Merge pull request 'Alpha Release 0.0.9' (#82) from dev into main

Reviewed-on: #82
Reviewed-by: Philipp Dormann <philipp@philippdormann.de>

.drone.yml

@@ -11,7 +11,7 @@ steps:
       - git checkout $DRONE_SOURCE_BRANCH
       - mv .env.ci .env
   - name: run tests
-    image: node:alpine
+    image: node:14.15.1-alpine3.12
     commands:
       - yarn
       - yarn test:ci
@@ -39,7 +39,7 @@ steps:
       registry: registry.odit.services
   - name: run full license export
     depends_on: ["clone"]
-    image: node:alpine
+    image: node:14.15.1-alpine3.12
     commands:
       - yarn
       - yarn licenses:export

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@odit/lfk-backend",
-  "version": "0.0.7",
+  "version": "0.0.9",
   "main": "src/app.ts",
   "repository": "https://git.odit.services/lfk/backend",
   "author": {
@@ -40,7 +40,7 @@
     "reflect-metadata": "^0.1.13",
     "routing-controllers": "^0.9.0-alpha.6",
     "routing-controllers-openapi": "^2.1.0",
-    "sqlite3": "^5.0.0",
+    "sqlite3": "5.0.0",
     "typeorm": "^0.2.29",
     "typeorm-routing-controllers-extensions": "^0.2.0",
     "typeorm-seeding": "^1.6.1",

scripts/openapi_export.ts

@@ -15,7 +15,7 @@ createExpressServer({
     development: config.development,
     cors: true,
     routePrefix: "/api",
-    controllers: [`${__dirname}/controllers/*.${CONTROLLERS_FILE_EXTENSION}`],
+    controllers: [`${__dirname}/../src/controllers/*.${CONTROLLERS_FILE_EXTENSION}`],
 });
 
 const storage = getMetadataArgsStorage();
@@ -48,14 +48,19 @@ const spec = routingControllersToSpec(
                 "StatsApiToken": {
                     "type": "http",
                     "scheme": "bearer",
-                    description: "Api token that can be obtained by creating a new stats client (post to /api/statsclients)."
+                    description: "Api token that can be obtained by creating a new stats client (post to /api/statsclients). Only valid for obtaining stats."
+                },
+                "StationApiToken": {
+                    "type": "http",
+                    "scheme": "bearer",
+                    description: "Api token that can be obtained by creating a new scan station (post to /api/stations). Only valid for creating scans."
                 }
             }
         },
         info: {
             description: "The the backend API for the LfK! runner system.",
             title: "LfK! Backend API",
-            version: "0.0.5",
+            version: "0.0.8",
         },
     }
 );

src/controllers/ScanController.ts

@@ -1,8 +1,9 @@
-import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam, UseBefore } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { RunnerNotFoundError } from '../errors/RunnerErrors';
 import { ScanIdsNotMatchingError, ScanNotFoundError } from '../errors/ScanErrors';
+import ScanAuth from '../middlewares/ScanAuth';
 import { CreateScan } from '../models/actions/CreateScan';
 import { CreateTrackScan } from '../models/actions/CreateTrackScan';
 import { UpdateScan } from '../models/actions/UpdateScan';
@@ -27,10 +28,10 @@ export class ScanController {
 	@Authorized("SCAN:GET")
 	@ResponseSchema(ResponseScan, { isArray: true })
 	@ResponseSchema(ResponseTrackScan, { isArray: true })
-	@OpenAPI({ description: 'Lists all scans (normal or track) from all runners. <br> This includes the runner\'s group and distance ran.' })
+	@OpenAPI({ description: 'Lists all scans (normal or track) from all runners. <br> This includes the scan\'s runner\'s distance ran.' })
 	async getAll() {
 		let responseScans: ResponseScan[] = new Array<ResponseScan>();
-		const scans = await this.scanRepository.find({ relations: ['runner'] });
+		const scans = await this.scanRepository.find({ relations: ['runner', 'runner.scans', 'runner.scans.track'] });
 		scans.forEach(scan => {
 			responseScans.push(scan.toResponse());
 		});
@@ -43,17 +44,18 @@ export class ScanController {
 	@ResponseSchema(ResponseTrackScan)
 	@ResponseSchema(ScanNotFoundError, { statusCode: 404 })
 	@OnUndefined(ScanNotFoundError)
-	@OpenAPI({ description: 'Lists all information about the runner whose id got provided.' })
+	@OpenAPI({ description: 'Lists all information about the scan whose id got provided. This includes the scan\'s runner\'s distance ran.' })
 	async getOne(@Param('id') id: number) {
-		let scan = await this.scanRepository.findOne({ id: id }, { relations: ['runner'] })
+		let scan = await this.scanRepository.findOne({ id: id }, { relations: ['runner', 'runner.scans', 'runner.scans.track'] })
 		if (!scan) { throw new ScanNotFoundError(); }
 		return scan.toResponse();
 	}
 
 	@Post()
-	@Authorized("SCAN:CREATE")
+	@UseBefore(ScanAuth)
 	@ResponseSchema(ResponseScan)
-	@OpenAPI({ description: 'Create a new runner. <br> Please remeber to provide the runner\'s group\'s id.' })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Create a new scan. <br> Please remeber to provide the scan\'s runner\'s id and distance for normal scans.', security: [{ "ScanApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 	async post(@Body({ validate: true }) createScan: CreateScan) {
 		let scan = await createScan.toScan();
 		scan = await this.scanRepository.save(scan);
@@ -61,9 +63,10 @@ export class ScanController {
 	}
 
 	@Post("/trackscans")
-	@Authorized("SCAN:CREATE")
+	@UseBefore(ScanAuth)
 	@ResponseSchema(ResponseScan)
-	@OpenAPI({ description: 'Create a new track scan. <br> This is just a alias for posting /scans' })
+	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
+	@OpenAPI({ description: 'Create a new track scan. <br> This is just a alias for posting /scans', security: [{ "ScanApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
 	async postTrackScans(@Body({ validate: true }) createScan: CreateTrackScan) {
 		return this.post(createScan);
 	}
@@ -74,7 +77,7 @@ export class ScanController {
 	@ResponseSchema(ScanNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@ResponseSchema(ScanIdsNotMatchingError, { statusCode: 406 })
-	@OpenAPI({ description: "Update the runner whose id you provided. <br> Please remember that ids can't be changed." })
+	@OpenAPI({ description: "Update the scan whose id you provided. <br> Please remember that ids can't be changed and distances must be positive." })
 	async put(@Param('id') id: number, @Body({ validate: true }) scan: UpdateScan) {
 		let oldScan = await this.scanRepository.findOne({ id: id });
 
@@ -95,7 +98,7 @@ export class ScanController {
 	@ResponseSchema(ResponseScan)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete the runner whose id you provided. <br> If no runner with this id exists it will just return 204(no content).' })
+	@OpenAPI({ description: 'Delete the scan whose id you provided. <br> If no scan with this id exists it will just return 204(no content).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let scan = await this.scanRepository.findOne({ id: id });
 		if (!scan) { return null; }

src/controllers/ScanStationController.ts

@@ -25,7 +25,7 @@ export class ScanStationController {
 	@Get()
 	@Authorized("STATION:GET")
 	@ResponseSchema(ResponseScanStation, { isArray: true })
-	@OpenAPI({ description: 'Lists all scans (normal or track) from all runners. <br> This includes the runner\'s group and distance ran.' })
+	@OpenAPI({ description: 'Lists all stations. <br> This includes their associated tracks.' })
 	async getAll() {
 		let responseStations: ResponseScanStation[] = new Array<ResponseScanStation>();
 		const stations = await this.stationRepository.find({ relations: ['track'] });
@@ -40,7 +40,7 @@ export class ScanStationController {
 	@ResponseSchema(ResponseScanStation)
 	@ResponseSchema(ScanStationNotFoundError, { statusCode: 404 })
 	@OnUndefined(ScanStationNotFoundError)
-	@OpenAPI({ description: 'Lists all information about the runner whose id got provided.' })
+	@OpenAPI({ description: 'Lists all information about the station whose id got provided. <br> This includes it\'s associated track.' })
 	async getOne(@Param('id') id: number) {
 		let scan = await this.stationRepository.findOne({ id: id }, { relations: ['track'] })
 		if (!scan) { throw new ScanStationNotFoundError(); }
@@ -51,7 +51,7 @@ export class ScanStationController {
 	@Authorized("STATION:CREATE")
 	@ResponseSchema(ResponseScanStation)
 	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
-	@OpenAPI({ description: 'Create a new runner. <br> Please remeber to provide the runner\'s group\'s id.' })
+	@OpenAPI({ description: 'Create a new station. <br> Please remeber to provide the station\'s track\'s id. <br> Please also remember that the station key is only visibe on creation.' })
 	async post(@Body({ validate: true }) createStation: CreateScanStation) {
 		let newStation = await createStation.toEntity();
 		const station = await this.stationRepository.save(newStation);
@@ -87,7 +87,7 @@ export class ScanStationController {
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@ResponseSchema(ScanStationHasScansError, { statusCode: 406 })
 	@OnUndefined(204)
-	@OpenAPI({ description: 'Delete the runner whose id you provided. <br> If no runner with this id exists it will just return 204(no content).' })
+	@OpenAPI({ description: 'Delete the station whose id you provided. <br> If no station with this id exists it will just return 204(no content). <br> If the station still has scans associated you have to provide the force=true query param (warning: this deletes all scans associated with/created by this station - please disable it instead).' })
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let station = await this.stationRepository.findOne({ id: id });
 		if (!station) { return null; }

src/controllers/UserController.ts

@@ -29,7 +29,7 @@ export class UserController {
 	@OpenAPI({ description: 'Lists all users. <br> This includes their groups and permissions directly granted to them (if existing/associated).' })
 	async getAll() {
 		let responseUsers: ResponseUser[] = new Array<ResponseUser>();
-		const users = await this.userRepository.find({ relations: ['permissions', 'groups'] });
+		const users = await this.userRepository.find({ relations: ['permissions', 'groups', 'groups.permissions'] });
 		users.forEach(user => {
 			responseUsers.push(new ResponseUser(user));
 		});
@@ -43,7 +43,7 @@ export class UserController {
 	@OnUndefined(UserNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the user whose id got provided. <br> Please remember that only permissions granted directly to the user will show up here, not permissions inherited from groups.' })
 	async getOne(@Param('id') id: number) {
-		let user = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups'] })
+		let user = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups', 'groups.permissions'] })
 		if (!user) { throw new UserNotFoundError(); }
 		return new ResponseUser(user);
 	}

src/jwtcreator.ts

@@ -106,23 +106,6 @@ export class JwtUser {
         this.refreshTokenCount = user.refreshTokenCount;
         this.uuid = user.uuid;
         this.profilePic = user.profilePic;
-        this.permissions = this.getPermissions(user);
-    }
-
-    /**
-     * Handels getting the permissions granted to this user (direct or indirect).
-     * @param user User which's permissions shall be gotten.
-     */
-    public getPermissions(user: User): string[] {
-        let returnPermissions: string[] = new Array<string>();
-        for (let permission of user.permissions) {
-            returnPermissions.push(permission.toString());
-        }
-        for (let group of user.groups) {
-            for (let permission of group.permissions) {
-                returnPermissions.push(permission.toString());
-            }
-        }
-        return Array.from(new Set(returnPermissions));
+        this.permissions = user.allPermissions;
     }
 }

src/loaders/openapi.ts

@@ -39,14 +39,19 @@ export default async (app: Application) => {
           "StatsApiToken": {
             "type": "http",
             "scheme": "bearer",
-            description: "Api token that can be obtained by creating a new stats client (post to /api/statsclients)."
+            description: "Api token that can be obtained by creating a new stats client (post to /api/statsclients). Only valid for obtaining stats."
+          },
+          "StationApiToken": {
+            "type": "http",
+            "scheme": "bearer",
+            description: "Api token that can be obtained by creating a new scan station (post to /api/stations). Only valid for creating scans."
           }
         }
       },
       info: {
         description: "The the backend API for the LfK! runner system.",
         title: "LfK! Backend API",
-        version: "0.0.5",
+        version: "0.0.8",
       },
     }
   );

src/middlewares/ScanAuth.ts

@@ -0,0 +1,68 @@
+import * as argon2 from "argon2";
+import { Request, Response } from 'express';
+import { getConnectionManager } from 'typeorm';
+import { ScanStation } from '../models/entities/ScanStation';
+import authchecker from './authchecker';
+
+/**
+ * This middleware handels the authentification of scan station api tokens.
+ * The tokens have to be provided via Bearer auth header.
+ * @param req Express request object.
+ * @param res Express response object.
+ * @param next Next function to call on success.
+ */
+const ScanAuth = async (req: Request, res: Response, next: () => void) => {
+    let provided_token: string = req.headers["authorization"];
+    if (provided_token == "" || provided_token === undefined || provided_token === null) {
+        res.status(401).send("No api token provided.");
+        return;
+    }
+
+    try {
+        provided_token = provided_token.replace("Bearer ", "");
+    } catch (error) {
+        res.status(401).send("No valid jwt or api token provided.");
+        return;
+    }
+
+    let prefix = "";
+    try {
+        prefix = provided_token.split(".")[0];
+    }
+    finally {
+        if (prefix == "" || prefix == undefined || prefix == null) {
+            res.status(401).send("Api token non-existant or invalid syntax.");
+            return;
+        }
+    }
+
+    const station = await getConnectionManager().get().getRepository(ScanStation).findOne({ prefix: prefix });
+    if (!station) {
+        let user_authorized = false;
+        try {
+            let action = { request: req, response: res, context: null, next: next }
+            user_authorized = await authchecker(action, ["SCAN:CREATE"]);
+        }
+        finally {
+            if (user_authorized == false) {
+                res.status(401).send("Api token non-existant or invalid syntax.");
+                return;
+            }
+            else {
+                next();
+            }
+        }
+    }
+    else {
+        if (station.enabled == false) {
+            res.status(401).send("Station disabled.");
+        }
+        if (!(await argon2.verify(station.key, provided_token))) {
+            res.status(401).send("Api token invalid.");
+            return;
+        }
+
+        next();
+    }
+}
+export default ScanAuth;

src/models/actions/CreateScan.ts

@@ -5,7 +5,7 @@ import { Runner } from '../entities/Runner';
 import { Scan } from '../entities/Scan';
 
 /**
- * This classed is used to create a new Scan entity from a json body (post request).
+ * This class is used to create a new Scan entity from a json body (post request).
  */
 export abstract class CreateScan {
     /**
@@ -46,6 +46,9 @@ export abstract class CreateScan {
         return newScan;
     }
 
+    /**
+     * Gets a runner based on the runner id provided via this.runner.
+     */
     public async getRunner(): Promise<Runner> {
         const runner = await getConnection().getRepository(Runner).findOne({ id: this.runner });
         if (!runner) {

src/models/actions/CreateScanStation.ts

@@ -8,19 +8,18 @@ import { ScanStation } from '../entities/ScanStation';
 import { Track } from '../entities/Track';
 
 /**
- * This classed is used to create a new StatsClient entity from a json body (post request).
+ * This class is used to create a new StatsClient entity from a json body (post request).
  */
 export class CreateScanStation {
     /**
-     * The new client's description.
+     * The new station's description.
      */
     @IsString()
     @IsOptional()
     description?: string;
 
     /**
-     * The scan's associated track.
-     * This is used to determine the scan's distance.
+     * The station's associated track.
      */
     @IsInt()
     @IsPositive()
@@ -51,6 +50,10 @@ export class CreateScanStation {
         return newStation;
     }
 
+    /**
+     * Get's a track by it's id provided via this.track.
+     * Used to link the new station to a track.
+     */
     public async getTrack(): Promise<Track> {
         const track = await getConnection().getRepository(Track).findOne({ id: this.track });
         if (!track) {

src/models/actions/CreateUser.ts

@@ -1,5 +1,5 @@
 import * as argon2 from "argon2";
-import { IsBoolean, IsEmail, IsOptional, IsPhoneNumber, IsString } from 'class-validator';
+import { IsBoolean, IsEmail, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import * as uuid from 'uuid';
 import { config } from '../../config';
@@ -78,7 +78,13 @@ export class CreateUser {
     @IsOptional()
     groups?: number[] | number
 
-    //TODO: ProfilePics
+    /**
+    * The user's profile pic (or rather a url pointing to it).
+    */
+    @IsString()
+    @IsUrl()
+    @IsOptional()
+    profilePic?: string;
 
     /**
      * Converts this to a User entity.
@@ -100,7 +106,9 @@ export class CreateUser {
         newUser.password = await argon2.hash(this.password + newUser.uuid);
         newUser.groups = await this.getGroups();
         newUser.enabled = this.enabled;
-        //TODO: ProfilePics
+
+        if (!this.profilePic) { newUser.profilePic = `https://dev.lauf-fuer-kaya.de/lfk-logo.png`; }
+        else { newUser.profilePic = this.profilePic; }
 
         return newUser;
     }

src/models/actions/UpdateScan.ts

@@ -5,7 +5,7 @@ import { Runner } from '../entities/Runner';
 import { Scan } from '../entities/Scan';
 
 /**
- * This classed is used to create a new Scan entity from a json body (post request).
+ * This class is used to update a Scan entity (via put request)
  */
 export abstract class UpdateScan {
     /**
@@ -49,6 +49,9 @@ export abstract class UpdateScan {
         return scan;
     }
 
+    /**
+     * Gets a runner based on the runner id provided via this.runner.
+     */
     public async getRunner(): Promise<Runner> {
         const runner = await getConnection().getRepository(Runner).findOne({ id: this.runner });
         if (!runner) {

src/models/actions/UpdateScanStation.ts

@@ -2,7 +2,7 @@ import { IsBoolean, IsInt, IsOptional, IsString } from 'class-validator';
 import { ScanStation } from '../entities/ScanStation';
 
 /**
- * This classed is used to create a new StatsClient entity from a json body (post request).
+ * This class is used to update a ScanStation entity (via put request)
  */
 export class UpdateScanStation {
     /**
@@ -27,8 +27,8 @@ export class UpdateScanStation {
     enabled?: boolean = true;
 
     /**
-     * Converts this to a ScanStation entity.
-     * TODO:
+     * Update a ScanStation entity based on this.
+     * @param station The station that shall be updated.
      */
     public async updateStation(station: ScanStation): Promise<ScanStation> {
         station.description = this.description;

src/models/actions/UpdateUser.ts

@@ -1,5 +1,5 @@
 import * as argon2 from "argon2";
-import { IsBoolean, IsEmail, IsInt, IsOptional, IsPhoneNumber, IsString } from 'class-validator';
+import { IsBoolean, IsEmail, IsInt, IsOptional, IsPhoneNumber, IsString, IsUrl } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../config';
 import { UsernameOrEmailNeededError } from '../../errors/AuthError';
@@ -87,7 +87,16 @@ export class UpdateUser {
     groups?: UserGroup[]
 
     /**
-     * Updates a provided User entity based on this.
+    * The user's profile pic (or rather a url pointing to it).
+    */
+    @IsString()
+    @IsUrl()
+    @IsOptional()
+    profilePic?: string;
+
+    /**
+     * Updates a user entity based on this.
+     * @param user The user that shall be updated.
      */
     public async updateUser(user: User): Promise<User> {
         user.email = this.email;
@@ -106,7 +115,9 @@ export class UpdateUser {
         user.lastname = this.lastname
         user.phone = this.phone;
         user.groups = await this.getGroups();
-        //TODO: ProfilePics
+
+        if (!this.profilePic) { user.profilePic = `https://dev.lauf-fuer-kaya.de/lfk-logo.png`; }
+        else { user.profilePic = this.profilePic; }
 
         return user;
     }

src/models/entities/User.ts

@@ -1,4 +1,4 @@
-import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUUID } from "class-validator";
+import { IsBoolean, IsEmail, IsInt, IsNotEmpty, IsOptional, IsPhoneNumber, IsString, IsUrl, IsUUID } from "class-validator";
 import { ChildEntity, Column, JoinTable, ManyToMany, OneToMany } from "typeorm";
 import { config } from '../../config';
 import { ResponsePrincipal } from '../responses/ResponsePrincipal';
@@ -106,10 +106,10 @@ export class User extends Principal {
   * The user's profile picture.
   * We haven't decided yet if this will be a bas64 encoded image or just a link to the profile picture.
   */
-  @Column({ nullable: true, unique: false })
+  @Column({ nullable: false, unique: false })
   @IsString()
-  @IsOptional()
-  profilePic?: string;
+  @IsUrl()
+  profilePic: string;
 
   /**
   * The last time the user requested a password reset.
@@ -128,6 +128,26 @@ export class User extends Principal {
   @OneToMany(() => UserAction, action => action.user, { nullable: true })
   actions: UserAction[]
 
+  /**
+   * Resolves all permissions granted to this user through groups or directly to the string enum format.
+   */
+  public get allPermissions(): string[] {
+    let returnPermissions: string[] = new Array<string>();
+
+    if (!this.permissions) { return returnPermissions; }
+    for (let permission of this.permissions) {
+      returnPermissions.push(permission.toString());
+    }
+
+    if (!this.groups) { return returnPermissions; }
+    for (let group of this.groups) {
+      for (let permission of group.permissions) {
+        returnPermissions.push(permission.toString());
+      }
+    }
+    return Array.from(new Set(returnPermissions));
+  }
+
   /**
    * Turns this entity into it's response class.
    */

src/models/responses/ResponseUser.ts

@@ -5,7 +5,6 @@ import {
     IsOptional,
     IsString
 } from "class-validator";
-import { Permission } from '../entities/Permission';
 import { User } from '../entities/User';
 import { UserGroup } from '../entities/UserGroup';
 import { ResponsePrincipal } from './ResponsePrincipal';
@@ -57,11 +56,10 @@ export class ResponseUser extends ResponsePrincipal {
     enabled: boolean = true;
 
     /**
-    * The user's profile pic.
+    * The user's profile pic (or rather a url pointing to it).
     */
     @IsString()
-    @IsOptional()
-    profilePic?: string;
+    profilePic: string;
 
     /**
      * The groups that the user is a part of.
@@ -75,7 +73,7 @@ export class ResponseUser extends ResponsePrincipal {
      */
     @IsArray()
     @IsOptional()
-    permissions: Permission[];
+    permissions: string[];
 
     /**
      * Creates a ResponseUser object from a user.
@@ -92,6 +90,7 @@ export class ResponseUser extends ResponsePrincipal {
         this.enabled = user.enabled;
         this.profilePic = user.profilePic;
         this.groups = user.groups;
-        this.permissions = user.permissions;
+        this.permissions = user.allPermissions;
+        this.groups.forEach(function (g) { delete g.permissions });
     }
 }

src/tests/scans/scans_add.spec.ts

@@ -0,0 +1,231 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+	access_token = res.data["access_token"];
+	axios_config = {
+		headers: { "authorization": "Bearer " + access_token },
+		validateStatus: undefined
+	};
+});
+
+
+describe('POST /api/scans illegally', () => {
+	let added_org;
+	let added_runner;
+	it('creating a new org with just a name should return 200', async () => {
+		const res1 = await axios.post(base + '/api/organisations', {
+			"name": "test123"
+		}, axios_config);
+		added_org = res1.data
+		expect(res1.status).toEqual(200);
+		expect(res1.headers['content-type']).toContain("application/json")
+	});
+	it('creating a new runner with only needed params should return 200', async () => {
+		const res2 = await axios.post(base + '/api/runners', {
+			"firstname": "first",
+			"lastname": "last",
+			"group": added_org.id
+		}, axios_config);
+		added_runner = res2.data;
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('no input should return 400', async () => {
+		const res = await axios.post(base + '/api/scans', null, axios_config);
+		expect(res.status).toEqual(400);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+	it('no distance should return 400', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": added_runner.id
+		}, axios_config);
+		expect(res.status).toEqual(400);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+	it('illegal distance input should return 400', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": added_runner.id,
+			"distance": -1
+		}, axios_config);
+		expect(res.status).toEqual(400);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+	it('invalid runner input should return 404', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": 999999999999999999999999,
+			"distance": 100
+		}, axios_config);
+		expect(res.status).toEqual(404);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+});
+// ---------------
+describe('POST /api/scans successfully', () => {
+	let added_org;
+	let added_runner;
+	it('creating a new org with just a name should return 200', async () => {
+		const res1 = await axios.post(base + '/api/organisations', {
+			"name": "test123"
+		}, axios_config);
+		added_org = res1.data
+		expect(res1.status).toEqual(200);
+		expect(res1.headers['content-type']).toContain("application/json")
+	});
+	it('creating a new runner with only needed params should return 200', async () => {
+		const res2 = await axios.post(base + '/api/runners', {
+			"firstname": "first",
+			"lastname": "last",
+			"group": added_org.id
+		}, axios_config);
+		delete res2.data.group;
+		added_runner = res2.data;
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('creating a scan with the minimum amount of parameters should return 200', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": added_runner.id,
+			"distance": 200
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		expect(res.data).toEqual({
+			"runner": added_runner,
+			"distance": 200,
+			"valid": true
+		});
+	});
+	it('creating a valid scan should return 200', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": added_runner.id,
+			"distance": 200,
+			"valid": true
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		expect(res.data).toEqual({
+			"runner": added_runner,
+			"distance": 200,
+			"valid": true
+		});
+	});
+	it('creating a invalid scan should return 200', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": added_runner.id,
+			"distance": 200,
+			"valid": false
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		expect(res.data).toEqual({
+			"runner": added_runner,
+			"distance": 200,
+			"valid": false
+		});
+	});
+});
+// ---------------
+describe('POST /api/scans successfully via scan station', () => {
+	let added_org;
+	let added_runner;
+	let added_track;
+	let added_station;
+	it('creating a new org with just a name should return 200', async () => {
+		const res1 = await axios.post(base + '/api/organisations', {
+			"name": "test123"
+		}, axios_config);
+		added_org = res1.data
+		expect(res1.status).toEqual(200);
+		expect(res1.headers['content-type']).toContain("application/json")
+	});
+	it('creating a new runner with only needed params should return 200', async () => {
+		const res2 = await axios.post(base + '/api/runners', {
+			"firstname": "first",
+			"lastname": "last",
+			"group": added_org.id
+		}, axios_config);
+		delete res2.data.group;
+		added_runner = res2.data;
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('creating a track with the minimum amount of parameters should return 200', async () => {
+		const res = await axios.post(base + '/api/tracks', {
+			"name": "testtrack",
+			"distance": 200,
+		}, axios_config);
+		added_track = res.data;
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+	});
+	it('creating a station with minimum parameters should return 200', async () => {
+		const res = await axios.post(base + '/api/stations', {
+			"track": added_track.id
+		}, axios_config);
+		added_station = res.data;
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+	});
+	it('creating a scan with the minimum amount of parameters should return 200', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": added_runner.id,
+			"distance": 200
+		}, {
+			headers: { "authorization": "Bearer " + added_station.key },
+			validateStatus: undefined
+		});
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		expect(res.data).toEqual({
+			"runner": added_runner,
+			"distance": 200,
+			"valid": true
+		});
+	});
+	it('creating a valid scan should return 200', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": added_runner.id,
+			"distance": 200,
+			"valid": true
+		}, {
+			headers: { "authorization": "Bearer " + added_station.key },
+			validateStatus: undefined
+		});
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		expect(res.data).toEqual({
+			"runner": added_runner,
+			"distance": 200,
+			"valid": true
+		});
+	});
+	it('creating a invalid scan should return 200', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": added_runner.id,
+			"distance": 200,
+			"valid": false
+		}, {
+			headers: { "authorization": "Bearer " + added_station.key },
+			validateStatus: undefined
+		});
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		delete res.data.id;
+		expect(res.data).toEqual({
+			"runner": added_runner,
+			"distance": 200,
+			"valid": false
+		});
+	});
+});

src/tests/scans/scans_delete.spec.ts

@@ -0,0 +1,68 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+	access_token = res.data["access_token"];
+	axios_config = {
+		headers: { "authorization": "Bearer " + access_token },
+		validateStatus: undefined
+	};
+});
+
+// ---------------
+
+describe('DELETE scan', () => {
+	let added_org;
+	let added_runner;
+	let added_scan;
+	it('creating a new org with just a name should return 200', async () => {
+		const res1 = await axios.post(base + '/api/organisations', {
+			"name": "test123"
+		}, axios_config);
+		added_org = res1.data
+		expect(res1.status).toEqual(200);
+		expect(res1.headers['content-type']).toContain("application/json")
+	});
+	it('creating a new runner with only needed params should return 200', async () => {
+		const res2 = await axios.post(base + '/api/runners', {
+			"firstname": "first",
+			"lastname": "last",
+			"group": added_org.id
+		}, axios_config);
+		added_runner = res2.data;
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('correct distance and runner input should return 200', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": added_runner.id,
+			"distance": 1000
+		}, axios_config);
+		added_scan = res.data;
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json")
+	});
+	it('delete scan', async () => {
+		const res2 = await axios.delete(base + '/api/scans/' + added_scan.id, axios_config);
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+		expect(res2.data).toEqual(added_scan);
+	});
+	it('check if scan really was deleted', async () => {
+		const res3 = await axios.get(base + '/api/scans/' + added_scan.id, axios_config);
+		expect(res3.status).toEqual(404);
+		expect(res3.headers['content-type']).toContain("application/json")
+	});
+});
+// ---------------
+describe('DELETE scan (non-existant)', () => {
+	it('delete', async () => {
+		const res2 = await axios.delete(base + '/api/scans/0', axios_config);
+		expect(res2.status).toEqual(204);
+	});
+});

src/tests/scans/scans_update.spec.ts

@@ -0,0 +1,174 @@
+import axios from 'axios';
+import { config } from '../../config';
+const base = "http://localhost:" + config.internal_port
+
+let access_token;
+let axios_config;
+
+beforeAll(async () => {
+	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
+	access_token = res.data["access_token"];
+	axios_config = {
+		headers: { "authorization": "Bearer " + access_token },
+		validateStatus: undefined
+	};
+});
+
+describe('adding + updating illegally', () => {
+	let added_org;
+	let added_runner;
+	let added_scan;
+	it('creating a new org with just a name should return 200', async () => {
+		const res1 = await axios.post(base + '/api/organisations', {
+			"name": "test123"
+		}, axios_config);
+		added_org = res1.data
+		expect(res1.status).toEqual(200);
+		expect(res1.headers['content-type']).toContain("application/json")
+	});
+	it('creating a new runner with only needed params should return 200', async () => {
+		const res2 = await axios.post(base + '/api/runners', {
+			"firstname": "first",
+			"lastname": "last",
+			"group": added_org.id
+		}, axios_config);
+		delete res2.data.group;
+		added_runner = res2.data;
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('creating a scan with the minimum amount of parameters should return 200', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": added_runner.id,
+			"distance": 200
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		added_scan = res.data;
+	});
+	it('updating empty should return 400', async () => {
+		const res2 = await axios.put(base + '/api/scans/' + added_scan.id, null, axios_config);
+		expect(res2.status).toEqual(400);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('updating with wrong id should return 406', async () => {
+		const res2 = await axios.put(base + '/api/scans/' + added_scan.id, {
+			"id": added_scan.id + 1,
+			"runner": added_runner.id,
+			"distance": added_scan.distance
+		}, axios_config);
+		expect(res2.status).toEqual(406);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('update with negative distance should return 400', async () => {
+		const res2 = await axios.put(base + '/api/scans/' + added_scan.id, {
+			"id": added_scan.id,
+			"runner": added_runner.id,
+			"distance": -1
+		}, axios_config);
+		expect(res2.status).toEqual(400);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('update with invalid runner id should return 404', async () => {
+		const res2 = await axios.put(base + '/api/scans/' + added_scan.id, {
+			"id": added_scan.id,
+			"runner": 9999999999999999999999999,
+			"distance": 123
+		}, axios_config);
+		expect(res2.status).toEqual(404);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+});
+// ---------------
+describe('adding + updating successfilly', () => {
+	let added_org;
+	let added_runner;
+	let added_runner2;
+	let added_scan;
+	it('creating a new org with just a name should return 200', async () => {
+		const res1 = await axios.post(base + '/api/organisations', {
+			"name": "test123"
+		}, axios_config);
+		added_org = res1.data
+		expect(res1.status).toEqual(200);
+		expect(res1.headers['content-type']).toContain("application/json")
+	});
+	it('creating a new runner with only needed params should return 200', async () => {
+		const res2 = await axios.post(base + '/api/runners', {
+			"firstname": "first",
+			"lastname": "last",
+			"group": added_org.id
+		}, axios_config);
+		delete res2.data.group;
+		added_runner = res2.data;
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('creating a scan with the minimum amount of parameters should return 200', async () => {
+		const res = await axios.post(base + '/api/scans', {
+			"runner": added_runner.id,
+			"distance": 200
+		}, axios_config);
+		expect(res.status).toEqual(200);
+		expect(res.headers['content-type']).toContain("application/json");
+		added_scan = res.data;
+	});
+	it('valid distance update should return 200', async () => {
+		const res2 = await axios.put(base + '/api/scans/' + added_scan.id, {
+			"id": added_scan.id,
+			"runner": added_runner.id,
+			"distance": 100
+		}, axios_config);
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+		expect(res2.data).toEqual({
+			"id": added_scan.id,
+			"runner": added_runner,
+			"distance": 100,
+			"valid": true
+
+		});
+	});
+	it('valid valid update should return 200', async () => {
+		const res2 = await axios.put(base + '/api/scans/' + added_scan.id, {
+			"id": added_scan.id,
+			"runner": added_runner.id,
+			"distance": 100,
+			"valid": false
+		}, axios_config);
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+		expect(res2.data).toEqual({
+			"id": added_scan.id,
+			"runner": added_runner,
+			"distance": 100,
+			"valid": false
+		});
+	});
+	it('creating a new runner with only needed params should return 200', async () => {
+		const res2 = await axios.post(base + '/api/runners', {
+			"firstname": "first",
+			"lastname": "last",
+			"group": added_org.id
+		}, axios_config);
+		delete res2.data.group;
+		added_runner2 = res2.data;
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json")
+	});
+	it('valid runner update should return 200', async () => {
+		const res2 = await axios.put(base + '/api/scans/' + added_scan.id, {
+			"id": added_scan.id,
+			"runner": added_runner2.id,
+			"distance": added_scan.distance
+		}, axios_config);
+		expect(res2.status).toEqual(200);
+		expect(res2.headers['content-type']).toContain("application/json");
+		expect(res2.data).toEqual({
+			"id": added_scan.id,
+			"runner": added_runner2,
+			"distance": added_scan.distance,
+			"valid": added_scan.valid
+		});
+	});
+});