Merge pull request 'Alpha Release 0.0.7' (#73) from dev into main

Reviewed-on: #73
Reviewed-by: Philipp Dormann <philipp@philippdormann.de>

.drone.yml

@@ -37,11 +37,23 @@ steps:
       tags:
         - dev
       registry: registry.odit.services
-    when:
-      branch:
-        - dev
-      event:
-        - push
+  - name: run full license export
+    depends_on: ["clone"]
+    image: node:alpine
+    commands:
+      - yarn
+      - yarn licenses:export
+  - name: push new licenses file to repo
+    depends_on: ["run full license export"]
+    image: appleboy/drone-git-push
+    settings:
+      branch: dev
+      commit: true
+      commit_message: new license file version [CI SKIP]
+      author_email: bot@odit.services
+      remote: git@git.odit.services:lfk/backend.git
+      ssh_key:
+        from_secret: GITLAB_SSHKEY
 
 trigger:
   branch:
@@ -90,22 +102,20 @@ steps:
         from_secret: DOCKER_REGISTRY_PASSWORD
       repo: registry.odit.services/lfk/backend
       tags:
-        - $DRONE_TAG
+        - '${DRONE_TAG}'
       registry: registry.odit.services
-  - name: trigger lib build
-    depends_on: [clone]
-    image: plugins/downstream
+  - name: trigger node lib build
+    image: idcooldi/drone-webhook
     settings:
-      server: https://ci.odit.services/
-      token: 
+      urls: https://ci.odit.services/api/repos/lfk/lfk-client-node/builds?SOURCE_TAG=${DRONE_TAG}
+      bearer:
+        from_secret: BOT_DRONE_KEY
+  - name: trigger js lib build
+    image: idcooldi/drone-webhook
+    settings:
+      urls: https://ci.odit.services/api/repos/lfk/lfk-client-js/builds?SOURCE_TAG=${DRONE_TAG}
+      bearer:
         from_secret: BOT_DRONE_KEY
-      fork: false
-      repositories:
-        - lfk/lib
-      params:
-      - SOURCE_TAG: $DRONE_TAG
 trigger:
-  branch:
-    - main
   event:
-    - tag
+  - tag

.env.ci

@@ -5,4 +5,5 @@ DB_PORT=unused
 DB_USER=unused
 DB_PASSWORD=bla
 DB_NAME=./test.sqlite
-NODE_ENV=dev
+NODE_ENV=dev
+POSTALCODE_COUNTRYCODE=null

.env.example

@@ -5,4 +5,5 @@ DB_PORT=bla
 DB_USER=bla
 DB_PASSWORD=bla
 DB_NAME=bla
-NODE_ENV=production
+NODE_ENV=production
+POSTALCODE_COUNTRYCODE=null

.gitignore

@@ -132,5 +132,6 @@ build
 
 *.sqlite
 *.sqlite-jurnal
-docs
-lib
+/docs
+lib
+/oss-attribution

package.json

@@ -1,6 +1,6 @@
 {
-  "name": "@lfk/backend",
-  "version": "1.0.0",
+  "name": "@odit/lfk-backend",
+  "version": "0.0.7",
   "main": "src/app.ts",
   "repository": "https://git.odit.services/lfk/backend",
   "author": {
@@ -41,22 +41,23 @@
     "routing-controllers": "^0.9.0-alpha.6",
     "routing-controllers-openapi": "^2.1.0",
     "sqlite3": "^5.0.0",
-    "swagger-ui-express": "^4.1.5",
     "typeorm": "^0.2.29",
     "typeorm-routing-controllers-extensions": "^0.2.0",
     "typeorm-seeding": "^1.6.1",
-    "uuid": "^8.3.1"
+    "uuid": "^8.3.1",
+    "validator": "^13.5.2"
   },
   "devDependencies": {
+    "@odit/license-exporter": "^0.0.8",
     "@types/cors": "^2.8.8",
     "@types/csvtojson": "^1.1.5",
     "@types/express": "^4.17.9",
     "@types/jest": "^26.0.16",
     "@types/jsonwebtoken": "^8.5.0",
     "@types/node": "^14.14.9",
-    "@types/swagger-ui-express": "^4.1.2",
     "@types/uuid": "^8.3.0",
     "axios": "^0.21.0",
+    "cp-cli": "^2.0.0",
     "jest": "^26.6.3",
     "nodemon": "^2.0.6",
     "rimraf": "^2.7.1",
@@ -68,13 +69,14 @@
   },
   "scripts": {
     "dev": "nodemon src/app.ts",
-    "build": "tsc",
+    "build": "rimraf ./dist && tsc && cp-cli ./src/static ./dist/static",
     "docs": "typedoc --out docs src",
     "test": "jest",
     "test:watch": "jest --watchAll",
-    "test:ci": "start-server-and-test dev http://localhost:4010/api/openapi.json test",
+    "test:ci": "start-server-and-test dev http://localhost:4010/api/docs/openapi.json test",
     "seed": "ts-node ./node_modules/typeorm/cli.js schema:sync && ts-node ./node_modules/typeorm-seeding/dist/cli.js seed",
-    "openapi:export": "ts-node src/openapi_export.ts"
+    "openapi:export": "node scripts/openapi_export.js",
+    "licenses:export": "license-exporter --md"
   },
   "nodemonConfig": {
     "ignore": [
@@ -82,4 +84,4 @@
       "docs/*"
     ]
   }
-}
+}

scripts/openapi_export.ts

@@ -4,9 +4,9 @@ import fs from "fs";
 import "reflect-metadata";
 import { createExpressServer, getMetadataArgsStorage } from "routing-controllers";
 import { routingControllersToSpec } from 'routing-controllers-openapi';
-import authchecker from "./authchecker";
-import { config } from './config';
-import { ErrorHandler } from './middlewares/ErrorHandler';
+import { config } from '../src/config';
+import authchecker from "../src/middlewares/authchecker";
+import { ErrorHandler } from '../src/middlewares/ErrorHandler';
 
 const CONTROLLERS_FILE_EXTENSION = process.env.NODE_ENV === 'production' ? 'js' : 'ts';
 createExpressServer({
@@ -36,14 +36,26 @@ const spec = routingControllersToSpec(
                 "AuthToken": {
                     "type": "http",
                     "scheme": "bearer",
-                    "bearerFormat": "JWT"
+                    "bearerFormat": "JWT",
+                    description: "A JWT based access token. Use /api/auth/login or /api/auth/refresh to get one."
+                },
+                "RefreshTokenCookie": {
+                    "type": "apiKey",
+                    "in": "cookie",
+                    "name": "lfk_backend__refresh_token",
+                    description: "A cookie containing a JWT based refreh token. Attention: Doesn't work in swagger-ui. Use /api/auth/login or /api/auth/refresh to get one."
+                },
+                "StatsApiToken": {
+                    "type": "http",
+                    "scheme": "bearer",
+                    description: "Api token that can be obtained by creating a new stats client (post to /api/statsclients)."
                 }
             }
         },
         info: {
             description: "The the backend API for the LfK! runner system.",
             title: "LfK! Backend API",
-            version: "1.0.0",
+            version: "0.0.5",
         },
     }
 );

src/app.ts

@@ -1,9 +1,9 @@
 import consola from "consola";
 import "reflect-metadata";
 import { createExpressServer } from "routing-controllers";
-import authchecker from "./authchecker";
 import { config, e as errors } from './config';
 import loaders from "./loaders/index";
+import authchecker from "./middlewares/authchecker";
 import { ErrorHandler } from './middlewares/ErrorHandler';
 
 const CONTROLLERS_FILE_EXTENSION = process.env.NODE_ENV === 'production' ? 'js' : 'ts';

src/config.ts

@@ -1,10 +1,13 @@
 import { config as configDotenv } from 'dotenv';
+import ValidatorJS from 'validator';
+
 configDotenv();
 export const config = {
     internal_port: parseInt(process.env.APP_PORT) || 4010,
     development: process.env.NODE_ENV === "production",
     jwt_secret: process.env.JWT_SECRET || "secretjwtsecret",
-    phone_validation_countrycode: process.env.PHONE_COUNTRYCODE || "ZZ"
+    phone_validation_countrycode: process.env.PHONE_COUNTRYCODE || "ZZ",
+    postalcode_validation_countrycode: getPostalCodeLocale()
 }
 let errors = 0
 if (typeof config.internal_port !== "number") {
@@ -19,4 +22,13 @@ if (config.phone_validation_countrycode.length !== 2) {
 if (typeof config.development !== "boolean") {
     errors++
 }
+function getPostalCodeLocale(): any {
+    try {
+        const stringArray: String[] = ValidatorJS.isPostalCodeLocales;
+        let index = stringArray.indexOf(process.env.POSTALCODE_COUNTRYCODE);
+        return ValidatorJS.isPostalCodeLocales[index];
+    } catch (error) {
+        return null;
+    }
+}
 export let e = errors

src/controllers/AuthController.ts

@@ -1,10 +1,12 @@
-import { Body, CookieParam, JsonController, Post, Res } from 'routing-controllers';
+import { Body, CookieParam, JsonController, Param, Post, Req, Res } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
 import { UserNotFoundError } from '../errors/UserErrors';
 import { CreateAuth } from '../models/actions/CreateAuth';
+import { CreateResetToken } from '../models/actions/CreateResetToken';
 import { HandleLogout } from '../models/actions/HandleLogout';
 import { RefreshAuth } from '../models/actions/RefreshAuth';
+import { ResetPassword } from '../models/actions/ResetPassword';
 import { Auth } from '../models/responses/ResponseAuth';
 import { Logout } from '../models/responses/ResponseLogout';
 
@@ -20,7 +22,7 @@ export class AuthController {
 	@ResponseSchema(UsernameOrEmailNeededError)
 	@ResponseSchema(PasswordNeededError)
 	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Create a new access token object' })
+	@OpenAPI({ description: 'Login with your username/email and password. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)' })
 	async login(@Body({ validate: true }) createAuth: CreateAuth, @Res() response: any) {
 		let auth;
 		try {
@@ -40,7 +42,7 @@ export class AuthController {
 	@ResponseSchema(UsernameOrEmailNeededError)
 	@ResponseSchema(PasswordNeededError)
 	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Create a new access token object' })
+	@OpenAPI({ description: 'Logout using your refresh token. <br> This instantly invalidates all your access and refresh tokens.', security: [{ "RefreshTokenCookie": [] }] })
 	async logout(@Body({ validate: true }) handleLogout: HandleLogout, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
 		if (refresh_token && refresh_token.length != 0 && handleLogout.token == undefined) {
 			handleLogout.token = refresh_token;
@@ -63,8 +65,8 @@ export class AuthController {
 	@ResponseSchema(IllegalJWTError)
 	@ResponseSchema(UserNotFoundError)
 	@ResponseSchema(RefreshTokenCountInvalidError)
-	@OpenAPI({ description: 'refresh a access token' })
-	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
+	@OpenAPI({ description: 'Refresh your access and refresh tokens using a valid refresh token. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)', security: [{ "RefreshTokenCookie": [] }] })
+	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any, @Req() req: any) {
 		if (refresh_token && refresh_token.length != 0 && refreshAuth.token == undefined) {
 			refreshAuth.token = refresh_token;
 		}
@@ -78,4 +80,24 @@ export class AuthController {
 		}
 		return response.send(auth)
 	}
+
+	@Post("/reset")
+	@ResponseSchema(Auth)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@OpenAPI({ description: "Request a password reset token. <br> This will provide you with a reset token that you can use by posting to /api/auth/reset/{token}." })
+	async getResetToken(@Body({ validate: true }) passwordReset: CreateResetToken) {
+		//This really shouldn't just get returned, but sent via mail or sth like that. But for dev only this is fine.
+		return { "resetToken": await passwordReset.toResetToken() };
+	}
+
+	@Post("/reset/:token")
+	@ResponseSchema(Auth)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@OpenAPI({ description: "Reset a user's utilising a valid password reset token. <br> This will set the user's password to the one you provided in the body. <br> To get a reset token post to /api/auth/reset with your username." })
+	async resetPassword(@Param("token") token: string, @Body({ validate: true }) passwordReset: ResetPassword) {
+		passwordReset.resetToken = token;
+		return await passwordReset.resetPassword();
+	}
 }

src/controllers/DonorController.ts

@@ -0,0 +1,105 @@
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { DonorIdsNotMatchingError, DonorNotFoundError } from '../errors/DonorErrors';
+import { CreateDonor } from '../models/actions/CreateDonor';
+import { UpdateDonor } from '../models/actions/UpdateDonor';
+import { Donor } from '../models/entities/Donor';
+import { ResponseDonor } from '../models/responses/ResponseDonor';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+
+@JsonController('/donors')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class DonorController {
+	private donorRepository: Repository<Donor>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.donorRepository = getConnectionManager().get().getRepository(Donor);
+	}
+
+	@Get()
+	@Authorized("DONOR:GET")
+	@ResponseSchema(ResponseDonor, { isArray: true })
+	@OpenAPI({ description: 'Lists all runners from all teams/orgs. <br> This includes the runner\'s group and distance ran.' })
+	async getAll() {
+		let responseDonors: ResponseDonor[] = new Array<ResponseDonor>();
+		const donors = await this.donorRepository.find();
+		donors.forEach(donor => {
+			responseDonors.push(new ResponseDonor(donor));
+		});
+		return responseDonors;
+	}
+
+	@Get('/:id')
+	@Authorized("DONOR:GET")
+	@ResponseSchema(ResponseDonor)
+	@ResponseSchema(DonorNotFoundError, { statusCode: 404 })
+	@OnUndefined(DonorNotFoundError)
+	@OpenAPI({ description: 'Lists all information about the runner whose id got provided.' })
+	async getOne(@Param('id') id: number) {
+		let donor = await this.donorRepository.findOne({ id: id })
+		if (!donor) { throw new DonorNotFoundError(); }
+		return new ResponseDonor(donor);
+	}
+
+	@Post()
+	@Authorized("DONOR:CREATE")
+	@ResponseSchema(ResponseDonor)
+	@OpenAPI({ description: 'Create a new runner. <br> Please remeber to provide the runner\'s group\'s id.' })
+	async post(@Body({ validate: true }) createRunner: CreateDonor) {
+		let donor;
+		try {
+			donor = await createRunner.toDonor();
+		} catch (error) {
+			throw error;
+		}
+
+		donor = await this.donorRepository.save(donor)
+		return new ResponseDonor(await this.donorRepository.findOne(donor));
+	}
+
+	@Put('/:id')
+	@Authorized("DONOR:UPDATE")
+	@ResponseSchema(ResponseDonor)
+	@ResponseSchema(DonorNotFoundError, { statusCode: 404 })
+	@ResponseSchema(DonorIdsNotMatchingError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the runner whose id you provided. <br> Please remember that ids can't be changed." })
+	async put(@Param('id') id: number, @Body({ validate: true }) donor: UpdateDonor) {
+		let oldDonor = await this.donorRepository.findOne({ id: id });
+
+		if (!oldDonor) {
+			throw new DonorNotFoundError();
+		}
+
+		if (oldDonor.id != donor.id) {
+			throw new DonorIdsNotMatchingError();
+		}
+
+		await this.donorRepository.save(await donor.updateDonor(oldDonor));
+		return new ResponseDonor(await this.donorRepository.findOne({ id: id }));
+	}
+
+	@Delete('/:id')
+	@Authorized("DONOR:DELETE")
+	@ResponseSchema(ResponseDonor)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@OnUndefined(204)
+	@OpenAPI({ description: 'Delete the runner whose id you provided. <br> If no runner with this id exists it will just return 204(no content).' })
+	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
+		let donor = await this.donorRepository.findOne({ id: id });
+		if (!donor) { return null; }
+		const responseDonor = await this.donorRepository.findOne(donor);
+
+		if (!donor) {
+			throw new DonorNotFoundError();
+		}
+
+		//TODO: DELETE DONATIONS AND WARN FOR FORCE (https://git.odit.services/lfk/backend/issues/66)
+
+		await this.donorRepository.delete(donor);
+		return new ResponseDonor(responseDonor);
+	}
+}

src/controllers/ImportController.ts

@@ -10,7 +10,7 @@ import { RunnerController } from './RunnerController';
 
 @Controller()
 @Authorized(["RUNNER:IMPORT", "TEAM:IMPORT"])
-@OpenAPI({ security: [{ "AuthToken": [] }] })
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class ImportController {
     private runnerController: RunnerController;
 
@@ -26,7 +26,7 @@ export class ImportController {
     @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
     @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
     @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
-    @OpenAPI({ description: "Create new runners from json and insert them (or their teams) into the provided group" })
+    @OpenAPI({ description: "Create new runners from json and insert them into the provided group. <br> If teams/classes are provided alongside the runner's name they'll automaticly be created under the provided org and the runners will be inserted into the teams instead." })
     async postJSON(@Body({ validate: true, type: ImportRunner }) importRunners: ImportRunner[], @QueryParam("group") groupID: number) {
         if (!groupID) { throw new RunnerGroupNeededError(); }
         let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
@@ -41,7 +41,7 @@ export class ImportController {
     @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
     @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
     @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
-    @OpenAPI({ description: "Create new runners from json and insert them (or their teams) into the provided org" })
+    @OpenAPI({ description: "Create new runners from json and insert them into the provided org. <br> If teams/classes are provided alongside the runner's name they'll automaticly be created under the provided org and the runners will be inserted into the teams instead." })
     async postOrgsJSON(@Body({ validate: true, type: ImportRunner }) importRunners: ImportRunner[], @Param('id') id: number) {
         return await this.postJSON(importRunners, id)
     }
@@ -62,7 +62,7 @@ export class ImportController {
     @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
     @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
     @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
-    @OpenAPI({ description: "Create new runners from csv and insert them (or their teams) into the provided group" })
+    @OpenAPI({ description: "Create new runners from csv and insert them into the provided group. <br> If teams/classes are provided alongside the runner's name they'll automaticly be created under the provided org and the runners will be inserted into the teams instead." })
     async postCSV(@Req() request: any, @QueryParam("group") groupID: number) {
         let csvParse = await csv({ delimiter: [",", ";"], trim: true }).fromString(request.rawBody.toString());
         let importRunners: ImportRunner[] = new Array<ImportRunner>();
@@ -84,7 +84,7 @@ export class ImportController {
     @ResponseSchema(ResponseRunner, { isArray: true, statusCode: 200 })
     @ResponseSchema(RunnerGroupNotFoundError, { statusCode: 404 })
     @ResponseSchema(RunnerGroupNeededError, { statusCode: 406 })
-    @OpenAPI({ description: "Create new runners from csv and insert them (or their teams) into the provided org" })
+    @OpenAPI({ description: "Create new runners from csv and insert them into the provided org. <br> If teams/classes are provided alongside the runner's name they'll automaticly be created under the provided org and the runners will be inserted into the teams instead." })
     async postOrgsCSV(@Req() request: any, @Param("id") id: number) {
         return await this.postCSV(request, id);
     }

src/controllers/PermissionController.ts

@@ -12,7 +12,7 @@ import { ResponsePrincipal } from '../models/responses/ResponsePrincipal';
 
 
 @JsonController('/permissions')
-@OpenAPI({ security: [{ "AuthToken": [] }] })
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class PermissionController {
     private permissionRepository: Repository<Permission>;
 
@@ -26,7 +26,7 @@ export class PermissionController {
     @Get()
     @Authorized("PERMISSION:GET")
     @ResponseSchema(ResponsePermission, { isArray: true })
-    @OpenAPI({ description: 'Lists all permissions.' })
+    @OpenAPI({ description: 'Lists all permissions for all users and groups.' })
     async getAll() {
         let responsePermissions: ResponsePermission[] = new Array<ResponsePermission>();
         const permissions = await this.permissionRepository.find({ relations: ['principal'] });
@@ -42,7 +42,7 @@ export class PermissionController {
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(PermissionNotFoundError, { statusCode: 404 })
     @OnUndefined(PermissionNotFoundError)
-    @OpenAPI({ description: 'Returns a permissions of a specified id (if it exists)' })
+    @OpenAPI({ description: 'Lists all information about the permission whose id got provided.' })
     async getOne(@Param('id') id: number) {
         let permission = await this.permissionRepository.findOne({ id: id }, { relations: ['principal'] });
         if (!permission) { throw new PermissionNotFoundError(); }
@@ -54,7 +54,7 @@ export class PermissionController {
     @Authorized("PERMISSION:CREATE")
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
-    @OpenAPI({ description: 'Create a new runnerTeam object (id will be generated automagicly).' })
+    @OpenAPI({ description: 'Create a new permission for a existing principal(user/group). <br> If a permission with this target, action and prinicpal already exists that permission will be returned instead of creating a new one.' })
     async post(@Body({ validate: true }) createPermission: CreatePermission) {
         let permission;
         try {
@@ -79,7 +79,7 @@ export class PermissionController {
     @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
     @ResponseSchema(PermissionIdsNotMatchingError, { statusCode: 406 })
     @ResponseSchema(PermissionNeedsPrincipalError, { statusCode: 406 })
-    @OpenAPI({ description: "Update a permission object (id can't be changed)." })
+    @OpenAPI({ description: "Update a permission object. <br> If updateing the permission object would result in duplicate permission (same target, action and principal) this permission will get deleted and the existing permission will be returned. <br> Please remember that ids can't be changed." })
     async put(@Param('id') id: number, @Body({ validate: true }) permission: UpdatePermission) {
         let oldPermission = await this.permissionRepository.findOne({ id: id }, { relations: ['principal'] });
 
@@ -106,7 +106,7 @@ export class PermissionController {
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(ResponseEmpty, { statusCode: 204 })
     @OnUndefined(204)
-    @OpenAPI({ description: 'Delete a specified permission (if it exists).' })
+    @OpenAPI({ description: 'Deletes the permission whose id you provide. <br> If no permission with this id exists it will just return 204(no content).' })
     async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
         let permission = await this.permissionRepository.findOne({ id: id }, { relations: ['principal'] });
         if (!permission) { return null; }

src/controllers/RunnerController.ts

@@ -10,7 +10,7 @@ import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseRunner } from '../models/responses/ResponseRunner';
 
 @JsonController('/runners')
-@OpenAPI({ security: [{ "AuthToken": [] }] })
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class RunnerController {
 	private runnerRepository: Repository<Runner>;
 
@@ -24,7 +24,7 @@ export class RunnerController {
 	@Get()
 	@Authorized("RUNNER:GET")
 	@ResponseSchema(ResponseRunner, { isArray: true })
-	@OpenAPI({ description: 'Lists all runners.' })
+	@OpenAPI({ description: 'Lists all runners from all teams/orgs. <br> This includes the runner\'s group and distance ran.' })
 	async getAll() {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
 		const runners = await this.runnerRepository.find({ relations: ['scans', 'group'] });
@@ -39,7 +39,7 @@ export class RunnerController {
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerNotFoundError)
-	@OpenAPI({ description: 'Returns a runner of a specified id (if it exists)' })
+	@OpenAPI({ description: 'Lists all information about the runner whose id got provided.' })
 	async getOne(@Param('id') id: number) {
 		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group'] })
 		if (!runner) { throw new RunnerNotFoundError(); }
@@ -51,7 +51,7 @@ export class RunnerController {
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerGroupNeededError)
 	@ResponseSchema(RunnerGroupNotFoundError)
-	@OpenAPI({ description: 'Create a new runner object (id will be generated automagicly).' })
+	@OpenAPI({ description: 'Create a new runner. <br> Please remeber to provide the runner\'s group\'s id.' })
 	async post(@Body({ validate: true }) createRunner: CreateRunner) {
 		let runner;
 		try {
@@ -69,7 +69,7 @@ export class RunnerController {
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a runner object (id can't be changed)." })
+	@OpenAPI({ description: "Update the runner whose id you provided. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) runner: UpdateRunner) {
 		let oldRunner = await this.runnerRepository.findOne({ id: id }, { relations: ['group'] });
 
@@ -90,7 +90,7 @@ export class RunnerController {
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete a specified runner (if it exists).' })
+	@OpenAPI({ description: 'Delete the runner whose id you provided. <br> If no runner with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let runner = await this.runnerRepository.findOne({ id: id });
 		if (!runner) { return null; }

src/controllers/RunnerOrganisationController.ts

@@ -12,7 +12,7 @@ import { RunnerTeamController } from './RunnerTeamController';
 
 
 @JsonController('/organisations')
-@OpenAPI({ security: [{ "AuthToken": [] }] })
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class RunnerOrganisationController {
 	private runnerOrganisationRepository: Repository<RunnerOrganisation>;
 
@@ -26,7 +26,7 @@ export class RunnerOrganisationController {
 	@Get()
 	@Authorized("ORGANISATION:GET")
 	@ResponseSchema(ResponseRunnerOrganisation, { isArray: true })
-	@OpenAPI({ description: 'Lists all runnerOrganisations.' })
+	@OpenAPI({ description: 'Lists all organisations. <br> This includes their address, contact and teams (if existing/associated).' })
 	async getAll() {
 		let responseTeams: ResponseRunnerOrganisation[] = new Array<ResponseRunnerOrganisation>();
 		const runners = await this.runnerOrganisationRepository.find({ relations: ['address', 'contact', 'teams'] });
@@ -41,7 +41,7 @@ export class RunnerOrganisationController {
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerOrganisationNotFoundError)
-	@OpenAPI({ description: 'Returns a runnerOrganisation of a specified id (if it exists)' })
+	@OpenAPI({ description: 'Lists all information about the organisation whose id got provided.' })
 	async getOne(@Param('id') id: number) {
 		let runnerOrg = await this.runnerOrganisationRepository.findOne({ id: id }, { relations: ['address', 'contact', 'teams'] });
 		if (!runnerOrg) { throw new RunnerOrganisationNotFoundError(); }
@@ -51,7 +51,7 @@ export class RunnerOrganisationController {
 	@Post()
 	@Authorized("ORGANISATION:CREATE")
 	@ResponseSchema(ResponseRunnerOrganisation)
-	@OpenAPI({ description: 'Create a new runnerOrganisation object (id will be generated automagicly).' })
+	@OpenAPI({ description: 'Create a new organsisation.' })
 	async post(@Body({ validate: true }) createRunnerOrganisation: CreateRunnerOrganisation) {
 		let runnerOrganisation;
 		try {
@@ -70,7 +70,7 @@ export class RunnerOrganisationController {
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerOrganisationIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a runnerOrganisation object (id can't be changed)." })
+	@OpenAPI({ description: "Update the organisation whose id you provided. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) updateOrganisation: UpdateRunnerOrganisation) {
 		let oldRunnerOrganisation = await this.runnerOrganisationRepository.findOne({ id: id });
 
@@ -94,7 +94,7 @@ export class RunnerOrganisationController {
 	@ResponseSchema(RunnerOrganisationHasTeamsError, { statusCode: 406 })
 	@ResponseSchema(RunnerOrganisationHasRunnersError, { statusCode: 406 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete a specified runnerOrganisation (if it exists).' })
+	@OpenAPI({ description: 'Delete the organsisation whose id you provided. <br> If the organisation still has runners and/or teams associated this will fail. <br> To delete the organisation with all associated runners and teams set the force QueryParam to true (cascading deletion might take a while). <br> If no organisation with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let organisation = await this.runnerOrganisationRepository.findOne({ id: id });
 		if (!organisation) { return null; }

src/controllers/RunnerTeamController.ts

@@ -11,7 +11,7 @@ import { RunnerController } from './RunnerController';
 
 
 @JsonController('/teams')
-@OpenAPI({ security: [{ "AuthToken": [] }] })
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class RunnerTeamController {
 	private runnerTeamRepository: Repository<RunnerTeam>;
 
@@ -25,7 +25,7 @@ export class RunnerTeamController {
 	@Get()
 	@Authorized("TEAM:GET")
 	@ResponseSchema(ResponseRunnerTeam, { isArray: true })
-	@OpenAPI({ description: 'Lists all runnerTeams.' })
+	@OpenAPI({ description: 'Lists all teams. <br> This includes their parent organisation and contact (if existing/associated).' })
 	async getAll() {
 		let responseTeams: ResponseRunnerTeam[] = new Array<ResponseRunnerTeam>();
 		const runners = await this.runnerTeamRepository.find({ relations: ['parentGroup', 'contact'] });
@@ -40,7 +40,7 @@ export class RunnerTeamController {
 	@ResponseSchema(ResponseRunnerTeam)
 	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerTeamNotFoundError)
-	@OpenAPI({ description: 'Returns a runnerTeam of a specified id (if it exists)' })
+	@OpenAPI({ description: 'Lists all information about the team whose id got provided.' })
 	async getOne(@Param('id') id: number) {
 		let runnerTeam = await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact'] });
 		if (!runnerTeam) { throw new RunnerTeamNotFoundError(); }
@@ -50,7 +50,7 @@ export class RunnerTeamController {
 	@Post()
 	@Authorized("TEAM:CREATE")
 	@ResponseSchema(ResponseRunnerTeam)
-	@OpenAPI({ description: 'Create a new runnerTeam object (id will be generated automagicly).' })
+	@OpenAPI({ description: 'Create a new organsisation. <br> Please remember to provide it\'s parent group\'s id.' })
 	async post(@Body({ validate: true }) createRunnerTeam: CreateRunnerTeam) {
 		let runnerTeam;
 		try {
@@ -70,7 +70,7 @@ export class RunnerTeamController {
 	@ResponseSchema(ResponseRunnerTeam)
 	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerTeamIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a runnerTeam object (id can't be changed)." })
+	@OpenAPI({ description: "Update the team whose id you provided. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) runnerTeam: UpdateRunnerTeam) {
 		let oldRunnerTeam = await this.runnerTeamRepository.findOne({ id: id }, { relations: ['parentGroup', 'contact'] });
 
@@ -93,7 +93,7 @@ export class RunnerTeamController {
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@ResponseSchema(RunnerTeamHasRunnersError, { statusCode: 406 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete a specified runnerTeam (if it exists).' })
+	@OpenAPI({ description: 'Delete the team whose id you provided. <br> If the team still has runners associated this will fail. <br> To delete the team with all associated runners set the force QueryParam to true (cascading deletion might take a while). <br> If no team with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let team = await this.runnerTeamRepository.findOne({ id: id });
 		if (!team) { return null; }

src/controllers/StatsClientController.ts

@@ -0,0 +1,75 @@
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { StatsClientNotFoundError } from '../errors/StatsClientErrors';
+import { TrackNotFoundError } from "../errors/TrackErrors";
+import { CreateStatsClient } from '../models/actions/CreateStatsClient';
+import { StatsClient } from '../models/entities/StatsClient';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseStatsClient } from '../models/responses/ResponseStatsClient';
+
+@JsonController('/statsclients')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class StatsClientController {
+	private clientRepository: Repository<StatsClient>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.clientRepository = getConnectionManager().get().getRepository(StatsClient);
+	}
+
+	@Get()
+	@Authorized("STATSCLIENT:GET")
+	@ResponseSchema(ResponseStatsClient, { isArray: true })
+	@OpenAPI({ description: 'Lists all stats clients. Please remember that the key can only be viewed on creation.' })
+	async getAll() {
+		let responseClients: ResponseStatsClient[] = new Array<ResponseStatsClient>();
+		const clients = await this.clientRepository.find();
+		clients.forEach(clients => {
+			responseClients.push(new ResponseStatsClient(clients));
+		});
+		return responseClients;
+	}
+
+	@Get('/:id')
+	@Authorized("STATSCLIENT:GET")
+	@ResponseSchema(ResponseStatsClient)
+	@ResponseSchema(StatsClientNotFoundError, { statusCode: 404 })
+	@OnUndefined(StatsClientNotFoundError)
+	@OpenAPI({ description: "Lists all information about the stats client whose id got provided. Please remember that the key can only be viewed on creation." })
+	async getOne(@Param('id') id: number) {
+		let client = await this.clientRepository.findOne({ id: id });
+		if (!client) { throw new TrackNotFoundError(); }
+		return new ResponseStatsClient(client);
+	}
+
+	@Post()
+	@Authorized("STATSCLIENT:CREATE")
+	@ResponseSchema(ResponseStatsClient)
+	@OpenAPI({ description: "Create a new stats client. <br> Please remember that the client\'s key will be generated automaticly and that it can only be viewed on creation." })
+	async post(
+		@Body({ validate: true })
+		client: CreateStatsClient
+	) {
+		let newClient = await this.clientRepository.save(await client.toStatsClient());
+		let responseClient = new ResponseStatsClient(newClient);
+		responseClient.key = newClient.cleartextkey;
+		return responseClient;
+	}
+
+	@Delete('/:id')
+	@Authorized("STATSCLIENT:DELETE")
+	@ResponseSchema(ResponseStatsClient)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@OnUndefined(204)
+	@OpenAPI({ description: "Delete the stats client whose id you provided. <br> If no client with this id exists it will just return 204(no content)." })
+	async remove(@Param("id") id: number) {
+		let client = await this.clientRepository.findOne({ id: id });
+		if (!client) { return null; }
+
+		await this.clientRepository.delete(client);
+		return new ResponseStatsClient(client);
+	}
+}

src/controllers/StatsController.ts

@@ -0,0 +1,124 @@
+import { Get, JsonController, UseBefore } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnection } from 'typeorm';
+import StatsAuth from '../middlewares/StatsAuth';
+import { Donation } from '../models/entities/Donation';
+import { Runner } from '../models/entities/Runner';
+import { RunnerOrganisation } from '../models/entities/RunnerOrganisation';
+import { RunnerTeam } from '../models/entities/RunnerTeam';
+import { Scan } from '../models/entities/Scan';
+import { User } from '../models/entities/User';
+import { ResponseStats } from '../models/responses/ResponseStats';
+import { ResponseStatsOrgnisation } from '../models/responses/ResponseStatsOrganisation';
+import { ResponseStatsRunner } from '../models/responses/ResponseStatsRunner';
+import { ResponseStatsTeam } from '../models/responses/ResponseStatsTeam';
+
+@JsonController('/stats')
+export class StatsController {
+
+    @Get()
+    @ResponseSchema(ResponseStats)
+    @OpenAPI({ description: "A very basic stats endpoint providing basic counters for a dashboard or simmilar" })
+    async get() {
+        let connection = getConnection();
+        let runners = await connection.getRepository(Runner).find({ relations: ['scans', 'scans.track'] });
+        let teams = await connection.getRepository(RunnerTeam).find();
+        let orgs = await connection.getRepository(RunnerOrganisation).find();
+        let users = await connection.getRepository(User).find();
+        let scans = await connection.getRepository(Scan).find();
+        let donations = await connection.getRepository(Donation).find({ relations: ['runner', 'runner.scans', 'runner.scans.track'] });
+        return new ResponseStats(runners, teams, orgs, users, scans, donations)
+    }
+
+    @Get("/runners/distance")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsRunner, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten runners by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopRunnersByDistance() {
+        let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
+        let topRunners = runners.sort((runner1, runner2) => runner1.distance - runner2.distance).slice(0, 9);
+        let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
+        topRunners.forEach(runner => {
+            responseRunners.push(new ResponseStatsRunner(runner));
+        });
+        return responseRunners;
+    }
+
+    @Get("/runners/donations")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsRunner, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten runners by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopRunnersByDonations() {
+        let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
+        let topRunners = runners.sort((runner1, runner2) => runner1.distanceDonationAmount - runner2.distanceDonationAmount).slice(0, 9);
+        let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
+        topRunners.forEach(runner => {
+            responseRunners.push(new ResponseStatsRunner(runner));
+        });
+        return responseRunners;
+    }
+
+    @Get("/scans")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsRunner, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten fastest track times (with their runner and the runner's group).", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopRunnersByTrackTime() {
+        throw new Error("Not implemented yet.")
+    }
+
+    @Get("/teams/distance")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsTeam, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten teams by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopTeamsByDistance() {
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
+        let topTeams = teams.sort((team1, team2) => team1.distance - team2.distance).slice(0, 9);
+        let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
+        topTeams.forEach(team => {
+            responseTeams.push(new ResponseStatsTeam(team));
+        });
+        return responseTeams;
+    }
+
+    @Get("/teams/donations")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsTeam, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten teams by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopTeamsByDonations() {
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
+        let topTeams = teams.sort((team1, team2) => team1.distanceDonationAmount - team2.distanceDonationAmount).slice(0, 9);
+        let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
+        topTeams.forEach(team => {
+            responseTeams.push(new ResponseStatsTeam(team));
+        });
+        return responseTeams;
+    }
+
+    @Get("/organisations/distance")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsOrgnisation, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten organisations by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopOrgsByDistance() {
+        let orgs = await getConnection().getRepository(RunnerOrganisation).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
+        let topOrgs = orgs.sort((org1, org2) => org1.distance - org2.distance).slice(0, 9);
+        let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
+        topOrgs.forEach(org => {
+            responseOrgs.push(new ResponseStatsOrgnisation(org));
+        });
+        return responseOrgs;
+    }
+
+    @Get("/organisations/donations")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsOrgnisation, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten organisations by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopOrgsByDonations() {
+        let orgs = await getConnection().getRepository(RunnerOrganisation).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
+        let topOrgs = orgs.sort((org1, org2) => org1.distanceDonationAmount - org2.distanceDonationAmount).slice(0, 9);
+        let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
+        topOrgs.forEach(org => {
+            responseOrgs.push(new ResponseStatsOrgnisation(org));
+        });
+        return responseOrgs;
+    }
+}

src/controllers/StatusController.ts

@@ -6,7 +6,7 @@ import { getConnection } from 'typeorm';
 export class StatusController {
 
     @Get()
-    @OpenAPI({ description: "Lists all tracks." })
+    @OpenAPI({ description: "A very basic status/health endpoint that just checks if the database connection is available. <br> The available information depth will be expanded later." })
     get() {
         let connection;
         try {

src/controllers/TrackController.ts

@@ -1,15 +1,15 @@
 import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
-import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
-import { TrackIdsNotMatchingError, TrackNotFoundError } from "../errors/TrackErrors";
+import { TrackIdsNotMatchingError, TrackLapTimeCantBeNegativeError, TrackNotFoundError } from "../errors/TrackErrors";
 import { CreateTrack } from '../models/actions/CreateTrack';
+import { UpdateTrack } from '../models/actions/UpdateTrack';
 import { Track } from '../models/entities/Track';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseTrack } from '../models/responses/ResponseTrack';
 
 @JsonController('/tracks')
-@OpenAPI({ security: [{ "AuthToken": [] }] })
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class TrackController {
 	private trackRepository: Repository<Track>;
 
@@ -23,6 +23,7 @@ export class TrackController {
 	@Get()
 	@Authorized("TRACK:GET")
 	@ResponseSchema(ResponseTrack, { isArray: true })
+	@OpenAPI({ description: 'Lists all tracks.' })
 	async getAll() {
 		let responseTracks: ResponseTrack[] = new Array<ResponseTrack>();
 		const tracks = await this.trackRepository.find();
@@ -37,7 +38,7 @@ export class TrackController {
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
 	@OnUndefined(TrackNotFoundError)
-	@OpenAPI({ description: "Returns a track of a specified id (if it exists)" })
+	@OpenAPI({ description: "Lists all information about the track whose id got provided." })
 	async getOne(@Param('id') id: number) {
 		let track = await this.trackRepository.findOne({ id: id });
 		if (!track) { throw new TrackNotFoundError(); }
@@ -47,7 +48,8 @@ export class TrackController {
 	@Post()
 	@Authorized("TRACK:CREATE")
 	@ResponseSchema(ResponseTrack)
-	@OpenAPI({ description: "Create a new track object (id will be generated automagicly)." })
+	@ResponseSchema(TrackLapTimeCantBeNegativeError, { statusCode: 406 })
+	@OpenAPI({ description: "Create a new track. <br> Please remember that the track\'s distance must be greater than 0." })
 	async post(
 		@Body({ validate: true })
 		track: CreateTrack
@@ -60,20 +62,21 @@ export class TrackController {
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
 	@ResponseSchema(TrackIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a track object (id can't be changed)." })
-	async put(@Param('id') id: number, @EntityFromBody() track: Track) {
+	@ResponseSchema(TrackLapTimeCantBeNegativeError, { statusCode: 406 })
+	@OpenAPI({ description: "Update the track whose id you provided. <br> Please remember that ids can't be changed." })
+	async put(@Param('id') id: number, @Body({ validate: true }) updateTrack: UpdateTrack) {
 		let oldTrack = await this.trackRepository.findOne({ id: id });
 
 		if (!oldTrack) {
 			throw new TrackNotFoundError();
 		}
 
-		if (oldTrack.id != track.id) {
+		if (oldTrack.id != updateTrack.id) {
 			throw new TrackIdsNotMatchingError();
 		}
+		await this.trackRepository.save(await updateTrack.updateTrack(oldTrack));
 
-		await this.trackRepository.save(track);
-		return new ResponseTrack(track);
+		return new ResponseTrack(await this.trackRepository.findOne({ id: id }));
 	}
 
 	@Delete('/:id')
@@ -81,7 +84,7 @@ export class TrackController {
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
-	@OpenAPI({ description: "Delete a specified track (if it exists)." })
+	@OpenAPI({ description: "Delete the track whose id you provided. <br> If no track with this id exists it will just return 204(no content)." })
 	async remove(@Param("id") id: number) {
 		let track = await this.trackRepository.findOne({ id: id });
 		if (!track) { return null; }

src/controllers/UserController.ts

@@ -12,7 +12,7 @@ import { PermissionController } from './PermissionController';
 
 
 @JsonController('/users')
-@OpenAPI({ security: [{ "AuthToken": [] }] })
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class UserController {
 	private userRepository: Repository<User>;
 
@@ -26,7 +26,7 @@ export class UserController {
 	@Get()
 	@Authorized("USER:GET")
 	@ResponseSchema(User, { isArray: true })
-	@OpenAPI({ description: 'Lists all users.' })
+	@OpenAPI({ description: 'Lists all users. <br> This includes their groups and permissions directly granted to them (if existing/associated).' })
 	async getAll() {
 		let responseUsers: ResponseUser[] = new Array<ResponseUser>();
 		const users = await this.userRepository.find({ relations: ['permissions', 'groups'] });
@@ -41,7 +41,7 @@ export class UserController {
 	@ResponseSchema(User)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserNotFoundError)
-	@OpenAPI({ description: 'Returns a user of a specified id (if it exists)' })
+	@OpenAPI({ description: 'Lists all information about the user whose id got provided. <br> Please remember that only permissions granted directly to the user will show up here, not permissions inherited from groups.' })
 	async getOne(@Param('id') id: number) {
 		let user = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups'] })
 		if (!user) { throw new UserNotFoundError(); }
@@ -52,7 +52,7 @@ export class UserController {
 	@Authorized("USER:CREATE")
 	@ResponseSchema(User)
 	@ResponseSchema(UserGroupNotFoundError)
-	@OpenAPI({ description: 'Create a new user object (id will be generated automagicly).' })
+	@OpenAPI({ description: 'Create a new user. <br> If you want to grant permissions to the user you have to create them seperately by posting to /api/permissions after creating the user.' })
 	async post(@Body({ validate: true }) createUser: CreateUser) {
 		let user;
 		try {
@@ -62,7 +62,7 @@ export class UserController {
 		}
 
 		user = await this.userRepository.save(user)
-		return new ResponseUser(await this.userRepository.findOne(user, { relations: ['permissions', 'groups'] }));
+		return new ResponseUser(await this.userRepository.findOne({ id: user.id }, { relations: ['permissions', 'groups'] }));
 	}
 
 	@Put('/:id')
@@ -70,7 +70,7 @@ export class UserController {
 	@ResponseSchema(User)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a user object (id can't be changed)." })
+	@OpenAPI({ description: "Update the user whose id you provided. <br> To change the permissions directly granted to the user please use /api/permissions instead. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @Body({ validate: true }) updateUser: UpdateUser) {
 		let oldUser = await this.userRepository.findOne({ id: id });
 
@@ -91,7 +91,7 @@ export class UserController {
 	@ResponseSchema(User)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete a user runner (if it exists).' })
+	@OpenAPI({ description: 'Delete the user whose id you provided. <br> If there are any permissions directly granted to the user they will get deleted as well. <br> If no user with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let user = await this.userRepository.findOne({ id: id });
 		if (!user) { return null; }

src/controllers/UserGroupController.ts

@@ -11,7 +11,7 @@ import { PermissionController } from './PermissionController';
 
 
 @JsonController('/usergroups')
-@OpenAPI({ security: [{ "AuthToken": [] }] })
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 export class UserGroupController {
 	private userGroupsRepository: Repository<UserGroup>;
 
@@ -25,9 +25,9 @@ export class UserGroupController {
 	@Get()
 	@Authorized("USERGROUP:GET")
 	@ResponseSchema(UserGroup, { isArray: true })
-	@OpenAPI({ description: 'Lists all usergroups.' })
+	@OpenAPI({ description: 'Lists all groups. <br> The information provided might change while the project continues to evolve.' })
 	getAll() {
-		return this.userGroupsRepository.find();
+		return this.userGroupsRepository.find({ relations: ["permissions"] });
 	}
 
 	@Get('/:id')
@@ -35,16 +35,16 @@ export class UserGroupController {
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserGroupNotFoundError)
-	@OpenAPI({ description: 'Returns a usergroup of a specified id (if it exists)' })
+	@OpenAPI({ description: 'Lists all information about the group whose id got provided. <br> The information provided might change while the project continues to evolve.' })
 	getOne(@Param('id') id: number) {
-		return this.userGroupsRepository.findOne({ id: id });
+		return this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] });
 	}
 
 	@Post()
 	@Authorized("USERGROUP:CREATE")
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError)
-	@OpenAPI({ description: 'Create a new usergroup object (id will be generated automagicly).' })
+	@OpenAPI({ description: 'Create a new group. <br> If you want to grant permissions to the group you have to create them seperately by posting to /api/permissions after creating the group.' })
 	async post(@Body({ validate: true }) createUserGroup: CreateUserGroup) {
 		let userGroup;
 		try {
@@ -61,9 +61,9 @@ export class UserGroupController {
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserGroupIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update a usergroup object (id can't be changed)." })
+	@OpenAPI({ description: "Update the group whose id you provided. <br> To change the permissions granted to the group please use /api/permissions instead. <br> Please remember that ids can't be changed." })
 	async put(@Param('id') id: number, @EntityFromBody() userGroup: UserGroup) {
-		let oldUserGroup = await this.userGroupsRepository.findOne({ id: id });
+		let oldUserGroup = await this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] });
 
 		if (!oldUserGroup) {
 			throw new UserGroupNotFoundError()
@@ -82,11 +82,11 @@ export class UserGroupController {
 	@ResponseSchema(ResponseUserGroup)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete a specified usergroup (if it exists).' })
+	@OpenAPI({ description: 'Delete the group whose id you provided. <br> If there are any permissions directly granted to the group they will get deleted as well. <br> Users associated with this group won\'t get deleted - just deassociated. <br> If no group with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
-		let group = await this.userGroupsRepository.findOne({ id: id });
+		let group = await this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] });
 		if (!group) { return null; }
-		const responseGroup = await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions'] });;
+		const responseGroup = await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions'] });
 
 		const permissionControler = new PermissionController();
 		for (let permission of responseGroup.permissions) {

src/errors/AuthError.ts

@@ -115,4 +115,26 @@ export class RefreshTokenCountInvalidError extends NotAcceptableError {
 
 	@IsString()
 	message = "Refresh token count is invalid."
+}
+
+/**
+ * Error to throw when someone tryes to reset a user's password more than once in 15 minutes.
+ */
+export class ResetAlreadyRequestedError extends NotAcceptableError {
+	@IsString()
+	name = "ResetAlreadyRequestedError"
+
+	@IsString()
+	message = "You already requested a password reset in the last 15 minutes. \n Please wait until the old reset code expires before requesting a new one."
+}
+
+/**
+ * Error to throw when someone tries a disabled user's password or login as a disabled user.
+ */
+export class UserDisabledError extends NotAcceptableError {
+	@IsString()
+	name = "UserDisabledError"
+
+	@IsString()
+	message = "This user is currently disabled. \n Please contact your administrator if this is a mistake."
 }

src/errors/DonorErrors.ts

@@ -0,0 +1,36 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw when a donor couldn't be found.
+ */
+export class DonorNotFoundError extends NotFoundError {
+	@IsString()
+	name = "DonorNotFoundError"
+
+	@IsString()
+	message = "Donor not found!"
+}
+
+/**
+ * Error to throw when two donors' ids don't match.
+ * Usually occurs when a user tries to change a donor's id.
+ */
+export class DonorIdsNotMatchingError extends NotAcceptableError {
+	@IsString()
+	name = "DonorIdsNotMatchingError"
+
+	@IsString()
+	message = "The ids don't match! \n And if you wanted to change a donor's id: This isn't allowed!"
+}
+
+/**
+ * Error to throw when a donor needs a receipt, but no address is associated with them.
+ */
+export class DonorReceiptAddressNeededError extends NotAcceptableError {
+	@IsString()
+	name = "DonorReceiptAddressNeededError"
+
+	@IsString()
+	message = "An address is needed to create a receipt for a donor. \n You didn't provide one."
+}

src/errors/StatsClientErrors.ts

@@ -0,0 +1,25 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw, when a non-existant stats client get's loaded.
+ */
+export class StatsClientNotFoundError extends NotFoundError {
+	@IsString()
+	name = "StatsClientNotFoundError"
+
+	@IsString()
+	message = "The stats client you provided couldn't be located in the system. \n Please check your request."
+}
+
+/**
+ * Error to throw when two stats clients' ids don't match.
+ * Usually occurs when a user tries to change a stats client's id.
+ */
+export class StatsClientIdsNotMatchingError extends NotAcceptableError {
+	@IsString()
+	name = "StatsClientIdsNotMatchingError"
+
+	@IsString()
+	message = "The ids don't match! \n And if you wanted to change a stats client's id: This isn't allowed!"
+}

src/errors/TrackErrors.ts

@@ -22,4 +22,15 @@ export class TrackIdsNotMatchingError extends NotAcceptableError {
 
 	@IsString()
 	message = "The ids don't match! \n And if you wanted to change a track's id: This isn't allowed"
+}
+
+/**
+ * Error to throw when a track's lap time is set to a negative value.
+ */
+export class TrackLapTimeCantBeNegativeError extends NotAcceptableError {
+	@IsString()
+	name = "TrackLapTimeCantBeNegativeError"
+
+	@IsString()
+	message = "The minimum lap time you provided is negative - That isn't possible. \n If you wanted to disable it: Just set it to 0/null."
 }

src/jwtcreator.ts

@@ -33,6 +33,20 @@ export class JwtCreator {
             exp: expiry_timestamp
         }, config.jwt_secret)
     }
+
+    /**
+     * Creates a new password reset token for a given user.
+     * The token is valid for 15 minutes or 1 use - whatever comes first.
+     * @param user User entity that the password reset token shall be created for
+     */
+    public static createReset(user: User) {
+        let expiry_timestamp = Math.floor(Date.now() / 1000) + 15 * 60;
+        return jsonwebtoken.sign({
+            id: user.id,
+            refreshTokenCount: user.refreshTokenCount,
+            exp: expiry_timestamp
+        }, config.jwt_secret)
+    }
 }
 
 /**

src/loaders/express.ts

@@ -6,6 +6,8 @@ import { Application } from "express";
  */
 export default async (app: Application) => {
 	app.enable('trust proxy');
+	app.disable('x-powered-by');
+	app.disable('x-served-by');
 	app.use(cookieParser());
 	return app;
 };

src/loaders/openapi.ts

@@ -1,8 +1,8 @@
 import { validationMetadatasToSchemas } from "class-validator-jsonschema";
-import { Application } from "express";
+import express, { Application } from "express";
+import path from 'path';
 import { getMetadataArgsStorage } from "routing-controllers";
 import { routingControllersToSpec } from "routing-controllers-openapi";
-import * as swaggerUiExpress from "swagger-ui-express";
 
 /**
  * Loader for everything openapi related - from creating the schema to serving it via a static route and swaggerUiExpress.
@@ -29,28 +29,30 @@ export default async (app: Application) => {
             "scheme": "bearer",
             "bearerFormat": "JWT",
             description: "A JWT based access token. Use /api/auth/login or /api/auth/refresh to get one."
+          },
+          "RefreshTokenCookie": {
+            "type": "apiKey",
+            "in": "cookie",
+            "name": "lfk_backend__refresh_token",
+            description: "A cookie containing a JWT based refreh token. Attention: Doesn't work in swagger-ui. Use /api/auth/login or /api/auth/refresh to get one."
+          },
+          "StatsApiToken": {
+            "type": "http",
+            "scheme": "bearer",
+            description: "Api token that can be obtained by creating a new stats client (post to /api/statsclients)."
           }
         }
       },
       info: {
         description: "The the backend API for the LfK! runner system.",
         title: "LfK! Backend API",
-        version: "1.0.0",
+        version: "0.0.5",
       },
     }
   );
-
-  //Options for swaggerUiExpress
-  const options = {
-    explorer: true,
-  };
-  app.use(
-    "/api/docs",
-    swaggerUiExpress.serve,
-    swaggerUiExpress.setup(spec, options)
-  );
-  app.get(["/api/openapi.json", "/api/swagger.json"], (req, res) => {
+  app.get(["/api/docs/openapi.json", "/api/docs/swagger.json"], (req, res) => {
     res.json(spec);
   });
+  app.use('/api/docs', express.static(path.join(__dirname, '../static/docs'), { index: "index.html", extensions: ['html'] }));
   return app;
 };

src/middlewares/StatsAuth.ts

@@ -0,0 +1,65 @@
+import * as argon2 from "argon2";
+import { Request, Response } from 'express';
+import { getConnectionManager } from 'typeorm';
+import { StatsClient } from '../models/entities/StatsClient';
+import authchecker from './authchecker';
+
+/**
+ * This middleware handels the authentification of stats client api tokens.
+ * The tokens have to be provided via Bearer auth header.
+ * @param req Express request object.
+ * @param res Express response object.
+ * @param next Next function to call on success.
+ */
+const StatsAuth = async (req: Request, res: Response, next: () => void) => {
+    let provided_token: string = req.headers["authorization"];
+    if (provided_token == "" || provided_token === undefined || provided_token === null) {
+        res.status(401).send("No api token provided.");
+        return;
+    }
+
+    try {
+        provided_token = provided_token.replace("Bearer ", "");
+    } catch (error) {
+        res.status(401).send("No valid jwt or api token provided.");
+        return;
+    }
+
+    let prefix = "";
+    try {
+        prefix = provided_token.split(".")[0];
+    }
+    finally {
+        if (prefix == "" || prefix == undefined || prefix == null) {
+            res.status(401).send("Api token non-existant or invalid syntax.");
+            return;
+        }
+    }
+
+    const client = await getConnectionManager().get().getRepository(StatsClient).findOne({ prefix: prefix });
+    if (!client) {
+        let user_authorized = false;
+        try {
+            let action = { request: req, response: res, context: null, next: next }
+            user_authorized = await authchecker(action, ["RUNNER:GET", "TEAM:GET", "ORGANISATION:GET"]);
+        }
+        finally {
+            if (user_authorized == false) {
+                res.status(401).send("Api token non-existant or invalid syntax.");
+                return;
+            }
+            else {
+                next();
+            }
+        }
+    }
+    else {
+        if (!(await argon2.verify(client.key, provided_token))) {
+            res.status(401).send("Api token invalid.");
+            return;
+        }
+
+        next();
+    }
+}
+export default StatsAuth;

src/middlewares/authchecker.ts

@@ -2,10 +2,10 @@ import cookie from "cookie";
 import * as jwt from "jsonwebtoken";
 import { Action } from "routing-controllers";
 import { getConnectionManager } from 'typeorm';
-import { config } from './config';
-import { IllegalJWTError, NoPermissionError, UserNonexistantOrRefreshtokenInvalidError } from './errors/AuthError';
-import { JwtCreator, JwtUser } from './jwtcreator';
-import { User } from './models/entities/User';
+import { config } from '../config';
+import { IllegalJWTError, NoPermissionError, UserDisabledError, UserNonexistantOrRefreshtokenInvalidError } from '../errors/AuthError';
+import { JwtCreator, JwtUser } from '../jwtcreator';
+import { User } from '../models/entities/User';
 
 /**
  * Handels authorisation verification via jwt's for all api endpoints using the @Authorized decorator.
@@ -31,6 +31,7 @@ const authchecker = async (action: Action, permissions: string[] | string) => {
 
     const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] }, { relations: ['permissions'] })
     if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
+    if (user.enabled == false) { throw new UserDisabledError(); }
     if (!jwtPayload["permissions"]) { throw new NoPermissionError(); }
 
     action.response.local = {}
@@ -63,6 +64,7 @@ const refresh = async (action: Action) => {
 
     const user = await getConnectionManager().get().getRepository(User).findOne({ id: jwtPayload["id"], refreshTokenCount: jwtPayload["refreshTokenCount"] }, { relations: ['permissions', 'groups', 'groups.permissions'] })
     if (!user) { throw new UserNonexistantOrRefreshtokenInvalidError() }
+    if (user.enabled == false) { throw new UserDisabledError(); }
 
     let newAccess = JwtCreator.createAccess(user);
     action.response.header("authorization", "Bearer " + newAccess);

src/models/actions/CreateAddress.ts

@@ -1,4 +1,5 @@
 import { IsNotEmpty, IsOptional, IsPostalCode, IsString } from 'class-validator';
+import { config } from '../../config';
 import { Address } from '../entities/Address';
 
 /**
@@ -35,7 +36,7 @@ export class CreateAddress {
      */
     @IsString()
     @IsNotEmpty()
-    @IsPostalCode("DE")
+    @IsPostalCode(config.postalcode_validation_countrycode)
     postalcode: string;
 
     /**

src/models/actions/CreateAuth.ts

@@ -1,7 +1,7 @@
 import * as argon2 from "argon2";
 import { IsEmail, IsNotEmpty, IsOptional, IsString } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
-import { InvalidCredentialsError, PasswordNeededError, UserNotFoundError } from '../../errors/AuthError';
+import { InvalidCredentialsError, PasswordNeededError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
 import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
 import { JwtCreator } from '../../jwtcreator';
 import { User } from '../entities/User';
@@ -55,6 +55,7 @@ export class CreateAuth {
         if (!found_user) {
             throw new UserNotFoundError();
         }
+        if (found_user.enabled == false) { throw new UserDisabledError(); }
         if (!(await argon2.verify(found_user.password, this.password + found_user.uuid))) {
             throw new InvalidCredentialsError();
         }

src/models/actions/CreateDonor.ts

@@ -0,0 +1,38 @@
+import { IsBoolean, IsOptional } from 'class-validator';
+import { DonorReceiptAddressNeededError } from '../../errors/DonorErrors';
+import { Donor } from '../entities/Donor';
+import { CreateParticipant } from './CreateParticipant';
+
+/**
+ * This classed is used to create a new Donor entity from a json body (post request).
+ */
+export class CreateDonor extends CreateParticipant {
+
+    /**
+     * Does this donor need a receipt?
+     */
+    @IsBoolean()
+    @IsOptional()
+    receiptNeeded?: boolean = false;
+
+    /**
+     * Creates a new Donor entity from this.
+     */
+    public async toDonor(): Promise<Donor> {
+        let newDonor: Donor = new Donor();
+
+        newDonor.firstname = this.firstname;
+        newDonor.middlename = this.middlename;
+        newDonor.lastname = this.lastname;
+        newDonor.phone = this.phone;
+        newDonor.email = this.email;
+        newDonor.address = await this.getAddress();
+        newDonor.receiptNeeded = this.receiptNeeded;
+
+        if (this.receiptNeeded == true && this.address == null) {
+            throw new DonorReceiptAddressNeededError()
+        }
+
+        return newDonor;
+    }
+}

src/models/actions/CreateResetToken.ts

@@ -0,0 +1,50 @@
+import { IsEmail, IsOptional, IsString } from 'class-validator';
+import { getConnectionManager } from 'typeorm';
+import { ResetAlreadyRequestedError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
+import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
+import { JwtCreator } from '../../jwtcreator';
+import { User } from '../entities/User';
+
+/**
+ * This calss is used to create password reset tokens for users.
+ * These password reset token can be used to set a new password for the user for the next 15mins.
+ */
+export class CreateResetToken {
+    /**
+     * The username of the user that wants to reset their password.
+     */
+    @IsOptional()
+    @IsString()
+    username?: string;
+
+    /**
+     * The email address of the user that wants to reset their password.
+     */
+    @IsOptional()
+    @IsEmail()
+    @IsString()
+    email?: string;
+
+
+    /**
+     * Create a password reset token based on this.
+     */
+    public async toResetToken(): Promise<any> {
+        if (this.email === undefined && this.username === undefined) {
+            throw new UsernameOrEmailNeededError();
+        }
+        let found_user = await getConnectionManager().get().getRepository(User).findOne({ where: [{ username: this.username }, { email: this.email }] });
+        if (!found_user) { throw new UserNotFoundError(); }
+        if (found_user.enabled == false) { throw new UserDisabledError(); }
+        if (found_user.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 15 * 60)) { throw new ResetAlreadyRequestedError(); }
+
+        found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
+        found_user.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
+        await getConnectionManager().get().getRepository(User).save(found_user);
+
+        //Create the reset token
+        let reset_token = JwtCreator.createReset(found_user);
+
+        return reset_token;
+    }
+}

src/models/actions/CreateRunnerOrganisation.ts

@@ -41,7 +41,7 @@ export class CreateRunnerOrganisation extends CreateRunnerGroup {
 
         newRunnerOrganisation.name = this.name;
         newRunnerOrganisation.contact = await this.getContact();
-        newRunnerOrganisation.address = await this.getAddress();
+        // newRunnerOrganisation.address = await this.getAddress();
 
         return newRunnerOrganisation;
     }

src/models/actions/CreateStatsClient.ts

@@ -0,0 +1,33 @@
+import * as argon2 from "argon2";
+import { IsOptional, IsString } from 'class-validator';
+import crypto from 'crypto';
+import * as uuid from 'uuid';
+import { StatsClient } from '../entities/StatsClient';
+
+/**
+ * This classed is used to create a new StatsClient entity from a json body (post request).
+ */
+export class CreateStatsClient {
+    /**
+     * The new client's description.
+     */
+    @IsString()
+    @IsOptional()
+    description?: string;
+
+    /**
+     * Converts this to a StatsClient entity.
+     */
+    public async toStatsClient(): Promise<StatsClient> {
+        let newClient: StatsClient = new StatsClient();
+
+        newClient.description = this.description;
+
+        let newUUID = uuid.v4().toUpperCase();
+        newClient.prefix = crypto.createHash("sha3-512").update(newUUID).digest('hex').substring(0, 7).toUpperCase();
+        newClient.key = await argon2.hash(newClient.prefix + "." + newUUID);
+        newClient.cleartextkey = newClient.prefix + "." + newUUID;
+
+        return newClient;
+    }
+}

src/models/actions/CreateTrack.ts

@@ -1,4 +1,5 @@
-import { IsInt, IsNotEmpty, IsPositive, IsString } from 'class-validator';
+import { IsInt, IsNotEmpty, IsOptional, IsPositive, IsString } from 'class-validator';
+import { TrackLapTimeCantBeNegativeError } from '../../errors/TrackErrors';
 import { Track } from '../entities/Track';
 
 /**
@@ -19,6 +20,14 @@ export class CreateTrack {
     @IsPositive()
     distance: number;
 
+    /**
+     * The minimum time a runner should take to run a lap on this track (in seconds).
+     * Will be used for fraud detection.
+     */
+    @IsInt()
+    @IsOptional()
+    minimumLapTime: number;
+
     /**
      * Creates a new Track entity from this.
      */
@@ -27,6 +36,10 @@ export class CreateTrack {
 
         newTrack.name = this.name;
         newTrack.distance = this.distance;
+        newTrack.minimumLapTime = this.minimumLapTime;
+        if (this.minimumLapTime < 0) {
+            throw new TrackLapTimeCantBeNegativeError();
+        }
 
         return newTrack;
     }

src/models/actions/CreateUser.ts

@@ -1,5 +1,5 @@
 import * as argon2 from "argon2";
-import { IsEmail, IsOptional, IsPhoneNumber, IsString } from 'class-validator';
+import { IsBoolean, IsEmail, IsOptional, IsPhoneNumber, IsString } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import * as uuid from 'uuid';
 import { config } from '../../config';
@@ -63,6 +63,14 @@ export class CreateUser {
     @IsString()
     password: string;
 
+    /**
+     * Will the new user be enabled from the start?
+     * Default: true
+     */
+    @IsBoolean()
+    @IsOptional()
+    enabled?: boolean = true;
+
     /**
      * The new user's groups' id(s).
      * You can provide either one groupId or an array of groupIDs.
@@ -91,6 +99,7 @@ export class CreateUser {
         newUser.phone = this.phone
         newUser.password = await argon2.hash(this.password + newUser.uuid);
         newUser.groups = await this.getGroups();
+        newUser.enabled = this.enabled;
         //TODO: ProfilePics
 
         return newUser;

src/models/actions/RefreshAuth.ts

@@ -2,7 +2,7 @@ import { IsOptional, IsString } from 'class-validator';
 import * as jsonwebtoken from 'jsonwebtoken';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../config';
-import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError';
+import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
 import { JwtCreator } from "../../jwtcreator";
 import { User } from '../entities/User';
 import { Auth } from '../responses/ResponseAuth';
@@ -39,6 +39,7 @@ export class RefreshAuth {
         if (!found_user) {
             throw new UserNotFoundError()
         }
+        if (found_user.enabled == false) { throw new UserDisabledError(); }
         if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) {
             throw new RefreshTokenCountInvalidError()
         }

src/models/actions/ResetPassword.ts

@@ -0,0 +1,57 @@
+import * as argon2 from "argon2";
+import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
+import * as jsonwebtoken from 'jsonwebtoken';
+import { getConnectionManager } from 'typeorm';
+import { config } from '../../config';
+import { IllegalJWTError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError';
+import { User } from '../entities/User';
+
+/**
+ * This class can be used to reset a user's password.
+ * To set a new password the user needs to provide a valid password reset token.
+ */
+export class ResetPassword {
+    /**
+     * The reset token on which the password reset will be based.
+     */
+    @IsOptional()
+    @IsString()
+    resetToken?: string;
+
+    /**
+     * The user's new password
+     */
+    @IsNotEmpty()
+    @IsString()
+    password: string;
+
+
+    /**
+     * Create a password reset token based on this.
+     */
+    public async resetPassword(): Promise<any> {
+        if (!this.resetToken || this.resetToken === undefined) {
+            throw new JwtNotProvidedError()
+        }
+        if (!this.password || this.password === undefined) {
+            throw new PasswordNeededError()
+        }
+
+        let decoded;
+        try {
+            decoded = jsonwebtoken.verify(this.resetToken, config.jwt_secret)
+        } catch (error) {
+            throw new IllegalJWTError()
+        }
+
+        const found_user = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["id"] });
+        if (!found_user) { throw new UserNotFoundError(); }
+        if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) { throw new RefreshTokenCountInvalidError(); }
+
+        found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
+        found_user.password = await argon2.hash(this.password + found_user.uuid);
+        await getConnectionManager().get().getRepository(User).save(found_user);
+
+        return "password reset successfull";
+    }
+}

src/models/actions/UpdateDonor.ts

@@ -0,0 +1,44 @@
+import { IsBoolean, IsInt, IsOptional } from 'class-validator';
+import { DonorReceiptAddressNeededError } from '../../errors/DonorErrors';
+import { Donor } from '../entities/Donor';
+import { CreateParticipant } from './CreateParticipant';
+
+/**
+ * This class is used to update a Donor entity (via put request).
+ */
+export class UpdateDonor extends CreateParticipant {
+
+    /**
+     * The updated donor's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * Does the updated donor need a receipt?
+     */
+    @IsBoolean()
+    @IsOptional()
+    receiptNeeded?: boolean;
+
+
+    /**
+     * Updates a provided Donor entity based on this.
+     */
+    public async updateDonor(donor: Donor): Promise<Donor> {
+        donor.firstname = this.firstname;
+        donor.middlename = this.middlename;
+        donor.lastname = this.lastname;
+        donor.phone = this.phone;
+        donor.email = this.email;
+        donor.receiptNeeded = this.receiptNeeded;
+        donor.address = await this.getAddress();
+
+        if (this.receiptNeeded == true && this.address == null) {
+            throw new DonorReceiptAddressNeededError()
+        }
+
+        return donor;
+    }
+}

src/models/actions/UpdateRunnerOrganisation.ts

@@ -45,7 +45,7 @@ export class UpdateRunnerOrganisation extends CreateRunnerGroup {
 
         organisation.name = this.name;
         organisation.contact = await this.getContact();
-        organisation.address = await this.getAddress();
+        // organisation.address = await this.getAddress();
 
         return organisation;
     }

src/models/actions/UpdateTrack.ts

@@ -0,0 +1,50 @@
+import { IsInt, IsNotEmpty, IsOptional, IsPositive, IsString } from 'class-validator';
+import { TrackLapTimeCantBeNegativeError } from '../../errors/TrackErrors';
+import { Track } from '../entities/Track';
+
+/**
+ * This class is used to update a Track entity (via put request).
+ */
+export class UpdateTrack {
+    /**
+     * The updated track's id.
+     * This shouldn't have changed but it is here in case anyone ever wants to enable id changes (whyever they would want to).
+     */
+    @IsInt()
+    id: number;
+
+    @IsString()
+    @IsNotEmpty()
+    name: string;
+
+    /**
+     * The updated track's distance in meters (must be greater than 0).
+     */
+    @IsInt()
+    @IsPositive()
+    distance: number;
+
+    /**
+     * The minimum time a runner should take to run a lap on this track (in seconds).
+     * Will be used for fraud detection.
+     */
+    @IsInt()
+    @IsOptional()
+    minimumLapTime: number;
+
+
+    /**
+     * Update a Track entity based on this.
+     * @param track The track that shall be updated.
+     */
+    public updateTrack(track: Track): Track {
+        track.name = this.name;
+        track.distance = this.distance;
+        track.minimumLapTime = this.minimumLapTime;
+        if (this.minimumLapTime < 0) {
+            throw new TrackLapTimeCantBeNegativeError();
+        }
+
+        return track;
+    }
+}

src/models/entities/Address.ts

@@ -6,8 +6,8 @@ import {
   IsString
 } from "class-validator";
 import { Column, Entity, OneToMany, PrimaryGeneratedColumn } from "typeorm";
-import { Participant } from "./Participant";
-import { RunnerOrganisation } from "./RunnerOrganisation";
+import { config } from '../../config';
+import { IAddressUser } from './IAddressUser';
 
 /**
  * Defines the Address entity.
@@ -52,12 +52,11 @@ export class Address {
   /**
    * The address's postal code.
    * This will get checked against the postal code syntax for the configured country.
-   * TODO: Implement the config option. 
    */
   @Column()
   @IsString()
   @IsNotEmpty()
-  @IsPostalCode("DE")
+  @IsPostalCode(config.postalcode_validation_countrycode)
   postalcode: string;
 
   /**
@@ -79,12 +78,6 @@ export class Address {
   /**
    * Used to link the address to participants.
    */
-  @OneToMany(() => Participant, participant => participant.address, { nullable: true })
-  participants: Participant[];
-
-  /**
-   * Used to link the address to runner groups.
-   */
-  @OneToMany(() => RunnerOrganisation, group => group.address, { nullable: true })
-  groups: RunnerOrganisation[];
+  @OneToMany(() => IAddressUser, addressUser => addressUser.address, { nullable: true })
+  addressUsers: IAddressUser[];
 }

src/models/entities/Donation.ts

@@ -3,7 +3,7 @@ import {
   IsNotEmpty
 } from "class-validator";
 import { Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
-import { Participant } from "./Participant";
+import { Donor } from './Donor';
 
 /**
  * Defines the Donation entity.
@@ -24,12 +24,12 @@ export abstract class Donation {
    * The donations's donor.
    */
   @IsNotEmpty()
-  @ManyToOne(() => Participant, donor => donor.donations)
-  donor: Participant;
+  @ManyToOne(() => Donor, donor => donor.donations)
+  donor: Donor;
 
   /**
    * The donation's amount in cents (or whatever your currency's smallest unit is.).
    * The exact implementation may differ for each type of donation.
    */
-  abstract amount: number | Promise<number>;
+  abstract amount: number;
 }

src/models/entities/Donor.ts

@@ -1,5 +1,6 @@
 import { IsBoolean } from "class-validator";
-import { ChildEntity, Column } from "typeorm";
+import { ChildEntity, Column, OneToMany } from "typeorm";
+import { Donation } from './Donation';
 import { Participant } from "./Participant";
 
 /**
@@ -14,4 +15,11 @@ export class Donor extends Participant {
   @Column()
   @IsBoolean()
   receiptNeeded: boolean = false;
+
+  /**
+ * Used to link the participant as the donor of a donation.
+ * Attention: Only runner's can be associated as a distanceDonations distance source.
+ */
+  @OneToMany(() => Donation, donation => donation.donor, { nullable: true })
+  donations: Donation[];
 }

src/models/entities/GroupContact.ts

@@ -10,6 +10,7 @@ import {
 import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn } from "typeorm";
 import { config } from '../../config';
 import { Address } from "./Address";
+import { IAddressUser } from './IAddressUser';
 import { RunnerGroup } from "./RunnerGroup";
 
 /**
@@ -17,7 +18,7 @@ import { RunnerGroup } from "./RunnerGroup";
  * Mainly it's own class to reduce duplicate code and enable contact's to be associated with multiple groups.
 */
 @Entity()
-export class GroupContact {
+export class GroupContact implements IAddressUser {
   /**
    * Autogenerated unique id (primary key).
    */
@@ -54,7 +55,7 @@ export class GroupContact {
    * This is a address object to prevent any formatting differences.
    */
   @IsOptional()
-  @ManyToOne(() => Address, address => address.participants, { nullable: true })
+  @ManyToOne(() => Address, address => address.addressUsers, { nullable: true })
   address?: Address;
 
   /**

src/models/entities/IAddressUser.ts

@@ -0,0 +1,15 @@
+import { Entity, ManyToOne, PrimaryColumn } from 'typeorm';
+import { Address } from './Address';
+
+/**
+ * The interface(tm) all entities using addresses have to implement.
+ * This is a abstract class, because apparently typeorm can't really work with interfaces :/
+ */
+@Entity()
+export abstract class IAddressUser {
+    @PrimaryColumn()
+    id: number;
+
+    @ManyToOne(() => Address, address => address.addressUsers, { nullable: true })
+    address?: Address
+}

src/models/entities/Participant.ts

@@ -7,10 +7,10 @@ import {
 
   IsString
 } from "class-validator";
-import { Column, Entity, ManyToOne, OneToMany, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
+import { Column, Entity, ManyToOne, PrimaryGeneratedColumn, TableInheritance } from "typeorm";
 import { config } from '../../config';
 import { Address } from "./Address";
-import { Donation } from "./Donation";
+import { IAddressUser } from './IAddressUser';
 
 /**
  * Defines the Participant entity.
@@ -18,7 +18,7 @@ import { Donation } from "./Donation";
 */
 @Entity()
 @TableInheritance({ column: { name: "type", type: "varchar" } })
-export abstract class Participant {
+export abstract class Participant implements IAddressUser {
   /**
    * Autogenerated unique id (primary key).
    */
@@ -54,7 +54,7 @@ export abstract class Participant {
    * The participant's address.
    * This is a address object to prevent any formatting differences.
    */
-  @ManyToOne(() => Address, address => address.participants, { nullable: true })
+  @ManyToOne(() => Address, address => address.addressUsers, { nullable: true })
   address?: Address;
 
   /**
@@ -74,11 +74,4 @@ export abstract class Participant {
   @IsOptional()
   @IsEmail()
   email?: string;
-
-  /**
-   * Used to link the participant as the donor of a donation.
-   * Attention: Only runner's can be associated as a distanceDonations distance source.
-   */
-  @OneToMany(() => Donation, donation => donation.donor, { nullable: true })
-  donations: Donation[];
 }

src/models/entities/Runner.ts

@@ -18,7 +18,7 @@ export class Runner extends Participant {
    * Can be a runner team or organisation.
    */
   @IsNotEmpty()
-  @ManyToOne(() => RunnerGroup, group => group.runners, { nullable: false })
+  @ManyToOne(() => RunnerGroup, group => group.runners)
   group: RunnerGroup;
 
   /**
@@ -58,4 +58,12 @@ export class Runner extends Participant {
   public get distance(): number {
     return this.validScans.reduce((sum, current) => sum + current.distance, 0);
   }
+
+  /**
+   * Returns the total donations a runner has collected based on his linked donations and distance ran.
+  */
+  @IsInt()
+  public get distanceDonationAmount(): number {
+    return this.distanceDonations.reduce((sum, current) => sum + current.amountPerDistance, 0) * this.distance;
+  }
 }

src/models/entities/RunnerGroup.ts

@@ -44,4 +44,20 @@ export abstract class RunnerGroup {
    */
   @OneToMany(() => Runner, runner => runner.group, { nullable: true })
   runners: Runner[];
+
+  /**
+   * Returns the total distance ran by this group's runners based on all their valid scans.
+  */
+  @IsInt()
+  public get distance(): number {
+    return this.runners.reduce((sum, current) => sum + current.distance, 0);
+  }
+
+  /**
+   * Returns the total donations a runner has collected based on his linked donations and distance ran.
+  */
+  @IsInt()
+  public get distanceDonationAmount(): number {
+    return this.runners.reduce((sum, current) => sum + current.distanceDonationAmount, 0);
+  }
 }

src/models/entities/RunnerOrganisation.ts

@@ -1,6 +1,8 @@
-import { IsOptional } from "class-validator";
+import { IsInt, IsOptional } from "class-validator";
 import { ChildEntity, ManyToOne, OneToMany } from "typeorm";
-import { Address } from "./Address";
+import { Address } from './Address';
+import { IAddressUser } from './IAddressUser';
+import { Runner } from './Runner';
 import { RunnerGroup } from "./RunnerGroup";
 import { RunnerTeam } from "./RunnerTeam";
 
@@ -9,13 +11,13 @@ import { RunnerTeam } from "./RunnerTeam";
  * This usually is a school, club or company.
 */
 @ChildEntity()
-export class RunnerOrganisation extends RunnerGroup {
+export class RunnerOrganisation extends RunnerGroup implements IAddressUser {
 
   /**
    * The organisations's address.
    */
   @IsOptional()
-  @ManyToOne(() => Address, address => address.groups, { nullable: true })
+  @ManyToOne(() => Address, address => address.addressUsers, { nullable: true })
   address?: Address;
 
   /**
@@ -24,4 +26,32 @@ export class RunnerOrganisation extends RunnerGroup {
    */
   @OneToMany(() => RunnerTeam, team => team.parentGroup, { nullable: true })
   teams: RunnerTeam[];
+
+  /**
+   * Returns all runners associated with this organisation (directly or indirectly via teams).
+   */
+  public get allRunners(): Runner[] {
+    let returnRunners: Runner[] = new Array<Runner>();
+    returnRunners.push(...this.runners);
+    for (let team of this.teams) {
+      returnRunners.push(...team.runners)
+    }
+    return returnRunners;
+  }
+
+  /**
+   * Returns the total distance ran by this group's runners based on all their valid scans.
+  */
+  @IsInt()
+  public get distance(): number {
+    return this.allRunners.reduce((sum, current) => sum + current.distance, 0);
+  }
+
+  /**
+   * Returns the total donations a runner has collected based on his linked donations and distance ran.
+  */
+  @IsInt()
+  public get distanceDonationAmount(): number {
+    return this.allRunners.reduce((sum, current) => sum + current.distanceDonationAmount, 0);
+  }
 }

src/models/entities/StatsClient.ts

@@ -0,0 +1,48 @@
+import { IsInt, IsOptional, IsString } from "class-validator";
+import { Column, Entity, PrimaryGeneratedColumn } from "typeorm";
+/**
+ * Defines the StatsClient entity.
+ * StatsClients can be used to access the protected parts of the stats api (top runners, donators and so on).
+*/
+@Entity()
+export class StatsClient {
+    /**
+     * Autogenerated unique id (primary key).
+     */
+    @PrimaryGeneratedColumn()
+    @IsInt()
+    id: number;
+
+    /**
+     * The clients's description.
+     * Mostly for better UX when traceing back stuff.
+     */
+    @Column({ nullable: true })
+    @IsOptional()
+    @IsString()
+    description?: string;
+
+    /**
+     * The client's api key prefix.
+     * This is used identitfy a client by it's api key.
+     */
+    @Column({ unique: true })
+    @IsString()
+    prefix: string;
+
+    /**
+     * The client's api key hash.
+     * The api key can be used to authenticate against the /stats/** routes.
+     */
+    @Column()
+    @IsString()
+    key: string;
+
+    /**
+     * The client's api key in plain text.
+     * This will only be used to display the full key on creation and updates.
+     */
+    @IsString()
+    @IsOptional()
+    cleartextkey?: string;
+}

src/models/entities/Track.ts

@@ -1,6 +1,7 @@
 import {
   IsInt,
   IsNotEmpty,
+  IsOptional,
   IsPositive,
   IsString
 } from "class-validator";
@@ -18,7 +19,7 @@ export class Track {
    */
   @PrimaryGeneratedColumn()
   @IsInt()
-  id: number;;
+  id: number;
 
   /**
    * The track's name.
@@ -38,6 +39,15 @@ export class Track {
   @IsPositive()
   distance: number;
 
+  /**
+   * The minimum time a runner should take to run a lap on this track (in seconds).
+   * Will be used for fraud detection.
+   */
+  @Column({ nullable: true })
+  @IsInt()
+  @IsOptional()
+  minimumLapTime?: number;
+
   /**
    * Used to link scan stations to a certain track.
    * This makes the configuration of the scan stations easier.

src/models/entities/User.ts

@@ -106,11 +106,20 @@ export class User extends Principal {
   * The user's profile picture.
   * We haven't decided yet if this will be a bas64 encoded image or just a link to the profile picture.
   */
-  @Column({ nullable: true, unique: true })
+  @Column({ nullable: true, unique: false })
   @IsString()
   @IsOptional()
   profilePic?: string;
 
+  /**
+  * The last time the user requested a password reset.
+  * Used to prevent spamming of the password reset route.
+  */
+  @Column({ nullable: true, unique: false })
+  @IsString()
+  @IsOptional()
+  resetRequestedTimestamp?: number;
+
   /**
    * The actions performed by this user.
    * For documentation purposes only, will be implemented later.

src/models/enums/PermissionTargets.ts

@@ -8,5 +8,7 @@ export enum PermissionTarget {
     TRACK = 'TRACK',
     USER = 'USER',
     USERGROUP = 'USERGROUP',
-    PERMISSION = 'PERMISSION'
+    PERMISSION = 'PERMISSION',
+    STATSCLIENT = 'STATSCLIENT',
+    DONOR = 'DONOR'
 }

src/models/responses/ResponseDonor.ts

@@ -0,0 +1,26 @@
+import {
+    IsBoolean
+} from "class-validator";
+import { Donor } from '../entities/Donor';
+import { ResponseParticipant } from './ResponseParticipant';
+
+/**
+ * Defines the donor response.
+*/
+export class ResponseDonor extends ResponseParticipant {
+
+    /**
+     * Does this donor need a receipt?
+     */
+    @IsBoolean()
+    receiptNeeded: boolean;
+
+    /**
+     * Creates a ResponseRunner object from a runner.
+     * @param runner The user the response shall be build for.
+     */
+    public constructor(donor: Donor) {
+        super(donor);
+        this.receiptNeeded = donor.receiptNeeded;
+    }
+}

src/models/responses/ResponseRunnerOrganisation.ts

@@ -1,7 +1,8 @@
 import {
     IsArray,
-    IsNotEmpty,
-    IsObject
+
+    IsObject,
+    IsOptional
 } from "class-validator";
 import { Address } from '../entities/Address';
 import { RunnerOrganisation } from '../entities/RunnerOrganisation';
@@ -17,7 +18,7 @@ export class ResponseRunnerOrganisation extends ResponseRunnerGroup {
      * The runnerOrganisation's address.
      */
     @IsObject()
-    @IsNotEmpty()
+    @IsOptional()
     address?: Address;
 
     /**

src/models/responses/ResponseStats.ts

@@ -0,0 +1,83 @@
+import {
+    IsInt
+} from "class-validator";
+import { Donation } from '../entities/Donation';
+import { Runner } from '../entities/Runner';
+import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+import { RunnerTeam } from '../entities/RunnerTeam';
+import { Scan } from '../entities/Scan';
+import { User } from '../entities/User';
+
+/**
+ * Defines the stats response.
+ * The stats response calculates some basic stats for a dashboard or public display.
+*/
+export class ResponseStats {
+    /**
+     * The amount of runners registered in the system.
+     */
+    @IsInt()
+    total_runners: number;
+
+    /**
+     * The amount of teams registered in the system.
+     */
+    @IsInt()
+    total_teams: number;
+
+    /**
+     * The amount of organisations registered in the system.
+     */
+    @IsInt()
+    total_orgs: number;
+
+    /**
+     * The amount of users registered in the system.
+     */
+    @IsInt()
+    total_users: number;
+
+    /**
+     * The amount of valid scans registered in the system.
+     */
+    @IsInt()
+    total_scans: number;
+
+    /**
+     * The total distance that all runners ran combined.
+     */
+    @IsInt()
+    total_distance: number;
+
+    /**
+     * The total donation amount.
+     */
+    @IsInt()
+    total_donation: number;
+
+    /**
+     * The average distance ran per runner.
+     */
+    @IsInt()
+    average_distance: number;
+
+    /**
+     * Creates a new stats response containing some basic statistics for a dashboard or public display.
+     * @param runners Array containing all runners - the following relations have to be resolved: scans, scans.track
+     * @param teams Array containing all teams - no relations have to be resolved.
+     * @param orgs Array containing all orgs - no relations have to be resolved.
+     * @param users Array containing all users - no relations have to be resolved.
+     * @param scans Array containing all scans - no relations have to be resolved.
+     * @param donations Array containing all donations - the following relations have to be resolved: runner, runner.scans, runner.scans.track
+     */
+    public constructor(runners: Runner[], teams: RunnerTeam[], orgs: RunnerOrganisation[], users: User[], scans: Scan[], donations: Donation[]) {
+        this.total_runners = runners.length;
+        this.total_teams = teams.length;
+        this.total_orgs = orgs.length;
+        this.total_users = users.length;
+        this.total_scans = scans.filter(scan => { scan.valid === true }).length;
+        this.total_distance = runners.reduce((sum, current) => sum + current.distance, 0);
+        this.total_donation = donations.reduce((sum, current) => sum + current.amount, 0);
+        this.average_distance = this.total_distance / this.total_runners;
+    }
+}

src/models/responses/ResponseStatsClient.ts

@@ -0,0 +1,54 @@
+import {
+
+    IsInt,
+
+    IsNotEmpty,
+
+    IsOptional,
+    IsString
+} from "class-validator";
+import { StatsClient } from '../entities/StatsClient';
+
+/**
+ * Defines the statsClient response.
+*/
+export class ResponseStatsClient {
+    /**
+     * The client's id.
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The client's description.
+     */
+    @IsString()
+    @IsOptional()
+    description?: string;
+
+    /**
+     * The client's api key.
+     * Only visible on creation or regeneration.
+     */
+    @IsString()
+    @IsOptional()
+    key: string;
+
+    /**
+     * The client's api key prefix.
+     */
+    @IsString()
+    @IsNotEmpty()
+    prefix: string;
+
+    /**
+     * Creates a ResponseStatsClient object from a statsClient.
+     * @param client The statsClient the response shall be build for.
+     */
+    public constructor(client: StatsClient) {
+        this.id = client.id;
+        this.description = client.description;
+        this.prefix = client.prefix;
+        this.key = "Only visible on creation.";
+    }
+}

src/models/responses/ResponseStatsOrganisation.ts

@@ -0,0 +1,47 @@
+import {
+    IsInt,
+
+    IsString
+} from "class-validator";
+import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+
+/**
+ * Defines the org stats response.
+ * This differs from the normal org responce.
+*/
+export class ResponseStatsOrgnisation {
+    /**
+     * The orgs's id.
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The orgs's name.
+     */
+    @IsString()
+    name: string;
+
+    /**
+     * The orgs's runner's currently ran distance in meters.
+     */
+    @IsInt()
+    distance: number;
+
+    /**
+     * The orgs's currently collected donations.
+     */
+    @IsInt()
+    donationAmount: number;
+
+    /**
+     * Creates a new organisation stats response from a organisation
+     * @param org The organisation whoes response shall be generated - the following relations have to be resolved: runners, runners.scans, runners.distanceDonations, runners.scans.track, teams, teams.runners, teams.runners.scans, teams.runners.distanceDonations, teams.runners.scans.track
+     */
+    public constructor(org: RunnerOrganisation) {
+        this.name = org.name;
+        this.id = org.id;
+        this.distance = org.distance;
+        this.donationAmount = org.distanceDonationAmount;
+    }
+}

src/models/responses/ResponseStatsRunner.ts

@@ -0,0 +1,69 @@
+import {
+    IsInt,
+    IsObject,
+    IsString
+} from "class-validator";
+import { Runner } from '../entities/Runner';
+import { RunnerGroup } from '../entities/RunnerGroup';
+
+/**
+ * Defines the runner stats response.
+ * This differs from the normal runner responce.
+*/
+export class ResponseStatsRunner {
+    /**
+     * The runner's id.
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The runner's first name.
+     */
+    @IsString()
+    firstname: string;
+
+    /**
+     * The runner's middle name.
+     */
+    @IsString()
+    middlename?: string;
+
+    /**
+     * The runner's last name.
+     */
+    @IsString()
+    lastname: string;
+
+    /**
+     * The runner's currently ran distance in meters.
+     */
+    @IsInt()
+    distance: number;
+
+    /**
+     * The runner's currently collected donations.
+     */
+    @IsInt()
+    donationAmount: number;
+
+    /**
+     * The runner's group.
+     */
+    @IsObject()
+    group: RunnerGroup;
+
+    /**
+     * Creates a new runner stats response from a runner
+     * @param runner The runner whoes response shall be generated - the following relations have to be resolved: scans, group, distanceDonations, scans.track
+     */
+    public constructor(runner: Runner) {
+        this.id = runner.id;
+        this.firstname = runner.firstname;
+        this.middlename = runner.middlename;
+        this.lastname = runner.lastname;
+        this.distance = runner.distance;
+        this.donationAmount = runner.distanceDonationAmount;
+        this.group = runner.group;
+    }
+}

src/models/responses/ResponseStatsTeam.ts

@@ -0,0 +1,55 @@
+import {
+    IsInt,
+    IsObject,
+    IsString
+} from "class-validator";
+import { RunnerGroup } from '../entities/RunnerGroup';
+import { RunnerTeam } from '../entities/RunnerTeam';
+
+/**
+ * Defines the team stats response.
+ * This differs from the normal team responce.
+*/
+export class ResponseStatsTeam {
+    /**
+     * The team's id.
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The team's name.
+     */
+    @IsString()
+    name: string;
+
+    /**
+     * The teams's currently ran distance in meters.
+     */
+    @IsInt()
+    distance: number;
+
+    /**
+     * The teams's currently collected donations.
+     */
+    @IsInt()
+    donationAmount: number;
+
+    /**
+     * The teams's parent group.
+     */
+    @IsObject()
+    parent: RunnerGroup;
+
+    /**
+     * Creates a new team stats response from a team
+     * @param team The team whoes response shall be generated - the following relations have to be resolved: runners, runners.scans, runners.distanceDonations, runners.scans.track
+     */
+    public constructor(team: RunnerTeam) {
+        this.name = team.name;
+        this.id = team.id;
+        this.parent = team.parentGroup;
+        this.distance = team.distance;
+        this.donationAmount = team.distanceDonationAmount;
+    }
+}

src/models/responses/ResponseTrack.ts

@@ -1,4 +1,5 @@
-import { IsInt, IsString } from "class-validator";
+import { IsInt, IsOptional, IsString } from "class-validator";
+import { TrackLapTimeCantBeNegativeError } from '../../errors/TrackErrors';
 import { Track } from '../entities/Track';
 
 /**
@@ -23,6 +24,14 @@ export class ResponseTrack {
     @IsInt()
     distance: number;
 
+    /**
+     * The minimum time a runner should take to run a lap on this track (in seconds).
+     * Will be used for fraud detection.
+     */
+    @IsInt()
+    @IsOptional()
+    minimumLapTime?: number;
+
     /**
      * Creates a ResponseTrack object from a track.
      * @param track The track the response shall be build for.
@@ -31,5 +40,9 @@ export class ResponseTrack {
         this.id = track.id;
         this.name = track.name;
         this.distance = track.distance;
+        this.minimumLapTime = track.minimumLapTime;
+        if (this.minimumLapTime < 0) {
+            throw new TrackLapTimeCantBeNegativeError();
+        }
     }
 }

src/static/docs/index.html

@@ -0,0 +1,156 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>API Docs</title>
+    <style>
+        :root {
+            --bg-color: #fff;
+            --bg-secondary-color: #f3f3f6;
+            --color-primary: #14854f;
+            --color-lightGrey: #d2d6dd;
+            --color-grey: #747681;
+            --color-darkGrey: #3f4144;
+            --color-error: #d43939;
+            --color-success: #28bd14;
+            --grid-maxWidth: 120rem;
+            --grid-gutter: 2rem;
+            --font-size: 1.6rem;
+            --font-color: #333;
+            --font-family-sans: -apple-system, BlinkMacSystemFont, Avenir, "Avenir Next", "Segoe UI", "Roboto", "Oxygen", "Ubuntu", "Cantarell", "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;
+            --font-family-mono: monaco, "Consolas", "Lucida Console", monospace
+        }
+
+        html {
+            -webkit-box-sizing: border-box;
+            box-sizing: border-box;
+            font-size: 62.5%;
+            line-height: 1.15;
+            -ms-text-size-adjust: 100%;
+            -webkit-text-size-adjust: 100%
+        }
+
+        *,
+        :after,
+        :before {
+            -webkit-box-sizing: inherit;
+            box-sizing: inherit
+        }
+
+        body {
+            background-color: var(--bg-color);
+            line-height: 1.6;
+            font-size: var(--font-size);
+            color: var(--font-color);
+            font-family: Segoe UI, Helvetica Neue, sans-serif;
+            font-family: var(--font-family-sans);
+            margin: 0;
+            padding: 0
+        }
+
+        h3 {
+            font-weight: 500;
+            margin: .35em 0 .7em
+        }
+
+        h3 {
+            font-size: 1.5em
+        }
+
+        a {
+            color: var(--color-primary);
+            text-decoration: none
+        }
+
+        a:hover:not(.button) {
+            opacity: .75
+        }
+
+        input:not([type=checkbox]):not([type=radio]):not([type=submit]):not([type=color]):not([type=button]):not([type=reset]):not(:disabled):hover {
+            border-color: var(--color-grey)
+        }
+
+        ::-webkit-input-placeholder {
+            color: #bdbfc4
+        }
+
+        ::-moz-placeholder {
+            color: #bdbfc4
+        }
+
+        :-ms-input-placeholder {
+            color: #bdbfc4
+        }
+
+        ::-ms-input-placeholder {
+            color: #bdbfc4
+        }
+
+        .tabs {
+            display: -webkit-box;
+            display: -ms-flexbox;
+            display: flex
+        }
+
+        .tabs a {
+            text-decoration: none
+        }
+
+        .tabs>a {
+            padding: 1rem 2rem;
+            -webkit-box-flex: 0;
+            -ms-flex: 0 1 auto;
+            flex: 0 1 auto;
+            color: var(--color-darkGrey);
+            border-bottom: 2px solid var(--color-lightGrey);
+            text-align: center
+        }
+
+        .tabs>a:hover {
+            opacity: 1;
+            border-bottom: 2px solid var(--color-darkGrey)
+        }
+
+        .is-vertical-align {
+            display: -webkit-box;
+            display: -ms-flexbox;
+            display: flex;
+            -webkit-box-align: center;
+            -ms-flex-align: center;
+            align-items: center
+        }
+
+        .is-center {
+            display: -webkit-box;
+            display: -ms-flexbox;
+            display: flex;
+            -webkit-box-pack: center;
+            -ms-flex-pack: center;
+            justify-content: center
+        }
+
+        .is-center {
+            -webkit-box-align: center;
+            -ms-flex-align: center;
+            align-items: center
+        }
+    </style>
+</head>
+
+<body>
+    <div class="hero">
+        <div class="logo is-center is-vertical-align">
+            <h3>API Docs</h3>
+        </div>
+        <nav class="tabs is-center">
+            <a href="./redoc">ReDoc</a>
+            <a href="./swaggerui">SwaggerUI</a>
+            <a href="./rapidoc">RapiDoc</a>
+            <a href="./openapi.json">Raw Spec (json)</a>
+        </nav>
+    </div>
+</body>
+
+</html>

src/static/docs/rapidoc.html

@@ -0,0 +1,12 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <script type="module" src="./rapidoc-min.js"></script>
+</head>
+<body>
+  <rapi-doc 
+    spec-url="/api/docs/openapi.json" 
+  > </rapi-doc>
+</body> 
+</html>

src/static/docs/redoc.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>ReDoc</title>
+    <meta charset="utf-8"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <style>
+      body {
+        margin: 0;
+        padding: 0;
+      }
+    </style>
+  </head>
+  <body>
+    <redoc spec-url='/api/docs/openapi.json'></redoc>
+    <script src="./redoc.standalone.js"> </script>
+  </body>
+</html>

src/static/docs/swaggerui.html

@@ -0,0 +1,58 @@
+<!-- HTML for static distribution bundle build -->
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <title>Swagger UI</title>
+    <link rel="stylesheet" type="text/css" href="./swagger-ui.css" >
+    <style>
+      html
+      {
+        box-sizing: border-box;
+        overflow: -moz-scrollbars-vertical;
+        overflow-y: scroll;
+      }
+
+      *,
+      *:before,
+      *:after
+      {
+        box-sizing: inherit;
+      }
+
+      body
+      {
+        margin:0;
+        background: #fafafa;
+      }
+    </style>
+  </head>
+
+  <body>
+    <div id="swagger-ui"></div>
+
+    <script src="./swagger-ui-bundle.js" charset="UTF-8"> </script>
+    <script src="./swagger-ui-standalone-preset.js" charset="UTF-8"> </script>
+    <script>
+    window.onload = function() {
+      // Begin Swagger UI call region
+      const ui = SwaggerUIBundle({
+        url: "/api/docs/openapi.json",
+        dom_id: '#swagger-ui',
+        deepLinking: true,
+        presets: [
+          SwaggerUIBundle.presets.apis,
+          SwaggerUIStandalonePreset
+        ],
+        plugins: [
+          SwaggerUIBundle.plugins.DownloadUrl
+        ],
+        layout: "StandaloneLayout"
+      })
+      // End Swagger UI call region
+
+      window.ui = ui
+    }
+  </script>
+  </body>
+</html>

src/tests/api_docs.spec.ts

@@ -0,0 +1,34 @@
+import axios from 'axios';
+import { config } from '../config';
+const base = "http://localhost:" + config.internal_port
+
+describe('GET /api/docs/openapi.json', () => {
+	it('OpenAPI Spec is availdable 200', async () => {
+		const res = await axios.get(base + '/api/docs/openapi.json');
+		expect(res.status).toEqual(200);
+	});
+});
+describe('GET /api/docs/swagger.json', () => {
+	it('OpenAPI Spec is availdable 200', async () => {
+		const res = await axios.get(base + '/api/docs/swagger.json');
+		expect(res.status).toEqual(200);
+	});
+});
+describe('GET /api/docs/swaggerui', () => {
+	it('swaggerui is availdable 200', async () => {
+		const res = await axios.get(base + '/api/docs/swaggerui');
+		expect(res.status).toEqual(200);
+	});
+});
+describe('GET /api/docs/redoc', () => {
+	it('redoc is availdable 200', async () => {
+		const res = await axios.get(base + '/api/docs/redoc');
+		expect(res.status).toEqual(200);
+	});
+});
+describe('GET /api/docs/rapidoc', () => {
+	it('rapidoc is availdable 200', async () => {
+		const res = await axios.get(base + '/api/docs/rapidoc');
+		expect(res.status).toEqual(200);
+	});
+});

src/tests/auth/auth_login.spec.ts

@@ -0,0 +1,56 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let axios_config;
+
+beforeAll(async () => {
+    axios_config = {
+        validateStatus: undefined
+    };
+});
+
+describe('POST /api/auth/login valid', () => {
+    it('valid login should return 200', async () => {
+        const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" }, axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json")
+    });
+});
+// ---------------
+describe('POST /api/auth/login invalid body', () => {
+    it('Loging without a body should return 400', async () => {
+        const res = await axios.post(base + '/api/auth/login', null, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('Loging without a password should return 400', async () => {
+        const res = await axios.post(base + '/api/auth/login', { username: "demo" }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('Loging with invalid mail format should return 400', async () => {
+        const res = await axios.post(base + '/api/auth/login', { email: "demo", password: "demo" }, axios_config);
+        expect(res.status).toEqual(400);
+    });
+    it('Loging without a username/mail should return 404', async () => {
+        const res = await axios.post(base + '/api/auth/login', { password: "demo" }, axios_config);
+        expect(res.status).toEqual(404);
+    });
+});
+// ---------------
+describe('POST /api/auth/login nonexistant user', () => {
+    it('login with nonexistant username should return 404', async () => {
+        const res = await axios.post(base + '/api/auth/login', { username: "-1", password: "demo" }, axios_config);
+        expect(res.status).toEqual(404);
+    });
+    it('login with nonexistant mail should return 404', async () => {
+        const res = await axios.post(base + '/api/auth/login', { email: "test@example.com", password: "demo" }, axios_config);
+        expect(res.status).toEqual(404);
+    });
+});
+// ---------------
+describe('POST /api/auth/login wrong password', () => {
+    it('login with wrong password should return 401', async () => {
+        const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "totallynotthecorrectpassword" }, axios_config);
+        expect(res.status).toEqual(401);
+    });
+});

src/tests/auth/auth_logout.spec.ts

@@ -0,0 +1,58 @@
+import axios from 'axios';
+import { config } from '../../config';
+
+const base = "http://localhost:" + config.internal_port
+
+const axios_config = {
+    validateStatus: undefined
+};;
+
+beforeAll(async () => {
+    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    await axios.post(base + '/api/users', {
+        "firstname": "demo_logout",
+        "middlename": "demo_logout",
+        "lastname": "demo_logout",
+        "username": "demo_logout",
+        "password": "demo_logout"
+    }, {
+        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
+        validateStatus: undefined
+    });
+});
+
+describe('POST /api/auth/logout valid', () => {
+    let refresh_coookie;
+    it('valid logout with token in cookie should return 200', async () => {
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+        refresh_coookie = res_login.headers["set-cookie"];
+        const res = await axios.post(base + '/api/auth/logout', null, {
+            headers: { "Cookie": refresh_coookie },
+            validateStatus: undefined
+        });
+        expect(res.status).toEqual(200);
+    });
+    it('valid logout with token in body should return 200', async () => {
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_logout", password: "demo_logout" });
+        const res = await axios.post(base + '/api/auth/logout', { token: res_login.data["refresh_token"] }, axios_config);
+        expect(res.status).toEqual(200);
+    });
+    it('getting users after valid logout should return 401', async () => {
+        const res = await axios.get(base + '/api/users', {
+            headers: { "Cookie": refresh_coookie },
+            validateStatus: undefined
+        });
+        expect(res.status).toEqual(401);
+    });
+});
+// ---------------
+describe('POST /api/auth/logout ivalid', () => {
+    it('invalid logout without token should return 406', async () => {
+        const res = await axios.post(base + '/api/auth/logout', null, axios_config);
+        expect(res.status).toEqual(406);
+    });
+    it('invalid logout with invalid token in body should return 401', async () => {
+        const res = await axios.post(base + '/api/auth/logout', { token: "1" }, axios_config);
+        expect(res.status).toEqual(401);
+    });
+});

src/tests/auth/auth_refresh.spec.ts

@@ -0,0 +1,49 @@
+import axios from 'axios';
+import { config } from '../../config';
+
+const base = "http://localhost:" + config.internal_port
+
+const axios_config = {
+    validateStatus: undefined
+};;
+
+beforeAll(async () => {
+    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    await axios.post(base + '/api/users', {
+        "firstname": "demo_refresh",
+        "middlename": "demo_refresh",
+        "lastname": "demo_refresh",
+        "username": "demo_refresh",
+        "password": "demo_refresh"
+    }, {
+        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
+        validateStatus: undefined
+    });
+});
+
+describe('POST /api/auth/refresh valid', () => {
+    it('valid refresh with token in cookie should return 200', async () => {
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+        const res = await axios.post(base + '/api/auth/refresh', null, {
+            headers: { "Cookie": res_login.headers["set-cookie"] },
+            validateStatus: undefined
+        });
+        expect(res.status).toEqual(200);
+    });
+    it('valid refresh with token in body should return 200', async () => {
+        const res_login = await axios.post(base + '/api/auth/login', { username: "demo_refresh", password: "demo_refresh" });
+        const res = await axios.post(base + '/api/auth/refresh', { token: res_login.data["refresh_token"] }, axios_config);
+        expect(res.status).toEqual(200);
+    });
+});
+// ---------------
+describe('POST /api/auth/refresh ivalid', () => {
+    it('invalid refresh without token should return 406', async () => {
+        const res = await axios.post(base + '/api/auth/refresh', null, axios_config);
+        expect(res.status).toEqual(406);
+    });
+    it('invalid refresh with invalid token in body should return 401', async () => {
+        const res = await axios.post(base + '/api/auth/refresh', { token: "1" }, axios_config);
+        expect(res.status).toEqual(401);
+    });
+});

src/tests/auth/auth_reset.spec.ts

@@ -0,0 +1,75 @@
+import axios from 'axios';
+import { config } from '../../config';
+
+const base = "http://localhost:" + config.internal_port
+
+const axios_config = {
+    validateStatus: undefined
+};;
+
+beforeAll(async () => {
+    const res_login = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    await axios.post(base + '/api/users', {
+        "firstname": "demo_reset",
+        "middlename": "demo_reset",
+        "lastname": "demo_reset",
+        "username": "demo_reset",
+        "password": "demo_reset"
+    }, {
+        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
+        validateStatus: undefined
+    });
+    await axios.post(base + '/api/users', {
+        "firstname": "demo_reset2",
+        "middlename": "demo_reset2",
+        "lastname": "demo_reset2",
+        "username": "demo_reset2",
+        "password": "demo_reset2"
+    }, {
+        headers: { "authorization": "Bearer " + res_login.data["access_token"] },
+        validateStatus: undefined
+    });
+});
+
+describe('POST /api/auth/reset valid', () => {
+    let reset_token;
+    it('valid reset token request should return 200', async () => {
+        const res1 = await axios.post(base + '/api/auth/reset', { username: "demo_reset" });
+        reset_token = res1.data.resetToken;
+        expect(res1.status).toEqual(200);
+    });
+    it('valid password reset should return 200', async () => {
+        const res2 = await axios.post(base + '/api/auth/reset/' + reset_token, { password: "demo" }, axios_config);
+        expect(res2.status).toEqual(200);
+    });
+    it('valid login after reset should return 200', async () => {
+        const res = await axios.post(base + '/api/auth/login', { username: "demo_reset", password: "demo" });
+        expect(res.status).toEqual(200);
+    });
+});
+// ---------------
+describe('POST /api/auth/reset invalid requests', () => {
+    it('request another password reset before the timeout should return 406', async () => {
+        const res1 = await axios.post(base + '/api/auth/reset', { username: "demo_reset2" }, axios_config);
+        const res2 = await axios.post(base + '/api/auth/reset', { username: "demo_reset2" }, axios_config);
+        expect(res2.status).toEqual(406);
+    });
+});
+// ---------------
+describe('POST /api/auth/reset invalid token', () => {
+    it('providing a invalid reset token should return 401', async () => {
+        const res2 = await axios.post(base + '/api/auth/reset/' + "123123", { password: "demo" }, axios_config);
+        expect(res2.status).toEqual(401);
+    });
+    it('providing no reset token should return 404', async () => {
+        const res2 = await axios.post(base + '/api/auth/reset/' + "", { password: "demo" }, axios_config);
+        expect(res2.status).toEqual(404);
+    });
+});
+// ---------------
+describe('POST /api/auth/reset invalid body', () => {
+    it('providing no password should return 400', async () => {
+        const res2 = await axios.post(base + '/api/auth/reset/' + "123123", null, axios_config);
+        expect(res2.status).toEqual(400);
+    });
+});

src/tests/donors/donor_add.spec.ts

@@ -0,0 +1,94 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined
+    };
+});
+
+// ---------------
+describe('POST /api/donors with errors', () => {
+    it('creating a new donor without any parameters should return 400', async () => {
+        const res1 = await axios.post(base + '/api/donors', null, axios_config);
+        expect(res1.status).toEqual(400);
+        expect(res1.headers['content-type']).toContain("application/json")
+    });
+    it('creating a new donor without a last name should return 400', async () => {
+        const res2 = await axios.post(base + '/api/donors', {
+            "firstname": "first",
+            "middlename": "middle"
+        }, axios_config);
+        expect(res2.status).toEqual(400);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('creating a new donor with a invalid address should return 404', async () => {
+        const res2 = await axios.post(base + '/api/donors', {
+            "firstname": "first",
+            "middlename": "middle",
+            "lastname": "last",
+            "address": 0
+        }, axios_config);
+        expect(res2.status).toEqual(404);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('creating a new donor with a invalid phone number should return 400', async () => {
+        const res2 = await axios.post(base + '/api/donors', {
+            "firstname": "first",
+            "middlename": "middle",
+            "lastname": "last",
+            "phone": "123"
+        }, axios_config);
+        expect(res2.status).toEqual(400);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('creating a new donor with a invalid mail address should return 400', async () => {
+        const res2 = await axios.post(base + '/api/donors', {
+            "firstname": "string",
+            "middlename": "string",
+            "lastname": "string",
+            "phone": null,
+            "email": "123",
+        }, axios_config);
+        expect(res2.status).toEqual(400);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('creating a new donor without an address but with receiptNeeded=true 406', async () => {
+        const res2 = await axios.post(base + '/api/donors', {
+            "firstname": "string",
+            "middlename": "string",
+            "lastname": "string",
+            "receiptNeeded": true
+        }, axios_config);
+        expect(res2.status).toEqual(406);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+});
+// ---------------
+describe('POST /api/donors working', () => {
+    it('creating a new donor with only needed params should return 200', async () => {
+        const res2 = await axios.post(base + '/api/donors', {
+            "firstname": "first",
+            "lastname": "last"
+        }, axios_config);
+        expect(res2.status).toEqual(200);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('creating a new donor with all non-relationship optional params should return 200', async () => {
+        const res3 = await axios.post(base + '/api/donors', {
+            "firstname": "first",
+            "middlename": "middle",
+            "lastname": "last",
+            "receiptNeeded": false
+        }, axios_config);
+        expect(res3.status).toEqual(200);
+        expect(res3.headers['content-type']).toContain("application/json")
+    });
+});

src/tests/donors/donor_delete.spec.ts

@@ -0,0 +1,47 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined
+    };
+});
+
+describe('adding + deletion (non-existant)', () => {
+    it('delete', async () => {
+        const res2 = await axios.delete(base + '/api/donors/0', axios_config);
+        expect(res2.status).toEqual(204);
+    });
+});
+// ---------------
+describe('add+delete', () => {
+    let added_donor;
+    it('creating a new donor with only needed params should return 200', async () => {
+        const res2 = await axios.post(base + '/api/donors', {
+            "firstname": "first",
+            "lastname": "last"
+        }, axios_config);
+        added_donor = res2.data;
+        expect(res2.status).toEqual(200);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('delete donor', async () => {
+        const res3 = await axios.delete(base + '/api/donors/' + added_donor.id, axios_config);
+        expect(res3.status).toEqual(200);
+        expect(res3.headers['content-type']).toContain("application/json")
+        let deleted_runner = res3.data
+        expect(deleted_runner).toEqual(added_donor);
+    });
+    it('check if donor really was deleted', async () => {
+        const res4 = await axios.get(base + '/api/donors/' + added_donor.id, axios_config);
+        expect(res4.status).toEqual(404);
+        expect(res4.headers['content-type']).toContain("application/json")
+    });
+});

src/tests/donors/donor_get.spec.ts

@@ -0,0 +1,57 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined
+    };
+});
+
+describe('GET /api/donors', () => {
+    it('basic get should return 200', async () => {
+        const res = await axios.get(base + '/api/donors', axios_config);
+        expect(res.status).toEqual(200);
+        expect(res.headers['content-type']).toContain("application/json")
+    });
+});
+// ---------------
+describe('GET /api/donors/0', () => {
+    it('basic get should return 404', async () => {
+        const res = await axios.get(base + '/api/donors/0', axios_config);
+        expect(res.status).toEqual(404);
+        expect(res.headers['content-type']).toContain("application/json")
+    });
+});
+// ---------------
+describe('GET /api/donors after adding', () => {
+    let added_donor;
+    it('creating a new donor with only needed params should return 200', async () => {
+        const res2 = await axios.post(base + '/api/donors', {
+            "firstname": "first",
+            "lastname": "last"
+        }, axios_config);
+        added_donor = res2.data;
+        expect(res2.status).toEqual(200);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('explicit get should return 200', async () => {
+        const res3 = await axios.get(base + '/api/donors/' + added_donor.id, axios_config);
+        expect(res3.status).toEqual(200);
+        expect(res3.headers['content-type']).toContain("application/json")
+        let gotten_donor = res3.data
+        expect(gotten_donor).toEqual(added_donor);
+    });
+    it('get from all runners should return 200', async () => {
+        const res4 = await axios.get(base + '/api/donors/', axios_config);
+        expect(res4.status).toEqual(200);
+        expect(res4.headers['content-type']).toContain("application/json")
+        let gotten_donors = res4.data
+        expect(gotten_donors).toContainEqual(added_donor);
+    });
+});

src/tests/donors/donor_update.spec.ts

@@ -0,0 +1,75 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+    const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+    access_token = res.data["access_token"];
+    axios_config = {
+        headers: { "authorization": "Bearer " + access_token },
+        validateStatus: undefined
+    };
+});
+
+describe('Update donor name after adding', () => {
+    let added_donor;
+    it('creating a new runner with only needed params should return 200', async () => {
+        const res2 = await axios.post(base + '/api/donors', {
+            "firstname": "first",
+            "lastname": "last"
+        }, axios_config);
+        added_donor = res2.data;
+        expect(res2.status).toEqual(200);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('valid update should return 200', async () => {
+        let donor_copy = added_donor
+        donor_copy.firstname = "second"
+        const res3 = await axios.put(base + '/api/donors/' + added_donor.id, donor_copy, axios_config);
+        expect(res3.status).toEqual(200);
+        expect(res3.headers['content-type']).toContain("application/json")
+        let updated_donor = res3.data
+        expect(updated_donor).toEqual(donor_copy);
+    });
+});
+// ---------------
+describe('Update donor id after adding(should fail)', () => {
+    let added_donor;
+    it('creating a new donor with only needed params should return 200', async () => {
+        const res2 = await axios.post(base + '/api/donors', {
+            "firstname": "first",
+            "lastname": "last"
+        }, axios_config);
+        added_donor = res2.data;
+        expect(res2.status).toEqual(200);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('invalid update should return 406', async () => {
+        added_donor.id++;
+        const res3 = await axios.put(base + '/api/donors/' + (added_donor.id - 1), added_donor, axios_config);
+        expect(res3.status).toEqual(406);
+        expect(res3.headers['content-type']).toContain("application/json")
+    });
+});
+// ---------------
+describe('Update donor without address but receiptNeeded=true should fail', () => {
+    let added_donor;
+    it('creating a new donor with only needed params should return 200', async () => {
+        const res2 = await axios.post(base + '/api/donors', {
+            "firstname": "first",
+            "lastname": "last",
+        }, axios_config);
+        added_donor = res2.data;
+        expect(res2.status).toEqual(200);
+        expect(res2.headers['content-type']).toContain("application/json")
+    });
+    it('invalid update should return 406', async () => {
+        added_donor.receiptNeeded = true;
+        const res3 = await axios.put(base + '/api/donors/' + added_donor.id, added_donor, axios_config);
+        expect(res3.status).toEqual(406);
+        expect(res3.headers['content-type']).toContain("application/json")
+    });
+});

src/tests/firsttest.spec.ts

@@ -1,35 +0,0 @@
-import axios from 'axios';
-import { config } from '../config';
-const base = "http://localhost:" + config.internal_port
-
-let access_token;
-let axios_config;
-
-beforeAll(async () => {
-	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
-	access_token = res.data["access_token"];
-	axios_config = {
-		headers: { "authorization": "Bearer " + access_token },
-		validateStatus: undefined
-	};
-});
-
-describe('GET /api/openapi.json', () => {
-	it('is http 200', async () => {
-		const res = await axios.get(base + '/api/openapi.json');
-		expect(res.status).toEqual(200);
-	});
-});
-describe('GET /', () => {
-	it('is http 404', async () => {
-		const res = await axios.get(base + '/', axios_config);
-		expect(res.status).toEqual(404);
-	});
-});
-describe('GET /api/teams', () => {
-	it('is http 200 && is json', async () => {
-		const res = await axios.get(base + '/api/teams', axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json")
-	});
-});

src/tests/tracks.spec.ts

@@ -1,116 +0,0 @@
-import axios from 'axios';
-import { config } from '../config';
-const base = "http://localhost:" + config.internal_port
-
-let access_token;
-let axios_config;
-
-beforeAll(async () => {
-	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
-	access_token = res.data["access_token"];
-	axios_config = {
-		headers: { "authorization": "Bearer " + access_token },
-		validateStatus: undefined
-	};
-});
-
-describe('GET /api/tracks', () => {
-	it('basic get should return 200', async () => {
-		const res = await axios.get(base + '/api/tracks', axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json")
-	});
-	it('correct distance input should return 200', async () => {
-		const res = await axios.post(base + '/api/tracks', {
-			"name": "string",
-			"distance": 400
-		}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json")
-	});
-});
-// ---------------
-describe('POST /api/tracks', () => {
-	it('illegal distance input should return 400', async () => {
-		const res = await axios.post(base + '/api/tracks', {
-			"name": "string",
-			"distance": -1
-		}, axios_config);
-		expect(res.status).toEqual(400);
-		expect(res.headers['content-type']).toContain("application/json")
-	});
-	it('correct distance input should return 200', async () => {
-		const res = await axios.post(base + '/api/tracks', {
-			"name": "string",
-			"distance": 400
-		}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json")
-	});
-});
-// ---------------
-describe('adding + getting tracks', () => {
-	it('correct distance input should return 200', async () => {
-		const res = await axios.post(base + '/api/tracks', {
-			"name": "string",
-			"distance": 1000
-		}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json")
-	});
-	it('check if track was added', async () => {
-		const res = await axios.get(base + '/api/tracks', axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json")
-		let added_track = res.data[res.data.length - 1]
-		delete added_track.id
-		expect(added_track).toEqual({
-			"name": "string",
-			"distance": 1000
-		})
-	});
-});
-// ---------------
-describe('adding + getting + updating', () => {
-	let added_track_id
-	it('correct distance input should return 200', async () => {
-		const res = await axios.post(base + '/api/tracks', {
-			"name": "string",
-			"distance": 1500
-		}, axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json")
-	});
-	it('get should return 200', async () => {
-		const res1 = await axios.get(base + '/api/tracks', axios_config);
-		expect(res1.status).toEqual(200);
-		expect(res1.headers['content-type']).toContain("application/json")
-		let added_track = res1.data[res1.data.length - 1]
-		added_track_id = added_track.id
-		delete added_track.id
-		expect(added_track).toEqual({
-			"name": "string",
-			"distance": 1500
-		})
-	})
-	it('get should return 200', async () => {
-		const res2 = await axios.put(base + '/api/tracks/' + added_track_id, {
-			"id": added_track_id,
-			"name": "apitrack",
-			"distance": 5100
-		}, axios_config);
-		expect(res2.status).toEqual(200);
-		expect(res2.headers['content-type']).toContain("application/json")
-	})
-	it('get should return 200', async () => {
-		const res3 = await axios.get(base + '/api/tracks', axios_config);
-		expect(res3.status).toEqual(200);
-		expect(res3.headers['content-type']).toContain("application/json")
-		let added_track2 = res3.data[res3.data.length - 1]
-		delete added_track2.id
-		expect(added_track2).toEqual({
-			"name": "apitrack",
-			"distance": 5100
-		})
-	});
-});

src/tests/tracks/track_add.spec.ts

@@ -0,0 +1,90 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+	access_token = res.data["access_token"];
+	axios_config = {
+		headers: { "authorization": "Bearer " + access_token },
+		validateStatus: undefined
+	};
+});
+
+
+describe('POST /api/tracks illegally', () => {
+	it('no distance input should return 400', async () => {
+		const res = await axios.post(base + '/api/tracks', {
+			"name": "string",
+		}, axios_config);
+		expect(res.status).toEqual(400);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+	it('illegal distance input should return 400', async () => {
+		const res = await axios.post(base + '/api/tracks', {
+			"name": "string",
+			"distance": -1
+		}, axios_config);
+		expect(res.status).toEqual(400);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+	it('negative minimum lap time input should return 406', async () => {
+		const res = await axios.post(base + '/api/tracks', {
+			"name": "string",
+			"distance": 200,
+			"minimumLapTime": -1
+		}, axios_config);
+		expect(res.status).toEqual(406);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+});
+// ---------------
+describe('POST /api/tracks successfully', () => {
+	it('creating a track with the minimum amount of parameters should return 200', async () => {
+		const res = await axios.post(base + '/api/tracks', {
+			"name": "testtrack",
+			"distance": 200,
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		expect(res.data).toEqual({
+			"name": "testtrack",
+			"distance": 200,
+			"minimumLapTime": null
+		})
+	});
+	it('creating a track with all parameters (optional set to null) should return 200', async () => {
+		const res = await axios.post(base + '/api/tracks', {
+			"name": "testtrack",
+			"distance": 200,
+			"minimumLapTime": null
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		expect(res.data).toEqual({
+			"name": "testtrack",
+			"distance": 200,
+			"minimumLapTime": null
+		})
+	});
+	it('creating a track with all parameters should return 200', async () => {
+		const res = await axios.post(base + '/api/tracks', {
+			"name": "testtrack",
+			"distance": 200,
+			"minimumLapTime": 123
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		expect(res.data).toEqual({
+			"name": "testtrack",
+			"distance": 200,
+			"minimumLapTime": 123
+		})
+	});
+});

src/tests/tracks/track_delete.spec.ts

@@ -0,0 +1,53 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+	access_token = res.data["access_token"];
+	axios_config = {
+		headers: { "authorization": "Bearer " + access_token },
+		validateStatus: undefined
+	};
+});
+
+// ---------------
+describe('DETELE track', () => {
+	let added_track
+	it('creating a track with the minimum amount of parameters should return 200', async () => {
+		const res = await axios.post(base + '/api/tracks', {
+			"name": "testtrack",
+			"distance": 200,
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		added_track = res.data
+	});
+	it('delete track', async () => {
+		const res2 = await axios.delete(base + '/api/tracks/' + added_track.id, axios_config);
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+		let deleted_track = res2.data
+		delete deleted_track.id;
+		expect(res2.data).toEqual({
+			"name": "testtrack",
+			"distance": 200,
+			"minimumLapTime": null
+		});
+	});
+	it('check if track really was deleted', async () => {
+		const res3 = await axios.get(base + '/api/tracks/' + added_track.id, axios_config);
+		expect(res3.status).toEqual(404);
+		expect(res3.headers['content-type']).toContain("application/json")
+	});
+});
+// ---------------
+describe('DELETE track (non-existant)', () => {
+	it('delete', async () => {
+		const res2 = await axios.delete(base + '/api/tracks/0', axios_config);
+		expect(res2.status).toEqual(204);
+	});
+});

src/tests/tracks/track_update.spec.ts

@@ -0,0 +1,98 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+	access_token = res.data["access_token"];
+	axios_config = {
+		headers: { "authorization": "Bearer " + access_token },
+		validateStatus: undefined
+	};
+});
+
+describe('adding + updating illegally', () => {
+	let added_track;
+	it('correct distance input should return 200', async () => {
+		const res = await axios.post(base + '/api/tracks', {
+			"name": "apitrack",
+			"distance": 1500
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		added_track = res.data;
+	});
+	it('update with negative distance should return 400', async () => {
+		const res2 = await axios.put(base + '/api/tracks/' + added_track.id, {
+			"id": added_track.id,
+			"name": "apitrack",
+			"distance": -1
+		}, axios_config);
+		expect(res2.status).toEqual(400);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('update with negative laptime should return 406', async () => {
+		const res2 = await axios.put(base + '/api/tracks/' + added_track.id, {
+			"id": added_track.id,
+			"name": "apitrack",
+			"distance": 2,
+			"minimumLapTime": -1
+		}, axios_config);
+		expect(res2.status).toEqual(406);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+});
+// ---------------
+describe('adding + updating successfilly', () => {
+	let added_track;
+	it('correct distance input should return 200', async () => {
+		const res = await axios.post(base + '/api/tracks', {
+			"name": "apitrack2",
+			"distance": 1500
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		added_track = res.data;
+	});
+	it('valid name change should return 200', async () => {
+		const res2 = await axios.put(base + '/api/tracks/' + added_track.id, {
+			"id": added_track.id,
+			"name": "apitrackk",
+			"distance": 1500
+		}, axios_config);
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('valid distance change should return 200', async () => {
+		const res2 = await axios.put(base + '/api/tracks/' + added_track.id, {
+			"id": added_track.id,
+			"name": "apitrack2",
+			"distance": 5100
+		}, axios_config);
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('valid laptime change (to a set number) should return 200', async () => {
+		const res2 = await axios.put(base + '/api/tracks/' + added_track.id, {
+			"id": added_track.id,
+			"name": "apitrack2",
+			"distance": 5100,
+			"minimumLapTime": 3
+		}, axios_config);
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('valid laptime change (to a set null) should return 200', async () => {
+		const res2 = await axios.put(base + '/api/tracks/' + added_track.id, {
+			"id": added_track.id,
+			"name": "apitrack2",
+			"distance": 5100,
+			"minimumLapTime": null
+		}, axios_config);
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+});

src/tests/tracks/tracks_get.spec.ts

@@ -0,0 +1,49 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+	access_token = res.data["access_token"];
+	axios_config = {
+		headers: { "authorization": "Bearer " + access_token },
+		validateStatus: undefined
+	};
+});
+
+describe('GET /api/tracks sucessfully', () => {
+	it('basic get should return 200', async () => {
+		const res = await axios.get(base + '/api/tracks', axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+});
+// ---------------
+describe('GET /api/tracks illegally', () => {
+	it('get for non-existant track should return 404', async () => {
+		const res = await axios.get(base + '/api/tracks/-1', axios_config);
+		expect(res.status).toEqual(404);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+});
+// ---------------
+describe('adding + getting tracks', () => {
+	let added_track;
+	it('correct distance input should return 200', async () => {
+		const res = await axios.post(base + '/api/tracks', {
+			"name": "string",
+			"distance": 1000
+		}, axios_config);
+		added_track = res.data;
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+	it('check if track was added (no parameter validation)', async () => {
+		const res = await axios.get(base + '/api/tracks/' + added_track.id, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+	});
+});