diff --git a/src/routes/api/add/+server.ts b/src/routes/api/add/+server.ts
deleted file mode 100644
index 5e68748..0000000
--- a/src/routes/api/add/+server.ts
+++ /dev/null
@@ -1,30 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { Recipe } from '../../../models/Recipe';
-import { dbConnect, dbDisconnect } from '../../../utils/db';
-import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';;
-// header: use for bearer token for now
-// recipe json in body
-export const POST: RequestHandler = async ({request, cookies}) => {
-	let message = await request.json()
-  	const recipe_json = message.recipe
-  	const user = await authenticateUser(cookies)
-  	if(!user){
-  		throw error(401, "Not logged in")
-  	}
-  	if(!user.access.includes("rezepte")){
-  	      	throw error(401, "This user does not have permissions to add recipes")
-  	}
-  	else{
-		await dbConnect();
-  		try{
-  	      		await Recipe.create(recipe_json);
-  		} catch(e){
-  	      		throw error(400, e)
-  	      	}
-  		await dbDisconnect();
-  	      	return new Response(JSON.stringify({msg: "Added recipe successfully"}),{
-  	      		    status: 200,
-  		});
-  	}
-};
diff --git a/src/routes/api/delete/+server.ts b/src/routes/api/delete/+server.ts
deleted file mode 100644
index 468bd5b..0000000
--- a/src/routes/api/delete/+server.ts
+++ /dev/null
@@ -1,23 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { Recipe } from '../../../models/Recipe';
-import { dbConnect, dbDisconnect } from '../../../utils/db';
-import type {RecipeModelType} from '../../../types/types';
-import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';
-// header: use for bearer token for now
-// recipe json in body
-export const POST: RequestHandler = async ({request, cookies}) => {
-  	let message = await request.json()
-
-  	const user = await authenticateUser(cookies)
-  	if(!user) throw error(401, "Need to be logged in")
-  	if(!user.access.includes("rezepte")) throw error(401, "Insufficient permissions")
-
-  	const short_name = message.old_short_name
-	await dbConnect();
-	await Recipe.findOneAndDelete({short_name: short_name});
-  	await dbDisconnect();
-	return new Response(JSON.stringify({msg: "Deleted recipe successfully"}),{
-			    status: 200,
-  	});
-}
diff --git a/src/routes/api/edit/+server.ts b/src/routes/api/edit/+server.ts
deleted file mode 100644
index 6abfef9..0000000
--- a/src/routes/api/edit/+server.ts
+++ /dev/null
@@ -1,29 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { Recipe } from '../../../models/Recipe';
-import { dbConnect, dbDisconnect } from '../../../utils/db';
-import type {RecipeModelType} from '../../../types/types';
-import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';
-// header: use for bearer token for now
-// recipe json in body
-export const POST: RequestHandler = async ({request, cookies}) => {
-  let message = await request.json()
-  const recipe_json = message.recipe
-  const user = await authenticateUser(cookies)
-  console.log(user)
-  if(!user){
-	  throw error(403, "Not logged in")
-  }
-  else if(!user.access.includes("rezepte")){
-	throw error(403, "This user does not have edit permissions for recipes")
-  }
-  else{
-	await dbConnect();
-	await Recipe.findOneAndUpdate({short_name: message.old_short_name }, recipe_json);
-  	await dbDisconnect();
-	return new Response(JSON.stringify({msg: "Edited recipe successfully"}),{
-			    status: 200,
-  	});
-
-  }
-};
diff --git a/src/routes/api/img/add/+server.ts b/src/routes/api/img/add/+server.ts
deleted file mode 100644
index fa51487..0000000
--- a/src/routes/api/img/add/+server.ts
+++ /dev/null
@@ -1,46 +0,0 @@
-import path from 'path'
-import type { RequestHandler } from '@sveltejs/kit';
-import { error } from '@sveltejs/kit';
-import { IMAGE_DIR } from '$env/static/private'
-import sharp from 'sharp';
-import { authenticateUser } from '$lib/js/authenticate';
-
-export const POST =  (async ({ request, cookies })  => {
-	const data = await request.json();
-    	const user = await authenticateUser(cookies)
-	if (!user) throw error(401, "Need to be logged in")
-	if (!user.access.includes("rezepte")) throw error(401, "You don't have sufficient permissions for this")
-	let full_res = new Buffer.from(data.image, 'base64')
-	// reduce image size if over 500KB
-	const MAX_SIZE_KB = 500
-	//const metadata = await sharp(full_res).metadata()
-	////reduce image size if larger than 500KB
-	//if(metadata.size > MAX_SIZE_KB*1000){
-	//	full_res = sharp(full_res).
-	//		webp( { quality: 70})
-	//		.toBuffer()
-	//}
-	await sharp(full_res)
-		.toFormat('webp')
-		.toFile(path.join(IMAGE_DIR,
-				  "rezepte",
-				  "full",
-				  data.name + ".webp"))
-	await sharp(full_res)
-		.resize({ width: 800})
-		.toFormat('webp')
-		.toFile(path.join(IMAGE_DIR,
-			  "rezepte",
-			  "thumb",
-			  data.name + ".webp"))
-	await sharp(full_res)
-		.resize({ width: 20})
-		.toFormat('webp')
-		.toFile(path.join(IMAGE_DIR,
-		          "rezepte",
-			  "placeholder",
-			  data.name + ".webp"))
-	return new Response(JSON.stringify({msg: "Added image successfully"}),{
-			    status: 200,
-  	});
-}) satisfies RequestHandler;
diff --git a/src/routes/api/img/delete/+server.ts b/src/routes/api/img/delete/+server.ts
deleted file mode 100644
index 6fd1691..0000000
--- a/src/routes/api/img/delete/+server.ts
+++ /dev/null
@@ -1,21 +0,0 @@
-import path from 'path'
-import type { RequestHandler } from '@sveltejs/kit';
-import { IMAGE_DIR } from '$env/static/private'
-import { unlink } from 'node:fs';
-import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';;
-
-export const POST =  (async ({ request, cookies })  => {
-	const data = await request.json();
-    	const user = await authenticateUser(cookies)
-    	if(!user) throw error(401, "You need to be logged in")
-    	if(!user.access.includes("rezepte")) throw error(401, "Your don't have the required permission for this")
-	[ "full", "thumb", "placeholder"].forEach((folder) => {
-		unlink(path.join(IMAGE_DIR, "rezepte", folder, data.name + ".webp"), (e) => {
-			if(e) error(404, "could not delete: " + folder + "/" + data.name + ".webp" + e)
-		})
-	})
-	return new Response(JSON.stringify({msg: "Deleted image successfully"}),{
-			    status: 200,
-  	});
-}) satisfies RequestHandler;
diff --git a/src/routes/api/img/mv/+server.ts b/src/routes/api/img/mv/+server.ts
deleted file mode 100644
index 7add42e..0000000
--- a/src/routes/api/img/mv/+server.ts
+++ /dev/null
@@ -1,25 +0,0 @@
-import path from 'path'
-import type { RequestHandler } from '@sveltejs/kit';
-import { IMAGE_DIR } from '$env/static/private'
-import { rename } from 'node:fs';
-import { error } from '@sveltejs/kit';
-import { authenticateUser } from '$lib/js/authenticate';
-
-export const POST =  (async ({ request, cookies })  => {
-	const data = await request.json();
-	const user = await authenticateUser(cookies)
-	if(!user) throw error(401, "need to be logged in")
-	if(!user.access.includes("rezepte")) throw error(401, "You don't have the required permission to do this")
-
-	[ "full", "thumb", "placeholder"].forEach((folder) => {
-		const old_path = path.join(IMAGE_DIR, "rezepte", folder, data.old_name + ".webp")
-		rename(old_path, path.join(IMAGE_DIR, "rezepte", folder, data.new_name + ".webp"), (e) => {
-		console.log(e)
-		if(e) throw error(500, "could not mv: " + old_path)
-		})
-	});
-
-	return new Response(JSON.stringify({msg: "Deleted image successfully"}),{
-			    status: 200,
-  			});
-}) satisfies RequestHandler;
diff --git a/src/routes/api/items/[name]/+server.ts b/src/routes/api/items/[name]/+server.ts
deleted file mode 100644
index 12f2bba..0000000
--- a/src/routes/api/items/[name]/+server.ts
+++ /dev/null
@@ -1,17 +0,0 @@
-import { json, type RequestHandler } from '@sveltejs/kit';
-import { Recipe } from '../../../../models/Recipe';
-import { dbConnect, dbDisconnect } from '../../../../utils/db';
-import type {RecipeModelType} from '../../../../types/types';
-import { error } from '@sveltejs/kit';
-
-export const GET: RequestHandler = async ({params}) => {
-  await dbConnect();
-  let recipe = (await Recipe.findOne({ short_name: params.name}).lean()) as RecipeModelType[];
-  await dbDisconnect();
-
-  recipe = JSON.parse(JSON.stringify(recipe));
-  if(recipe == null){
-	throw error(404, "Recipe not found")
-  }
-  return json(recipe);
-};
diff --git a/src/routes/api/items/all_brief/+server.ts b/src/routes/api/items/all_brief/+server.ts
deleted file mode 100644
index fc99258..0000000
--- a/src/routes/api/items/all_brief/+server.ts
+++ /dev/null
@@ -1,12 +0,0 @@
-import { json, type RequestHandler } from '@sveltejs/kit';
-import type { BriefRecipeType } from '../../../../types/types';
-import { Recipe } from '../../../../models/Recipe'
-import { dbConnect, dbDisconnect } from '../../../../utils/db';
-import { rand_array } from '$lib/js/randomize';
-
-export const GET: RequestHandler = async ({params}) => {
-  await dbConnect();
-  let found_brief = rand_array(await Recipe.find({}, 'name short_name tags category icon description season').lean()) as BriefRecipeType[];
-  await dbDisconnect();
-  return json(JSON.parse(JSON.stringify(found_brief)));
-};
diff --git a/src/routes/api/items/category/+server.ts b/src/routes/api/items/category/+server.ts
deleted file mode 100644
index ca79946..0000000
--- a/src/routes/api/items/category/+server.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-import { json, type RequestHandler } from '@sveltejs/kit';
-import { Recipe } from '../../../../models/Recipe';
-import { dbConnect, dbDisconnect } from '../../../../utils/db';
-import type {BriefRecipeType} from '../../../../types/types';
-
-export const GET: RequestHandler = async ({params}) => {
-  await dbConnect();
-  let categories = (await Recipe.distinct('category').lean());
-  await dbDisconnect();
-
-  categories= JSON.parse(JSON.stringify(categories));
-  return json(categories);
-};
diff --git a/src/routes/api/items/category/[category]/+server.ts b/src/routes/api/items/category/[category]/+server.ts
deleted file mode 100644
index e75a5b5..0000000
--- a/src/routes/api/items/category/[category]/+server.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-import { json, type RequestHandler } from '@sveltejs/kit';
-import { Recipe } from '../../../../../models/Recipe';
-import { dbConnect, dbDisconnect } from '../../../../../utils/db';
-import type {BriefRecipeType} from '../../../../../types/types';
-import { rand_array } from '$lib/js/randomize';
-
-export const GET: RequestHandler = async ({params}) => {
-  await dbConnect();
-  let recipes = rand_array(await Recipe.find({category: params.category}, 'name short_name images tags category icon description season').lean()) as BriefRecipeType[];
-  await dbDisconnect();
-
-  recipes = JSON.parse(JSON.stringify(recipes));
-  return json(recipes);
-};
diff --git a/src/routes/api/items/icon/+server.ts b/src/routes/api/items/icon/+server.ts
deleted file mode 100644
index 8a8ecbc..0000000
--- a/src/routes/api/items/icon/+server.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-import { json, type RequestHandler } from '@sveltejs/kit';
-import { Recipe } from '../../../../models/Recipe';
-import { dbConnect, dbDisconnect } from '../../../../utils/db';
-import type {BriefRecipeType} from '../../../../types/types';
-
-export const GET: RequestHandler = async ({params}) => {
-  await dbConnect();
-  let icons = (await Recipe.distinct('icon').lean());
-  await dbDisconnect();
-
-  icons = JSON.parse(JSON.stringify(icons));
-  return json(icons);
-};
diff --git a/src/routes/api/items/icon/[icon]/+server.ts b/src/routes/api/items/icon/[icon]/+server.ts
deleted file mode 100644
index 0b22e5d..0000000
--- a/src/routes/api/items/icon/[icon]/+server.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-import { json, type RequestHandler } from '@sveltejs/kit';
-import { Recipe } from '../../../../../models/Recipe';
-import { dbConnect, dbDisconnect } from '../../../../../utils/db';
-import type {BriefRecipeType} from '../../../../../types/types';
-import { rand_array } from '$lib/js/randomize';
-
-export const GET: RequestHandler = async ({params}) => {
-  await dbConnect();
-  let recipes = rand_array(await Recipe.find({icon: params.icon}, 'name short_name images tags category icon description season').lean()) as BriefRecipeType[];
-  await dbDisconnect();
-
-  recipes = JSON.parse(JSON.stringify(recipes));
-  return json(recipes);
-};
diff --git a/src/routes/api/items/in_season/[month]/+server.ts b/src/routes/api/items/in_season/[month]/+server.ts
deleted file mode 100644
index c5aebc7..0000000
--- a/src/routes/api/items/in_season/[month]/+server.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-import type {rand_array} from '$lib/js/randomize';
-import { json, type RequestHandler } from '@sveltejs/kit';
-import { Recipe } from '../../../../../models/Recipe'
-import { dbConnect, dbDisconnect } from '../../../../../utils/db';
-import { rand_array } from '$lib/js/randomize';
-
-export const GET: RequestHandler = async ({params}) => {
-  await dbConnect();
-  let found_in_season = rand_array(await Recipe.find({season: params.month}, 'name short_name images tags category icon description season').lean());
-  await dbDisconnect();
-  found_in_season = JSON.parse(JSON.stringify(found_in_season));
-  return json(found_in_season);
-};
diff --git a/src/routes/api/items/tag/+server.ts b/src/routes/api/items/tag/+server.ts
deleted file mode 100644
index bfc8612..0000000
--- a/src/routes/api/items/tag/+server.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-import { json, type RequestHandler } from '@sveltejs/kit';
-import { Recipe } from '../../../../models/Recipe';
-import { dbConnect, dbDisconnect } from '../../../../utils/db';
-import type {BriefRecipeType} from '../../../../types/types';
-
-export const GET: RequestHandler = async ({params}) => {
-  await dbConnect();
-  let categories = (await Recipe.distinct('tags').lean());
-  await dbDisconnect();
-
-  categories= JSON.parse(JSON.stringify(categories));
-  return json(categories);
-};
diff --git a/src/routes/api/items/tag/[tag]/+server.ts b/src/routes/api/items/tag/[tag]/+server.ts
deleted file mode 100644
index 962368e..0000000
--- a/src/routes/api/items/tag/[tag]/+server.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-import { json, type RequestHandler } from '@sveltejs/kit';
-import { Recipe } from '../../../../../models/Recipe';
-import { dbConnect, dbDisconnect } from '../../../../../utils/db';
-import type {BriefRecipeType} from '../../../../../types/types';
-import { rand_array } from '$lib/js/randomize';
-
-export const GET: RequestHandler = async ({params}) => {
-  await dbConnect();
-  let recipes = rand_array(await Recipe.find({tags: params.tag}, 'name short_name images tags category icon description season').lean()) as BriefRecipeType[];
-  await dbDisconnect();
-
-  recipes = JSON.parse(JSON.stringify(recipes));
-  return json(recipes);
-};
diff --git a/src/routes/api/login/+server.ts b/src/routes/api/login/+server.ts
deleted file mode 100644
index 656e5a5..0000000
--- a/src/routes/api/login/+server.ts
+++ /dev/null
@@ -1,46 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { error } from '@sveltejs/kit';
-import pkg from 'jsonwebtoken';
-const { sign } = pkg;
-import { verify} from 'argon2';
-import { COOKIE_SECRET } from '$env/static/private'
-import { PEPPER } from '$env/static/private'
-
-import { dbConnect, dbDisconnect } from '../../../utils/db';
-import { User } from '../../../models/User';
-
-// header: use for bearer token for now
-// recipe json in body
-export const POST: RequestHandler = async ({request}) => {
-	const {username, password} = await request.json()
-	await dbConnect()
-	let res = await User.findOne({username: username}, 'pass_hash salt').lean()
-	await dbDisconnect()
-	if(!res){
-		console.log("NOT FOUND")
-		throw error(401, {message: "wrong password or user does not exist"})
-	}
-
-	const stored_pw = res.pass_hash
-	const salt = res.salt
-
-	const isMatch = await verify(stored_pw, password + PEPPER, {salt})
-	if(!isMatch){
-		throw error(401, {message: "wrong password or user does not exist"})
-	}
-
-	res = await createJWT(username)
-	return new Response(JSON.stringify(res))
-};
-
-async function createJWT(username) {
-	const payload = {
-  	  username: username,
-  	};
-
-  	const masterSecret = COOKIE_SECRET;
-  	const secretKey = masterSecret;
-  	const jwt = sign(payload, secretKey);
-	console.log(jwt)
-  	return jwt
-}
diff --git a/src/routes/api/register/+server.ts b/src/routes/api/register/+server.ts
deleted file mode 100644
index ce52c8f..0000000
--- a/src/routes/api/register/+server.ts
+++ /dev/null
@@ -1,50 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { error } from '@sveltejs/kit';
-import { hash }  from 'argon2';
-import { randomBytes } from 'crypto';
-import { ALLOW_REGISTRATION } from '$env/static/private';
-import { PEPPER } from '$env/static/private';
-
-import { User } from '../../../models/User';
-import { dbConnect, dbDisconnect } from '../../../utils/db';
-
-// header: use for bearer token for now
-// recipe json in body
-export const POST: RequestHandler = async ({request}) => {
-	if(ALLOW_REGISTRATION){
-		const {username, password, access} = await request.json()
-		const salt = randomBytes(32).toString('hex'); // Generate a random salt
-
-		const pass_hash =  await hashPassword(password + PEPPER, salt)
-		await dbConnect();
-		try{
-			await User.create({
-					username: username,
-					pass_hash: pass_hash,
-					salt: salt,
-					access: access,
-			})
-		}catch(e){
-			await dbDisconnect();
-			throw error(400, e);
-		}
-		await dbDisconnect();
-		return new Response(JSON.stringify({message: "User added successfully"}),
-				    	{status: 200}
-			);
-	}
-	else{
-		throw error(401, "user registration currently closed")
-	}
-
-
-};
-
-async function hashPassword(password, salt) {
-  try {
-    const hashedPassword = await hash(password, salt); // Hash the password with the salt and pepper
-    return hashedPassword;
-  } catch (error) {
-    console.error('Error hashing password:', error);
-  }
-}
diff --git a/src/routes/api/verify/+server.ts b/src/routes/api/verify/+server.ts
deleted file mode 100644
index ad41d82..0000000
--- a/src/routes/api/verify/+server.ts
+++ /dev/null
@@ -1,63 +0,0 @@
-import type { RequestHandler } from '@sveltejs/kit';
-import { error } from '@sveltejs/kit';
-import pkg from 'jsonwebtoken';
-const { verify } = pkg;
-import { hash}  from 'argon2';
-import { randomBytes } from 'crypto';
-import { COOKIE_SECRET } from '$env/static/private'
-import { ALLOW_REGISTRATION } from '$env/static/private'
-
-import { User } from '../../../models/User';
-import { dbConnect, dbDisconnect } from '../../../utils/db';
-
-
-import { getJWTFromRequest } from '../../../utils/cookie';
-// header: use for bearer token for now
-// recipe json in body
-export const GET: RequestHandler = async ({request}) => {
-	const jwt = getJWTFromRequest(request)
-
-  	// Set your master secret key (replace with your own secret)
-  	const masterSecret = COOKIE_SECRET;
-  	const secretKey = masterSecret
-	let decoded
-	try{
-  		decoded = await verify(jwt, secretKey);
-	}
-	catch(e){
-		throw error(401, "Cookies have changed, please log in again")
-	}
-
-	await dbConnect()
-	let res = await User.findOne({username: decoded.username}, 'access').lean();
-	await dbDisconnect()
-	if(!res){
-		throw error(404, "User for this Cookie does no longer exist")
-	}
-	return new Response(JSON.stringify({
-			username: decoded.username,
-			access: res.access
-	}), {status: 200})
-};
-
-async function hashPassword(password, salt) {
-  	try {
-  	  const hashedPassword = await hash(password, salt); // Hash the password with the salt
-  	  return hashedPassword;
-  	} catch (error) {
-  	  console.error('Error hashing password:', error);
-  	}
-}
-
-
-
-async function createJWT(username, userSalt) {
-	const payload = {
-  	  username: username,
-  	};
-
-  	const masterSecret = COOKIE_SECRET;
-  	const secretKey = masterSecret + userSalt;
-  	const jwt = sign(payload, secretKey);
-  	return jwt
-}