Merge pull request 'Merge for alpha 0.0.6' (#61) from dev into main

Reviewed-on: #61
Reviewed-by: Philipp Dormann <philipp@philippdormann.de>

.drone.yml

@@ -90,34 +90,20 @@ steps:
         from_secret: DOCKER_REGISTRY_PASSWORD
       repo: registry.odit.services/lfk/backend
       tags:
-        - $DRONE_TAG
+        - '${DRONE_TAG}'
       registry: registry.odit.services
-  - name: trigger js lib build
-    depends_on: [clone]
-    image: plugins/downstream
-    settings:
-      server: https://ci.odit.services/
-      token: 
-        from_secret: BOT_DRONE_KEY
-      fork: false
-      repositories:
-        - lfk/lfk-client-js
-      params:
-      - SOURCE_TAG: $DRONE_TAG
   - name: trigger node lib build
-    depends_on: [clone]
-    image: plugins/downstream
+    image: idcooldi/drone-webhook
     settings:
-      server: https://ci.odit.services/
-      token: 
+      urls: https://ci.odit.services/api/repos/lfk/lfk-client-node/builds?SOURCE_TAG=${DRONE_TAG}
+      bearer:
+        from_secret: BOT_DRONE_KEY
+  - name: trigger js lib build
+    image: idcooldi/drone-webhook
+    settings:
+      urls: https://ci.odit.services/api/repos/lfk/lfk-client-js/builds?SOURCE_TAG=${DRONE_TAG}
+      bearer:
         from_secret: BOT_DRONE_KEY
-      fork: false
-      repositories:
-        - lfk/lfk-client-node
-      params:
-      - SOURCE_TAG: $DRONE_TAG
 trigger:
-  branch:
-    - main
   event:
-    - tag
+  - tag

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@odit/lfk-backend",
-  "version": "1.0.0",
+  "version": "0.0.6",
   "main": "src/app.ts",
   "repository": "https://git.odit.services/lfk/backend",
   "author": {
@@ -41,7 +41,6 @@
     "routing-controllers": "^0.9.0-alpha.6",
     "routing-controllers-openapi": "^2.1.0",
     "sqlite3": "^5.0.0",
-    "swagger-ui-express": "^4.1.5",
     "typeorm": "^0.2.29",
     "typeorm-routing-controllers-extensions": "^0.2.0",
     "typeorm-seeding": "^1.6.1",
@@ -55,9 +54,9 @@
     "@types/jest": "^26.0.16",
     "@types/jsonwebtoken": "^8.5.0",
     "@types/node": "^14.14.9",
-    "@types/swagger-ui-express": "^4.1.2",
     "@types/uuid": "^8.3.0",
     "axios": "^0.21.0",
+    "cp-cli": "^2.0.0",
     "jest": "^26.6.3",
     "nodemon": "^2.0.6",
     "rimraf": "^2.7.1",
@@ -69,11 +68,11 @@
   },
   "scripts": {
     "dev": "nodemon src/app.ts",
-    "build": "tsc",
+    "build": "rimraf ./dist && tsc && cp-cli ./src/static ./dist/static",
     "docs": "typedoc --out docs src",
     "test": "jest",
     "test:watch": "jest --watchAll",
-    "test:ci": "start-server-and-test dev http://localhost:4010/api/openapi.json test",
+    "test:ci": "start-server-and-test dev http://localhost:4010/api/docs/openapi.json test",
     "seed": "ts-node ./node_modules/typeorm/cli.js schema:sync && ts-node ./node_modules/typeorm-seeding/dist/cli.js seed",
     "openapi:export": "ts-node src/openapi_export.ts"
   },

src/app.ts

@@ -1,9 +1,9 @@
 import consola from "consola";
 import "reflect-metadata";
 import { createExpressServer } from "routing-controllers";
-import authchecker from "./authchecker";
 import { config, e as errors } from './config';
 import loaders from "./loaders/index";
+import authchecker from "./middlewares/authchecker";
 import { ErrorHandler } from './middlewares/ErrorHandler';
 
 const CONTROLLERS_FILE_EXTENSION = process.env.NODE_ENV === 'production' ? 'js' : 'ts';

src/controllers/StatsClientController.ts

@@ -0,0 +1,75 @@
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnectionManager, Repository } from 'typeorm';
+import { StatsClientNotFoundError } from '../errors/StatsClientErrors';
+import { TrackNotFoundError } from "../errors/TrackErrors";
+import { CreateStatsClient } from '../models/actions/CreateStatsClient';
+import { StatsClient } from '../models/entities/StatsClient';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { ResponseStatsClient } from '../models/responses/ResponseStatsClient';
+
+@JsonController('/statsclients')
+@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+export class StatsClientController {
+	private clientRepository: Repository<StatsClient>;
+
+	/**
+	 * Gets the repository of this controller's model/entity.
+	 */
+	constructor() {
+		this.clientRepository = getConnectionManager().get().getRepository(StatsClient);
+	}
+
+	@Get()
+	@Authorized("STATSCLIENT:GET")
+	@ResponseSchema(ResponseStatsClient, { isArray: true })
+	@OpenAPI({ description: 'Lists all stats clients. Please remember that the key can only be viewed on creation.' })
+	async getAll() {
+		let responseClients: ResponseStatsClient[] = new Array<ResponseStatsClient>();
+		const clients = await this.clientRepository.find();
+		clients.forEach(clients => {
+			responseClients.push(new ResponseStatsClient(clients));
+		});
+		return responseClients;
+	}
+
+	@Get('/:id')
+	@Authorized("STATSCLIENT:GET")
+	@ResponseSchema(ResponseStatsClient)
+	@ResponseSchema(StatsClientNotFoundError, { statusCode: 404 })
+	@OnUndefined(StatsClientNotFoundError)
+	@OpenAPI({ description: "Lists all information about the stats client whose id got provided. Please remember that the key can only be viewed on creation." })
+	async getOne(@Param('id') id: number) {
+		let client = await this.clientRepository.findOne({ id: id });
+		if (!client) { throw new TrackNotFoundError(); }
+		return new ResponseStatsClient(client);
+	}
+
+	@Post()
+	@Authorized("STATSCLIENT:CREATE")
+	@ResponseSchema(ResponseStatsClient)
+	@OpenAPI({ description: "Create a new stats client. <br> Please remember that the client\'s key will be generated automaticly and that it can only be viewed on creation." })
+	async post(
+		@Body({ validate: true })
+		client: CreateStatsClient
+	) {
+		let newClient = await this.clientRepository.save(await client.toStatsClient());
+		let responseClient = new ResponseStatsClient(newClient);
+		responseClient.key = newClient.cleartextkey;
+		return responseClient;
+	}
+
+	@Delete('/:id')
+	@Authorized("STATSCLIENT:DELETE")
+	@ResponseSchema(ResponseStatsClient)
+	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
+	@OnUndefined(204)
+	@OpenAPI({ description: "Delete the stats client whose id you provided. <br> If no client with this id exists it will just return 204(no content)." })
+	async remove(@Param("id") id: number) {
+		let client = await this.clientRepository.findOne({ id: id });
+		if (!client) { return null; }
+
+		await this.clientRepository.delete(client);
+		return new ResponseStatsClient(client);
+	}
+}

src/controllers/StatsController.ts

@@ -0,0 +1,124 @@
+import { Get, JsonController, UseBefore } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { getConnection } from 'typeorm';
+import StatsAuth from '../middlewares/StatsAuth';
+import { Donation } from '../models/entities/Donation';
+import { Runner } from '../models/entities/Runner';
+import { RunnerOrganisation } from '../models/entities/RunnerOrganisation';
+import { RunnerTeam } from '../models/entities/RunnerTeam';
+import { Scan } from '../models/entities/Scan';
+import { User } from '../models/entities/User';
+import { ResponseStats } from '../models/responses/ResponseStats';
+import { ResponseStatsOrgnisation } from '../models/responses/ResponseStatsOrganisation';
+import { ResponseStatsRunner } from '../models/responses/ResponseStatsRunner';
+import { ResponseStatsTeam } from '../models/responses/ResponseStatsTeam';
+
+@JsonController('/stats')
+export class StatsController {
+
+    @Get()
+    @ResponseSchema(ResponseStats)
+    @OpenAPI({ description: "A very basic stats endpoint providing basic counters for a dashboard or simmilar" })
+    async get() {
+        let connection = getConnection();
+        let runners = await connection.getRepository(Runner).find({ relations: ['scans', 'scans.track'] });
+        let teams = await connection.getRepository(RunnerTeam).find();
+        let orgs = await connection.getRepository(RunnerOrganisation).find();
+        let users = await connection.getRepository(User).find();
+        let scans = await connection.getRepository(Scan).find();
+        let donations = await connection.getRepository(Donation).find({ relations: ['runner', 'runner.scans', 'runner.scans.track'] });
+        return new ResponseStats(runners, teams, orgs, users, scans, donations)
+    }
+
+    @Get("/runners/distance")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsRunner, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten runners by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopRunnersByDistance() {
+        let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
+        let topRunners = runners.sort((runner1, runner2) => runner1.distance - runner2.distance).slice(0, 9);
+        let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
+        topRunners.forEach(runner => {
+            responseRunners.push(new ResponseStatsRunner(runner));
+        });
+        return responseRunners;
+    }
+
+    @Get("/runners/donations")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsRunner, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten runners by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopRunnersByDonations() {
+        let runners = await getConnection().getRepository(Runner).find({ relations: ['scans', 'group', 'distanceDonations', 'scans.track'] });
+        let topRunners = runners.sort((runner1, runner2) => runner1.distanceDonationAmount - runner2.distanceDonationAmount).slice(0, 9);
+        let responseRunners: ResponseStatsRunner[] = new Array<ResponseStatsRunner>();
+        topRunners.forEach(runner => {
+            responseRunners.push(new ResponseStatsRunner(runner));
+        });
+        return responseRunners;
+    }
+
+    @Get("/scans")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsRunner, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten fastest track times (with their runner and the runner's group).", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopRunnersByTrackTime() {
+        throw new Error("Not implemented yet.")
+    }
+
+    @Get("/teams/distance")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsTeam, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten teams by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopTeamsByDistance() {
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
+        let topTeams = teams.sort((team1, team2) => team1.distance - team2.distance).slice(0, 9);
+        let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
+        topTeams.forEach(team => {
+            responseTeams.push(new ResponseStatsTeam(team));
+        });
+        return responseTeams;
+    }
+
+    @Get("/teams/donations")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsTeam, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten teams by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopTeamsByDonations() {
+        let teams = await getConnection().getRepository(RunnerTeam).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track'] });
+        let topTeams = teams.sort((team1, team2) => team1.distanceDonationAmount - team2.distanceDonationAmount).slice(0, 9);
+        let responseTeams: ResponseStatsTeam[] = new Array<ResponseStatsTeam>();
+        topTeams.forEach(team => {
+            responseTeams.push(new ResponseStatsTeam(team));
+        });
+        return responseTeams;
+    }
+
+    @Get("/organisations/distance")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsOrgnisation, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten organisations by distance.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopOrgsByDistance() {
+        let orgs = await getConnection().getRepository(RunnerOrganisation).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
+        let topOrgs = orgs.sort((org1, org2) => org1.distance - org2.distance).slice(0, 9);
+        let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
+        topOrgs.forEach(org => {
+            responseOrgs.push(new ResponseStatsOrgnisation(org));
+        });
+        return responseOrgs;
+    }
+
+    @Get("/organisations/donations")
+    @UseBefore(StatsAuth)
+    @ResponseSchema(ResponseStatsOrgnisation, { isArray: true })
+    @OpenAPI({ description: "Returns the top ten organisations by donations.", security: [{ "StatsApiToken": [] }, { "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
+    async getTopOrgsByDonations() {
+        let orgs = await getConnection().getRepository(RunnerOrganisation).find({ relations: ['runners', 'runners.scans', 'runners.distanceDonations', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.scans', 'teams.runners.distanceDonations', 'teams.runners.scans.track'] });
+        let topOrgs = orgs.sort((org1, org2) => org1.distanceDonationAmount - org2.distanceDonationAmount).slice(0, 9);
+        let responseOrgs: ResponseStatsOrgnisation[] = new Array<ResponseStatsOrgnisation>();
+        topOrgs.forEach(org => {
+            responseOrgs.push(new ResponseStatsOrgnisation(org));
+        });
+        return responseOrgs;
+    }
+}

src/errors/StatsClientErrors.ts

@@ -0,0 +1,25 @@
+import { IsString } from 'class-validator';
+import { NotAcceptableError, NotFoundError } from 'routing-controllers';
+
+/**
+ * Error to throw, when a non-existant stats client get's loaded.
+ */
+export class StatsClientNotFoundError extends NotFoundError {
+	@IsString()
+	name = "StatsClientNotFoundError"
+
+	@IsString()
+	message = "The stats client you provided couldn't be located in the system. \n Please check your request."
+}
+
+/**
+ * Error to throw when two stats clients' ids don't match.
+ * Usually occurs when a user tries to change a stats client's id.
+ */
+export class StatsClientIdsNotMatchingError extends NotAcceptableError {
+	@IsString()
+	name = "StatsClientIdsNotMatchingError"
+
+	@IsString()
+	message = "The ids don't match! \n And if you wanted to change a stats client's id: This isn't allowed!"
+}

src/loaders/openapi.ts

@@ -3,7 +3,6 @@ import express, { Application } from "express";
 import path from 'path';
 import { getMetadataArgsStorage } from "routing-controllers";
 import { routingControllersToSpec } from "routing-controllers-openapi";
-import * as swaggerUiExpress from "swagger-ui-express";
 
 /**
  * Loader for everything openapi related - from creating the schema to serving it via a static route and swaggerUiExpress.
@@ -36,26 +35,21 @@ export default async (app: Application) => {
             "in": "cookie",
             "name": "lfk_backend__refresh_token",
             description: "A cookie containing a JWT based refreh token. Attention: Doesn't work in swagger-ui. Use /api/auth/login or /api/auth/refresh to get one."
+          },
+          "StatsApiToken": {
+            "type": "http",
+            "scheme": "bearer",
+            description: "Api token that can be obtained by creating a new stats client (post to /api/statsclients)."
           }
         }
       },
       info: {
         description: "The the backend API for the LfK! runner system.",
         title: "LfK! Backend API",
-        version: "1.0.0",
+        version: "0.0.5",
       },
     }
   );
-
-  //Options for swaggerUiExpress
-  const options = {
-    explorer: true,
-  };
-  app.use(
-    "/api/docs/swagger",
-    swaggerUiExpress.serve,
-    swaggerUiExpress.setup(spec, options)
-  );
   app.get(["/api/docs/openapi.json", "/api/docs/swagger.json"], (req, res) => {
     res.json(spec);
   });

src/middlewares/StatsAuth.ts

@@ -0,0 +1,65 @@
+import * as argon2 from "argon2";
+import { Request, Response } from 'express';
+import { getConnectionManager } from 'typeorm';
+import { StatsClient } from '../models/entities/StatsClient';
+import authchecker from './authchecker';
+
+/**
+ * This middleware handels the authentification of stats client api tokens.
+ * The tokens have to be provided via Bearer auth header.
+ * @param req Express request object.
+ * @param res Express response object.
+ * @param next Next function to call on success.
+ */
+const StatsAuth = async (req: Request, res: Response, next: () => void) => {
+    let provided_token: string = req.headers["authorization"];
+    if (provided_token == "" || provided_token === undefined || provided_token === null) {
+        res.status(401).send("No api token provided.");
+        return;
+    }
+
+    try {
+        provided_token = provided_token.replace("Bearer ", "");
+    } catch (error) {
+        res.status(401).send("No valid jwt or api token provided.");
+        return;
+    }
+
+    let prefix = "";
+    try {
+        prefix = provided_token.split(".")[0];
+    }
+    finally {
+        if (prefix == "" || prefix == undefined || prefix == null) {
+            res.status(401).send("Api token non-existant or invalid syntax.");
+            return;
+        }
+    }
+
+    const client = await getConnectionManager().get().getRepository(StatsClient).findOne({ prefix: prefix });
+    if (!client) {
+        let user_authorized = false;
+        try {
+            let action = { request: req, response: res, context: null, next: next }
+            user_authorized = await authchecker(action, ["RUNNER:GET", "TEAM:GET", "ORGANISATION:GET"]);
+        }
+        finally {
+            if (user_authorized == false) {
+                res.status(401).send("Api token non-existant or invalid syntax.");
+                return;
+            }
+            else {
+                next();
+            }
+        }
+    }
+    else {
+        if (!(await argon2.verify(client.key, provided_token))) {
+            res.status(401).send("Api token invalid.");
+            return;
+        }
+
+        next();
+    }
+}
+export default StatsAuth;

src/middlewares/authchecker.ts

@@ -2,10 +2,10 @@ import cookie from "cookie";
 import * as jwt from "jsonwebtoken";
 import { Action } from "routing-controllers";
 import { getConnectionManager } from 'typeorm';
-import { config } from './config';
-import { IllegalJWTError, NoPermissionError, UserDisabledError, UserNonexistantOrRefreshtokenInvalidError } from './errors/AuthError';
-import { JwtCreator, JwtUser } from './jwtcreator';
-import { User } from './models/entities/User';
+import { config } from '../config';
+import { IllegalJWTError, NoPermissionError, UserDisabledError, UserNonexistantOrRefreshtokenInvalidError } from '../errors/AuthError';
+import { JwtCreator, JwtUser } from '../jwtcreator';
+import { User } from '../models/entities/User';
 
 /**
  * Handels authorisation verification via jwt's for all api endpoints using the @Authorized decorator.

src/models/actions/CreateStatsClient.ts

@@ -0,0 +1,33 @@
+import * as argon2 from "argon2";
+import { IsOptional, IsString } from 'class-validator';
+import crypto from 'crypto';
+import * as uuid from 'uuid';
+import { StatsClient } from '../entities/StatsClient';
+
+/**
+ * This classed is used to create a new StatsClient entity from a json body (post request).
+ */
+export class CreateStatsClient {
+    /**
+     * The new client's description.
+     */
+    @IsString()
+    @IsOptional()
+    description?: string;
+
+    /**
+     * Converts this to a StatsClient entity.
+     */
+    public async toStatsClient(): Promise<StatsClient> {
+        let newClient: StatsClient = new StatsClient();
+
+        newClient.description = this.description;
+
+        let newUUID = uuid.v4().toUpperCase();
+        newClient.prefix = crypto.createHash("sha3-512").update(newUUID).digest('hex').substring(0, 7).toUpperCase();
+        newClient.key = await argon2.hash(newClient.prefix + "." + newUUID);
+        newClient.cleartextkey = newClient.prefix + "." + newUUID;
+
+        return newClient;
+    }
+}

src/models/entities/Donation.ts

@@ -31,5 +31,5 @@ export abstract class Donation {
    * The donation's amount in cents (or whatever your currency's smallest unit is.).
    * The exact implementation may differ for each type of donation.
    */
-  abstract amount: number | Promise<number>;
+  abstract amount: number;
 }

src/models/entities/Runner.ts

@@ -58,4 +58,12 @@ export class Runner extends Participant {
   public get distance(): number {
     return this.validScans.reduce((sum, current) => sum + current.distance, 0);
   }
+
+  /**
+   * Returns the total donations a runner has collected based on his linked donations and distance ran.
+  */
+  @IsInt()
+  public get distanceDonationAmount(): number {
+    return this.distanceDonations.reduce((sum, current) => sum + current.amountPerDistance, 0) * this.distance;
+  }
 }

src/models/entities/RunnerGroup.ts

@@ -44,4 +44,20 @@ export abstract class RunnerGroup {
    */
   @OneToMany(() => Runner, runner => runner.group, { nullable: true })
   runners: Runner[];
+
+  /**
+   * Returns the total distance ran by this group's runners based on all their valid scans.
+  */
+  @IsInt()
+  public get distance(): number {
+    return this.runners.reduce((sum, current) => sum + current.distance, 0);
+  }
+
+  /**
+   * Returns the total donations a runner has collected based on his linked donations and distance ran.
+  */
+  @IsInt()
+  public get distanceDonationAmount(): number {
+    return this.runners.reduce((sum, current) => sum + current.distanceDonationAmount, 0);
+  }
 }

src/models/entities/RunnerOrganisation.ts

@@ -1,6 +1,7 @@
-import { IsOptional } from "class-validator";
+import { IsInt, IsOptional } from "class-validator";
 import { ChildEntity, ManyToOne, OneToMany } from "typeorm";
 import { Address } from "./Address";
+import { Runner } from './Runner';
 import { RunnerGroup } from "./RunnerGroup";
 import { RunnerTeam } from "./RunnerTeam";
 
@@ -24,4 +25,32 @@ export class RunnerOrganisation extends RunnerGroup {
    */
   @OneToMany(() => RunnerTeam, team => team.parentGroup, { nullable: true })
   teams: RunnerTeam[];
+
+  /**
+   * Returns all runners associated with this organisation (directly or indirectly via teams).
+   */
+  public get allRunners(): Runner[] {
+    let returnRunners: Runner[] = new Array<Runner>();
+    returnRunners.push(...this.runners);
+    for (let team of this.teams) {
+      returnRunners.push(...team.runners)
+    }
+    return returnRunners;
+  }
+
+  /**
+   * Returns the total distance ran by this group's runners based on all their valid scans.
+  */
+  @IsInt()
+  public get distance(): number {
+    return this.allRunners.reduce((sum, current) => sum + current.distance, 0);
+  }
+
+  /**
+   * Returns the total donations a runner has collected based on his linked donations and distance ran.
+  */
+  @IsInt()
+  public get distanceDonationAmount(): number {
+    return this.allRunners.reduce((sum, current) => sum + current.distanceDonationAmount, 0);
+  }
 }

src/models/entities/StatsClient.ts

@@ -0,0 +1,48 @@
+import { IsInt, IsOptional, IsString } from "class-validator";
+import { Column, Entity, PrimaryGeneratedColumn } from "typeorm";
+/**
+ * Defines the StatsClient entity.
+ * StatsClients can be used to access the protected parts of the stats api (top runners, donators and so on).
+*/
+@Entity()
+export class StatsClient {
+    /**
+     * Autogenerated unique id (primary key).
+     */
+    @PrimaryGeneratedColumn()
+    @IsInt()
+    id: number;
+
+    /**
+     * The clients's description.
+     * Mostly for better UX when traceing back stuff.
+     */
+    @Column({ nullable: true })
+    @IsOptional()
+    @IsString()
+    description?: string;
+
+    /**
+     * The client's api key prefix.
+     * This is used identitfy a client by it's api key.
+     */
+    @Column({ unique: true })
+    @IsString()
+    prefix: string;
+
+    /**
+     * The client's api key hash.
+     * The api key can be used to authenticate against the /stats/** routes.
+     */
+    @Column()
+    @IsString()
+    key: string;
+
+    /**
+     * The client's api key in plain text.
+     * This will only be used to display the full key on creation and updates.
+     */
+    @IsString()
+    @IsOptional()
+    cleartextkey?: string;
+}

src/models/enums/PermissionTargets.ts

@@ -8,5 +8,6 @@ export enum PermissionTarget {
     TRACK = 'TRACK',
     USER = 'USER',
     USERGROUP = 'USERGROUP',
-    PERMISSION = 'PERMISSION'
+    PERMISSION = 'PERMISSION',
+    STATSCLIENT = 'STATSCLIENT'
 }

src/models/responses/ResponseStats.ts

@@ -0,0 +1,83 @@
+import {
+    IsInt
+} from "class-validator";
+import { Donation } from '../entities/Donation';
+import { Runner } from '../entities/Runner';
+import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+import { RunnerTeam } from '../entities/RunnerTeam';
+import { Scan } from '../entities/Scan';
+import { User } from '../entities/User';
+
+/**
+ * Defines the stats response.
+ * The stats response calculates some basic stats for a dashboard or public display.
+*/
+export class ResponseStats {
+    /**
+     * The amount of runners registered in the system.
+     */
+    @IsInt()
+    total_runners: number;
+
+    /**
+     * The amount of teams registered in the system.
+     */
+    @IsInt()
+    total_teams: number;
+
+    /**
+     * The amount of organisations registered in the system.
+     */
+    @IsInt()
+    total_orgs: number;
+
+    /**
+     * The amount of users registered in the system.
+     */
+    @IsInt()
+    total_users: number;
+
+    /**
+     * The amount of valid scans registered in the system.
+     */
+    @IsInt()
+    total_scans: number;
+
+    /**
+     * The total distance that all runners ran combined.
+     */
+    @IsInt()
+    total_distance: number;
+
+    /**
+     * The total donation amount.
+     */
+    @IsInt()
+    total_donation: number;
+
+    /**
+     * The average distance ran per runner.
+     */
+    @IsInt()
+    average_distance: number;
+
+    /**
+     * Creates a new stats response containing some basic statistics for a dashboard or public display.
+     * @param runners Array containing all runners - the following relations have to be resolved: scans, scans.track
+     * @param teams Array containing all teams - no relations have to be resolved.
+     * @param orgs Array containing all orgs - no relations have to be resolved.
+     * @param users Array containing all users - no relations have to be resolved.
+     * @param scans Array containing all scans - no relations have to be resolved.
+     * @param donations Array containing all donations - the following relations have to be resolved: runner, runner.scans, runner.scans.track
+     */
+    public constructor(runners: Runner[], teams: RunnerTeam[], orgs: RunnerOrganisation[], users: User[], scans: Scan[], donations: Donation[]) {
+        this.total_runners = runners.length;
+        this.total_teams = teams.length;
+        this.total_orgs = orgs.length;
+        this.total_users = users.length;
+        this.total_scans = scans.filter(scan => { scan.valid === true }).length;
+        this.total_distance = runners.reduce((sum, current) => sum + current.distance, 0);
+        this.total_donation = donations.reduce((sum, current) => sum + current.amount, 0);
+        this.average_distance = this.total_distance / this.total_runners;
+    }
+}

src/models/responses/ResponseStatsClient.ts

@@ -0,0 +1,54 @@
+import {
+
+    IsInt,
+
+    IsNotEmpty,
+
+    IsOptional,
+    IsString
+} from "class-validator";
+import { StatsClient } from '../entities/StatsClient';
+
+/**
+ * Defines the statsClient response.
+*/
+export class ResponseStatsClient {
+    /**
+     * The client's id.
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The client's description.
+     */
+    @IsString()
+    @IsOptional()
+    description?: string;
+
+    /**
+     * The client's api key.
+     * Only visible on creation or regeneration.
+     */
+    @IsString()
+    @IsOptional()
+    key: string;
+
+    /**
+     * The client's api key prefix.
+     */
+    @IsString()
+    @IsNotEmpty()
+    prefix: string;
+
+    /**
+     * Creates a ResponseStatsClient object from a statsClient.
+     * @param client The statsClient the response shall be build for.
+     */
+    public constructor(client: StatsClient) {
+        this.id = client.id;
+        this.description = client.description;
+        this.prefix = client.prefix;
+        this.key = "Only visible on creation.";
+    }
+}

src/models/responses/ResponseStatsOrganisation.ts

@@ -0,0 +1,47 @@
+import {
+    IsInt,
+
+    IsString
+} from "class-validator";
+import { RunnerOrganisation } from '../entities/RunnerOrganisation';
+
+/**
+ * Defines the org stats response.
+ * This differs from the normal org responce.
+*/
+export class ResponseStatsOrgnisation {
+    /**
+     * The orgs's id.
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The orgs's name.
+     */
+    @IsString()
+    name: string;
+
+    /**
+     * The orgs's runner's currently ran distance in meters.
+     */
+    @IsInt()
+    distance: number;
+
+    /**
+     * The orgs's currently collected donations.
+     */
+    @IsInt()
+    donationAmount: number;
+
+    /**
+     * Creates a new organisation stats response from a organisation
+     * @param org The organisation whoes response shall be generated - the following relations have to be resolved: runners, runners.scans, runners.distanceDonations, runners.scans.track, teams, teams.runners, teams.runners.scans, teams.runners.distanceDonations, teams.runners.scans.track
+     */
+    public constructor(org: RunnerOrganisation) {
+        this.name = org.name;
+        this.id = org.id;
+        this.distance = org.distance;
+        this.donationAmount = org.distanceDonationAmount;
+    }
+}

src/models/responses/ResponseStatsRunner.ts

@@ -0,0 +1,69 @@
+import {
+    IsInt,
+    IsObject,
+    IsString
+} from "class-validator";
+import { Runner } from '../entities/Runner';
+import { RunnerGroup } from '../entities/RunnerGroup';
+
+/**
+ * Defines the runner stats response.
+ * This differs from the normal runner responce.
+*/
+export class ResponseStatsRunner {
+    /**
+     * The runner's id.
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The runner's first name.
+     */
+    @IsString()
+    firstname: string;
+
+    /**
+     * The runner's middle name.
+     */
+    @IsString()
+    middlename?: string;
+
+    /**
+     * The runner's last name.
+     */
+    @IsString()
+    lastname: string;
+
+    /**
+     * The runner's currently ran distance in meters.
+     */
+    @IsInt()
+    distance: number;
+
+    /**
+     * The runner's currently collected donations.
+     */
+    @IsInt()
+    donationAmount: number;
+
+    /**
+     * The runner's group.
+     */
+    @IsObject()
+    group: RunnerGroup;
+
+    /**
+     * Creates a new runner stats response from a runner
+     * @param runner The runner whoes response shall be generated - the following relations have to be resolved: scans, group, distanceDonations, scans.track
+     */
+    public constructor(runner: Runner) {
+        this.id = runner.id;
+        this.firstname = runner.firstname;
+        this.middlename = runner.middlename;
+        this.lastname = runner.lastname;
+        this.distance = runner.distance;
+        this.donationAmount = runner.distanceDonationAmount;
+        this.group = runner.group;
+    }
+}

src/models/responses/ResponseStatsTeam.ts

@@ -0,0 +1,55 @@
+import {
+    IsInt,
+    IsObject,
+    IsString
+} from "class-validator";
+import { RunnerGroup } from '../entities/RunnerGroup';
+import { RunnerTeam } from '../entities/RunnerTeam';
+
+/**
+ * Defines the team stats response.
+ * This differs from the normal team responce.
+*/
+export class ResponseStatsTeam {
+    /**
+     * The team's id.
+     */
+    @IsInt()
+    id: number;
+
+    /**
+     * The team's name.
+     */
+    @IsString()
+    name: string;
+
+    /**
+     * The teams's currently ran distance in meters.
+     */
+    @IsInt()
+    distance: number;
+
+    /**
+     * The teams's currently collected donations.
+     */
+    @IsInt()
+    donationAmount: number;
+
+    /**
+     * The teams's parent group.
+     */
+    @IsObject()
+    parent: RunnerGroup;
+
+    /**
+     * Creates a new team stats response from a team
+     * @param team The team whoes response shall be generated - the following relations have to be resolved: runners, runners.scans, runners.distanceDonations, runners.scans.track
+     */
+    public constructor(team: RunnerTeam) {
+        this.name = team.name;
+        this.id = team.id;
+        this.parent = team.parentGroup;
+        this.distance = team.distance;
+        this.donationAmount = team.distanceDonationAmount;
+    }
+}

src/openapi_export.ts

@@ -4,8 +4,8 @@ import fs from "fs";
 import "reflect-metadata";
 import { createExpressServer, getMetadataArgsStorage } from "routing-controllers";
 import { routingControllersToSpec } from 'routing-controllers-openapi';
-import authchecker from "./authchecker";
 import { config } from './config';
+import authchecker from "./middlewares/authchecker";
 import { ErrorHandler } from './middlewares/ErrorHandler';
 
 const CONTROLLERS_FILE_EXTENSION = process.env.NODE_ENV === 'production' ? 'js' : 'ts';
@@ -44,13 +44,18 @@ const spec = routingControllersToSpec(
                     "in": "cookie",
                     "name": "lfk_backend__refresh_token",
                     description: "A cookie containing a JWT based refreh token. Attention: Doesn't work in swagger-ui. Use /api/auth/login or /api/auth/refresh to get one."
+                },
+                "StatsApiToken": {
+                    "type": "http",
+                    "scheme": "bearer",
+                    description: "Api token that can be obtained by creating a new stats client (post to /api/statsclients)."
                 }
             }
         },
         info: {
             description: "The the backend API for the LfK! runner system.",
             title: "LfK! Backend API",
-            version: "1.0.0",
+            version: "0.0.5",
         },
     }
 );

src/static/docs/index.html

@@ -1,16 +1,156 @@
 <!DOCTYPE html>
-<h1>Pick your poison</h1>
-<ul>
-    <li>
-        <a href="./redoc">ReDoc</a>
-    </li>
-    <li>
-        <a href="./swagger">SwaggerUI</a>
-    </li>
-    <li>
-        <a href="./rapidoc">RapiDoc</a>
-    </li>
-    <li>
-        <a href="./openapi.json">Raw Spec (json)</a>
-    </li>
-</ul>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>API Docs</title>
+    <style>
+        :root {
+            --bg-color: #fff;
+            --bg-secondary-color: #f3f3f6;
+            --color-primary: #14854f;
+            --color-lightGrey: #d2d6dd;
+            --color-grey: #747681;
+            --color-darkGrey: #3f4144;
+            --color-error: #d43939;
+            --color-success: #28bd14;
+            --grid-maxWidth: 120rem;
+            --grid-gutter: 2rem;
+            --font-size: 1.6rem;
+            --font-color: #333;
+            --font-family-sans: -apple-system, BlinkMacSystemFont, Avenir, "Avenir Next", "Segoe UI", "Roboto", "Oxygen", "Ubuntu", "Cantarell", "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;
+            --font-family-mono: monaco, "Consolas", "Lucida Console", monospace
+        }
+
+        html {
+            -webkit-box-sizing: border-box;
+            box-sizing: border-box;
+            font-size: 62.5%;
+            line-height: 1.15;
+            -ms-text-size-adjust: 100%;
+            -webkit-text-size-adjust: 100%
+        }
+
+        *,
+        :after,
+        :before {
+            -webkit-box-sizing: inherit;
+            box-sizing: inherit
+        }
+
+        body {
+            background-color: var(--bg-color);
+            line-height: 1.6;
+            font-size: var(--font-size);
+            color: var(--font-color);
+            font-family: Segoe UI, Helvetica Neue, sans-serif;
+            font-family: var(--font-family-sans);
+            margin: 0;
+            padding: 0
+        }
+
+        h3 {
+            font-weight: 500;
+            margin: .35em 0 .7em
+        }
+
+        h3 {
+            font-size: 1.5em
+        }
+
+        a {
+            color: var(--color-primary);
+            text-decoration: none
+        }
+
+        a:hover:not(.button) {
+            opacity: .75
+        }
+
+        input:not([type=checkbox]):not([type=radio]):not([type=submit]):not([type=color]):not([type=button]):not([type=reset]):not(:disabled):hover {
+            border-color: var(--color-grey)
+        }
+
+        ::-webkit-input-placeholder {
+            color: #bdbfc4
+        }
+
+        ::-moz-placeholder {
+            color: #bdbfc4
+        }
+
+        :-ms-input-placeholder {
+            color: #bdbfc4
+        }
+
+        ::-ms-input-placeholder {
+            color: #bdbfc4
+        }
+
+        .tabs {
+            display: -webkit-box;
+            display: -ms-flexbox;
+            display: flex
+        }
+
+        .tabs a {
+            text-decoration: none
+        }
+
+        .tabs>a {
+            padding: 1rem 2rem;
+            -webkit-box-flex: 0;
+            -ms-flex: 0 1 auto;
+            flex: 0 1 auto;
+            color: var(--color-darkGrey);
+            border-bottom: 2px solid var(--color-lightGrey);
+            text-align: center
+        }
+
+        .tabs>a:hover {
+            opacity: 1;
+            border-bottom: 2px solid var(--color-darkGrey)
+        }
+
+        .is-vertical-align {
+            display: -webkit-box;
+            display: -ms-flexbox;
+            display: flex;
+            -webkit-box-align: center;
+            -ms-flex-align: center;
+            align-items: center
+        }
+
+        .is-center {
+            display: -webkit-box;
+            display: -ms-flexbox;
+            display: flex;
+            -webkit-box-pack: center;
+            -ms-flex-pack: center;
+            justify-content: center
+        }
+
+        .is-center {
+            -webkit-box-align: center;
+            -ms-flex-align: center;
+            align-items: center
+        }
+    </style>
+</head>
+
+<body>
+    <div class="hero">
+        <div class="logo is-center is-vertical-align">
+            <h3>API Docs</h3>
+        </div>
+        <nav class="tabs is-center">
+            <a href="./redoc">ReDoc</a>
+            <a href="./swaggerui">SwaggerUI</a>
+            <a href="./rapidoc">RapiDoc</a>
+            <a href="./openapi.json">Raw Spec (json)</a>
+        </nav>
+    </div>
+</body>
+
+</html>

src/static/docs/swaggerui.html

@@ -0,0 +1,58 @@
+<!-- HTML for static distribution bundle build -->
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <title>Swagger UI</title>
+    <link rel="stylesheet" type="text/css" href="./swagger-ui.css" >
+    <style>
+      html
+      {
+        box-sizing: border-box;
+        overflow: -moz-scrollbars-vertical;
+        overflow-y: scroll;
+      }
+
+      *,
+      *:before,
+      *:after
+      {
+        box-sizing: inherit;
+      }
+
+      body
+      {
+        margin:0;
+        background: #fafafa;
+      }
+    </style>
+  </head>
+
+  <body>
+    <div id="swagger-ui"></div>
+
+    <script src="./swagger-ui-bundle.js" charset="UTF-8"> </script>
+    <script src="./swagger-ui-standalone-preset.js" charset="UTF-8"> </script>
+    <script>
+    window.onload = function() {
+      // Begin Swagger UI call region
+      const ui = SwaggerUIBundle({
+        url: "/api/docs/openapi.json",
+        dom_id: '#swagger-ui',
+        deepLinking: true,
+        presets: [
+          SwaggerUIBundle.presets.apis,
+          SwaggerUIStandalonePreset
+        ],
+        plugins: [
+          SwaggerUIBundle.plugins.DownloadUrl
+        ],
+        layout: "StandaloneLayout"
+      })
+      // End Swagger UI call region
+
+      window.ui = ui
+    }
+  </script>
+  </body>
+</html>

src/tests/api_docs.spec.ts

@@ -0,0 +1,34 @@
+import axios from 'axios';
+import { config } from '../config';
+const base = "http://localhost:" + config.internal_port
+
+describe('GET /api/docs/openapi.json', () => {
+	it('OpenAPI Spec is availdable 200', async () => {
+		const res = await axios.get(base + '/api/docs/openapi.json');
+		expect(res.status).toEqual(200);
+	});
+});
+describe('GET /api/docs/swagger.json', () => {
+	it('OpenAPI Spec is availdable 200', async () => {
+		const res = await axios.get(base + '/api/docs/swagger.json');
+		expect(res.status).toEqual(200);
+	});
+});
+describe('GET /api/docs/swaggerui', () => {
+	it('swaggerui is availdable 200', async () => {
+		const res = await axios.get(base + '/api/docs/swaggerui');
+		expect(res.status).toEqual(200);
+	});
+});
+describe('GET /api/docs/redoc', () => {
+	it('redoc is availdable 200', async () => {
+		const res = await axios.get(base + '/api/docs/redoc');
+		expect(res.status).toEqual(200);
+	});
+});
+describe('GET /api/docs/rapidoc', () => {
+	it('rapidoc is availdable 200', async () => {
+		const res = await axios.get(base + '/api/docs/rapidoc');
+		expect(res.status).toEqual(200);
+	});
+});

src/tests/firsttest.spec.ts

@@ -1,35 +0,0 @@
-import axios from 'axios';
-import { config } from '../config';
-const base = "http://localhost:" + config.internal_port
-
-let access_token;
-let axios_config;
-
-beforeAll(async () => {
-	const res = await axios.post(base + '/api/auth/login', { username: "demo", password: "demo" });
-	access_token = res.data["access_token"];
-	axios_config = {
-		headers: { "authorization": "Bearer " + access_token },
-		validateStatus: undefined
-	};
-});
-
-describe('GET /api/openapi.json', () => {
-	it('is http 200', async () => {
-		const res = await axios.get(base + '/api/openapi.json');
-		expect(res.status).toEqual(200);
-	});
-});
-describe('GET /', () => {
-	it('is http 404', async () => {
-		const res = await axios.get(base + '/', axios_config);
-		expect(res.status).toEqual(404);
-	});
-});
-describe('GET /api/teams', () => {
-	it('is http 200 && is json', async () => {
-		const res = await axios.get(base + '/api/teams', axios_config);
-		expect(res.status).toEqual(200);
-		expect(res.headers['content-type']).toContain("application/json")
-	});
-});