Fix bugs, add log rotation, and optimize hot paths

- Fix AttributeError crash on empty request body in md5, hasher, textdiff,
  jwtdecoder, timestamp, passwordgen (get_json without silent=True / or {})
- Fix memory exhaustion in ipcalc: replace list(network.hosts()) with direct
  arithmetic — safe for /8 and larger networks
- Fix O(1M) loop in cronexplainer.get_next_runs: rewrite to skip by
  month/day/hour instead of iterating every minute
- Fix connection leak in notes.ensure_table: add try/finally around conn.close
- Fix admin._ensure_tables / notes._ensure_table running DDL on every request:
  guard with module-level flags (_tables_initialized, _table_ready)
- Fix update_website returning 200 when no row matched; delete_website returning
  success when nothing was deleted; add rowcount checks for both
- Add role validation in admin create_user / update_user (_VALID_ROLES guard)
- Add delimiter length guard in csvviewer (csv.reader requires single char)
- Fix loremipsum: wrap int(count) in try/except ValueError → 400 response
- Fix auth/token: use auth_header[7:] instead of fragile .replace()
- Fix app.py: remove duplicate import sys; cache DB liveness check with 30s TTL
  to avoid a new TCP connection on every frontend page load; move api/setup
  path guard before DB check
- Replace FileHandler with RotatingFileHandler (5 MB / 3 backups) in logger;
  fix relative log paths to absolute paths anchored to __file__
- Wrap all DB connections in try/finally conn.close() throughout admin and notes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/tools/ipcalc.py

@@ -12,7 +12,7 @@ def ip_calculate():
     if not user:
         return jsonify({"message": "Nicht autorisiert"}), 401
     try:
-        data = request.get_json() or {}
+        data = request.get_json(silent=True) or {}
         cidr = data.get("cidr", "").strip()
 
         try:
@@ -20,16 +20,26 @@ def ip_calculate():
         except ValueError as e:
             return jsonify({"message": f"Ungültige CIDR-Notation: {e}"}), 400
 
-        hosts = list(network.hosts())
-        first_host = str(hosts[0]) if hosts else str(network.network_address)
-        last_host = str(hosts[-1]) if hosts else str(network.broadcast_address)
-        total_hosts = len(hosts)
+        prefix = network.prefixlen
+        net_int = int(network.network_address)
+        bcast_int = int(network.broadcast_address)
+
+        # Avoid materialising millions of host objects for large networks.
+        if prefix == 32:
+            total_hosts = 1
+            first_host = str(network.network_address)
+            last_host = str(network.network_address)
+        elif prefix == 31:
+            total_hosts = 2
+            first_host = str(network.network_address)
+            last_host = str(network.broadcast_address)
+        else:
+            total_hosts = network.num_addresses - 2
+            first_host = str(ipaddress.IPv4Address(net_int + 1))
+            last_host = str(ipaddress.IPv4Address(bcast_int - 1))
 
-        # Wildcard = inverse of netmask
         netmask_int = int(network.netmask)
-        wildcard_int = (~netmask_int) & 0xFFFFFFFF
-        wildcard = str(ipaddress.IPv4Address(wildcard_int))
-
+        wildcard = str(ipaddress.IPv4Address((~netmask_int) & 0xFFFFFFFF))
         ip_class = "Privat" if network.is_private else "Öffentlich"
 
         return jsonify({
@@ -40,7 +50,7 @@ def ip_calculate():
             "first_host": first_host,
             "last_host": last_host,
             "total_hosts": total_hosts,
-            "prefix_length": network.prefixlen,
+            "prefix_length": prefix,
             "ip_class": ip_class,
         })