Fix: Komplett auf Europe/Berlin + DB-Migration + Timer-Fix

- ALLE Timestamps einheitlich Europe/Berlin (kein UTC mehr)
- DB-Migration: 1704 bestehende Timestamps von UTC nach Berlin konvertiert
- Auto-Refresh Timer Fix: ORDER BY id DESC statt completed_at DESC
  (verhindert falsche Sortierung bei gemischten Timestamp-Formaten)
- started_at statt completed_at fuer Timer-Vergleich (konsistenter)
- Manuelle Refreshes werden bei Intervall-Pruefung beruecksichtigt
- Debug-Logging fuer Auto-Refresh Entscheidungen
- astimezone() fuer Timestamps mit Offset-Info

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/routers/auth.py

@@ -1,6 +1,6 @@
 """Auth-Router: Magic-Link-Login und Nutzerverwaltung."""
 import logging
-from datetime import datetime, timedelta, timezone
+from datetime import datetime, timedelta
 from fastapi import APIRouter, Depends, HTTPException, Request, status
 from models import (
     MagicLinkRequest,
@@ -78,7 +78,7 @@ async def request_magic_link(
     # Token + Code generieren
     token = generate_magic_token()
     code = generate_magic_code()
-    expires_at = (datetime.now(timezone.utc) + timedelta(minutes=MAGIC_LINK_EXPIRE_MINUTES)).strftime('%Y-%m-%d %H:%M:%S')
+    expires_at = (datetime.now(TIMEZONE) + timedelta(minutes=MAGIC_LINK_EXPIRE_MINUTES)).strftime('%Y-%m-%d %H:%M:%S')
 
     # Alte ungenutzte Magic Links fuer diese E-Mail invalidieren
     await db.execute(
@@ -124,10 +124,10 @@ async def verify_magic_link(
         raise HTTPException(status_code=400, detail="Ungueltiger oder bereits verwendeter Link")
 
     # Ablauf pruefen
-    now = datetime.now(timezone.utc)
+    now = datetime.now(TIMEZONE)
     expires = datetime.fromisoformat(ml["expires_at"])
     if expires.tzinfo is None:
-        expires = expires.replace(tzinfo=timezone.utc)
+        expires = expires.replace(tzinfo=TIMEZONE)
     if now > expires:
         raise HTTPException(status_code=400, detail="Link abgelaufen. Bitte neuen Link anfordern.")
 
@@ -200,10 +200,10 @@ async def verify_magic_code(
         raise HTTPException(status_code=400, detail="Ungueltiger Code")
 
     # Ablauf pruefen
-    now = datetime.now(timezone.utc)
+    now = datetime.now(TIMEZONE)
     expires = datetime.fromisoformat(ml["expires_at"])
     if expires.tzinfo is None:
-        expires = expires.replace(tzinfo=timezone.utc)
+        expires = expires.replace(tzinfo=TIMEZONE)
     if now > expires:
         raise HTTPException(status_code=400, detail="Code abgelaufen. Bitte neuen Code anfordern.")
 

src/routers/incidents.py

@@ -5,7 +5,7 @@ from models import IncidentCreate, IncidentUpdate, IncidentResponse, Subscriptio
 from auth import get_current_user
 from middleware.license_check import require_writable_license
 from database import db_dependency, get_db
-from datetime import datetime, timezone
+from datetime import datetime
 from config import TIMEZONE
 import asyncio
 import aiosqlite
@@ -102,7 +102,7 @@ async def create_incident(
 ):
     """Neue Lage anlegen."""
     tenant_id = current_user.get("tenant_id")
-    now = datetime.now(timezone.utc).strftime('%Y-%m-%d %H:%M:%S')
+    now = datetime.now(TIMEZONE).strftime('%Y-%m-%d %H:%M:%S')
     cursor = await db.execute(
         """INSERT INTO incidents (title, description, type, refresh_mode, refresh_interval,
            retention_days, international_sources, visibility,
@@ -184,7 +184,7 @@ async def update_incident(
     if not updates:
         return await _enrich_incident(db, row)
 
-    updates["updated_at"] = datetime.now(timezone.utc).strftime('%Y-%m-%d %H:%M:%S')
+    updates["updated_at"] = datetime.now(TIMEZONE).strftime('%Y-%m-%d %H:%M:%S')
     set_clause = ", ".join(f"{k} = ?" for k in updates)
     values = list(updates.values()) + [incident_id]