector": "6.3.*",
-        "symfony/debug-bundle": "6.3.*",
+        "symfony/browser-kit": "6.4.*",
+        "symfony/debug-bundle": "6.4.*",
        "symfony/maker-bundle": "^1.13",
-        "symfony/phpunit-bridge": "6.3.*",
-        "symfony/stopwatch": "6.3.*",
-        "symfony/web-profiler-bundle": "6.3.*",
-        "symplify/easy-coding-standard": "^11.0",
-        "vimeo/psalm": "^5.6.0"
+        "symfony/phpunit-bridge": "6.4.*",
+        "symfony/stopwatch": "6.4.*",
+        "symfony/web-profiler-bundle": "6.4.*",
+        "symplify/easy-coding-standard": "^12.0"
    },
    "suggest": {
        "ext-bcmath": "Used to improve price calculation performance",
@@ -155,7 +164,8 @@
    "extra": {
        "symfony": {
            "allow-contrib": false,
-            "require": "6.3.*"
+            "require": "6.4.*",
+            "docker": true
        }
    }
 }
--- a/composer.lock
+++ b/composer.lock
--- a/config/bundles.php
+++ b/config/bundles.php
@@ -18,16 +18,19 @@ return [
    DAMA\DoctrineTestBundle\DAMADoctrineTestBundle::class => ['test' => true],
    Twig\Extra\TwigExtraBundle\TwigExtraBundle::class => ['all' => true],
    Gregwar\CaptchaBundle\GregwarCaptchaBundle::class => ['all' => true],
-    Translation\Bundle\TranslationBundle::class => ['all' => true],
    Florianv\SwapBundle\FlorianvSwapBundle::class => ['all' => true],
    Nelmio\SecurityBundle\NelmioSecurityBundle::class => ['all' => true],
    Symfony\UX\Turbo\TurboBundle::class => ['all' => true],
    Jbtronics\TFAWebauthn\TFAWebauthnBundle::class => ['all' => true],
    Scheb\TwoFactorBundle\SchebTwoFactorBundle::class => ['all' => true],
-    SpomkyLabs\CborBundle\SpomkyLabsCborBundle::class => ['all' => true],
    Webauthn\Bundle\WebauthnBundle::class => ['all' => true],
    Nbgrp\OneloginSamlBundle\NbgrpOneloginSamlBundle::class => ['all' => true],
    Symfony\UX\StimulusBundle\StimulusBundle::class => ['all' => true],
    Symfony\UX\Translator\UxTranslatorBundle::class => ['all' => true],
    Jbtronics\DompdfFontLoaderBundle\DompdfFontLoaderBundle::class => ['all' => true],
+    KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
+    Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true],
+    ApiPlatform\Symfony\Bundle\ApiPlatformBundle::class => ['all' => true],
+    Jbtronics\SettingsBundle\JbtronicsSettingsBundle::class => ['all' => true],
+    Jbtronics\TranslationEditorBundle\JbtronicsTranslationEditorBundle::class => ['dev' => true],
 ];
--- a/config/packages/api_platform.yaml
+++ b/config/packages/api_platform.yaml
@@ -0,0 +1,41 @@
+api_platform:
+  title: 'Part-DB API'
+  description: 'API of Part-DB'
+  version: '0.1.0'
+
+  formats:
+    jsonld: ['application/ld+json']
+    json:   ['application/json']
+    jsonapi: ['application/vnd.api+json']
+
+  docs_formats:
+    jsonld: ['application/ld+json']
+    jsonopenapi: ['application/vnd.openapi+json']
+    html: ['text/html']
+    json:   ['application/vnd.openapi+json']
+
+  swagger:
+    api_keys:
+      # overridden in OpenApiFactoryDecorator
+      access_token:
+        name: Authorization
+        type: header
+
+  defaults:
+    # TODO: Change this to true later. In the moment it is false, because we use the session in somewhere
+    stateless: false
+    cache_headers:
+        vary: ['Content-Type', 'Authorization', 'Origin']
+    extra_properties:
+        standard_put: true
+        rfc_7807_compliant_errors: true
+
+    pagination_client_items_per_page: true # Allow clients to override the default items per page
+
+  keep_legacy_inflector: false
+  # Need to be true, or some tests will fail
+  use_symfony_listeners: true
+
+  serializer:
+    # Change this to false later, to remove the hydra prefix on the API
+    hydra_prefix: true
--- a/config/packages/cache.yaml
+++ b/config/packages/cache.yaml
@@ -20,3 +20,6 @@ framework:
            tree.cache:
                adapter: cache.app
                tags: true
+
+            info_provider.cache:
+                adapter: cache.app
--- a/config/packages/dama_doctrine_test_bundle.yaml
+++ b/config/packages/dama_doctrine_test_bundle.yaml
@@ -0,0 +1,5 @@
+when@test:
+    dama_doctrine_test:
+        enable_static_connection: true
+        enable_static_meta_data_cache: true
+        enable_static_query_cache: true
--- a/config/packages/datatables.yaml
+++ b/config/packages/datatables.yaml
@@ -8,15 +8,15 @@ datatables:

    # Set options, as documented at https://datatables.net/reference/option/
    options:
-        lengthMenu : [[10, 25, 50, 100, -1], [10, 25, 50, 100, "All"]]
-        pageLength: 50
-        #dom: "<'row' <'col-sm-12' tr>><'row' <'col-sm-6'l><'col-sm-6 text-right'pif>>"
-        dom: "  <'row'<'col mb-2 input-group' B l> <'col mb-2' <'pull-end' p>>>
-                        <'card'
-                            rt
-                            <'card-footer card-footer-table text-muted' i >
-                        >
-                        <'row'<'col mt-2 input-group' B l> <'col mt-2' <'pull-right' p>>>"
+        lengthMenu : [[10, 25, 50, 100], [10, 25, 50, 100]] # We add the "All" option, when part tables are generated
+        #pageLength: '%partdb.table.default_page_size%'   # Set to -1 to disable pagination (i.e. show all rows) by default
+        pageLength: 50 #TODO
+        dom: "  <'row' <'col mb-2 input-group flex-nowrap' B l > <'col-auto mb-2' < p >>>
+                    <'card'
+                        rt
+                        <'card-footer card-footer-table text-muted' i >
+                    >
+                <'row' <'col mt-2 input-group flex-nowrap' B l > <'col-auto mt-2' < p >>>"
        pagingType: 'simple_numbers'
        searching: true
        stateSave: true
--- a/config/packages/dev/php_translation.yaml
+++ b/config/packages/dev/php_translation.yaml
@@ -1,5 +0,0 @@
-translation:
-    symfony_profiler:
-        enabled: true
-    webui:
-        enabled: true
--- a/config/packages/doctrine.yaml
+++ b/config/packages/doctrine.yaml
@@ -2,18 +2,32 @@ doctrine:
    dbal:
        url: '%env(resolve:DATABASE_URL)%'

+        # Required for DAMA doctrine test bundle
+        use_savepoints: true
+
        # IMPORTANT: You MUST configure your server version,
        # either here or in the DATABASE_URL env var (see .env file)

        types:
+            # UTC datetimes
            datetime:
                class: App\Doctrine\Types\UTCDateTimeType
            date:
                class: App\Doctrine\Types\UTCDateTimeType
+
+            datetime_immutable:
+                class: App\Doctrine\Types\UTCDateTimeImmutableType
+            date_immutable:
+                class: App\Doctrine\Types\UTCDateTimeImmutableType
+
            big_decimal:
                class: App\Doctrine\Types\BigDecimalType
            tinyint:
                class: App\Doctrine\Types\TinyIntType
+
+            # This was removed in doctrine/orm 4.0 but we need it for the WebauthnKey entity
+            array:
+                class: App\Doctrine\Types\ArrayType
        
        schema_filter: ~^(?!internal)~
        # Only enable this when needed
@@ -26,18 +40,24 @@ doctrine:
        validate_xml_mapping: true
        naming_strategy: doctrine.orm.naming_strategy.underscore_number_aware
        auto_mapping: true
+        controller_resolver:
+            auto_mapping: true
        mappings:
            App:
-                is_bundle: false
                type: attribute
+                is_bundle: false
                dir: '%kernel.project_dir%/src/Entity'
                prefix: 'App\Entity'
                alias: App

        dql:
            string_functions:
-                regexp: DoctrineExtensions\Query\Mysql\Regexp
-                ifnull: DoctrineExtensions\Query\Mysql\IfNull
+                regexp: App\Doctrine\Functions\Regexp
+                field:  DoctrineExtensions\Query\Mysql\Field
+                field2: App\Doctrine\Functions\Field2
+                natsort: App\Doctrine\Functions\Natsort
+                array_position: App\Doctrine\Functions\ArrayPosition
+                ilike: App\Doctrine\Functions\ILike

 when@test:
    doctrine:
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -2,8 +2,12 @@
 framework:
    secret: '%env(APP_SECRET)%'
    csrf_protection: true
+    annotations: false
    handle_all_throwables: true

+    # We set this header by ourselves, so we can disable it here
+    disallow_search_engine_index: false
+
    # Must be set to true, to enable the change of HTTP method via _method parameter, otherwise our delete routines does not work anymore
    # TODO: Rework delete routines to work without _method parameter as it is not recommended anymore (see https://github.com/symfony/symfony/issues/45278)
    http_method_override: true
@@ -23,7 +27,6 @@ framework:
        handler_id: null
        cookie_secure: auto
        cookie_samesite: lax
-        storage_factory_id: session.storage.factory.native

    #esi: true
    #fragments: true
--- a/config/packages/http_client.yaml
+++ b/config/packages/http_client.yaml
@@ -0,0 +1,5 @@
+framework:
+  http_client:
+    default_options:
+      headers:
+        'User-Agent': 'Part-DB'
--- a/config/packages/knpu_oauth2_client.yaml
+++ b/config/packages/knpu_oauth2_client.yaml
@@ -0,0 +1,38 @@
+knpu_oauth2_client:
+    clients:
+        # configure your clients as described here: https://github.com/knpuniversity/oauth2-client-bundle#configuration
+
+        ip_digikey_oauth:
+            type: generic
+            provider_class: '\League\OAuth2\Client\Provider\GenericProvider'
+
+            client_id: '%env(settings:digikey:clientId)%'
+            client_secret: '%env(settings:digikey:secret)%'
+
+            redirect_route: 'oauth_client_check'
+            redirect_params: {name: 'ip_digikey_oauth'}
+
+            provider_options:
+                urlAuthorize: 'https://api.digikey.com/v1/oauth2/authorize'
+                urlAccessToken: 'https://api.digikey.com/v1/oauth2/token'
+                urlResourceOwnerDetails: ''
+
+                # Sandbox
+                #urlAuthorize: 'https://sandbox-api.digikey.com/v1/oauth2/authorize'
+                #urlAccessToken: 'https://sandbox-api.digikey.com/v1/oauth2/token'
+                #urlResourceOwnerDetails: ''
+
+        ip_octopart_oauth:
+            type: generic
+            provider_class: '\League\OAuth2\Client\Provider\GenericProvider'
+
+            client_id: '%env(settings:octopart:clientId)%'
+            client_secret: '%env(settings:octopart:secret)%'
+
+            redirect_route: 'oauth_client_check'
+            redirect_params: { name: 'ip_octopart_oauth' }
+
+            provider_options:
+                urlAuthorize: 'https://identity.nexar.com/connect/authorize'
+                urlAccessToken: 'https://identity.nexar.com/connect/token'
+                urlResourceOwnerDetails: ''
--- a/config/packages/monolog.yaml
+++ b/config/packages/monolog.yaml
@@ -50,7 +50,6 @@ when@prod:
                type: stream
                path: "%kernel.logs_dir%/%kernel.environment%.log"
                level: debug
-                formatter: monolog.formatter.json
            console:
                type: console
                process_psr_3_messages: false
@@ -74,7 +73,6 @@ when@docker:
                type: stream
                path: "php://stderr"
                level: debug
-                formatter: monolog.formatter.json
            console:
                type: console
                process_psr_3_messages: false
--- a/config/packages/nbgrp_onelogin_saml.yaml
+++ b/config/packages/nbgrp_onelogin_saml.yaml
@@ -1,6 +1,11 @@
 # See https://github.com/SAML-Toolkits/php-saml for more information about the SAML settings

+# Define a parameter here, so we can access it later in the default fallback
+parameters:
+  saml.sp.privateKey: '%env(string:SAML_SP_PRIVATE_KEY)%'
+
 nbgrp_onelogin_saml:
+  use_proxy_vars: '%env(bool:SAML_BEHIND_PROXY)%'
  onelogin_settings:
    default:
      # Basic settings
@@ -22,10 +27,12 @@ nbgrp_onelogin_saml:
          url: '%partdb.default_uri%logout'
          binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
        x509cert: '%env(string:SAML_SP_X509_CERT)%'
-        privateKey: '%env(string:SAMLP_SP_PRIVATE_KEY)%'
+        # Before the env variable was wrongly named "SAMLP_SP_PRIVATE_KEY".
+        # For compatibility reasons we keep it and only fallback to the new name if the old one is not set. This may be removed in the future.
+        privateKey: '%env(string:default:saml.sp.privateKey:string:SAMLP_SP_PRIVATE_KEY)%'

      # Optional settings
-      #baseurl: 'http://myapp.com'
+      baseurl: '%partdb.default_uri%saml/'
      strict: true
      debug: false
      security:
--- a/config/packages/nelmio_cors.yaml
+++ b/config/packages/nelmio_cors.yaml
@@ -0,0 +1,10 @@
+nelmio_cors:
+    defaults:
+        origin_regex: true
+        allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
+        allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
+        allow_headers: ['Content-Type', 'Authorization']
+        expose_headers: ['Link']
+        max_age: 3600
+    paths:
+        '^/': null
--- a/config/packages/nelmio_security.yaml
+++ b/config/packages/nelmio_security.yaml
@@ -12,6 +12,13 @@ nelmio_security:
    external_redirects:
        abort: true
        log: true
+        allow_list:
+            # Whitelist the domain of the SAML IDP, so we can redirect to it during the SAML login process
+            - '%env(string:key:host:url:SAML_IDP_SINGLE_SIGN_ON_SERVICE)%'
+
+            # Whitelist the info provider APIs (OAuth redirects)
+            - 'digikey.com'
+            - 'nexar.com'

    # forces Microsoft's XSS-Protection with
    # its block mode
@@ -44,12 +51,16 @@ nelmio_security:
            img-src:
                - '*'
                - 'data:'
+                # Required for be able to load pictures in the QR code scanner
+                - 'blob:'
            style-src:
                - 'self'
                - 'unsafe-inline'
                - 'data:'
            script-src:
                - 'self'
+                # Required for loading the Wasm for the barcode scanner:
+                - 'wasm-unsafe-eval'
            object-src:
                - 'self'
                - 'data:'
--- a/config/packages/php_translation.yaml
+++ b/config/packages/php_translation.yaml
@@ -1,11 +0,0 @@
-translation:
-    locales: ["en", "de"]
-    edit_in_place:
-        enabled: false
-        config_name: app
-    configs:
-        app:
-            dirs: ["%kernel.project_dir%/templates", "%kernel.project_dir%/src"]
-            output_dir: "%kernel.project_dir%/translations"
-            excluded_names: ["*TestCase.php", "*Test.php"]
-            excluded_dirs: [cache, data, logs]
--- a/config/packages/scheb_2fa.yaml
+++ b/config/packages/scheb_2fa.yaml
@@ -6,7 +6,7 @@ scheb_two_factor:
        server_name: '$$DOMAIN$$'       # This field is replaced by the domain name of the server in DecoratedGoogleAuthenticator
        issuer: '%partdb.title%'        # Issuer name used in QR code
        digits: 6                       # Number of digits in authentication code
-        window: 1                       # How many codes before/after the current one would be accepted as valid
+        leeway: 5                       # Acceptable time drift in seconds
        template: security/2fa_form.html.twig

    backup_codes:
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -19,7 +19,13 @@ security:
            provider: app_user_provider
            lazy: true
            user_checker: App\Security\UserChecker
-            entry_point: form_login
+            entry_point: App\Security\AuthenticationEntryPoint
+
+            # Enable user impersonation
+            switch_user: { role: CAN_SWITCH_USER }
+
+            custom_authenticators:
+                - App\Security\ApiTokenAuthenticator

            two_factor:
                auth_form_path: 2fa_login
@@ -63,3 +69,7 @@ security:
        # We get into trouble with the U2F authentication, if the calls to the trees trigger an 2FA login
        # This settings should not do much harm, because a read only access to show available data structures is not really critical
        - { path: "^/\\w{2}/tree", role: PUBLIC_ACCESS }
+        # Restrict access to API to users, which has the API access permission
+        - { path: "^/api", allow_if: 'is_granted("@api.access_api") and is_authenticated()' }
+        # Restrict access to KICAD to users, which has API access permission
+        - { path: "^/kicad-api", allow_if: 'is_granted("@api.access_api") and is_authenticated()' }
--- a/config/packages/settings.yaml
+++ b/config/packages/settings.yaml
@@ -0,0 +1,8 @@
+jbtronics_settings:
+  default_storage_adapter: Jbtronics\SettingsBundle\Storage\ORMStorageAdapter
+
+  cache:
+    default_cacheable: true
+
+  orm_storage:
+    default_entity_class: App\Entity\SettingsEntry
--- a/config/packages/swap.yaml
+++ b/config/packages/swap.yaml
@@ -6,5 +6,5 @@ florianv_swap:
  providers:
    european_central_bank: ~                      # European Central Bank (only works for EUR base currency)
    fixer:                                        # Fixer.io (needs an API key)
-      access_key: "%env(FIXER_API_KEY)%"
+      access_key: "%env(string:default:settings:exchange_rate:fixerApiKey:INVALID)%"
    #exchange_rates_api: ~
--- a/config/packages/translation.yaml
+++ b/config/packages/translation.yaml
@@ -1,11 +1,10 @@
 framework:
-    default_locale: '%partdb.locale%'
+    default_locale: 'en'
    # Just enable the locales we need for performance reasons.
    enabled_locale: '%partdb.locale_menu%'
    translator:
        default_path: '%kernel.project_dir%/translations'
        fallbacks:
-            - '%partdb.locale%'
            - 'en'
        providers:
    #            crowdin:
--- a/config/packages/twig.yaml
+++ b/config/packages/twig.yaml
@@ -6,20 +6,17 @@ twig:
        '%kernel.project_dir%/assets/css': css

    globals:
-        partdb_title: '%partdb.title%'
-        default_currency: '%partdb.default_currency%'
-        global_theme: '%partdb.global_theme%'
        allow_email_pw_reset: '%partdb.users.email_pw_reset%'
        locale_menu: '%partdb.locale_menu%'
        attachment_manager: '@App\Services\Attachments\AttachmentManager'
        label_profile_dropdown_helper: '@App\Services\LabelSystem\LabelProfileDropdownHelper'
        error_page_admin_email: '%partdb.error_pages.admin_email%'
        error_page_show_help: '%partdb.error_pages.show_help%'
-        sidebar_items: '%partdb.sidebar.items%'
        sidebar_tree_updater: '@App\Services\Trees\SidebarTreeUpdater'
        avatar_helper: '@App\Services\UserSystem\UserAvatarHelper'
        available_themes: '%partdb.available_themes%'
        saml_enabled: '%partdb.saml.enabled%'
+        part_preview_generator: '@App\Services\Attachments\PartPreviewGenerator'

 when@test:
    twig:
--- a/config/parameters.yaml
+++ b/config/parameters.yaml
@@ -5,22 +5,19 @@ parameters:
  ######################################################################################################################
  # Common
  ######################################################################################################################
-  partdb.locale: '%env(string:DEFAULT_LANG)%'                 # The default language to use serverwide
-  partdb.timezone: '%env(string:DEFAULT_TIMEZONE)%'           # The default timezone
-  partdb.title: '%env(trim:string:INSTANCE_NAME)%'            # The title shown inside of Part-DB (e.g. in the navbar and on homepage)
-  partdb.banner: '%env(trim:string:BANNER)%'                  # The info text shown in the homepage, if empty config/banner.md is used
-  partdb.default_currency: '%env(string:BASE_CURRENCY)%'      # The currency that is used inside the DB (and is assumed when no currency is set). This can not be changed later, so be sure to set it the currency used in your country
-  partdb.global_theme: ''                                     # The theme to use globally (see public/build/themes/ for choices, use name without .css). Set to '' for default bootstrap theme
-  partdb.locale_menu: ['en', 'de', 'fr', 'ru', 'ja']          # The languages that are shown in user drop down menu
-  partdb.enforce_change_comments_for: '%env(csv:ENFORCE_CHANGE_COMMENTS_FOR)%' # The actions for which a change comment is required (e.g. "part_edit", "part_create", etc.). If this is empty, change comments are not required at all.
+
+  # This is used as workaround for places where we can not access the settings directly (like the 2FA application names)
+  partdb.title: '%env(string:settings:customization:instanceName)%'  # The title shown inside of Part-DB (e.g. in the navbar and on homepage)
+  partdb.locale_menu: ['en', 'de', 'it', 'fr', 'ru', 'ja', 'cs', 'da', 'zh', 'pl']    # The languages that are shown in user drop down menu

  partdb.default_uri: '%env(string:DEFAULT_URI)%'             # The default URI to use for the Part-DB instance (e.g. https://part-db.example.com/). This is used for generating links in emails

+  partdb.db.emulate_natural_sort: '%env(bool:DATABASE_EMULATE_NATURAL_SORT)%' # If this is set to true, natural sorting is emulated on platforms that do not support it natively. This can be slow on large datasets.
+
  ######################################################################################################################
  # Users and Privacy
  ######################################################################################################################
  partdb.gdpr_compliance: true                                  # If this option is activated, IP addresses are anonymized to be GDPR compliant
-  partdb.users.use_gravatar: '%env(bool:USE_GRAVATAR)%'         # Set to false, if no Gravatar images should be used for user profiles.
  partdb.users.email_pw_reset: '%env(bool:ALLOW_EMAIL_PW_RESET)%' # Config if users are able, to reset their password by email. By default this enabled, when a mail server is configured.

  ######################################################################################################################
@@ -32,10 +29,8 @@ parameters:
  ######################################################################################################################
  # Attachments and files
  ######################################################################################################################
-  partdb.attachments.allow_downloads: '%env(bool:ALLOW_ATTACHMENT_DOWNLOADS)%'    # Allow users to download attachments to server. Warning: This can be dangerous, because via that feature attackers maybe can access ressources on your intranet!
  partdb.attachments.dir.media: 'public/media/'                                   # The folder where uploaded attachment files are saved (must be in public folder)
  partdb.attachments.dir.secure: 'uploads/'                                       # The folder where secured attachment files are saved (must not be in public/)
-  partdb.attachments.max_file_size: '%env(string:MAX_ATTACHMENT_FILE_SIZE)%'      # The maximum size of an attachment file (in bytes, you can use M for megabytes and G for gigabytes)

  ######################################################################################################################
  # Error pages
@@ -48,16 +43,6 @@ parameters:
  ######################################################################################################################
  partdb.saml.enabled: '%env(bool:SAML_ENABLED)%'              # If this is set to true, SAML authentication is enabled

-  ######################################################################################################################
-  # Sidebar
-  ######################################################################################################################
-  # You can configures the default shown tree items in the sidebar here. You can add or remove entries here, to change the number of trees in the sidebar. The possible entries are: categories, locations, footprints, manufacturers, suppliers, devices, tools
-  partdb.sidebar.items:
-    - categories
-    - devices
-    - tools
-  partdb.sidebar.root_expanded: true                         # If this is set to true, the root node of the sidebar is expanded by default
-  partdb.sidebar.root_node_enable: true                      # Put all entities below a root node in the sidebar

  ######################################################################################################################
  # Miscellaneous
@@ -99,14 +84,7 @@ parameters:
  # Env default values
  ######################################################################################################################

-  env(DEFAULT_LANG): 'en'
-  env(DEFAULT_TIMEZONE): 'Europe/Berlin'
-  env(INSTANCE_NAME): 'Part-DB'
-  env(BASE_CURRENCY): 'EUR'
-  env(USE_GRAVATAR): '0'
-  env(MAX_ATTACHMENT_FILE_SIZE): '100M'
-
-  env(ENFORCE_CHANGE_COMMENTS_FOR): ''
+  env(REDIRECT_TO_HTTPS): 0

  env(ERROR_PAGE_ADMIN_EMAIL): ''
  env(ERROR_PAGE_SHOW_HELP): 1
@@ -126,8 +104,4 @@ parameters:

  env(SAML_ROLE_MAPPING): '{}'

-  env(HISTORY_SAVE_CHANGED_DATA): 1
-  env(HISTORY_SAVE_CHANGED_FIELDS): 1
-  env(HISTORY_SAVE_REMOVED_DATA): 1
-  env(HISTORY_SAVE_NEW_DATA): 1
-
+  env(DATABASE_EMULATE_NATURAL_SORT): 0
--- a/config/permissions.yaml
+++ b/config/permissions.yaml
@@ -25,27 +25,35 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
        # If a part can be read by a user, he can also see all the datastructures (except devices)
        alsoSet: ['storelocations.read', 'footprints.read', 'categories.read', 'suppliers.read', 'manufacturers.read',
                  'currencies.read', 'attachment_types.read', 'measurement_units.read']
+        apiTokenRole: ROLE_API_READ_ONLY
      edit:
        label: "perm.edit"
        alsoSet: ['read', 'parts_stock.withdraw', 'parts_stock.add', 'parts_stock.move']
+        apiTokenRole: ROLE_API_EDIT
      create:
        label: "perm.create"
        alsoSet: ['read', 'edit']
+        apiTokenRole: ROLE_API_EDIT
      delete:
        label: "perm.delete"
        alsoSet: ['read', 'edit']
+        apiTokenRole: ROLE_API_EDIT
      change_favorite:
        label: "perm.part.change_favorite"
        alsoSet: ['edit']
+        apiTokenRole: ROLE_API_EDIT
      show_history:
        label: "perm.part.show_history"
        alsoSet: ['read']
+        apiTokenRole: ROLE_API_READ_ONLY
      revert_element:
        label: "perm.revert_elements"
        alsoSet: ["read", "edit", "create", "delete", "show_history"]
+        apiTokenRole: ROLE_API_EDIT
      import:
        label: "perm.import"
        alsoSet: ["read", "edit", "create"]
+        apiTokenRole: ROLE_API_EDIT

  parts_stock:
    group: "data"
@@ -53,10 +61,13 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
    operations:
      withdraw:
        label: "perm.parts_stock.withdraw"
+        apiTokenRole: ROLE_API_EDIT
      add:
        label: "perm.parts_stock.add"
+        apiTokenRole: ROLE_API_EDIT
      move:
        label: "perm.parts_stock.move"
+        apiTokenRole: ROLE_API_EDIT


  storelocations: &PART_CONTAINING
@@ -65,23 +76,30 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
    operations:
      read:
        label: "perm.read"
+        apiTokenRole: ROLE_API_READ_ONLY
      edit:
        label: "perm.edit"
        alsoSet: 'read'
+        apiTokenRole: ROLE_API_EDIT
      create:
        label: "perm.create"
        alsoSet: ['read', 'edit']
+        apiTokenRole: ROLE_API_EDIT
      delete:
        label: "perm.delete"
        alsoSet: ['read', 'edit']
+        apiTokenRole: ROLE_API_EDIT
      show_history:
        label: "perm.show_history"
+        apiTokenRole: ROLE_API_READ_ONLY
      revert_element:
        label: "perm.revert_elements"
        alsoSet: ["read", "edit", "create", "delete", "show_history"]
+        apiTokenRole: ROLE_API_EDIT
      import:
        label: "perm.import"
        alsoSet: [ "read", "edit", "create" ]
+        apiTokenRole: ROLE_API_EDIT

  footprints:
    <<: *PART_CONTAINING
@@ -139,32 +157,48 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
      ic_logos:
        label: "perm.tools.ic_logos"

+  info_providers:
+    label: "perm.part.info_providers"
+    operations:
+      create_parts:
+        label: "perm.part.info_providers.create_parts"
+        alsoSet: ['parts.create']
+        apiTokenRole: ROLE_API_EDIT
+
  groups:
    label: "perm.groups"
    group: "system"
    operations:
      read:
        label: "perm.read"
+        apiTokenRole: ROLE_API_ADMIN
      edit:
        label: "perm.edit"
        alsoSet: 'read'
+        apiTokenRole: ROLE_API_ADMIN
      create:
        label: "perm.create"
        alsoSet: ['read', 'edit']
+        apiTokenRole: ROLE_API_ADMIN
      delete:
        label: "perm.delete"
        alsoSet: ['read', 'delete']
+        apiTokenRole: ROLE_API_ADMIN
      edit_permissions:
        label: "perm.edit_permissions"
        alsoSet: ['read', 'edit']
+        apiTokenRole: ROLE_API_ADMIN
      show_history:
        label: "perm.show_history"
+        apiTokenRole: ROLE_API_ADMIN
      revert_element:
        label: "perm.revert_elements"
        alsoSet: ["read", "edit", "create", "delete", "edit_permissions", "show_history"]
+        apiTokenRole: ROLE_API_ADMIN
      import:
        label: "perm.import"
        alsoSet: [ "read", "edit", "create" ]
+        apiTokenRole: ROLE_API_ADMIN

  users:
    label: "perm.users"
@@ -172,34 +206,49 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
    operations:
      read:
        label: "perm.read"
+        apiTokenRole: ROLE_API_ADMIN
      create:
        label: "perm.create"
        alsoSet: ['read', 'edit_username', 'edit_infos']
+        apiTokenRole: ROLE_API_ADMIN
      delete:
        label: "perm.delete"
        alsoSet: ['read', 'edit_username', 'edit_infos']
+        apiTokenRole: ROLE_API_ADMIN
      edit_username:
        label: "perm.users.edit_user_name"
        alsoSet: ['read']
+        apiTokenRole: ROLE_API_ADMIN
      edit_infos:
        label: "perm.users.edit_infos"
        alsoSet: 'read'
+        apiTokenRole: ROLE_API_ADMIN
      edit_permissions:
        label: "perm.users.edit_permissions"
        alsoSet: 'read'
+        apiTokenRole: ROLE_API_ADMIN
      set_password:
        label: "perm.users.set_password"
        alsoSet: 'read'
+        apiTokenRole: ROLE_API_FULL
+      impersonate:
+        label: "perm.users.impersonate"
+        alsoSet: ['set_password']
+        apiTokenRole: ROLE_API_FULL
      change_user_settings:
        label: "perm.users.change_user_settings"
+        apiTokenRole: ROLE_API_ADMIN
      show_history:
        label: "perm.show_history"
+        apiTokenRole: ROLE_API_ADMIN
      revert_element:
        label: "perm.revert_elements"
        alsoSet: ["read", "create", "delete", "edit_permissions", "show_history", "edit_infos", "edit_username"]
+        apiTokenRole: ROLE_API_ADMIN
      import:
        label: "perm.import"
        alsoSet: [ "read", "create" ]
+        apiTokenRole: ROLE_API_ADMIN

  #database:
  #  label: "perm.database"
@@ -216,17 +265,13 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
  #      label: "perm.database.write_db_settings"
  #      alsoSet: ['read_db_settings', 'see_status']

-  #config:
-  #  label: "perm.config"
-  #  group: "system"
-  #  operations:
-  #    read_config:
-  #      label: "perm.config.read_config"
-  #    edit_config:
-  #      label: "perm.config.edit_config"
-  #      alsoSet: 'read_config'
-  #    server_info:
-  #      label: "perm.config.server_info"
+  config:
+    label: "perm.config"
+    group: "system"
+    operations:
+      change_system_settings:
+        label: "perm.config.change_system_settings"
+        apiTokenRole: ROLE_API_ADMIN

  system:
    label: "perm.system"
@@ -234,60 +279,94 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
    operations:
      show_logs:
        label: "perm.show_logs"
+        apiTokenRole: ROLE_API_ADMIN
      delete_logs:
        label: "perm.delete_logs"
        alsoSet: 'show_logs'
+        apiTokenRole: ROLE_API_ADMIN
      server_infos:
        label: "perm.server_infos"
+        apiTokenRole: ROLE_API_ADMIN
+      manage_oauth_tokens:
+        label: "Manage OAuth tokens"
+        apiTokenRole: ROLE_API_ADMIN
+      show_updates:
+        label: "perm.system.show_available_updates"
+        apiTokenRole: ROLE_API_ADMIN
+

  attachments:
    label: "perm.part.attachments"
    operations:
      show_private:
        label: "perm.attachments.show_private"
+        apiTokenRole: ROLE_API_READ_ONLY
      list_attachments:
        label: "perm.attachments.list_attachments"
        alsoSet: ['attachment_types.read']
+        apiTokenRole: ROLE_API_READ_ONLY

  self:
    label: "perm.self"
    operations:
      edit_infos:
        label: "perm.self.edit_infos"
+        apiTokenRole: ROLE_API_FULL
      edit_username:
        label: "perm.self.edit_username"
+        apiTokenRole: ROLE_API_FULL
      show_permissions:
        label: "perm.self.show_permissions"
+        apiTokenRole: ROLE_API_READ_ONLY
      show_logs:
        label: "perm.self.show_logs"
+        apiTokenRole: ROLE_API_FULL

  labels:
    label: "perm.labels"
    operations:
      create_labels:
        label: "perm.self.create_labels"
+        apiTokenRole: ROLE_API_READ_ONLY
      edit_options:
        label: "perm.self.edit_options"
        alsoSet: ['create_labels']
+        apiTokenRole: ROLE_API_READ_ONLY
      read_profiles:
        label: "perm.self.read_profiles"
+        apiTokenRole: ROLE_API_READ_ONLY
      edit_profiles:
        label: "perm.self.edit_profiles"
        alsoSet: ['read_profiles']
+        apiTokenRole: ROLE_API_EDIT
      create_profiles:
        label: "perm.self.create_profiles"
        alsoSet: ['read_profiles', 'edit_profiles']
+        apiTokenRole: ROLE_API_EDIT
      delete_profiles:
        label: "perm.self.delete_profiles"
        alsoSet: ['read_profiles', 'edit_profiles', 'create_profiles']
+        apiTokenRole: ROLE_API_EDIT
      use_twig:
        label: "perm.labels.use_twig"
        alsoSet: ['create_labels', 'edit_options']
+        apiTokenRole: ROLE_API_ADMIN
      show_history:
        label: "perm.show_history"
        alsoSet: ['read_profiles']
+        apiTokenRole: ROLE_API_READ_ONLY
      revert_element:
        label: "perm.revert_elements"
        alsoSet: ['read_profiles', 'edit_profiles', 'create_profiles', 'delete_profiles']
+        apiTokenRole: ROLE_API_EDIT

-
+  api:
+    label: "perm.api"
+    operations:
+      access_api:
+        label: "perm.api.access_api"
+        apiTokenRole: ROLE_API_READ_ONLY
+      manage_tokens:
+        label: "perm.api.manage_tokens"
+        alsoSet: ['access_api']
+        apiTokenRole: ROLE_API_FULL
--- a/config/routes.yaml
+++ b/config/routes.yaml
@@ -15,5 +15,5 @@ redirector:
    requirements:
        url: ".*"
    controller: App\Controller\RedirectController::addLocalePart
-    # Dont match localized routes (no redirection loop, if no root with that name exists)
-    condition: "not (request.getPathInfo() matches '/^\\\\/[a-z]{2}(_[A-Z]{2})?\\\\//')"
+    # Dont match localized routes (no redirection loop, if no root with that name exists) or API prefixed routes
+    condition: "not (request.getPathInfo() matches '/^\\\\/([a-z]{2}(_[A-Z]{2})?|api)\\\\//')"
--- a/config/routes/api_platform.yaml
+++ b/config/routes/api_platform.yaml
@@ -0,0 +1,4 @@
+api_platform:
+    resource: .
+    type: api_platform
+    prefix: /api
--- a/config/routes/dev/php_translation.yaml
+++ b/config/routes/dev/php_translation.yaml
@@ -1,6 +0,0 @@
-_translation_webui:
-    resource: '@TranslationBundle/Resources/config/routing_webui.yaml'
-    prefix: /admin
-
-_translation_profiler:
-    resource: '@TranslationBundle/Resources/config/routing_symfony_profiler.yaml'
--- a/config/routes/jbtronics_translation_editor.yaml
+++ b/config/routes/jbtronics_translation_editor.yaml
@@ -0,0 +1,3 @@
+when@dev:
+  translation_editor:
+    resource: '@JbtronicsTranslationEditorBundle/config/routes.php'
--- a/config/routes/php_translation.yaml
+++ b/config/routes/php_translation.yaml
@@ -1,3 +0,0 @@
-_translation_edit_in_place:
-    resource: '@TranslationBundle/Resources/config/routing_edit_in_place.yaml'
-    prefix: /admin
--- a/config/routes/security.yaml
+++ b/config/routes/security.yaml
@@ -0,0 +1,3 @@
+_security_logout:
+    resource: security.route_loader.logout
+    type: service
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -17,13 +17,14 @@ services:
            bool $gdpr_compliance: '%partdb.gdpr_compliance%'
            bool $kernel_debug_enabled: '%kernel.debug%'
            string $kernel_cache_dir: '%kernel.cache_dir%'
-            string $partdb_title: '%partdb.title%'
-            string $base_currency: '%partdb.default_currency%'

    _instanceof:
        App\Services\LabelSystem\PlaceholderProviders\PlaceholderProviderInterface:
            tags: ['app.label_placeholder_provider']

+        App\Services\InfoProviderSystem\Providers\InfoProviderInterface:
+            tags: ['app.info_provider']
+
    # makes classes in src/ available to be used as services
    # this creates a service per class whose id is the fully-qualified class name
    App\:
@@ -73,33 +74,10 @@ services:
            # Only the event classes specified here are saved to DB (set to []) to log all events
            $whitelist: []

-    App\EventSubscriber\LogSystem\EventLoggerSubscriber:
-        arguments:
-            $save_changed_fields: '%env(bool:HISTORY_SAVE_CHANGED_FIELDS)%'
-            $save_changed_data: '%env(bool:HISTORY_SAVE_CHANGED_DATA)%'
-            $save_removed_data: '%env(bool:HISTORY_SAVE_REMOVED_DATA)%'
-            $save_new_data: '%env(bool:HISTORY_SAVE_NEW_DATA)%'
-        tags:
-            - { name: 'doctrine.event_subscriber' }
-
-    App\EventSubscriber\LogSystem\LogDBMigrationSubscriber:
-        tags:
-            - { name: 'doctrine.event_subscriber' }
-
-    App\Form\AttachmentFormType:
-        arguments:
-            $allow_attachments_download: '%partdb.attachments.allow_downloads%'
-            $max_file_size: '%partdb.attachments.max_file_size%'
-
    App\Services\Attachments\AttachmentSubmitHandler:
        arguments:
-            $allow_attachments_downloads: '%partdb.attachments.allow_downloads%'
            $mimeTypes: '@mime_types'
-            $max_upload_size: '%partdb.attachments.max_file_size%'

-    App\Services\LogSystem\EventCommentNeededHelper:
-        arguments:
-            $enforce_change_comments_for: '%partdb.enforce_change_comments_for%'

    ####################################################################################################################
    # Attachment system
@@ -137,6 +115,19 @@ services:
            $saml_role_mapping: '%env(json:SAML_ROLE_MAPPING)%'
            $update_group_on_login: '%env(bool:SAML_UPDATE_GROUP_ON_LOGIN)%'

+
+    security.access_token_extractor.header.token:
+        class: Symfony\Component\Security\Http\AccessToken\HeaderAccessTokenExtractor
+        arguments:
+            $tokenType: 'Token'
+
+    security.access_token_extractor.main:
+        class: Symfony\Component\Security\Http\AccessToken\ChainAccessTokenExtractor
+        arguments:
+            $accessTokenExtractors:
+                - '@security.access_token_extractor.header'
+                - '@security.access_token_extractor.header.token'
+
    ####################################################################################################################
    # Cache
    ####################################################################################################################
@@ -145,29 +136,6 @@ services:
        tags:
            - { name: doctrine.orm.entity_listener }

-    ####################################################################################################################
-    # Price system
-    ####################################################################################################################
-    App\Command\Currencies\UpdateExchangeRatesCommand:
-        arguments:
-            $base_current: '%partdb.default_currency%'
-
-    App\Form\Type\CurrencyEntityType:
-        arguments:
-            $base_currency: '%partdb.default_currency%'
-
-    App\Services\Parts\PricedetailHelper:
-        arguments:
-            $base_currency: '%partdb.default_currency%'
-
-    App\Services\Formatters\MoneyFormatter:
-        arguments:
-            $base_currency: '%partdb.default_currency%'
-
-    App\Services\Tools\ExchangeRateUpdater:
-        arguments:
-            $base_currency: '%partdb.default_currency%'
-
    ###################################################################################################################
    # User system
    ####################################################################################################################
@@ -175,10 +143,6 @@ services:
        arguments:
            $demo_mode: '%partdb.demo_mode%'

-    App\EventSubscriber\UserSystem\SetUserTimezoneSubscriber:
-        arguments:
-            $default_timezone: '%partdb.timezone%'
-
    App\Controller\SecurityController:
        arguments:
            $allow_email_pw_reset: '%partdb.users.email_pw_reset%'
@@ -192,10 +156,6 @@ services:
        tags:
            - { name: 'translation.extractor', alias: 'permissionExtractor'}

-    App\Services\UserSystem\UserAvatarHelper:
-        arguments:
-            $use_gravatar: '%partdb.users.use_gravatar%'
-
    App\Form\Type\ThemeChoiceType:
        arguments:
            $available_themes: '%partdb.available_themes%'
@@ -208,6 +168,12 @@ services:
        arguments:
            $saml_enabled: '%partdb.saml.enabled%'

+    ####################################################################################################################
+    # Table settings
+    ####################################################################################################################
+
+    App\DataTables\Helpers\ColumnSortHelper:
+        shared: false   # Service has a state so not share it between different tables

    ####################################################################################################################
    # Label system
@@ -227,12 +193,18 @@ services:
            $tmpDirectory: '%kernel.project_dir%/var/dompdf/tmp/'

    ####################################################################################################################
-    # Trees
+    # Part info provider system
    ####################################################################################################################
-    App\Services\Trees\TreeViewGenerator:
+    App\Services\InfoProviderSystem\ProviderRegistry:
        arguments:
-            $rootNodeExpandedByDefault: '%partdb.sidebar.root_expanded%'
-            $rootNodeEnabled: '%partdb.sidebar.root_node_enable%'
+            $providers: !tagged_iterator 'app.info_provider'
+
+    ####################################################################################################################
+    # API system
+    ####################################################################################################################
+    App\State\PartDBInfoProvider:
+        arguments:
+            $default_uri: '%partdb.default_uri%'

    ####################################################################################################################
    # Symfony overrides
@@ -257,7 +229,6 @@ services:
    ####################################################################################################################
    App\Controller\RedirectController:
        arguments:
-            $default_locale: '%partdb.locale%'
            $enforce_index_php: '%env(bool:NO_URL_REWRITE_AVAILABLE)%'

    App\Doctrine\Purger\ResetAutoIncrementPurgerFactory:
@@ -272,6 +243,12 @@ services:
        arguments:
            $project_dir: '%kernel.project_dir%'

+
+    App\Doctrine\Middleware\MySQLSSLConnectionMiddlewareWrapper:
+        arguments:
+            $enabled: '%env(bool:DATABASE_MYSQL_USE_SSL_CA)%'
+            $verify: '%env(bool:DATABASE_MYSQL_SSL_VERIFY_CERT)%'
+
    ####################################################################################################################
    # Monolog
    ####################################################################################################################
@@ -298,4 +275,4 @@ when@test:
            arguments:
                - '@doctrine.fixtures.loader'
                - '@doctrine'
-                - { default: '@App\Doctrine\Purger\ResetAutoIncrementPurgerFactory' }
+                - { default: '@App\Doctrine\Purger\DoNotUsePurgerFactory' }
--- a/docs/api/authentication.md
+++ b/docs/api/authentication.md
@@ -0,0 +1,77 @@
+---
+title: Authentication
+layout: default
+parent: API
+nav_order: 2
+---
+
+# Authentication
+
+To use API endpoints, the external application has to authenticate itself, so that Part-DB knows which user is accessing
+the data and which permissions
+the application should have during the access. Authentication is always bound to a specific user, so the external
+applications is acting on behalf of a
+specific user. This user limits the permissions of the application so that it can only access data, which the user is
+allowed to access.
+
+The only method currently available for authentication is to use API tokens:
+
+## API tokens
+
+An API token is a long alphanumeric string, which is bound to a specific user and can be used to authenticate as this user when accessing the API.
+The API token is passed via the `Authorization` HTTP header during the API request, like the
+following: `Authorization: Bearer tcp_sdjfks....`.
+
+{: .important }
+> Everybody who knows the API token can access the API as the user, which is bound to the token. So you should treat the
+> API token like a password
+> and keep it secret. Only share it with trusted applications.
+
+API tokens can be created and managed on the user settings page in the API token section. You can create as many API
+tokens as you want and also delete them again.
+When deleting a token, it is immediately invalidated and can not be used anymore, which means that the application can
+not access the API anymore with this token.
+
+### Token permissions and scopes
+
+API tokens are ultimately limited by the permissions of the user, which belongs to the token. That means that the token
+can only access data, that the user is allowed to access, no matter the token permissions.
+
+But you can further limit the permissions of a token by choosing a specific scope for the token. The scope defines which
+subset of permissions the token has, which can be less than the permissions of the user. For example, you can have a
+user
+with full read and write permissions, but create a token with only read permissions, which can only read data, but not
+change anything in the database.
+
+{: .warning }
+> In general, you should always use the least possible permissions for a token, to limit the possible damage, which can
+> be done with a stolen token or a bug in the application.
+> Only use the full or admin scope, if you really need it, as they could potentially be used to do a lot of damage to
+> your Part-DB instance.
+
+The following token scopes are available:
+
+* **Read-Only**: The token can only read non-sensitive data (like parts, but no users or groups) from the API and can
+  not change anything.
+* **Edit**: The token can read and write non-sensitive data via the API. This includes creating, updating and deleting
+  data. This should be enough for most applications.
+* **Admin**: The token can read and write all data via the API, including sensitive data like users and groups. This
+  should only be used for trusted applications, which need to access sensitive data and perform administrative actions.
+* **Full**: The token can do anything the user can do, including changing the user's password and creating new tokens. This
+  should only be used for highly trusted applications!!
+
+Please note, that in early versions of the API, there might be no endpoints yet, to really perform the actions, which
+would be allowed by the token scope.
+
+### Expiration date
+
+API tokens can have an expiration date, which means that the token is only valid until the expiration date. After that
+the token is automatically invalidated and can not be used anymore. The token is still listed on the user settings page,
+and can be deleted there, but the code can not be used to access Part-DB anymore after the expiration date.
+
+### Get token information
+
+When authenticating with an API token, you can get information about the currently used token by accessing
+the `/api/tokens/current` endpoint.
+It gives you information about the token scope, expiration date and the user, which is bound to the token and the last
+time the token was used.
--- a/docs/api/index.md
+++ b/docs/api/index.md
@@ -0,0 +1,11 @@
+---
+layout: default
+title: API
+nav_order: 7
+has_children: true
+---
+
+# API
+
+Part-DB provides a REST API to access the data stored in the database.
+In this section you can find information about the API and how to use it.
--- a/docs/api/intro.md
+++ b/docs/api/intro.md
@@ -0,0 +1,229 @@
+---
+title: Introduction
+layout: default
+parent: API
+nav_order: 1
+---
+
+# Introduction
+
+Part-DB provides a [REST API](https://en.wikipedia.org/wiki/REST) to programmatically access the data stored in the
+database.
+This allows external applications to interact with Part-DB, extend it or integrate it into other applications.
+
+{: .warning }
+> This feature is currently in beta. Please report any bugs you find.
+> The API should not be considered stable yet and could change in future versions, without prior notice.
+> Some features might be missing or not working yet.
+> Also be aware, that there might be security issues in the API, which could allow attackers to access or edit data via
+> the API, which
+> they normally should be able to access. So currently you should only use the API with trusted users and trusted
+> applications.
+
+Part-DB uses [API Platform](https://api-platform.com/) to provide the API, which allows for easy creation of REST APIs
+with Symfony and gives you a lot of features out of the box.
+See the [API Platform documentation](https://api-platform.com/docs/core/) for more details about the API Platform
+features and how to use them.
+
+## Enable the API
+
+The API is available under the `/api` path, but not reachable without proper permissions.
+You have to give the users, which should be able to access the API the proper permissions (Miscellaneous -> API).
+Please note that there are two relevant permissions, the first one allows users to access the `/api/` path at all and show the documentation,
+and the second one allows them to create API tokens which are needed for the authentication of external applications.
+
+## Authentication
+
+To use API endpoints, the external application has to authenticate itself, so that Part-DB knows which user is accessing
+the data and
+which permissions the application should have. Basically, this is done by creating an API token for a user and then
+passing it on every request
+with the `Authorization` header as bearer token, so you add a header `Authorization: Bearer <your token>`.
+
+See [Authentication chapter]({% link api/authentication.md %}) for more details.
+
+## API endpoints
+
+The API is split into different endpoints, which are reachable under the `/api/` path of your Part-DB instance (
+e.g. `https://your-part-db.local/api/`).
+There are various endpoints for each entity type (like `part`, `manufacturer`, etc.), which allow you to read and write data, and some special endpoints like `search` or `statistics`.
+
+For example, all API endpoints for managing categories are available under `/api/categories/`. Depending on the exact
+path and the HTTP method used, you can read, create, update or delete categories.
+For most entities, there are endpoints like this:
+
+* **GET**: `/api/categories/` - List all categories in the database (with pagination of the results)
+* **POST**: `/api/categories/` - Create a new category
+* **GET**: `/api/categories/{id}` - Get a specific category by its ID
+* **DELETE**: `/api/categories/{id}` - Delete a specific category by its ID
+* **UPDATE**: `/api/categories/{id}` - Update a specific category by its ID. Only the fields which are sent in the
+  request are updated, all other fields are left unchanged.
+  Be aware that you have to set the [JSON Merge Patch](https://datatracker.ietf.org/doc/html/rfc7386) content type
+  header (`Content-Type: application/merge-patch+json`) for this to work.
+
+A full (interactive) list of endpoints can be displayed when visiting the `/api/` path in your browser, when you are
+logged in with a user, which is allowed to access the API.
+There is also a link to this page, on the user settings page in the API token section.
+This documentation also lists all available fields for each entity type and the allowed operations.
+
+## Formats
+
+The API supports different formats for the request and response data, which you can control via the `Accept`
+and `Content-Type` headers.
+You should use [JSON-LD](https://json-ld.org/) as format, which is basically JSON with some additional metadata, which
+allows you to describe the data in a more structured way and also allows to link between different entities. You can achieve this
+by setting `Accept: application/ld+json` header to the API requests.
+
+To get plain JSON without any metadata or links, use the `Accept: application/json` header.
+
+Without an `Accept` header (e.g. when you call the endpoint in a browser), the API will return an HTML page with the
+documentation, so be sure to include the desired `Accept` header in your API requests.
+If you can not control the `Accept` header, you can add a `.json` or `.jsonld` suffix to the URL to enforce a JSON or
+JSON-LD response (e.g. `/api/parts.jsonld`).
+
+## OpenAPI schema
+
+Part-DB provides a [OpenAPI](https://swagger.io/specification/) (formally Swagger) schema for the API
+under `/api/docs.json` (so `https://your-part-db.local/api/docs.json`).
+This schema is a machine-readable description of the API, which can be imported into software to test the API or even
+automatically generate client libraries for the API.
+
+API generators which can generate a client library for the API from the schema are available for many programming
+languages, like [OpenAPI Generator](https://openapi-generator.tech/).
+
+An JSONLD/Hydra version of the schema is also available under `/api/docs.jsonld` (
+so `https://your-part-db.local/api/docs.jsonld`).
+
+## Interactive documentation
+
+Part-DB provides an interactive documentation for the API, which is available under `/api/docs` (
+so `https://your-part-db.local/api/docs`).
+You can pass your API token in the form on the top of the page, to authenticate yourself, and then you can try out the
+API directly in the browser.
+This is a great way to test the API and see how it works, without having to write any code.
+
+## Pagination
+
+By default, all list endpoints are paginated, which means only a certain number of results is returned per request.
+To get another page of the results, you have to use the `page` query parameter, which contains the page number you want
+to get (e.g. `/api/categoues/?page=2`).
+When using JSONLD, the links to the next page are also included in the `hydra:view` property of the response.
+
+To change the size of the pages (the number of items in a single page) use the `itemsPerPage` query parameter (
+e.g. `/api/categoues/?itemsPerPage=50`).
+
+See [API Platform docs](https://api-platform.com/docs/core/pagination) for more infos.
+
+## Filtering results / Searching
+
+When retrieving a list of entities, you can restrict the results by various filters. Almost all entities have a search
+filter, which allows you to only include entities, which (text) fields match the given search term: For example, if you only want
+to get parts, with the Name "BC547", you can use `/api/parts.jsonld?name=BC547`. You can use `%` as a wildcard for multiple
+characters in the search term (Be sure to properly encode the search term, if you use special characters). For example, if you want
+to get all parts, whose name starts with "BC", you can use `/api/parts.jsonld?name=BC%25` (the `%25` is the url encoded version of `%`).
+
+There are other filters available for some entities, allowing you to search on other fields, or restricting the results
+by numeric values or dates. See the endpoint documentation for the available filters.
+
+## Filter by associated entities
+
+To get all parts with a certain category, manufacturer, etc. you can use the `category`, `manufacturer`, etc. query
+parameters of the `/api/parts` endpoint.
+They are so-called entity filters and accept a comma-separated list of IDs of the entities you want to filter by.
+For example, if you want to get all parts with the category "Resistor" (Category ID 1) and "Capacitor" (Category ID 2),
+you can use `/api/parts.jsonld?category=1,2`.
+
+Suffix an id with `+` to suffix, to include all direct children categories of the given category. Use the `++` suffix to
+include all children categories recursively.
+To get all parts with the category "Resistor" (Category ID 1) and all children categories of "Capacitor" (Category ID
+2), you can use `/api/parts.jsonld?category=1,2++`.
+
+See the endpoint documentation for the available entity filters.
+
+## Ordering results
+
+When retrieving a list of entities, you can order the results by various fields using the `order` query parameter.
+For example, if you want to get all parts ordered by their name, you can use `/api/parts/?order[name]=asc`. You can use
+this parameter multiple times to order by multiple fields.
+
+See the endpoint documentation for the available fields to order by.
+
+## Property filter
+
+Sometimes you only want to get a subset of the properties of an entity, for example when you only need the name of a
+part, but not all the other properties.
+You can achieve this using the `properties[]` query parameter with the name of the field you want to get. You can use
+this parameter multiple times to get multiple fields.
+For example, if you only want to get the name and the description of a part, you can
+use `/api/parts/123?properties[]=name&properties[]=description`.
+It is also possible to use these filters on list endpoints (get collection), to only get a subset of the properties of
+all entities in the collection.
+
+See [API Platform docs](https://api-platform.com/docs/core/filters/#property-filter) for more info.
+
+## Change comment
+
+Similar to the changes using Part-DB web interface, you can add a change comment to every change you make via the API,
+which will be
+visible in the log of the entity.
+
+You can pass the text for this via the `_comment` query parameter (beware of the proper encoding). For
+example `/api/parts/123?_comment=This%20is%20a%20change%20comment`.
+
+## Creating attachments and parameters
+
+To create attachments and parameters, use the POST endpoint. Internally there are different types of attachments and
+parameters, for each entity type, where the attachments or parameters are used (e.g. PartAttachment for parts, etc.).
+The type of the attachment or parameter is automatically determined by the `element` property of the request data if a
+IRI is passed. You can use the `_type` property to explicitly set the type of the attachment or parameter (the value must
+be the value of the `@type` property of the owning entity. e.g. `Part` for parts).
+
+For example, to create an attachment on a part, you can use the following request:  
+
+```
+POST /api/attachments
+
+{
+    "name": "front68",
+    "attachment_type": "/api/attachment_types/1",
+    "url": "https://invalid.invalid/test.url",
+    "element": "/api/parts/123"
+}
+```
+
+## Uploading files to attachments
+
+To upload files to the attachments you can use the special `upload` property of the attachment entity during write operations (POST, PUT, PATCH).
+Under `data` you can pass a base64 encoded string of the file content, and under `filename` the name of the file.
+Using the `private` property you can control if the file is the attachment should be stored privately or public.
+
+For example, to upload a file to an attachment, you can use the following request:
+
+```
+PATCH /api/attachments/123
+
+{
+  "upload": {
+    "data": "data:@file/octet-stream;base64,LS0gcGhwTXlB[...]",
+    "filename": "test.csv",
+    "private": false
+  },
+  "name": "Rename attachment"
+}
+```
+
+This also works for creating new attachments, by including the `upload` property in the request data along with the other properties.
+
+Using the `downloadUrl` property of `upload` you can say Part-DB to upload the file specified at the URL set on the attachment.
+
+```
+PATCH /api/attachments/123
+
+{
+  "upload": {
+    "downloadUrl": true
+  },
+  "url": "https://host.invalid/myfile.pdf"
+}
+
+```
--- a/Show More
+++ b/Show More