Readme

.gitignore

@@ -0,0 +1,37 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+.DS_Store
+dist
+dist-ssr
+coverage
+*.local
+
+/cypress/videos/
+/cypress/screenshots/
+
+# Editor directories and files
+!.vscode/extensions.json
+.idea
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+*.tsbuildinfo
+
+# Build and package files/folders
+build
+*.sqlite
+out/
+database.svg
+*.bkp
+*.dtmp

.vscode/extensions.json

@@ -0,0 +1,3 @@
+{
+  "recommendations": ["Vue.volar"]
+}

.vscode/settings.json

@@ -0,0 +1,15 @@
+{
+  "i18n-ally.localesPaths": "src/locales",
+  "i18n-ally.regex.key": ".*?",
+  "i18n-ally.sourceLanguage": "en",
+  "i18n-ally.keysInUse": [
+    "date.long.*",
+    "yeah"
+  ],
+  "i18n-ally.includeSubfolders": true,
+  "i18n-ally.dirStructure": "auto",
+  "i18n-ally.enabledFrameworks": [
+    "vue"
+  ],
+  "i18n-ally.keystyle": "nested"
+}

CHANGELOG.md

@@ -0,0 +1,70 @@
+# v.0.3.0 (Release Candidate 1)
+## 🚀 Features
+- Swagger Documentation
+
+## 🐛 Bugfixes
+- Bugfix on search page for Band datasets
+
+# v.0.2.0 (Beta)
+## 🚀 Features
+- Adding "Test Environment" banner in the bottom right corner
+- License handling system
+- New SQL-Injection exercise 2.1
+- Solution code based on Matrikelnummer and number of completed exercises
+
+## 🌟 Enhancements
+- Improve exercise solution of 2.1, 2.2, 2.3, 2.4 and 2.6
+- Light mode improvements
+- Global color schema
+- More feedback through notifications
+- More hints on text fields
+- Redesign account pages, split payments and addresses, new dashboard
+
+## 🐛 Bugfixes
+- More server stability
+- Bugfix file manager in Electron application
+
+
+# v.0.1.0 (Alpha)
+## 🚀 Features
+- Frontend
+  - VueJS frontend framework with Vuetify UI library
+  - Homepage with upcoming concerts, top locations and slider of all bands
+  - "All Bands" & "All Concerts" pages with filter option
+  - "All Locations" groups locations by city
+  - Band detail page with concerts, member, rating and gallery section
+  - Location detail page with concerts and seat plan
+  - Concert booking page. Seat can be selected by user and added to the basket
+  - User register, login and management system. Orders are visible after booking is complete
+  - Global search: Search for band names, locations and concerts
+  - URL simulation bar (needed for some exercises) with previous/next, go and reload buttons
+  - Preferences:
+    - Two themes (dark, light)
+    - Two languages (German, English)
+    - Database and exercise progress reset
+    - Reset to factory settings. Triggers also first install wizard
+  - Admin Panel
+    - Bands, concerts, locations, accounts, genres and orders page shows data in a data table
+    - File browser of open accessable file on server like images and scripts
+- Backend
+  - ExpressJS backend server with Sequelize database management system
+  - Multiple API access points for data exchange
+  - SQLite 3 Database hosts all data
+    - 4 Account roles
+    - 7 Accounts with multiple addresses and payments
+    - 8 bands with
+      - 24 music genres
+      - 35 band members
+      - 13 rating datasets
+    - 17 event locations with
+      - 4 different cities
+      - 79 seat groups total
+      - 300 seat rows total
+      - 2170 seats total
+    - 27 concerts
+    - 3 orders with 4 tickets
+- Exercises
+  - 12 exercises in four exercise groups
+  - Every exercise displays a notification message on solution
+  - Progress is visible on the help page in frontend
+  - PDF export of exercise progress with name and student register number

LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Tobias Zoghaib
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,93 +1,49 @@
-# IT-Sec Web Exercises
+# EventMaster
 
+The most hackable Ticket-Shop!
 
+## How to use
 
-## Getting started
+### Prepare development environment
 
-To make it easy for you to get started with GitLab, here's a list of recommended next steps.
+1. Install node.js
 
-Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!
+```bash
+sudo apt install npm
 
-## Add your files
-
-- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files
-- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:
-
-```
-cd existing_repo
-git remote add origin https://gitlab.uni-hannover.de/maike.raphael/it-sec-web-exercises.git
-git branch -M main
-git push -uf origin main
+# If outdated version:
+sudo npm install -g n
+sudo n stable
 ```
 
-## Integrate with your tools
+2. Download + extract the project
+3. Open the root folder with VS Code (recommended)
+4. Open the bash inside VS Code and install all necessary packages:
 
-- [ ] [Set up project integrations](https://gitlab.uni-hannover.de/maike.raphael/it-sec-web-exercises/-/settings/integrations)
+```bash
+npm i
+```
 
-## Collaborate with your team
+### Test/development
 
-- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/)
-- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)
-- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)
-- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
-- [ ] [Set auto-merge](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)
+There are multiple commands to test parts or the whole project:
 
-## Test and Deploy
+- `npm run vite:dev`: Start Vue frontend only
+- `npm run server:dev`: Start ExpressJs backend only
+- `npm run fullstack:dev`: Start front- and backend
 
-Use the built-in continuous integration in GitLab.
+The frontend runs on `http://localhost:5173/` and the backend on `http://localhost:3000/`
 
-- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)
-- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing (SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)
-- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)
-- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)
-- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)
+### Build
 
-***
+- `npm run vite:build`: Build Vue frontend only
+- `npm run server:build`: Build ExpressJs backend only
+- `npm run fullstack:build`: Build front- and backend
+- `npm run electron:build`: Build front- and backend to an Electron desktop application
+- `npm run builder:build`: Build an installer file of the Electron application for current operating system. Electron-build has to run first!
+- `npm run builder:win`: Build an installer file of the Electron application for Windows operating systems. Electron-build has to run first!
 
-# Editing this README
+## Structure
 
-When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thanks to [makeareadme.com](https://www.makeareadme.com/) for this template.
-
-## Suggestions for a good README
-
-Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.
-
-## Name
-Choose a self-explaining name for your project.
-
-## Description
-Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.
-
-## Badges
-On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.
-
-## Visuals
-Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.
-
-## Installation
-Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.
-
-## Usage
-Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.
-
-## Support
-Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.
-
-## Roadmap
-If you have ideas for releases in the future, it is a good idea to list them in the README.
-
-## Contributing
-State if you are open to contributions and what your requirements are for accepting them.
-
-For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.
-
-You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.
-
-## Authors and acknowledgment
-Show your appreciation to those who have contributed to the project.
-
-## License
-For open source projects, say how it is licensed.
-
-## Project status
-If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.
+### Database
+![database-erm](misc/images/database.png)

backend/data/accountRoles.json

@@ -0,0 +1,22 @@
+{
+  "data": [
+    {
+      "id": 0,
+      "name": "Unregistered",
+      "privilegeBuy": false,
+      "privilegeAdminPanel": false
+    },
+    {
+      "id": 1,
+      "name": "User",
+      "privilegeBuy": true,
+      "privilegeAdminPanel": false
+    },
+    {
+      "id": 2,
+      "name": "Admin",
+      "privilegeBuy": true,
+      "privilegeAdminPanel": true
+    }
+  ]
+}

backend/data/accounts.json

@@ -0,0 +1,169 @@
+{
+  "data": [
+    {
+      "username": "hagemeister93",
+      "email": "hagemeister93@gmail.com",
+      "firstName": "Laurin",
+      "lastName": "Hagemeister",
+      "addresses": [
+        {
+          "street": "Laportestraße",
+          "houseNumber": 22,
+          "postalCode": 30449,
+          "city": "Hannover"
+        }
+      ],
+      "payments": [
+        {
+          "bankName": "Deutsche Bank",
+          "iban": "DE92500105175721645777"
+        }
+      ],
+      "accountRoleId": 1
+    },
+    {
+      "username": "katjaStoiber",
+      "email": "k.stoiber@uni-hannover.de",
+      "firstName": "Katja",
+      "lastName": "Stoiber",
+      "addresses": [
+        {
+          "street": "Gustav-Adolf-Straße",
+          "houseNumber": 30,
+          "postalCode": 30167,
+          "city": "Hannover"
+        }
+      ],
+      "payments": [
+        {
+          "bankName": "DZ Bank",
+          "iban": "DE12500105179557939114"
+        }
+      ],
+      "accountRoleId": 1
+    },
+    {
+      "username": "oetkerohnek",
+      "email": "oetker30625@gmx.com",
+      "firstName": "Luna",
+      "lastName": "Oeter",
+      "addresses": [
+        {
+          "street": "Eckermannstraße",
+          "houseNumber": 1,
+          "postalCode": 30625,
+          "city": "Hannover"
+        },
+        {
+          "street": "Gehrdener Straße",
+          "houseNumber": 14,
+          "postalCode": 30459,
+          "city": "Hannover"
+        }
+      ],
+      "payments": [
+        {
+          "bankName": "Commerzbank",
+          "iban": "DE31500105175417833272"
+        }
+      ],
+      "accountRoleId": 1
+    },
+    {
+      "username": "duranduran",
+      "email": "dduran@hannover.de",
+      "firstName": "Jürgen",
+      "lastName": "Durand",
+      "addresses": [
+        {
+          "street": "Schlägerstraße",
+          "houseNumber": 36,
+          "postalCode": 30171,
+          "city": "Hannover"
+        },
+        {
+          "street": "Else-Ury-Weg",
+          "houseNumber": 20,
+          "postalCode": 30629,
+          "city": "Hannover"
+        }
+      ],
+      "payments": [
+        {
+          "bankName": "ING",
+          "iban": "DE41500105172184936679"
+        }
+      ],
+      "accountRoleId": 2
+    },
+    {
+      "username": "guitarhero",
+      "email": "guitarheroFurti@gmail.com",
+      "firstName": "Frederik",
+      "lastName": "Furtwängler",
+      "addresses": [
+        {
+          "street": "Steinmetzstraße",
+          "houseNumber": 12,
+          "postalCode": 30163,
+          "city": "Hannover"
+        }
+      ],
+      "payments": [
+        {
+          "bankName": "Sparkasse Hannover",
+          "iban": "DE85500105172283979774"
+        }
+      ],
+      "accountRoleId": 1
+    },
+    {
+      "username": "herbstMareike",
+      "email": "m.herbst@uni-hannover.de",
+      "firstName": "Mareike",
+      "lastName": "Herbst",
+      "addresses": [
+        {
+          "street": "Allerweg",
+          "houseNumber": 33,
+          "postalCode": 30851,
+          "city": "Langenhagen"
+        }
+      ],
+      "payments": [
+        {
+          "bankName": "Postbank",
+          "iban": "DE45500105178862417577"
+        }
+      ],
+      "accountRoleId": 1
+    },
+    {
+      "username": "seibertmitb",
+      "email": "janna-seibert@yahoo.com",
+      "firstName": "Janna",
+      "lastName": "Seibert",
+      "addresses": [
+        {
+          "street": "Marktstraße",
+          "houseNumber": 26,
+          "postalCode": 30880,
+          "city": "Laatzen"
+        },
+        {
+          "street": "Kleiner Hillen",
+          "houseNumber": 24,
+          "postalCode": 30559,
+          "city": "Hannover"
+        }
+      ],
+      "payments": [
+        {
+          "bankName": "Sparkasse Hannover",
+          "iban": "DE51500105177526222196"
+        }
+      ],
+      "accountRoleId": 1
+    }
+  ]
+}

backend/data/bands-concerts.json

@@ -0,0 +1,650 @@
+{
+  "bands": [
+    {
+      "name": "Red Hot Chili Peppers",
+      "foundingYear": 1983,
+      "descriptionEn": "The Red Hot Chili Peppers are an American rock band formed in Los Angeles in 1983, comprising vocalist Anthony Kiedis, bassist Flea, drummer Chad Smith, and guitarist John Frusciante. Their music incorporates elements of alternative rock, funk, punk rock, hard rock, hip hop, and psychedelic rock. Their eclectic range has influenced genres such as funk metal, rap metal, rap rock, and nu metal. With over 120 million records sold worldwide, the Red Hot Chili Peppers are one of the top-selling bands of all time.",
+      "descriptionDe": "Red Hot Chili Peppers (Abkürzung: RHCP) ist eine 1983 gegründete US-amerikanische Funk- und Alternative-Rockband. Sie zählt zu den kommerziell erfolgreichsten Vertretern des Crossover. Ihr Album Blood Sugar Sex Magik gilt als eines der bedeutendsten dieses Genres.",
+      "images": [
+        "bands/red-hot-chili-peppers-1.jpg",
+        "bands/red-hot-chili-peppers-2.jpg",
+        "bands/red-hot-chili-peppers-3.jpg",
+        "bands/red-hot-chili-peppers-4.jpg"
+      ],
+      "imageMembers": "bands/red-hot-chili-peppers-members.jpg",
+      "logo": "bands/red-hot-chili-peppers-logo.png",
+      "genres": [
+        "Funk Rock",
+        "Alternative Rock",
+        "Crossover"
+      ],
+      "members": [
+        {
+          "name": "Anthony Kiedis",
+          "image": "artists/anthony-kiedis.jpg"
+        },
+        {
+          "name": "Flea",
+          "image": "artists/flea.jpg"
+        },
+        {
+          "name": "Chad Smith",
+          "image": "artists/chad-smith.jpg"
+        },
+        {
+          "name": "John Frusciante",
+          "image": "artists/john-frusciante.jpg"
+        }
+      ],
+      "ratings": [
+        {
+          "username": "hagemeister93",
+          "rating": 5
+        },
+        {
+          "username": "katjaStoiber",
+          "rating": 5
+        },
+        {
+          "username": "oetkerohnek",
+          "rating": 4
+        },
+        {
+          "username": "duranduran",
+          "rating": 3
+        },
+        {
+          "username": "guitarhero",
+          "rating": 5
+        },
+        {
+          "username": "herbstMareike",
+          "rating": 4
+        },
+        {
+          "username": "seibertmitb",
+          "rating": 5
+        }
+      ],
+      "concertGroups": [
+        {
+          "name": "Unlimited Love",
+          "image": "concerts/unlimited-love-tour.jpg",
+          "concerts": [
+            {
+              "date": "1",
+              "price": 92,
+              "inStock": 170,
+              "location": "Swiss Life Hall"
+            },
+            {
+              "date": "8",
+              "price": 92,
+              "inStock": 170,
+              "location": "Swiss Life Hall"
+            },
+            {
+              "date": "12",
+              "price": 119.90,
+              "inStock": 8736,
+              "location": "Olympiahalle München"
+            },
+            {
+              "date": "19",
+              "price": 114.90,
+              "inStock": 2793,
+              "location": "Barclays Arena"
+            },
+            {
+              "date": "31",
+              "price": 124.90,
+              "inStock": 3079,
+              "location": "Uber Arena Berlin"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "Radiohead",
+      "foundingYear": 1985,
+      "descriptionEn": "Radiohead are an English rock band formed in Abingdon, Oxfordshire, in 1985. They comprise Thom Yorke (vocals, guitar, piano, keyboards); brothers Jonny Greenwood (guitar, keyboards, other instruments) and Colin Greenwood (bass); Ed O'Brien (guitar, backing vocals); and Philip Selway (drums, percussion). They have worked with the producer Nigel Godrich and the cover artist Stanley Donwood since 1994. Radiohead's experimental approach is credited with advancing the sound of alternative rock.",
+      "descriptionDe": "Radiohead ist eine britische Rockband, die 1985 in Oxford, England gegründet wurde. Die Band besteht aus Thom Yorke (Gesang, Rhythmusgitarre, Piano), Jonny Greenwood (Lead-Gitarre, Keyboard, Ondes Martenot), Colin Greenwood (E-Bass, Keyboard), Ed O’Brien (Gitarre, Backgroundvocals) und Phil Selway (Schlagzeug, Backgroundvocals). Radioheads experimenteller Ansatz gilt als Wegbereiter für den Sound des Alternative Rocks.",
+      "images": [
+        "bands/radiohead-1.png",
+        "bands/radiohead-2.jpg",
+        "bands/radiohead-3.jpg"
+      ],
+      "imageMembers": "bands/radiohead-members.jpg",
+      "logo": "bands/radiohead-logo.jpg",
+      "genres": [
+        "Art Rock",
+        "Alternative Rock",
+        "Electronica",
+        "Post-Rock",
+        "Britpop"
+      ],
+      "members": [
+        {
+          "name": "Thom Yorke",
+          "image": "artists/thom-yorke.jpg"
+        },
+        {
+          "name": "Jonny Greenwood",
+          "image": "artists/jonny-greenwood.jpg"
+        },
+        {
+          "name": "Colin Greenwood",
+          "image": "artists/colin-greenwood.jpg"
+        },
+        {
+          "name": "Ed O'Brien",
+          "image": "artists/ed-o-brien.jpg"
+        },
+        {
+          "name": "Philip Selway",
+          "image": "artists/philip-selway.jpg"
+        }
+      ],
+      "ratings": [
+        {
+          "username": "hagemeister93",
+          "rating": 5
+        },
+        {
+          "username": "katjaStoiber",
+          "rating": 4
+        }
+      ],
+      "concertGroups": [
+        {
+          "name": "The Bends",
+          "image": "concerts/the-bends-tour.jpg",
+          "concerts": [
+            {
+              "date": "10",
+              "price": 108,
+              "inStock": 1200,
+              "location": "Capitol"
+            },
+            {
+              "date": "14",
+              "price": 104,
+              "inStock": 1800,
+              "location": "Schlachthof München"
+            },
+            {
+              "date": "16",
+              "price": 99.90,
+              "inStock": 2438,
+              "location": "Waldbühne Berlin"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "Arctic Monkeys",
+      "foundingYear": 2002,
+      "descriptionEn": "Arctic Monkeys are an English rock band formed in Sheffield in 2002. The group consists of lead singer Alex Turner, drummer Matt Helders, guitarist Jamie Cook and bassist Nick O'Malley. Former bassist Andy Nicholson left the band in 2006 shortly after their debut album, Whatever People Say I Am, That's What I'm Not, was released.",
+      "descriptionDe": "Die Arctic Monkeys sind eine vierköpfige britische Alternative-Rock-Band mit Einflüssen aus Post-Punk und Garage Rock. Sie wurde 2002 im englischen Sheffield gegründet und veröffentlichte 2006 ihr Debütalbum, das Platz eins der britischen Charts erreichte. 2007, 2009, 2011, 2013 und 2018 erschienen jeweils weitere Alben der Musikgruppe, die alle ebenfalls die Spitzenposition in Großbritannien erreichten. Aktuelles Album der Band ist das am 21. Oktober 2022 erschienene The Car.",
+      "images": [
+        "bands/arctic-monkeys-1.jpg",
+        "bands/arctic-monkeys-2.jpg",
+        "bands/arctic-monkeys-3.jpg"
+      ],
+      "imageMembers": "bands/arctic-monkeys-members.jpg",
+      "logo": "bands/arctic-monkeys-logo.png",
+      "genres": [
+        "Alternative Rock",
+        "Post-Punk",
+        "Garage Rock"
+      ],
+      "members": [
+        {
+          "name": "Glyn Jones",
+          "image": "artists/glyn-jones.jpg"
+        },
+        {
+          "name": "Alex Turner",
+          "image": "artists/alex-turner.jpg"
+        },
+        {
+          "name": "Jamie Cook",
+          "image": "artists/jamie-cook.jpg"
+        },
+        {
+          "name": "Matt Helders",
+          "image": "artists/matt-helders.jpg"
+        },
+        {
+          "name": "Andy Nicholson",
+          "image": "artists/andy-nicholson.jpg"
+        }
+      ],
+      "ratings": [
+        {
+          "username": "hagemeister93",
+          "rating": 5
+        },
+        {
+          "username": "katjaStoiber",
+          "rating": 3
+        },
+        {
+          "username": "oetkerohnek",
+          "rating": 4
+        }
+      ],
+      "concertGroups":[
+        {
+          "name": "European Tour",
+          "image": "concerts/european-tour-arctic-monkeys.jpg",
+          "concerts": [
+            {
+              "date": "18",
+              "price": 67.90,
+              "inStock": 994,
+              "location": "Kulturzentrum Faust"
+            },
+            {
+              "date": "21",
+              "price": 79.90,
+              "inStock": 1073,
+              "location": "LANXESS arena",
+              "offered": false
+            },
+            {
+              "date": "24",
+              "price": 74.90,
+              "inStock": 100,
+              "location": "Columbiahalle"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "Coldplay",
+      "foundingYear": 1997,
+      "descriptionEn": "Coldplay are a British rock band formed in London in 1997. They consist of vocalist and pianist Chris Martin, guitarist Jonny Buckland, bassist Guy Berryman, drummer and percussionist Will Champion, and manager Phil Harvey. They are best known for their live performances, and for impacting popular culture through their artistry, advocacy and achievements.",
+      "descriptionDe": "Coldplay ist eine britische Pop-Rock-Band, bestehend aus Chris Martin, Jonny Buckland, Will Champion und Guy Berryman. Sie ist eine der weltweit erfolgreichsten Bands der 2000er-Jahre und hat knapp 80 Millionen Tonträger weltweit verkauft, davon 50 Millionen Alben.",
+      "images": [
+        "bands/coldplay-1.jpg",
+        "bands/coldplay-2.jpg",
+        "bands/coldplay-3.jpg"
+      ],
+      "imageMembers": "bands/coldplay-members.jpg",
+      "logo": "bands/coldplay-logo.jpg",
+      "genres": [
+        "Alternative Rock",
+        "Pop-Rock"
+      ],
+      "members": [
+        {
+          "name": "Chris Martin",
+          "image": "artists/chris-martin.jpg"
+        },
+        {
+          "name": "Jonny Buckland",
+          "image": "artists/jonny-buckland.jpg"
+        },
+        {
+          "name": "Guy Berryman",
+          "image": "artists/guy-berryman.jpg"
+        },
+        {
+          "name": "Will Champion",
+          "image": "artists/will-champion.jpg"
+        },
+        {
+          "name": "Phil Harvey",
+          "image": "artists/phil-harvey.png"
+        }
+      ],
+      "ratings": [
+        {
+          "username": "hagemeister93",
+          "rating": 5
+        },
+        {
+          "username": "katjaStoiber",
+          "rating": 4
+        }
+      ],
+      "concertGroups": [
+        {
+          "name": "Music of the Spheres",
+          "image": "concerts/music-of-the-spheres.png",
+          "concerts": [
+            {
+              "date": "8",
+              "price": 124.90,
+              "inStock": 765,
+              "location": "Astra Kulturhaus"
+            },
+            {
+              "date": "15",
+              "price": 129.90,
+              "inStock": 989,
+              "location": "Waldbühne Berlin"
+            },
+            {
+              "date": "22",
+              "price": 134.90,
+              "inStock": 827,
+              "location": "Olympiahalle München"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "Foo Fighters",
+      "foundingYear": 1994,
+      "descriptionEn": "Foo Fighters is an American rock band formed in Seattle in 1994. Founded as a one-man project by former Nirvana drummer Dave Grohl, the lineup now consists of Grohl (lead vocals, guitar), Nate Mendel (bass), Chris Shiflett and Pat Smear (guitars), Rami Jaffee (keyboards), and Josh Freese (drums). Drummers William Goldsmith and Taylor Hawkins, along with guitarist Franz Stahl, are former members of the band.",
+      "descriptionDe": "Foo Fighters ist eine US-amerikanische Rockband. Prominentestes Mitglied und Band-Gründer ist der ehemalige Nirvana-Schlagzeuger Dave Grohl. ",
+      "images": [
+        "bands/foo-fighters-1.jpg",
+        "bands/foo-fighters-2.jpg",
+        "bands/foo-fighters-3.jpg"
+      ],
+      "imageMembers": "bands/foo-fighters-members.jpg",
+      "logo": "bands/foo-fighters-logo.png",
+      "genres": [
+        "Alternative Rock",
+        "Post-Grunge"
+      ],
+      "members": [
+        {
+          "name": "Dave Grohl",
+          "image": "artists/dave-grohl.jpg"
+        },
+        {
+          "name": "Pat Smear",
+          "image": "artists/pat-smear.jpg"
+        },
+        {
+          "name": "Nate Mendel",
+          "image": "artists/nate-mendel.jpg"
+        },
+        {
+          "name": "Chris Shiflett",
+          "image": "artists/chris-shiflett.jpg"
+        },
+        {
+          "name": "Rami Jaffee",
+          "image": "artists/rami-jaffee.jpg"
+        },
+        {
+          "name": "Josh Freese",
+          "image": "artists/josh-freese.jpg"
+        }
+      ],
+      "ratings": [
+        {
+          "username": "hagemeister93",
+          "rating": 5
+        }
+      ],
+      "concertGroups": [
+        {
+          "name": "But Here We Are Tour",
+          "image": "concerts/but-here-we-are.jpg",
+          "concerts": [
+            {
+              "date": "30",
+              "price": 80,
+              "inStock": 99,
+              "location": "ZAG Arena"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "Billy Talent",
+      "foundingYear": 1993,
+      "descriptionEn": "Billy Talent is a Canadian rock band from Mississauga, Ontario. They formed in 1993 with lead vocalist Benjamin Kowalewicz, guitarist Ian D'Sa, bassist Jonathan Gallant, and drummer Aaron Solowoniuk. There have been no lineup changes, although Solowoniuk has been on hiatus from the band since 2016 due to a relapse of multiple sclerosis. In the three decades since their inception, Billy Talent has sold well over a million physical albums in Canada alone and nearly 3 million albums internationally. During their most successful period, they were ranked as one of the top 10 best-selling native bands in Canada.",
+      "descriptionDe": "Billy Talent ist eine kanadische Rockband aus Mississauga, Ontario. Die Band spielte anfangs Punk, ordnet sich auf den späteren Alben jedoch eher im Alternative Rock ein. ",
+      "images": [
+        "bands/billy-talent-1.jpg",
+        "bands/billy-talent-2.jpg",
+        "bands/billy-talent-3.jpg"
+      ],
+      "imageMembers": "bands/billy-talent-members.jpg",
+      "logo": "bands/billy-talent-logo.png",
+      "genres": [
+        "Alternative Rock",
+        "Punk-Rock",
+        "Post-Hardcore",
+        "Pop-Punk"
+      ],
+      "members": [
+        {
+          "name": "Benjamin Kowalewicz",
+          "image": "benjamin-kowalewicz.jpg"
+        },
+        {
+          "name": "Ian D'Sa ",
+          "image": "artists/ian-d-sa.jpg"
+        },
+        {
+          "name": "Jonathan Gallant",
+          "image": "artists/jonathan-gallant.jpg"
+        },
+        {
+          "name": "Jordan Hastings",
+          "image": "artists/jordan-hastings.jpg"
+        },
+        {
+          "name": "Josh Freese",
+          "image": "artists/josh-freese.jpg"
+        }
+      ],
+      "ratings": [
+        {
+          "username": "hagemeister93",
+          "rating": 5
+        },
+        {
+          "username": "katjaStoiber",
+          "rating": 3
+        },
+        {
+          "username": "oetkerohnek",
+          "rating": 4
+        }
+      ],
+      "concertGroups": [
+        {
+          "name": "Crisis of Faith",
+          "image": "concerts/crisis-of-faith-tour.jpg",
+          "concerts": [
+            {
+              "date": "3",
+              "price": 81.90,
+              "inStock": 173,
+              "location": "ZAG Arena"
+            },
+            {
+              "date": "15",
+              "price": 84.90,
+              "inStock": 192,
+              "location": "Muffatwerk"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "Royal Blood",
+      "foundingYear": 2013,
+      "descriptionEn": "Royal Blood are an English rock duo formed in Littlehampton in 2011. The current lineup consists of Mike Kerr (vocals, bass guitar, piano) and Ben Thatcher (drums). Their signature sound is built around Kerr's bass playing style, which sees him using various effects pedals and amps to make his bass guitar sound like an electric guitar and bass guitar at the same time. The duo were signed by Warner Chappell Music in 2013 and have since released four studio albums: Royal Blood (2014), How Did We Get So Dark? (2017), Typhoons (2021), and Back to the Water Below (2023).",
+      "descriptionDe": "Royal Blood ist ein britisches Garage- und Bluesrock-Duo, das 2013 in Worthing gegründet wurde. Im Gegensatz zu herkömmlichen Rockbands besteht Royal Blood nur aus zwei Mitgliedern, dem Bassisten und Sänger Mike Kerr und dem Schlagzeuger Ben Thatcher. Durch die Verwendung mehrerer Effektpedale emuliert Kerr den Klang einer verzerrten E-Gitarre, wodurch das Fehlen eines Gitarristen kompensiert wird. ",
+      "images": [
+        "bands/royal-blood-1.jpg",
+        "bands/royal-blood-2.jpg",
+        "bands/royal-blood-3.jpg"
+      ],
+      "imageMembers": "bands/royal-blood-members.jpg",
+      "logo": "bands/royal-blood-logo.jpg",
+      "genres": [
+        "Garage Rock",
+        "Bluesrock"
+      ],
+      "members": [
+        {
+          "name": "Mike Kerr",
+          "image": "artists/mike-kerr.jpg"
+        },
+        {
+          "name": "Ben Thatcher",
+          "image": "artists/ben-thatcher.jpg"
+        }
+      ],
+      "ratings": [
+        {
+          "username": "hagemeister93",
+          "rating": 5
+        },
+        {
+          "username": "katjaStoiber",
+          "rating": 4
+        },
+        {
+          "username": "oetkerohnek",
+          "rating": 4
+        }
+      ],
+      "concertGroups": [
+        {
+          "name": "Back to the Water Below",
+          "image": "concerts/back-to-the-water-below.jpg",
+          "concerts": [
+            {
+              "date": "10",
+              "price": 64.90,
+              "inStock": 245,
+              "location": "E-Werk"
+            },
+            {
+              "date": "20",
+              "price": 67.90,
+              "inStock": 847,
+              "location": "Kulturzentrum Faust"
+            },
+            {
+              "date": "29",
+              "price": 64.90,
+              "inStock": 245,
+              "location": "Waldbühne Berlin"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "Muse",
+      "foundingYear": 1994,
+      "descriptionEn": "Muse are an English rock band from Teignmouth, Devon, formed in 1994. The band consists of Matt Bellamy (lead vocals, guitar, keyboards), Chris Wolstenholme (bass guitar, backing vocals), and Dominic Howard (drums, percussion).",
+      "descriptionDe": "Muse ist eine britische Rockband, die 1994 in Teignmouth, England gegründet wurde. Die Band besteht aus Matthew Bellamy (Gesang, Gitarre, Klavier und Synthesizers), Chris Wolstenholme (E-Bass, Gesang, Synthesizer) und Dominic Howard (Schlagzeug und Perkussion). Muse verbindet stilistisch Alternative, Hard und Progressive Rock sowie Electronica mit Elementen klassischer Musik zu Rockballaden und wird dem Subgenre New Prog zugeordnet.",
+      "images": [
+        "bands/muse-1.jpg",
+        "bands/muse-2.jpg",
+        "bands/muse-3.jpg"
+      ],
+      "imageMembers": "bands/muse-members.jpg",
+      "logo": "bands/muse-logo.jpg",
+      "genres": [
+        "Alternative Rock",
+        "New Prog",
+        "Hard Rock"
+      ],
+      "members": [
+        {
+          "name": "Matthew Bellamy",
+          "image": "artists/matthew-bellamy.jpg"
+        },
+        {
+          "name": "Dominic Howard",
+          "image": "artists/dominic-howard.jpg"
+        },
+        {
+          "name": "Chris Wolstenholme",
+          "image": "artists/chris-wolstenholme.jpg"
+        }
+      ],
+      "ratings": [
+        {
+          "username": "hagemeister93",
+          "rating": 5
+        },
+        {
+          "username": "katjaStoiber",
+          "rating": 4
+        },
+        {
+          "username": "oetkerohnek",
+          "rating": 4
+        }
+      ],
+      "concertGroups": [
+        {
+          "name": "Simulation Theory",
+          "image": "concerts/simulation-theory.jpg",
+          "concerts": [
+            {
+              "date": "7",
+              "price": 67.90,
+              "inStock": 847,
+              "location": "Volksparkstadion"
+            },
+            {
+              "date": "17",
+              "price": 67.90,
+              "inStock": 847,
+              "location": "LANXESS arena"
+            }
+          ]
+        },
+        {
+          "name": "Will of the People Tour",
+          "image": "concerts/will-of-the-people-tour.jpg",
+          "concerts": [
+            {
+              "date": "2",
+              "price": 67.90,
+              "inStock": 847,
+              "location": "ZAG Arena"
+            },
+            {
+              "date": "17",
+              "price": 67.90,
+              "inStock": 847,
+              "location": "ZAG Arena"
+            },
+            {
+              "date": "31",
+              "price": 64.90,
+              "inStock": 245,
+              "location": "Olympiastadion Berlin"
+            },
+            {
+              "date": "43",
+              "price": 64.90,
+              "inStock": 245,
+              "location": "Astra Kulturhaus"
+            },
+            {
+              "date": "50",
+              "price": 64.90,
+              "inStock": 245,
+              "location": "Astra Kulturhaus"
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

backend/data/cities-locations.json

@@ -0,0 +1,599 @@
+{
+  "cities": [
+    {
+      "name": "Hannover",
+      "country": "Germany",
+      "locations": [
+        {
+          "name": "Swiss Life Hall",
+          "address": "Ferdinand-Wilhelm-Fricke-Weg 8",
+          "imageIndoor": "locations/swiss-life-hall-indoor.jpg",
+          "imageOutdoor": "locations/swiss-life-hall-outdoor.jpg",
+          "layout": 2,
+          "rows": 5,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 40
+            },
+            {
+              "name": "B",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "C",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "D",
+              "standingArea": false,
+              "capacity": 40
+            },
+            {
+              "name": "E",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "F",
+              "standingArea": false,
+              "capacity": 25
+            }
+          ]
+        },
+        {
+          "name": "Capitol",
+          "address": "Schwarzer Bär 2",
+          "imageIndoor": "locations/capitol-indoor.jpg",
+          "imageOutdoor": "locations/capitol-outdoor.jpg",
+          "layout": 1,
+          "rows": 1,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 50
+            }
+          ]
+        },
+        {
+          "name": "ZAG Arena",
+          "address": "EXPO-Plaza 7",
+          "imageIndoor": "locations/zag-arena-indoor.jpg",
+          "imageOutdoor": "locations/zag-arena-outdoor.jpg",
+          "layout": 2,
+          "rows": 5,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 40
+            },
+            {
+              "name": "B",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "C",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "D",
+              "standingArea": false,
+              "capacity": 30
+            },
+            {
+              "name": "E",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "F",
+              "standingArea": false,
+              "capacity": 25
+            }
+          ]
+        },
+        {
+          "name": "Kulturzentrum Faust",
+          "address": "Zur Bettfedernfabrik 3",
+          "imageIndoor": "locations/faust-hannover-indoor.jpg",
+          "imageOutdoor": "locations/faust-hannover-outdoor.jpg",
+          "layout": 1,
+          "rows": 1,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 25
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "München",
+      "country": "Germany",
+      "locations": [
+        {
+          "name": "Olympiahalle München",
+          "address": "Spiridon-Louis-Ring 21",
+          "imageIndoor": "locations/olympiahalle-munich-indoor.jpg",
+          "imageOutdoor": "locations/olympiahalle-munich-outdoor.jpg",
+          "layout": 2,
+          "rows": 5,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 60
+            },
+            {
+              "name": "B",
+              "standingArea": false,
+              "capacity": 30
+            },
+            {
+              "name": "C",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "D",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "E",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "F",
+              "standingArea": false,
+              "capacity": 30
+            }
+          ]
+        },
+        {
+          "name": "Schlachthof München",
+          "address": "Zenettistraße 9",
+          "imageIndoor": "locations/schlachthof-munich-indoor.jpg",
+          "imageOutdoor": "locations/schlachthof-munich-outdoor.jpg",
+          "layout": 1,
+          "rows": 1,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 40
+            }
+          ]
+        },
+        {
+          "name": "Muffatwerk",
+          "address": "Zellstraße 4",
+          "imageIndoor": "locations/muffatwerk-indoor.jpg",
+          "imageOutdoor": "locations/muffatwerk-outdoor.jpg",
+          "layout": 1,
+          "rows": 1,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 60
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "Hamburg",
+      "country": "Germany",
+      "locations": [
+        {
+          "name": "Volksparkstadion",
+          "address": "Sylvesterallee 7",
+          "imageIndoor": "locations/volksparkstadion-hamburg-indoor.jpg",
+          "imageOutdoor": "locations/volksparkstadion-hamburg-outdoor.jpg",
+          "layout": 3,
+          "rows": 5,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 50
+            },
+            {
+              "name": "B",
+              "standingArea": false,
+              "capacity": 35
+            },
+            {
+              "name": "C",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "D",
+              "standingArea": false,
+              "capacity": 30
+            },
+            {
+              "name": "E",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "F",
+              "standingArea": false,
+              "capacity": 35
+            },
+            {
+              "name": "G",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "H",
+              "standingArea": false,
+              "capacity": 30
+            },
+            {
+              "name": "I",
+              "standingArea": false,
+              "capacity": 25
+            }
+          ]
+        },
+        {
+          "name": "Barclays Arena",
+          "address": "Sylvesterallee 10",
+          "imageIndoor": "locations/barclays-arena-indoor.jpg",
+          "imageOutdoor": "locations/barclays-arena-outdoor.jpg",
+          "layout": 3,
+          "rows": 3,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 40
+            },
+            {
+              "name": "B",
+              "standingArea": false,
+              "capacity": 18
+            },
+            {
+              "name": "C",
+              "standingArea": false,
+              "capacity": 9
+            },
+            {
+              "name": "D",
+              "standingArea": false,
+              "capacity": 18
+            },
+            {
+              "name": "E",
+              "standingArea": false,
+              "capacity": 9
+            },
+            {
+              "name": "F",
+              "standingArea": false,
+              "capacity": 18
+            },
+            {
+              "name": "G",
+              "standingArea": false,
+              "capacity": 9
+            },
+            {
+              "name": "H",
+              "standingArea": false,
+              "capacity": 18
+            },
+            {
+              "name": "I",
+              "standingArea": false,
+              "capacity": 9
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "Berlin",
+      "country": "Germany",
+      "locations": [
+        {
+          "name": "Waldbühne Berlin",
+          "address": "Am Glockenturm",
+          "imageIndoor": "locations/waldbuehne-berlin-indoor.jpg",
+          "imageOutdoor": "locations/waldbuehne-berlin-outdoor.jpg",
+          "layout": 2,
+          "rows": 5,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": false,
+              "capacity": 15
+            },
+            {
+              "name": "B",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "C",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "D",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "E",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "F",
+              "standingArea": false,
+              "capacity": 25
+            }
+          ]
+        },
+        {
+          "name": "Olympiastadion Berlin",
+          "address": "Olympischer Platz 3",
+          "imageIndoor": "locations/olympiastadion-berlin-indoor.jpg",
+          "imageOutdoor": "locations/olympiastadion-berlin-outdoor.jpg",
+          "layout": 3,
+          "rows": 5,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 60
+            },
+            {
+              "name": "B",
+              "standingArea": false,
+              "capacity": 20
+            },
+            {
+              "name": "C",
+              "standingArea": false,
+              "capacity": 20
+            },
+            {
+              "name": "D",
+              "standingArea": false,
+              "capacity": 20
+            },
+            {
+              "name": "E",
+              "standingArea": false,
+              "capacity": 12
+            },
+            {
+              "name": "F",
+              "standingArea": false,
+              "capacity": 12
+            },
+            {
+              "name": "G",
+              "standingArea": false,
+              "capacity": 12
+            },
+            {
+              "name": "H",
+              "standingArea": false,
+              "capacity": 12
+            },
+            {
+              "name": "I",
+              "standingArea": false,
+              "capacity": 12
+            }
+          ]
+        },
+        {
+          "name": "Uber Arena Berlin",
+          "address": "Uber-Platz 1",
+          "imageIndoor": "locations/uber-arena-berlin-indoor.jpg",
+          "imageOutdoor": "locations/uber-arena-berlin-outdoor.jpg",
+          "layout": 2,
+          "rows": 4,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 50
+            },
+            {
+              "name": "B",
+              "standingArea": false,
+              "capacity": 30
+            },
+            {
+              "name": "C",
+              "standingArea": false,
+              "capacity": 30
+            },
+            {
+              "name": "D",
+              "standingArea": false,
+              "capacity": 20
+            },
+            {
+              "name": "E",
+              "standingArea": false,
+              "capacity": 12
+            },
+            {
+              "name": "F",
+              "standingArea": false,
+              "capacity": 12
+            }
+          ]
+        },
+        {
+          "name": "Columbiahalle",
+          "address": "Columbiadamm 13-21",
+          "imageIndoor": "locations/columbiahalle-indoor.jpg",
+          "imageOutdoor": "locations/columbiahalle-outdoor.jpg",
+          "layout": 2,
+          "rows": 3,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 50
+            },
+            {
+              "name": "B",
+              "standingArea": false,
+              "capacity": 30
+            },
+            {
+              "name": "C",
+              "standingArea": false,
+              "capacity": 9
+            },
+            {
+              "name": "D",
+              "standingArea": false,
+              "capacity": 21
+            },
+            {
+              "name": "E",
+              "standingArea": false,
+              "capacity": 9
+            },
+            {
+              "name": "F",
+              "standingArea": false,
+              "capacity": 30
+            }
+          ]
+        },
+        {
+          "name": "Astra Kulturhaus",
+          "address": "Revaler Straße 99",
+          "imageIndoor": "locations/astra-kulturhaus-indoor.jpg",
+          "imageOutdoor": "locations/astra-kulturhaus-outdoor.jpg",
+          "layout": 1,
+          "rows": 1,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 40
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "Köln",
+      "country": "Germany",
+      "locations": [
+        {
+          "name": "LANXESS arena",
+          "address": "Willy-Brandt-Platz",
+          "imageIndoor": "locations/lanxess-arena-indoor.jpg",
+          "imageOutdoor": "locations/lanxess-arena-outdoor.jpg",
+          "layout": 3,
+          "rows": 5,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 50
+            },
+            {
+              "name": "B",
+              "standingArea": false,
+              "capacity": 30
+            },
+            {
+              "name": "C",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "D",
+              "standingArea": false,
+              "capacity": 20
+            },
+            {
+              "name": "E",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "F",
+              "standingArea": false,
+              "capacity": 30
+            },
+            {
+              "name": "G",
+              "standingArea": false,
+              "capacity": 25
+            },
+            {
+              "name": "H",
+              "standingArea": false,
+              "capacity": 20
+            },
+            {
+              "name": "I",
+              "standingArea": false,
+              "capacity": 25
+            }
+          ]
+        },
+        {
+          "name": "Palladium",
+          "address": "Schanzenstraße 40",
+          "imageIndoor": "locations/palladium-indoor.jpg",
+          "imageOutdoor": "locations/palladium-outdoor.jpg",
+          "layout": 1,
+          "rows": 1,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 50
+            }
+          ]
+        },
+        {
+          "name": "E-Werk",
+          "address": "Schanzenstraße 37",
+          "imageIndoor": "locations/e-werk-indoor.jpg",
+          "imageOutdoor": "locations/e-werk-outdoor.jpg",
+          "layout": 1,
+          "rows": 1,
+          "seatGroups": [
+            {
+              "name": "A",
+              "standingArea": true,
+              "capacity": 40
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

backend/data/exercises.json

@@ -0,0 +1,131 @@
+{
+  "groups": [
+    {
+      "nameDe": "Den Shop kennenlernen",
+      "nameEn": "Getting to know the shop",
+      "groupNr": 0,
+      "descriptionDe": "Vor einem Angriff ist es wichtig zu verstehen, wie die Webseite aufgebaut ist. Wie sind die URLs strukturiert? Wo befinden sich Eingabefelder welche im Backend eine SQL Abfrage stellen?",
+      "descriptionEn": "todo",
+      "exercises": [
+        {
+          "nameDe": "Registrieren",
+          "nameEn": "Register",
+          "exerciseNr": 1,
+          "descriptionDe": "Wir richten uns einen gewöhnlichen Account auf der Plattform ein. Navigiere hierzu auf die Account-Seite und registriere dich.",
+          "descriptionEn": "Create a new account in the online shop"
+        },
+        {
+          "nameDe": "Profil vervollständigen",
+          "nameEn": "Complete profile",
+          "exerciseNr": 2,
+          "descriptionDe": "Bestellungen sind erst möglich, wenn das Account-Profil vervollständigt ist. Logge dich ein, navigiere zu den Account-Einstellungen, fülle den Namen aus und füge je eine Adresse und Bezahlart hinzu. Speichere alles zum Schluss ab.",
+          "descriptionEn": "Search for an event of choice and buy a ticket for"
+        },
+        {
+          "nameDe": "Ein Ticket kaufen",
+          "nameEn": "Buy a ticket",
+          "exerciseNr": 3,
+          "descriptionDe": "Wir führen nun einen Bestellvorgang durch. Wähle hierzu ein Konzert deiner Wahl und lege Tickets in den Warenkorb. Öffne diesen und schließe die Bestellung ab. Beachte die Struktur der URL wenn du ein Konzert buchen willst. Sieh dir ruhig 2-3 Buchungsseiten an, wie sich die URL jeweils verändert.",
+          "descriptionEn": "Search for an event of choice and buy a ticket for"
+        }
+      ]
+    },
+    {
+      "nameDe": "Broken Access Control",
+      "nameEn": "Broken Access Control",
+      "groupNr": 1,
+      "descriptionDe": "Eine Webseite beinhaltet öffentlich einsehbare und einige geschützte Seiten. Letztere sind nur mit passenden Berechtigungen erreichbar. Beispiele hierfür sind ein Admin-Panel oder der persönliche Warenkorb. Der Zugriff wird oft über Cookies oder eine Authentifizierung an einem Backend-Server geregelt. Bei Broken Access Control ist dieser Sicherheits-Mechanismus nicht oder fehlerhaft implementiert. Somit lassen sich Seiten unberechtigterweise über die URL erreichen.",
+      "descriptionEn": "todo",
+      "exercises": [
+        {
+          "nameDe": "Hilfe-Seite aufrufen",
+          "nameEn": "Access Help Page",
+          "exerciseNr": 1,
+          "descriptionDe": "Die Hilfe-Seite erlaubt dir einen Einblick auf den Bearbeitungszustand der Aufgaben. Sie ist dementsprechend nicht abgesichert, aber auch (noch) nicht in der Titel-Leiste als Button erreichbar. Erweitere die URL in der Adresszeile so, dass du auf die Hilfeseite gelangst.",
+          "descriptionEn": "Manipulate the URL and access the help page"
+        },
+        {
+          "nameDe": "Das versteckte Konzert buchen",
+          "nameEn": "Book the hidden concert",
+          "exerciseNr": 2,
+          "descriptionDe": "Die Band >>Arctic Monkeys<< will auf ihrer >>European Tour<< drei Konzerte spielen. Im Shop finden sich allerdings nur zwei Einträge. Zwischen den beiden Tourdaten soll eine Show in der Lanxess Arena in Köln stattfinden, der Datensatz hierfür ist bereits angelegt, jedoch nicht freigeschaltet. Besuche die Seite der Band. Sieh dir den Zeitraum zwischen beiden Konzerten an, in denen das versteckte Event liegen könnte. Öffne eine Buchungsseite eines anderen Konzertes und ändere die URL so ab, dass du das versteckte Konzert buchen kannst. Reserviere dir mindestens ein Ticket und schließe den Bestellprozess ab.",
+          "descriptionEn": "Manipulate the URL and access the sold out concert and buy a ticket"
+        }
+      ]
+    },
+    {
+      "nameDe": "SQL Injections",
+      "nameEn": "SQL Injections",
+      "groupNr": 2,
+      "descriptionDe": "Eine Datenbank arbeitet mit SQL Befehlen um Datensätze anzulegen, abzurufen, zu verändern und löschen. Ein Server wird über API-Schnittstellen angesprochen, führt die Befehle in der Datenbank aus und liefert das Ergebnis zurück. Der Client darf keinen direkten Zugriff auf die Datenbank haben. Bei SQL Injections wird versucht, diesen Sicherheitsmechanismus zu umgehen und über die API-Schnittstellen direkte SQL Befehle auszuführen.",
+      "descriptionEn": "todo",
+      "exercises": [
+        {
+          "nameDe": "Wie sieht die Datenbank aus?",
+          "nameEn": "How does the database look like?",
+          "exerciseNr": 1,
+          "descriptionDe": "Wir versuchen nun die Datenbank im Hintergrund anzugreifen. Aktuell wissen wir aber noch nicht wie die Datenbank aussieht, also welche Tabellen sie beinhaltet. Wir können uns aber mit einem SQL-Befehl ausgeben. Gehe zur globalen Suchseite. Öffne mit der Tastenkombination >>Strg<< + >>D<< die >>Developer Tools<<. Klicke auf den Reiter >>Network<<. Hier siehst du, wie das Frontend mit dem Server kommuniziert. Schreibe nun eine SQL-Injection, welche den Suchbegriff ignoriert und dir stattdessen alle Datensätze der Tabelle >>sqlite_master<< zurück gibt, sofern die Bedingung >>type='table'<< erfüllt ist. Kopiere dir bei erfolgreicher Rückmeldung des Backends die Namen der Tabellen in eine Text-Datei, damit wir für die kommenden Aufgaben die richtigen Namen der Tabellen angeben können.",
+          "descriptionEn": "todo"
+        },
+        {
+          "nameDe": "Alle Accounts ausspähen",
+          "nameEn": "Get all accounts",
+          "exerciseNr": 2,
+          "descriptionDe": "Schreibe nun eine SQL-Injection, welche den Suchbegriff ignoriert und dir stattdessen alle Datensätze der Account-Tabelle zurück liefert. Führe den Angriff über das Suchfeld aus. Sieh dir die Rückmeldung des Servers an.",
+          "descriptionEn": "Execute an SQL-Injection on the Search page to get all datasets from >>Accounts<< table."
+        },
+        {
+          "nameDe": "Alle Berechtigungsgruppen ausspähen",
+          "nameEn": "Get all account roles",
+          "exerciseNr": 3,
+          "descriptionDe": "Wir sehen nun alle Accounts. Jeder hat eine Berechtigungs-ID (accountRoleId) mit der Berechtigungen wie der Zugriff aufs Admin-Panel geregelt werden. Wir wissen aber nicht, was die ID's bedeuten. Schreibe darum eine SQL-Injection, welche den Suchbegriff ignoriert und dir stattdessen alle Datensätze der Tabelle >>AccountRoles<< zurück liefert. Führe den Angriff über das Suchfeld aus. Beobachte die Rückmeldung des Servers über den >>Network<<-Tab.",
+          "descriptionEn": "Execute an SQL-Injection on the Search page to get all datasets from >>AccountRoles<< table."
+        },
+        {
+          "nameDe": "Eigene Berechtigungen erhöhen",
+          "nameEn": "Upgrade your privileges",
+          "exerciseNr": 4,
+          "descriptionDe": "Jetzt bearbeiten wir unseren eigenen Account. Schreibe hierfür einen >>UPDATE<<-SQL-Befehl, welcher die >>accountRoleId<< auf das Niveau eines >>Admin<< erhöht für deinen Account-Namen.",
+          "descriptionEn": "Change the privileges of your account"
+        },
+        {
+          "nameDe": "Einen fremden Account übernehmen",
+          "nameEn": "Capture another account",
+          "exerciseNr": 5,
+          "descriptionDe": "Statt unsere eigenen Berechtigungen zu erhöhen, können wir auch einen Account übernehmen, welcher bereits ein >>Super-Admin<< ist. Suche dir dafür aus der Liste der in Aufgabe 2.1 erhaltenen Accounts einen aus, welcher die Rolle >>Super-Admin<< inne hat. Nur damit lässt sich die Dateiverwaltung öffnen, welche wir später brauchen. Hast du den Account-Namen gefunden, gehe ins Login-Menü (logge dich aus, falls du noch angemeldet bist). Führe nun einen SQL-Injektion durch um diesen Account zu übernehmen.",
+          "descriptionEn": "todo"
+        },
+        {
+          "nameDe": "Bewertungen löschen",
+          "nameEn": "Delete ratings",
+          "exerciseNr": 6,
+          "descriptionDe": "Jede Band hat Bewertungen auf einer Skala von eins bis fünf Sternen erhalten. Wir wollen alle Fünf-Sterne Bewertungen aus der Datenbank löschen. Schreibe eine SQL Injection, welche in der Bewertungs-Tabelle alle Einträge mit der Bedingung >>rating = 5<< entfernt. Führe die Injection über die globale Suche aus.",
+          "descriptionEn": "todo"
+        }
+      ]
+    },
+    {
+      "nameDe": "Cross-Site Scripting (XSS)",
+      "nameEn": "Cross-Site Scripting (XSS)",
+      "groupNr": 3,
+      "descriptionDe": "Als nächstes wollen wir Schadcode in die Web-Applikation einschleusen. Zunächst testen wir, ob die Webseite hierfür anfällig ist. Manipuliere die URL der Band-Seite so, dass du eine >>Hallo Welt!<<-Nachricht als >>alert<< siehst. Hinweis: Nutze einen image tag! Setze als >>src<< die Zahl >>1<<. Den Befehl kannst du im Tag >>onerror<< ausführen.",
+      "descriptionEn": "todo",
+      "exercises": [
+        {
+          "nameDe": "Hallo Welt!",
+          "nameEn": "Hello World!",
+          "exerciseNr": 1,
+          "descriptionDe": "Als nächstes wollen wir Schadcode in die Web-Applikation einschleusen. Zunächst testen wir, ob die Webseite hierfür anfällig ist. Gehe hierzu auf die Seite >>Alle Bands<< und filtere die Einträge nach einem beliebigen Genre deiner Wahl. In der URL-Leiste siehst du nun, dass hinter der URL und dem Ressourcen-Ziel ein Parameter angegeben ist (der Part hinter dem Fragezeichen). Wir tauschen diesen Parameter gegen einen HTML Tag aus. Der Trick hierbei: Als Quelle geben wir den Zahlenwert >>1<< an, wodurch automatisch das ausgeführt wird, was im >>onerror<<-Tag drinnen steht. Genau hier soll eine Alert-Meldung mit >>Hello World!<< als JavaScript Code eingefügt werden. Verändere die URL so, dass sie die Meldung ausgibt. Falls du nicht mit JavaScript vertraut bist, sieh dir die letzte Seite mit nützlichen Befehlen an.",
+          "descriptionEn": "Take an URL of the shop and extend it with JavaScript code so that a 'Hello World' message appears whent the link is opened"
+        },
+        {
+          "nameDe": "Ein externes Script aufrufen",
+          "nameEn": "Run an external script",
+          "exerciseNr": 2,
+          "descriptionDe": "Wir haben festgestellt, dass die Seite für Cross-Site-Scripting durch Reflected XSS angreifbar ist! Im zweiten Schritt binden wir nun das Script ein. Es wurde bereits auf den Server hochgeladen. Logge dich wahlweise mit einem Admin-Account (Aufgabe 2.5) oder deinem eigenen nun berechtigten Account (Aufgabe 2.4) ein. Öffne nun das Admin-Panel über den Button rechts oben. Suche über die Dateiverwaltung im Admin-Panel nach dem Skript und notiere dir die darunter angezeigte Adresse auf dem Backend-Server. Logge dich aus. Wir wollen das Skript auf der nun sichtbaren Login-Seite über eine veränderte URL einbinden. Nutze hierfür das gleiche Prinzip wie in Aufgabe 3.1. Statt >>genreName<< kannst du einen beliebigen anderen Parameter-Namen verwenden. Nutze die Konsole mit der Tastenkombination Strg + D vor dem Abschicken der URL.Logge dich nach erfolgreicher Aufgabenlösung ein und sieh in der Konsole, wie deine Login-Daten abgegriffen werden.",
+          "descriptionEn": "Create an URL of the shop, which calls the script"
+        }
+      ]
+    }
+  ]
+}

backend/data/licenses.json

@@ -0,0 +1,200 @@
+[
+  {
+    "image": "alex-turner.jpg",
+    "license": "CC BY 2.0",
+    "creator": "Raph_PH",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/9/95/Alex_Turner%2C_Way_Out_West_2018.jpg"
+  },
+  {
+    "image": "andy-nicholson.jpg",
+    "license": "CC BY 2.0",
+    "creator": "Lola's Big Adventure!",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/6/6c/Andy_Nicholson_%28cropped%29.jpg"
+  },
+  {
+    "image": "anthony-kiedis.jpg",
+    "license": "CC BY 2.0",
+    "creator": "Hel Davies",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/c/ca/Anthony_Kiedis_2022.jpg"
+  },
+  {
+    "image": "chris-martin.jpg",
+    "license": "CC BY 2.0",
+    "creator": "Raph_PH",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/6/68/ChrisMartinManch030623_%28cropped%29.jpg"
+  },
+  {
+    "image": "chris-wolstenholme.jpg",
+    "license": "CC BY-SA 4.0",
+    "creator": "Markus Felix",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/e/eb/2018_Chris_Wolstenholme_%28cropped%29.jpg"
+  },
+  {
+    "image": "flea.jpg",
+    "license": "CC BY 2.0",
+    "creator": "Piyush Kumar",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/8/8e/Flea_1012_%282%29.jpg"
+  },
+  {
+    "image": "chad-smith.jpg",
+    "license": "Gemeinfrei",
+    "creator": "Bojosoto",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/4/42/Chadsmithclinic.jpg"
+  },
+  {
+    "image": "john-frusciante.jpg",
+    "license": "CC BY-SA 2.0",
+    "creator": "Hel Davies",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/1/1f/John_Frusciante_%2852279466415%29.jpg"
+  },
+  {
+    "image": "logo.png",
+    "license": "MIT",
+    "creator": "Tobias Zoghaib",
+    "url": ""
+  },
+  {
+    "image": "lanxess-arena-indoor.jpg",
+    "license": "CC BY-SA 3.0",
+    "creator": "Admin Kübelbeck",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/f/f3/Koelnarena_inside.jpg"
+  },
+  {
+    "image": "lanxess-arena-outdoor.jpg",
+    "license": "CC BY-SA 2.0",
+    "creator": "Rolf H.",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/1/18/Lanxess_Arena_Flight_over_Cologne.jpg"
+  },
+  {
+    "image": "red-hot-chili-peppers-1.jpg",
+    "license": "CC BY-SA 4.0",
+    "creator": "Kreepin Deth",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/1/14/RHCP_Live_in_London_26_June_2022.jpg"
+  },
+  {
+    "image": "swiss-life-hall-indoor.jpg",
+    "license": "CC BY-SA 3.0",
+    "creator": "Bernd Schwabe in Hannover",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/8/89/2013-09-18_Besuch_14._Dalai_Lama_Tendzin_Gyatsho_in_Hannover%2C_future4children%2C_Swiss_Life_Hall%2C_%2876%29.JPG"
+  },
+  {
+    "image": "swiss-life-hall-outdoor.jpg",
+    "license": "Public Domain",
+    "creator": "AxelHH",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/6/66/AWD_Hall_Seite.jpg"
+  },
+  {
+    "image": "astra-kulturhaus-outdoor.jpg",
+    "license": "CC BY 2.0",
+    "creator": "Marcus Grbac",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/f/fd/Astra_Kulturhaus_Biergarten_RAW_Berlin_July_2017.jpg"
+  },
+  {
+    "image": "thom-yorke.jpg",
+    "license": "CC BY 2.0",
+    "creator": "Raph_PH",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/2/25/RadioheadMontreal170718-70_%2843600493681%29_%28cropped%29.jpg"
+  },
+  {
+    "image": "rami-jaffee.jpg",
+    "license": "CC BY 2.0",
+    "creator": "Raph_PH",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/f/fa/Rami_Jaffee_1.jpg"
+  },
+  {
+    "image": "philip-selway.jpg",
+    "license": "CC BY-SA 2.0",
+    "creator": "Michell Zappa",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/1/1f/Phil_Selway.jpg"
+  },
+  {
+    "image": "phil-harvey.jpg",
+    "license": "CC BY-SA 3.0",
+    "creator": "Hayley St. James",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/3/36/PhilHarveyNewYork17062021.png"
+  },
+  {
+    "image": "pat-smear.jpg",
+    "license": "GNU v.1.2",
+    "creator": "Andrew Burns",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/6/66/Patsmear.jpg"
+  },
+  {
+    "image": "mike-kerr.jpg",
+    "license": "CC BY 4.0",
+    "creator": "Dena Flows",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/8/85/017-BIME-2017-Royal-Blood-27X17-por-Dena-Flows.jpg"
+  },
+  {
+    "image": "matthew-bellamy.jpg",
+    "license": "CC BY 3.0",
+    "creator": "Minerva97",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/d/d0/2009_Matthew_Bellamy_%28cropped%29.jpg"
+  },
+  {
+    "image": "capitol-outside.jpg",
+    "license": "",
+    "creator": "AxelHH",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/6/6c/Hannover_Capitol_ganz.jpg"
+  },
+  {
+    "image": "red-hot-chili-peppers-logo.png",
+    "license": "",
+    "creator": "Viiticus",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/3/31/Red_Hot_Chili_Peppers_logo.svg"
+  },
+  {
+    "image": "red-hot-chili-peppers-2.jpg",
+    "license": "CC BY-SA 4.0",
+    "creator": "Roberto Gianardi",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/6/64/Red_Hot_Chili_Peppers_Bologna_2016.jpg"
+  },
+  {
+    "image": "arctic-monkeys-1.jpg",
+    "license": "CC BY 3.0",
+    "creator": "Bill Ebbesen",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/0/04/Arctic_Monkeys_-_Orange_Stage_-_Roskilde_Festival_2014.jpg"
+  },
+  {
+    "image": "arctic-monkeys-2.jpg",
+    "license": "CC BY-SA 3.0",
+    "creator": "Kennysun",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/6/65/Arctic_Monkeys_Playing_at_MSG.jpg"
+  },
+  {
+    "image": "arctic-monkeys-3.jpg",
+    "license": "CC BY-SA 2.0",
+    "creator": "Aurelien Guichard",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/f/f8/Arctic_Monkeys_%40_Shepherds_Bush_Empire.jpg"
+  },
+  {
+    "image": "european-tour-arctic-monkeys.jpg",
+    "license": "Gemeinfrei",
+    "creator": "Matthew Cooper",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/e/e7/%22AM%22_%28Arctic_Monkeys%29.jpg"
+  },
+  {
+    "image": "billy-talent-1.jpg",
+    "license": "CC BY-SA 4.0",
+    "creator": "Biha",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/2/2b/Billy_Talent_-_Frequency_Festival_-_2017-08-15-21-51-04.jpg"
+  },
+  {
+    "image": "billy-talent-2.jpg",
+    "license": "CC BY-SA 4.0",
+    "creator": "Markus Maier",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/3/3f/Southside_Festival_-_Billy_Talent_-_DSC05306.jpg"
+  },
+  {
+    "image": "billy-talent-3.jpg",
+    "license": "CC BY-SA 2.0",
+    "creator": "sebi ryffel",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/e/ec/Billy_Talent_at_Rock_Am_See_2007.jpg"
+  },
+  {
+    "image": "coldplay-members.jpg",
+    "license": "CC BY 2.0",
+    "creator": "Raph_PH",
+    "url": "https://upload.wikimedia.org/wikipedia/commons/2/2e/ColdplayBBC071221_%28cropped%29.jpg"
+  }
+]

backend/data/orders.json

@@ -0,0 +1,52 @@
+{
+  "orders": [
+    {
+      "username": "hagemeister93",
+      "shipped": true,
+      "tickets": [
+        {
+          "date": "1",
+          "concertGroupName": "Unlimited Love",
+          "orderPrice": 184,
+          "seatGroup": "A",
+          "seatRow": 0,
+          "seat": 1
+        }
+      ]
+    },
+    {
+      "username": "duranduran",
+      "tickets": [
+        {
+          "date": "8",
+          "concertGroupName": "Unlimited Love",
+          "orderPrice": 184,
+          "seatGroup": "A",
+          "seatRow": 0,
+          "seat": 2
+        },
+        {
+          "date": "8",
+          "concertGroupName": "Unlimited Love",
+          "orderPrice": 184,
+          "seatGroup": "A",
+          "seatRow": 0,
+          "seat": 3
+        }
+      ]
+    },
+    {
+      "username": "duranduran",
+      "tickets": [
+        {
+          "date": "14",
+          "concertGroupName": "The Bends",
+          "orderPrice": 184,
+          "seatGroup": "A",
+          "seatRow": 0,
+          "seat": 4
+        }
+      ]
+    }
+  ]
+}

backend/database.ts

@@ -0,0 +1,59 @@
+import { Sequelize } from "sequelize-typescript"
+
+// Models
+import { Order } from "./models/ordering/order.model"
+import { Ticket } from "./models/ordering/ticket.model"
+import { Account } from "./models/user/account.model"
+import { prepopulateDatabase } from "./scripts/databaseHelper"
+import { Address } from "./models/user/address.model"
+import { Payment } from "./models/user/payment.model"
+import { AccountRole } from "./models/user/accountRole.model"
+import { Genre } from "./models/acts/genre.model"
+import { Location } from "./models/locations/location.model"
+import { Band } from "./models/acts/band.model"
+import { Concert } from "./models/acts/concert.model"
+import { Member } from "./models/acts/member.model"
+import { Rating } from "./models/acts/rating.model"
+import { City } from "./models/locations/city.model"
+import { BandGenre } from "./models/acts/bandGenre.model"
+import { Seat } from "./models/locations/seat.model"
+import { SeatGroup } from "./models/locations/seatGroup.model"
+import { SeatRow } from "./models/locations/seatRow.model"
+import { Exercise } from "./models/exercises/exercise.model"
+import { ExerciseGroup } from "./models/exercises/exerciseGroup.model"
+
+const dbName = "database"
+const dbUser = "root"
+const dbPassword = "123456"
+
+// Definition of the database
+export const sequelize = new Sequelize({
+  database: dbName,
+  dialect: "sqlite",
+  username: dbUser,
+  password: dbPassword,
+  storage: "database.sqlite",
+  models: [
+    AccountRole, Account, Payment, Address,
+    City, Location, SeatGroup, SeatRow, Seat,
+    Genre, Band, BandGenre, Rating, Member, Concert,
+    Order, Ticket,
+    Exercise, ExerciseGroup
+  ]
+})
+
+export function startDatabase() {
+  let recreateDb = false
+
+  // Create database and tables
+  sequelize.sync({ force: recreateDb })
+    .then(() => {
+      console.log("Database & tables created!")
+
+      if (recreateDb) {
+        prepopulateDatabase()
+      }
+      
+      console.log("Database prepopulated!")
+    })
+}